From 5ad8ca2a5fb0769409aa47b8c9c5b781c83e7444 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Jun 2023 19:49:18 +0200 Subject: [PATCH 001/653] Legacy-to-PSA transition guide Covers most modules, but missing most of ecp, ecdh and dhm. Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 1059 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1059 insertions(+) create mode 100644 docs/psa-transition.md diff --git a/docs/psa-transition.md b/docs/psa-transition.md new file mode 100644 index 0000000000..24facffa60 --- /dev/null +++ b/docs/psa-transition.md @@ -0,0 +1,1059 @@ +# Transitioning to the PSA API + +> I have code written for `mbedtls_` cryptography APIs. How do I migrate to `psa_` APIs? + +## Introduction + +Mbed TLS is gradually moving from legacy `mbedtls_xxx` APIs to newer `psa_xxx` APIs for cryptography. Note that this only concerns cryptography APIs, not X.509 or SSL/TLS APIs. + +This guide is intended to help migrate existing applications that use Mbed TLS for cryptography. It aims to cover common use cases, but cannot cover all possible scenarios. + +### Suggested reading + +This document is long, but you probably don't need to read all of it. You should start with the following sections: + +1. [Where can I find documentation?](#where-can-i-find-documentation) +2. [General considerations](#general-considerations) + +Then use the [summary of API modules](#summary-of-api-modules), the table of contents or a text search to locate the sections that interest you, based on what legacy interfaces your code is currently using. + +### Where can I find documentation? + +**Tutorial**: See the [getting started guide](https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/). + +**Reference**: The [PSA Crypto API specification](https://arm-software.github.io/psa-api/crypto/) is available online. Mbed TLS implements a large subset of the specification which is documented in the [`psa/crypto*.h` headers](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto_8h/). + +### Additional resources + +* [Mbed TLS open issues](https://github.com/Mbed-TLS/mbedtls/issues) +* [PSA API open issues](https://github.com/ARM-software/psa-api/issues) (not just cryptography APIs) +* [Mbed TLS mailing list](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org/) + +### Why change the API? + +* Mbed TLS APIs are traditionally very transparent: the caller can access internal fields of operations. This is less true in the 3.x major version than before, but still the case to some extent. This offers applications some flexibility, but it removes flexibility from the implementation. For example, it is hard to support hardware acceleration, because the API constrains how the data must be represented. PSA APIs were designed to be more opaque, giving more freedom to the implementation. +* Mbed TLS legacy APIs require key material to be present in the application memory. The PSA Crypto API natively supports operations on keys stored in an external [location](https://arm-software.github.io/psa-api/crypto/1.1/api/keys/lifetimes.html#c.psa_key_location_t) (secure enclave, secure element, HSM, etc.). +* PSA APIs have [consistent conventions ](https://arm-software.github.io/psa-api/crypto/1.1/overview/conventions.html#parameter-conventions) which many legacy APIs in Mbed TLS do not follow. For example, many legacy cryptography functions require the caller to know how large an output buffer needs to be based on the selected algorithm, whereas in the PSA API, all buffer arguments have a well-defined size and those sizes are checked. +* Mbed TLS legacy APIs require passing around a random generator argument where needed. This has historically been problematic with functions that were created without a RNG argument but later needed one as part of a security countermeasure. The PSA crypto subsystem maintains a global random generator, resolving this problem. + +### Migration timeline + +* Mbed TLS 2.15.0 (Nov 2018): first release with a draft implementation of the PSA API. +* Mbed TLS 2.18.0 (Jun 2019): The PSA API is available in the default build. +* Mbed TLS 3.1.0 (Dec 2021): TLS 1.3 support is the first major feature that requires the PSA API. +* Mbed TLS 4.0.0 (2024?): X.509 and TLS require the PSA API. Removal of some legacy crypto APIs. +* Mbed TLS 5.0.0 (??): Removal of the remaining non-PSA crypto APIs. + +## General considerations + +### Configuration of the PSA subsystem + +To make the PSA API available, make sure that the configuration option [`MBEDTLS_PSA_CRYPTO_C`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#c.MBEDTLS_PSA_CRYPTO_C) is enabled (it is enabled in the default configuration). + +You should probably enable [`MBEDTLS_USE_PSA_CRYPTO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a70fd7b97d5f11170546583f2095942a6) as well (it is disabled by default). This option causes the PK, X.509 and TLS modules to use PSA crypto under the hood. Some functions that facilitate the transition are only available when `MBEDTLS_USE_PSA_CRYPTO` is enabled. + +By default, the PSA crypto API offers a similar set of cryptographic mechanisms as those offered by the legacy API. The PSA crypto API also has its own configuration mechanism; see “[Cryptographic mechanism availability](#cryptographic-mechanism-availability)”. + +### Header files + +Applications only need to include a single header file: +``` +#include +``` + +### General application layout + +Before any cryptographic operation, call [`psa_crypto_init`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__initialization/#group__initialization_1ga2de150803fc2f7dc6101d5af7e921dd9) and check that it succeeds. (A failure indicates an abnormal system state from which most applications cannot recover.) + +If you wish to free all resources associated with PSA cryptography, call [`mbedtls_psa_crypto_free`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#_CPPv423mbedtls_psa_crypto_freev). + +The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually (no need to create an `mbedtls_entropy_context` and a `mbedtls_xxx_drbg_context`). + +### Error codes + +Mbed TLS functions return a status of type `int`: 0 for success (or, occasionally, a positive value which is the output length), or a negative value `MBEDTLS_ERR_xxx` indicating an error. + +PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/#group__error_1ga05676e70ba5c6a7565aff3c36677c1f9): `PSA_SUCCESS == 0` for success, or a negative value [`PSA_ERROR_xxx`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/) indicating an error. + +## Summary of API modules + +| Header | Function prefix | PSA equivalent | +| ------ | --------------- | -------------- | +| `aes.h` | `mbedtls_aes_` | [Symmetric encryption](#symmetric-encryption) | +| `aria.h` | `mbedtls_aria_` | [Symmetric encryption](#symmetric-encryption) | +| `asn1.h` | `mbedtls_asn1_` | No change (not a crypto API) | +| `asn1write.h` | `mbedtls_asn1write_` | No change (not a crypto API) | +| `base64.h` | `mbedtls_base64_` | [PK format support interfaces](#pk-format-support-interfaces) | +| `bignum.h` | `mbedtls_bignum_` | None (no low-level arithmetic) | +| `build_info.h` | `MBEDTLS_` | No change (not a crypto API) | +| `camellia.h` | `mbedtls_camellia_` | [Symmetric encryption](#symmetric-encryption) | +| `ccm.h` | `mbedtls_ccm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | +| `chacha20.h` | `mbedtls_chacha20_` | [Symmetric encryption](#symmetric-encryption) | +| `chachapoly.h` | `mbedtls_chachapoly_` | [Symmetric encryption](#symmetric-encryption) | +| `check_config.h` | N/A | No public APIs (internal support header) | +| `cipher.h` | `mbedtls_cipher_` | [Symmetric encryption](#symmetric-encryption) | +| `cmac.h` | `mbedtls_cmac_` | [Hashes and MAC](#hashes-and-mac), [MAC calculation](#mac-calculation) | +| `compat-2.x.h` | various | None (transitional APIs) | +| `config_psa.h` | N/A | No public APIs (internal support header) | +| `constant_time.h` | `mbedtls_constant_time_` | [Constant-time functions](#constant-time-functions) | +| `ctr_drbg.h` | `mbedtls_ctr_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | +| `debug.h` | `mbedtls_debug_` | No change (not a crypto API) | +| `des.h` | `mbedtls_des_` | [Symmetric encryption](#symmetric-encryption) | +| `dhm.h` | `mbedtls_dhm_` | [Asymmetric cryptography](#asymmetric-cryptography) | +| `ecdh.h` | `mbedtls_ecdh_` | [Asymmetric cryptography](#asymmetric-cryptography) | +| `ecdsa.h` | `mbedtls_ecdsa_` | [Asymmetric cryptography](#asymmetric-cryptography) | +| `ecjpake.h` | `mbedtls_ecjpake_` | [EC-JPAKE](#ec-jpake) | +| `ecp.h` | `mbedtls_ecp_` | [Asymmetric cryptography](#asymmetric-cryptography) | +| `entropy.h` | `mbedtls_entropy_` | [Random generation interface](#random-generation-interface), [Entropy sources](#entropy-sources) | +| `error.h` | `mbedtls_error_` | [Error messages](#error-messages) | +| `gcm.h` | `mbedtls_gcm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | +| `hkdf.h` | `mbedtls_hkdf_` | [HKDF](#hkdf) | +| `hmac_drbg.h` | `mbedtls_hmac_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | +| `lms.h` | `mbedtls_lms_` | No migration path yet | +| `mbedtls_config.h` | `MBEDTLS_` | [Compile-time configuration](#compile-time-configuration) | +| `md.h` | `mbedtls_md_` | [Hashes and MAC](#hashes-and-mac) | +| `md5.h` | `mbedtls_md5_` | [Hashes and MAC](#hashes-and-mac) | +| `memory_buffer_alloc.h` | `mbedtls_memory_buffer_alloc_` | No change (not a crypto API) | +| `net_sockets.h` | `mbedtls_net_` | No change (not a crypto API) | +| `nist_kw.h` | `mbedtls_nist_kw_` | No migration path yet | +| `oid.h` | `mbedtls_oid_` | [PK format support interfaces](#pk-format-support-interfaces) | +| `pem.h` | `mbedtls_pem_` | [PK format support interfaces](#pk-format-support-interfaces) | +| `pk.h` | `mbedtls_pk_` | [Asymmetric cryptography](#asymmetric-cryptography) | +| `pkcs5.h` | `mbedtls_pkcs5_` | [PKCS#5 module](#pkcs5-module) | +| `pkcs7.h` | `mbedtls_pkcs7_` | No change (not a crypto API) | +| `pkcs12.h` | `mbedtls_pkcs12_` | [PKCS#12 module](#pkcs12-module) | +| `platform.h` | `mbedtls_platform_` | No change (not a crypto API) | +| `platform_time.h` | `mbedtls_platform_time_` | No change (not a crypto API) | +| `platform_util.h` | `mbedtls_platform_util_` | No change (not a crypto API) | +| `poly1305.h` | `mbedtls_poly1305_` | None (but there is Chacha20-Poly1305 [AEAD](#symmetric-encryption)) | +| `private_access.h` | N/A | No public APIs (internal support header) | +| `psa_util.h` | `mbedtls_psa_` | No public APIs (internal support header) | +| `ripemd160.h` | `mbedtls_ripemd160_` | [Hashes and MAC](#hashes-and-mac) | +| `rsa.h` | `mbedtls_rsa_` | [Asymmetric cryptography](#asymmetric-cryptography) | +| `sha1.h` | `mbedtls_sha1_` | [Hashes and MAC](#hashes-and-mac) | +| `sha3.h` | `mbedtls_sha3_` | [Hashes and MAC](#hashes-and-mac) | +| `sha256.h` | `mbedtls_sha256_` | [Hashes and MAC](#hashes-and-mac) | +| `sha512.h` | `mbedtls_sha512_` | [Hashes and MAC](#hashes-and-mac) | +| `ssl.h` | `mbedtls_ssl_` | No change (not a crypto API) | +| `ssl_cache.h` | `mbedtls_ssl_cache_` | No change (not a crypto API) | +| `ssl_ciphersuites.h` | `mbedtls_ssl_ciphersuites_` | No change (not a crypto API) | +| `ssl_cookie.h` | `mbedtls_ssl_cookie_` | No change (not a crypto API) | +| `ssl_ticket.h` | `mbedtls_ssl_ticket_` | No change (not a crypto API) | +| `threading.h` | `mbedtls_threading_` | No change (not a crypto API) | +| `timing.h` | `mbedtls_timing_` | No change (not a crypto API) | +| `version.h` | `mbedtls_version_` | No change (not a crypto API) | +| `x509.h` | `mbedtls_x509` | No change (not a crypto API) | +| `x509_crl.h` | `mbedtls_x509` | No change (not a crypto API) | +| `x509_crt.h` | `mbedtls_x509` | No change (not a crypto API) | +| `x509_csr.h` | `mbedtls_x509` | No change (not a crypto API) | + +## Compile-time configuration + +### Cryptographic mechanism availability + +**This section only applies if `MBEDTLS_PSA_CRYPTO_CONFIG` is enabled.** This option is disabled in the default configuration. + +When the configuration option [`MBEDTLS_PSA_CRYPTO_CONFIG`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a5aca5ddcffb586acad82f9aef26db056) is enabled, the cryptographic mechanisms available through the PSA API are determined by the contents of the header file `"psa/crypto_config.h"`. You can override the file location with the macro [`MBEDTLS_PSA_CRYPTO_CONFIG_FILE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a25f7e358caa101570cb9519705c2b873), and you can set [`MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1abd1870cc0d2681183a3018a7247cb137) to the path of an additional file (similar to `MBEDTLS_CONFIG_FILE` and `MBEDTLS_USER_CONFIG_FILE` for legacy configuration symbols). + +The availability of cryptographic mechanisms in the PSA API is based on a systematic pattern: + +* To make `PSA_ALG_aaa` available, enable `PSA_WANT_ALG_aaa`. + For parametrized algorithms, there is a `PSA_WANT_` symbols both for the main macro and for each argument. For example, to make `PSA_ALG_HMAC(PSA_ALG_SHA_256)` available, enable both `PSA_WANT_ALG_HMAC` and `PSA_WANT_ALG_SHA_256`. + +* To make `PSA_KEY_TYPE_ttt` available, enable `PSA_WANT_KEY_TYPE_ttt`. + + As an exception, starting in Mbed TLS 3.5.0, for key pair types, the feature selection is more fine-grained, with an additional suffix: + * `PSA_KEY_TYPE_xxx_USE` enables support for operations with a key of that type (for enabled algorithms). This is automatically enabled if any key creation method (`IMPORT`, `GENERATE` or `DERIVE`) is enabled. + * `PSA_KEY_TYPE_xxx_IMPORT` enables support for `psa_import_key` to import a key of that type. + * `PSA_KEY_TYPE_xxx_GENERATE` enables support for `psa_generate_key` to randomly generate a key of that type. + * `PSA_KEY_TYPE_xxx_DERIVE` enables support for `psa_key_derivation_output_key` to deterministically derive a key of that type. + * `PSA_KEY_TYPE_xxx_EXPORT` enables support for `psa_export_key` to export a key of that type. + + Enabling any support for a key pair type automatically enables support for the corresponding public key type, as well as support for `psa_export_public_key` on the private key. + +* To make `PSA_ECC_FAMILY_fff` available for size sss, enable `PSA_WANT_ECC_fff_sss`. + +Note that all `PSA_WANT_xxx` symbols must be set to a nonzero value. In particular, setting `PSA_WANT_xxx` to an empty value may not be handled consistently. + +For example, the following configuration enables hashing with SHA-256, AEAD with AES-GCM, signature with deterministic ECDSA using SHA-256 on the curve secp256r1 using a randomly generated key as well as the corresponding verification, and ECDH key exchange on secp256r1 and Curve25519. + +``` +#define PSA_WANT_ALG_SHA_256 1 + +#define PSA_WANT_KEY_TYPE_AES 1 +#define PSA_WANT_ALG_GCM 1 + +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 +// ^^ In Mbed TLS <= 3.4, enable PSA_WANT_KEY_TYPE_ECC_KEY_PAIR instead +// ^^ implicitly enables PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_USE, PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY +#define PSA_WANT_ECC_SECP_R1_256 1 // secp256r1 (suitable for ECDSA and ECDH) +#define PSA_WANT_ECC_MONTGOMERY_255 1 // Curve25519 (suitable for ECDH) +#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 +#define PSA_WANT_ALG_ECDH +``` + +If a mechanism is not enabled by `PSA_WANT_xxx`, Mbed TLS will often not include it, to reduce the size of the compiled library. However, this is not guaranteed: a mechanism that is not explicitly requested can be enabled because it is a dependency of another configuration option, because it is used internally, or because the granularity is not fine enough to distinguish between it and another mechanism that is requested. + +Under the hood, `PSA_WANT_xxx` enables the necessary legacy modules. Note that if a mechanism has a PSA accelerator driver, the corresponding legacy module is typically not needed. Thus applications that use a cryptographic mechanism both through the legacy API and through the PSA API need to explicitly enable both the `PSA_WANT_xxx` symbols and the `MBEDTLS_xxx` symbols. + +## Miscellaneous support modules + +### Error messages + +At the time of writing, there is no equivalent to the error messages provided by `mbedtls_strerror`. However, you can use the companion program `programs/psa/psa_constant_names` to convert various numbers (`psa_status_t`, `psa_algorithm_t`, `psa_key_type_t`, `psa_ecc_family_t`, `psa_dh_family_t`, `psa_key_usage_t`) to their input representation. The conversion doesn't depend on the library configuration or the target platform, so you can use a native build of this program even if you cross-compile your application. + +``` +$ programs/psa/psa_constant_names error -138 +PSA_ERROR_BUFFER_TOO_SMALL +$ programs/psa/psa_constant_names type 0x7112 +PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) +$ programs/psa/psa_constant_names alg 0x06000609 +PSA_ALG_ECDSA(PSA_ALG_SHA_256) +``` + +The other functions in `error.h` are specific to the construction of Mbed TLS error code and are not relevant to the PSA API. PSA error codes are never the combination of multiple codes. + +### Constant-time functions + +The PSA API does not have an equivalent to the timing-side-channel-resistance utility functions in `constant_time.h`. Continue using `constant_time.h` as needed. + +Note that the PSA API does include features that reduce the need for `mbedtls_ct_memcmp`: + +* To compare a MAC with a reference value, use `psa_mac_verify` rather of `psa_mac_compute` followed by `mbedtls_ct_memcmp`, or use `psa_mac_verify_setup` and `psa_mac_verify_finish` in the multi-part case. See “[MAC calculation](#mac-calculation)”. +* The AEAD decryption functions take care of verifying the tag. See “[Authenticated cipher operations](#authenticated-cipher-operations)”. + +## Symmetric encryption + +All PSA APIs have algorithm agility, where the functions depend only on the nature of the operation and the choice of a specific algorithm comes from an argument. There is no special API for a particular block cipher (`aes.h`, `aria.h`, `camellia.h`, `des.h`), a particular block cipher mode (`ccm.h`, `gcm.h`) or a particular stream cipher (`chacha20.h`, `chachapoly.h`). To migrate code using those low-level modules, please follow the recommendations in the following sections, using the same principles as the corresponding `cipher.h` API. + +### Cipher mechanism selection + +Instead of `mbedtls_cipher_id_t` (`MBEDTLS_CIPHER_ID_xxx` constants), `mbedtls_cipher_type_t` (`MBEDTLS_CIPHER_base_size_mode` constants), `mbedtls_cipher_mode_t` (`MBEDTLS_CIPHER_MODE_xxx` constants) and `mbedtls_cipher_padding_t` (`MBEDTLS_CIPHER_PADDING_xxx` constants), use the [`PSA_KEY_TYPE_xxx` and `PSA_ALG_xxx` constants](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/). + +For modes that are based on a block cipher, the key type encodes the choice of block cipher: +[`PSA_KEY_TYPE_AES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga6ee54579dcf278c677eda4bb1a29575e), +[`PSA_KEY_TYPE_ARIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#c.PSA_KEY_TYPE_ARIA), +[`PSA_KEY_TYPE_CAMELLIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad8e5da742343fd5519f9d8a630c2ed81), +[`PSA_KEY_TYPE_DES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga577562bfbbc691c820d55ec308333138). +The algorithm encodes the mode and if relevant the padding type: + +* Unauthenticated cipher modes: + [`PSA_ALG_CTR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad318309706a769cffdc64e4c7e06b2e9), + [`PSA_ALG_CFB`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0088c933e01d671f263a9a1f177cb5bc), + [`PSA_ALG_OFB`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gae96bb421fa634c6fa8f571f0112f1ddb), + [`PSA_ALG_XTS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa722c0e426a797fd6d99623f59748125), + [`PSA_ALG_ECB_NO_PADDING`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab8f0609cd0f12cccc9c950fd5a81a0e3), + [`PSA_ALG_CBC_NO_PADDING`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gacb332d72716958880ee7f97d8365ae66), + [`PSA_ALG_CBC_PKCS7`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaef50d2e9716eb6d476046608e4e0c78c), + [`PSA_ALG_CCM_STAR_NO_TAG`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga89627bb27ec3ce642853ab8554a88572). +* Other padding modes, which are obsolete, are not available in the PSA API. If you need them, handle the padding in your application code and use the `NO_PADDING` algorithm. +* AEAD modes: + [`PSA_ALG_CCM`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2c0e7d21f1b2df5e76bcb4a8f84273c), + [`PSA_ALG_GCM`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0d7d02b15aaae490d38277d99f1c637c). +* KW/KWP modes are not available in the PSA API at the time of writing. + +For the ChaCha20 unauthenticated cipher, use [`PSA_KEY_TYPE_CHACHA20`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga901548883b3bce56cc21c3a22cf8d93c) with [`PSA_ALG_STREAM_CIPHER`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad98c105198f7428f7d1dffcb2cd398cd). +For the Chacha20+Poly1305 AEAD, use [`PSA_KEY_TYPE_CHACHA20`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga901548883b3bce56cc21c3a22cf8d93c) with [`PSA_ALG_CHACHA20_POLY1305`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1fec55093541640a71bdd022d4adfb9c) + +### Cipher mechanism availability + +For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a nonzero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a nonzero value if the library is built with support for that algorithm. Note that for a mechanism to be supported, both the key type and the algorithm must be supported. + +For example, to test if AES-CBC-PKCS7 is supported, in the legacy API, you could write: +``` +#if defined(MBEDTLS_AES_C) && \ + defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) +``` +The equivalent in the PSA API is +``` +#if PSA_WANT_KEY_TYPE_AES && PSA_WANT_ALG_CBC_PKCS7 +``` + +### Cipher metadata + +Both APIs express key sizes in bits. Note however that in the PSA API, the size of a _buffer_ is always expressed in bytes, even if that buffer contains a key. + +The following table lists corresponding PSA macros for maximum-size macros that take all supported algorithms into account. + +| Legacy macro | PSA macro | +| ------------ | --------- | +| `MBEDTLS_MAX_IV_LENGTH` | [`PSA_CIPHER_IV_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_MAX_SIZE), [`PSA_AEAD_NONCE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ac2a332765ba4ccfc24935d6f7f48fcc7) | +| `MBEDTLS_MAX_BLOCK_LENGTH` | [`PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) | +| `MBEDTLS_MAX_KEY_LENGTH` | no equivalent| + +There is no equivalent to the type `mbedtls_cipher_info_t` and the functions `mbedtls_cipher_info_from_type` and `mbedtls_cipher_info_from_values` in the PSA API because it is unnecessary. All macros and functions operate directly on key type values (`psa_key_type_t`, `PSA_KEY_TYPE_xxx` constants) and algorithm values (`psa_algorithm_t`, `PSA_ALG_xxx` constants). + +| Legacy function | PSA macro | +| --------------- | --------- | +| `mbedtls_cipher_info_get_iv_size` | [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH), [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH) | +| `mbedtls_cipher_info_get_block_size` | not available (use specific macros for the IV, nonce or tag length) | + +The following features have no PSA equivalent: + +* `mbedtls_cipher_list`: the PSA API does not currently have a discovery mechanism for cryptographic mechanisms, but one may be added in the future. +* `mbedtls_cipher_info_has_variable_key_bitlen`, `mbedtls_cipher_info_has_variable_iv_size`: the PSA API does not currently have such mechanism for high-level metadata information. +* `mbedtls_cipher_info_from_string`: there is no equivalent of Mbed TLS's lookup based on a (nonstandard) name. + +### Cipher key management + +The legacy API and the PSA API have a different organization of operations in several respects: + +* In the legacy API, each operation object contains the necessary key material. In the PSA API, an operation object contains a reference to a key object. To perform a cryptographic operation, you must create a key object first. However, for a one-shot operation, you do not need an operation object, just a single function call. +* The legacy API uses the same interface for authenticated and non-authenticated ciphers, while the PSA API has separate functions. +* The legacy API uses the same functions for encryption and decryption, while the PSA API has separate functions where applicable. + +Here is an overview of the lifecycle of a key object. + +1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: + * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). + * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. + * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). By design, the same key cannot be used with multiple algorithms. + * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_ENCRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_ENCRYPT) or [`PSA_KEY_USAGE_DECRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_DECRYPT), depending on which direction you want to use the key in. To allow both directions, use the flag mask `PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT`. The same policy flags cover authenticated and non-authenticated encryption/decryption. +2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. + * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. + * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). + * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). +3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. +4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. + +### Unauthenticated cipher operations + +Recall the flow of an unauthenticated cipher operation in the legacy Mbed TLS cipher API: + +1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. +2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable. +3. Set the IV with `mbedtls_cipher_set_iv` (except for ECB which does not use an IV). +4. For a one-shot operation, call `mbedtls_cipher_crypt`. To pass the input in multiple parts, call `mbedtls_cipher_update` as many times as necessary followed by `mbedtls_cipher_finish`. +5. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. + +For a one-shot operation (where the whole plaintext or ciphertext is passed as a single input), the equivalent flow with the PSA API is to call a single function: + +* [`psa_cipher_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga61f02fbfa681c2659546eca52277dbf1) to perform encryption with a random IV of the default size (indicated by [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH)). (To encrypt with a specified IV, use the multi-part API described below.) You can use the macro [`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. +* [`psa_cipher_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gab3593f5f14d8c0431dd306d80929215e) to perform decryption with a specified IV. You can use the macro [`PSA_CIPHER_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. + +For a multi-part operation, the equivalent flow with the PSA API is as follows: + +1. Create an operation object of type [`psa_cipher_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1399de29db657e3737bb09927aae51fa) and zero-initialize it (or use the corresponding `INIT` macro). +2. Select the key and algorithm with [`psa_cipher_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga587374c0eb8137a572f8e2fc409bb2b4) or [`psa_cipher_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaa4ba3a167066eaef2ea49abc5dcd1d4b) depending on the desired direction. +3. When encrypting with a random IV, use [`psa_cipher_generate_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga29fd7d32a5729226a2f73e7b6487bd8a). When encrypting with a chosen IV, or when decrypting, set the IV with [`psa_cipher_set_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga9caddac1a429a5032d6d4a907fb70ba1). Skip this step with ECB since it does not use an IV. +4. Call [`psa_cipher_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gac3ca27ac6682917c48247d01fd96cd0f) as many times as needed. You can use [`PSA_CIPHER_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE) or [`PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ab1f6598efd6a7dc56e7ad7e34719eb32) to determine the size of the output buffer. +5. Call [`psa_cipher_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1dcb58b8befe23f8a4d7a1d49c99249b) to obtain the last part of the output. You can use [`PSA_CIPHER_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_SIZE) or [`PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE) to determine the size of the output buffer. + +If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_cipher_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaad482cdca2098bca0620596aaa02eaa4). + +### Authenticated cipher operations + +Recall the flow of an authenticated cipher operation in the legacy Mbed TLS cipher API (or similar flows in the `chachapoly`, `ccm` and `gcm` modules): + +1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. +2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable. +3. Set the nonce with `mbedtls_cipher_set_iv` (or the `starts` function for low-level modules). For CCM, which requires direct use of the `ccm` module, also call `mbedtls_ccm_set_lengths` to set the length of the additional data and of the plaintext. +4. Call `mbedtls_cipher_update_ad` to pass the unencrypted additional data. +5. Call `mbedtls_cipher_update` as many times as necessary to pass the input plaintext or ciphertext. +6. Call `mbedtls_cipher_finish` to obtain the last part of the output. Then call `mbedtls_cipher_write_tag` (when encrypting) or `mbedtls_cipher_check_tag` (when decrypting) to process the authentication tag. +7. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. + +Steps 3–6 can be replaced by a single call to `mbedtls_cipher_auth_encrypt_ext` or `mbedtls_cipher_auth_decrypt_ext` for a one-shot operation (where the whole plaintext or ciphertext is passed as a single input). + +For a one-shot operation, the PSA API allows you to call a single function: + +* [`psa_aead_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae72e1eb3c2da3ebd843bb9c8db8df509) to perform authenticated encryption with a random nonce of the default size (indicated by [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH)), with the authentication tag written at the end of the output. (To encrypt with a specified nonce, or to separate the tag from the rest of the ciphertext, use the multi-part API described below.) You can use the macro [`PSA_AEAD_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE) or [`PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. +* [`psa_aead_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae799f6196a22d50c216c947e0320d3ba) to perform authenticated decryption of a ciphertext with the authentication tag at the end. (If the tag is separate, use the multi-part API described below.) You can use the macro [`PSA_AEAD_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. + +For a multi-part operation, the equivalent flow with the PSA API is as follows: + +1. Create an operation object of type [`psa_aead_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga14f6a01afbaa8c5b3d8c5d345cbaa3ed) and zero-initialize it (or use the corresponding `INIT` macro). +2. Select the key and algorithm with [`psa_aead_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga2732c40ce8f3619d41359a329e9b46c4) or [`psa_aead_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaaa5c5018e67a7a6514b7e76b9a14de26) depending on the desired direction. +3. When encrypting with a random nonce, use [`psa_aead_generate_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga5799df1c555efd35970b65be51cb07d1). When encrypting with a chosen nonce, or when decrypting, set the nonce with [`psa_aead_set_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga59132751a6f843d038924cb217b5e13b). If the algorithm is CCM, you must also call [`psa_aead_set_lengths`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gad3431e28d05002c2a7b0760610176050) before or after setting the nonce (for other algorithms, this is permitted but not needed). +4. Call [`psa_aead_update_ad`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga6d0eed03f832e5c9c91cb8adf2882569) as many times as needed. +5. Call [`psa_aead_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaf6d49864951ca42136b4a9b71ea26e5c) as many times as needed. You can use [`PSA_AEAD_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_SIZE) or [`PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE) to determine the size of the output buffer. +6. Finally: + * When encrypting, call [`psa_aead_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga759791bbe1763b377c3b5447641f1fc8) to obtain the last part of the ciphertext and the authentication tag. You can use [`PSA_AEAD_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_SIZE) or [`PSA_AEAD_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE) to determine the size of the output buffer. + * When decrypting, call [`psa_aead_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae0280e2e61a185b893c36d858453f0d0) to obtain the last part of the plaintext and check the authentication tag. You can use [`PSA_AEAD_VERIFY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_SIZE) or [`PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE) to determine the size of the output buffer. + +If you need to interrupt the operation after calling the setup function without calling the finish or verify function, call [`psa_aead_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae8a5f93d92318c8f592ee9fbb9d36ba0). + +### Miscellaneous cipher operation management + +The equivalent of `mbedtls_cipher_reset` is to call [`psa_cipher_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaad482cdca2098bca0620596aaa02eaa4) or [`psa_aead_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae8a5f93d92318c8f592ee9fbb9d36ba0). Note that you must set the key again with a setup function: the PSA API does not have a special way to reuse an operation object with the same key. + +There is no equivalent for the `mbedtls_cipher_get_xxx` functions to extract information from an ongoing PSA cipher or AEAD operation. Applications that need this information will need to save it from the key and operation parameters. + +## Hashes and MAC + +The PSA API groups functions by purpose rather than by underlying primitive: there is a MAC API (equivalent to `md.h` for HMAC, and `cmac.h` for CMAC) and a hash API (equivalent to `md.h` for hashing). There is no special API for a particular hash algorithm (`md5.h`, `sha1.h`, `sha256.h`, `sha512.h`, `sha3.h`). To migrate code using those low-level modules, please follow the recommendations in the following section, using the same principles as the corresponding `md.h` API. + +The PSA API does have a direct interface for the AES-CMAC-PRF-128 from RFC 4615 at the time of writing. You can calculate it using the interface to AES-CMAC. + +### Hash mechanism selection + +The equivalent to `mbedtls_md_type_t` and `MBEDTLS_MD` constants is the type `psa_algorithm_t` and `PSA_ALG_xxx` constants (the type encompasses all categories of cryptographic algorithms, not just hashes). PSA offers a similar selection of algorithms, but note that SHA-1 and SHA-2 are spelled slightly differently. + +| Mbed TLS constant | PSA constant | +| ---------------------- | ------------------- | +| `MBEDTLS_MD_MD5` | `PSA_ALG_MD5` | +| `MBEDTLS_MD_SHA1` | `PSA_ALG_SHA_1` | +| `MBEDTLS_MD_SHA224` | `PSA_ALG_SHA_224` | +| `MBEDTLS_MD_SHA256` | `PSA_ALG_SHA_256` | +| `MBEDTLS_MD_SHA384` | `PSA_ALG_SHA_384` | +| `MBEDTLS_MD_SHA512` | `PSA_ALG_SHA_512` | +| `MBEDTLS_MD_RIPEMD160` | `PSA_ALG_RIPEMD160` | +| `MBEDTLS_MD_SHA3_224` | `PSA_ALG_SHA3_224` | +| `MBEDTLS_MD_SHA3_256` | `PSA_ALG_SHA3_256` | +| `MBEDTLS_MD_SHA3_384` | `PSA_ALG_SHA3_384` | +| `MBEDTLS_MD_SHA3_512` | `PSA_ALG_SHA3_512` | + +### MAC mechanism selection + +PSA Crypto has a generic API with the same functions for all MAC mechanisms. The mechanism is determined by a combination of an algorithm value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69) and a key type value of type [`psa_key_type_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga63fce6880ca5933b5d6baa257febf1f6). + +* For HMAC, the algorithm is [`PSA_ALG_HMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga70f397425684b3efcde1e0e34c28261f)`(hash)` where `hash` is the underlying hash algorithm (see “[Hash mechanism selection](#hash-mechanism-selection)”), + for example `PSA_ALG_HMAC(PSA_ALG_SHA_256)` for HMAC-SHA-256. + The key type is [`PSA_KEY_TYPE_HMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_KEY_TYPE_HMAC) regardless of the hash algorithm. +* For CMAC, the algorithm is [`PSA_ALG_CMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_CMAC) regardless of the underlying block cipher. The key type determines the block cipher: + [`PSA_KEY_TYPE_AES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga6ee54579dcf278c677eda4bb1a29575e), + [`PSA_KEY_TYPE_ARIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#c.PSA_KEY_TYPE_ARIA), + [`PSA_KEY_TYPE_CAMELLIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad8e5da742343fd5519f9d8a630c2ed81) or + [`PSA_KEY_TYPE_DES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga577562bfbbc691c820d55ec308333138). + +### Hash and MAC mechanism availability + +For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a nonzero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a nonzero value if the library is built with support for that algorithm. For a compound mechanism, all parts must be supported. In particular, for HMAC, all three of `PSA_WANT_KEY_TYPE_HMAC`, `PSA_WANT_ALG_HMAC` and the underlying hash must be enabled. (A configuration with only one of `PSA_WANT_KEY_TYPE_HMAC` and `PSA_WANT_ALG_HMAC` is technically possible but not useful.) + +For example, to test if HMAC-SHA-256 is supported, in the legacy API, you could write: +``` +#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) +``` +The equivalent in the PSA API is +``` +#if PSA_WANT_KEY_TYPE_HMAC && PSA_WANT_ALG_HMAC && PSA_WANT_ALG_SHA_256 +``` + +To test if AES-CMAC is supported, in the legacy API, you could write: +``` +if defined(MBEDTLS_AES_C) && defined(MBEDTLS_CMAC_C) +``` +The equivalent in the PSA API is +``` +#if PSA_WANT_KEY_TYPE_AES && PSA_WANT_ALG_CMAC +``` + +### Hash algorithm metadata + +There is no equivalent to the type `mbedtls_md_info_t` and the functions `mbedtls_md_info_from_type` and `mbedtls_md_get_type` in the PSA API because it is unnecessary. All macros and functions operate directly on algorithm (`psa_algorithm_t`, `PSA_ALG_xxx` constants). + +| Legacy macro | PSA macro | +| ------------ | --------- | +| `MBEDTLS_MD_MAX_SIZE` | [`PSA_HASH_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_MAX_SIZE) | +| `MBEDTLS_MD_MAX_BLOCK_SIZE` | [`PSA_HMAC_MAX_HASH_BLOCK_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HMAC_MAX_HASH_BLOCK_SIZE) | +| `mbedtls_md_get_size` | [`PSA_HASH_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_LENGTH) | +| `mbedtls_md_get_size_from_type` | [`PSA_HASH_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_LENGTH) | + +The following features have no PSA equivalent: + +* `mbedtls_md_list`: the PSA API does not currently have a discovery mechanism for cryptographic mechanisms, but one may be added in the future. +* `mbedtls_md_info_from_ctx` +* `mbedtls_cipher_info_from_string`, `mbedtls_md_get_name`: there is no equivalent of Mbed TLS's lookup based on a (nonstandard) name. + +### Hash calculation + +The equivalent of `mbedtls_md` for a one-shot hash calculation is [`psa_hash_compute`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gac69f7f19d96a56c28cf3799d11b12156). In addition, to compare the hash of a message with an expected value, you can call [`psa_hash_compare`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga0c08f4797bec96b886c8c8d7acc2a553) instead of `mbedtls_md` followed by `memcmp` or a constant-time equivalent. + +For a multi-part hash calculation, the legacy process is as follows: + +1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`. +2. Call `mbedtls_md_setup` to select the hash algorithm, with `hmac=0`. Then call `mbedtls_md_starts` to start the hash operation. +3. Call `mbedtls_md_update` as many times as necessary. +4. Call `mbedtls_md_finish`. If verifying the hash against an expected value, compare the result with the expected value. +5. Finally free the resources associated with the operation object by calling `mbedtls_md_free`. + +The equivalent process in the PSA API is as follows: + +1. Create an operation object of type [`psa_hash_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga3c4205d2ce66c4095fc5c78c25273fab) and zero-initialize it (or use the corresponding `INIT` macro). +2. Call [`psa_hash_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga8d72896cf70fc4d514c5c6b978912515) to specify the algorithm. +3. Call [`psa_hash_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga65b16ef97d7f650899b7db4b7d1112ff) as many times as necessary. +4. To obtain the hash, call [`psa_hash_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga4795fd06a0067b0adcd92e9627b8c97e). Alternatively, to verify the hash against an expected value, call [`psa_hash_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga7be923c5700c9c70ef77ee9b76d1a5c0). + +If you need to interrupt the operation after calling the setup function without calling the finish or verify function, call [`psa_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gab0b4d5f9912a615559497a467b532928). + +There is no equivalent to `mbedtls_md_file` in the PSA API. Load the file data and calculate its hash. + +### MAC key management + +The legacy API and the PSA API have a different organization of operations in several respects: + +* In the legacy API, each operation object contains the necessary key material. In the PSA API, an operation object contains a reference to a key object. To perform a cryptographic operation, you must create a key object first. However, for a one-shot operation, you do not need an operation object, just a single function call. +* The legacy API uses the same interface for authenticated and non-authenticated ciphers, while the PSA API has separate functions. +* The legacy API uses the same functions for encryption and decryption, while the PSA API has separate functions where applicable. + +Here is an overview of the lifecycle of a key object. + +1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: + * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). + * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. + * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). By design, the same key cannot be used with multiple algorithms. + * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_SIGN_MESSAGE) to calculate a MAC or [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_VERIFY_MESSAGE) to verify the MAC of a message. To allow both directions, use the flag mask `PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE`. +2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. + * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. + * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). + * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). +3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. +4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. + +### MAC calculation + +The process for a HMAC operation in the legacy API is as follows: + +1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`. +2. Call `mbedtls_md_setup` to select the hash algorithm, with `hmac=1`. Then call `mbedtls_md_hmac_starts` to set the key. +3. Call `mbedtls_md_hmac_update` as many times as necessary. +4. Call `mbedtls_md_hmac_finish`. If verifying the MAC against an expected value, compare the result with the expected value. Note that this comparison should be in constant time to avoid a side channel vulnerability, for example using `mbedtls_ct_memcmp`. +5. Finally free the resources associated with the operation object by calling `mbedtls_md_free`. + +The process for a CMAC operation in the legacy API is as follows: + +1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. +2. Call `mbedtls_cipher_setup` to select the block cipher. Then call `mbedtls_md_cmac_starts` to set the key. +3. Call `mbedtls_cipher_cmac_update` as many times as necessary. +4. Call `mbedtls_cipher_cmac_finish`. If verifying the MAC against an expected value, compare the result with the expected value. Note that this comparison should be in constant time to avoid a side channel vulnerability, for example using `mbedtls_ct_memcmp`. +5. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. + +The process in the PSA API to calculate a MAC is as follows: + +1. Create an operation object of type [`psa_mac_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga78f0838b0c4e3db28b26355624d4bd37) and zero-initialize it (or use the corresponding `INIT` macro). +2. Call [`psa_mac_sign_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga03bc3e3c0b7e55b20d2a238e418d46cd) to specify the algorithm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier. +3. Call [`psa_mac_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga5560af371497babefe03c9da4e8a1c05) as many times as necessary. +4. To obtain the MAC, call [`psa_mac_sign_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gac22bc0125580c96724a09226cfbc97f2). + +To verify a MAC against an expected value, use the following process instead: + +1. Create an operation object of type [`psa_mac_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga78f0838b0c4e3db28b26355624d4bd37) and zero-initialize it (or use the corresponding `INIT` macro). +2. Call [`psa_mac_verify_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga08ae327fcbc5f8e201172fe11e536984) to specify the algorithm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier. +3. Call [`psa_mac_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga5560af371497babefe03c9da4e8a1c05) as many times as necessary. +4. To verify the MAC against an expected value, call [`psa_mac_verify_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gac92b2930d6728e1be4d011c05d485822). + +If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_mac_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd). + +The PSA API also offers functions for a one-shot MAC calculation, similar to `mbedtls_cipher_cmac`: + +* [`psa_mac_compute`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gabf02ebd3595ea15436967092b5d52878) to calculate the MAC of a buffer in memory. +* [`psa_mac_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gaf6988545df5d5e2466c34d753443b15a) to verify the MAC of a buffer in memory against an expected value. + +In both cases, see “[MAC key management](#mac-key-management)” for how to obtain a key identifier. + +### Miscellaneous hash or MAC operation management + +The equivalent of `mbedtls_md_reset`, `mbedtls_md_hmac_reset` or `mbedtls_cmac_reset` is to call [`psa_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gab0b4d5f9912a615559497a467b532928) or [`psa_mac_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd). Note that you must call a setup function to specify the algorithm and the key (for MAC) again, and they can be different ones. + +The equivalent of `mbedtls_md_clone` to clone a hash operation is [`psa_hash_clone`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga39673348f3302b4646bd780034a5aeda). A PSA MAC operation cannot be cloned. + +## Key derivation + +### HKDF + +PSA Crypto provides access to HKDF, HKDF-Extract and HKDF-Expand via its [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/). This is a generic interface using an operation object with one function call for each input and one function call for each output. + +1. Create an operation object of type [`psa_key_derivation_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga5f099b63799a0959c3d46718c86c2609) and zero-initialize it (or use the corresponding `INIT` macro). +2. Call [`psa_key_derivation_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69). For HKDF and variants, use one of the macros [`PSA_ALG_HKDF`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF), [`PSA_ALG_HKDF_EXTRACT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF_EXTRACT) or [`PSA_ALG_HKDF_EXPAND`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF_EXPAND) with the [hash algorithm](#hash-mechanism-selection) passed as an argument. For example `PSA_ALG_HKDF(PSA_ALG_SHA_256)` selects HKDF-SHA-256. +3. Call [`psa_key_derivation_input_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga8fd934dfb0ca45cbf89542ef2a5494c2) on each of the inputs in the order listed below. (Use [`psa_key_derivation_input_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The input step value for each step is as follows: + 1. [`PSA_KEY_DERIVATION_INPUT_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gab62757fb125243562c3947a752470d4a) for the salt used during the extraction step. Omit this step for HKDF-Expand. For HKDF, you may omit this step if the salt is empty. + 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the secret input. + 3. [`PSA_KEY_DERIVATION_INPUT_INFO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gacef8df989e09c769233f4b779acb5b7d) for the info string used during the expansion step. Omit this step for HKDF-Extract. +4. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks. Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key. +5. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object. + +### PKCS#5 module + +Applications currently using `mbedtls_pkcs5_pbkdf2_hmac` or `mbedtls_pkcs5_pbkdf2_hmac_ext` can switch to the PSA key derivation API for PBKDF2 (not yet implemented at the time of writing, scheduled to be released in Mbed TLS 3.5). This is a generic interface using an operation object with one function call for each input and one function call for each output. + +1. Create an operation object of type [`psa_key_derivation_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga5f099b63799a0959c3d46718c86c2609) and zero-initialize it (or use the corresponding `INIT` macro). +2. Call [`psa_key_derivation_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69). For PBKDF2-HMAC, select `PSA_ALG_PBKDF2_HMAC(hash)` where `hash` is the underlying hash algorithm (see “[Hash mechanism selection](#hash-mechanism-selection)”). +3. Call `psa_key_derivation_input_cost` with the step `PSA_KEY_DERIVATION_INPUT_COST` to select the iteration count. +4. Call [`psa_key_derivation_input_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga8fd934dfb0ca45cbf89542ef2a5494c2) on each of the inputs in the order listed below. (Use [`psa_key_derivation_input_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The input step value for each step is as follows: + 1. [`PSA_KEY_DERIVATION_INPUT_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gab62757fb125243562c3947a752470d4a) for the salt used during the extraction step. You may repeat this step to pass the salt in pieces (for example a salt and a pepper). + 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the password. +5. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks. + Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key. + If you want to verify the output against an expected value (for authentication, rather than to derive key material), call `psa_key_derivation_verify_bytes` or `psa_key_derivation_verify_key` instead of `psa_key_derivation_output_bytes`. +6. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object. + +The function `mbedtls_pkcs5_pbes2` is only inteded as a support function to parse encrypted private keys in the PK module. It has no PSA equivalent. + +### PKCS#12 module + +The functions `mbedtls_pkcs12_derivation` and `mbedtls_pkcs12_pbes2` are only intended as supports function to parse encrypted private keys in the PK module. They have no PSA equivalent. + +## Random generation + +### Random generation interface + +The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually, so most applications using PSA crypto do not need the interfaces from `entropy.h`, `ctr_drbg.` and `hmac_drbg.h`. + +The PSA API uses its internal random generator to generate keys (`psa_generate_key`), nonces for encryption (`psa_cipher_generate_iv`, `psa_cipher_encrypt`, `psa_aead_generate_nonce`, `psa_aead_encrypt`, `psa_asymmetric_encrypt`), and other random material as needed. If you need random data for some other purposes, call [`psa_generate_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). + +### Entropy sources + +Unless explicitly configured otherwise, the PSA random generator uses the default entropy sources configured through the legacy interface (`MBEDTLS_ENTROPY_xxx` symbols). Its set of sources is equivalent to an entropy object configured with `mbedtls_entropy_init`. + +A future version of Mbed TLS will include a PSA interface for configuring entropy sources. This is likely to replace the legacy interface in Mbed TLS 4.0. + +### Deterministic pseudorandom generation + +The PSA API does not have a dedicated interface for pseudorandom generation. The [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) can serve a similar purpose in some applications, but it does not offer CTR\_DRBG or HMAC\_DRBG. If you need these algorithms, keep using `ctr_drbg.h` and `hmac_drbg.h`, but note that they may be removed from the public API in Mbed TLS 4.0. + +## Asymmetric cryptography + +The PSA API supports RSA (see “[RSA mechanism selection](#rsa-mechanism-selection)”), elliptic curve cryptography (see “[ECC mechanism selection](#elliptic-curve-mechanism-selection)” and “[EC-JPAKE](#ec-jpake)”) and finite-field Diffie-Hellman (see “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). + +### Key lifecycle for asymmetric cryptography + +In the PSA API, keys are referenced by an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t). +(Some documentation references [`mbedtls_svc_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv420mbedtls_svc_key_id_t); the two types are identical except when the library is configured for use in a multi-client cryptography service.) +The PSA key identifier tends to play the same role as a `mbedtls_pk_context`, `mbedtls_rsa_context` or `mbedtls_ecp_keypair` structure in the legacy API; however there are major differences in the way the two APIs can be used to create keys or to obtain information about a key. + +Here is an overview of the lifecycle of a PSA key object. + +1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: + * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). + * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's conceptual size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. + * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” as well as “[Public-key cryptography policies](#public-key-cryptography-policies)”). + * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable the desired usage types (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). +2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. + * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. + * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). + * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). +3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. +4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. + +### Public-key cryptography policies + +A key's policy indicates what algorithm(s) it can be used with (usage algorithm policy) and what operations are permitted (usage flags). + +The following table lists the relevant usage flags for asymmetric cryptography. You can pass an bitwise-or of those flags to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de). + +| Usage | Flag | +| ----- | ---- | +| export public key | 0 (always permitted) | +| export private key | [`PSA_KEY_USAGE_EXPORT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga7dddccdd1303176e87a4d20c87b589ed) | +| Sign a message directly | [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) | +| Sign an already-calculated hash | at least one of [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) or [`PSA_KEY_USAGE_SIGN_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) | +| Verify a message directly | [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) | +| Verify an already-calculated hash | at least one of [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) or [`PSA_KEY_USAGE_VERIFY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gafadf131ef2182045e3483d03aadaa1bd) | +| Encryption | [`PSA_KEY_USAGE_`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga75153b296d045d529d97203a6a995dad) | +| Decryption | [`PSA_KEY_USAGE_`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gac3f2d2e5983db1edde9f142ca9bf8e6a) | +| Key agreement | [`PSA_KEY_USAGE_DERIVE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gaf19022acc5ef23cf12477f632b48a0b2) | + +The sections “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” cover the available algorithm values for each key type. Normally, a key can only be used with a single algorithm, following standard good practice. However, there are two ways to relax this requirement. + +* Many signature algorithms encode a hash algorithm. Sometimes the same key may need to be used to sign messages with multiple different hashes. In an algorithm policy, you can use [`PSA_ALG_ANY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_ANY_HASH) instead of a hash algorithm value to allow the key to be used with any hash. For example, `psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH))` allows the key to be used with RSASSA-PSS, with different hash algorithhms in each operation. +* In addition to the algorithm (or wildcard) selected with [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98), you can use [`psa_set_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaffa134b74aa52aa3ed9397fcab4005aa) to permit a second algorithm (or wildcard). This is intended for scenarios where a key is normally used with a single algorithm, but needs to be used with a different algorithm for enrollment (such as an ECDH key for which an ECDSA proof-of-possession is also required). + +### Asymmetric cryptographic mechanisms + +#### RSA mechanism selection + +The PK types `MBEDTLS_PK_RSA`, `MBEDTLS_PK_RSASSA_PSS` and `MBEDTLS_PK_RSA_ALT` correspond to RSA key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. +See “[RSA-ALT interface](#rsa-alt-interface)” for more information about `MBEDTLS_PK_RSA_ALT`. + +The PSA API uses policies and algorithm parameters rather than key types to distinguish between `MBEDTLS_PK_RSA` and `MBEDTLS_PK_RSASSA_PSS`. The algorithm selection also replaces the use of `mbedtls_rsa_set_padding` on an `mbedtls_rsa_context` object. See the list of algorithms below and the signature and encryption sections for more information. + +An RSA public key has the type [`PSA_KEY_TYPE_RSA_PUBLIC_KEY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9ba0878f56c8bcd1995ac017a74f513b). + +An RSA key pair has the type [`PSA_KEY_TYPE_RSA_KEY_PAIR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11745b110166e927e2abeabc7d532051). A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). +You can always use a private key for operations on the corresponding public key (as long as the policy permits it). + +The following cryptographic algorithms work with RSA keys: + +* PKCS#1v1.5 RSA signature: [`PSA_ALG_RSA_PKCS1V15_SIGN`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga702ff75385a6ae7d4247033f479439af), [`PSA_ALG_RSA_PKCS1V15_SIGN_RAW`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4215e2a78dcf834e9a625927faa2a817). +* PKCS#1v1.5 RSA encryption: [`PSA_ALG_RSA_PKCS1V15_CRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4c540d3abe43fb9abcb94f2bc51acef9). +* PKCS#1 RSASSA-PSS signature: [`PSA_ALG_RSA_PSS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d), [`PSA_ALG_RSA_PSS_ANY_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b). +* PKCS#1 RSAES-OAEP encryption: [`PSA_ALG_RSA_OAEP`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa1235dc3fdd9839c6c1b1a9857344c76). + +#### Elliptic curve mechanism selection + +The PK types `MBEDTLS_PK_ECKEY`, `MBEDTLS_PK_ECKEY_DH` and `MBEDTLS_PK_ECDSA` correspond to RSA key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. The PSA API uses policies and algorithm parameters rather than key types to distinguish between the PK EC types. + +An ECC public key has the type [`PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad54c03d3b47020e571a72cd01d978cf2) where `curve` is a curve family identifier. + +An ECC key pair has the type [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) where `curve` is a curve family identifier. A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). +You can always use a private key for operations on the corresponding public key (as long as the policy permits it). + +A curve is fully determined by a curve family identifier and the private key size in bits. The following table gives the correspondence between legacy and PSA elliptic curve designations. + +| Mbed TLS legacy curve identifier | PSA curve family | Curve bit-size | +| -------------------------------- | ---------------- | -------------- | +| `MBEDTLS_ECP_DP_SECP192R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 192 | +| `MBEDTLS_ECP_DP_SECP224R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 224 | +| `MBEDTLS_ECP_DP_SECP256R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | +| `MBEDTLS_ECP_DP_SECP384R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 384 | +| `MBEDTLS_ECP_DP_SECP521R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 521 | +| `MBEDTLS_ECP_DP_BP256R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 256 | +| `MBEDTLS_ECP_DP_BP384R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 384 | +| `MBEDTLS_ECP_DP_BP512R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 512 | +| `MBEDTLS_ECP_DP_CURVE25519` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 255 | +| `MBEDTLS_ECP_DP_SECP192K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 192 | +| `MBEDTLS_ECP_DP_SECP224K1` | not supported | 224 | +| `MBEDTLS_ECP_DP_SECP256K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | +| `MBEDTLS_ECP_DP_CURVE448` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 448 | + +The following cryptographic algorithms work with ECC keys: + +* ECDH key agreement (including X25519 and X448): [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43). +* ECDSA: [`PSA_ALG_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3), [`PSA_ALG_ECDSA_ANY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga51d6b6044a62e33cae0cf64bfc3b22a4), [`PSA_ALG_DETERMINISTIC_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03). + +#### Diffie-Hellman mechanism selection + +A finite-field Diffie-Hellman public key has the type [`PSA_KEY_TYPE_DH_PUBLIC_KEY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa22f0f2ea89b929f2fadc19890cc5d5c). + +A finite-field Diffie-Hellman key pair has the type [`PSA_KEY_TYPE_DH_KEY_PAIR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c). A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). + +The PSA API only supports Diffie-Hellman with predefined groups. A group is fully determined by a group family identifier and the public key size in bits. + +| Mbed TLS DH group P value | PSA DH group family | Bit-size | +| ------------------------- | ------------------- | -------- | +| `MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 2048 | +| `MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 3072 | +| `MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 4096 | +| `MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 6144 | +| `MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 8192 | + +A finite-field Diffie-Hellman key can be used for key agreement with the algorithm [`PSA_ALG_FFDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0ebbb6f93a05b6511e6f108ffd2d1eb4). + +### Creating keys for asymmetric cryptography + +The easiest way to create a key pair object is by randomly generating it with [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). Compared with the low-level functions from the legacy API (`mbedtls_rsa_gen_key`, `mbedtls_ecp_gen_privkey`, `mbedtls_ecp_gen_keypair`, `mbedtls_ecp_gen_keypair_base`, `mbedtls_ecdsa_genkey`), this directly creates an object that can be used with high-level APIs, but removes some of the flexibility. Note that if you want to export the generated private key, you must pass the flag [`PSA_KEY_USAGE_EXPORT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga7dddccdd1303176e87a4d20c87b589ed) to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de); exporting the public key with [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) is always permitted. + +For RSA keys, `psa_generate_key` always uses 65537 as the public exponent. If you need a different public exponent, use the legacy interface to create the key then import it as described in “[Importing legacy keys via the PK module](#importing-legacy-keys-via-the-pk-module)”. + +To create a key object from existing material, use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). While this function has the same basic goal as the PK parse functions (`mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`), it is limited to a single format that just contains the number(s) that make up the key, with very little metadata. This format is a substring of the formats accepted by the PK functions (except for finite-field Diffie-Hellman which the PK module does not support). The table below summarizes the PSA import/export format for key pairs and public keys; see the documentation of [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) for more details. + +| Key type | PSA import/export format | +| -------- | ------------------------ | +| RSA key pair | PKCS#1 RSAPrivateKey DER encoding (including both private exponent and CRT parameters) | +| RSA public key | PKCS#1 RSAPublicKey DER encoding | +| ECC key pair | Fixed-length private value (not containing the public key) | +| ECC public key (Weierstrass curve) | Fixed-length uncompressed point | +| ECC public key (Montgomery curve) | Fixed-length public value | +| FFDH key pair | Fixed-length private value (not containing the public key) | +| FFDH public key | Fixed-length public value | + +There is no equivalent of `mbedtls_pk_parse_keyfile` and `mbedtls_pk_parse_public_keyfile`. Either call the legacy function or load the file data manually. + +A future extension of the PSA API will support other import formats. Until those are implemented, see the following subsections for ways to use the PK module for key parsing and construct a PSA key object from the PK object. + +#### Importing legacy keys via the PK module + +You can use glue functions in the PK module to create a key object using the legacy API, then import that object into the PSA subsystem. This is useful for use cases that the PSA API does not currently cover, such as: + +* Parsing a key in a format with metadata without knowing its type ahead of time. +* Importing a key which you have in the form of a list of numbers, rather than the binary encoding required by `psa_import_key`. +* Importing a key with less information than what the PSA API needs, for example an ECC public key in compressed format, an RSA private key without the private exponent, or an RSA private key without the CRT parameters. +* Generating an RSA key with $e \ne 65537$. + +#### Importing a PK key by wrapping + +If you have a PK object, you can call `mbedtls_pk_wrap_as_opaque` to create a PSA key object with the same key material. (This function is only present in builds with `MBEDTLS_USE_PSA_CRYPTO` enabled. It is experimental and [will likely be replaced by a slightly different interface in a future version of Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/7760)) This function automatically determines the PSA key type, and lets you specify the usage policy (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). Once you've called this function, you can destroy the PK object. This function calls `psa_import_key` internally; call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to destroy the PSA key object once your application no longer needs it. Common scenarios where this flow is useful are: + +* You have working code that's calling `mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`, `mbedtls_pk_parse_keyfile` or `mbedtls_pk_parse_public_keyfile` to create a PK object. +* You have working code that's using the `rsa.h` or `ecp.h` API to create a key object, and there is no PSA equivalent. + +You can use this flow to import an RSA key via a `mbedtls_rsa_context` object or an ECC key via a `mbedtls_ecp_keypair` object: + +1. Call `mbedtls_pk_init` then `mbedtls_pk_setup` to set up a PK context for the desired key type (`MBEDTLS_PK_RSA` or `MBEDTLS_PK_ECKEY`). +2. Call `mbedtls_pk_rsa` or `mbedtls_pk_ec` to obtain the underlying low-level context. +3. Call `mbedtls_rsa_xxx` or `mbedtls_ecp_xxx` functions to construct the desired key. For example: + * `mbedtls_rsa_import` or `mbedtls_rsa_import_raw` followed by `mbedtls_rsa_complete` to create an RSA private key without all the parameters required by the PSA API. + * `mbedtls_rsa_gen_key` to generate an RSA private key with a custom public exponent. +4. Call `mbedtls_pk_wrap_as_opaque` as described above to create a corresponding PSA key object. +5. Call `mbedtls_pk_free` to free the resources associated with the PK object. + +#### Importing a PK key by export-import + +This section explains how to export a PK object in the PSA import format. The process depends on the key type. You can use `mbedtls_pk_get_type` or `mbedtls_pk_can_do` to distinguish between RSA and ECC keys. The snippets below assume that the key is in an `mbedtls_pk_context pk`, and omit error checking. + +For an RSA private key: + +``` +unsigned char buf[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; +size_t length = mbedtls_pk_write_key_der(&pk, buf, sizeof(buf)); +psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; +psa_set_key_attributes(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); +psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); +psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); +psa_key_id_t key_id = 0; +psa_import_key(&attributes, buf + sizeof(buf) - length, length, &key_id); +mbedtls_pk_free(&pk); +``` + +For an ECC private key (a future version of Mbed TLS [will provide a function to calculate the curve family](https://github.com/Mbed-TLS/mbedtls/issues/7764)): + +``` +unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; +size_t length = PSA_BITS_TO_BYTES(mbedtls_pk_bitlen(&pk)); +mbedtls_ecp_keypair *ec = mbedtls_pk_ec(&pk); +mbedtls_ecp_write_key(ec, buf, length); +psa_ecc_curve_t curve = ...; // need to determine the curve family manually +psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; +psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); +psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); +psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); +psa_key_id_t key_id = 0; +psa_import_key(&attributes, buf, length, &key_id); +mbedtls_pk_free(&pk); +``` + +For an RSA or ECC public key: + +``` +unsigned char buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; +size_t length = mbedtls_pk_write_pubkey(&pk, buf, sizeof(buf)); +psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; +psa_set_key_attributes(&attributes, ...); // need to determine the type manually +psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); +psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); +psa_key_id_t key_id = 0; +psa_import_key(&attributes, buf + sizeof(buf) - length, length, &key_id); +mbedtls_pk_free(&pk); +``` + +#### Importing an elliptic curve key from ECP + +This section explains how to use the `ecp.h` API to create an elliptic curve key in a format suitable for `psa_import_key`. + +You can use this, for example, to import an ECC key in the form of a compressed point by calling `mbedtls_ecp_point_read_binary` then following the process below. + +The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. Error checks are omitted for simplicity. A future version of Mbed TLS [will provide a function to calculate the curve family](https://github.com/Mbed-TLS/mbedtls/issues/7764). + +``` +mbedtls_ecp_keypair ec; +mbedtls_ecp_keypair_init(&ec); +// Omitted: fill ec with key material +// (the public key will not be used and does not need to be set) +unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; +size_t length = PSA_BITS_TO_BYTES(mbedtls_pk_bitlen(&pk)); +mbedtls_ecp_write_key(&ec, buf, length); +psa_ecc_curve_t curve = ...; // need to determine the curve family manually +psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; +psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); +psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); +psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); +psa_key_id_t key_id = 0; +psa_import_key(&attributes, buf, length, &key_id); +mbedtls_ecp_keypair_free(&ec); +``` +The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. Error checks are omitted for simplicity. + +``` +mbedtls_ecp_group grp; +mbedtls_ecp_group_init(&grp); +mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_...); +mbedtls_ecp_point pt; +mbedtls_ecp_point_init(&pt); +// Omitted: fill pt with key material +unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_PUBLIC_KEY_MAX_SIZE)]; +size_t length; +mbedtls_ecp_point_write_binary(&grp, &pt, &length, buf, sizeof(buf)); +psa_ecc_curve_t curve = ...; // need to determine the curve family manually +psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; +psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)); +psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); +psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); +psa_key_id_t key_id = 0; +psa_import_key(&attributes, buf, length, &key_id); +mbedtls_ecp_point_free(&pt); +mbedtls_ecp_group_free(&grp); +``` + +### Key pair and public key metadata + +There is no equivalent to the type `mbedtls_pk_info_t` and the functions `mbedtls_pk_info_from_type` in the PSA API because it is unnecessary. All macros and functions operate directly on key type values (`psa_key_type_t`, `PSA_KEY_TYPE_xxx` constants) and algorithm values (`psa_algorithm_t`, `PSA_ALG_xxx` constants). + +You can call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) to populate a structure with the attributes of a key, then functions such as [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain a key's type (`PSA_KEY_TYPE_xxx` value) and size (nominal size in bits). + +The bit-size from `psa_get_key_bits` is the same as the one from `mbedtls_pk_get_bitlen`. To convert to bytes as with `mbedtls_pk_get_len` or `mbedtls_rsa_get_len`, you can use the macro `PSA_BITS_TO_BYTES`; however note that the PSA API has generic macros for each related buffer size (export, signature size, etc.), so you should generally use those instead. The present document lists those macros where it explains the usage of the corresponding function. + +Most uses of `mbedtls_pk_get_type` and `mbedtls_pk_can_do` only require knowing a key's type as reported by [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918). If needed, you can also access a key's policy from its attributes, with [`psa_get_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaa1af20f142ca722222c6d98678a0c448), [`psa_get_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac255da850a00bbed925390044f016b34) and [`psa_get_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga39803b62a97198cf630854db9b53c588). The algorithm policy also conveys the padding and hash information provided by `mbedtls_rsa_get_padding_mode` and `mbedtls_rsa_get_md_alg`. + +### Exporting a public key or a key pair + +To export a PSA key pair or public key, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf). If the key is a key pair, its policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). + +To export a PSA public key or to export the public key of a PSA key pair object, call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062). This is always permitted regardless of the key's policy. + +The export format is the same format used for `psa_import_key`, described in “[Creating keys for asymmetric cryptography](#creating-keys-for-asymmetric-cryptography)” above. + +A future extension of the PSA API will support other export formats. Until those are implemented, see the following subsections for ways to use the PK module to format a PSA key. + +#### Exporting a PK key by wrapping + +You can wrap a PSA key object in a PK key context with `mbedtls_pk_setup_opaque`. This allows you to call functions such as `mbedtls_pk_write_key_der`, `mbedtls_pk_write_pubkey_der`, `mbedtls_pk_write_pubkey_pem`, `mbedtls_pk_write_key_pem` or `mbedtls_pk_write_pubkey` to export the key data in various formats. + +### Signature operations + +The equivalent of `mbedtls_pk_sign`, `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pss_sign` or `mbedtls_rsa_rsassa_pss_sign_ext` to sign an already calculated hash is [`psa_sign_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga785e746a31a7b2a35ae5175c5ace3c5c). +The key must be a key pair allowing the usage `PSA_KEY_USAGE_SIGN_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). +Use [`PSA_SIGN_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGN_OUTPUT_SIZE) or [`PSA_SIGNATURE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGNATURE_MAX_SIZE) (similar to `MBEDTLS_PK_SIGNATURE_MAX_SIZE`) to determine the size of the output buffer. + +The equivalent of `mbedtls_pk_verify` or `mbedtls_pk_verify_ext` to verify an already calculated hash is [`psa_verify_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gae2ffbf01e5266391aff22b101a49f5f5). +The key must be a public key or a key pair allowing the usage `PSA_KEY_USAGE_VERIFY_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). + +Generally, `psa_sign_hash` and `psa_verify_hash` require the input to have the correct length for the hash (this has historically not always been enforced in the corresponding legacy APIs). + +See also “[Restartable ECDSA signature](#restartable-ecdsa-signature)” for a restartable variant of this API. + +The PSA API also has functions [`psa_sign_message`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga963ecadae9c38c85826f9a13cf1529b9) and [`psa_verify_message`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga01c11f480b185a4268bebd013df7c14c). These functions combine the hash calculation with the signature calculation or verification. +For `psa_sign_message`, either the usage flag `PSA_KEY_USAGE_SIGN_MESSAGE` or `PSA_KEY_USAGE_SIGN_HASH` is sufficient. +For `psa_verify_message`, either the usage flag `PSA_KEY_USAGE_VERIFY_MESSAGE` or `PSA_KEY_USAGE_VERIFY_HASH` is sufficient. + +Most signature algorithms involve a hash algorithm. See “[Hash mechanism selection](#hash-mechanism-selection)”. + +The following subsections describe the PSA signature mechanisms that correspond to legacy Mbed TLS mechanisms. + +#### ECDSA signature + +In the PSA API, **the format of an ECDSA signature is the raw fixed-size format. This is different from the legacy API** which uses the ASN.1 DER format for ECDSA signatures. A future version of Mbed TLS [will provide a way to convert between the two formats](https://github.com/Mbed-TLS/mbedtls/issues/7765). + + +This is the mechanism provided by `mbedtls_pk_sign` and `mbedtls_pk_verify` for ECDSA keys, and by `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext`, `mbedtls_ecdsa_write_signature`, `mbedtls_ecdsa_write_signature` and `mbedtls_ecdsa_verify`, . + +The PSA API offers three algorithm constructors for ECDSA. They differ only for signature, and have exactly the same behavior for verification. + +* [`PSA_ALG_ECDSA(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3) is a randomized ECDSA signature of a hash calculated with the algorithm `hash`. +* [`PSA_ALG_ECDSA_ANY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga51d6b6044a62e33cae0cf64bfc3b22a4) is equivalent to `PSA_ALG_ECDSA`, but does not require specifying a hash as part of the algorithm. It can only be used with `psa_sign_hash` and `psa_verify_hash`, with no constraint on the length of the hash. +* [`PSA_ALG_DETERMINISTIC_ECDSA(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03) is a deterministic ECDSA signature of a hash calculated with the algorithm `hash`. This is the same as the functionality offered by `MBEDTLS_ECDSA_DETERMINISTIC` in the legacy API. + * For `psa_sign_message` with `PSA_ALG_DETERMINISTIC_ECDSA`, the same hash algorithm is used to hash the message and to parametrize the deterministic signature generation. + +Unlike the legacy API, where `mbedtls_pk_sign` and `mbedtls_ecdsa_write_signature` automatically select deterministic ECDSA if both are available, the PSA API requires the application to select the preferred variant. ECDSA verification cannot distinguish between randomized and deterministic ECDSA (except in so far as if the same message is signed twice and the signatures are different, then at least one of the signatures is not the determinstic variant), so in most cases switching between the two is a compatible change. + +#### Restartable ECDSA signature + +There is a PSA API for interruptible public-key operations, offering similar functionality to the legacy restartable API (`mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable`, `mbedtls_ecdsa_sign_restartable`, `mbedtls_ecdsa_verify_restartable`, `mbedtls_ecdsa_write_signature_restartable`, `mbedtls_ecdsa_read_signature_restartable`). + +As of Mbed TLS 3.5, it is only implemented for ECDSA, for the same curves as the legacy API; this will likely be extended to ECDH in the short term. At the time of writing, no extension is planned to other curves or other algorithms. + +The flow of operations for an interruptible signature operation is as follows: + +1. Create an operation object of type [`psa_sign_hash_interruptible_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6948d4653175b1b530a265540066a7e7) and zero-initialize it (or use the corresponding `INIT` macro). +2. Call [`psa_sign_hash_start`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga441988da830205182b3e791352537fac) with the private key object and the hash to verify. +3. Call [`psa_sign_hash_complete`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga79849aaa7004a85d2ffbc4b658a333dd) repeatedly until it returns a status other than `PSA_OPERATION_INCOMPLETE`. + +The flow of operations for an interruptible signature verification operation is as follows: + +1. Create an operation object of type [`psa_verify_hash_interruptible_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga537054cf4909ad1426331ae4ce7148bb) and zero-initialize it (or use the corresponding `INIT` macro). +2. Call [`psa_verify_hash_start`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga912eb51fb94056858f451f276ee289cb) with the private key object and the hash and signature to verify. +3. Call [`psa_verify_hash_complete`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga67fe82352bc2f8c0343e231a70a5bc7d) repeatedly until it returns a status other than `PSA_OPERATION_INCOMPLETE`. + +If you need to interrupt the operation after calling the start function without waiting for the complete function to return a success or failure status, call [`psa_sign_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1gae893a4813aa8e03bd201fe4f1bbbb403) or [`psa_verify_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga18dc9c0cc27d590c5e3b186094d90f88). + +Call [`psa_interruptible_set_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6d86790b31657c13705214f373af869e) to set the number of basic operations per call. This is the same unit as `mbedtls_ecp_set_max_ops`. + +#### PKCS#1 v1.5 RSA signature + +This mechanism corresponds to `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_rsa_pkcs1_sign` and `mbedtls_rsa_pkcs1_verify` for an RSA key, unless PSS has been selected with `mbedtls_rsa_set_padding` on the underlying RSA key context. This mechanism also corresponds to `mbedtls_rsa_rsassa_pkcs1_v15_sign` and `mbedtls_rsa_rsassa_pkcs1_v15_verify`. + +The PSA API has two algorithm constructors: + +* [`PSA_ALG_RSA_PKCS1V15_SIGN(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga702ff75385a6ae7d4247033f479439af) formats the hash as specified in PKCS#1. The hash algorithm corresponds to the `md_alg` parameter of the legacy functions. +* [`PSA_ALG_RSA_PKCS1V15_SIGN_RAW`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4215e2a78dcf834e9a625927faa2a817) uses the “hash” input in lieu of a DigestInfo structure. This is the same as calling the legacy functions with `md_alg=MBEDTLS_MD_NONE`. + +#### PKCS#1 RSASSA-PSS signature + +This mechanism corresponds to `mbedtls_pk_sign_ext` and `mbedtls_pk_verify_ext` for an RSA key, as well as `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_rsa_pkcs1_sign` and `mbedtls_rsa_pkcs1_verify` if PSS has been selected on the underlying RSA context with `mbedlts_rsa_set_padding`. +It also corresponds to `mbedtls_rsa_rsassa_pss_sign` and `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_rsa_rsassa_pss_verify` and `mbedtls_rsa_rsassa_pss_verify_ext`. + +The PSA API has two algorithm constructors: [`PSA_ALG_RSA_PSS(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d) and [`PSA_ALG_RSA_PSS_ANY_SALT(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b). The hash algorithm `hash` corresponds to the `md_alg` parameter passed to the legacy API. It is used to hash the message, to create the salted hash, and for the mask generation with MGF1. The PSA API does not support using different hash algorithms for these different purposes. + +With respect to the salt length: + +* When signing, the salt is random, and the salt length is the largest possible salt length up to the hash length. This is the same as passing `MBEDTLS_RSA_SALT_LEN_ANY` as the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `saltlen` argument. +* When verifying, `PSA_ALG_RSA_PSS` requires the the salt length to the largest possible salt length up to the hash length (i.e. the same that would be used for signing). +* When verifying, `PSA_ALG_RSA_PSS_ANY_SALT` accepts any salt length. This is the same as passing `MBEDTLS_RSA_SALT_LEN_ANY` as the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `saltlen` argument. + +### Asymmetric encryption and decryption + +The equivalent of `mbedtls_pk_encrypt`, `mbedtls_rsa_pkcs1_encrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_encrypt` or `mbedtls_rsa_rsaes_oaep_encrypt` to encrypt a short message (typically a symmetric key) is [`psa_asymmetric_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gaa17f61e4ddafd1823d2c834b3706c290). +The key must be a public key allowing the usage `PSA_KEY_USAGE_ENCRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). +Use the macro [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a66ba3bd93e5ec52870ccc3848778bad8) or [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size. + +The equivalent of `mbedtls_pk_decrypt`, `mbedtls_rsa_pkcs1_decrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_decrypt` or `mbedtls_rsa_rsaes_oaep_decrypt` to decrypt a short message (typically a symmetric key) is [`psa_asymmetric_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga4f968756f6b22aab362b598b202d83d7). +The key must be a key pair allowing the usage `PSA_KEY_USAGE_DECRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). +Use the macro [`PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a61a246f3eac41989821d982e56fea6c1) or [`PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size. + +The following subsections describe the PSA asymmetric encryption mechanisms that correspond to legacy Mbed TLS mechanisms. + +#### RSA PKCS#1v1.5 encryption + +This is the mechanism used by the PK functions and by `mbedtls_rsa_pkcs1_{encrypt,decrypt}` unless `mbedtls_rsa_set_padding` has been called on the underlying RSA key context. +This is also the mechanism used by `mbedtls_rsa_rsaes_pkcs1_v15_{encrypt,decrypt}`. + +The PSA algorithm is [`PSA_ALG_RSA_PKCS1V15_CRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4c540d3abe43fb9abcb94f2bc51acef9). + +Beware that PKCS#1v1.5 decryption is subject to padding oracle attacks. Revealing when `psa_asymmetric_decrypt` returns `PSA_ERROR_INVALID_PADDING` may allow an adversary to decrypt arbitrary ciphertexts. + +#### RSA RSAES-OAEP + +This is the mechanism used by `mbedtls_rsa_rsaes_oaep_{encrypt,decrypt}`. + +The PSA algorithm is [`PSA_ALG_RSA_OAEP(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa1235dc3fdd9839c6c1b1a9857344c76) where `hash` is a hash algorithm value (`PSA_ALG_xxx`, see “[Hash mechanism selection](#hash-mechanism-selection)”). + +As with the PK API, the mask generation is MGF1, the label is empty, and the same hash algorithm is used for MGF1 and to hash the label. The PSA API does not offer a way to choose a different label or a different hash algorithm for the label. + +### PK functionality with no PSA equivalent + +There is no PSA equivalent of the debug functionality provided by `mbedtls_pk_debug`. Use `psa_export_key` to export the key if desired. + +There is no PSA equivalent to Mbed TLS's custom key type names exposed by `mbedtls_pk_get_name`. + +The PSA API does not expose partially constructed key objects. This makes the following functions unnecessary: + +* `mbedtls_rsa_copy`, `mbedtls_ecp_copy`: a PSA key object is immutable, so the copy would have to be identical. +* `mbedtls_pk_check_pair`, `mbedtls_rsa_check_privkey`, `mbedtls_rsa_check_pubkey`, `mbedtls_rsa_check_pub_priv`,`mbedtls_ecp_check_privkey`, `mbedtls_ecp_check_pubkey`, `mbedtls_ecp_check_pub_priv`: if a key has been constructed successfully, it is guaranteed to be valid. + +### Key agreement + +_(Section not written yet)_ + + + +### Additional information about Elliptic-curve cryptography + +_(Section not written yet)_ + + + +#### ECC functionality with no PSA equivalent + +There is no PSA equivalent of `mbedtls_ecdsa_can_do` to query the capabilities of a curve at runtime. Check the documentation of each curve family to see what algorithms it supports. + +There is no PSA equivalent to the types `mbedtls_ecdsa_context` and `mbedtls_ecdsa_restart_ctx`, and to basic ECDSA context manipulation functions including `mbedtls_ecdsa_from_keypair`, because they are not needed: the PSA API does not have ECDSA-specific context types. + +### Additional information about RSA + +#### RSA-ALT interface + +Implementers of the RSA-ALT interface (`MBEDTLS_PK_RSA_ALT` pk type, `mbedtls_pk_setup_rsa_alt` setup function) should migrate to the [PSA cryptoprocessor driver interface](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-driver-example-and-guide.md). + +* If the purpose of the ALT interface is acceleration only: use the accelerator driver interface. This is fully transparent to application code. +* If the purpose of the ALT interface is to isolate the private key in a high-security environment: use the opaque driver interface. This is mostly transparent to user code. Code that uses a key via its key identifier does not need to know whether the key is transparent (equivalent of `MBEDTLS_PK_RSA`) or opaque (equivalent of `MBEDTLS_PK_RSA_ALT`). When creating a key, it will be transparent by default; to create an opaque key, call [`psa_set_key_lifetime`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac03ccf09ca6d36cc3d5b43f8303db6f7) to set the key's location to the chosen location value for the driver, e.g. + ``` + psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_PERSISTENCE_VOLATILE, MY_RSA_DRIVER_LOCATION)); + ``` + +The PSA subsystem uses its internal random generator both for randomized algorithms and to generate blinding value. As a consequence, none of the API functions take an RNG parameter. + +#### RSA functionality with no PSA equivalent + +The PSA API does not provide direct access to the exponentiation primitive as with `mbedtls_rsa_public` and `mbedtls_rsa_private`. If you need an RSA-based mechanism that is not supported by the PSA API, please contact us so that we can extend the API to support it. + +The PSA API does not support constructing RSA keys progressively from numbers with `mbedtls_rsa_import` or `mbedtls_rsa_import_raw` followed by `mbedtls_rsa_complete`. See “[Importing a PK key by wrapping](#importing-a-pk-key-by-wrapping)”. + +There is no direct equivalent of `mbedtls_rsa_export`, `mbedtls_rsa_export_raw` and `mbedtls_rsa_export_crt` to export some of the numbers in a key. You can export the whole key with `psa_export_key`, or with `psa_export_public_key` to export the public key from a key pair object. See also “[Exporting a public key or a key pair](#exporting-a-public-key-or-a-key-pair)”. + +### PK format support interfaces + +The interfaces in `base64.h`, `asn1.h`, `asn1write.h`, `oid.h` and `pem.h` are intended to support X.509 and key file formats. They have no PSA equivalent since they are not directly about cryptography. They remain unchanged in Mbed TLS 3.x. In the future, they are likely to move out of the cryptography part of Mbed TLS and into the public-key/X.509 part. + +## EC-JPAKE + +The PSA API exposes EC-JPAKE via the algorithm [`PSA_ALG_JPAKE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#c.PSA_ALG_JPAKE) and the PAKE API functions. At the time of writing, the PAKE API is still experimental, but it should offer the same functionality as the legacy `ecjpake.h`. Please consult the documentation of your version of Mbed TLS for more information. From c7b53f3ab7cd66a0153b0d9273f13f46261408ef Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Jun 2023 21:31:53 +0200 Subject: [PATCH 002/653] Mention mbedtls_psa_get_random Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 24facffa60..007beca74a 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -591,6 +591,11 @@ The PSA subsystem has an internal random generator. As a consequence, you do not The PSA API uses its internal random generator to generate keys (`psa_generate_key`), nonces for encryption (`psa_cipher_generate_iv`, `psa_cipher_encrypt`, `psa_aead_generate_nonce`, `psa_aead_encrypt`, `psa_asymmetric_encrypt`), and other random material as needed. If you need random data for some other purposes, call [`psa_generate_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). +If your application mixes uses of the PSA crypto API and the mbedtls API and you need to pass an RNG argument to a legacy or X.509/TLS function, include the header file `` and use: + +* [`mbedtls_psa_get_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#_CPPv422mbedtls_psa_get_randomPvPh6size_t) as the `f_rng` argument; +* [`MBEDTLS_PSA_RANDOM_STATE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#c.MBEDTLS_PSA_RANDOM_STATE) as the `p_rng` argument. + ### Entropy sources Unless explicitly configured otherwise, the PSA random generator uses the default entropy sources configured through the legacy interface (`MBEDTLS_ENTROPY_xxx` symbols). Its set of sources is equivalent to an entropy object configured with `mbedtls_entropy_init`. From b33d0ac532eea27b850deb8f27d2485606816e1f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Jun 2023 18:33:15 +0200 Subject: [PATCH 003/653] Mention self-tests Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 007beca74a..34f7a74f22 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -196,6 +196,10 @@ If a mechanism is not enabled by `PSA_WANT_xxx`, Mbed TLS will often not include Under the hood, `PSA_WANT_xxx` enables the necessary legacy modules. Note that if a mechanism has a PSA accelerator driver, the corresponding legacy module is typically not needed. Thus applications that use a cryptographic mechanism both through the legacy API and through the PSA API need to explicitly enable both the `PSA_WANT_xxx` symbols and the `MBEDTLS_xxx` symbols. +### Self-tests + +There is currently [no PSA equivalent to the self-tests](https://github.com/Mbed-TLS/mbedtls/issues/7781) enabled by `MBEDTLS_SELF_TEST`. + ## Miscellaneous support modules ### Error messages From 5bd4f17e4e48cbffb38b92534ad01ad0af8a879b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Jun 2023 18:33:30 +0200 Subject: [PATCH 004/653] Cover ECDH and DHM Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 148 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 143 insertions(+), 5 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 34f7a74f22..80abd25a4e 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -712,9 +712,9 @@ The following cryptographic algorithms work with ECC keys: #### Diffie-Hellman mechanism selection -A finite-field Diffie-Hellman public key has the type [`PSA_KEY_TYPE_DH_PUBLIC_KEY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa22f0f2ea89b929f2fadc19890cc5d5c). +A finite-field Diffie-Hellman key pair has the type [`PSA_KEY_TYPE_DH_KEY_PAIR(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c) where `group` is a group family as explained below. -A finite-field Diffie-Hellman key pair has the type [`PSA_KEY_TYPE_DH_KEY_PAIR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c). A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). +A finite-field Diffie-Hellman public key has the type [`PSA_KEY_TYPE_DH_PUBLIC_KEY(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa22f0f2ea89b929f2fadc19890cc5d5c) where `group` is a group family as explained below. Due to the design of the API, there is rarely a need to use Diffie-Hellman public key objects. The PSA API only supports Diffie-Hellman with predefined groups. A group is fully determined by a group family identifier and the public key size in bits. @@ -1020,9 +1020,147 @@ The PSA API does not expose partially constructed key objects. This makes the fo ### Key agreement -_(Section not written yet)_ +The PSA API has a generic interface for key agreement, covering the main use of both `ecdh.h` and `dhm.h`. - +#### Diffie-Hellman key pair management + +The PSA API manipulates keys as such, rather than via an operation context. Thus, to use Diffie-Hellman, you need to create a key object, then perform the key exchange, then destroy the key. There is no equivalent to the types `mbedtls_ecdh_context` and `mbedtls_dhm_context`. + +Here is an overview of the lifecycle of a key object. + +1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: + * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value: + * [`PSA_KEY_TYPE_DH_KEY_PAIR(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c) for finite-field Diffie-Hellman (see “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). + * [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) for elliptic-curve Diffie-Hellman (see “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)”). + * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the private key size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. + * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to select the appropriate algorithm: + * [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43) or [`PSA_ALG_FFDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0ebbb6f93a05b6511e6f108ffd2d1eb4) for a raw key agreement. + * [`PSA_ALG_KEY_AGREEMENT(ka, kdf)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga78bb81cffb87a635c247725eeb2a2682) if the key will be used as part of a key derivation, where: + * `ka` is either `PSA_ALG_ECDH` or `PSA_ALG_FFDH`. + * `kdf` is a key derivation algorithm. + * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_DERIVE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_DERIVE). See “[Public-key cryptography policies](#public-key-cryptography-policies)” for more information. +2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. + * Use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) to generate a random key. This is normally the case for a Diffie-Hellman key. + * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. + * If the key is derived deterministically from other material, use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). +3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. +4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. + +#### Performing a key agreement + +Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain the public key that needs to be sent to the other party. +Use the macros [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to determine the size of the output buffer. + +Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to calculate the shared secret from your private key and the other party's public key. +Use the macros [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. + +Call [`psa_key_derivation_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga2cd5a8ac906747d3204ec442db78745f) instead of `psa_raw_key_agreement` to use the resulting shared secret as the secret input to a key derivation. See “[HKDF](#hkdf)” for an example of the key derivation interface. + +#### Translating a legacy key agreement contextless flow + +A typical flow for ECDH using the legacy API without a context object is: + +1. Initialize objects: + * `mbedtls_ecp_group grp` for the curve; + * `mbedtls_mpi our_priv` for our private key; + * `mbedtls_ecp_point our_pub` for our public key; + * `mbedtls_ecp_point their_pub` for their public key (this may be the same variable as `our_pub` if the application does not need to hold both at the same time); + * `mbedtls_mpi z` for the shared secret (this may be the same variable as `our_priv` when doing ephemeral ECDH). +2. Call `mbedtls_ecp_group_load` on `grp` to select the curve. +3. Call `mbedtls_ecdh_gen_public` on `grp`, `our_priv` (output) and `our_pub` (output) to generate a key pair and retrieve the corresponding public key. +4. Send `our_pub` to the peer. Retriev the peer's public key and import it into `their_pub`. These two actions may be performed in either order. +5. Call `mbedtls_ecdh_compute_shared` on `grp`, `z` (output), `their_pub` and `our_priv`. +6. Use the raw shared secret `z`, typically, to construct a shared key. +7. Free `grp`, `our_priv`, `our_pub`, `their_pub` and `z`. + +The corresponding flow with the PSA API is as follows: + +1. Initialize objects: + * `psa_key_id_t our_key`: a handle to our key pair; + * `psa_key_attributes_t attributes`: key attributes used in steps 2–3;; + * `our_pub`: a buffer of size [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) (where `key_type` is the value passed to `psa_set_key_size` in step 2) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to hold our key. + * `their_pub`: a buffer of the same size, to hold the peer's key. This can be the same as `our_pub` if the application does not need to hold both at the same time; + * `shared_secret`: a buffer of size [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) (if not using a key derivation operation). +2. Prepare an attribute structure as desccribed in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”, in particular selecting the curve with `psa_set_key_type`. +3. Call [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) on `attributes` and `our_key` (output) to generate a key pair, then [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on `our_key` and `our_pub` (output) to obtain our public key. +4. Send `our_pub` to the peer. Retriev the peer's public key and import it into `their_pub`. These two actions may be performed in either order. +5. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). + Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). +6. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) on `key_id`, and free the memory buffers. + +Steps 4–5 are only performed once for ephemeral Diffie-Hellman, but repeated multiple times for static Diffie-Hellman. + +#### Translating a legacy key agreement TLS server flow + +The legacy API offers the following flow for a Diffie-Hellman key agreement in a TLS server. This flow can also be used with other protocols, on the side of the party that selects the curve or group and sends its public key first. + +1. Setup phase: + 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. + 2. Call `mbedtls_ecdh_setup` or `mbedtls_dhm_set_group` to select the curve or group. + 3. Call `mbedtls_ecdh_make_params` or `mbedtls_dhm_make_params` to generate our key pair and obtain a TLS ServerKeyExchange message encoding the selected curve/group and our public key. +2. Send the ServerKeyExchange message to the peer. +3. Retrieve the peer's public key. +4. Call `mbedtls_ecdh_read_public` or `mbedtls_dhm_read_public` on the peer's public key, then call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret. +5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`. + +The corresponding flow with the PSA API is as follows: + +1. Setup phase: + 1. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”. + 2. Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain our public key. + 3. Format a ServerKeyExchange message containing the curve/group selection and our public key. +2. Send the ServerKeyExchange message to the peer. +3. Retrieve the peer's public key. +4. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). + Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). +5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair. + +#### Translating a legacy key agreement TLS client flow + +The legacy API offers the following flow for a Diffie-Hellman key agreement in a TLS client. This flow can also be used with other protocols, on the side of the party that receives a message indicating both the choice of curve or group, and the peer's public key. + +1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: + 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. + 2. Call `mbedtls_ecdh_read_params` or `mbedtls_dhm_read_params` to input the data from the ServerKeyExchange message. +2. Call `mbedtls_ecdh_make_public` or `mbedtls_dh_make_public` to generate our private key and export our public key. +3. Send our public key to the peer. +4. Call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret. +5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`. + +The corresponding flow with the PSA API is as follows: + +1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: + 1. Decode the select curve/group and use this to determine a PSA key type (`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)` or `PSA_KEY_TYPE_DH_KEY_PAIR(group)`), a key size and an algorithm. +2. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”. + Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain our public key. +3. Send our public key to the peer. +4. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). + Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). +5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair. + +#### ECDH and DHM metadata functions + +The legacy function `mbedtls_ecdh_get_params` allows the application to retrieve an `mbedtls_ecp_keypair` containing either our key pair, or the peer's public key. The PSA equivalent depends on the use case: + +* With either side, accessing the group: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the key identifier, then [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain metadata about the key. +* With `MBEDTLS_ECDH_OURS`, accessing the public key: call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on PSA key identifier. +* With `MBEDTLS_ECDH_OURS`, accessing the private key: call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). +* With `MBEDTLS_ECDH_THEIRS`, accessing the public key (there is no private key): there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. + +The functions `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len` and `mbedtls_dhm_get_value` allow the caller to obtain metadata about the keys used for the key exchange. The PSA equivalents access the key identifier: + +* `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len`: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the PSA key identifier, then [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06). +* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_X` (our private key): call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). +* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GX` (our public key): call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on PSA key identifier. +* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GY` (peer's public key): the there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. +* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_K` (shared secret): this is the value calculated by `psa_raw_key_agreement` or `psa_key_derivation_key_agreement`. If you need to use it multiple times (for example to derive multiple values independently), call `psa_raw_key_agreement` and make a copy. +* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_P` or `MBEDTLS_DHM_PARAM_G` (group parameters): [there is no PSA API to retrieve these values](https://github.com/Mbed-TLS/mbedtls/issues/7780). + +The PSA API for finite-field Diffie-Hellman only supports predefined groups. Therefore there is no equivalent to `mbedtls_dhm_parse_dhm`, `mbedtls_dhm_parse_dhmfile`, and the `MBEDTLS_DHM_xxx_BIN` macros. + +#### Restartable key agreement + +Restartable key agreement is not yet available through the PSA API. It will be added in a future version of the library. ### Additional information about Elliptic-curve cryptography @@ -1032,7 +1170,7 @@ _(Section not written yet)_ #### ECC functionality with no PSA equivalent -There is no PSA equivalent of `mbedtls_ecdsa_can_do` to query the capabilities of a curve at runtime. Check the documentation of each curve family to see what algorithms it supports. +There is no PSA equivalent of `mbedtls_ecdsa_can_do` and `mbedtls_ecdh_can_do` to query the capabilities of a curve at runtime. Check the documentation of each curve family to see what algorithms it supports. There is no PSA equivalent to the types `mbedtls_ecdsa_context` and `mbedtls_ecdsa_restart_ctx`, and to basic ECDSA context manipulation functions including `mbedtls_ecdsa_from_keypair`, because they are not needed: the PSA API does not have ECDSA-specific context types. From f75e65d90baeb812f303ebe6ee99553ced01396b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Jun 2023 18:39:14 +0200 Subject: [PATCH 005/653] Rename PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_USE to ..._BASIC per https://github.com/Mbed-TLS/mbedtls/issues/7439#issuecomment-1592673401 and https://github.com/Mbed-TLS/mbedtls/pull/7774#discussion_r1230658660 State that EXPORT implies BASIC. Also fix missing `WANT_` parts. Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 80abd25a4e..ed6c016e79 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -163,11 +163,11 @@ The availability of cryptographic mechanisms in the PSA API is based on a system * To make `PSA_KEY_TYPE_ttt` available, enable `PSA_WANT_KEY_TYPE_ttt`. As an exception, starting in Mbed TLS 3.5.0, for key pair types, the feature selection is more fine-grained, with an additional suffix: - * `PSA_KEY_TYPE_xxx_USE` enables support for operations with a key of that type (for enabled algorithms). This is automatically enabled if any key creation method (`IMPORT`, `GENERATE` or `DERIVE`) is enabled. - * `PSA_KEY_TYPE_xxx_IMPORT` enables support for `psa_import_key` to import a key of that type. - * `PSA_KEY_TYPE_xxx_GENERATE` enables support for `psa_generate_key` to randomly generate a key of that type. - * `PSA_KEY_TYPE_xxx_DERIVE` enables support for `psa_key_derivation_output_key` to deterministically derive a key of that type. - * `PSA_KEY_TYPE_xxx_EXPORT` enables support for `psa_export_key` to export a key of that type. + * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC` enables basic support for the key type, and in particular support for operations with a key of that type for enabled algorithms. This is automatically enabled if any of the other `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy` options is enabled. + * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_IMPORT` enables support for `psa_import_key` to import a key of that type. + * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_GENERATE` enables support for `psa_generate_key` to randomly generate a key of that type. + * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_DERIVE` enables support for `psa_key_derivation_output_key` to deterministically derive a key of that type. + * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_EXPORT` enables support for `psa_export_key` to export a key of that type. Enabling any support for a key pair type automatically enables support for the corresponding public key type, as well as support for `psa_export_public_key` on the private key. @@ -185,7 +185,7 @@ For example, the following configuration enables hashing with SHA-256, AEAD with #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 // ^^ In Mbed TLS <= 3.4, enable PSA_WANT_KEY_TYPE_ECC_KEY_PAIR instead -// ^^ implicitly enables PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_USE, PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY +// ^^ implicitly enables PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY #define PSA_WANT_ECC_SECP_R1_256 1 // secp256r1 (suitable for ECDSA and ECDH) #define PSA_WANT_ECC_MONTGOMERY_255 1 // Curve25519 (suitable for ECDH) #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 From 379ff8754d03ca23db2413e5b5eb687ed6fd5a02 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Jun 2023 21:15:21 +0200 Subject: [PATCH 006/653] Cover ecp.h Also correct some statements about rsa/ecp/pk check functions. Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 87 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 79 insertions(+), 8 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index ed6c016e79..c78d0e424f 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -196,6 +196,12 @@ If a mechanism is not enabled by `PSA_WANT_xxx`, Mbed TLS will often not include Under the hood, `PSA_WANT_xxx` enables the necessary legacy modules. Note that if a mechanism has a PSA accelerator driver, the corresponding legacy module is typically not needed. Thus applications that use a cryptographic mechanism both through the legacy API and through the PSA API need to explicitly enable both the `PSA_WANT_xxx` symbols and the `MBEDTLS_xxx` symbols. +### Optimization options + +When PSA Crypto mechanisms are implemented by the built-in code from Mbed TLS, the legacy optimization options (e.g. `MBEDTLS_SHA256_SMALLER`, `MBEDTLS_ECP_WINDOW_SIZE`, etc.) apply to the PSA implementation as well (they invoke the same code under the hood). + +The PSA Crypto API may use accelerator drivers. In this case any options controlling the driver behavior are driver-specific. + ### Self-tests There is currently [no PSA equivalent to the self-tests](https://github.com/Mbed-TLS/mbedtls/issues/7781) enabled by `MBEDTLS_SELF_TEST`. @@ -954,7 +960,7 @@ The flow of operations for an interruptible signature verification operation is If you need to interrupt the operation after calling the start function without waiting for the complete function to return a success or failure status, call [`psa_sign_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1gae893a4813aa8e03bd201fe4f1bbbb403) or [`psa_verify_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga18dc9c0cc27d590c5e3b186094d90f88). -Call [`psa_interruptible_set_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6d86790b31657c13705214f373af869e) to set the number of basic operations per call. This is the same unit as `mbedtls_ecp_set_max_ops`. +Call [`psa_interruptible_set_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6d86790b31657c13705214f373af869e) to set the number of basic operations per call. This is the same unit as `mbedtls_ecp_set_max_ops`. You can retrieve the current value with [`psa_interruptible_get_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga73e66a6d93f2690b626fcea20ada62b2). The value is [`PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible/#group__interruptible_1gad19c1da7f6b7d59d5873d5b68eb943d4) if operations are not restartable, which corresponds to `mbedtls_ecp_restart_is_enabled()` being false. #### PKCS#1 v1.5 RSA signature @@ -1007,17 +1013,34 @@ The PSA algorithm is [`PSA_ALG_RSA_OAEP(hash)`](https://mbed-tls.readthedocs.io/ As with the PK API, the mask generation is MGF1, the label is empty, and the same hash algorithm is used for MGF1 and to hash the label. The PSA API does not offer a way to choose a different label or a different hash algorithm for the label. +### Private-public key consistency + +There is no direct equivalent of the functions `mbedtls_rsa_check_privkey`, `mbedtls_rsa_check_pubkey`,`mbedtls_ecp_check_privkey`, `mbedtls_ecp_check_pubkey`. The PSA API performs some basic checks when it imports a key, and may perform additional checks before performing an operation if needed, so it will never perform an operation on a key that does not satisfy these checks, but the details of when the check is performed may change between versions of the library. + +The legacy API provide functions `mbedtls_pk_check_pair`, `mbedtls_rsa_check_pub_priv` and `mbedtls_ecp_check_pub_priv`, which can be used to check the consistency between a private key and a public key. To perform such a check with the PSA API, you can export the public keys; this works because the PSA representation of public keys is canonical. + +* Prepare a key object containing the private key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). +* Prepare a key object containing the public key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). +* Export both public keys with [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) (this is possible regardless of the usage policies on the keys) and compare the output. + ``` + // Error checking omitted + unsigned char pub1[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + unsigned char pub2[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + size_t length1, length2; + psa_export_public_key(key1, pub1, sizeof(pub1), &length1); + psa_export_public_key(key2, pub2, sizeof(pub2), &length2); + if (length1 == length2 && !memcmp(pub1, pub2, length1)) + puts("The keys match"); + else + puts("The keys do not match"); + ``` + ### PK functionality with no PSA equivalent There is no PSA equivalent of the debug functionality provided by `mbedtls_pk_debug`. Use `psa_export_key` to export the key if desired. There is no PSA equivalent to Mbed TLS's custom key type names exposed by `mbedtls_pk_get_name`. -The PSA API does not expose partially constructed key objects. This makes the following functions unnecessary: - -* `mbedtls_rsa_copy`, `mbedtls_ecp_copy`: a PSA key object is immutable, so the copy would have to be identical. -* `mbedtls_pk_check_pair`, `mbedtls_rsa_check_privkey`, `mbedtls_rsa_check_pubkey`, `mbedtls_rsa_check_pub_priv`,`mbedtls_ecp_check_privkey`, `mbedtls_ecp_check_pubkey`, `mbedtls_ecp_check_pub_priv`: if a key has been constructed successfully, it is guaranteed to be valid. - ### Key agreement The PSA API has a generic interface for key agreement, covering the main use of both `ecdh.h` and `dhm.h`. @@ -1164,9 +1187,47 @@ Restartable key agreement is not yet available through the PSA API. It will be a ### Additional information about Elliptic-curve cryptography -_(Section not written yet)_ +#### Information about a curve - +The legacy API identifies a curve by an `MBEDTLS_ECP_DP_xxx` value of type `mbedtls_ecp_group_id`. The PSA API identifies a curve by a `PSA_ECC_FAMILY_xxx` value and the private value's bit-size. See “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” for the correspondence between the two sets of values. + +There is no PSA equivalent of the `mbedtls_ecp_group` data structure (and so no equivalent to `mbedtls_ecp_group_init`, `mbedtls_ecp_group_load`, `mbedtls_ecp_group_copy` and `mbedtls_ecp_group_free`) or of the `mbedtls_ecp_curve_info` data structure (and so no equivalent to `mbedtls_ecp_curve_info_from_grp_id`) because they are not needed. All API elements identify the curve directly by its family and size. + +The bit-size used by the PSA API is the size of the private key. For most curves, the PSA bit-size, the `bit_size` field in `mbedtls_ecp_curve_info`, the `nbits` field in `mbedtls_ecp_group` and the `pbits` field in `mbedtls_ecp_group` are the same. The following table lists curves for which they are different. + +| Curve | `grp->nbits` | `grp->pbits` | `curve_info->bit_size` | PSA bit-size | +| ----- | ------------ | ------------ | ---------------------- | ------------ | +| secp224k1 | 224 | 225 | 224 | not supported | +| Curve25519 | 253 | 255 | 256 | 255 | +| Curve448 | 446 | 448 | 448 | 448 | + +There is no exact PSA equivalent of the type `mbedtls_ecp_curve_type` and the function `mbedtls_ecp_get_type`, but the curve family encodes the same information. `PSA_ECC_FAMILY_MONTGOMERY` is the only Montgomery family. All other families supported in Mbed TLS 3.4.0 are short Weierstrass families. + +There is no PSA equivalent for the following functionality: + +* The `name` field of `mbedtls_ecp_curve_info`, and the function `mbedtls_ecp_curve_info_from_name`. There is no equivalent of Mbed TLS's lookup based on a (nonstandard) name. +* The `tls_id` field of `mbedtls_ecp_curve_info`, the constant `MBEDTLS_ECP_TLS_NAMED_CURVE`, and the functions `mbedtls_ecp_curve_info_from_tls_id`, `mbedtls_ecp_tls_read_group`, `mbedtls_ecp_tls_read_group_id` and `mbedtls_ecp_tls_write_group`. The PSA crypto API does not have this dedicated support for the TLS protocol. +* Retrieving the parameters of a curve from the fields of an `mbedtls_ecp_group` structure. + +#### Information about supported curves + +The PSA API does not currently have a discovery mechanism for cryptographic mechanisms (although one may be added in the future). Thus there is no equivalent for `MBEDTLS_ECP_DP_MAX` and the functions `mbedtls_ecp_curve_list` and `mbedtls_ecp_grp_id_list`. + +The API provies macros that give the maximum supported sizes for various kinds of objects. The following table lists equivalents for `MBEDTLS_ECP_MAX_xxx` macros. + +| Legacy macro | PSA equivalent | +| ------------ | -------------- | +| `MBEDTLS_ECP_MAX_BITS` | [`PSA_VENDOR_ECC_MAX_CURVE_BITS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_VENDOR_ECC_MAX_CURVE_BITS) | +| `MBEDTLS_ECP_MAX_BYTES` | `PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)` | +| `MBEDTLS_ECP_MAX_PT_LEN` | [`PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE) | + +#### Restartable ECC + +The PSA API supports the equivalent of restartable operations, but only for signatures at the time of writing. See “[Restartable ECDSA signature](#restartable-ecdsa-signature)”. + +There is no PSA API for elliptic curve arithmetic as such, and therefore no equivalent of `mbedtls_ecp_restart_ctx` and functions that operate on it. + +There is PSA no equivalent of the `MBEDTLS_ECP_OPS_xxx` constants. #### ECC functionality with no PSA equivalent @@ -1174,6 +1235,14 @@ There is no PSA equivalent of `mbedtls_ecdsa_can_do` and `mbedtls_ecdh_can_do` t There is no PSA equivalent to the types `mbedtls_ecdsa_context` and `mbedtls_ecdsa_restart_ctx`, and to basic ECDSA context manipulation functions including `mbedtls_ecdsa_from_keypair`, because they are not needed: the PSA API does not have ECDSA-specific context types. +#### No curve arithmetic + +The PSA API is a cryptography API, not an arithmetic API. As a consequence, there is no PSA equivalent for the ECC arithmetic functionality exposed by `ecp.h`: + +* Manipulation of point objects and input-output: the type `mbedtls_ecp_point` and functions operating on it (`mbedtls_ecp_point_xxx`, `mbedtls_ecp_copy`, `mbedtls_ecp_{set,is}_zero`, `mbedtls_ecp_tls_{read,write}_point`). Note that the PSA export format for public keys corresponds to the uncompressed point format (`MBEDTLS_ECP_PF_UNCOMPRESSED`), so [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) are equivalent to `mbedtls_ecp_point_read_binary` and `mbedtls_ecp_point_write_binary` for uncompressed points. The PSA API does not currently support compressed points, but it is likely that such support will be added in the future. +* Manipulation of key pairs as such, with a bridge to bignum arithmetic (`mbedtls_ecp_keypair` type, `mbedtls_ecp_export`). However, the PSA export format for ECC private keys used by [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) is the same as the format used by `mbedtls_ecp_read_key` and `mbedtls_ecp_write_key`. +* Elliptic curve arithmetic (`mbedtls_ecp_mul`, `mbedtls_ecp_muladd` and their restartable variants). + ### Additional information about RSA #### RSA-ALT interface @@ -1197,6 +1266,8 @@ The PSA API does not support constructing RSA keys progressively from numbers wi There is no direct equivalent of `mbedtls_rsa_export`, `mbedtls_rsa_export_raw` and `mbedtls_rsa_export_crt` to export some of the numbers in a key. You can export the whole key with `psa_export_key`, or with `psa_export_public_key` to export the public key from a key pair object. See also “[Exporting a public key or a key pair](#exporting-a-public-key-or-a-key-pair)”. +A PSA key object is immutable, so there is no need for an equivalent of `mbedtls_rsa_copy`. (There is a function `psa_copy_key`, but it is only useful to make a copy of a key with a different policy of ownership; both concepts are out of scope of this document since they have no equivalent in the legacy API.) + ### PK format support interfaces The interfaces in `base64.h`, `asn1.h`, `asn1write.h`, `oid.h` and `pem.h` are intended to support X.509 and key file formats. They have no PSA equivalent since they are not directly about cryptography. They remain unchanged in Mbed TLS 3.x. In the future, they are likely to move out of the cryptography part of Mbed TLS and into the public-key/X.509 part. From 603f0fca6ef0ac56e94525a1db583845871894d9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 20 Jun 2023 23:38:21 +0200 Subject: [PATCH 007/653] The ECP curve name is the one from TLS, not one we made up Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index c78d0e424f..0659154524 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -1205,7 +1205,7 @@ There is no exact PSA equivalent of the type `mbedtls_ecp_curve_type` and the fu There is no PSA equivalent for the following functionality: -* The `name` field of `mbedtls_ecp_curve_info`, and the function `mbedtls_ecp_curve_info_from_name`. There is no equivalent of Mbed TLS's lookup based on a (nonstandard) name. +* The `name` field of `mbedtls_ecp_curve_info`, and the function `mbedtls_ecp_curve_info_from_name`. There is no equivalent of Mbed TLS's lookup based on the name used for the curve in TLS specifications. * The `tls_id` field of `mbedtls_ecp_curve_info`, the constant `MBEDTLS_ECP_TLS_NAMED_CURVE`, and the functions `mbedtls_ecp_curve_info_from_tls_id`, `mbedtls_ecp_tls_read_group`, `mbedtls_ecp_tls_read_group_id` and `mbedtls_ecp_tls_write_group`. The PSA crypto API does not have this dedicated support for the TLS protocol. * Retrieving the parameters of a curve from the fields of an `mbedtls_ecp_group` structure. From 909cf5a3ecc1e91c62e148f96f03400ca88869ff Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 20 Jun 2023 23:38:39 +0200 Subject: [PATCH 008/653] Show how to extract curve information from an ecp_keypair It's not pretty. Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 0659154524..fabac9c85a 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -800,16 +800,30 @@ psa_import_key(&attributes, buf + sizeof(buf) - length, length, &key_id); mbedtls_pk_free(&pk); ``` -For an ECC private key (a future version of Mbed TLS [will provide a function to calculate the curve family](https://github.com/Mbed-TLS/mbedtls/issues/7764)): +For an ECC private key (a future version of Mbed TLS [will provide a more direct way to find the curve family](https://github.com/Mbed-TLS/mbedtls/issues/7764)): ``` unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; size_t length = PSA_BITS_TO_BYTES(mbedtls_pk_bitlen(&pk)); mbedtls_ecp_keypair *ec = mbedtls_pk_ec(&pk); +psa_ecc_curve_t curve; +{ + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); + mbedtls_mpi d; + mbedtls_mpi_init(&d); + mbedtls_ecp_export(ec, &grp, &d, &Q); + size_t bits; + curve = mbedtls_ecc_group_to_psa(grp.id, &bits); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&Q); + mbedtls_mpi_free(&d); +} mbedtls_ecp_write_key(ec, buf, length); -psa_ecc_curve_t curve = ...; // need to determine the curve family manually psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); +psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); psa_key_id_t key_id = 0; From 948137be5923961acd6726f275d4e9bb3ddfbbfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 10 Aug 2023 16:58:04 +0200 Subject: [PATCH 009/653] Add details on use of ciphers from other modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../psa-migration/md-cipher-dispatch.md | 50 +++++++++++++------ 1 file changed, 36 insertions(+), 14 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index 355f5618dd..ba76f494b6 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -110,23 +110,45 @@ For the purposes of this work, three domains emerge: #### Non-use-PSA modules -The following modules in Mbed TLS call another module to perform cryptographic operations which, in the long term, will be provided through a PSA interface, but cannot make any PSA-related assumption: +The following modules in Mbed TLS call another module to perform cryptographic operations which, in the long term, will be provided through a PSA interface, but cannot make any PSA-related assumption. -* CCM (block cipher in ECB mode; interdependent with cipher) -* cipher (cipher and AEAD algorithms) -* CMAC (AES-ECB and DES-ECB, but could be extended to the other block ciphers; interdependent with cipher) -* CTR\_DRBG (AES-ECB, but could be extended to the other block ciphers) -* entropy (hashes via low-level) +Hashes and HMAC (after the work on MD-light): + +* entropy (hashes via MD-light) * ECDSA (HMAC\_DRBG; `md.h` exposed through API) -* ECJPAKE (hashes via md; `md.h` exposed through API) -* GCM (block cipher in ECB mode; interdependent with cipher) -* md (hashes and HMAC) -* NIST\_KW (AES-ECB; interdependent with cipher) +* ECJPAKE (hashes via MD-light; `md.h` exposed through API) +* MD (hashes and HMAC) * HMAC\_DRBG (hashes and HMAC via `md.h`; `md.h` exposed through API) -* PEM (AES and DES in CBC mode without padding; MD5 hash via low-level) -* PKCS12 (cipher, generically, selected from ASN.1 or function parameters; hashes via md; `cipher.h` exposed through API) -* PKCS5 (cipher, generically, selected from ASN.1; HMAC via `md.h`; `md.h` exposed through API) -* RSA (hash via md for PSS and OAEP; `md.h` exposed through API) +* PKCS12 (hashes via MD-light) +* PKCS5 (HMAC via `md.h`; `md.h` exposed through API) +* RSA (hash via MD-light for PSS and OAEP; `md.h` exposed through API) +* PEM (MD5 hash via MD-light) + +Symmetric ciphers and AEADs (before Cipher-light work): + +* PEM (AES and DES in CBC mode without padding) + AES and DES: setkey_dec + crypt_cbc + (look at test data for DES) +* PKCS12 (cipher, generically, selected from ASN.1 or function parameters; `cipher.h` exposed through API) + setup, setkey, set_iv, reset, update, finish (in sequence, once) + no documented restriction, block cipher in CBC mode in practice + (padding?) + (look at test cases) +* PKCS5 (cipher, generically, selected from ASN.1) + only DES-CBC or 3DES-CBC + (padding?) + setup, setkey, crypt +* CTR\_DRBG (AES-ECB, but could be extended to the other block ciphers) + setkey_enc + crypt_ecb +* CCM (block cipher in ECB mode; interdependent with cipher) + info, setup, setkey, update (several times), (never finish) +* CMAC (AES-ECB and DES-ECB, but could be extended to the other block ciphers; interdependent with cipher) + info, setup, setkey, update (several times), (never finish) +* GCM (block cipher in ECB mode; interdependent with cipher) + info, setup, setkey, update (several times), (never finish) +* NIST\_KW (AES-ECB; interdependent with cipher) + info, setup, setkey, update (several times), (never finish) +* cipher (cipher and AEAD algorithms) ### Difficulties From 36cd3f9f8ef6edbf9c7ba16a442117ddfa506748 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 11 Aug 2023 10:06:42 +0200 Subject: [PATCH 010/653] Add tentative definition of Cipher light MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../psa-migration/md-cipher-dispatch.md | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index ba76f494b6..488cf20db9 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -499,3 +499,54 @@ The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a l * Compile-time dependencies: instead of checking `defined(MBEDTLS_PSA_CRYPTO_C)`, check `defined(MBEDTLS_PSA_CRYPTO_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)`. * Implementers of `MBEDTLS_PSA_CRYPTO_CLIENT` will need to provide `psa_can_do_hash()` (or a more general function `psa_can_do`) alongside `psa_crypto_init()`. Note that at this point, it will become a public interface, hence we won't be able to change it at a whim. + +### Cipher light + +#### Definition + +**Note:** this definition is tentative an may be refined when implementing and +testing, based and what's needed by internal users of Cipher light. + +Cipher light will be automatically enabled in `build_info.h` by modules that +need it. (Tentative list: PEM, PCKS12, PKCS5, CTR\_DRBG, CCM, CMAC, GCM, +NIS\_KW, PSA Crypto.) Note: some of these modules currently depend on the +full `CIPHER_C` (enforced by `check_config.h`); this hard dependency would be +replace by the above auto-enablement. + +Cipher light includes: +- info functions; +- support for block ciphers in ECB mode (to be confirmed: supporting one block + at a time could be enough); +- support for block ciphers in CBC mode with no padding (to be confirmed: do + we need a padding mode?); +- support for both the "one-shot" and "streaming" APIs for block ciphers. + +This excludes: +- the AEAD/KW API (both one-shot and streaming); +- support for stream ciphers; +- support for other modes of block ciphers (CTR, CFB, etc.); +- support for (other) padding modes of CBC. + +The following API functions, and supporting types, are candidates for +inclusion in the Cipher light API, with limited features as above: +``` +mbedtls_cipher_info_from_psa +mbedtls_cipher_info_from_type +mbedtls_cipher_info_from_values + +mbedtls_cipher_info_get_block_size +mbedtls_cipher_info_get_iv_size +mbedtls_cipher_info_get_key_bitlen + +mbedtls_cipher_init +mbedtls_cipher_setup +mbedtls_cipher_setkey +mbedtls_cipher_set_padding_mode +mbedtls_cipher_crypt +mbedtls_cipher_free + +mbedtls_cipher_set_iv +mbedtls_cipher_reset +mbedtls_cipher_update +mbedtls_cipher_finish +``` From 839d3580bd9eb1bba89887c515837a871c0078aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 15 Sep 2023 21:27:19 +0200 Subject: [PATCH 011/653] Update details of modules using cipher operations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../psa-migration/md-cipher-dispatch.md | 82 +++++++++++++------ 1 file changed, 57 insertions(+), 25 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index 488cf20db9..6bd0694c47 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -112,7 +112,7 @@ For the purposes of this work, three domains emerge: The following modules in Mbed TLS call another module to perform cryptographic operations which, in the long term, will be provided through a PSA interface, but cannot make any PSA-related assumption. -Hashes and HMAC (after the work on MD-light): +Hashes and HMAC (after the work on driver-only hashes): * entropy (hashes via MD-light) * ECDSA (HMAC\_DRBG; `md.h` exposed through API) @@ -124,31 +124,63 @@ Hashes and HMAC (after the work on MD-light): * RSA (hash via MD-light for PSS and OAEP; `md.h` exposed through API) * PEM (MD5 hash via MD-light) -Symmetric ciphers and AEADs (before Cipher-light work): +Symmetric ciphers and AEADs (before work on driver-only cipher): -* PEM (AES and DES in CBC mode without padding) - AES and DES: setkey_dec + crypt_cbc - (look at test data for DES) -* PKCS12 (cipher, generically, selected from ASN.1 or function parameters; `cipher.h` exposed through API) - setup, setkey, set_iv, reset, update, finish (in sequence, once) - no documented restriction, block cipher in CBC mode in practice - (padding?) - (look at test cases) -* PKCS5 (cipher, generically, selected from ASN.1) - only DES-CBC or 3DES-CBC - (padding?) - setup, setkey, crypt -* CTR\_DRBG (AES-ECB, but could be extended to the other block ciphers) - setkey_enc + crypt_ecb -* CCM (block cipher in ECB mode; interdependent with cipher) - info, setup, setkey, update (several times), (never finish) -* CMAC (AES-ECB and DES-ECB, but could be extended to the other block ciphers; interdependent with cipher) - info, setup, setkey, update (several times), (never finish) -* GCM (block cipher in ECB mode; interdependent with cipher) - info, setup, setkey, update (several times), (never finish) -* NIST\_KW (AES-ECB; interdependent with cipher) - info, setup, setkey, update (several times), (never finish) -* cipher (cipher and AEAD algorithms) +* PEM: + * AES, DES or 3DES in CBC mode without padding, decrypt only (!). + * Currently using low-level non-generic APIs. + * No hard dependency, features guarded by `AES_C` resp. `DES_C`. + * Functions called: `setkey_dec()` + `crypt_cbc()`. +* PKCS12: + * In practice: 2DES or 3DES in CBC mode with PKCS7 padding, decrypt only + (when called from pkparse). + * In principle: any cipher-mode (default padding), passed an + `mbedtls_cipher_type_t` as an argument, no documented restriction. + * Cipher, generically, selected from ASN.1 or function parameters; + no documented restriction but in practice TODO (inc. padding and + en/decrypt, look at standards and tests) + * Unconditional dependency on `CIPHER_C` in `check_config.h`. + * Note: `cipher.h` exposed through API. + * Functions called: `setup`, `setkey`, `set_iv`, `reset`, `update`, `finish` (in sequence, once). +* PKCS5 (PBES2, `mbedtls_pkcs5_pbes2()`): + * 3DES or DES in CBC mode with PKCS7 padding, both encrypt and decrypt. + * Note: could also be AES in the future, see #7038. + * Unconditional dependency on `CIPHER_C` in `check_config.h`. + * Functions called: `setup`, `setkey`, `crypt`. +* CTR\_DRBG: + * AES in ECB mode, encrypt only. + * Currently using low-level non-generic API (`aes.h`). + * Unconditional dependency on `AES_C` in `check_config.h`. + * Functions called: `setkey_enc`, `crypt_ecb`. +* CCM: + * AES, Camellia or Aria in ECB mode, encrypt only. + * Unconditional dependency on `AES_C || CAMELLIA_C || ARIA_C` in `check_config.h`. + * Unconditional dependency on `CIPHER_C` in `check_config.h`. + * Note: also called by `cipher.c` if enabled. + * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish) +* CMAC: + * AES or DES in ECB mode, encrypt only. + * Unconditional dependency on `AES_C || DES_C` in `check_config.h`. + * Unconditional dependency on `CIPHER_C` in `check_config.h`. + * Note: also called by `cipher.c` if enabled. + * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish) +* GCM: + * AES, Camellia or Aria in ECB mode, encrypt only. + * Unconditional dependency on `AES_C || CAMELLIA_C || ARIA_C` in `check_config.h`. + * Unconditional dependency on `CIPHER_C` in `check_config.h`. + * Note: also called by `cipher.c` if enabled. + * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish) +* NIST\_KW: + * AES in ECB mode, both encryt and decrypt. + * Unconditional dependency on `AES_C || DES_C` in `check_config.h`. + * Unconditional dependency on `CIPHER_C` in `check_config.h`. + * Note: also called by `cipher.c` if enabled. + * Note: `cipher.h` exposed through API. + * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish) +* Cipher: + * potentially any cipher/AEAD in any mode and any direction + +Note: PSA cipher is built on Cipher, but PSA AEAD directly calls the underlying AEAD modules (GCM, CCM, ChachaPoly). ### Difficulties From ca18b7747e7738788df26c06c581e9c0f7c6a92a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 10 Oct 2023 09:45:28 +0200 Subject: [PATCH 012/653] Update definition of Cipher light MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../psa-migration/md-cipher-dispatch.md | 45 ++++++++++--------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index 6bd0694c47..3feda1115f 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -537,48 +537,51 @@ The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a l #### Definition **Note:** this definition is tentative an may be refined when implementing and -testing, based and what's needed by internal users of Cipher light. +testing, based and what's needed by internal users of Cipher light. The new +config symbol will not be considered public so its definition may change. Cipher light will be automatically enabled in `build_info.h` by modules that -need it. (Tentative list: PEM, PCKS12, PKCS5, CTR\_DRBG, CCM, CMAC, GCM, -NIS\_KW, PSA Crypto.) Note: some of these modules currently depend on the -full `CIPHER_C` (enforced by `check_config.h`); this hard dependency would be -replace by the above auto-enablement. +need it, namely: CTR\_DRBG, CCM, GCM. Note: CCM and GCM currently depend on +the full `CIPHER_C` (enforced by `check_config.h`); this hard dependency would +be replaced by the above auto-enablement. Cipher light includes: - info functions; -- support for block ciphers in ECB mode (to be confirmed: supporting one block - at a time could be enough); -- support for block ciphers in CBC mode with no padding (to be confirmed: do - we need a padding mode?); -- support for both the "one-shot" and "streaming" APIs for block ciphers. +- support for block ciphers in ECB mode, encrypt only (note: in Cipher, "ECB" + means just one block, contrary to PSA); +- the one-shot API as well as (part of) the streaming API; +- only AES, Aria and Camellia. This excludes: - the AEAD/KW API (both one-shot and streaming); - support for stream ciphers; -- support for other modes of block ciphers (CTR, CFB, etc.); -- support for (other) padding modes of CBC. +- support for other modes of block ciphers (CBC, CTR, CFB, etc.); +- DES and variants (3DES). The following API functions, and supporting types, are candidates for inclusion in the Cipher light API, with limited features as above: ``` -mbedtls_cipher_info_from_psa mbedtls_cipher_info_from_type -mbedtls_cipher_info_from_values - mbedtls_cipher_info_get_block_size -mbedtls_cipher_info_get_iv_size -mbedtls_cipher_info_get_key_bitlen mbedtls_cipher_init mbedtls_cipher_setup mbedtls_cipher_setkey -mbedtls_cipher_set_padding_mode mbedtls_cipher_crypt mbedtls_cipher_free -mbedtls_cipher_set_iv -mbedtls_cipher_reset mbedtls_cipher_update -mbedtls_cipher_finish +(mbedtls_cipher_finish) ``` + +Note: `mbedtls_cipher_info_get_block_size()` can be hard-coded to return 16, +as all three supported block ciphers have the same block size (DES was +excluded). + +Note: `mbedtls_cipher_finish()` is not required by any of the modules using +Cipher light, but it might be convenient to include it anyway as it's used in +the implementation of `mbedtls_cipher_crypt()`. + +#### Cipher light dual dispatch + +This is likely to come in the future, but has not been defined yet. From 2daee0410e725ef5ef5beb34d80ac35bbd88ac79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 10 Oct 2023 09:55:03 +0200 Subject: [PATCH 013/653] Update list of modules using hashes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/architecture/psa-migration/md-cipher-dispatch.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index 3feda1115f..76081deef4 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -118,9 +118,11 @@ Hashes and HMAC (after the work on driver-only hashes): * ECDSA (HMAC\_DRBG; `md.h` exposed through API) * ECJPAKE (hashes via MD-light; `md.h` exposed through API) * MD (hashes and HMAC) +* HKDF (HMAC via `md.h`; `md.h` exposed through API) * HMAC\_DRBG (hashes and HMAC via `md.h`; `md.h` exposed through API) * PKCS12 (hashes via MD-light) * PKCS5 (HMAC via `md.h`; `md.h` exposed through API) +* PKCS7 (hashes via MD) * RSA (hash via MD-light for PSS and OAEP; `md.h` exposed through API) * PEM (MD5 hash via MD-light) From 301d2a29a72292d4654be1929007e33fe69334ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 10 Oct 2023 10:02:03 +0200 Subject: [PATCH 014/653] Update to MD light section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mostly to reflect this has been implemented, and remove references to temporary remains from the previous strategy (hash_info, legacy_or_psa) which would probably be more confusing than helpful at this point. Signed-off-by: Manuel Pégourié-Gonnard --- .../psa-migration/md-cipher-dispatch.md | 32 +------------------ 1 file changed, 1 insertion(+), 31 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index 76081deef4..12b486a46a 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -323,8 +323,6 @@ These problems are easily solvable. ### MD light -https://github.com/Mbed-TLS/mbedtls/pull/6474 implements part of this specification, but it's based on Mbed TLS 3.2, so it needs to be rewritten for 3.3. - #### Definition of MD light MD light is a subset of `md.h` that implements the hash calculation interface described in ”[Designing an interface for hashes](#designing-an-interface-for-hashes)”. It is activated by `MBEDTLS_MD_LIGHT` in `mbedtls_config.h`. @@ -454,31 +452,7 @@ Note that this assumes that an operation that has been started via PSA can be co #### Error code conversion -After calling a PSA function, call `mbedtls_md_error_from_psa` to convert its status code. This function is currently defined in `hash_info.c`. - -### Migration to MD light - -#### Migration of modules that used to call MD and now do the legacy-or-PSA dance - -Get rid of the case where `MBEDTLS_MD_C` is undefined. Enable `MBEDTLS_MD_LIGHT` in `build_info.h`. - -#### Migration of modules that used to call a low-level hash module and now do the legacy-or-PSA dance - -Switch to calling MD (light) unconditionally. Enable `MBEDTLS_MD_LIGHT` in `build_info.h`. - -#### Migration of modules that call a low-level hash module - -Switch to calling MD (light). Enable `MBEDTLS_MD_LIGHT` in `build_info.h`. - -#### Migration of use-PSA mixed code - -Instead of calling `hash_info.h` functions to obtain metadata, get it from `md.h`. - -Optionally, code that currently tests on `MBEDTLS_USE_PSA_CRYPTO` just to determine whether to call MD or PSA to calculate hashes can switch to just having the MD variant. - -#### Remove `legacy_or_psa.h` - -It's no longer used. +After calling a PSA function, call `mbedtls_md_error_from_psa` to convert its status code. ### Support all legacy algorithms in PSA @@ -517,10 +491,6 @@ static inline psa_algorithm_t psa_alg_of_md_info( Work in progress on this conversion is at https://github.com/gilles-peskine-arm/mbedtls/tree/hash-unify-ids-wip-1 -#### Get rid of the hash_info module - -The hash_info module is redundant with MD light. Move `mbedtls_md_error_from_psa` to `md.c`, defined only when `MBEDTLS_MD_SOME_PSA` is defined. The rest is no longer used. - #### Unify HMAC with PSA PSA has its own HMAC implementation. In builds with both `MBEDTLS_MD_C` and `PSA_WANT_ALG_HMAC` not fully provided by drivers, we should have a single implementation. Replace the one in `md.h` by calls to the PSA driver interface. This will also give mixed-domain modules access to HMAC accelerated directly by a PSA driver (eliminating the need to a HMAC interface in software if all supported hashes have an accelerator that includes HMAC support). From f1878d89741ed968b55c2a10ce5d996073bd74bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 12 Oct 2023 11:19:00 +0200 Subject: [PATCH 015/653] Update to only serve GCM and CCM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../psa-migration/md-cipher-dispatch.md | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index 12b486a46a..11c5f21fbd 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -513,9 +513,9 @@ testing, based and what's needed by internal users of Cipher light. The new config symbol will not be considered public so its definition may change. Cipher light will be automatically enabled in `build_info.h` by modules that -need it, namely: CTR\_DRBG, CCM, GCM. Note: CCM and GCM currently depend on -the full `CIPHER_C` (enforced by `check_config.h`); this hard dependency would -be replaced by the above auto-enablement. +need it, namely: CCM, GCM. Note: CCM and GCM currently depend on the full +`CIPHER_C` (enforced by `check_config.h`); this hard dependency would be +replaced by the above auto-enablement. Cipher light includes: - info functions; @@ -533,27 +533,21 @@ This excludes: The following API functions, and supporting types, are candidates for inclusion in the Cipher light API, with limited features as above: ``` -mbedtls_cipher_info_from_type +mbedtls_cipher_info_from_values mbedtls_cipher_info_get_block_size mbedtls_cipher_init mbedtls_cipher_setup mbedtls_cipher_setkey -mbedtls_cipher_crypt mbedtls_cipher_free mbedtls_cipher_update -(mbedtls_cipher_finish) ``` Note: `mbedtls_cipher_info_get_block_size()` can be hard-coded to return 16, as all three supported block ciphers have the same block size (DES was excluded). -Note: `mbedtls_cipher_finish()` is not required by any of the modules using -Cipher light, but it might be convenient to include it anyway as it's used in -the implementation of `mbedtls_cipher_crypt()`. - #### Cipher light dual dispatch This is likely to come in the future, but has not been defined yet. From 78fc0bd1db4ba98d3210372a9ae0a1b95c16ca10 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 8 Aug 2023 10:36:15 +0100 Subject: [PATCH 016/653] Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS on Windows-on-Arm Signed-off-by: Dave Rodgman --- library/alignment.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/library/alignment.h b/library/alignment.h index ab15986e51..211e7ac370 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -35,11 +35,16 @@ * efficient when this is not defined. */ #if defined(__ARM_FEATURE_UNALIGNED) \ - || defined(__i386__) || defined(__amd64__) || defined(__x86_64__) + || defined(__i386__) || defined(__amd64__) || defined(__x86_64__) \ + || defined(_M_ARM64) || defined(_M_ARM64EC) /* * __ARM_FEATURE_UNALIGNED is defined where appropriate by armcc, gcc 7, clang 9 * (and later versions) for Arm v7 and later; all x86 platforms should have * efficient unaligned access. + * + * https://learn.microsoft.com/en-us/cpp/build/arm64-windows-abi-conventions?view=msvc-170#alignment + * specifies that on Windows-on-Arm64, unaligned access is safe (except for uncached + * device memory). */ #define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS #endif From ad71b6a834b136249a2aee549f4b85644b424377 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 8 Aug 2023 10:37:33 +0100 Subject: [PATCH 017/653] Support ARM64EC in the same way as ARM64 in sha256 and sha512 Signed-off-by: Dave Rodgman --- library/sha256.c | 4 ++-- library/sha512.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 223badf00f..20d5188b6b 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -110,7 +110,7 @@ # include # endif # endif -#elif defined(_M_ARM64) +#elif defined(_M_ARM64) || defined(_M_ARM64EC) # if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \ defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) # include @@ -135,7 +135,7 @@ static int mbedtls_a64_crypto_sha256_determine_support(void) { return 1; } -#elif defined(_M_ARM64) +#elif defined(_M_ARM64) || defined(_M_ARM64EC) #define WIN32_LEAN_AND_MEAN #include #include diff --git a/library/sha512.c b/library/sha512.c index e739af2546..23e8745a52 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -154,7 +154,7 @@ static int mbedtls_a64_crypto_sha512_determine_support(void) NULL, 0); return ret == 0 && value != 0; } -#elif defined(_M_ARM64) +#elif defined(_M_ARM64) || defined(_M_ARM64EC) /* * As of March 2022, there don't appear to be any PF_ARM_V8_* flags * available to pass to IsProcessorFeaturePresent() to check for From be0928666614cf52510845ad1d3c44607b075f1d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 8 Aug 2023 10:42:55 +0100 Subject: [PATCH 018/653] Enable 8-byte fastpath in mbedtls_xor on ARM64 and ARM64EC Signed-off-by: Dave Rodgman --- library/common.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/common.h b/library/common.h index 3c472c685d..f838216910 100644 --- a/library/common.h +++ b/library/common.h @@ -188,7 +188,8 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned uint8x16_t x = veorq_u8(v1, v2); vst1q_u8(r + i, x); } -#elif defined(__amd64__) || defined(__x86_64__) || defined(__aarch64__) +#elif defined(__amd64__) || defined(__x86_64__) || \ + defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC) /* This codepath probably only makes sense on architectures with 64-bit registers */ for (; (i + 8) <= n; i += 8) { uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); @@ -227,7 +228,8 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, { size_t i = 0; #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) -#if defined(__amd64__) || defined(__x86_64__) || defined(__aarch64__) +#if defined(__amd64__) || defined(__x86_64__) || \ + defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC) /* This codepath probably only makes sense on architectures with 64-bit registers */ for (; (i + 8) <= n; i += 8) { uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); From 4ffd7c7614b8f6a9a083de0b9e8c5588ca987e4a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 5 Sep 2023 11:43:02 +0100 Subject: [PATCH 019/653] Introduce MBEDTLS_HAVE_NEON_INTRINSICS and simplify NEON header inclusion Signed-off-by: Dave Rodgman --- library/common.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/common.h b/library/common.h index f838216910..c080af043f 100644 --- a/library/common.h +++ b/library/common.h @@ -33,8 +33,14 @@ #if defined(__ARM_NEON) #include +#define MBEDTLS_HAVE_NEON_INTRINSICS #endif /* __ARM_NEON */ +#if defined(_M_ARM64) || defined(_M_ARM64EC) +#include +#define MBEDTLS_HAVE_NEON_INTRINSICS +#endif + /** Helper to define a function as static except when building invasive tests. * * If a function is only used inside its own source file and should be From a0f10da9d22abea8879af814d739632ed9d30d0a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 5 Sep 2023 11:43:17 +0100 Subject: [PATCH 020/653] Use MBEDTLS_HAVE_NEON_INTRINSICS instead of __ARM_NEON Signed-off-by: Dave Rodgman --- library/aesce.c | 6 ++---- library/common.h | 2 +- library/sha256.c | 13 +++---------- library/sha512.c | 6 ++---- 4 files changed, 8 insertions(+), 19 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 8b42b034f5..21ec47daa1 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -26,7 +26,7 @@ * By defining the macros ourselves we gain access to those declarations without * requiring -march on the command line. * - * `arm_neon.h` could be included by any header file, so we put these defines + * `arm_neon.h` is included by common.h, so we put these defines * at the top of this file, before any includes. */ #define __ARM_FEATURE_CRYPTO 1 @@ -66,9 +66,7 @@ # endif #endif -#ifdef __ARM_NEON -#include -#else +#if !defined(MBEDTLS_HAVE_NEON_INTRINSICS) #error "Target does not support NEON instructions" #endif diff --git a/library/common.h b/library/common.h index c080af043f..fd2aecb208 100644 --- a/library/common.h +++ b/library/common.h @@ -187,7 +187,7 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned { size_t i = 0; #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) -#if defined(__ARM_NEON) +#if defined(MBEDTLS_HAVE_NEON_INTRINSICS) for (; (i + 16) <= n; i += 16) { uint8x16_t v1 = vld1q_u8(a + i); uint8x16_t v2 = vld1q_u8(b + i); diff --git a/library/sha256.c b/library/sha256.c index 20d5188b6b..da6ec180cd 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -31,7 +31,7 @@ * By defining the macros ourselves we gain access to those declarations without * requiring -march on the command line. * - * `arm_neon.h` could be included by any header file, so we put these defines + * `arm_neon.h` is included by common.h, so we put these defines * at the top of this file, before any includes. */ #define __ARM_FEATURE_CRYPTO 1 @@ -63,9 +63,7 @@ /* *INDENT-OFF* */ -# ifdef __ARM_NEON -# include -# else +# if !defined(MBEDTLS_HAVE_NEON_INTRINSICS) # error "Target does not support NEON instructions" # endif @@ -110,12 +108,7 @@ # include # endif # endif -#elif defined(_M_ARM64) || defined(_M_ARM64EC) -# if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \ - defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) -# include -# endif -#else +#elif !(defined(_M_ARM64) || defined(_M_ARM64EC)) # undef MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY # undef MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT #endif diff --git a/library/sha512.c b/library/sha512.c index 23e8745a52..0e99914dda 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -31,7 +31,7 @@ * By defining the macros ourselves we gain access to those declarations without * requiring -march on the command line. * - * `arm_neon.h` could be included by any header file, so we put these defines + * `arm_neon.h` is included by common.h, so we put these defines * at the top of this file, before any includes. */ #define __ARM_FEATURE_SHA512 1 @@ -60,9 +60,7 @@ # if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) /* *INDENT-OFF* */ -# ifdef __ARM_NEON -# include -# else +# if !defined(MBEDTLS_HAVE_NEON_INTRINSICS) # error "Target does not support NEON instructions" # endif /* From c5cc727dd04d1a5df16487d30c81a6a2ff2f0e0e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 15 Sep 2023 11:41:17 +0100 Subject: [PATCH 021/653] Use new MBEDTLS_ARCH_IS_xxx macros Signed-off-by: Dave Rodgman --- library/alignment.h | 2 +- library/common.h | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/library/alignment.h b/library/alignment.h index 211e7ac370..ff811e34d5 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -35,7 +35,7 @@ * efficient when this is not defined. */ #if defined(__ARM_FEATURE_UNALIGNED) \ - || defined(__i386__) || defined(__amd64__) || defined(__x86_64__) \ + || defined(MBEDTLS_ARCH_IS_X86) || defined(MBEDTLS_ARCH_IS_X64) \ || defined(_M_ARM64) || defined(_M_ARM64EC) /* * __ARM_FEATURE_UNALIGNED is defined where appropriate by armcc, gcc 7, clang 9 diff --git a/library/common.h b/library/common.h index fd2aecb208..6c65084f46 100644 --- a/library/common.h +++ b/library/common.h @@ -194,8 +194,7 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned uint8x16_t x = veorq_u8(v1, v2); vst1q_u8(r + i, x); } -#elif defined(__amd64__) || defined(__x86_64__) || \ - defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC) +#elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64) /* This codepath probably only makes sense on architectures with 64-bit registers */ for (; (i + 8) <= n; i += 8) { uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); @@ -234,8 +233,7 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, { size_t i = 0; #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) -#if defined(__amd64__) || defined(__x86_64__) || \ - defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC) +#if defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64) /* This codepath probably only makes sense on architectures with 64-bit registers */ for (; (i + 8) <= n; i += 8) { uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); From 0a48717b83f3629b2f43ae925f18db0c7d0409d5 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 15 Sep 2023 11:52:06 +0100 Subject: [PATCH 022/653] Simplify Windows-on-Arm macros Signed-off-by: Dave Rodgman --- include/mbedtls/build_info.h | 4 ++++ library/alignment.h | 2 +- library/bignum.c | 3 ++- library/common.h | 4 +--- library/sha256.c | 4 ++-- library/sha512.c | 9 ++------- 6 files changed, 12 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 842f15c58f..cb2cda76d1 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -74,6 +74,10 @@ #define MBEDTLS_ARCH_IS_X86 #endif +#if defined(_M_ARM64) || defined(_M_ARM64EC) +#define MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64 +#endif + #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 #endif diff --git a/library/alignment.h b/library/alignment.h index ff811e34d5..d8c4fb384b 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -36,7 +36,7 @@ */ #if defined(__ARM_FEATURE_UNALIGNED) \ || defined(MBEDTLS_ARCH_IS_X86) || defined(MBEDTLS_ARCH_IS_X64) \ - || defined(_M_ARM64) || defined(_M_ARM64EC) + || defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) /* * __ARM_FEATURE_UNALIGNED is defined where appropriate by armcc, gcc 7, clang 9 * (and later versions) for Arm v7 and later; all x86 platforms should have diff --git a/library/bignum.c b/library/bignum.c index 7c265e04da..795952ccd0 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -114,7 +114,8 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, * about whether the assignment was made or not. * (Leaking information about the respective sizes of X and Y is ok however.) */ -#if defined(_MSC_VER) && defined(_M_ARM64) && (_MSC_FULL_VER < 193131103) +#if defined(_MSC_VER) && defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) && \ + (_MSC_FULL_VER < 193131103) /* * MSVC miscompiles this function if it's inlined prior to Visual Studio 2022 version 17.1. See: * https://developercommunity.visualstudio.com/t/c-compiler-miscompiles-part-of-mbedtls-library-on/1646989 diff --git a/library/common.h b/library/common.h index 6c65084f46..48fb6d0d73 100644 --- a/library/common.h +++ b/library/common.h @@ -34,9 +34,7 @@ #if defined(__ARM_NEON) #include #define MBEDTLS_HAVE_NEON_INTRINSICS -#endif /* __ARM_NEON */ - -#if defined(_M_ARM64) || defined(_M_ARM64EC) +#elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) #include #define MBEDTLS_HAVE_NEON_INTRINSICS #endif diff --git a/library/sha256.c b/library/sha256.c index da6ec180cd..ed47c7c510 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -108,7 +108,7 @@ # include # endif # endif -#elif !(defined(_M_ARM64) || defined(_M_ARM64EC)) +#elif !defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) # undef MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY # undef MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT #endif @@ -128,7 +128,7 @@ static int mbedtls_a64_crypto_sha256_determine_support(void) { return 1; } -#elif defined(_M_ARM64) || defined(_M_ARM64EC) +#elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) #define WIN32_LEAN_AND_MEAN #include #include diff --git a/library/sha512.c b/library/sha512.c index 0e99914dda..05b89408f8 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -119,12 +119,7 @@ # include # endif # endif -#elif defined(_M_ARM64) -# if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \ - defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) -# include -# endif -#else +#elif !defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) # undef MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY # undef MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT #endif @@ -152,7 +147,7 @@ static int mbedtls_a64_crypto_sha512_determine_support(void) NULL, 0); return ret == 0 && value != 0; } -#elif defined(_M_ARM64) || defined(_M_ARM64EC) +#elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) /* * As of March 2022, there don't appear to be any PF_ARM_V8_* flags * available to pass to IsProcessorFeaturePresent() to check for From 3e521849231f31df0af4f4d860b8f2417eb64d2a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 18 Sep 2023 10:36:21 +0100 Subject: [PATCH 023/653] Make macro definition more consistent with similar defns Signed-off-by: Dave Rodgman --- include/mbedtls/build_info.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index cb2cda76d1..8956450645 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -74,7 +74,8 @@ #define MBEDTLS_ARCH_IS_X86 #endif -#if defined(_M_ARM64) || defined(_M_ARM64EC) +#if !defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) && \ + (defined(_M_ARM64) || defined(_M_ARM64EC)) #define MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64 #endif From 4fb1955b3184244ccd7e3c0066fb3b19457ca615 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 18 Oct 2023 12:15:30 +0100 Subject: [PATCH 024/653] Remove NULL-ing of passed in SSL context in ssl_populate_transform() Remove a piece of code that was meant to ensure non-usage of the ssl context under conditions where it should not be used, as this now makes less sense and also triggers coverity. Signed-off-by: Paul Elliott --- library/ssl_tls.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 827b7fbcfc..0476a9f73e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8159,14 +8159,6 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; #endif -#if !defined(MBEDTLS_DEBUG_C) && \ - !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (ssl->f_export_keys == NULL) { - ssl = NULL; /* make sure we don't use it except for these cases */ - (void) ssl; - } -#endif - /* * Some data just needs copying into the structure */ @@ -8438,7 +8430,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, goto end; } - if (ssl != NULL && ssl->f_export_keys != NULL) { + if (ssl->f_export_keys != NULL) { ssl->f_export_keys(ssl->p_export_keys, MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET, master, 48, From 3bcda449c08aea258029b2542e0e86dc745172c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 26 Oct 2023 10:03:49 +0200 Subject: [PATCH 025/653] Things forgotten in the previous commit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/architecture/psa-migration/md-cipher-dispatch.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index 11c5f21fbd..ca98a51077 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -518,13 +518,14 @@ need it, namely: CCM, GCM. Note: CCM and GCM currently depend on the full replaced by the above auto-enablement. Cipher light includes: -- info functions; +- some info functions; - support for block ciphers in ECB mode, encrypt only (note: in Cipher, "ECB" means just one block, contrary to PSA); -- the one-shot API as well as (part of) the streaming API; +- part of the streaming API for unauthenticated ciphers; - only AES, Aria and Camellia. This excludes: +- the one-shot API for unauthenticated ciphers; - the AEAD/KW API (both one-shot and streaming); - support for stream ciphers; - support for other modes of block ciphers (CBC, CTR, CFB, etc.); From 6b3643117b404767c246f019bc0d977c2bff220a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 26 Oct 2023 11:02:17 +0200 Subject: [PATCH 026/653] Document chosen goals and priorities for 3.x MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../psa-migration/md-cipher-dispatch.md | 33 +++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index ca98a51077..d75a4dcd40 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -99,8 +99,8 @@ We can classify code that implements or uses cryptographic mechanisms into sever * Software implementations of primitive cryptographic mechanisms. These are not expected to change. * Software implementations of constructed cryptographic mechanisms (e.g. HMAC, CTR_DRBG, RSA (calling a hash for PSS/OAEP, and needing to know the hash length in PKCS1v1.5 sign/verify), …). These need to keep working whenever a legacy implementation of the auxiliary mechanism is available, regardless of whether a PSA implementation is also available. * Code implementing the PSA crypto interface. This is not expected to change, except perhaps to expose some internal functionality to overhauled glue code. -* Code that's subject to `MBEDTLS_USE_PSA_CRYPTO`: `pk.h`, X.509, TLS (excluding TLS 1.3). -* Code that always uses PSA for crypto: TLS 1.3, LMS. +* Code that's subject to `MBEDTLS_USE_PSA_CRYPTO`: `pk.h`, X.509, TLS (excluding parts specific TLS 1.3). +* Code that always uses PSA for crypto: TLS 1.3 (except things common with 1.2), LMS. For the purposes of this work, three domains emerge: @@ -319,6 +319,35 @@ These problems are easily solvable. * We can make names and HMAC optional. The mixed-domain hash interface won't be the full `MBEDTLS_MD_C` but a subset. * We can optimize `md.c` without making API changes to `md.h`. +### Scope reductions and priorities for 3.x + +This section documents things that we chose to temporarily exclude from the scope in the 3.x branch (which will eventually be in scope again after 4.0) as well as things we chose to prioritize if we don't have time to support everything. + +#### Don't support PK, X.509 and TLS without `MBEDTLS_USE_PSA_CRYPTO` + +We do not need to support driver-only hashes and ciphers in PK. X.509 and TLS without `MBEDTLS_USE_PSA_CRYPTO`. Users who want to take full advantage of drivers will need to enabled this macro. + +Note that this applies to TLS 1.3 as well, as some uses of hashes and all uses of ciphers there are common with TLS 1.2, hence governed by `MBEDTLS_USE_PSA_CRYPTO`, see [this macro's extended documentation](../../docs/use-psa-crypto.html). + +This will go away naturally in 4.0 when this macros is not longer an option (because it's always on). + +#### Don't support for `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C` + +We generally don't really support builds with `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C`. For example, both `MBEDTLS_USE_PSA_CRYPTO` and `MBEDTLS_SSL_PROTO_TLS1_3` require `MBEDTLS_PSA_CRYPTO_C`, while in principle they should only require `MBEDTLS_PSA_CRYPTO_CLIENT`. + +Considering this existing restriction which we do not plan to lift before 4.0, it is acceptable driver-only hashes and cipher support to have the same restriction in 3.x. + +It is however desirable for the design to keep support for `MBEDTLS_PSA_CRYPTO_CLIENT` in mind, in order to avoid making it more difficult to add in the future. + +#### For cipher: prioritize constrained devices and modern TLS + +The primary target is a configuration like TF-M's medium profile, plus TLS with only AEAD ciphersuites. + +This excludes things like: +- Support for encrypted PEM, PKCS5 and PKCS12 encryption, and PKCS8 encrypted keys in PK parse. (Not widely used on highly constrained devices.) +- Support for NIST-KW. (Same justification.) +- Support for CBC ciphersuites in TLS. (They've been recommended against for a while now.) + ## Specification ### MD light From 4823d2c94e021994671fcb0f9208c1338253f782 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 26 Oct 2023 12:56:39 +0200 Subject: [PATCH 027/653] Extend design discussion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../psa-migration/md-cipher-dispatch.md | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index d75a4dcd40..a4c8fccf0f 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -346,8 +346,39 @@ The primary target is a configuration like TF-M's medium profile, plus TLS with This excludes things like: - Support for encrypted PEM, PKCS5 and PKCS12 encryption, and PKCS8 encrypted keys in PK parse. (Not widely used on highly constrained devices.) - Support for NIST-KW. (Same justification.) +- Support for CMAC. (Same justification, plus can be directly accelerated.) - Support for CBC ciphersuites in TLS. (They've been recommended against for a while now.) +### Dual-dispatch for block cipher primitives + +Considering the priorities stated above, initially we want to support GCM, CCM and CTR-DRBG. All trhee of them use the block cipher primitive only in the encrypt direction. Currently, GCM and CCM use the Cipher layer in order to work with AES, Aria and Camellia (DES is excluded by the standards due to its smaller block size) and CTR-DRBG directly uses the low-level API from `aes.h`. In all cases, access to the "block cipher primitive" is done by using "ECB mode" (which for both Cipher and `aes.h` only allows a single block, contrary to PSA which implements actual ECB mode). + +The two AEAD modes, GCM and CCM, have very similar needs and positions in the stack, strongly suggesting using the same design for both. On the other hand, there are a number of differences between CTR-DRBG and them. +- CTR-DRBG only uses AES (and there is no plan to extend it to other block ciphers at the moment), while GCM and CCM need to work with 3 block ciphers already. +- CTR-DRBG holds a special position in the stack: most users don't care about it per se, they only care about getting random numbers - in fact PSA users don't even need to know what DRBG is used. In particular, no part of the stack is asking questions like "is CTR-DRBG-AES available?" - an RNG needs to be available and that's it - contrary to similar questions about AES-GCM etc. which are asked for example by TLS. + +So, it makes sense to use different designs for CTR-DRBG on one hand, and GCM/CCM on the other hand: +- CTR-DRBG can just check if `AES_C` is present and "fall back" to PSA is not. +- GCM and CCM need an common abstraction layer that allows: + - Using AES, Aria or Camellia in a uniform way. + - Dispatching to built-in or driver. + +The abstraction layer used by GCM and CCM may either be a new internal module, or a subset of the existing Cipher API, extended with the ability to dispatch to a PSA driver. + +Reasons for making this layer's API a subset of the existing Cipher API: +- No need to design, implement and test a new module. (Will need to test the new subset though, as well as the extended behaviour.) +- No code change in GCM and CCM - only need to update dependencies. +- No risk for code duplication between a potential new module and Cipher: source-level, and in in particular in builds that still have `CIPHER_C` enabled. (Compiled-code duplication could be avoided by excluding the new module in such builds, though.) +- If want to support other users of Cipher later (such as NIST-KW, CMAC, PKCS5 and PKCS12), we can just extend dual-dispatch support to other modes/operations in Cipher and keep those extra modules unchanged as well. + +Possible costs of re-using (a subset of) the existing Cipher API instead of defining a new one: +- We carry over costs associated with `cipher_info_t` structures. (Currently the info structure is used for 3 things: (1) to check if the cipher is supported, (2) to check its block size, (3) because `setup()` requires it). +- We carry over questionable implementation decisions, like dynamic allocation of context. + +Those costs could be avoided by refactoring (parts of) Cipher, but that would probably mean either: +- significant differences in how the `cipher.h` API is implemented between builds with the full Cipher or only a subset; +- or more work to apply the simplifications to all of Cipher. + ## Specification ### MD light From 01c7356944a03756b5c686b1545830fdb4b2a685 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 27 Oct 2023 17:03:20 +0800 Subject: [PATCH 028/653] Add deprecated flag in document for sig_hashes Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 03a8b1f142..ed54926dcc 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3751,6 +3751,8 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, * used for certificate signature are controlled by the * verification profile, see \c mbedtls_ssl_conf_cert_profile(). * + * \deprecated Superseded by mbedtls_ssl_conf_sig_algs(). + * * \note This list should be ordered by decreasing preference * (preferred hash first). * From 83536c23f334ec30c28ab56f99f194fca5a32e9f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 30 Oct 2023 16:17:34 +0800 Subject: [PATCH 029/653] Add translation ruler into document Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ed54926dcc..8a35c2b898 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3751,7 +3751,8 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, * used for certificate signature are controlled by the * verification profile, see \c mbedtls_ssl_conf_cert_profile(). * - * \deprecated Superseded by mbedtls_ssl_conf_sig_algs(). + * \deprecated Superseded by `mbedtls_ssl_conf_sig_algs()`. See + * `mbedtls_ssl_conf_sig_algs()` also. * * \note This list should be ordered by decreasing preference * (preferred hash first). @@ -3783,7 +3784,9 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms, * terminated by \c MBEDTLS_TLS1_3_SIG_NONE. The list must remain * available throughout the lifetime of the conf object. Supported - * values are available as \c MBEDTLS_TLS1_3_SIG_XXXX + * values are available as \c MBEDTLS_TLS1_3_SIG_XXXX . Using + * this for TLS 1.2, items in this parameter should be + * `(HashAlgorithm << 8) | SignatureAlgorithm`. */ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, const uint16_t *sig_algs); From 2c46ca3474e585ab6f0dacb6ef1245123b1d2cde Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 30 Oct 2023 17:32:20 +0800 Subject: [PATCH 030/653] fix various issues Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8a35c2b898..5ebb00f7d5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3751,8 +3751,7 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, * used for certificate signature are controlled by the * verification profile, see \c mbedtls_ssl_conf_cert_profile(). * - * \deprecated Superseded by `mbedtls_ssl_conf_sig_algs()`. See - * `mbedtls_ssl_conf_sig_algs()` also. + * \deprecated Superseded by mbedtls_ssl_conf_sig_algs(). * * \note This list should be ordered by decreasing preference * (preferred hash first). @@ -3778,7 +3777,7 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, #endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /** - * \brief Configure allowed signature algorithms for use in TLS 1.3 + * \brief Configure allowed signature algorithms * * \param conf The SSL configuration to use. * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms, @@ -3786,7 +3785,7 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, * available throughout the lifetime of the conf object. Supported * values are available as \c MBEDTLS_TLS1_3_SIG_XXXX . Using * this for TLS 1.2, items in this parameter should be - * `(HashAlgorithm << 8) | SignatureAlgorithm`. + * "(HashAlgorithm << 8) | SignatureAlgorithm". */ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, const uint16_t *sig_algs); From 53c4a0da071d7351a807206a41e700bc2d1aae9d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 9 Nov 2023 10:38:17 +0800 Subject: [PATCH 031/653] Improve documents Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5ebb00f7d5..67ca192320 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3781,11 +3781,12 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, * * \param conf The SSL configuration to use. * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms, - * terminated by \c MBEDTLS_TLS1_3_SIG_NONE. The list must remain - * available throughout the lifetime of the conf object. Supported - * values are available as \c MBEDTLS_TLS1_3_SIG_XXXX . Using - * this for TLS 1.2, items in this parameter should be - * "(HashAlgorithm << 8) | SignatureAlgorithm". + * terminated by #MBEDTLS_TLS1_3_SIG_NONE. The list must remain + * available throughout the lifetime of the conf object. + * - For TLS 1.3, values of \c MBEDTLS_TLS1_3_SIG_XXXX should be + * used. + * - For TLS 1.2, values should be given as + * "(HashAlgorithm << 8) | SignatureAlgorithm". */ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, const uint16_t *sig_algs); From 9916b06ce746d67d3562227bb84774a7cbfc3f9b Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Thu, 9 Nov 2023 14:25:01 +0100 Subject: [PATCH 032/653] Fix uninitialized variable warnings. Signed-off-by: Matthias Schulz --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index cffd1c90f4..39f6337300 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3632,7 +3632,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_handle_possible_reconnect(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; + size_t len = 0; if (ssl->conf->f_cookie_write == NULL || ssl->conf->f_cookie_check == NULL) { From 5a39c4ecf2a065d454f01bd00656fdea9d782f73 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Thu, 9 Nov 2023 15:53:01 +0100 Subject: [PATCH 033/653] Fixes https://github.com/Mbed-TLS/mbedtls/issues/6910 as proposed in https://github.com/Mbed-TLS/mbedtls/issues/6910#issuecomment-1573301661 Signed-off-by: Matthias Schulz --- include/psa/crypto_extra.h | 3 +++ include/psa/crypto_struct.h | 3 +++ 2 files changed, 6 insertions(+) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index ef29b77db8..75dc262e86 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -486,10 +486,13 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ +#if !defined(PSA_SET_KEY_DOMAIN_PARAMETERS) +#define PSA_SET_KEY_DOMAIN_PARAMETERS psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, size_t data_length); +#endif /* PSA_SET_KEY_DOMAIN_PARAMETERS */ /** * \brief Get domain parameters for a key. diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 5639ad05d4..6efa8e72a8 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -356,10 +356,13 @@ static inline psa_algorithm_t psa_get_key_algorithm( /* This function is declared in crypto_extra.h, which comes after this * header file, but we need the function here, so repeat the declaration. */ +#if !defined(PSA_SET_KEY_DOMAIN_PARAMETERS) +#define PSA_SET_KEY_DOMAIN_PARAMETERS psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, size_t data_length); +#endif /* PSA_SET_KEY_DOMAIN_PARAMETERS */ static inline void psa_set_key_type(psa_key_attributes_t *attributes, psa_key_type_t type) From 1b23bce4a27c55fac791256feeb126d00d67b31d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 13 Nov 2023 13:45:14 +0800 Subject: [PATCH 034/653] improve brief description of conf_sig_algs Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 67ca192320..6cb7035239 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3777,7 +3777,7 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, #endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /** - * \brief Configure allowed signature algorithms + * \brief Configure allowed signature algorithms for use in TLS * * \param conf The SSL configuration to use. * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms, From b4f1ee0566b25178c965212f4b48882874815d46 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 13 Nov 2023 09:50:58 +0000 Subject: [PATCH 035/653] Remove superfluous leading whitespace Signed-off-by: Thomas Daubney --- scripts/lcov.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/lcov.sh b/scripts/lcov.sh index 9258ba7888..1969b39044 100755 --- a/scripts/lcov.sh +++ b/scripts/lcov.sh @@ -33,7 +33,7 @@ set -eu # Repository detection in_mbedtls_build_dir () { test -d library - } +} # Collect stats and build a HTML report. lcov_library_report () { From c9f8386a7c09ef302bddecf5f3f95b313c1bb725 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 13 Nov 2023 10:03:56 +0000 Subject: [PATCH 036/653] Modify check-generated-files.sh to work in both repos Make the script work in both Mbed TLS and TF PSA Crypto. Signed-off-by: Thomas Daubney --- tests/scripts/check-generated-files.sh | 31 +++++++++++++++++--------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 67dedeb265..0689147f0e 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -22,8 +22,12 @@ EOF exit fi -if [ -d library -a -d include -a -d tests ]; then :; else - echo "Must be run from Mbed TLS root" >&2 +IN_MBEDTLS=0 +if [ -d library -a -d include -a -d tests ]; then + IN_MBEDTLS=1 +elif [ -d core -a -d include -a -d tests ]; then :; +else + echo "Must be run from Mbed TLS root or TF-PSA-Crypto root" >&2 exit 1 fi @@ -114,16 +118,21 @@ check() # - **/CMakeLists.txt (to (re)build them with cmake) # - scripts/make_generated_files.bat (to generate them under Windows) -check scripts/generate_errors.pl library/error.c -check scripts/generate_query_config.pl programs/test/query_config.c -check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.h library/psa_crypto_driver_wrappers_no_static.c -check scripts/generate_features.pl library/version_features.c -check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c -# generate_visualc_files enumerates source files (library/*.c). It doesn't -# care about their content, but the files must exist. So it must run after -# the step that creates or updates these files. -check scripts/generate_visualc_files.pl visualc/VS2013 +# These checks are common to Mbed TLS and TF PSA Crypto check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tests.py --list) check tests/scripts/generate_ecp_tests.py $(tests/scripts/generate_ecp_tests.py --list) check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list) + +# Additional checks for Mbed TLS only +if [ $IN_MBEDTLS -eq 1 ]; then + check scripts/generate_errors.pl library/error.c + check scripts/generate_query_config.pl programs/test/query_config.c + check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.h library/psa_crypto_driver_wrappers_no_static.c + check scripts/generate_features.pl library/version_features.c + check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c + # generate_visualc_files enumerates source files (library/*.c). It doesn't + # care about their content, but the files must exist. So it must run after + # the step that creates or updates these files. + check scripts/generate_visualc_files.pl visualc/VS2013 +fi From b10cc7acc2546e1ccf88e5b641023e8c9e2e583e Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 14 Nov 2023 11:56:02 +0000 Subject: [PATCH 037/653] Modify generate_driver_wrappers.py to work in both repos Add repository detection and conditional setting of library_dir variable. Signed-off-by: Thomas Daubney --- scripts/generate_driver_wrappers.py | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 2fdc4cd0ba..b510cdf436 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -7,7 +7,19 @@ based on template files in script/data_files/driver_templates/. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import sys import os @@ -178,8 +190,15 @@ def main() -> int: mbedtls_root = os.path.abspath(args.mbedtls_root) + library_dir = '' + if build_tree.looks_like_mbedtls_root(mbedtls_root): + library_dir = 'library' + elif build_tree.looks_like_tf_psa_crypto_root(mbedtls_root): + library_dir = 'core' + output_directory = args.output_directory if args.output_directory is not None else \ - os.path.join(mbedtls_root, 'library') + os.path.join(mbedtls_root, library_dir) + template_directory = args.template_dir if args.template_dir is not None else \ os.path.join(mbedtls_root, 'scripts', From d3f844337f95daeb926bb7a3090e1f01d07dd342 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 14 Nov 2023 11:53:14 +0000 Subject: [PATCH 038/653] Further modify check-generated-files.sh Add further modifications to repo detection and calling the checks. Signed-off-by: Thomas Daubney --- tests/scripts/check-generated-files.sh | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 0689147f0e..6f92ecd311 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -22,15 +22,25 @@ EOF exit fi -IN_MBEDTLS=0 -if [ -d library -a -d include -a -d tests ]; then - IN_MBEDTLS=1 +# Detect whether we are in one of Mbed TLS or TF-PSA-Crypto and exit if not +if [ -d library -a -d include -a -d tests ]; then :; elif [ -d core -a -d include -a -d tests ]; then :; else echo "Must be run from Mbed TLS root or TF-PSA-Crypto root" >&2 exit 1 fi +# Now we know we are in one of Mbed TLS or TF-PSA-Crypto, determine which one +in_mbedtls_build_dir () { + test -d library +} + +if in_mbedtls_build_dir; then + library_dir='library' +else + library_dir='core' +fi + UPDATE= LIST= while getopts lu OPTLET; do @@ -123,12 +133,12 @@ check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generate check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tests.py --list) check tests/scripts/generate_ecp_tests.py $(tests/scripts/generate_ecp_tests.py --list) check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list) +check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c # Additional checks for Mbed TLS only -if [ $IN_MBEDTLS -eq 1 ]; then +if in_mbedtls_build_dir; then check scripts/generate_errors.pl library/error.c check scripts/generate_query_config.pl programs/test/query_config.c - check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.h library/psa_crypto_driver_wrappers_no_static.c check scripts/generate_features.pl library/version_features.c check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c # generate_visualc_files enumerates source files (library/*.c). It doesn't From 0bb761cc2f6bb4ea6e2a03ac80cb81bfbddf15ac Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 14 Nov 2023 12:03:10 +0000 Subject: [PATCH 039/653] Remove further extraneous whitespace in lcov script Signed-off-by: Thomas Daubney --- scripts/lcov.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/lcov.sh b/scripts/lcov.sh index 1969b39044..0584a0aac7 100755 --- a/scripts/lcov.sh +++ b/scripts/lcov.sh @@ -32,7 +32,7 @@ set -eu # Repository detection in_mbedtls_build_dir () { - test -d library + test -d library } # Collect stats and build a HTML report. From c1750bb23d8b5e3016545ff8413fe6c4b868bb71 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 14 Nov 2023 15:16:38 +0000 Subject: [PATCH 040/653] Apply correct license to generate_driver_wrappers.py Signed-off-by: Thomas Daubney --- scripts/generate_driver_wrappers.py | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index b510cdf436..e48ec3a52f 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -7,19 +7,7 @@ based on template files in script/data_files/driver_templates/. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import sys import os From e58128e2ba4597747e9d7811bc8b516fb8d271f7 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 14 Nov 2023 15:25:52 +0000 Subject: [PATCH 041/653] Refactor repository detection Signed-off-by: Thomas Daubney --- tests/scripts/check-generated-files.sh | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 6f92ecd311..92531a8d03 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -22,25 +22,22 @@ EOF exit fi -# Detect whether we are in one of Mbed TLS or TF-PSA-Crypto and exit if not -if [ -d library -a -d include -a -d tests ]; then :; -elif [ -d core -a -d include -a -d tests ]; then :; +in_mbedtls_repo () { + test -d include -a -d library -a -d programs -a -d tests +} + +in_tf_psa_crypto_repo () { + test -d include -a -d core -a -d drivers -a -d programs -a -d tests +} +if in_mbedtls_repo; then + library_dir='library' +elif in_tf_psa_crypto_repo; then + library_dir='core' else echo "Must be run from Mbed TLS root or TF-PSA-Crypto root" >&2 exit 1 fi -# Now we know we are in one of Mbed TLS or TF-PSA-Crypto, determine which one -in_mbedtls_build_dir () { - test -d library -} - -if in_mbedtls_build_dir; then - library_dir='library' -else - library_dir='core' -fi - UPDATE= LIST= while getopts lu OPTLET; do From d289b8bdca0584bf9a2cdf7725fc78accecf7013 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 14 Nov 2023 15:30:07 +0000 Subject: [PATCH 042/653] Stylise TF-PSA-Crypto correctly Signed-off-by: Thomas Daubney --- tests/scripts/check-generated-files.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 92531a8d03..84fbbda914 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -125,7 +125,7 @@ check() # - **/CMakeLists.txt (to (re)build them with cmake) # - scripts/make_generated_files.bat (to generate them under Windows) -# These checks are common to Mbed TLS and TF PSA Crypto +# These checks are common to Mbed TLS and TF-PSA-Crypto check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tests.py --list) check tests/scripts/generate_ecp_tests.py $(tests/scripts/generate_ecp_tests.py --list) From 0eb2dc11c41934eef53b51d1bdd52e86c375b27e Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 14 Nov 2023 16:56:45 +0000 Subject: [PATCH 043/653] Call the right function Correct erroneous function call Signed-off-by: Thomas Daubney --- tests/scripts/check-generated-files.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 84fbbda914..410f44eb05 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -28,7 +28,8 @@ in_mbedtls_repo () { in_tf_psa_crypto_repo () { test -d include -a -d core -a -d drivers -a -d programs -a -d tests -} +} + if in_mbedtls_repo; then library_dir='library' elif in_tf_psa_crypto_repo; then @@ -133,7 +134,7 @@ check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c # Additional checks for Mbed TLS only -if in_mbedtls_build_dir; then +if in_mbedtls_repo; then check scripts/generate_errors.pl library/error.c check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_features.pl library/version_features.c From 4291bc27b96f944f66348c11b8df9bf73670f988 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 14 Nov 2023 18:05:19 +0000 Subject: [PATCH 044/653] Remove trailing whitespace Signed-off-by: Thomas Daubney --- scripts/generate_driver_wrappers.py | 4 ++-- tests/scripts/check-generated-files.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index e48ec3a52f..09beeca49b 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -183,10 +183,10 @@ def main() -> int: library_dir = 'library' elif build_tree.looks_like_tf_psa_crypto_root(mbedtls_root): library_dir = 'core' - + output_directory = args.output_directory if args.output_directory is not None else \ os.path.join(mbedtls_root, library_dir) - + template_directory = args.template_dir if args.template_dir is not None else \ os.path.join(mbedtls_root, 'scripts', diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 410f44eb05..3fe4e8c63a 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -32,7 +32,7 @@ in_tf_psa_crypto_repo () { if in_mbedtls_repo; then library_dir='library' -elif in_tf_psa_crypto_repo; then +elif in_tf_psa_crypto_repo; then library_dir='core' else echo "Must be run from Mbed TLS root or TF-PSA-Crypto root" >&2 From 5556f908cbaa39da0a718686e9e51c2d42baf3bd Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 15 Nov 2023 16:43:02 +0000 Subject: [PATCH 045/653] Rename variables in script Rename some variables in generate_driver_wrappers.py now that the script has to work in two repositories as opposed to just mbed tls. Signed-off-by: Thomas Daubney --- scripts/generate_driver_wrappers.py | 30 ++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 09beeca49b..538999af8c 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -108,17 +108,17 @@ def load_driver(schemas: Dict[str, Any], driver_file: str) -> Any: return json_data -def load_schemas(mbedtls_root: str) -> Dict[str, Any]: +def load_schemas(repo_root: str) -> Dict[str, Any]: """ Load schemas map """ schema_file_paths = { - 'transparent': os.path.join(mbedtls_root, + 'transparent': os.path.join(repo_root, 'scripts', 'data_files', 'driver_jsons', 'driver_transparent_schema.json'), - 'opaque': os.path.join(mbedtls_root, + 'opaque': os.path.join(repo_root, 'scripts', 'data_files', 'driver_jsons', @@ -131,13 +131,13 @@ def load_schemas(mbedtls_root: str) -> Dict[str, Any]: return driver_schema -def read_driver_descriptions(mbedtls_root: str, +def read_driver_descriptions(repo_root: str, json_directory: str, jsondriver_list: str) -> list: """ Merge driver JSON files into a single ordered JSON after validation. """ - driver_schema = load_schemas(mbedtls_root) + driver_schema = load_schemas(repo_root) with open(file=os.path.join(json_directory, jsondriver_list), mode='r', @@ -163,11 +163,11 @@ def main() -> int: """ Main with command line arguments. """ - def_arg_mbedtls_root = build_tree.guess_mbedtls_root() + def_arg_repo_root = build_tree.guess_mbedtls_root() parser = argparse.ArgumentParser() - parser.add_argument('--mbedtls-root', default=def_arg_mbedtls_root, - help='root directory of mbedtls source code') + parser.add_argument('--repo-root', default=def_arg_repo_root, + help='root directory of repo source code') parser.add_argument('--template-dir', help='directory holding the driver templates') parser.add_argument('--json-dir', @@ -176,31 +176,31 @@ def main() -> int: help='output file\'s location') args = parser.parse_args() - mbedtls_root = os.path.abspath(args.mbedtls_root) + repo_root = os.path.abspath(args.repo_root) library_dir = '' - if build_tree.looks_like_mbedtls_root(mbedtls_root): + if build_tree.looks_like_mbedtls_root(repo_root): library_dir = 'library' - elif build_tree.looks_like_tf_psa_crypto_root(mbedtls_root): + elif build_tree.looks_like_tf_psa_crypto_root(repo_root): library_dir = 'core' output_directory = args.output_directory if args.output_directory is not None else \ - os.path.join(mbedtls_root, library_dir) + os.path.join(repo_root, library_dir) template_directory = args.template_dir if args.template_dir is not None else \ - os.path.join(mbedtls_root, + os.path.join(repo_root, 'scripts', 'data_files', 'driver_templates') json_directory = args.json_dir if args.json_dir is not None else \ - os.path.join(mbedtls_root, + os.path.join(repo_root, 'scripts', 'data_files', 'driver_jsons') try: # Read and validate list of driver jsons from driverlist.json - merged_driver_json = read_driver_descriptions(mbedtls_root, + merged_driver_json = read_driver_descriptions(repo_root, json_directory, 'driverlist.json') except DriverReaderException as e: From aa7dffa24ad6af57e4a19a6357034c8b83bd41eb Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Thu, 16 Nov 2023 15:31:32 +0100 Subject: [PATCH 046/653] Add benchmark for RSA 3072. Signed-off-by: Matthias Schulz --- programs/test/benchmark.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 3d751d0267..e8d3e53dc2 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1011,7 +1011,7 @@ int main(int argc, char *argv[]) int keysize; mbedtls_rsa_context rsa; - for (keysize = 2048; keysize <= 4096; keysize *= 2) { + for (keysize = 2048; keysize <= 4096; keysize += 1024) { mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize); mbedtls_rsa_init(&rsa); From 3b9240bbd09b88ed301015d187ce25b48ba35b9a Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Thu, 16 Nov 2023 17:39:43 +0100 Subject: [PATCH 047/653] Alternative Timing compatible benchmark.c Signed-off-by: Matthias Schulz --- programs/test/benchmark.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 3d751d0267..22c893070d 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -83,7 +83,14 @@ struct _hr_time { #include "mbedtls/memory_buffer_alloc.h" #endif +#ifdef MBEDTLS_TIMING_ALT +void mbedtls_set_alarm(int seconds); +unsigned long mbedtls_timing_hardclock(void); +extern volatile int mbedtls_timing_alarmed; +#else static void mbedtls_set_alarm(int seconds); +static unsigned long mbedtls_timing_hardclock(void); +#endif /* * For heap usage estimates, we need an estimate of the overhead per allocated @@ -227,6 +234,7 @@ static void mbedtls_set_alarm(int seconds); } \ } while (0) +#if !defined(MBEDTLS_TIMING_ALT) #if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) @@ -441,6 +449,7 @@ static void mbedtls_set_alarm(int seconds) } #endif /* _WIN32 && !EFIX64 && !EFI32 */ +#endif /* !MBEDTLS_TIMING_ALT */ static int myrand(void *rng_state, unsigned char *output, size_t len) { From 70595f7983eaa7536e52080178b3f696163e47d3 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Thu, 16 Nov 2023 17:43:58 +0100 Subject: [PATCH 048/653] Explicitly indicating when private fields are accessed in benchmark.c. Signed-off-by: Matthias Schulz --- programs/test/benchmark.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 3d751d0267..85b7fc6b56 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1057,16 +1057,16 @@ int main(int argc, char *argv[]) for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) { mbedtls_dhm_init(&dhm); - if (mbedtls_mpi_read_binary(&dhm.P, dhm_P[i], + if (mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(P), dhm_P[i], dhm_P_size[i]) != 0 || - mbedtls_mpi_read_binary(&dhm.G, dhm_G[i], + mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(G), dhm_G[i], dhm_G_size[i]) != 0) { mbedtls_exit(1); } - n = mbedtls_mpi_size(&dhm.P); + n = mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P)); mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL); - if (mbedtls_mpi_copy(&dhm.GY, &dhm.GX) != 0) { + if (mbedtls_mpi_copy(&dhm.MBEDTLS_PRIVATE(GY), &dhm.MBEDTLS_PRIVATE(GX)) != 0) { mbedtls_exit(1); } From 13ecb691a30ff178fbf128711bbff63c508cb68d Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 16 Nov 2023 18:34:58 +0000 Subject: [PATCH 049/653] Introduce function to return library/core directory Add crypto_core_directory in build_tree.py so that the libary/core directory can be returned based on what repository we are in. Signed-off-by: Thomas Daubney --- scripts/mbedtls_dev/build_tree.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index a657a51383..4a42d9a2ba 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -21,6 +21,14 @@ def looks_like_mbedtls_root(path: str) -> bool: def looks_like_root(path: str) -> bool: return looks_like_tf_psa_crypto_root(path) or looks_like_mbedtls_root(path) +def crypto_core_directory() -> str: + if looks_like_tf_psa_crypto_root(os.path.curdir): + return "core" + elif looks_like_mbedtls_root(os.path.curdir): + return "library" + else: + raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') + def check_repo_path(): """ Check that the current working directory is the project root, and throw From ddffa10264e3ce16378924fec700b01bce145ba9 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 21 Nov 2023 17:03:29 +0100 Subject: [PATCH 050/653] Initial changelog support for changelog assembling Add an initial changelog if no entries found un the changelog. Signed-off-by: Gabor Mezei --- scripts/assemble_changelog.py | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) mode change 100755 => 100644 scripts/assemble_changelog.py diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py old mode 100755 new mode 100644 index d5f705c1cc..afff200ee0 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -127,10 +127,17 @@ class TextChangelogFormat(ChangelogFormat): def extract_top_version(cls, changelog_file_content): """A version section starts with a line starting with '='.""" m = re.search(cls._top_version_re, changelog_file_content) - top_version_start = m.start(1) - top_version_end = m.end(2) - top_version_title = m.group(1) - top_version_body = m.group(2) + if m: + top_version_start = m.start(1) + top_version_end = m.end(2) + top_version_title = m.group(1) + top_version_body = m.group(2) + # No entries found + else: + top_version_start = None + top_version_end = None + top_version_title = '' + top_version_body = '' if cls.is_released_version(top_version_title): top_version_end = top_version_start top_version_title = cls._unreleased_version_text + '\n\n' @@ -244,7 +251,11 @@ class ChangeLog: self.categories = OrderedDict() for category in STANDARD_CATEGORIES: self.categories[category] = '' - offset = (self.header + self.top_version_title).count('\n') + 1 + if self.header: + offset = (self.header + self.top_version_title).count('\n') + 1 + else: + offset = 0 + self.add_categories_from_text(input_stream.name, offset, top_version_body, True) @@ -258,8 +269,10 @@ class ChangeLog: """Write the changelog to the specified file. """ with open(filename, 'w', encoding='utf-8') as out: - out.write(self.header) - out.write(self.top_version_title) + if self.header: + out.write(self.header) + if self.top_version_title: + out.write(self.top_version_title) for title, body in self.categories.items(): if not body: continue From 8933c04e44b35afb2fa7ecf75c9791e1892b8981 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 21 Nov 2023 17:05:43 +0100 Subject: [PATCH 051/653] Enable to specify the name of the project in the changelog The name read out from the previous entry. Signed-off-by: Gabor Mezei --- scripts/assemble_changelog.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) mode change 100644 => 100755 scripts/assemble_changelog.py diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py old mode 100644 new mode 100755 index afff200ee0..81ce682232 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -115,7 +115,7 @@ class ChangelogFormat: class TextChangelogFormat(ChangelogFormat): """The traditional Mbed TLS changelog format.""" - _unreleased_version_text = '= Mbed TLS x.x.x branch released xxxx-xx-xx' + _unreleased_version_text = '= {} x.x.x branch released xxxx-xx-xx' @classmethod def is_released_version(cls, title): # Look for an incomplete release date @@ -123,6 +123,7 @@ class TextChangelogFormat(ChangelogFormat): _top_version_re = re.compile(r'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)', re.DOTALL) + _name_re = re.compile(r'=\s(.*)\s[0-9x]+\.', re.DOTALL) @classmethod def extract_top_version(cls, changelog_file_content): """A version section starts with a line starting with '='.""" @@ -132,15 +133,17 @@ class TextChangelogFormat(ChangelogFormat): top_version_end = m.end(2) top_version_title = m.group(1) top_version_body = m.group(2) + name = re.match(cls._name_re, top_version_title).group(1) # No entries found else: top_version_start = None top_version_end = None + name = 'xxx' top_version_title = '' top_version_body = '' if cls.is_released_version(top_version_title): top_version_end = top_version_start - top_version_title = cls._unreleased_version_text + '\n\n' + top_version_title = cls._unreleased_version_text.format(name) + '\n\n' top_version_body = '' return (changelog_file_content[:top_version_start], top_version_title, top_version_body, From 920db4581835b2144edaf188455b394e7e0927eb Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 14 Nov 2023 17:20:16 +0800 Subject: [PATCH 052/653] tls13: early_data: support to parse max_early_data_size ext Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 51 +++++++++++++++++++++++++++++++------- 1 file changed, 42 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 44814b99f0..361f0c0afe 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2647,6 +2647,43 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_EARLY_DATA) +/* From RFC 8446 section 4.2.10 + * + * struct { + * select (Handshake.msg_type) { + * case new_session_ticket: uint32 max_early_data_size; + * ... + * }; + * } EarlyDataIndication; + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_parse_nst_early_data_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end) +{ + MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 4); + if ((end - buf) != 4) { + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR); + return MBEDTLS_ERR_SSL_DECODE_ERROR; + } + + if (ssl->session != NULL) { + ssl->session->max_early_data_size = MBEDTLS_GET_UINT32_BE(buf, 0); + mbedtls_ssl_session_set_ticket_flags( + ssl->session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); + MBEDTLS_SSL_DEBUG_MSG( + 3, ("received max_early_data_size: %u", + (unsigned int) ssl->session->max_early_data_size)); + return 0; + } + + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_parse_new_session_ticket_exts(mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -2680,15 +2717,11 @@ static int ssl_tls13_parse_new_session_ticket_exts(mbedtls_ssl_context *ssl, switch (extension_type) { #if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_TLS_EXT_EARLY_DATA: - if (extension_data_len != 4) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - if (ssl->session != NULL) { - ssl->session->ticket_flags |= - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA; + ret = ssl_tls13_parse_nst_early_data_ext( + ssl, p, p + extension_data_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET( + 1, "ssl_tls13_parse_max_early_data_size_ext", ret); } break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From 951b3cb400c200fcf72af6791980108ef15a43b0 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 21 Nov 2023 11:13:31 +0800 Subject: [PATCH 053/653] tls13-misc: cli: check parser of max_early_data_size ext Signed-off-by: Yanray Wang --- tests/opt-testcases/tls13-misc.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 9208384498..f03a386a04 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -261,9 +261,11 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ - "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ + "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ + --earlydata --maxearlydata 16384 --disable-client-cert" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ 0 \ + -c "received max_early_data_size: 16384" \ -c "Reconnecting with saved session" \ -c "NewSessionTicket: early_data(42) extension received." \ -c "ClientHello: early_data(42) extension exists." \ From 365ee3eaa953b559ed2ffebc66f761aac90b1160 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 22 Nov 2023 10:28:28 +0800 Subject: [PATCH 054/653] ssl_tls: return correct error code if mbedtls_calloc fails Signed-off-by: Yanray Wang --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b163e93c25..348894b455 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -306,7 +306,7 @@ static int resize_buffer(unsigned char **buffer, size_t len_new, size_t *len_old { unsigned char *resized_buffer = mbedtls_calloc(1, len_new); if (resized_buffer == NULL) { - return -1; + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } /* We want to copy len_new bytes when downsizing the buffer, and From fd25654311c5c6f275c6e62f49fa7588b8026fe7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 22 Nov 2023 10:32:03 +0800 Subject: [PATCH 055/653] ssl_tls: remove unnecessary guard Signed-off-by: Yanray Wang --- library/ssl_tls.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 348894b455..4364c1f2db 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2623,8 +2623,7 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_CLI_C) if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) size_t hostname_len; /* load host name */ if (end - p < 2) { @@ -2644,8 +2643,7 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session, memcpy(session->hostname, p, hostname_len); p += hostname_len; } -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && - MBEDTLS_SSL_SESSION_TICKETS */ +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_HAVE_TIME) if (end - p < 8) { From b1f60163ba3aff6c8209c48f85d398fdfb19a901 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 22 Nov 2023 15:46:15 +0800 Subject: [PATCH 056/653] ssl_tls: remove RSA sig-algs in ssl_preset_suiteb_sig_algs Signed-off-by: Yanray Wang --- library/ssl_tls.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b163e93c25..08f5a5b9b9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5143,16 +5143,6 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) #endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - defined(MBEDTLS_MD_CAN_SHA256) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif \ - /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_MD_CAN_SHA256*/ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, -#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256*/ - MBEDTLS_TLS_SIG_NONE }; From 69ceb391a0bb216f6c1fc1ca9b8c2d7718fd94a6 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 22 Nov 2023 16:32:39 +0800 Subject: [PATCH 057/653] ssl_tls: remove RSA sig-algs in ssl_tls12_preset_suiteb_sig_algs Signed-off-by: Yanray Wang --- library/ssl_tls.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 08f5a5b9b9..830278243d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5153,17 +5153,12 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), #endif -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256), -#endif #endif /* MBEDTLS_MD_CAN_SHA256*/ + #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), #endif -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384), -#endif #endif /* MBEDTLS_MD_CAN_SHA256*/ MBEDTLS_TLS_SIG_NONE }; From 55933a3e9c93db693e53a8a61e4e07d36be6a2f9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 22 Nov 2023 16:34:15 +0800 Subject: [PATCH 058/653] tls13: fix a wrong RFC reference section Signed-off-by: Yanray Wang --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 3c2696fe40..0ca802bc1b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -447,7 +447,7 @@ /* * TLS 1.3 signature algorithms - * RFC 8446, Section 4.2.2 + * RFC 8446, Section 4.2.3 */ /* RSASSA-PKCS1-v1_5 algorithms */ From 4e9b70e03a616530c9b0ef739d46c358e7785055 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 4 Dec 2022 14:08:02 +0800 Subject: [PATCH 059/653] Add early transform computation when accepted Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d983a00395..e8967e6c28 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1880,6 +1880,16 @@ static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_EARLY_DATA) /* There is enough information, update early data state. */ ssl_tls13_update_early_data_status(ssl); + + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + ret = mbedtls_ssl_tls13_compute_early_transform(ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET( + 1, "mbedtls_ssl_tls13_compute_early_transform", ret); + return ret; + } + } + #endif /* MBEDTLS_SSL_EARLY_DATA */ return 0; From 7d8c3fe12c9db11e31aa8ee305f454ae018402d1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 12:59:44 +0800 Subject: [PATCH 060/653] Add wait flight2 state. The state is come from RFC8446 section A.2 Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 2 +- library/ssl_tls13_server.c | 45 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 3c2696fe40..2bca21a2f2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -687,12 +687,12 @@ typedef enum { MBEDTLS_SSL_SERVER_FINISHED, MBEDTLS_SSL_FLUSH_BUFFERS, MBEDTLS_SSL_HANDSHAKE_WRAPUP, - MBEDTLS_SSL_NEW_SESSION_TICKET, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, MBEDTLS_SSL_HELLO_RETRY_REQUEST, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, MBEDTLS_SSL_END_OF_EARLY_DATA, + MBEDTLS_SSL_WAIT_FLIGHT2, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e8967e6c28..40d51d8068 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2782,6 +2782,30 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic")); mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_WAIT_FLIGHT2); + + return 0; +} + +/* + * Handler for MBEDTLS_SSL_WAIT_FLIGHT2 + * + * RFC 8446 section A.2 + * + * WAIT_FLIGHT2 + * | + * +--------+--------+ + * No auth | | Client auth + * | | + * | v + * | WAIT_CERT + * | Recv | | Recv Certificate + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_process_wait_flight2(mbedtls_ssl_context *ssl) +{ + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_process_wait_flight2")); + if (ssl->handshake->certificate_request_sent) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); } else { @@ -2790,6 +2814,7 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); } + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_process_wait_flight2")); return 0; } @@ -3213,10 +3238,30 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ + /* RFC 8446 section A.2 + * + * | Send Finished ( SERVER_FINISHED ) + * | K_send = application + * +--------+--------+ + * No 0-RTT | | 0-RTT + * | | + * K_recv = handshake | | K_recv = early data + * [Skip decrypt errors] | +------> WAIT_EOED -+ + * | | Recv | | Recv EndOfEarlyData + * | | early data | | K_recv = handshake + * | +------------+ | + * | | + * +> WAIT_FLIGHT2 <--------+ + * | + */ case MBEDTLS_SSL_SERVER_FINISHED: ret = ssl_tls13_write_server_finished(ssl); break; + case MBEDTLS_SSL_WAIT_FLIGHT2: + ret = ssl_tls13_process_wait_flight2(ssl); + break; + case MBEDTLS_SSL_CLIENT_FINISHED: ret = ssl_tls13_process_client_finished(ssl); break; From 87b5ed4e5b40bd7cc41506fa5850b28f2ac63bd9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 13:07:07 +0800 Subject: [PATCH 061/653] Add server side end-of-early-data handler Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 126 +++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 40d51d8068..e69b091f30 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2779,6 +2779,34 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) return ret; } +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + /* TODO: compute early transform here? + * + * RFC 8446, section A.2 + * | Send Finished + * | K_send = application + * +--------+--------+ + * No 0-RTT | | 0-RTT + * | | + * | | K_recv = early data + * | +------> WAIT_EOED -+ + * + * early transform is set after server finished in this section. But + * it breaks our key computation, so we put early transform computation + * at the end of client hello. For time being, I am not sure the benifit + * for moving computation here. + */ + MBEDTLS_SSL_DEBUG_MSG( + 1, ("Switch to early keys for inbound traffic. " + "( K_recv = early data )")); + mbedtls_ssl_set_inbound_transform( + ssl, ssl->handshake->transform_earlydata); + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); + return 0; + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic")); mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); @@ -2818,6 +2846,98 @@ static int ssl_tls13_process_wait_flight2(mbedtls_ssl_context *ssl) return 0; } +#if defined(MBEDTLS_SSL_EARLY_DATA) +/* + * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA( WAIT_EOED ) + * + * RFC 8446 section A.2 + * + * | + * +------> WAIT_EOED -+ + * | Recv | | Recv EndOfEarlyData + * | early data | | K_recv = handshake + * +------------+ | + * | + * WAIT_FLIGHT2 <--------+ + * | + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_process_wait_eoed(mbedtls_ssl_context *ssl) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_process_wait_eoed")); + + if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; + } + + /* RFC 8446 section 4.5 + * + * struct {} EndOfEarlyData; + */ + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) { + MBEDTLS_SSL_DEBUG_MSG( + 1, ("Switch to handshake keys for inbound traffic" + "( K_recv = handshake )")); + mbedtls_ssl_set_inbound_transform(ssl, handshake->transform_handshake); + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_WAIT_FLIGHT2); + + ret = mbedtls_ssl_add_hs_hdr_to_checksum( + ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, 0); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET( + 1, ("mbedtls_ssl_add_hs_hdr_to_checksum"), ret); + } + + goto cleanup; + + } + + /* RFC 8446 section 2.3 figure 4 + * + * 0-RTT data is sent via application data message. + */ + ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA) { + MBEDTLS_SSL_DEBUG_MSG( + 2, ("Unexpected message type %d", ssl->in_msgtype)); + goto cleanup; + } + + /* + * Output early data + * + * For time being, we print received data via debug message. + * + * TODO: Remove it when `mbedtls_ssl_read_early_data` is ready. + */ + ssl->in_msg[ssl->in_msglen] = 0; + MBEDTLS_SSL_DEBUG_MSG(3, ("\n%s", ssl->in_msg)); + + /* RFC 8446 section 4.6.1 + * + * A server receiving more than max_early_data_size bytes of 0-RTT data + * SHOULD terminate the connection with an "unexpected_message" alert. + * + * TODO: Add received data size check here. + */ + + ret = 0; + +cleanup: + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) { + MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, + MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); + } + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_process_wait_eoed")); + return ret; +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /* * Handler for MBEDTLS_SSL_CLIENT_FINISHED */ @@ -3262,6 +3382,12 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) ret = ssl_tls13_process_wait_flight2(ssl); break; +#if defined(MBEDTLS_SSL_EARLY_DATA) + case MBEDTLS_SSL_END_OF_EARLY_DATA: + ret = ssl_tls13_process_wait_eoed(ssl); + break; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + case MBEDTLS_SSL_CLIENT_FINISHED: ret = ssl_tls13_process_client_finished(ssl); break; From 0e9eafff13f08e0cdff8e2db0ca08f8eb331a278 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 8 Feb 2023 15:38:19 +0800 Subject: [PATCH 062/653] Update tests to the code status Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-misc.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 9208384498..6fc0c607f3 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -511,12 +511,12 @@ requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: EarlyData: feature is enabled, fail." \ +run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \ "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \ -d 10 -r --earlydata $EARLY_DATA_INPUT " \ - 1 \ + 0 \ -s "ClientHello: early_data(42) extension exists." \ -s "EncryptedExtensions: early_data(42) extension exists." \ -s "NewSessionTicket: early_data(42) extension does not exist." \ - -s "Last error was: -29056 - SSL - Verification of the message MAC failed" + -s "$( tail -1 $EARLY_DATA_INPUT )" From 1136fad1263216e88c8cf32d85977b55bddbdc9b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 22 Nov 2023 16:54:31 +0800 Subject: [PATCH 063/653] ssl_tls: improve readability in ssl_*_preset_*_sig_algs - fix wrong comment in #endif - no semantics changes Signed-off-by: Yanray Wang --- library/ssl_tls.c | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 830278243d..511e4360ef 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5054,23 +5054,17 @@ static uint16_t ssl_preset_default_sig_algs[] = { // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512) #endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - defined(MBEDTLS_MD_CAN_SHA512) +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_MD_CAN_SHA512) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, -#endif \ - /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_MD_CAN_SHA512 */ +#endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - defined(MBEDTLS_MD_CAN_SHA384) +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_MD_CAN_SHA384) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, -#endif \ - /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_MD_CAN_SHA384 */ +#endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - defined(MBEDTLS_MD_CAN_SHA256) +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_MD_CAN_SHA256) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif \ - /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_MD_CAN_SHA256 */ +#endif #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA512) MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, @@ -5090,42 +5084,47 @@ static uint16_t ssl_preset_default_sig_algs[] = { /* NOTICE: see above */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_default_sig_algs[] = { + #if defined(MBEDTLS_MD_CAN_SHA512) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#endif #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512), #endif -#endif /* MBEDTLS_MD_CAN_SHA512*/ +#endif /* MBEDTLS_MD_CAN_SHA512 */ + #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#endif #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384), #endif -#endif /* MBEDTLS_MD_CAN_SHA384*/ +#endif /* MBEDTLS_MD_CAN_SHA384 */ + #if defined(MBEDTLS_MD_CAN_SHA256) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#endif #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256), #endif -#endif /* MBEDTLS_MD_CAN_SHA256*/ +#endif /* MBEDTLS_MD_CAN_SHA256 */ + MBEDTLS_TLS_SIG_NONE }; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + /* NOTICE: see above */ static uint16_t ssl_preset_suiteb_sig_algs[] = { @@ -5149,17 +5148,19 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { /* NOTICE: see above */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { + #if defined(MBEDTLS_MD_CAN_SHA256) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), #endif -#endif /* MBEDTLS_MD_CAN_SHA256*/ +#endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), #endif -#endif /* MBEDTLS_MD_CAN_SHA256*/ +#endif /* MBEDTLS_MD_CAN_SHA384 */ + MBEDTLS_TLS_SIG_NONE }; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ From d8c899cb179f2bae8a89740c0f9819681a9a83be Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 22 Nov 2023 18:14:38 +0800 Subject: [PATCH 064/653] TLS Suite B fix: add ChangeLog entry Signed-off-by: Yanray Wang --- ChangeLog.d/fix-tls-SuiteB.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-tls-SuiteB.txt diff --git a/ChangeLog.d/fix-tls-SuiteB.txt b/ChangeLog.d/fix-tls-SuiteB.txt new file mode 100644 index 0000000000..0be753ac5e --- /dev/null +++ b/ChangeLog.d/fix-tls-SuiteB.txt @@ -0,0 +1,3 @@ +Bugfix + * Remove accidental introduction of RSA signature algorithms + in TLS Suite B Profile. Fixes #8221. From 5da8ecffe6c2e278d2e85a66ed4deb27bf9c8bdc Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 22 Nov 2023 18:52:19 +0800 Subject: [PATCH 065/653] tls13: nst early_data: remove duplicate code Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 361f0c0afe..c9680c2eb9 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2663,12 +2663,6 @@ static int ssl_tls13_parse_nst_early_data_ext(mbedtls_ssl_context *ssl, const unsigned char *end) { MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 4); - if ((end - buf) != 4) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } if (ssl->session != NULL) { ssl->session->max_early_data_size = MBEDTLS_GET_UINT32_BE(buf, 0); From 554ee62fbae40e98a34721a1b9591c9e9b42062b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 22 Nov 2023 18:55:01 +0800 Subject: [PATCH 066/653] tls13: early_data: fix wrong debug_ret message Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c9680c2eb9..068676cde0 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2715,7 +2715,7 @@ static int ssl_tls13_parse_new_session_ticket_exts(mbedtls_ssl_context *ssl, ssl, p, p + extension_data_len); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_max_early_data_size_ext", ret); + 1, "ssl_tls13_parse_nst_early_data_ext", ret); } break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From 79cae20a025d7a988d00e443331b348b479119e3 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 22 Nov 2023 15:49:19 +0000 Subject: [PATCH 067/653] Remove useless line Signed-off-by: Thomas Daubney --- scripts/generate_driver_wrappers.py | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 538999af8c..de8995947a 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -178,7 +178,6 @@ def main() -> int: repo_root = os.path.abspath(args.repo_root) - library_dir = '' if build_tree.looks_like_mbedtls_root(repo_root): library_dir = 'library' elif build_tree.looks_like_tf_psa_crypto_root(repo_root): From b42c50bd6044b29d00012adf02bd8f607c5a2dc3 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 22 Nov 2023 15:53:38 +0000 Subject: [PATCH 068/653] Make use of new crypto_core_directory function Signed-off-by: Thomas Daubney --- scripts/generate_driver_wrappers.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index de8995947a..a3c8588597 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -178,10 +178,7 @@ def main() -> int: repo_root = os.path.abspath(args.repo_root) - if build_tree.looks_like_mbedtls_root(repo_root): - library_dir = 'library' - elif build_tree.looks_like_tf_psa_crypto_root(repo_root): - library_dir = 'core' + library_dir = build_tree.crypto_core_directory(repo_root) output_directory = args.output_directory if args.output_directory is not None else \ os.path.join(repo_root, library_dir) From 772056ccea0535c3b764f9a4d51e844547e1080f Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 22 Nov 2023 16:23:16 +0000 Subject: [PATCH 069/653] Replace repo_root with project_root Signed-off-by: Thomas Daubney --- scripts/generate_driver_wrappers.py | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index a3c8588597..709f380cd6 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -108,17 +108,17 @@ def load_driver(schemas: Dict[str, Any], driver_file: str) -> Any: return json_data -def load_schemas(repo_root: str) -> Dict[str, Any]: +def load_schemas(project_root: str) -> Dict[str, Any]: """ Load schemas map """ schema_file_paths = { - 'transparent': os.path.join(repo_root, + 'transparent': os.path.join(project_root, 'scripts', 'data_files', 'driver_jsons', 'driver_transparent_schema.json'), - 'opaque': os.path.join(repo_root, + 'opaque': os.path.join(project_root, 'scripts', 'data_files', 'driver_jsons', @@ -131,13 +131,13 @@ def load_schemas(repo_root: str) -> Dict[str, Any]: return driver_schema -def read_driver_descriptions(repo_root: str, +def read_driver_descriptions(project_root: str, json_directory: str, jsondriver_list: str) -> list: """ Merge driver JSON files into a single ordered JSON after validation. """ - driver_schema = load_schemas(repo_root) + driver_schema = load_schemas(project_root) with open(file=os.path.join(json_directory, jsondriver_list), mode='r', @@ -163,10 +163,10 @@ def main() -> int: """ Main with command line arguments. """ - def_arg_repo_root = build_tree.guess_mbedtls_root() + def_arg_project_root = build_tree.guess_mbedtls_root() parser = argparse.ArgumentParser() - parser.add_argument('--repo-root', default=def_arg_repo_root, + parser.add_argument('--project-root', default=def_arg_project_root, help='root directory of repo source code') parser.add_argument('--template-dir', help='directory holding the driver templates') @@ -176,27 +176,27 @@ def main() -> int: help='output file\'s location') args = parser.parse_args() - repo_root = os.path.abspath(args.repo_root) + project_root = os.path.abspath(args.project_root) - library_dir = build_tree.crypto_core_directory(repo_root) + library_dir = build_tree.crypto_core_directory(project_root) output_directory = args.output_directory if args.output_directory is not None else \ - os.path.join(repo_root, library_dir) + os.path.join(project_root, library_dir) template_directory = args.template_dir if args.template_dir is not None else \ - os.path.join(repo_root, + os.path.join(project_root, 'scripts', 'data_files', 'driver_templates') json_directory = args.json_dir if args.json_dir is not None else \ - os.path.join(repo_root, + os.path.join(project_root, 'scripts', 'data_files', 'driver_jsons') try: # Read and validate list of driver jsons from driverlist.json - merged_driver_json = read_driver_descriptions(repo_root, + merged_driver_json = read_driver_descriptions(project_root, json_directory, 'driverlist.json') except DriverReaderException as e: From 4e574dbd437179571b38c0d96be9c7f9f9132c0f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 22 Nov 2023 17:48:00 +0100 Subject: [PATCH 070/653] Remove initial changelog entry creation support Signed-off-by: Gabor Mezei --- scripts/assemble_changelog.py | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 81ce682232..b2fa96a07e 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -128,19 +128,11 @@ class TextChangelogFormat(ChangelogFormat): def extract_top_version(cls, changelog_file_content): """A version section starts with a line starting with '='.""" m = re.search(cls._top_version_re, changelog_file_content) - if m: - top_version_start = m.start(1) - top_version_end = m.end(2) - top_version_title = m.group(1) - top_version_body = m.group(2) - name = re.match(cls._name_re, top_version_title).group(1) - # No entries found - else: - top_version_start = None - top_version_end = None - name = 'xxx' - top_version_title = '' - top_version_body = '' + top_version_start = m.start(1) + top_version_end = m.end(2) + top_version_title = m.group(1) + top_version_body = m.group(2) + name = re.match(cls._name_re, top_version_title).group(1) if cls.is_released_version(top_version_title): top_version_end = top_version_start top_version_title = cls._unreleased_version_text.format(name) + '\n\n' @@ -272,10 +264,8 @@ class ChangeLog: """Write the changelog to the specified file. """ with open(filename, 'w', encoding='utf-8') as out: - if self.header: - out.write(self.header) - if self.top_version_title: - out.write(self.top_version_title) + out.write(self.header) + out.write(self.top_version_title) for title, body in self.categories.items(): if not body: continue From d35b94b662c4cbbd9cdd7df1acbf8849f833c923 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 22 Nov 2023 17:00:34 +0000 Subject: [PATCH 071/653] Improve implementation of crypto_core_directory Signed-off-by: Thomas Daubney --- scripts/mbedtls_dev/build_tree.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index 4a42d9a2ba..9c0b5ba964 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -7,6 +7,7 @@ import os import inspect +from typing import Optional def looks_like_tf_psa_crypto_root(path: str) -> bool: """Whether the given directory looks like the root of the PSA Crypto source tree.""" @@ -21,10 +22,12 @@ def looks_like_mbedtls_root(path: str) -> bool: def looks_like_root(path: str) -> bool: return looks_like_tf_psa_crypto_root(path) or looks_like_mbedtls_root(path) -def crypto_core_directory() -> str: - if looks_like_tf_psa_crypto_root(os.path.curdir): +def crypto_core_directory(root: Optional[str] = None) -> str: + if root is None: + root = guess_mbedtls_root() + if looks_like_tf_psa_crypto_root(root): return "core" - elif looks_like_mbedtls_root(os.path.curdir): + elif looks_like_mbedtls_root(root): return "library" else: raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') From 755d32117bb031ebb3d7c24fd53f9a48225de671 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 22 Nov 2023 17:18:22 +0000 Subject: [PATCH 072/653] Rename guess_mbedtls_root to guess_project_root Rename for consistency. Also, replace all calls to this function with correct name. Signed-off-by: Thomas Daubney --- scripts/generate_driver_wrappers.py | 2 +- scripts/generate_ssl_debug_helpers.py | 2 +- scripts/mbedtls_dev/build_tree.py | 10 +++++----- tests/scripts/audit-validity-dates.py | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 709f380cd6..5223d459fd 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -163,7 +163,7 @@ def main() -> int: """ Main with command line arguments. """ - def_arg_project_root = build_tree.guess_mbedtls_root() + def_arg_project_root = build_tree.guess_project_root() parser = argparse.ArgumentParser() parser.add_argument('--project-root', default=def_arg_project_root, diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index a0544f1537..af8ef86eed 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -367,7 +367,7 @@ def generate_ssl_debug_helpers(output_directory, mbedtls_root): Generate functions of debug helps """ mbedtls_root = os.path.abspath( - mbedtls_root or build_tree.guess_mbedtls_root()) + mbedtls_root or build_tree.guess_project_root()) with open(os.path.join(mbedtls_root, 'include/mbedtls/ssl.h')) as f: source_code = remove_c_comments(f.read()) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index 9c0b5ba964..da455a7f2c 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -24,7 +24,7 @@ def looks_like_root(path: str) -> bool: def crypto_core_directory(root: Optional[str] = None) -> str: if root is None: - root = guess_mbedtls_root() + root = guess_project_root() if looks_like_tf_psa_crypto_root(root): return "core" elif looks_like_mbedtls_root(root): @@ -55,10 +55,10 @@ def chdir_to_root() -> None: raise Exception('Mbed TLS source tree not found') -def guess_mbedtls_root(): - """Guess mbedTLS source code directory. +def guess_project_root(): + """Guess project source code directory. - Return the first possible mbedTLS root directory + Return the first possible project root directory. """ dirs = set({}) for frame in inspect.stack(): @@ -71,4 +71,4 @@ def guess_mbedtls_root(): dirs.add(d) if looks_like_root(d): return d - raise Exception('Mbed TLS source tree not found') + raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 96b705a281..ab09b4a1e6 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -265,7 +265,7 @@ class Auditor: @staticmethod def find_test_dir(): """Get the relative path for the Mbed TLS test directory.""" - return os.path.relpath(build_tree.guess_mbedtls_root() + '/tests') + return os.path.relpath(build_tree.guess_project_root() + '/tests') class TestDataAuditor(Auditor): From d012084e91bb12a2743eee0fa10e7a2bc284feed Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 23 Nov 2023 16:35:54 +0800 Subject: [PATCH 073/653] tls13: early_data: cli: optimize code - remove unnecessary check - using local variable session Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 068676cde0..a62d2bcd39 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2662,19 +2662,18 @@ static int ssl_tls13_parse_nst_early_data_ext(mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end) { + mbedtls_ssl_session *session = ssl->session; + MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 4); - if (ssl->session != NULL) { - ssl->session->max_early_data_size = MBEDTLS_GET_UINT32_BE(buf, 0); - mbedtls_ssl_session_set_ticket_flags( - ssl->session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); - MBEDTLS_SSL_DEBUG_MSG( - 3, ("received max_early_data_size: %u", - (unsigned int) ssl->session->max_early_data_size)); - return 0; - } + session->max_early_data_size = MBEDTLS_GET_UINT32_BE(buf, 0); + mbedtls_ssl_session_set_ticket_flags( + session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); + MBEDTLS_SSL_DEBUG_MSG( + 3, ("received max_early_data_size: %u", + (unsigned int) session->max_early_data_size)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + return 0; } #endif /* MBEDTLS_SSL_EARLY_DATA */ From d0c3076dba98d48dc5ab866f197923ad75615d45 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 23 Nov 2023 09:59:57 +0000 Subject: [PATCH 074/653] Make use of crypto_core_directory function in script Signed-off-by: Thomas Daubney --- tests/scripts/test_psa_compliance.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index bed6d849e0..2482d032af 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -52,10 +52,10 @@ def main(library_build_dir: str): if in_tf_psa_crypto_repo: crypto_name = 'tfpsacrypto' - library_subdir = 'core' else: crypto_name = 'mbedcrypto' - library_subdir = 'library' + + library_subdir = build_tree.crypto_core_directory() crypto_lib_filename = (library_build_dir + '/' + library_subdir + '/' + From 8932404c456abfde51fac9b818120255018ec303 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 23 Nov 2023 10:14:12 +0000 Subject: [PATCH 075/653] Introduce project_crypto_name in build_tree.py Add new function to build_tree.py to return the crypto name for the project; either tfpsacrypto or mbedcrypto. Deploy this function where needed. Signed-off-by: Thomas Daubney --- scripts/mbedtls_dev/build_tree.py | 10 ++++++++++ tests/scripts/test_psa_compliance.py | 5 +---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index da455a7f2c..f506c4142e 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -32,6 +32,16 @@ def crypto_core_directory(root: Optional[str] = None) -> str: else: raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') +def project_crypto_name(root: Optional[str] = None) -> str: + if root is None: + root = guess_project_root() + if looks_like_tf_psa_crypto_root(root): + return "tfpsacrypto" + elif looks_like_mbedtls_root(root): + return "mbedcrypto" + else: + raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') + def check_repo_path(): """ Check that the current working directory is the project root, and throw diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 2482d032af..82cc1b1db8 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -50,10 +50,7 @@ def main(library_build_dir: str): in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir) - if in_tf_psa_crypto_repo: - crypto_name = 'tfpsacrypto' - else: - crypto_name = 'mbedcrypto' + crypto_name = build_tree.project_crypto_name() library_subdir = build_tree.crypto_core_directory() From 3781ab40fb24c06ca7401bcecc3e1aa31d669a55 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 23 Nov 2023 18:17:11 +0800 Subject: [PATCH 076/653] tls13: early_data: cli: remove nst_ prefix Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index a62d2bcd39..fec4a7d585 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2658,10 +2658,16 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) * } EarlyDataIndication; */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_nst_early_data_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) +static int ssl_tls13_parse_early_data_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end) { + /* Make sure early data indication extension is received from + * NewSessionTicket. */ + if (!mbedtls_ssl_is_handshake_over(ssl)) { + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } + mbedtls_ssl_session *session = ssl->session; MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 4); @@ -2710,11 +2716,11 @@ static int ssl_tls13_parse_new_session_ticket_exts(mbedtls_ssl_context *ssl, switch (extension_type) { #if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_TLS_EXT_EARLY_DATA: - ret = ssl_tls13_parse_nst_early_data_ext( + ret = ssl_tls13_parse_early_data_ext( ssl, p, p + extension_data_len); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_nst_early_data_ext", ret); + 1, "ssl_tls13_parse_early_data_ext", ret); } break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From 1b58ecbfb0f0aa4d29e70472f90178f86bb88a1c Mon Sep 17 00:00:00 2001 From: Oldes Huhuman Date: Thu, 23 Nov 2023 22:46:20 +0100 Subject: [PATCH 077/653] Fixed compilation for Haiku OS Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562 Signed-off-by: Oldes Huhuman --- library/platform_util.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index 6d2dd144d2..cc463402ce 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -243,10 +243,10 @@ extern inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x); #include #if !defined(_WIN32) && \ (defined(unix) || defined(__unix) || defined(__unix__) || \ - (defined(__APPLE__) && defined(__MACH__))) + (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__)) #include -#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */ -#if (defined(_POSIX_VERSION) && _POSIX_VERSION >= 199309L) +#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__) || defined(__HAIKU__)) */ +#if (defined(_POSIX_VERSION) && _POSIX_VERSION >= 199309L) || defined(__HAIKU__) mbedtls_ms_time_t mbedtls_ms_time(void) { int ret; From beec452e3ccb52ca1e585a8e8450d97e9f879472 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 24 Nov 2023 10:48:44 +0000 Subject: [PATCH 078/653] Use os.path.join in crypto_core_directory Signed-off-by: Thomas Daubney --- scripts/mbedtls_dev/build_tree.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index f506c4142e..fa309d3e6c 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -26,9 +26,9 @@ def crypto_core_directory(root: Optional[str] = None) -> str: if root is None: root = guess_project_root() if looks_like_tf_psa_crypto_root(root): - return "core" + return os.path.join(root, "core") elif looks_like_mbedtls_root(root): - return "library" + return os.path.join(root, "library") else: raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') From cdbf2fd64431ba14d0d497a20d8eb073a3814190 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 24 Nov 2023 10:54:56 +0000 Subject: [PATCH 079/653] Add documentation for new public functions Signed-off-by: Thomas Daubney --- scripts/mbedtls_dev/build_tree.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index fa309d3e6c..4e0ae19531 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -23,6 +23,7 @@ def looks_like_root(path: str) -> bool: return looks_like_tf_psa_crypto_root(path) or looks_like_mbedtls_root(path) def crypto_core_directory(root: Optional[str] = None) -> str: + """Return the path of the library code for either TF-PSA-Crypto or Mbed TLS.""" if root is None: root = guess_project_root() if looks_like_tf_psa_crypto_root(root): @@ -33,6 +34,7 @@ def crypto_core_directory(root: Optional[str] = None) -> str: raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') def project_crypto_name(root: Optional[str] = None) -> str: + """Return the crypto library filename for either TF-PSA-Crypto or Mbed TLS.""" if root is None: root = guess_project_root() if looks_like_tf_psa_crypto_root(root): From fc60e9b7bf92698ae13dde72ea21dcc17a71f874 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 24 Nov 2023 10:56:04 +0000 Subject: [PATCH 080/653] Make function calls consistent Signed-off-by: Thomas Daubney --- tests/scripts/test_psa_compliance.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 82cc1b1db8..034949bc6b 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -50,9 +50,8 @@ def main(library_build_dir: str): in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir) - crypto_name = build_tree.project_crypto_name() - - library_subdir = build_tree.crypto_core_directory() + crypto_name = build_tree.project_crypto_name(root_dir) + library_subdir = build_tree.crypto_core_directory(root_dir) crypto_lib_filename = (library_build_dir + '/' + library_subdir + '/' + From 6130a619f8800e7b41970e89aba3a8c39d784730 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 24 Nov 2023 10:58:07 +0000 Subject: [PATCH 081/653] Remove unused variable Signed-off-by: Thomas Daubney --- tests/scripts/test_psa_compliance.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 034949bc6b..e2ccea3de7 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -48,8 +48,6 @@ PSA_ARCH_TESTS_REF = 'fix-pr-5736' def main(library_build_dir: str): root_dir = os.getcwd() - in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir) - crypto_name = build_tree.project_crypto_name(root_dir) library_subdir = build_tree.crypto_core_directory(root_dir) From e8f37893124dca94569a7b0edf9a338d9623e7ea Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 24 Nov 2023 11:41:23 +0000 Subject: [PATCH 082/653] Revert change that removed in_tf_psa_crypto_repo variable Signed-off-by: Thomas Daubney --- tests/scripts/test_psa_compliance.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index e2ccea3de7..034949bc6b 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -48,6 +48,8 @@ PSA_ARCH_TESTS_REF = 'fix-pr-5736' def main(library_build_dir: str): root_dir = os.getcwd() + in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir) + crypto_name = build_tree.project_crypto_name(root_dir) library_subdir = build_tree.crypto_core_directory(root_dir) From 180915018dd04f6ad66faa3e9fc66813a221643d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 28 Nov 2023 08:37:06 +0100 Subject: [PATCH 083/653] pem: auto add newlines to header/footer in mbedtls_pem_write_buffer() Signed-off-by: Valerio Setti --- include/mbedtls/pem.h | 3 +++ library/pem.c | 7 ++++++- library/x509write_crt.c | 4 ++-- library/x509write_csr.c | 4 ++-- tests/suites/test_suite_pem.data | 12 ++++++------ tests/suites/test_suite_pem.function | 6 +++--- 6 files changed, 22 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index cc617a9bcc..2fe19d026c 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -135,6 +135,9 @@ void mbedtls_pem_free(mbedtls_pem_context *ctx); * \param olen The address at which to store the total length written * or required (if \p buf_len is not enough). * + * \note Newlines are automatically appended to both header and + * footer. + * * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len * to request the length of the resulting PEM buffer in * `*olen`. diff --git a/library/pem.c b/library/pem.c index 9500ffcf7f..7c0c447ee2 100644 --- a/library/pem.c +++ b/library/pem.c @@ -473,7 +473,10 @@ int mbedtls_pem_write_buffer(const char *header, const char *footer, size_t len = 0, use_len, add_len = 0; mbedtls_base64_encode(NULL, 0, &use_len, der_data, der_len); - add_len = strlen(header) + strlen(footer) + (((use_len > 2) ? (use_len - 2) : 0) / 64) + 1; + /* Newlines are appended to the end of both header and footer, so we + * account for an extra +2. */ + add_len = strlen(header) + strlen(footer) + 2 + \ + (((use_len > 2) ? (use_len - 2) : 0) / 64) + 1; if (use_len + add_len > buf_len) { *olen = use_len + add_len; @@ -493,6 +496,7 @@ int mbedtls_pem_write_buffer(const char *header, const char *footer, memcpy(p, header, strlen(header)); p += strlen(header); + *p++ = '\n'; c = encode_buf; while (use_len) { @@ -506,6 +510,7 @@ int mbedtls_pem_write_buffer(const char *header, const char *footer, memcpy(p, footer, strlen(footer)); p += strlen(footer); + *p++ = '\n'; *p++ = '\0'; *olen = p - buf; diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4c019eee4e..8d920f2676 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -651,8 +651,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, return (int) len; } -#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n" -#define PEM_END_CRT "-----END CERTIFICATE-----\n" +#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----" +#define PEM_END_CRT "-----END CERTIFICATE-----" #if defined(MBEDTLS_PEM_WRITE_C) int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt, diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 4e397553a4..5ee683ff12 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -302,8 +302,8 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, return ret; } -#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n" -#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" +#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----" +#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----" #if defined(MBEDTLS_PEM_WRITE_C) int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index a4dff45f0b..238a0bc043 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -1,20 +1,20 @@ Standard PEM write -mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8=\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8=\n-----END TEST-----\n" PEM write (zero data) -mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"":"-----START TEST-----\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"":"-----START TEST-----\n-----END TEST-----\n" PEM write (one byte) -mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"00":"-----START TEST-----\nAA==\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"00":"-----START TEST-----\nAA==\n-----END TEST-----\n" PEM write (more than line size) -mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8=\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8=\n-----END TEST-----\n" PEM write (exactly two lines) -mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\n-----END TEST-----\n" PEM write (exactly two lines + 1) -mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" PEM write length reporting mbedtls_pem_write_buffer_lengths diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index 413dc551c3..cb652d4584 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -40,17 +40,17 @@ void mbedtls_pem_write_buffer_lengths() size_t olen_needed, olen; int ret; for (size_t l = 0; l <= sizeof(data); l++) { - ret = mbedtls_pem_write_buffer("\n", "\n", data, l, NULL, 0, &olen_needed); + ret = mbedtls_pem_write_buffer("", "", data, l, NULL, 0, &olen_needed); TEST_EQUAL(ret, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); /* Test that a bigger buffer still only requires `olen_needed` */ - ret = mbedtls_pem_write_buffer("\n", "\n", data, l, buf, sizeof(buf), &olen); + ret = mbedtls_pem_write_buffer("", "", data, l, buf, sizeof(buf), &olen); TEST_EQUAL(ret, 0); TEST_EQUAL(olen_needed, olen); /* Test that a buffer of exactly `olen_needed` works */ memset(buf, 1, sizeof(buf)); - ret = mbedtls_pem_write_buffer("\n", "\n", data, l, buf, olen_needed, &olen); + ret = mbedtls_pem_write_buffer("", "", data, l, buf, olen_needed, &olen); TEST_EQUAL(ret, 0); TEST_EQUAL(olen_needed, olen); /* Test the function didn't overflow the given buffer */ From 854c737db101ebff76d944362d5c36ba296cef24 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 28 Nov 2023 08:37:57 +0100 Subject: [PATCH 084/653] pk: use common header/footer macros for pkwrite and pkparse Signed-off-by: Valerio Setti --- library/pk_internal.h | 14 ++++++++++++++ library/pkparse.c | 20 ++++++++------------ library/pkwrite.c | 10 ---------- 3 files changed, 22 insertions(+), 22 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index 571b57e8b5..ae329554bc 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -21,6 +21,20 @@ #include "psa/crypto.h" #endif +/* Headers/footers for PEM files */ +#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----" +#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----" +#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----" +#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----" +#define PEM_BEGIN_PUBLIC_KEY_RSA "-----BEGIN RSA PUBLIC KEY-----" +#define PEM_END_PUBLIC_KEY_RSA "-----END RSA PUBLIC KEY-----" +#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----" +#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----" +#define PEM_BEGIN_PRIVATE_KEY_PKCS8 "-----BEGIN PRIVATE KEY-----" +#define PEM_END_PRIVATE_KEY_PKCS8 "-----END PRIVATE KEY-----" +#define PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----BEGIN ENCRYPTED PRIVATE KEY-----" +#define PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----END ENCRYPTED PRIVATE KEY-----" + #if defined(MBEDTLS_PSA_CRYPTO_C) #include "psa_util_internal.h" #define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) diff --git a/library/pkparse.c b/library/pkparse.c index 3bb5f7be2e..608c85480d 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1534,8 +1534,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; } else { ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN RSA PRIVATE KEY-----", - "-----END RSA PRIVATE KEY-----", + PEM_BEGIN_PRIVATE_KEY_RSA, PEM_END_PRIVATE_KEY_RSA, key, pwd, pwdlen, &len); } @@ -1564,8 +1563,8 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; } else { ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN EC PRIVATE KEY-----", - "-----END EC PRIVATE KEY-----", + PEM_BEGIN_PRIVATE_KEY_EC, + PEM_END_PRIVATE_KEY_EC, key, pwd, pwdlen, &len); } if (ret == 0) { @@ -1594,8 +1593,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; } else { ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN PRIVATE KEY-----", - "-----END PRIVATE KEY-----", + PEM_BEGIN_PRIVATE_KEY_PKCS8, PEM_END_PRIVATE_KEY_PKCS8, key, NULL, 0, &len); } if (ret == 0) { @@ -1616,8 +1614,8 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; } else { ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN ENCRYPTED PRIVATE KEY-----", - "-----END ENCRYPTED PRIVATE KEY-----", + PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8, + PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8, key, NULL, 0, &len); } if (ret == 0) { @@ -1743,8 +1741,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; } else { ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN RSA PUBLIC KEY-----", - "-----END RSA PUBLIC KEY-----", + PEM_BEGIN_PUBLIC_KEY_RSA, PEM_END_PUBLIC_KEY_RSA, key, NULL, 0, &len); } @@ -1777,8 +1774,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; } else { ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN PUBLIC KEY-----", - "-----END PUBLIC KEY-----", + PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, key, NULL, 0, &len); } diff --git a/library/pkwrite.c b/library/pkwrite.c index 11c020473e..20961df2bc 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -724,16 +724,6 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_PEM_WRITE_C) -#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n" -#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n" - -#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----\n" -#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n" -#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n" -#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n" -#define PEM_BEGIN_PRIVATE_KEY_PKCS8 "-----BEGIN PRIVATE KEY-----\n" -#define PEM_END_PRIVATE_KEY_PKCS8 "-----END PRIVATE KEY-----\n" - #define PUB_DER_MAX_BYTES \ (MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES > MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES ? \ MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES : MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES) From 897bb77c0cfa8a1d37aea77a171c6c88bbcd49a9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 15 Nov 2023 16:34:20 +0000 Subject: [PATCH 085/653] Update tf-m tests in all.sh for P256-M Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5c2f1fd791..bd6b966c2e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3254,14 +3254,6 @@ common_tfm_config () { # # Enable filesystem I/O for the benefit of PK parse/write tests. echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H" - - # Config adjustments for features that are not supported - # when using only drivers / by p256-m - # - # Disable all the features that auto-enable ECP_LIGHT (see config_adjust_legacy_crypto.h) - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - # Disable deterministic ECDSA as p256-m only does randomized - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA } # Keep this in sync with component_test_tfm_config() as they are both meant @@ -3271,8 +3263,8 @@ component_test_tfm_config_p256m_driver_accel_ec () { common_tfm_config - # Build crypto library specifying we want to use P256M code for EC operations - make CFLAGS="$ASAN_CFLAGS -DMBEDTLS_PSA_P256M_DRIVER_ENABLED -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS" + # Build crypto library + make CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o @@ -3283,6 +3275,8 @@ component_test_tfm_config_p256m_driver_accel_ec () { not grep mbedtls_rsa_ library/rsa.o not grep mbedtls_dhm_ library/dhm.o not grep mbedtls_mpi_ library/bignum.o + # Check that p256m was built + grep -q p256_ecdsa_verify library/libmbedcrypto.a # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" @@ -3295,9 +3289,16 @@ component_test_tfm_config_p256m_driver_accel_ec () { component_test_tfm_config() { common_tfm_config + # Disable P256M driver, which is on by default, so that analyze_outcomes + # can compare this test with test_tfm_config_p256m_driver_accel_ec + echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H" + msg "build: TF-M config" make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests + # Check that p256m was not built + not grep p256_ecdsa_verify library/libmbedcrypto.a + msg "test: TF-M config" make test } From be5489ae9835aa7e8ffcad771bcb6050a298be64 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 27 Nov 2023 10:30:03 +0000 Subject: [PATCH 086/653] Simplify test for building P256-M Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bd6b966c2e..e15fb2afb9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3276,7 +3276,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { not grep mbedtls_dhm_ library/dhm.o not grep mbedtls_mpi_ library/bignum.o # Check that p256m was built - grep -q p256_ecdsa_verify library/libmbedcrypto.a + grep -q p256_ecdsa_ library/libmbedcrypto.a # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" @@ -3297,7 +3297,7 @@ component_test_tfm_config() { make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests # Check that p256m was not built - not grep p256_ecdsa_verify library/libmbedcrypto.a + not grep p256_ecdsa_ library/libmbedcrypto.a msg "test: TF-M config" make test From a326eb990d086e344660aea23928c6dd98c7020c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 27 Nov 2023 10:56:41 +0000 Subject: [PATCH 087/653] We no longer need to undef ALT defines Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 191e4c4f41..4fa08caf62 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -21,16 +21,6 @@ /* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */ #undef MBEDTLS_PSA_CRYPTO_SPM -/* TF-M provides its own dummy implementations to save code size. - * We don't have any way to disable the tests that need these feature, - * so we just keep AES decryption enabled. We will resolve this through - * an official way to disable AES decryption, then this deviation - * will no longer be needed: - * https://github.com/Mbed-TLS/mbedtls/issues/7368 - */ -#undef MBEDTLS_AES_SETKEY_DEC_ALT -#undef MBEDTLS_AES_DECRYPT_ALT - /* Use built-in platform entropy functions (TF-M provides its own). */ #undef MBEDTLS_NO_PLATFORM_ENTROPY From 4edcf693e7d96ef4b6678f7d8b27529f8090d1dd Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 15 Nov 2023 12:23:29 +0000 Subject: [PATCH 088/653] Use latest TF-M config with bare-minimum changes Move all changes local to Mbed TLS into config-tfm.h (except for commenting out a couple of #include's). Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 38 +++ configs/ext/crypto_config_profile_medium.h | 44 ++-- .../tfm_mbedcrypto_config_profile_medium.h | 222 +++++++----------- 3 files changed, 139 insertions(+), 165 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 4fa08caf62..d987b63313 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -28,3 +28,41 @@ * but using the native allocator is faster and works better with * memory management analysis frameworks such as ASan. */ #undef MBEDTLS_MEMORY_BUFFER_ALLOC_C + +// This macro is enabled in TFM Medium but is disabled here because it is +// incompatible with baremetal builds in Mbed TLS. +#undef MBEDTLS_PSA_CRYPTO_STORAGE_C + +// This macro is enabled in TFM Medium but is disabled here because it is +// incompatible with baremetal builds in Mbed TLS. +#undef MBEDTLS_ENTROPY_NV_SEED + +// These platform-related TF-M settings are not useful here. +#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#undef MBEDTLS_PLATFORM_STD_MEM_HDR +#undef MBEDTLS_PLATFORM_SNPRINTF_MACRO +#undef MBEDTLS_PLATFORM_PRINTF_ALT +#undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS +#undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE + +// We expect TF-M to pick this up soon +#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + +/*********************************************************************** + * Local changes to crypto config below this delimiter + **********************************************************************/ + +/* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro + * (commented-out above) has been replaced with the following new macros: */ +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */ + +/* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */ +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 // Not supported diff --git a/configs/ext/crypto_config_profile_medium.h b/configs/ext/crypto_config_profile_medium.h index 682835a064..63ed4701de 100644 --- a/configs/ext/crypto_config_profile_medium.h +++ b/configs/ext/crypto_config_profile_medium.h @@ -50,7 +50,7 @@ //#define PSA_WANT_ALG_CFB 1 //#define PSA_WANT_ALG_CHACHA20_POLY1305 1 //#define PSA_WANT_ALG_CTR 1 -#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 +//#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 //#define PSA_WANT_ALG_ECB_NO_PADDING 1 #define PSA_WANT_ALG_ECDH 1 #define PSA_WANT_ALG_ECDSA 1 @@ -105,33 +105,27 @@ //#define PSA_WANT_KEY_TYPE_CAMELLIA 1 //#define PSA_WANT_KEY_TYPE_CHACHA20 1 //#define PSA_WANT_KEY_TYPE_DES 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */ +#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_RAW_DATA 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */ +//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + +/* + * The following symbols extend and deprecate the legacy + * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in + * the name's suffix. "_USE" is the most generic and it can be used to describe + * a generic suport, whereas other ones add more features on top of that and + * they are more specific. + */ +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 -#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 -//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 +//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 -/*********************************************************************** - * Local edits below this delimiter - **********************************************************************/ - -/* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro - * (commented-out above) has been replaced with the following new macros: */ -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */ - -/* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */ -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 // Not supported +#ifdef CRYPTO_HW_ACCELERATOR +#include "crypto_accelerator_config.h" +#endif #endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */ diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h index 53243dd938..c435b5957f 100644 --- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/ext/tfm_mbedcrypto_config_profile_medium.h @@ -8,13 +8,29 @@ * memory footprint. */ /* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * Copyright (C) 2006-2023, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PROFILE_M_MBEDTLS_CONFIG_H #define PROFILE_M_MBEDTLS_CONFIG_H +//#include "config_tfm.h" + #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 #endif @@ -80,44 +96,6 @@ * \{ */ -/** - * \def MBEDTLS_MD2_PROCESS_ALT - * - * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you - * alternate core implementation of symmetric crypto or hash function. Keep in - * mind that function prototypes should remain the same. - * - * This replaces only one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will - * no longer provide the mbedtls_sha1_process() function, but it will still provide - * the other function (using your mbedtls_sha1_process() function) and the definition - * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible - * with this definition. - * - * \note Because of a signature change, the core AES encryption and decryption routines are - * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, - * respectively. When setting up alternative implementations, these functions should - * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * must stay untouched. - * - * \note If you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - * - * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use - * constitutes a security risk. If possible, we recommend avoiding - * dependencies on them, and considering stronger message digests - * and ciphers instead. - * - */ -#define MBEDTLS_AES_SETKEY_DEC_ALT -#define MBEDTLS_AES_DECRYPT_ALT - /** * \def MBEDTLS_AES_ROM_TABLES * @@ -171,21 +149,6 @@ */ #define MBEDTLS_ECP_NIST_OPTIM -/** - * \def MBEDTLS_ERROR_STRERROR_DUMMY - * - * Enable a dummy error function to make use of mbedtls_strerror() in - * third party libraries easier when MBEDTLS_ERROR_C is disabled - * (no effect when MBEDTLS_ERROR_C is enabled). - * - * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're - * not using mbedtls_strerror() or error_strerror() in your application. - * - * Disable if you run into name conflicts and want to really remove the - * mbedtls_strerror() - */ -#define MBEDTLS_ERROR_STRERROR_DUMMY - /** * \def MBEDTLS_NO_PLATFORM_ENTROPY * @@ -223,26 +186,7 @@ * \note The entropy collector will write to the seed file before entropy is * given to an external source, to update it. */ -// This macro is enabled in TFM Medium but is disabled here because it is -// incompatible with baremetal builds in Mbed TLS. -//#define MBEDTLS_ENTROPY_NV_SEED - -/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - * - * Enable key identifiers that encode a key owner identifier. - * - * This is only meaningful when building the library as part of a - * multi-client service. When you activate this option, you must provide an - * implementation of the type mbedtls_key_owner_id_t and a translation from - * mbedtls_svc_key_id_t to file name in all the storage backends that you - * you wish to support. - * - * Note that while this define has been removed from TF-M's copy of this config - * file, TF-M still passes this option to Mbed TLS during the build via CMake. - * Therefore we keep it in our copy. See discussion on PR #7426 for more info. - * - */ -#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +#define MBEDTLS_ENTROPY_NV_SEED /** * \def MBEDTLS_PSA_CRYPTO_SPM @@ -326,26 +270,21 @@ #define MBEDTLS_AES_C /** - * \def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH * - * Remove decryption operation for AES, ARIA and Camellia block cipher. + * Use only 128-bit keys in AES operations to save ROM. * - * \note This feature is incompatible with insecure block cipher, - * MBEDTLS_DES_C, and cipher modes which always require decryption - * operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and - * MBEDTLS_NIST_KW_C. When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, - * this feature is incompatible with following supported PSA equivalence, - * PSA_WANT_ALG_ECB_NO_PADDING, PSA_WANT_ALG_CBC_NO_PADDING, - * PSA_WANT_ALG_CBC_PKCS7 and PSA_WANT_KEY_TYPE_DES. + * Uncomment this macro to remove support for AES operations that use 192- + * or 256-bit keys. + * + * Uncommenting this macro reduces the size of AES code by ~300 bytes + * on v8-M/Thumb2. * * Module: library/aes.c - * library/aesce.c - * library/aesni.c - * library/aria.c - * library/camellia.c - * library/cipher.c + * + * Requires: MBEDTLS_AES_C */ -#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT +#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH /** * \def MBEDTLS_CIPHER_C @@ -388,18 +327,6 @@ */ #define MBEDTLS_ENTROPY_C -/** - * \def MBEDTLS_ERROR_C - * - * Enable error code to error string conversion. - * - * Module: library/error.c - * Caller: - * - * This module enables mbedtls_strerror(). - */ -#define MBEDTLS_ERROR_C - /** * \def MBEDTLS_HKDF_C * @@ -413,40 +340,7 @@ * This module adds support for the Hashed Message Authentication Code * (HMAC)-based key derivation function (HKDF). */ -#define MBEDTLS_HKDF_C /* Used for HUK deriviation */ - -/** - * \def MBEDTLS_MD_C - * - * Enable the generic layer for message digest (hashing) and HMAC. - * - * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, - * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, - * MBEDTLS_SHA512_C, or MBEDTLS_PSA_CRYPTO_C with at least - * one hash. - * Module: library/md.c - * Caller: library/constant_time.c - * library/ecdsa.c - * library/ecjpake.c - * library/hkdf.c - * library/hmac_drbg.c - * library/pk.c - * library/pkcs5.c - * library/pkcs12.c - * library/psa_crypto_ecp.c - * library/psa_crypto_rsa.c - * library/rsa.c - * library/ssl_cookie.c - * library/ssl_msg.c - * library/ssl_tls.c - * library/x509.c - * library/x509_crt.c - * library/x509write_crt.c - * library/x509write_csr.c - * - * Uncomment to enable generic message digest wrappers. - */ -#define MBEDTLS_MD_C +//#define MBEDTLS_HKDF_C /* Used for HUK deriviation */ /** * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C @@ -484,6 +378,15 @@ */ #define MBEDTLS_PLATFORM_C +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#define MBEDTLS_PLATFORM_STD_MEM_HDR + +#include + +#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf +#define MBEDTLS_PLATFORM_PRINTF_ALT +#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /** * \def MBEDTLS_PSA_CRYPTO_C @@ -508,9 +411,7 @@ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of * the PSA ITS interface */ -// This macro is enabled in TFM Medium but is disabled here because it is -// incompatible with baremetal builds in Mbed TLS. -//#define MBEDTLS_PSA_CRYPTO_STORAGE_C +#define MBEDTLS_PSA_CRYPTO_STORAGE_C /* \} name SECTION: mbed TLS modules */ @@ -614,6 +515,47 @@ /* ECP options */ #define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Disable fixed-point speed-up */ +/** + * Uncomment to enable p256-m. This is an alternative implementation of + * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. + * Compared to the default implementation: + * + * - p256-m has a much smaller code size and RAM footprint. + * - p256-m is only available via the PSA API. This includes the pk module + * when #MBEDTLS_USE_PSA_CRYPTO is enabled. + * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols + * over the core arithmetic, or deterministic derivation of keys. + * + * We recommend enabling this option if your application uses the PSA API + * and the only elliptic curve support it needs is ECDH and ECDSA over + * SECP256R1. + * + * If you enable this option, you do not need to enable any ECC-related + * MBEDTLS_xxx option. You do need to separately request support for the + * cryptographic mechanisms through the PSA API: + * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based + * configuration; + * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS; + * - #PSA_WANT_ECC_SECP_R1_256; + * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; + * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. + * + * \note To benefit from the smaller code size of p256-m, make sure that you + * do not enable any ECC-related option not supported by p256-m: this + * would cause the built-in ECC implementation to be built as well, in + * order to provide the required option. + * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than + * SECP256R1 are disabled as they are not supported by this driver. + * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or + * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of + * the built-in ECC implementation, see docs/driver-only-builds.md. + */ +#define MBEDTLS_PSA_P256M_DRIVER_ENABLED + /* \} name SECTION: Customisation configuration options */ #if CRYPTO_NV_SEED @@ -621,7 +563,7 @@ #endif /* CRYPTO_NV_SEED */ #if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED) -#include "mbedtls_entropy_nv_seed_config.h" +//#include "mbedtls_entropy_nv_seed_config.h" #endif #ifdef CRYPTO_HW_ACCELERATOR From 605f03cb766dd21ea8d4096e32c1e70cb86d559f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 28 Nov 2023 12:46:39 +0100 Subject: [PATCH 089/653] pkwrite: reorganize code This commits just moves code around. The goal is to group together functions by guards and functionality: - RSA, EC, Opaque - internal VS public Signed-off-by: Valerio Setti --- library/pkwrite.c | 606 +++++++++++++++++++++++----------------------- 1 file changed, 302 insertions(+), 304 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 20961df2bc..30008b992d 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -18,9 +18,6 @@ #include -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" -#endif #if defined(MBEDTLS_ECP_C) #include "mbedtls/bignum.h" #include "mbedtls/ecp.h" @@ -32,9 +29,6 @@ #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pkwrite.h" #endif -#if defined(MBEDTLS_ECDSA_C) -#include "mbedtls/ecdsa.h" -#endif #if defined(MBEDTLS_PEM_WRITE_C) #include "mbedtls/pem.h" #endif @@ -45,62 +39,9 @@ #endif #include "mbedtls/platform.h" -/* Helper for Montgomery curves */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) -#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) -static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) -{ - mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk); - -#if defined(MBEDTLS_ECP_HAVE_CURVE25519) - if (id == MBEDTLS_ECP_DP_CURVE25519) { - return 1; - } -#endif -#if defined(MBEDTLS_ECP_HAVE_CURVE448) - if (id == MBEDTLS_ECP_DP_CURVE448) { - return 1; - } -#endif - return 0; -} - -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PEM_WRITE_C) -/* It is assumed that the input key is opaque */ -static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) -{ - psa_ecc_family_t ec_family = 0; - psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; - - if (psa_get_key_attributes(pk->priv_id, &key_attrs) != PSA_SUCCESS) { - return 0; - } - ec_family = PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(&key_attrs)); - psa_reset_key_attributes(&key_attrs); - - return ec_family; -} -#endif /* MBETLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C */ -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/* It is assumed that the input key is opaque */ -static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) -{ - psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t opaque_key_type; - - if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { - return 0; - } - opaque_key_type = psa_get_key_type(&opaque_attrs); - psa_reset_key_attributes(&opaque_attrs); - - return opaque_key_type; -} -#endif /* MBETLS_USE_PSA_CRYPTO */ - +/****************************************************************************** + * Internal functions for RSA keys. + ******************************************************************************/ #if defined(MBEDTLS_RSA_C) /* * RSAPublicKey ::= SEQUENCE { @@ -145,8 +86,119 @@ end_of_export: return (int) len; } + +static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, + const mbedtls_pk_context *pk) +{ + size_t len = 0; + int ret; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; + size_t tmp_len = 0; + + if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + *p -= tmp_len; + memcpy(*p, tmp, tmp_len); + len += tmp_len; + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + { + mbedtls_mpi T; /* Temporary holding the exported parameters */ + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); + + /* + * Export the parameters one after another to avoid simultaneous copies. + */ + + mbedtls_mpi_init(&T); + + /* Export QP */ + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export DQ */ + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export DP */ + if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export Q */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, + &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export P */ + if ((ret = mbedtls_rsa_export(rsa, NULL, &T, + NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export D */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, + NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export E */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, + NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export N */ + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, + NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { + goto end_of_export; + } + len += ret; + +end_of_export: + + mbedtls_mpi_free(&T); + if (ret < 0) { + return ret; + } + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, + buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + } + + return (int) len; +} #endif /* MBEDTLS_RSA_C */ +/****************************************************************************** + * Internal functions for EC keys. + ******************************************************************************/ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, @@ -215,28 +267,6 @@ static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -/* - * ECParameters ::= CHOICE { - * namedCurve OBJECT IDENTIFIER - * } - */ -static int pk_write_ec_param(unsigned char **p, unsigned char *start, - mbedtls_ecp_group_id grp_id) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - const char *oid; - size_t oid_len; - - if ((ret = mbedtls_oid_get_oid_by_ec_grp(grp_id, &oid, &oid_len)) != 0) { - return ret; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); - - return (int) len; -} - /* * privateKey OCTET STRING -- always of length ceil(log2(n)/8) */ @@ -305,9 +335,174 @@ exit: return ret; } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + +/* + * ECParameters ::= CHOICE { + * namedCurve OBJECT IDENTIFIER + * } + */ +static int pk_write_ec_param(unsigned char **p, unsigned char *start, + mbedtls_ecp_group_id grp_id) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len = 0; + const char *oid; + size_t oid_len; + + if ((ret = mbedtls_oid_get_oid_by_ec_grp(grp_id, &oid, &oid_len)) != 0) { + return ret; + } + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); + + return (int) len; +} + +#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) +{ + mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk); + +#if defined(MBEDTLS_ECP_HAVE_CURVE25519) + if (id == MBEDTLS_ECP_DP_CURVE25519) { + return 1; + } +#endif +#if defined(MBEDTLS_ECP_HAVE_CURVE448) + if (id == MBEDTLS_ECP_DP_CURVE448) { + return 1; + } +#endif + return 0; +} + +/* + * RFC8410 section 7 + * + * OneAsymmetricKey ::= SEQUENCE { + * version Version, + * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, + * privateKey PrivateKey, + * attributes [0] IMPLICIT Attributes OPTIONAL, + * ..., + * [[2: publicKey [1] IMPLICIT PublicKey OPTIONAL ]], + * ... + * } + * ... + * CurvePrivateKey ::= OCTET STRING + */ +static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, + const mbedtls_pk_context *pk) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len = 0; + size_t oid_len = 0; + const char *oid; + mbedtls_ecp_group_id grp_id; + + /* privateKey */ + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING)); + + grp_id = mbedtls_pk_get_group_id(pk); + /* privateKeyAlgorithm */ + if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { + return ret; + } + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0)); + + /* version */ + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0)); + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + return (int) len; +} +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ + +/* + * RFC 5915, or SEC1 Appendix C.4 + * + * ECPrivateKey ::= SEQUENCE { + * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + * privateKey OCTET STRING, + * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, + * publicKey [1] BIT STRING OPTIONAL + * } + */ +static int pk_write_ec_der(unsigned char **p, unsigned char *buf, + const mbedtls_pk_context *pk) +{ + size_t len = 0; + int ret; + size_t pub_len = 0, par_len = 0; + mbedtls_ecp_group_id grp_id; + + /* publicKey */ + MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(p, buf, pk)); + + if (*p - buf < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + (*p)--; + **p = 0; + pub_len += 1; + + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING)); + + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 1)); + len += pub_len; + + /* parameters */ + grp_id = mbedtls_pk_get_group_id(pk); + MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id)); + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len)); + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 0)); + len += par_len; + + /* privateKey */ + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); + + /* version */ + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 1)); + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + return (int) len; +} #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +/****************************************************************************** + * Internal functions for Opaque keys. + ******************************************************************************/ #if defined(MBEDTLS_USE_PSA_CRYPTO) +/* It is assumed that the input key is opaque */ +static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) +{ + psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t opaque_key_type; + + if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { + return 0; + } + opaque_key_type = psa_get_key_type(&opaque_attrs); + psa_reset_key_attributes(&opaque_attrs); + + return opaque_key_type; +} + static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) { @@ -329,8 +524,28 @@ static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, return (int) len; } + +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(MBEDTLS_PEM_WRITE_C) +/* It is assumed that the input key is opaque */ +static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) +{ + psa_ecc_family_t ec_family = 0; + psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; + + if (psa_get_key_attributes(pk->priv_id, &key_attrs) != PSA_SUCCESS) { + return 0; + } + ec_family = PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(&key_attrs)); + psa_reset_key_attributes(&key_attrs); + + return ec_family; +} +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ +/****************************************************************************** + * Public functions for writing private/public DER keys. + ******************************************************************************/ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *key) { @@ -453,226 +668,6 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu return (int) len; } -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) -#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) -/* - * RFC8410 section 7 - * - * OneAsymmetricKey ::= SEQUENCE { - * version Version, - * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, - * privateKey PrivateKey, - * attributes [0] IMPLICIT Attributes OPTIONAL, - * ..., - * [[2: publicKey [1] IMPLICIT PublicKey OPTIONAL ]], - * ... - * } - * ... - * CurvePrivateKey ::= OCTET STRING - */ -static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, - const mbedtls_pk_context *pk) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - size_t oid_len = 0; - const char *oid; - mbedtls_ecp_group_id grp_id; - - /* privateKey */ - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING)); - - grp_id = mbedtls_pk_get_group_id(pk); - /* privateKeyAlgorithm */ - if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { - return ret; - } - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0)); - - /* version */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ - -/* - * RFC 5915, or SEC1 Appendix C.4 - * - * ECPrivateKey ::= SEQUENCE { - * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), - * privateKey OCTET STRING, - * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, - * publicKey [1] BIT STRING OPTIONAL - * } - */ -static int pk_write_ec_der(unsigned char **p, unsigned char *buf, - const mbedtls_pk_context *pk) -{ - size_t len = 0; - int ret; - size_t pub_len = 0, par_len = 0; - mbedtls_ecp_group_id grp_id; - - /* publicKey */ - MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(p, buf, pk)); - - if (*p - buf < 1) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - (*p)--; - **p = 0; - pub_len += 1; - - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING)); - - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 1)); - len += pub_len; - - /* parameters */ - grp_id = mbedtls_pk_get_group_id(pk); - MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id)); - MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len)); - MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 0)); - len += par_len; - - /* privateKey */ - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); - - /* version */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 1)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ - -#if defined(MBEDTLS_RSA_C) -static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, - const mbedtls_pk_context *pk) -{ - size_t len = 0; - int ret; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { - uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; - size_t tmp_len = 0; - - if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - *p -= tmp_len; - memcpy(*p, tmp, tmp_len); - len += tmp_len; - mbedtls_platform_zeroize(tmp, sizeof(tmp)); - } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { - mbedtls_mpi T; /* Temporary holding the exported parameters */ - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); - - /* - * Export the parameters one after another to avoid simultaneous copies. - */ - - mbedtls_mpi_init(&T); - - /* Export QP */ - if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export DQ */ - if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export DP */ - if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export Q */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, - &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export P */ - if ((ret = mbedtls_rsa_export(rsa, NULL, &T, - NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export D */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, - NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export E */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, - NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export N */ - if ((ret = mbedtls_rsa_export(rsa, &T, NULL, - NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - -end_of_export: - - mbedtls_mpi_free(&T); - if (ret < 0) { - return ret; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, - buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - } - - return (int) len; -} -#endif /* MBEDTLS_RSA_C */ - int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size) { unsigned char *c; @@ -722,6 +717,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } +/****************************************************************************** + * Public functions for wrinting private/public PEM keys. + ******************************************************************************/ #if defined(MBEDTLS_PEM_WRITE_C) #define PUB_DER_MAX_BYTES \ From d5604bacc427542e43e69a7b1400cbb2d7e70363 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 28 Nov 2023 14:10:43 +0100 Subject: [PATCH 090/653] pkwrite: add internal defines for proper key buffer sizes Signed-off-by: Valerio Setti --- library/pkwrite.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 30008b992d..7a9cfedbd5 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -39,6 +39,21 @@ #endif #include "mbedtls/platform.h" +/* Helpers for properly sizing buffers aimed at holding public keys or + * key-pairs based on build symbols. */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +#define PK_MAX_EC_PUBLIC_KEY_SIZE PSA_EXPORT_PUBLIC_KEY_MAX_SIZE +#define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH +#else +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define PK_MAX_EC_PUBLIC_KEY_SIZE PSA_EXPORT_PUBLIC_KEY_MAX_SIZE +#define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH +#else +#define PK_MAX_EC_PUBLIC_KEY_SIZE MBEDTLS_ECP_MAX_PT_LEN +#define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_ECP_MAX_BYTES +#endif +#endif + /****************************************************************************** * Internal functions for RSA keys. ******************************************************************************/ @@ -205,7 +220,7 @@ static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) { size_t len = 0; - uint8_t buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + uint8_t buf[PK_MAX_EC_PUBLIC_KEY_SIZE]; if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) { @@ -230,11 +245,7 @@ static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) { size_t len = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - uint8_t buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; -#else - unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + unsigned char buf[PK_MAX_EC_PUBLIC_KEY_SIZE]; mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -276,7 +287,7 @@ static int pk_write_ec_private(unsigned char **p, unsigned char *start, { size_t byte_length; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + unsigned char tmp[PK_MAX_EC_KEY_PAIR_SIZE]; psa_status_t status; if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { @@ -304,14 +315,10 @@ static int pk_write_ec_private(unsigned char **p, unsigned char *start, { size_t byte_length; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; - psa_status_t status; -#else - unsigned char tmp[MBEDTLS_ECP_MAX_BYTES]; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + unsigned char tmp[PK_MAX_EC_KEY_PAIR_SIZE]; #if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); if (status != PSA_SUCCESS) { From 410ad44725ebd85a84fd3b8a2db0f69519e596cf Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 28 Nov 2023 13:42:17 +0000 Subject: [PATCH 091/653] Disable hw AES on Arm for IAR Signed-off-by: Dave Rodgman --- library/aesce.c | 2 +- library/aesce.h | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index e1e0a15a37..279c5a2800 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -45,7 +45,7 @@ #include "aesce.h" -#if defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(__ARM_NEON) +#if defined(MBEDTLS_AESCE_HAVE_CODE) /* Compiler version checks. */ #if defined(__clang__) diff --git a/library/aesce.h b/library/aesce.h index cf12d7f8d1..e2bf58a311 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -15,12 +15,17 @@ #define MBEDTLS_AESCE_H #include "mbedtls/build_info.h" +#include "common.h" #include "mbedtls/aes.h" -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(__ARM_NEON) +#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(__ARM_NEON) \ + && (defined(MBEDTLS_COMPILER_IS_GCC) || defined(__clang__) || defined(MSC_VER)) +/* MBEDTLS_AESCE_HAVE_CODE is defined if we have a suitable target platform, and a + * potentially suitable compiler (compiler version & flags are not checked when defining + * this). */ #define MBEDTLS_AESCE_HAVE_CODE #ifdef __cplusplus @@ -121,9 +126,10 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk, #else #if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && defined(MBEDTLS_ARCH_IS_ARMV8_A) -#error "AES hardware acceleration not supported on this platform" +#error "AES hardware acceleration not supported on this platform / compiler" #endif -#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARMV8_A && __ARM_NEON */ +#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARMV8_A && __ARM_NEON && + (MBEDTLS_COMPILER_IS_GCC || __clang__ || MSC_VER) */ #endif /* MBEDTLS_AESCE_H */ From bcd305913fb9faf985197bf2cc5d871d5ad1ff28 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 28 Nov 2023 16:27:55 +0100 Subject: [PATCH 092/653] pk: move functions to verify RFC8410 group ID to pk_internal Signed-off-by: Valerio Setti --- library/pk_internal.h | 10 ++++++++++ library/pkparse.c | 6 ------ library/pkwrite.c | 17 ----------------- 3 files changed, 10 insertions(+), 23 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index ae329554bc..ece2f82b7b 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -119,6 +119,16 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont #if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(MBEDTLS_ECP_HAVE_CURVE448) #define MBEDTLS_PK_HAVE_RFC8410_CURVES #endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */ + +#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ + ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) + +static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) +{ + mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk); + + return MBEDTLS_PK_IS_RFC8410_GROUP_ID(id); +} #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /* Helper for (deterministic) ECDSA */ diff --git a/library/pkparse.c b/library/pkparse.c index 608c85480d..0b5de8db3d 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -863,12 +863,6 @@ static int pk_get_pk_alg(unsigned char **p, return 0; } -/* Helper for Montgomery curves */ -#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) -#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ - ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ - /* * SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, diff --git a/library/pkwrite.c b/library/pkwrite.c index 7a9cfedbd5..468df14663 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -366,23 +366,6 @@ static int pk_write_ec_param(unsigned char **p, unsigned char *start, } #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) -static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) -{ - mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk); - -#if defined(MBEDTLS_ECP_HAVE_CURVE25519) - if (id == MBEDTLS_ECP_DP_CURVE25519) { - return 1; - } -#endif -#if defined(MBEDTLS_ECP_HAVE_CURVE448) - if (id == MBEDTLS_ECP_DP_CURVE448) { - return 1; - } -#endif - return 0; -} - /* * RFC8410 section 7 * From 677285a2998289d59ba264c77918e863f988fb1a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Nov 2023 16:45:50 +0100 Subject: [PATCH 093/653] Clarify "functions that facilitate the transition" Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index fabac9c85a..b25f8b2580 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -50,7 +50,7 @@ Then use the [summary of API modules](#summary-of-api-modules), the table of con To make the PSA API available, make sure that the configuration option [`MBEDTLS_PSA_CRYPTO_C`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#c.MBEDTLS_PSA_CRYPTO_C) is enabled (it is enabled in the default configuration). -You should probably enable [`MBEDTLS_USE_PSA_CRYPTO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a70fd7b97d5f11170546583f2095942a6) as well (it is disabled by default). This option causes the PK, X.509 and TLS modules to use PSA crypto under the hood. Some functions that facilitate the transition are only available when `MBEDTLS_USE_PSA_CRYPTO` is enabled. +You should probably enable [`MBEDTLS_USE_PSA_CRYPTO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a70fd7b97d5f11170546583f2095942a6) as well (it is disabled by default). This option causes the PK, X.509 and TLS modules to use PSA crypto under the hood. Some functions that facilitate the transition (for example, to convert between metadata encodings or between key representations) are only available when `MBEDTLS_USE_PSA_CRYPTO` is enabled. By default, the PSA crypto API offers a similar set of cryptographic mechanisms as those offered by the legacy API. The PSA crypto API also has its own configuration mechanism; see “[Cryptographic mechanism availability](#cryptographic-mechanism-availability)”. From 82d7a875ff53578e74c0703ef623f63ad7ee37e1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 28 Nov 2023 10:06:33 +0000 Subject: [PATCH 094/653] Update tests to refer to our tf-m config wrapper Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e15fb2afb9..177736a51a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4123,8 +4123,10 @@ support_build_tfm_armcc () { component_build_tfm_armcc() { # test the TF-M configuration can build cleanly with various warning flags enabled - cp configs/ext/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" - cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" + cp configs/config-tfm.h "$CONFIG_H" + + # MBEDTLS_NO_PLATFORM_ENTROPY is needed as we are building for baremetal + ./scripts/config.py --force set MBEDTLS_NO_PLATFORM_ENTROPY msg "build: TF-M config, armclang armv7-m thumb2" armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe" @@ -4136,8 +4138,7 @@ component_build_tfm() { # TF-M configuration needs a TF-M platform. A tweaked version of # the configuration that works on mainstream platforms is in # configs/config-tfm.h, tested via test-ref-configs.pl. - cp configs/ext/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" - cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" + cp configs/config-tfm.h "$CONFIG_H" msg "build: TF-M config, clang, armv7-m thumb2" make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe" From c89f7817e174dc7c3fbcf113c0d90dfb86658771 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 28 Nov 2023 13:55:20 +0000 Subject: [PATCH 095/653] Use common license header Signed-off-by: Dave Rodgman --- .../ext/tfm_mbedcrypto_config_profile_medium.h | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h index c435b5957f..beebddf5af 100644 --- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/ext/tfm_mbedcrypto_config_profile_medium.h @@ -8,22 +8,8 @@ * memory footprint. */ /* - * Copyright (C) 2006-2023, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PROFILE_M_MBEDTLS_CONFIG_H From 5403cb340ab348af7e7c1219cb968f7ee83f0f67 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Nov 2023 18:03:03 +0100 Subject: [PATCH 096/653] typos Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index b25f8b2580..70a92c4831 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -587,11 +587,11 @@ Applications currently using `mbedtls_pkcs5_pbkdf2_hmac` or `mbedtls_pkcs5_pbkdf If you want to verify the output against an expected value (for authentication, rather than to derive key material), call `psa_key_derivation_verify_bytes` or `psa_key_derivation_verify_key` instead of `psa_key_derivation_output_bytes`. 6. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object. -The function `mbedtls_pkcs5_pbes2` is only inteded as a support function to parse encrypted private keys in the PK module. It has no PSA equivalent. +The function `mbedtls_pkcs5_pbes2` is only intended as a support function to parse encrypted private keys in the PK module. It has no PSA equivalent. ### PKCS#12 module -The functions `mbedtls_pkcs12_derivation` and `mbedtls_pkcs12_pbes2` are only intended as supports function to parse encrypted private keys in the PK module. They have no PSA equivalent. +The functions `mbedtls_pkcs12_derivation` and `mbedtls_pkcs12_pbes2` are only intended as support functions to parse encrypted private keys in the PK module. They have no PSA equivalent. ## Random generation From 601d3a0bd736531129453b2195cd9dd902696eb4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Nov 2023 18:03:16 +0100 Subject: [PATCH 097/653] Add links to newly added functions Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 70a92c4831..9e4f4b5c6b 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -584,7 +584,7 @@ Applications currently using `mbedtls_pkcs5_pbkdf2_hmac` or `mbedtls_pkcs5_pbkdf 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the password. 5. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks. Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key. - If you want to verify the output against an expected value (for authentication, rather than to derive key material), call `psa_key_derivation_verify_bytes` or `psa_key_derivation_verify_key` instead of `psa_key_derivation_output_bytes`. + If you want to verify the output against an expected value (for authentication, rather than to derive key material), call [`psa_key_derivation_verify_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gaf01520beb7ba932143ffe733b0795b08) or [`psa_key_derivation_verify_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac041714e34a94742e8ee006ac7dfea5a) instead of `psa_key_derivation_output_bytes`. 6. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object. The function `mbedtls_pkcs5_pbes2` is only intended as a support function to parse encrypted private keys in the PK module. It has no PSA equivalent. From d372da6201a7d7b04e9b595bbe638df9c9b3e7ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Nov 2023 18:03:53 +0100 Subject: [PATCH 098/653] Expand on the removal of RNG boilerplate Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 9e4f4b5c6b..c840b0307f 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -597,7 +597,7 @@ The functions `mbedtls_pkcs12_derivation` and `mbedtls_pkcs12_pbes2` are only in ### Random generation interface -The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually, so most applications using PSA crypto do not need the interfaces from `entropy.h`, `ctr_drbg.` and `hmac_drbg.h`. +The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually, so most applications using PSA crypto do not need the interfaces from `entropy.h`, `ctr_drbg.` and `hmac_drbg.h`. See the next sections for remaining use cases for [entropy](#entropy-sources) and [DRBG](#deterministic-pseudorandom-generation). The PSA API uses its internal random generator to generate keys (`psa_generate_key`), nonces for encryption (`psa_cipher_generate_iv`, `psa_cipher_encrypt`, `psa_aead_generate_nonce`, `psa_aead_encrypt`, `psa_asymmetric_encrypt`), and other random material as needed. If you need random data for some other purposes, call [`psa_generate_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). @@ -606,6 +606,8 @@ If your application mixes uses of the PSA crypto API and the mbedtls API and you * [`mbedtls_psa_get_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#_CPPv422mbedtls_psa_get_randomPvPh6size_t) as the `f_rng` argument; * [`MBEDTLS_PSA_RANDOM_STATE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#c.MBEDTLS_PSA_RANDOM_STATE) as the `p_rng` argument. +You can remove the Mbed TLS RNG boilerplate (`mbedtls_entropy_init`, `mbedtls_ctr_drbg_init`, `mbedtls_ctr_drbg_seed`, `mbedtls_ctr_drbg_random`, `mbedtls_ctr_drbg_free`, `mbedtls_entropy_free` — or `hmac_drbg` equivalents of the `ctr_drbg` functions) once you have finished replacing the references to `mbedtls_ctr_drbg_random` (or `mbedtls_hmac_drbg_random`) by `mbedtls_psa_get_random`. + ### Entropy sources Unless explicitly configured otherwise, the PSA random generator uses the default entropy sources configured through the legacy interface (`MBEDTLS_ENTROPY_xxx` symbols). Its set of sources is equivalent to an entropy object configured with `mbedtls_entropy_init`. From d33f7a8c722a9ca4c1338230d51ed5213a29c8bb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 29 Nov 2023 15:09:21 +0800 Subject: [PATCH 099/653] improve document Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e69b091f30..db6140eb0a 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2794,8 +2794,8 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) * * early transform is set after server finished in this section. But * it breaks our key computation, so we put early transform computation - * at the end of client hello. For time being, I am not sure the benifit - * for moving computation here. + * at the end of client hello. For the time being, I am not sure the + * benifit for moving computation here. */ MBEDTLS_SSL_DEBUG_MSG( 1, ("Switch to early keys for inbound traffic. " @@ -2911,7 +2911,7 @@ static int ssl_tls13_process_wait_eoed(mbedtls_ssl_context *ssl) /* * Output early data * - * For time being, we print received data via debug message. + * For the time being, we print received data via debug message. * * TODO: Remove it when `mbedtls_ssl_read_early_data` is ready. */ From f9362b7324b1e4e4e6eb7a71420a68ae599d108b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 29 Nov 2023 08:42:27 +0100 Subject: [PATCH 100/653] pk_internal: small renaming for mbedtls_pk_get_group_id() Signed-off-by: Valerio Setti --- library/pk_internal.h | 4 ++-- library/pkwrite.c | 8 ++++---- library/ssl_tls.c | 2 +- library/ssl_tls12_client.c | 2 +- library/ssl_tls12_server.c | 4 ++-- library/x509_crt.c | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index ece2f82b7b..81807f1338 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -85,7 +85,7 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) -static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_context *pk) +static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_context *pk) { mbedtls_ecp_group_id id; @@ -125,7 +125,7 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) { - mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk); + mbedtls_ecp_group_id id = mbedtls_pk_get_ec_group_id(pk); return MBEDTLS_PK_IS_RFC8410_GROUP_ID(id); } diff --git a/library/pkwrite.c b/library/pkwrite.c index 468df14663..2ef723f153 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -395,7 +395,7 @@ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING)); - grp_id = mbedtls_pk_get_group_id(pk); + grp_id = mbedtls_pk_get_ec_group_id(pk); /* privateKeyAlgorithm */ if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { return ret; @@ -452,7 +452,7 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf, len += pub_len; /* parameters */ - grp_id = mbedtls_pk_get_group_id(pk); + grp_id = mbedtls_pk_get_ec_group_id(pk); MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id)); MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len)); MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf, @@ -600,7 +600,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu pk_type = mbedtls_pk_get_type(key); #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_type == MBEDTLS_PK_ECKEY) { - ec_grp_id = mbedtls_pk_get_group_id(key); + ec_grp_id = mbedtls_pk_get_ec_group_id(key); } #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -609,7 +609,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { pk_type = MBEDTLS_PK_ECKEY; - ec_grp_id = mbedtls_pk_get_group_id(key); + ec_grp_id = mbedtls_pk_get_ec_group_id(key); } else #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b163e93c25..138c7f48ad 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7422,7 +7422,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, /* and in the unlikely case the above assumption no longer holds * we are making sure that pk_ec() here does not return a NULL */ - mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk); + mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(pk); if (grp_id == MBEDTLS_ECP_DP_NONE) { MBEDTLS_SSL_DEBUG_MSG(1, ("invalid group ID")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 9aa46bd154..7f1ddaf006 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2016,7 +2016,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) uint16_t tls_id = 0; psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(peer_pk); + mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk); if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b007e5c66e..54e1cd4f78 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -664,7 +664,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk, uint16_t *curves_tls_id) { uint16_t *curr_tls_id = curves_tls_id; - mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk); + mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(pk); mbedtls_ecp_group_id curr_grp_id; while (*curr_tls_id != 0) { @@ -2651,7 +2651,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: key = mbedtls_pk_ec_rw(*pk); - grp_id = mbedtls_pk_get_group_id(pk); + grp_id = mbedtls_pk_get_ec_group_id(pk); if (grp_id == MBEDTLS_ECP_DP_NONE) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } diff --git a/library/x509_crt.c b/library/x509_crt.c index f41eb47d72..0c3e3fa609 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -222,7 +222,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, if (pk_alg == MBEDTLS_PK_ECDSA || pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { - const mbedtls_ecp_group_id gid = mbedtls_pk_get_group_id(pk); + const mbedtls_ecp_group_id gid = mbedtls_pk_get_ec_group_id(pk); if (gid == MBEDTLS_ECP_DP_NONE) { return -1; From 2d9b7d491af6560ba7db0ed6a39b7c256d322a2e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 29 Nov 2023 09:42:44 +0000 Subject: [PATCH 101/653] Remove references to 3.4 Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index d987b63313..a21d041cdd 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -51,18 +51,3 @@ /*********************************************************************** * Local changes to crypto config below this delimiter **********************************************************************/ - -/* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro - * (commented-out above) has been replaced with the following new macros: */ -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */ - -/* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */ -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 // Not supported From e4cf9b6f95264784d5b768d63bbb63c6fb74601f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 29 Nov 2023 09:43:20 +0000 Subject: [PATCH 102/653] Move MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to correct section Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index a21d041cdd..1925cdcb2b 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -45,9 +45,9 @@ #undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS #undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE -// We expect TF-M to pick this up soon -#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - /*********************************************************************** * Local changes to crypto config below this delimiter **********************************************************************/ + +// We expect TF-M to pick this up soon +#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT From 51e72456f9dd7bfc3a4eee53de046f4390a3d83b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 29 Nov 2023 09:44:44 +0000 Subject: [PATCH 103/653] Automatically set MBEDTLS_NO_PLATFORM_ENTROPY in TF-M config Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 9 +++++++++ tests/scripts/all.sh | 3 --- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 1925cdcb2b..85b677b4cc 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -45,6 +45,15 @@ #undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS #undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE +/* + * In order to get an example config that works cleanly out-of-the-box + * for both baremetal and non-baremetal builds, we detect baremetal builds + * and set this variable automatically. + */ +#if defined(__IAR_SYSTEMS_ICC__) || defined(__ARM_EABI__) +#define MBEDTLS_NO_PLATFORM_ENTROPY +#endif + /*********************************************************************** * Local changes to crypto config below this delimiter **********************************************************************/ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 177736a51a..036bdceac2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4125,9 +4125,6 @@ component_build_tfm_armcc() { # test the TF-M configuration can build cleanly with various warning flags enabled cp configs/config-tfm.h "$CONFIG_H" - # MBEDTLS_NO_PLATFORM_ENTROPY is needed as we are building for baremetal - ./scripts/config.py --force set MBEDTLS_NO_PLATFORM_ENTROPY - msg "build: TF-M config, armclang armv7-m thumb2" armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe" } From a4f70fe3fe2c7ad55c6b550bc1090d5aedd80946 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 29 Nov 2023 15:05:47 +0100 Subject: [PATCH 104/653] pkwrite: simplify management of opaque keys Signed-off-by: Valerio Setti --- library/pkwrite.c | 160 ++++++++++++---------------------------------- 1 file changed, 41 insertions(+), 119 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 2ef723f153..900a804dc0 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -478,21 +478,6 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf, * Internal functions for Opaque keys. ******************************************************************************/ #if defined(MBEDTLS_USE_PSA_CRYPTO) -/* It is assumed that the input key is opaque */ -static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) -{ - psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t opaque_key_type; - - if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { - return 0; - } - opaque_key_type = psa_get_key_type(&opaque_attrs); - psa_reset_key_attributes(&opaque_attrs); - - return opaque_key_type; -} - static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) { @@ -514,25 +499,41 @@ static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, return (int) len; } - -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(MBEDTLS_PEM_WRITE_C) -/* It is assumed that the input key is opaque */ -static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) -{ - psa_ecc_family_t ec_family = 0; - psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; - - if (psa_get_key_attributes(pk->priv_id, &key_attrs) != PSA_SUCCESS) { - return 0; - } - ec_family = PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(&key_attrs)); - psa_reset_key_attributes(&key_attrs); - - return ec_family; -} -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ +/****************************************************************************** + * Generic helpers + ******************************************************************************/ + +/* Extend the public mbedtls_pk_get_type() by getting key type also in case of + * opaque keys. */ +static mbedtls_pk_type_t pk_get_type_ext(const mbedtls_pk_context *pk) +{ + mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (pk_type == MBEDTLS_PK_OPAQUE) { + psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t opaque_key_type; + + if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { + return MBEDTLS_PK_NONE; + } + opaque_key_type = psa_get_key_type(&opaque_attrs); + psa_reset_key_attributes(&opaque_attrs); + + if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { + return MBEDTLS_PK_ECKEY; + } else if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) { + return MBEDTLS_PK_RSA; + } else { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } + } else +#endif + return pk_type; +} + /****************************************************************************** * Public functions for writing private/public DER keys. ******************************************************************************/ @@ -569,9 +570,6 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu int has_par = 1; size_t len = 0, par_len = 0, oid_len = 0; mbedtls_pk_type_t pk_type; -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; -#endif const char *oid = NULL; if (size == 0) { @@ -597,34 +595,11 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); - pk_type = mbedtls_pk_get_type(key); -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - if (pk_type == MBEDTLS_PK_ECKEY) { - ec_grp_id = mbedtls_pk_get_ec_group_id(key); - } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (pk_type == MBEDTLS_PK_OPAQUE) { - psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { - pk_type = MBEDTLS_PK_ECKEY; - ec_grp_id = mbedtls_pk_get_ec_group_id(key); - } else -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ - if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) { - /* The rest of the function works as for legacy RSA contexts. */ - pk_type = MBEDTLS_PK_RSA; - } - } - /* `pk_type` will have been changed to non-opaque by here if this function can handle it */ - if (pk_type == MBEDTLS_PK_OPAQUE) { - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + pk_type = pk_get_type_ext(key); #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_type == MBEDTLS_PK_ECKEY) { + mbedtls_ecp_group_id ec_grp_id = mbedtls_pk_get_ec_group_id(key); /* Some groups have their own AlgorithmIdentifier OID, others are handled * by mbedtls_oid_get_oid_by_pk_alg() below */ ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec_grp_id, &oid, &oid_len); @@ -661,15 +636,6 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size) { unsigned char *c; -#if defined(MBEDTLS_RSA_C) - int is_rsa_opaque = 0; -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - int is_ec_opaque = 0; -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_type_t opaque_key_type; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (size == 0) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; @@ -677,25 +643,13 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, c = buf + size; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { - opaque_key_type = pk_get_opaque_key_type(key); #if defined(MBEDTLS_RSA_C) - is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_RSA_C) - if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) || is_rsa_opaque) { + if (pk_get_type_ext(key) == MBEDTLS_PK_RSA) { return pk_write_rsa_der(&c, buf, key); } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { + if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (mbedtls_pk_is_rfc8410(key)) { return pk_write_ec_rfc8410_der(&c, buf, key); @@ -756,55 +710,23 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, } const char *begin, *end; size_t olen = 0; -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - int is_ec_opaque = 0; -#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - int is_montgomery_opaque = 0; -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ -#if defined(MBEDTLS_RSA_C) - int is_rsa_opaque = 0; -#endif if ((ret = mbedtls_pk_write_key_der(key, output_buf, PRV_DER_MAX_BYTES)) < 0) { goto cleanup; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { - psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); - #if defined(MBEDTLS_RSA_C) - is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); -#endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); -#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) { - is_montgomery_opaque = 1; - } -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_RSA_C) - if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) || is_rsa_opaque) { + if (pk_get_type_ext(key) == MBEDTLS_PK_RSA) { begin = PEM_BEGIN_PRIVATE_KEY_RSA; end = PEM_END_PRIVATE_KEY_RSA; } else #endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { -#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (is_montgomery_opaque || - ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) && - (mbedtls_pk_is_rfc8410(key)))) { + if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) { + if (mbedtls_pk_is_rfc8410(key)) { begin = PEM_BEGIN_PRIVATE_KEY_PKCS8; end = PEM_END_PRIVATE_KEY_PKCS8; - } else -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ - { + } else { begin = PEM_BEGIN_PRIVATE_KEY_EC; end = PEM_END_PRIVATE_KEY_EC; } From bcc004b549ef6e89a160e5d22aa0a102d6a99264 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 29 Nov 2023 17:16:55 +0100 Subject: [PATCH 105/653] pkwrite: some reshaping for Montgomery keys in mbedtls_pk_write_pubkey_der() Signed-off-by: Valerio Setti --- library/pkwrite.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 900a804dc0..15b8a8d343 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -598,27 +598,24 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu pk_type = pk_get_type_ext(key); #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - if (pk_type == MBEDTLS_PK_ECKEY) { + if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) { mbedtls_ecp_group_id ec_grp_id = mbedtls_pk_get_ec_group_id(key); - /* Some groups have their own AlgorithmIdentifier OID, others are handled - * by mbedtls_oid_get_oid_by_pk_alg() below */ - ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec_grp_id, &oid, &oid_len); - - if (ret == 0) { - /* Currently, none of the supported algorithms that have their own - * AlgorithmIdentifier OID have any parameters */ + if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { + ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec_grp_id, &oid, &oid_len); + if (ret != 0) { + return ret; + } has_par = 0; - } else if (ret == MBEDTLS_ERR_OID_NOT_FOUND) { - MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id)); } else { - return ret; + MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id)); } } #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ + /* At this point oid_len is not null only for EC Montgomery keys. */ if (oid_len == 0) { - if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, - &oid_len)) != 0) { + ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, &oid_len); + if (ret != 0) { return ret; } } From dfe6707fc7a997b98dc10278fd9a07be210cadf4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 29 Nov 2023 21:12:39 +0100 Subject: [PATCH 106/653] Fix typos and make minor style improvements Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 60 +++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index c840b0307f..f3e8996a8e 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -33,8 +33,8 @@ Then use the [summary of API modules](#summary-of-api-modules), the table of con * Mbed TLS APIs are traditionally very transparent: the caller can access internal fields of operations. This is less true in the 3.x major version than before, but still the case to some extent. This offers applications some flexibility, but it removes flexibility from the implementation. For example, it is hard to support hardware acceleration, because the API constrains how the data must be represented. PSA APIs were designed to be more opaque, giving more freedom to the implementation. * Mbed TLS legacy APIs require key material to be present in the application memory. The PSA Crypto API natively supports operations on keys stored in an external [location](https://arm-software.github.io/psa-api/crypto/1.1/api/keys/lifetimes.html#c.psa_key_location_t) (secure enclave, secure element, HSM, etc.). -* PSA APIs have [consistent conventions ](https://arm-software.github.io/psa-api/crypto/1.1/overview/conventions.html#parameter-conventions) which many legacy APIs in Mbed TLS do not follow. For example, many legacy cryptography functions require the caller to know how large an output buffer needs to be based on the selected algorithm, whereas in the PSA API, all buffer arguments have a well-defined size and those sizes are checked. -* Mbed TLS legacy APIs require passing around a random generator argument where needed. This has historically been problematic with functions that were created without a RNG argument but later needed one as part of a security countermeasure. The PSA crypto subsystem maintains a global random generator, resolving this problem. +* PSA APIs have [consistent conventions](https://arm-software.github.io/psa-api/crypto/1.1/overview/conventions.html#parameter-conventions) which many legacy APIs in Mbed TLS do not follow. For example, many legacy cryptography functions require the caller to know how large an output buffer needs to be based on the selected algorithm, whereas in the PSA API, all buffer arguments have a well-defined size and those sizes are checked. +* Mbed TLS legacy APIs require passing around a random generator argument where needed. This has historically been problematic with functions that were created without an RNG argument but later needed one as part of a security countermeasure. The PSA crypto subsystem maintains a global random generator, resolving this problem. ### Migration timeline @@ -48,7 +48,7 @@ Then use the [summary of API modules](#summary-of-api-modules), the table of con ### Configuration of the PSA subsystem -To make the PSA API available, make sure that the configuration option [`MBEDTLS_PSA_CRYPTO_C`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#c.MBEDTLS_PSA_CRYPTO_C) is enabled (it is enabled in the default configuration). +To make the PSA API available, make sure that the configuration option [`MBEDTLS_PSA_CRYPTO_C`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#c.MBEDTLS_PSA_CRYPTO_C) is enabled. (It is enabled in the default configuration.) You should probably enable [`MBEDTLS_USE_PSA_CRYPTO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a70fd7b97d5f11170546583f2095942a6) as well (it is disabled by default). This option causes the PK, X.509 and TLS modules to use PSA crypto under the hood. Some functions that facilitate the transition (for example, to convert between metadata encodings or between key representations) are only available when `MBEDTLS_USE_PSA_CRYPTO` is enabled. @@ -67,11 +67,11 @@ Before any cryptographic operation, call [`psa_crypto_init`](https://mbed-tls.re If you wish to free all resources associated with PSA cryptography, call [`mbedtls_psa_crypto_free`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#_CPPv423mbedtls_psa_crypto_freev). -The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually (no need to create an `mbedtls_entropy_context` and a `mbedtls_xxx_drbg_context`). +The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually (no need to create an `mbedtls_entropy_context` and an `mbedtls_xxx_drbg_context`). ### Error codes -Mbed TLS functions return a status of type `int`: 0 for success (or, occasionally, a positive value which is the output length), or a negative value `MBEDTLS_ERR_xxx` indicating an error. +Mbed TLS functions return a status of type `int`: 0 for success (or occasionally a positive value which is the output length), or a negative value `MBEDTLS_ERR_xxx` indicating an error. PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/#group__error_1ga05676e70ba5c6a7565aff3c36677c1f9): `PSA_SUCCESS == 0` for success, or a negative value [`PSA_ERROR_xxx`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/) indicating an error. @@ -158,12 +158,12 @@ When the configuration option [`MBEDTLS_PSA_CRYPTO_CONFIG`](https://mbed-tls.rea The availability of cryptographic mechanisms in the PSA API is based on a systematic pattern: * To make `PSA_ALG_aaa` available, enable `PSA_WANT_ALG_aaa`. - For parametrized algorithms, there is a `PSA_WANT_` symbols both for the main macro and for each argument. For example, to make `PSA_ALG_HMAC(PSA_ALG_SHA_256)` available, enable both `PSA_WANT_ALG_HMAC` and `PSA_WANT_ALG_SHA_256`. + For parametrized algorithms, there is a `PSA_WANT_` symbol both for the main macro and for each argument. For example, to make `PSA_ALG_HMAC(PSA_ALG_SHA_256)` available, enable both `PSA_WANT_ALG_HMAC` and `PSA_WANT_ALG_SHA_256`. * To make `PSA_KEY_TYPE_ttt` available, enable `PSA_WANT_KEY_TYPE_ttt`. As an exception, starting in Mbed TLS 3.5.0, for key pair types, the feature selection is more fine-grained, with an additional suffix: - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC` enables basic support for the key type, and in particular support for operations with a key of that type for enabled algorithms. This is automatically enabled if any of the other `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy` options is enabled. + * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC` enables basic support for the key type, and in particular support for operations with a key of that type for enabled algorithms. This is automatically enabled if any of the other `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy` options are enabled. * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_IMPORT` enables support for `psa_import_key` to import a key of that type. * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_GENERATE` enables support for `psa_generate_key` to randomly generate a key of that type. * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_DERIVE` enables support for `psa_key_derivation_output_key` to deterministically derive a key of that type. @@ -173,7 +173,7 @@ The availability of cryptographic mechanisms in the PSA API is based on a system * To make `PSA_ECC_FAMILY_fff` available for size sss, enable `PSA_WANT_ECC_fff_sss`. -Note that all `PSA_WANT_xxx` symbols must be set to a nonzero value. In particular, setting `PSA_WANT_xxx` to an empty value may not be handled consistently. +Note that all `PSA_WANT_xxx` symbols must be set to a non-zero value. In particular, setting `PSA_WANT_xxx` to an empty value may not be handled consistently. For example, the following configuration enables hashing with SHA-256, AEAD with AES-GCM, signature with deterministic ECDSA using SHA-256 on the curve secp256r1 using a randomly generated key as well as the corresponding verification, and ECDH key exchange on secp256r1 and Curve25519. @@ -192,7 +192,7 @@ For example, the following configuration enables hashing with SHA-256, AEAD with #define PSA_WANT_ALG_ECDH ``` -If a mechanism is not enabled by `PSA_WANT_xxx`, Mbed TLS will often not include it, to reduce the size of the compiled library. However, this is not guaranteed: a mechanism that is not explicitly requested can be enabled because it is a dependency of another configuration option, because it is used internally, or because the granularity is not fine enough to distinguish between it and another mechanism that is requested. +If a mechanism is not enabled by `PSA_WANT_xxx`, Mbed TLS will normally not include it. This allows builds that use few features to have a small code size. However, this is not guaranteed: a mechanism that is not explicitly requested can be enabled because it is a dependency of another configuration option, because it is used internally, or because the granularity is not fine enough to distinguish between it and another mechanism that is requested. Under the hood, `PSA_WANT_xxx` enables the necessary legacy modules. Note that if a mechanism has a PSA accelerator driver, the corresponding legacy module is typically not needed. Thus applications that use a cryptographic mechanism both through the legacy API and through the PSA API need to explicitly enable both the `PSA_WANT_xxx` symbols and the `MBEDTLS_xxx` symbols. @@ -229,7 +229,7 @@ The PSA API does not have an equivalent to the timing-side-channel-resistance ut Note that the PSA API does include features that reduce the need for `mbedtls_ct_memcmp`: -* To compare a MAC with a reference value, use `psa_mac_verify` rather of `psa_mac_compute` followed by `mbedtls_ct_memcmp`, or use `psa_mac_verify_setup` and `psa_mac_verify_finish` in the multi-part case. See “[MAC calculation](#mac-calculation)”. +* To compare a MAC with a reference value, use `psa_mac_verify` rather than `psa_mac_compute` followed by `mbedtls_ct_memcmp`, or use `psa_mac_verify_setup` and `psa_mac_verify_finish` in the multi-part case. See “[MAC calculation](#mac-calculation)”. * The AEAD decryption functions take care of verifying the tag. See “[Authenticated cipher operations](#authenticated-cipher-operations)”. ## Symmetric encryption @@ -267,7 +267,7 @@ For the Chacha20+Poly1305 AEAD, use [`PSA_KEY_TYPE_CHACHA20`](https://mbed-tls.r ### Cipher mechanism availability -For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a nonzero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a nonzero value if the library is built with support for that algorithm. Note that for a mechanism to be supported, both the key type and the algorithm must be supported. +For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a non-zero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a non-zero value if the library is built with support for that algorithm. Note that for a mechanism to be supported, both the key type and the algorithm must be supported. For example, to test if AES-CBC-PKCS7 is supported, in the legacy API, you could write: ``` @@ -428,7 +428,7 @@ PSA Crypto has a generic API with the same functions for all MAC mechanisms. The ### Hash and MAC mechanism availability -For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a nonzero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a nonzero value if the library is built with support for that algorithm. For a compound mechanism, all parts must be supported. In particular, for HMAC, all three of `PSA_WANT_KEY_TYPE_HMAC`, `PSA_WANT_ALG_HMAC` and the underlying hash must be enabled. (A configuration with only one of `PSA_WANT_KEY_TYPE_HMAC` and `PSA_WANT_ALG_HMAC` is technically possible but not useful.) +For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a non-zero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a non-zero value if the library is built with support for that algorithm. For a compound mechanism, all parts must be supported. In particular, for HMAC, all three of `PSA_WANT_KEY_TYPE_HMAC`, `PSA_WANT_ALG_HMAC` and the underlying hash must be enabled. (A configuration with only one of `PSA_WANT_KEY_TYPE_HMAC` and `PSA_WANT_ALG_HMAC` is technically possible but not useful.) For example, to test if HMAC-SHA-256 is supported, in the legacy API, you could write: ``` @@ -626,7 +626,7 @@ The PSA API supports RSA (see “[RSA mechanism selection](#rsa-mechanism-select In the PSA API, keys are referenced by an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t). (Some documentation references [`mbedtls_svc_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv420mbedtls_svc_key_id_t); the two types are identical except when the library is configured for use in a multi-client cryptography service.) -The PSA key identifier tends to play the same role as a `mbedtls_pk_context`, `mbedtls_rsa_context` or `mbedtls_ecp_keypair` structure in the legacy API; however there are major differences in the way the two APIs can be used to create keys or to obtain information about a key. +The PSA key identifier tends to play the same role as an `mbedtls_pk_context`, `mbedtls_rsa_context` or `mbedtls_ecp_keypair` structure in the legacy API. However, there are major differences in the way the two APIs can be used to create keys or to obtain information about a key. Here is an overview of the lifecycle of a PSA key object. @@ -646,7 +646,7 @@ Here is an overview of the lifecycle of a PSA key object. A key's policy indicates what algorithm(s) it can be used with (usage algorithm policy) and what operations are permitted (usage flags). -The following table lists the relevant usage flags for asymmetric cryptography. You can pass an bitwise-or of those flags to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de). +The following table lists the relevant usage flags for asymmetric cryptography. You can pass those flags (combined with bitwise-or) to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de). | Usage | Flag | | ----- | ---- | @@ -662,7 +662,7 @@ The following table lists the relevant usage flags for asymmetric cryptography. The sections “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” cover the available algorithm values for each key type. Normally, a key can only be used with a single algorithm, following standard good practice. However, there are two ways to relax this requirement. -* Many signature algorithms encode a hash algorithm. Sometimes the same key may need to be used to sign messages with multiple different hashes. In an algorithm policy, you can use [`PSA_ALG_ANY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_ANY_HASH) instead of a hash algorithm value to allow the key to be used with any hash. For example, `psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH))` allows the key to be used with RSASSA-PSS, with different hash algorithhms in each operation. +* Many signature algorithms encode a hash algorithm. Sometimes the same key may need to be used to sign messages with multiple different hashes. In an algorithm policy, you can use [`PSA_ALG_ANY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_ANY_HASH) instead of a hash algorithm value to allow the key to be used with any hash. For example, `psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH))` allows the key to be used with RSASSA-PSS, with different hash algorithms in each operation. * In addition to the algorithm (or wildcard) selected with [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98), you can use [`psa_set_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaffa134b74aa52aa3ed9397fcab4005aa) to permit a second algorithm (or wildcard). This is intended for scenarios where a key is normally used with a single algorithm, but needs to be used with a different algorithm for enrollment (such as an ECDH key for which an ECDSA proof-of-possession is also required). ### Asymmetric cryptographic mechanisms @@ -764,17 +764,17 @@ You can use glue functions in the PK module to create a key object using the leg * Parsing a key in a format with metadata without knowing its type ahead of time. * Importing a key which you have in the form of a list of numbers, rather than the binary encoding required by `psa_import_key`. -* Importing a key with less information than what the PSA API needs, for example an ECC public key in compressed format, an RSA private key without the private exponent, or an RSA private key without the CRT parameters. +* Importing a key with less information than what the PSA API needs, for example an ECC public key in a compressed format, an RSA private key without the private exponent, or an RSA private key without the CRT parameters. * Generating an RSA key with $e \ne 65537$. #### Importing a PK key by wrapping -If you have a PK object, you can call `mbedtls_pk_wrap_as_opaque` to create a PSA key object with the same key material. (This function is only present in builds with `MBEDTLS_USE_PSA_CRYPTO` enabled. It is experimental and [will likely be replaced by a slightly different interface in a future version of Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/7760)) This function automatically determines the PSA key type, and lets you specify the usage policy (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). Once you've called this function, you can destroy the PK object. This function calls `psa_import_key` internally; call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to destroy the PSA key object once your application no longer needs it. Common scenarios where this flow is useful are: +If you have a PK object, you can call `mbedtls_pk_wrap_as_opaque` to create a PSA key object with the same key material. (This function is only present in builds with `MBEDTLS_USE_PSA_CRYPTO` enabled. It is experimental and [will likely be replaced by a slightly different interface in a future version of Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/7760)). This function automatically determines the PSA key type and lets you specify the usage policy (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). Once you've called this function, you can destroy the PK object. This function calls `psa_import_key` internally; call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to destroy the PSA key object once your application no longer needs it. Common scenarios where this flow is useful are: * You have working code that's calling `mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`, `mbedtls_pk_parse_keyfile` or `mbedtls_pk_parse_public_keyfile` to create a PK object. * You have working code that's using the `rsa.h` or `ecp.h` API to create a key object, and there is no PSA equivalent. -You can use this flow to import an RSA key via a `mbedtls_rsa_context` object or an ECC key via a `mbedtls_ecp_keypair` object: +You can use this flow to import an RSA key via an `mbedtls_rsa_context` object or an ECC key via an `mbedtls_ecp_keypair` object: 1. Call `mbedtls_pk_init` then `mbedtls_pk_setup` to set up a PK context for the desired key type (`MBEDTLS_PK_RSA` or `MBEDTLS_PK_ECKEY`). 2. Call `mbedtls_pk_rsa` or `mbedtls_pk_ec` to obtain the underlying low-level context. @@ -901,9 +901,9 @@ There is no equivalent to the type `mbedtls_pk_info_t` and the functions `mbedtl You can call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) to populate a structure with the attributes of a key, then functions such as [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain a key's type (`PSA_KEY_TYPE_xxx` value) and size (nominal size in bits). -The bit-size from `psa_get_key_bits` is the same as the one from `mbedtls_pk_get_bitlen`. To convert to bytes as with `mbedtls_pk_get_len` or `mbedtls_rsa_get_len`, you can use the macro `PSA_BITS_TO_BYTES`; however note that the PSA API has generic macros for each related buffer size (export, signature size, etc.), so you should generally use those instead. The present document lists those macros where it explains the usage of the corresponding function. +The bit-size from `psa_get_key_bits` is the same as the one from `mbedtls_pk_get_bitlen`. To convert to bytes as `mbedtls_pk_get_len` or `mbedtls_rsa_get_len` do, you can use the macro `PSA_BITS_TO_BYTES`. However, note that the PSA API has generic macros for each related buffer size (export, signature size, etc.), so you should generally use those instead. The present document lists those macros where it explains the usage of the corresponding function. -Most uses of `mbedtls_pk_get_type` and `mbedtls_pk_can_do` only require knowing a key's type as reported by [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918). If needed, you can also access a key's policy from its attributes, with [`psa_get_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaa1af20f142ca722222c6d98678a0c448), [`psa_get_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac255da850a00bbed925390044f016b34) and [`psa_get_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga39803b62a97198cf630854db9b53c588). The algorithm policy also conveys the padding and hash information provided by `mbedtls_rsa_get_padding_mode` and `mbedtls_rsa_get_md_alg`. +Most uses of `mbedtls_pk_get_type` and `mbedtls_pk_can_do` only require knowing a key's type as reported by [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918). If needed, you can also access a key's policy from its attributes with [`psa_get_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaa1af20f142ca722222c6d98678a0c448), [`psa_get_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac255da850a00bbed925390044f016b34) and [`psa_get_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga39803b62a97198cf630854db9b53c588). The algorithm policy also conveys the padding and hash information provided by `mbedtls_rsa_get_padding_mode` and `mbedtls_rsa_get_md_alg`. ### Exporting a public key or a key pair @@ -943,9 +943,9 @@ The following subsections describe the PSA signature mechanisms that correspond #### ECDSA signature In the PSA API, **the format of an ECDSA signature is the raw fixed-size format. This is different from the legacy API** which uses the ASN.1 DER format for ECDSA signatures. A future version of Mbed TLS [will provide a way to convert between the two formats](https://github.com/Mbed-TLS/mbedtls/issues/7765). - + -This is the mechanism provided by `mbedtls_pk_sign` and `mbedtls_pk_verify` for ECDSA keys, and by `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext`, `mbedtls_ecdsa_write_signature`, `mbedtls_ecdsa_write_signature` and `mbedtls_ecdsa_verify`, . +This is the mechanism provided by `mbedtls_pk_sign` and `mbedtls_pk_verify` for ECDSA keys, as well as by `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext`, `mbedtls_ecdsa_write_signature`, `mbedtls_ecdsa_write_signature` and `mbedtls_ecdsa_verify`. The PSA API offers three algorithm constructors for ECDSA. They differ only for signature, and have exactly the same behavior for verification. @@ -1033,7 +1033,7 @@ As with the PK API, the mask generation is MGF1, the label is empty, and the sam There is no direct equivalent of the functions `mbedtls_rsa_check_privkey`, `mbedtls_rsa_check_pubkey`,`mbedtls_ecp_check_privkey`, `mbedtls_ecp_check_pubkey`. The PSA API performs some basic checks when it imports a key, and may perform additional checks before performing an operation if needed, so it will never perform an operation on a key that does not satisfy these checks, but the details of when the check is performed may change between versions of the library. -The legacy API provide functions `mbedtls_pk_check_pair`, `mbedtls_rsa_check_pub_priv` and `mbedtls_ecp_check_pub_priv`, which can be used to check the consistency between a private key and a public key. To perform such a check with the PSA API, you can export the public keys; this works because the PSA representation of public keys is canonical. +The legacy API provides functions `mbedtls_pk_check_pair`, `mbedtls_rsa_check_pub_priv` and `mbedtls_ecp_check_pub_priv`, which can be used to check the consistency between a private key and a public key. To perform such a check with the PSA API, you can export the public keys; this works because the PSA representation of public keys is canonical. * Prepare a key object containing the private key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). * Prepare a key object containing the public key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). @@ -1107,7 +1107,7 @@ A typical flow for ECDH using the legacy API without a context object is: * `mbedtls_mpi z` for the shared secret (this may be the same variable as `our_priv` when doing ephemeral ECDH). 2. Call `mbedtls_ecp_group_load` on `grp` to select the curve. 3. Call `mbedtls_ecdh_gen_public` on `grp`, `our_priv` (output) and `our_pub` (output) to generate a key pair and retrieve the corresponding public key. -4. Send `our_pub` to the peer. Retriev the peer's public key and import it into `their_pub`. These two actions may be performed in either order. +4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order. 5. Call `mbedtls_ecdh_compute_shared` on `grp`, `z` (output), `their_pub` and `our_priv`. 6. Use the raw shared secret `z`, typically, to construct a shared key. 7. Free `grp`, `our_priv`, `our_pub`, `their_pub` and `z`. @@ -1122,7 +1122,7 @@ The corresponding flow with the PSA API is as follows: * `shared_secret`: a buffer of size [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) (if not using a key derivation operation). 2. Prepare an attribute structure as desccribed in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”, in particular selecting the curve with `psa_set_key_type`. 3. Call [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) on `attributes` and `our_key` (output) to generate a key pair, then [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on `our_key` and `our_pub` (output) to obtain our public key. -4. Send `our_pub` to the peer. Retriev the peer's public key and import it into `their_pub`. These two actions may be performed in either order. +4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order. 5. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). 6. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) on `key_id`, and free the memory buffers. @@ -1169,7 +1169,7 @@ The legacy API offers the following flow for a Diffie-Hellman key agreement in a The corresponding flow with the PSA API is as follows: 1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: - 1. Decode the select curve/group and use this to determine a PSA key type (`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)` or `PSA_KEY_TYPE_DH_KEY_PAIR(group)`), a key size and an algorithm. + 1. Decode the selected curve/group and use this to determine a PSA key type (`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)` or `PSA_KEY_TYPE_DH_KEY_PAIR(group)`), a key size and an algorithm. 2. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”. Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain our public key. 3. Send our public key to the peer. @@ -1182,7 +1182,7 @@ The corresponding flow with the PSA API is as follows: The legacy function `mbedtls_ecdh_get_params` allows the application to retrieve an `mbedtls_ecp_keypair` containing either our key pair, or the peer's public key. The PSA equivalent depends on the use case: * With either side, accessing the group: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the key identifier, then [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain metadata about the key. -* With `MBEDTLS_ECDH_OURS`, accessing the public key: call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on PSA key identifier. +* With `MBEDTLS_ECDH_OURS`, accessing the public key: call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier. * With `MBEDTLS_ECDH_OURS`, accessing the private key: call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). * With `MBEDTLS_ECDH_THEIRS`, accessing the public key (there is no private key): there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. @@ -1190,7 +1190,7 @@ The functions `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len` and `mbedtls_dhm_g * `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len`: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the PSA key identifier, then [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06). * `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_X` (our private key): call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GX` (our public key): call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on PSA key identifier. +* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GX` (our public key): call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier. * `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GY` (peer's public key): the there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. * `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_K` (shared secret): this is the value calculated by `psa_raw_key_agreement` or `psa_key_derivation_key_agreement`. If you need to use it multiple times (for example to derive multiple values independently), call `psa_raw_key_agreement` and make a copy. * `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_P` or `MBEDTLS_DHM_PARAM_G` (group parameters): [there is no PSA API to retrieve these values](https://github.com/Mbed-TLS/mbedtls/issues/7780). @@ -1229,7 +1229,7 @@ There is no PSA equivalent for the following functionality: The PSA API does not currently have a discovery mechanism for cryptographic mechanisms (although one may be added in the future). Thus there is no equivalent for `MBEDTLS_ECP_DP_MAX` and the functions `mbedtls_ecp_curve_list` and `mbedtls_ecp_grp_id_list`. -The API provies macros that give the maximum supported sizes for various kinds of objects. The following table lists equivalents for `MBEDTLS_ECP_MAX_xxx` macros. +The API provides macros that give the maximum supported sizes for various kinds of objects. The following table lists equivalents for `MBEDTLS_ECP_MAX_xxx` macros. | Legacy macro | PSA equivalent | | ------------ | -------------- | @@ -1272,7 +1272,7 @@ Implementers of the RSA-ALT interface (`MBEDTLS_PK_RSA_ALT` pk type, `mbedtls_pk PSA_KEY_PERSISTENCE_VOLATILE, MY_RSA_DRIVER_LOCATION)); ``` -The PSA subsystem uses its internal random generator both for randomized algorithms and to generate blinding value. As a consequence, none of the API functions take an RNG parameter. +The PSA subsystem uses its internal random generator both for randomized algorithms and to generate blinding values. As a consequence, none of the API functions take an RNG parameter. #### RSA functionality with no PSA equivalent From d96aa1b5cddfd0666a3322058cdcd01d8b01ceb9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 29 Nov 2023 21:13:02 +0100 Subject: [PATCH 107/653] Say who to contact Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index f3e8996a8e..2783541235 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -1276,7 +1276,7 @@ The PSA subsystem uses its internal random generator both for randomized algorit #### RSA functionality with no PSA equivalent -The PSA API does not provide direct access to the exponentiation primitive as with `mbedtls_rsa_public` and `mbedtls_rsa_private`. If you need an RSA-based mechanism that is not supported by the PSA API, please contact us so that we can extend the API to support it. +The PSA API does not provide direct access to the exponentiation primitive as with `mbedtls_rsa_public` and `mbedtls_rsa_private`. If you need an RSA-based mechanism that is not supported by the PSA API, please [submit an issue on GitHub](https://github.com/ARM-software/psa-api/issues) so that we can extend the API to support it. The PSA API does not support constructing RSA keys progressively from numbers with `mbedtls_rsa_import` or `mbedtls_rsa_import_raw` followed by `mbedtls_rsa_complete`. See “[Importing a PK key by wrapping](#importing-a-pk-key-by-wrapping)”. From a29db7da2ee19ba2b8d43c114fdb69af3780d730 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 30 Nov 2023 14:06:14 +0800 Subject: [PATCH 108/653] tls13: early_data: cli: assign ciphersuite properly When early_data extension is enabled and sent in ClientHello, the client does not know if the server will accept early data and select the first proposed pre-shared key with a ciphersuite that is different from the ciphersuite associated to the selected pre-shared key. To address aforementioned case, we do associated verification when parsing early_data ext in EncryptedExtensions. Therefore we have to assign the ciphersuite in current handshake to session_negotiate later than the associated verification. This won't impact decryption of EncryptedExtensions since we compute handshake keys by the ciphersuite in handshake not via the one in session_negotiate. Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 44814b99f0..d9a4b3e09a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1925,7 +1925,6 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl) mbedtls_ssl_set_inbound_transform(ssl, handshake->transform_handshake); MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic")); - ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; ssl->session_in = ssl->session_negotiate; cleanup: @@ -2203,6 +2202,20 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) } #endif + /* + * When early_data extension is enabled and sent in ClientHello, the client + * does not know if the server will accept early data and select the first + * proposed pre-shared key with a ciphersuite that is different from the + * ciphersuite associated to the selected pre-shared key. To address + * aforementioned case, we do associated verification when parsing + * early_data ext in EncryptedExtensions. Therefore we have to assign + * the ciphersuite in current handshake to session_negotiate later than + * the associated verification. This won't impact decryption of + * EncryptedExtensions since we compute handshake keys by the ciphersuite + * in handshake not via the one in session_negotiate. + */ + ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len)); From 3cc486aa11c96ea378431d7e62455bcfe04fb944 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 30 Nov 2023 08:09:47 +0100 Subject: [PATCH 109/653] pkparse: make pk_internal.h always available This is needed because now "pk_internal.h" contains defines for PEM strings Signed-off-by: Valerio Setti --- library/pkparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 0b5de8db3d..1f6133e01e 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -15,6 +15,7 @@ #include "mbedtls/platform_util.h" #include "mbedtls/platform.h" #include "mbedtls/error.h" +#include "pk_internal.h" #include @@ -29,7 +30,6 @@ #endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "mbedtls/ecp.h" -#include "pk_internal.h" #endif /* Extended formats */ From ad6d016b8f716539b0eae253ce81e2e05960f08b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 30 Nov 2023 08:10:36 +0100 Subject: [PATCH 110/653] pkwrite: fix return value in pk_get_type_ext() Signed-off-by: Valerio Setti --- library/pkwrite.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 15b8a8d343..c7eb1148b4 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -527,7 +527,7 @@ static mbedtls_pk_type_t pk_get_type_ext(const mbedtls_pk_context *pk) } else if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) { return MBEDTLS_PK_RSA; } else { - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + return MBEDTLS_PK_NONE; } } else #endif From f4bad42670c60dbbd7c16ce16e91c0e377536941 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 30 Nov 2023 15:36:43 +0800 Subject: [PATCH 111/653] itls13: early_data: cli: improve comment Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d9a4b3e09a..bdb34247dc 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2184,9 +2184,14 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) * - The selected cipher suite * - The selected ALPN [RFC7301] protocol, if any * - * We check here that when early data is involved the server - * selected the cipher suite associated to the pre-shared key - * as it must have. + * When parsing EncryptedExtensions, the client does not know if + * the server will accept early data and select the first proposed + * pre-shared key with a cipher suite that is different from the + * cipher suite associated to the selected pre-shared key. To address + * aforementioned case, when early data is involved, we check: + * - the selected pre-shared key is the first proposed one + * - the selected cipher suite same as the one associated with the + * pre-shared key. */ if (handshake->selected_identity != 0 || handshake->ciphersuite_info->id != @@ -2203,16 +2208,14 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) #endif /* - * When early_data extension is enabled and sent in ClientHello, the client - * does not know if the server will accept early data and select the first - * proposed pre-shared key with a ciphersuite that is different from the - * ciphersuite associated to the selected pre-shared key. To address - * aforementioned case, we do associated verification when parsing - * early_data ext in EncryptedExtensions. Therefore we have to assign - * the ciphersuite in current handshake to session_negotiate later than - * the associated verification. This won't impact decryption of - * EncryptedExtensions since we compute handshake keys by the ciphersuite - * in handshake not via the one in session_negotiate. + * Move `session_negotiate->ciphersuite` assignment here which after + * early data cipher suite check when receiving "early_data" extension + * in EncryptedExtensions. + * + * We compute transform_handshake by the cipher suite chosen from + * the server in `handshake`. `session_negotiate->ciphersuite` is the + * cipher suite negotiated in previous connection and it is not used for + * computing transform_handshake. */ ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; From 0790041dc6d8f629d2b858fbe1f8bd04ee98de78 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 30 Nov 2023 16:44:44 +0800 Subject: [PATCH 112/653] Revert "tls13: early_data: cli: remove nst_ prefix" This reverts commit 3781ab40fb24c06ca7401bcecc3e1aa31d669a55. Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index fec4a7d585..a62d2bcd39 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2658,16 +2658,10 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) * } EarlyDataIndication; */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_early_data_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) +static int ssl_tls13_parse_nst_early_data_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end) { - /* Make sure early data indication extension is received from - * NewSessionTicket. */ - if (!mbedtls_ssl_is_handshake_over(ssl)) { - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - mbedtls_ssl_session *session = ssl->session; MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 4); @@ -2716,11 +2710,11 @@ static int ssl_tls13_parse_new_session_ticket_exts(mbedtls_ssl_context *ssl, switch (extension_type) { #if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_TLS_EXT_EARLY_DATA: - ret = ssl_tls13_parse_early_data_ext( + ret = ssl_tls13_parse_nst_early_data_ext( ssl, p, p + extension_data_len); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_early_data_ext", ret); + 1, "ssl_tls13_parse_nst_early_data_ext", ret); } break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From b3e207d762567fee6a8cc835b717f6ab92a37b07 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 30 Nov 2023 16:49:49 +0800 Subject: [PATCH 113/653] tls13: early_data: cli: rename early_data parser in nst Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index a62d2bcd39..08cfe221ba 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2658,9 +2658,10 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) * } EarlyDataIndication; */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_nst_early_data_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) +static int ssl_tls13_parse_new_session_ticket_early_data_ext( + mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end) { mbedtls_ssl_session *session = ssl->session; @@ -2710,11 +2711,12 @@ static int ssl_tls13_parse_new_session_ticket_exts(mbedtls_ssl_context *ssl, switch (extension_type) { #if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_TLS_EXT_EARLY_DATA: - ret = ssl_tls13_parse_nst_early_data_ext( + ret = ssl_tls13_parse_new_session_ticket_early_data_ext( ssl, p, p + extension_data_len); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_nst_early_data_ext", ret); + 1, "ssl_tls13_parse_new_session_ticket_early_data_ext", + ret); } break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From d879b47b527e11569678c0895f9bdab66eae5e20 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 30 Nov 2023 09:35:14 +0000 Subject: [PATCH 114/653] tidy up macros in mbedtls_xor Signed-off-by: Dave Rodgman --- library/common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/common.h b/library/common.h index 55bea8ceee..e532777e78 100644 --- a/library/common.h +++ b/library/common.h @@ -183,8 +183,8 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned size_t i = 0; #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) #if defined(MBEDTLS_HAVE_NEON_INTRINSICS) && \ - (!defined(MBEDTLS_COMPILER_IS_GCC) || \ - (defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION >= 70300)) + (!(defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION < 70300)) + /* Old GCC versions generate a warning here, so disable the NEON path for these compilers */ for (; (i + 16) <= n; i += 16) { uint8x16_t v1 = vld1q_u8(a + i); uint8x16_t v2 = vld1q_u8(b + i); From 12d1c3ad4fe58f056af1d332e4f0cc9cc672eca0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 30 Nov 2023 09:38:38 +0000 Subject: [PATCH 115/653] Use MBEDTLS_HAVE_NEON_INTRINSICS in aesce Signed-off-by: Dave Rodgman --- library/aesce.c | 2 +- library/aesce.h | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 2879be5a18..afbb369eb5 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -45,7 +45,7 @@ #include "aesce.h" -#if defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(__ARM_NEON) +#if defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(MBEDTLS_HAVE_NEON_INTRINSICS) /* Compiler version checks. */ #if defined(__clang__) diff --git a/library/aesce.h b/library/aesce.h index cf12d7f8d1..6b64f45d0a 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -15,11 +15,13 @@ #define MBEDTLS_AESCE_H #include "mbedtls/build_info.h" +#include "common.h" #include "mbedtls/aes.h" -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(__ARM_NEON) +#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8_A) && \ + defined(MBEDTLS_HAVE_NEON_INTRINSICS) #define MBEDTLS_AESCE_HAVE_CODE @@ -124,6 +126,6 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk, #error "AES hardware acceleration not supported on this platform" #endif -#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARMV8_A && __ARM_NEON */ +#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARMV8_A && MBEDTLS_HAVE_NEON_INTRINSICS */ #endif /* MBEDTLS_AESCE_H */ From 396a2a3dcbc41b1184fce39a497cda5c0eb186b1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2023 11:02:06 +0100 Subject: [PATCH 116/653] Explain interruptible operations Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 2783541235..5bab124e24 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -958,9 +958,9 @@ Unlike the legacy API, where `mbedtls_pk_sign` and `mbedtls_ecdsa_write_signatur #### Restartable ECDSA signature -There is a PSA API for interruptible public-key operations, offering similar functionality to the legacy restartable API (`mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable`, `mbedtls_ecdsa_sign_restartable`, `mbedtls_ecdsa_verify_restartable`, `mbedtls_ecdsa_write_signature_restartable`, `mbedtls_ecdsa_read_signature_restartable`). +The legacy API includes an API for “restartable” ECC operations: the operation returns after doing partial computation, and can be resumed. This is intended for highly constrained devices where long cryptographic calculations need to be broken up to poll some inputs, where interrupt-based scheduling is not desired. The legacy API consists of the functions `mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable`, `mbedtls_ecdsa_sign_restartable`, `mbedtls_ecdsa_verify_restartable`, `mbedtls_ecdsa_write_signature_restartable`, `mbedtls_ecdsa_read_signature_restartable`, as well as several configuration and data manipulation functions. -As of Mbed TLS 3.5, it is only implemented for ECDSA, for the same curves as the legacy API; this will likely be extended to ECDH in the short term. At the time of writing, no extension is planned to other curves or other algorithms. +The PSA API offers similar functionality via “interruptible” public-key operations. As of Mbed TLS 3.5, it is only implemented for ECDSA, for the same curves as the legacy API. This will likely be extended to ECDH in the short term. At the time of writing, no extension is planned to other curves or other algorithms. The flow of operations for an interruptible signature operation is as follows: From 059f66ce7c8a40589718ad98502e6fb542a2a7bf Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 30 Nov 2023 11:02:03 +0000 Subject: [PATCH 117/653] Remove redundant check Signed-off-by: Dave Rodgman --- library/aesce.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 17f09aa556..eaaa5b5c3f 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -76,10 +76,6 @@ # endif #endif -#if !defined(MBEDTLS_HAVE_NEON_INTRINSICS) -#error "Target does not support NEON instructions" -#endif - #if !(defined(__ARM_FEATURE_CRYPTO) || defined(__ARM_FEATURE_AES)) || \ defined(MBEDTLS_ENABLE_ARM_CRYPTO_EXTENSIONS_COMPILER_FLAG) # if defined(__ARMCOMPILER_VERSION) From 4d234f1edec0f583b512a6efa5d50448055a6783 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2023 13:59:49 +0100 Subject: [PATCH 118/653] Editorial corrections Fix typos, copypasta, and other minor clarifications. Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 5bab124e24..54a1dd642d 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -338,7 +338,7 @@ Recall the flow of an unauthenticated cipher operation in the legacy Mbed TLS ci For a one-shot operation (where the whole plaintext or ciphertext is passed as a single input), the equivalent flow with the PSA API is to call a single function: -* [`psa_cipher_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga61f02fbfa681c2659546eca52277dbf1) to perform encryption with a random IV of the default size (indicated by [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH)). (To encrypt with a specified IV, use the multi-part API described below.) You can use the macro [`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. +* [`psa_cipher_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga61f02fbfa681c2659546eca52277dbf1) to perform encryption with a random IV of the default size (indicated by [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH)). (To encrypt with a specified IV, use the multi-part API described below.) You can use the macro [`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. * [`psa_cipher_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gab3593f5f14d8c0431dd306d80929215e) to perform decryption with a specified IV. You can use the macro [`PSA_CIPHER_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. For a multi-part operation, the equivalent flow with the PSA API is as follows: @@ -633,7 +633,7 @@ Here is an overview of the lifecycle of a PSA key object. 1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's conceptual size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” as well as “[Public-key cryptography policies](#public-key-cryptography-policies)”). + * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the permitted algorithm to the desired `PSA_ALG_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” as well as “[Public-key cryptography policies](#public-key-cryptography-policies)”). * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable the desired usage types (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). 2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. @@ -656,8 +656,8 @@ The following table lists the relevant usage flags for asymmetric cryptography. | Sign an already-calculated hash | at least one of [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) or [`PSA_KEY_USAGE_SIGN_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) | | Verify a message directly | [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) | | Verify an already-calculated hash | at least one of [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) or [`PSA_KEY_USAGE_VERIFY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gafadf131ef2182045e3483d03aadaa1bd) | -| Encryption | [`PSA_KEY_USAGE_`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga75153b296d045d529d97203a6a995dad) | -| Decryption | [`PSA_KEY_USAGE_`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gac3f2d2e5983db1edde9f142ca9bf8e6a) | +| Encryption | [`PSA_KEY_USAGE_ENCRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga75153b296d045d529d97203a6a995dad) | +| Decryption | [`PSA_KEY_USAGE_DECRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gac3f2d2e5983db1edde9f142ca9bf8e6a) | | Key agreement | [`PSA_KEY_USAGE_DERIVE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gaf19022acc5ef23cf12477f632b48a0b2) | The sections “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” cover the available algorithm values for each key type. Normally, a key can only be used with a single algorithm, following standard good practice. However, there are two ways to relax this requirement. @@ -688,7 +688,7 @@ The following cryptographic algorithms work with RSA keys: #### Elliptic curve mechanism selection -The PK types `MBEDTLS_PK_ECKEY`, `MBEDTLS_PK_ECKEY_DH` and `MBEDTLS_PK_ECDSA` correspond to RSA key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. The PSA API uses policies and algorithm parameters rather than key types to distinguish between the PK EC types. +The PK types `MBEDTLS_PK_ECKEY`, `MBEDTLS_PK_ECKEY_DH` and `MBEDTLS_PK_ECDSA` correspond to elliptic-curve key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. The PSA API uses policies and algorithm parameters rather than key types to distinguish between the PK EC types. An ECC public key has the type [`PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad54c03d3b47020e571a72cd01d978cf2) where `curve` is a curve family identifier. @@ -717,6 +717,7 @@ The following cryptographic algorithms work with ECC keys: * ECDH key agreement (including X25519 and X448): [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43). * ECDSA: [`PSA_ALG_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3), [`PSA_ALG_ECDSA_ANY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga51d6b6044a62e33cae0cf64bfc3b22a4), [`PSA_ALG_DETERMINISTIC_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03). +* EC-JPAKE (see “[EC-JPAKE](#ec-jpake)”. #### Diffie-Hellman mechanism selection @@ -913,7 +914,7 @@ To export a PSA public key or to export the public key of a PSA key pair object, The export format is the same format used for `psa_import_key`, described in “[Creating keys for asymmetric cryptography](#creating-keys-for-asymmetric-cryptography)” above. -A future extension of the PSA API will support other export formats. Until those are implemented, see the following subsections for ways to use the PK module to format a PSA key. +A future extension of the PSA API will support other export formats. Until those are implemented, see “[Exporting a PK key by wrapping](#exporting-a-pk-key-by-wrapping)” for ways to use the PK module to format a PSA key. #### Exporting a PK key by wrapping @@ -974,7 +975,7 @@ The flow of operations for an interruptible signature verification operation is 2. Call [`psa_verify_hash_start`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga912eb51fb94056858f451f276ee289cb) with the private key object and the hash and signature to verify. 3. Call [`psa_verify_hash_complete`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga67fe82352bc2f8c0343e231a70a5bc7d) repeatedly until it returns a status other than `PSA_OPERATION_INCOMPLETE`. -If you need to interrupt the operation after calling the start function without waiting for the complete function to return a success or failure status, call [`psa_sign_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1gae893a4813aa8e03bd201fe4f1bbbb403) or [`psa_verify_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga18dc9c0cc27d590c5e3b186094d90f88). +If you need to cancel the operation after calling the start function without waiting for the loop calling the complete function to finish, call [`psa_sign_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1gae893a4813aa8e03bd201fe4f1bbbb403) or [`psa_verify_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga18dc9c0cc27d590c5e3b186094d90f88). Call [`psa_interruptible_set_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6d86790b31657c13705214f373af869e) to set the number of basic operations per call. This is the same unit as `mbedtls_ecp_set_max_ops`. You can retrieve the current value with [`psa_interruptible_get_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga73e66a6d93f2690b626fcea20ada62b2). The value is [`PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible/#group__interruptible_1gad19c1da7f6b7d59d5873d5b68eb943d4) if operations are not restartable, which corresponds to `mbedtls_ecp_restart_is_enabled()` being false. @@ -1003,7 +1004,7 @@ With respect to the salt length: ### Asymmetric encryption and decryption The equivalent of `mbedtls_pk_encrypt`, `mbedtls_rsa_pkcs1_encrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_encrypt` or `mbedtls_rsa_rsaes_oaep_encrypt` to encrypt a short message (typically a symmetric key) is [`psa_asymmetric_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gaa17f61e4ddafd1823d2c834b3706c290). -The key must be a public key allowing the usage `PSA_KEY_USAGE_ENCRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). +The key must be a public key or a key pair allowing the usage `PSA_KEY_USAGE_ENCRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). Use the macro [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a66ba3bd93e5ec52870ccc3848778bad8) or [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size. The equivalent of `mbedtls_pk_decrypt`, `mbedtls_rsa_pkcs1_decrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_decrypt` or `mbedtls_rsa_rsaes_oaep_decrypt` to decrypt a short message (typically a symmetric key) is [`psa_asymmetric_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga4f968756f6b22aab362b598b202d83d7). From 951cf39b3f445cc099f2369319f599e16ef5cf8c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2023 14:01:20 +0100 Subject: [PATCH 119/653] Corrections and clarifications around asymmetric key formats Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 54a1dd642d..21f4388384 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -672,7 +672,7 @@ The sections “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elli The PK types `MBEDTLS_PK_RSA`, `MBEDTLS_PK_RSASSA_PSS` and `MBEDTLS_PK_RSA_ALT` correspond to RSA key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. See “[RSA-ALT interface](#rsa-alt-interface)” for more information about `MBEDTLS_PK_RSA_ALT`. -The PSA API uses policies and algorithm parameters rather than key types to distinguish between `MBEDTLS_PK_RSA` and `MBEDTLS_PK_RSASSA_PSS`. The algorithm selection also replaces the use of `mbedtls_rsa_set_padding` on an `mbedtls_rsa_context` object. See the list of algorithms below and the signature and encryption sections for more information. +The PSA API uses policies and algorithm parameters rather than key types to distinguish between RSA-based mechanisms. The PSA algorithm selection corresponds to the `mbedtls_pk_type_t` value passed to `mbedtls_pk_{sign,verify}_ext`. It also replaces the use of `mbedtls_rsa_set_padding` on an `mbedtls_rsa_context` object. See the list of algorithms below and the signature and encryption sections for more information. An RSA public key has the type [`PSA_KEY_TYPE_RSA_PUBLIC_KEY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9ba0878f56c8bcd1995ac017a74f513b). @@ -743,7 +743,7 @@ The easiest way to create a key pair object is by randomly generating it with [` For RSA keys, `psa_generate_key` always uses 65537 as the public exponent. If you need a different public exponent, use the legacy interface to create the key then import it as described in “[Importing legacy keys via the PK module](#importing-legacy-keys-via-the-pk-module)”. -To create a key object from existing material, use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). While this function has the same basic goal as the PK parse functions (`mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`), it is limited to a single format that just contains the number(s) that make up the key, with very little metadata. This format is a substring of the formats accepted by the PK functions (except for finite-field Diffie-Hellman which the PK module does not support). The table below summarizes the PSA import/export format for key pairs and public keys; see the documentation of [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) for more details. +To create a key object from existing material, use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). While this function has the same basic goal as the PK parse functions (`mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`), it is limited to a single format that just contains the number(s) that make up the key, with very little metadata. This format is a substring of one of the formats accepted by the PK functions (except for finite-field Diffie-Hellman which the PK module does not support). The table below summarizes the PSA import/export format for key pairs and public keys; see the documentation of [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) for more details. | Key type | PSA import/export format | | -------- | ------------------------ | @@ -854,7 +854,7 @@ This section explains how to use the `ecp.h` API to create an elliptic curve key You can use this, for example, to import an ECC key in the form of a compressed point by calling `mbedtls_ecp_point_read_binary` then following the process below. -The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. Error checks are omitted for simplicity. A future version of Mbed TLS [will provide a function to calculate the curve family](https://github.com/Mbed-TLS/mbedtls/issues/7764). +The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. (This includes `mbedtls_ecdsa_keypair` objects since that is just a type alias.) Error checks are omitted for simplicity. A future version of Mbed TLS [will provide a function to calculate the curve family](https://github.com/Mbed-TLS/mbedtls/issues/7764). ``` mbedtls_ecp_keypair ec; @@ -904,7 +904,7 @@ You can call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects The bit-size from `psa_get_key_bits` is the same as the one from `mbedtls_pk_get_bitlen`. To convert to bytes as `mbedtls_pk_get_len` or `mbedtls_rsa_get_len` do, you can use the macro `PSA_BITS_TO_BYTES`. However, note that the PSA API has generic macros for each related buffer size (export, signature size, etc.), so you should generally use those instead. The present document lists those macros where it explains the usage of the corresponding function. -Most uses of `mbedtls_pk_get_type` and `mbedtls_pk_can_do` only require knowing a key's type as reported by [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918). If needed, you can also access a key's policy from its attributes with [`psa_get_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaa1af20f142ca722222c6d98678a0c448), [`psa_get_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac255da850a00bbed925390044f016b34) and [`psa_get_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga39803b62a97198cf630854db9b53c588). The algorithm policy also conveys the padding and hash information provided by `mbedtls_rsa_get_padding_mode` and `mbedtls_rsa_get_md_alg`. +Most code that calls `mbedtls_pk_get_type` or `mbedtls_pk_can_do` only requires the key's type as reported by [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918). For code that uses both `mbedtls_pk_context` objects and PSA metadata encoding, [`mbedtls_pk_can_do_ext`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a256d3e8d4323a45aafa7d2b6c59a36f6) checks the compatibility between a key object and a mechanism. If needed, you can also access a key's policy from its attributes with [`psa_get_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaa1af20f142ca722222c6d98678a0c448), [`psa_get_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac255da850a00bbed925390044f016b34) and [`psa_get_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga39803b62a97198cf630854db9b53c588). The algorithm policy also conveys the padding and hash information provided by `mbedtls_rsa_get_padding_mode` and `mbedtls_rsa_get_md_alg`. ### Exporting a public key or a key pair @@ -993,7 +993,7 @@ The PSA API has two algorithm constructors: This mechanism corresponds to `mbedtls_pk_sign_ext` and `mbedtls_pk_verify_ext` for an RSA key, as well as `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_rsa_pkcs1_sign` and `mbedtls_rsa_pkcs1_verify` if PSS has been selected on the underlying RSA context with `mbedlts_rsa_set_padding`. It also corresponds to `mbedtls_rsa_rsassa_pss_sign` and `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_rsa_rsassa_pss_verify` and `mbedtls_rsa_rsassa_pss_verify_ext`. -The PSA API has two algorithm constructors: [`PSA_ALG_RSA_PSS(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d) and [`PSA_ALG_RSA_PSS_ANY_SALT(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b). The hash algorithm `hash` corresponds to the `md_alg` parameter passed to the legacy API. It is used to hash the message, to create the salted hash, and for the mask generation with MGF1. The PSA API does not support using different hash algorithms for these different purposes. +The PSA API has two algorithm constructors: [`PSA_ALG_RSA_PSS(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d) and [`PSA_ALG_RSA_PSS_ANY_SALT(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b). They differ only for verification, and have exactly the same behavior for signature. The hash algorithm `hash` corresponds to the `md_alg` parameter passed to the legacy API. It is used to hash the message, to create the salted hash, and for the mask generation with MGF1. The PSA API does not support using different hash algorithms for these different purposes. With respect to the salt length: From f7746bdd79e7bee875a2b4eb86162296f17d9775 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2023 14:01:44 +0100 Subject: [PATCH 120/653] Correct lists of sign/verify functions Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 21f4388384..c62106cf39 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -922,12 +922,14 @@ You can wrap a PSA key object in a PK key context with `mbedtls_pk_setup_opaque` ### Signature operations -The equivalent of `mbedtls_pk_sign`, `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pss_sign` or `mbedtls_rsa_rsassa_pss_sign_ext` to sign an already calculated hash is [`psa_sign_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga785e746a31a7b2a35ae5175c5ace3c5c). +The equivalent of `mbedtls_pk_sign` or `mbedtls_pk_sign_ext` to sign an already calculated hash is [`psa_sign_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga785e746a31a7b2a35ae5175c5ace3c5c). The key must be a key pair allowing the usage `PSA_KEY_USAGE_SIGN_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). Use [`PSA_SIGN_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGN_OUTPUT_SIZE) or [`PSA_SIGNATURE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGNATURE_MAX_SIZE) (similar to `MBEDTLS_PK_SIGNATURE_MAX_SIZE`) to determine the size of the output buffer. +This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext` and `mbedtls_ecdsa_write_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details. The equivalent of `mbedtls_pk_verify` or `mbedtls_pk_verify_ext` to verify an already calculated hash is [`psa_verify_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gae2ffbf01e5266391aff22b101a49f5f5). The key must be a public key or a key pair allowing the usage `PSA_KEY_USAGE_VERIFY_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). +This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_verify`, `mbedtls_rsa_rsassa_pkcs1_v15_verify`, `mbedtls_rsa_rsassa_pss_verify`, `mbedtls_rsa_rsassa_pss_verify_ext`, `mbedtls_ecdsa_verify` amd `mbedtls_ecdsa_read_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details. Generally, `psa_sign_hash` and `psa_verify_hash` require the input to have the correct length for the hash (this has historically not always been enforced in the corresponding legacy APIs). @@ -943,10 +945,10 @@ The following subsections describe the PSA signature mechanisms that correspond #### ECDSA signature -In the PSA API, **the format of an ECDSA signature is the raw fixed-size format. This is different from the legacy API** which uses the ASN.1 DER format for ECDSA signatures. A future version of Mbed TLS [will provide a way to convert between the two formats](https://github.com/Mbed-TLS/mbedtls/issues/7765). +**Note: in the PSA API, the format of an ECDSA signature is the raw fixed-size format. This is different from the legacy API** which uses the ASN.1 DER format for ECDSA signatures. A future version of Mbed TLS [will provide a way to convert between the two formats](https://github.com/Mbed-TLS/mbedtls/issues/7765). -This is the mechanism provided by `mbedtls_pk_sign` and `mbedtls_pk_verify` for ECDSA keys, as well as by `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext`, `mbedtls_ecdsa_write_signature`, `mbedtls_ecdsa_write_signature` and `mbedtls_ecdsa_verify`. +ECDSA is the mechanism provided by `mbedtls_pk_sign` and `mbedtls_pk_verify` for ECDSA keys, as well as by `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext`, `mbedtls_ecdsa_write_signature`, `mbedtls_ecdsa_verify` and `mbedtls_ecdsa_read_signature`. The PSA API offers three algorithm constructors for ECDSA. They differ only for signature, and have exactly the same behavior for verification. From d79854b3f73fd9b0863c6fdc083cd861ae61a1da Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2023 14:01:59 +0100 Subject: [PATCH 121/653] That's not what mbedtls_ecdh_get_params does Keep the discussion of how to retrieve information about a key exchange. This doesn't seem to have equivalent legacy ECDH APIs. Add a todo item for mbedtls_ecdh_get_params(). At this point I don't know where it fits. Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index c62106cf39..8b25aa347b 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -1064,6 +1064,8 @@ There is no PSA equivalent to Mbed TLS's custom key type names exposed by `mbedt The PSA API has a generic interface for key agreement, covering the main use of both `ecdh.h` and `dhm.h`. + + #### Diffie-Hellman key pair management The PSA API manipulates keys as such, rather than via an operation context. Thus, to use Diffie-Hellman, you need to create a key object, then perform the key exchange, then destroy the key. There is no equivalent to the types `mbedtls_ecdh_context` and `mbedtls_dhm_context`. @@ -1182,12 +1184,12 @@ The corresponding flow with the PSA API is as follows: #### ECDH and DHM metadata functions -The legacy function `mbedtls_ecdh_get_params` allows the application to retrieve an `mbedtls_ecp_keypair` containing either our key pair, or the peer's public key. The PSA equivalent depends on the use case: +You can obtain data and metadata from an ECDH key agreement through the PSA API as follows: * With either side, accessing the group: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the key identifier, then [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain metadata about the key. -* With `MBEDTLS_ECDH_OURS`, accessing the public key: call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier. -* With `MBEDTLS_ECDH_OURS`, accessing the private key: call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -* With `MBEDTLS_ECDH_THEIRS`, accessing the public key (there is no private key): there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. +* Accessing our public key: call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier. +* Accessing our private key: call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). +* Accessing the peer's public key: there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. The functions `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len` and `mbedtls_dhm_get_value` allow the caller to obtain metadata about the keys used for the key exchange. The PSA equivalents access the key identifier: From 08c6dc4942cc01e75d1a3ccc9c26104ad428a11a Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 30 Nov 2023 13:56:09 +0000 Subject: [PATCH 122/653] Rename project_crypto_name Signed-off-by: Thomas Daubney --- scripts/mbedtls_dev/build_tree.py | 2 +- tests/scripts/test_psa_compliance.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index 4e0ae19531..c2a370d7e6 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -33,7 +33,7 @@ def crypto_core_directory(root: Optional[str] = None) -> str: else: raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') -def project_crypto_name(root: Optional[str] = None) -> str: +def crypto_library_filename(root: Optional[str] = None) -> str: """Return the crypto library filename for either TF-PSA-Crypto or Mbed TLS.""" if root is None: root = guess_project_root() diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 034949bc6b..984ddf3e17 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -50,7 +50,7 @@ def main(library_build_dir: str): in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir) - crypto_name = build_tree.project_crypto_name(root_dir) + crypto_name = build_tree.crypto_library_filename(root_dir) library_subdir = build_tree.crypto_core_directory(root_dir) crypto_lib_filename = (library_build_dir + '/' + From 46588de8fc6165212a4e9d5fddb0c976231152f5 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 30 Nov 2023 13:59:30 +0000 Subject: [PATCH 123/653] Improve documentation of crypto_core_directory Signed-off-by: Thomas Daubney --- scripts/mbedtls_dev/build_tree.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index c2a370d7e6..ff8d57594d 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -23,7 +23,10 @@ def looks_like_root(path: str) -> bool: return looks_like_tf_psa_crypto_root(path) or looks_like_mbedtls_root(path) def crypto_core_directory(root: Optional[str] = None) -> str: - """Return the path of the library code for either TF-PSA-Crypto or Mbed TLS.""" + """ + Return the path of the directory containing the PSA crypto core + for either TF-PSA-Crypto or Mbed TLS. + """ if root is None: root = guess_project_root() if looks_like_tf_psa_crypto_root(root): From 56bee0344ebd81ec1a60f70ca80a87fa5d254b36 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 30 Nov 2023 14:33:35 +0000 Subject: [PATCH 124/653] Rename variable for better clarity Signed-off-by: Thomas Daubney --- scripts/generate_driver_wrappers.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 5223d459fd..edd98a2de4 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -178,10 +178,10 @@ def main() -> int: project_root = os.path.abspath(args.project_root) - library_dir = build_tree.crypto_core_directory(project_root) + crypto_core_directory = build_tree.crypto_core_directory(project_root) output_directory = args.output_directory if args.output_directory is not None else \ - os.path.join(project_root, library_dir) + os.path.join(project_root, crypto_core_directory) template_directory = args.template_dir if args.template_dir is not None else \ os.path.join(project_root, From d1f2934e7880ab744a1f6fbf9ffc9497d75ccc9e Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 30 Nov 2023 17:25:55 +0000 Subject: [PATCH 125/653] Introduce guess_mbedtls_root Signed-off-by: Thomas Daubney --- scripts/generate_ssl_debug_helpers.py | 2 +- scripts/mbedtls_dev/build_tree.py | 17 ++++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index af8ef86eed..a0544f1537 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -367,7 +367,7 @@ def generate_ssl_debug_helpers(output_directory, mbedtls_root): Generate functions of debug helps """ mbedtls_root = os.path.abspath( - mbedtls_root or build_tree.guess_project_root()) + mbedtls_root or build_tree.guess_mbedtls_root()) with open(os.path.join(mbedtls_root, 'include/mbedtls/ssl.h')) as f: source_code = remove_c_comments(f.read()) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index ff8d57594d..1868a0f892 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -48,8 +48,7 @@ def crypto_library_filename(root: Optional[str] = None) -> str: raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') def check_repo_path(): - """ - Check that the current working directory is the project root, and throw + """Check that the current working directory is the project root, and throw an exception if not. """ if not all(os.path.isdir(d) for d in ["include", "library", "tests"]): @@ -69,7 +68,6 @@ def chdir_to_root() -> None: return raise Exception('Mbed TLS source tree not found') - def guess_project_root(): """Guess project source code directory. @@ -87,3 +85,16 @@ def guess_project_root(): if looks_like_root(d): return d raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') + +def guess_mbedtls_root(root: Optional[str] = None) -> str: + """Guess Mbed TLS source code directory. + + Return the first possible Mbed TLS root directory. + Raise an exception if we are not in Mbed TLS. + """ + if root is None: + root = guess_project_root() + if looks_like_mbedtls_root(root): + return root + else: + raise Exception('Mbed TLS source tree not found') From db80b2301c660d54f285ac1c3ac1f5b26983eafd Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 30 Nov 2023 17:33:54 +0000 Subject: [PATCH 126/653] Introduce guess_tf_psa_crypto_root Signed-off-by: Thomas Daubney --- scripts/mbedtls_dev/build_tree.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index 1868a0f892..86c8389000 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -98,3 +98,16 @@ def guess_mbedtls_root(root: Optional[str] = None) -> str: return root else: raise Exception('Mbed TLS source tree not found') + +def guess_tf_psa_crypto_root(root: Optional[str] = None) -> str: + """Guess TF-PSA-Crypto source code directory. + + Return the first possible TF-PSA-Crypto root directory. + Raise an exception if we are not in TF-PSA-Crypto. + """ + if root is None: + root = guess_project_root() + if looks_like_tf_psa_crypto_root(root): + return root + else: + raise Exception('TF-PSA-Crypto source tree not found') From dbcfc7dd956f889975fe978252c25bf1359b0460 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2023 21:04:06 +0100 Subject: [PATCH 127/653] Be more informative about "No change" Distinguish between interfaces that won't change in 4.0, and interfaces that have no PSA equivalent but are likely to change in 4.0. Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 8b25aa347b..b02e2b8f10 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -81,9 +81,9 @@ PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthed | ------ | --------------- | -------------- | | `aes.h` | `mbedtls_aes_` | [Symmetric encryption](#symmetric-encryption) | | `aria.h` | `mbedtls_aria_` | [Symmetric encryption](#symmetric-encryption) | -| `asn1.h` | `mbedtls_asn1_` | No change (not a crypto API) | -| `asn1write.h` | `mbedtls_asn1write_` | No change (not a crypto API) | -| `base64.h` | `mbedtls_base64_` | [PK format support interfaces](#pk-format-support-interfaces) | +| `asn1.h` | `mbedtls_asn1_` | No change ([PK support interface](#pk-format-support-interfaces)) | +| `asn1write.h` | `mbedtls_asn1_write_` | No change ([PK support interface](#pk-format-support-interfaces)) | +| `base64.h` | `mbedtls_base64_` | No change ([PK support interface](#pk-format-support-interfaces)) | | `bignum.h` | `mbedtls_bignum_` | None (no low-level arithmetic) | | `build_info.h` | `MBEDTLS_` | No change (not a crypto API) | | `camellia.h` | `mbedtls_camellia_` | [Symmetric encryption](#symmetric-encryption) | @@ -109,15 +109,15 @@ PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthed | `gcm.h` | `mbedtls_gcm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | | `hkdf.h` | `mbedtls_hkdf_` | [HKDF](#hkdf) | | `hmac_drbg.h` | `mbedtls_hmac_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | -| `lms.h` | `mbedtls_lms_` | No migration path yet | +| `lms.h` | `mbedtls_lms_` | No change ([LMS signatures](#lms-signatures)) | | `mbedtls_config.h` | `MBEDTLS_` | [Compile-time configuration](#compile-time-configuration) | | `md.h` | `mbedtls_md_` | [Hashes and MAC](#hashes-and-mac) | | `md5.h` | `mbedtls_md5_` | [Hashes and MAC](#hashes-and-mac) | | `memory_buffer_alloc.h` | `mbedtls_memory_buffer_alloc_` | No change (not a crypto API) | | `net_sockets.h` | `mbedtls_net_` | No change (not a crypto API) | -| `nist_kw.h` | `mbedtls_nist_kw_` | No migration path yet | -| `oid.h` | `mbedtls_oid_` | [PK format support interfaces](#pk-format-support-interfaces) | -| `pem.h` | `mbedtls_pem_` | [PK format support interfaces](#pk-format-support-interfaces) | +| `nist_kw.h` | `mbedtls_nist_kw_` | Migration path not yet defined | +| `oid.h` | `mbedtls_oid_` | No change ([PK support interface](#pk-format-support-interfaces)) | +| `pem.h` | `mbedtls_pem_` | No change ([PK support interface](#pk-format-support-interfaces)) | | `pk.h` | `mbedtls_pk_` | [Asymmetric cryptography](#asymmetric-cryptography) | | `pkcs5.h` | `mbedtls_pkcs5_` | [PKCS#5 module](#pkcs5-module) | | `pkcs7.h` | `mbedtls_pkcs7_` | No change (not a crypto API) | @@ -1289,9 +1289,15 @@ There is no direct equivalent of `mbedtls_rsa_export`, `mbedtls_rsa_export_raw` A PSA key object is immutable, so there is no need for an equivalent of `mbedtls_rsa_copy`. (There is a function `psa_copy_key`, but it is only useful to make a copy of a key with a different policy of ownership; both concepts are out of scope of this document since they have no equivalent in the legacy API.) +### LMS signatures + +A future version of Mbed TLS will support LMS keys and signatures through the PSA API (`psa_generate_key`, `psa_export_public_key`, `psa_import_key`, `psa_sign_hash`, `psa_verify_hash`, etc.). However, this is likely to happen after Mbed TLS 4.0, therefore the next major version of Mbed TLS will likely keep the existing `lms.h` interface. + ### PK format support interfaces -The interfaces in `base64.h`, `asn1.h`, `asn1write.h`, `oid.h` and `pem.h` are intended to support X.509 and key file formats. They have no PSA equivalent since they are not directly about cryptography. They remain unchanged in Mbed TLS 3.x. In the future, they are likely to move out of the cryptography part of Mbed TLS and into the public-key/X.509 part. +The interfaces in `base64.h`, `asn1.h`, `asn1write.h`, `oid.h` and `pem.h` are intended to support X.509 and key file formats. They have no PSA equivalent since they are not directly about cryptography. + +In Mbed TLS 4.0, we are planning to keep the ASN.1 interfaces mostly unchanged. The evolution of Base64, OID and PEM as separate interfaces is still undecided at the time of writing. ## EC-JPAKE From 3ea22dcb5198b77bac5d2f3482e2d5f4d62a57c6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2023 21:07:24 +0100 Subject: [PATCH 128/653] Correct function names prefixes where they diverge from module names Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index b02e2b8f10..79780564a5 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -82,20 +82,20 @@ PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthed | `aes.h` | `mbedtls_aes_` | [Symmetric encryption](#symmetric-encryption) | | `aria.h` | `mbedtls_aria_` | [Symmetric encryption](#symmetric-encryption) | | `asn1.h` | `mbedtls_asn1_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `asn1write.h` | `mbedtls_asn1_write_` | No change ([PK support interface](#pk-format-support-interfaces)) | +| `asn1write.h` | `mbedtls_asn1write_` | No change ([PK support interface](#pk-format-support-interfaces)) | | `base64.h` | `mbedtls_base64_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `bignum.h` | `mbedtls_bignum_` | None (no low-level arithmetic) | +| `bignum.h` | `mbedtls_mpi_` | None (no low-level arithmetic) | | `build_info.h` | `MBEDTLS_` | No change (not a crypto API) | | `camellia.h` | `mbedtls_camellia_` | [Symmetric encryption](#symmetric-encryption) | | `ccm.h` | `mbedtls_ccm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | | `chacha20.h` | `mbedtls_chacha20_` | [Symmetric encryption](#symmetric-encryption) | -| `chachapoly.h` | `mbedtls_chachapoly_` | [Symmetric encryption](#symmetric-encryption) | +| `chachapoly.h` | `mbedtls_chachapoly_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | | `check_config.h` | N/A | No public APIs (internal support header) | | `cipher.h` | `mbedtls_cipher_` | [Symmetric encryption](#symmetric-encryption) | -| `cmac.h` | `mbedtls_cmac_` | [Hashes and MAC](#hashes-and-mac), [MAC calculation](#mac-calculation) | +| `cmac.h` | `mbedtls_cipher_cmac_` | [Hashes and MAC](#hashes-and-mac), [MAC calculation](#mac-calculation) | | `compat-2.x.h` | various | None (transitional APIs) | | `config_psa.h` | N/A | No public APIs (internal support header) | -| `constant_time.h` | `mbedtls_constant_time_` | [Constant-time functions](#constant-time-functions) | +| `constant_time.h` | `mbedtls_ct_` | [Constant-time functions](#constant-time-functions) | | `ctr_drbg.h` | `mbedtls_ctr_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | | `debug.h` | `mbedtls_debug_` | No change (not a crypto API) | | `des.h` | `mbedtls_des_` | [Symmetric encryption](#symmetric-encryption) | @@ -105,7 +105,7 @@ PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthed | `ecjpake.h` | `mbedtls_ecjpake_` | [EC-JPAKE](#ec-jpake) | | `ecp.h` | `mbedtls_ecp_` | [Asymmetric cryptography](#asymmetric-cryptography) | | `entropy.h` | `mbedtls_entropy_` | [Random generation interface](#random-generation-interface), [Entropy sources](#entropy-sources) | -| `error.h` | `mbedtls_error_` | [Error messages](#error-messages) | +| `error.h` | `mbedtls_*err*` | [Error messages](#error-messages) | | `gcm.h` | `mbedtls_gcm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | | `hkdf.h` | `mbedtls_hkdf_` | [HKDF](#hkdf) | | `hmac_drbg.h` | `mbedtls_hmac_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | @@ -123,11 +123,11 @@ PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthed | `pkcs7.h` | `mbedtls_pkcs7_` | No change (not a crypto API) | | `pkcs12.h` | `mbedtls_pkcs12_` | [PKCS#12 module](#pkcs12-module) | | `platform.h` | `mbedtls_platform_` | No change (not a crypto API) | -| `platform_time.h` | `mbedtls_platform_time_` | No change (not a crypto API) | -| `platform_util.h` | `mbedtls_platform_util_` | No change (not a crypto API) | +| `platform_time.h` | `mbedtls_*time*` | No change (not a crypto API) | +| `platform_util.h` | `mbedtls_platform_` | No change (not a crypto API) | | `poly1305.h` | `mbedtls_poly1305_` | None (but there is Chacha20-Poly1305 [AEAD](#symmetric-encryption)) | | `private_access.h` | N/A | No public APIs (internal support header) | -| `psa_util.h` | `mbedtls_psa_` | No public APIs (internal support header) | +| `psa_util.h` | N/A | No public APIs (internal support header) | | `ripemd160.h` | `mbedtls_ripemd160_` | [Hashes and MAC](#hashes-and-mac) | | `rsa.h` | `mbedtls_rsa_` | [Asymmetric cryptography](#asymmetric-cryptography) | | `sha1.h` | `mbedtls_sha1_` | [Hashes and MAC](#hashes-and-mac) | @@ -136,7 +136,7 @@ PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthed | `sha512.h` | `mbedtls_sha512_` | [Hashes and MAC](#hashes-and-mac) | | `ssl.h` | `mbedtls_ssl_` | No change (not a crypto API) | | `ssl_cache.h` | `mbedtls_ssl_cache_` | No change (not a crypto API) | -| `ssl_ciphersuites.h` | `mbedtls_ssl_ciphersuites_` | No change (not a crypto API) | +| `ssl_ciphersuites.h` | `mbedtls_ssl_ciphersuite_` | No change (not a crypto API) | | `ssl_cookie.h` | `mbedtls_ssl_cookie_` | No change (not a crypto API) | | `ssl_ticket.h` | `mbedtls_ssl_ticket_` | No change (not a crypto API) | | `threading.h` | `mbedtls_threading_` | No change (not a crypto API) | From 02112cc9a1ad23ef93bd7f96974e5aea623dcc10 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2023 21:17:27 +0100 Subject: [PATCH 129/653] Update PBKDF2 availability for 3.5 Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 79780564a5..304b16c55c 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -574,7 +574,7 @@ PSA Crypto provides access to HKDF, HKDF-Extract and HKDF-Expand via its [key de ### PKCS#5 module -Applications currently using `mbedtls_pkcs5_pbkdf2_hmac` or `mbedtls_pkcs5_pbkdf2_hmac_ext` can switch to the PSA key derivation API for PBKDF2 (not yet implemented at the time of writing, scheduled to be released in Mbed TLS 3.5). This is a generic interface using an operation object with one function call for each input and one function call for each output. +Applications currently using `mbedtls_pkcs5_pbkdf2_hmac` or `mbedtls_pkcs5_pbkdf2_hmac_ext` can switch to the PSA key derivation API for PBKDF2. This is a generic interface using an operation object with one function call for each input and one function call for each output. 1. Create an operation object of type [`psa_key_derivation_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga5f099b63799a0959c3d46718c86c2609) and zero-initialize it (or use the corresponding `INIT` macro). 2. Call [`psa_key_derivation_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69). For PBKDF2-HMAC, select `PSA_ALG_PBKDF2_HMAC(hash)` where `hash` is the underlying hash algorithm (see “[Hash mechanism selection](#hash-mechanism-selection)”). @@ -584,7 +584,7 @@ Applications currently using `mbedtls_pkcs5_pbkdf2_hmac` or `mbedtls_pkcs5_pbkdf 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the password. 5. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks. Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key. - If you want to verify the output against an expected value (for authentication, rather than to derive key material), call [`psa_key_derivation_verify_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gaf01520beb7ba932143ffe733b0795b08) or [`psa_key_derivation_verify_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac041714e34a94742e8ee006ac7dfea5a) instead of `psa_key_derivation_output_bytes`. + If you want to verify the output against an expected value (for authentication, rather than to derive key material), call [`psa_key_derivation_verify_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gaf01520beb7ba932143ffe733b0795b08) or [`psa_key_derivation_verify_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac041714e34a94742e8ee006ac7dfea5a) instead of `psa_key_derivation_output_bytes`. (Note that the `verify` functions are not yet present in the 3.5 release of Mbed TLS. They are expected to be released in version 3.6.0.) 6. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object. The function `mbedtls_pkcs5_pbes2` is only intended as a support function to parse encrypted private keys in the PK module. It has no PSA equivalent. From c3fd0958ce9ad1271a476e80e7dd57a4e3818298 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2023 21:18:04 +0100 Subject: [PATCH 130/653] typo Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 304b16c55c..f4245cf6a5 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -591,7 +591,7 @@ The function `mbedtls_pkcs5_pbes2` is only intended as a support function to par ### PKCS#12 module -The functions `mbedtls_pkcs12_derivation` and `mbedtls_pkcs12_pbes2` are only intended as support functions to parse encrypted private keys in the PK module. They have no PSA equivalent. +The functions `mbedtls_pkcs12_derivation` and `mbedtls_pkcs12_pbe` are only intended as support functions to parse encrypted private keys in the PK module. They have no PSA equivalent. ## Random generation From 1097d4e73168fea015fa23d5cada5e0530daead5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2023 21:18:10 +0100 Subject: [PATCH 131/653] Minor clarification Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index f4245cf6a5..41ae99e7e0 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -52,7 +52,7 @@ To make the PSA API available, make sure that the configuration option [`MBEDTLS You should probably enable [`MBEDTLS_USE_PSA_CRYPTO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a70fd7b97d5f11170546583f2095942a6) as well (it is disabled by default). This option causes the PK, X.509 and TLS modules to use PSA crypto under the hood. Some functions that facilitate the transition (for example, to convert between metadata encodings or between key representations) are only available when `MBEDTLS_USE_PSA_CRYPTO` is enabled. -By default, the PSA crypto API offers a similar set of cryptographic mechanisms as those offered by the legacy API. The PSA crypto API also has its own configuration mechanism; see “[Cryptographic mechanism availability](#cryptographic-mechanism-availability)”. +By default, the PSA crypto API offers a similar set of cryptographic mechanisms as those offered by the legacy API (configured by `MBEDTLS_XXX` macros). The PSA crypto API also has its own configuration mechanism; see “[Cryptographic mechanism availability](#cryptographic-mechanism-availability)”. ### Header files From 2bef7fbc8dd6e84b5e980747a4baed9552a42bf9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 12:02:54 +0800 Subject: [PATCH 132/653] tls13: early_data: cli: remove guard to fix failure Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index bdb34247dc..2c76ad1c41 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2152,9 +2152,7 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) int ret; unsigned char *buf; size_t buf_len; -#if defined(MBEDTLS_SSL_EARLY_DATA) mbedtls_ssl_handshake_params *handshake = ssl->handshake; -#endif MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse encrypted extensions")); From e72dfff1d68378da70757eeedb47e427c5f9186f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 12:05:12 +0800 Subject: [PATCH 133/653] tls13: early_data: cli: improve comment Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 2c76ad1c41..62e99cfec8 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2207,8 +2207,7 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) /* * Move `session_negotiate->ciphersuite` assignment here which after - * early data cipher suite check when receiving "early_data" extension - * in EncryptedExtensions. + * early data cipher suite check. * * We compute transform_handshake by the cipher suite chosen from * the server in `handshake`. `session_negotiate->ciphersuite` is the From e32fac3d23fe25c242f424be1ef25ff378a3b64f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 1 Dec 2023 16:25:16 +0800 Subject: [PATCH 134/653] remove wait_flight2 state Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 1 - library/ssl_tls13_server.c | 35 ----------------------------------- 2 files changed, 36 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2bca21a2f2..043988f255 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -692,7 +692,6 @@ typedef enum { MBEDTLS_SSL_HELLO_RETRY_REQUEST, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, MBEDTLS_SSL_END_OF_EARLY_DATA, - MBEDTLS_SSL_WAIT_FLIGHT2, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index db6140eb0a..c7dbb53888 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2815,37 +2815,6 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) return 0; } -/* - * Handler for MBEDTLS_SSL_WAIT_FLIGHT2 - * - * RFC 8446 section A.2 - * - * WAIT_FLIGHT2 - * | - * +--------+--------+ - * No auth | | Client auth - * | | - * | v - * | WAIT_CERT - * | Recv | | Recv Certificate - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_wait_flight2(mbedtls_ssl_context *ssl) -{ - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_process_wait_flight2")); - - if (ssl->handshake->certificate_request_sent) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate")); - MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify")); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_process_wait_flight2")); - return 0; -} - #if defined(MBEDTLS_SSL_EARLY_DATA) /* * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA( WAIT_EOED ) @@ -3378,10 +3347,6 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) ret = ssl_tls13_write_server_finished(ssl); break; - case MBEDTLS_SSL_WAIT_FLIGHT2: - ret = ssl_tls13_process_wait_flight2(ssl); - break; - #if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_SSL_END_OF_EARLY_DATA: ret = ssl_tls13_process_wait_eoed(ssl); From 9b72e3970150416e2f8dc9d60526693fabdb6539 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 1 Dec 2023 16:27:08 +0800 Subject: [PATCH 135/653] re-introduce process_wait_flight2 Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 56 +++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index c7dbb53888..1f834420a4 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2758,6 +2758,60 @@ static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ + +/* + * RFC 8446 section A.2 + * + * | Send ServerHello + * | K_send = handshake + * | Send EncryptedExtensions + * | [Send CertificateRequest] + * Can send | [Send Certificate + CertificateVerify] + * app data | Send Finished + * after --> | K_send = application + * here +--------+--------+ + * No 0-RTT | | 0-RTT + * | | + * K_recv = handshake | | K_recv = early data + * [Skip decrypt errors] | +------> WAIT_EOED -+ + * | | Recv | | Recv EndOfEarlyData + * | | early data | | K_recv = handshake + * | +------------+ | + * | | + * +> WAIT_FLIGHT2 <--------+ + * | + * +--------+--------+ + * No auth | | Client auth + * | | + * | v + * | WAIT_CERT + * | Recv | | Recv Certificate + * | empty | v + * | Certificate | WAIT_CV + * | | | Recv + * | v | CertificateVerify + * +-> WAIT_FINISHED <---+ + * | Recv Finished + * + * + * The following function handles the state changes after WAIT_FLIGHT2 in the + * above diagram. + */ +static void ssl_tls13_process_wait_flight2(mbedtls_ssl_context *ssl) +{ + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_process_wait_flight2")); + + if (ssl->handshake->certificate_request_sent) { + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate")); + MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify")); + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); + } + + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_process_wait_flight2")); +} + /* * Handler for MBEDTLS_SSL_SERVER_FINISHED */ @@ -2810,7 +2864,7 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic")); mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_WAIT_FLIGHT2); + ssl_tls13_process_wait_flight2(ssl); return 0; } From 59d420f17b6bf8f39c74ce020152c024b74de8fc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 1 Dec 2023 16:30:34 +0800 Subject: [PATCH 136/653] empty process_end_of_early_data Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 87 ++------------------------------------ 1 file changed, 4 insertions(+), 83 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 1f834420a4..7b1849cb9e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2871,92 +2871,13 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_EARLY_DATA) /* - * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA( WAIT_EOED ) - * - * RFC 8446 section A.2 - * - * | - * +------> WAIT_EOED -+ - * | Recv | | Recv EndOfEarlyData - * | early data | | K_recv = handshake - * +------------+ | - * | - * WAIT_FLIGHT2 <--------+ - * | + * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_wait_eoed(mbedtls_ssl_context *ssl) +static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_process_wait_eoed")); - - if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - /* RFC 8446 section 4.5 - * - * struct {} EndOfEarlyData; - */ - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to handshake keys for inbound traffic" - "( K_recv = handshake )")); - mbedtls_ssl_set_inbound_transform(ssl, handshake->transform_handshake); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_WAIT_FLIGHT2); - - ret = mbedtls_ssl_add_hs_hdr_to_checksum( - ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, 0); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET( - 1, ("mbedtls_ssl_add_hs_hdr_to_checksum"), ret); - } - - goto cleanup; - - } - - /* RFC 8446 section 2.3 figure 4 - * - * 0-RTT data is sent via application data message. - */ - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA) { - MBEDTLS_SSL_DEBUG_MSG( - 2, ("Unexpected message type %d", ssl->in_msgtype)); - goto cleanup; - } - - /* - * Output early data - * - * For the time being, we print received data via debug message. - * - * TODO: Remove it when `mbedtls_ssl_read_early_data` is ready. - */ - ssl->in_msg[ssl->in_msglen] = 0; - MBEDTLS_SSL_DEBUG_MSG(3, ("\n%s", ssl->in_msg)); - - /* RFC 8446 section 4.6.1 - * - * A server receiving more than max_early_data_size bytes of 0-RTT data - * SHOULD terminate the connection with an "unexpected_message" alert. - * - * TODO: Add received data size check here. - */ - - ret = 0; - -cleanup: - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, - MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); - } - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_process_wait_eoed")); + ((void) ssl); return ret; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -3403,7 +3324,7 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_SSL_END_OF_EARLY_DATA: - ret = ssl_tls13_process_wait_eoed(ssl); + ret = ssl_tls13_process_end_of_early_data(ssl); break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From d5c3496ce24986b33d471a6fee18318ed6b848ee Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 1 Dec 2023 16:32:31 +0800 Subject: [PATCH 137/653] Add dummy framework of eoed state Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 107 ++++++++++++++++++++++++++++++++++++- 1 file changed, 106 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 7b1849cb9e..4b0acf0048 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2873,11 +2873,116 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) /* * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA */ +#define SSL_END_OF_EARLY_GOT_END_OF_EARLY_DATA 0 +#define SSL_END_OF_EARLY_GOT_APPLICATION_DATA 1 +/* Coordination: + * Deals with the ambiguity of not knowing if a EndOfEarlyData will be sent. + * Returns a negative code on failure, or + * - SSL_END_OF_EARLY_GOT_END_OF_EARLY_DATA + * - SSL_END_OF_EARLY_GOT_APPLICATION_DATA + * indicating which message is received. + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + ((void) ssl); + return ret; +} + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + ((void) ssl); + ((void) buf); + ((void) end); + return ret; +} + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_process_early_application_data(mbedtls_ssl_context *ssl) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + ((void) ssl); + return ret; +} + +/* + * RFC 8446 section A.2 + * + * | Send ServerHello + * | K_send = handshake + * | Send EncryptedExtensions + * | [Send CertificateRequest] + * Can send | [Send Certificate + CertificateVerify] + * app data | Send Finished + * after --> | K_send = application + * here +--------+--------+ + * No 0-RTT | | 0-RTT + * | | + * K_recv = handshake | | K_recv = early data + * [Skip decrypt errors] | +------> WAIT_EOED -+ + * | | Recv | | Recv EndOfEarlyData + * | | early data | | K_recv = handshake + * | +------------+ | + * | | + * +> WAIT_FLIGHT2 <--------+ + * | + * +--------+--------+ + * No auth | | Client auth + * | | + * | v + * | WAIT_CERT + * | Recv | | Recv Certificate + * | empty | v + * | Certificate | WAIT_CV + * | | | Recv + * | v | CertificateVerify + * +-> WAIT_FINISHED <---+ + * | Recv Finished + * + * The function handles actions and state changes from 0-RTT to WAIT_FLIGHT2 in + * the above diagram. + */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ((void) ssl); + + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_process_end_of_early_data")); + + MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_end_of_early_data_coordinate(ssl)); + + if (ret == SSL_END_OF_EARLY_GOT_END_OF_EARLY_DATA) { + unsigned char *buf; + size_t buf_len; + + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( + ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, + &buf, &buf_len)); + + MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data( + ssl, buf, buf + buf_len)); + + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, + buf, buf_len)); + ssl_tls13_process_wait_flight2(ssl); + + } else if (ret == SSL_END_OF_EARLY_GOT_APPLICATION_DATA) { + MBEDTLS_SSL_PROC_CHK(ssl_tls13_process_early_application_data(ssl)); + } else { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto cleanup; + } + + +cleanup: + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_process_end_of_early_data")); return ret; } #endif /* MBEDTLS_SSL_EARLY_DATA */ From b4ed4602f241392a48bf1293024749b568639644 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 1 Dec 2023 16:34:00 +0800 Subject: [PATCH 138/653] implement coordinate of eoed Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4b0acf0048..83d08c5543 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2886,8 +2886,27 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ((void) ssl); - return ret; + + if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; + } + ssl->keep_current_message = 1; + + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) { + MBEDTLS_SSL_DEBUG_MSG(3, ("got end_of_early_data message.")); + return SSL_END_OF_EARLY_GOT_END_OF_EARLY_DATA; + } + + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { + MBEDTLS_SSL_DEBUG_MSG(3, ("got application_data message")); + return SSL_END_OF_EARLY_GOT_APPLICATION_DATA; + } + + MBEDTLS_SSL_DEBUG_MSG(1, ("got unexpected message.")); + + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } MBEDTLS_CHECK_RETURN_CRITICAL From 75c9ab76b59c1736720e061f721aca9bbae2801e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 1 Dec 2023 16:41:40 +0800 Subject: [PATCH 139/653] implement parser of eoed Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 83d08c5543..5e3508cdac 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2914,11 +2914,12 @@ static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + /* RFC 8446 section 4.5 + * + * struct {} EndOfEarlyData; + */ ((void) ssl); - ((void) buf); - ((void) end); - return ret; + return buf == end ? 0 : MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } MBEDTLS_CHECK_RETURN_CRITICAL From e96551276abf01c8739dbe2b928f79c81d502acc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 1 Dec 2023 16:44:40 +0800 Subject: [PATCH 140/653] switch inbound transform to handshake Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5e3508cdac..b350c7ef87 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2987,9 +2987,16 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data( ssl, buf, buf + buf_len)); + MBEDTLS_SSL_DEBUG_MSG( + 1, ("Switch to handshake keys for inbound traffic" + "( K_recv = handshake )")); + mbedtls_ssl_set_inbound_transform( + ssl, ssl->handshake->transform_handshake); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, buf, buf_len)); + ssl_tls13_process_wait_flight2(ssl); } else if (ret == SSL_END_OF_EARLY_GOT_APPLICATION_DATA) { From ee4d72955595b9e4afbe93093deba5c47be702e1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 1 Dec 2023 16:46:14 +0800 Subject: [PATCH 141/653] print received early application data Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index b350c7ef87..6245bb8632 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2926,8 +2926,38 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_process_early_application_data(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ((void) ssl); - return ret; + + if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; + } + + ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA) { + MBEDTLS_SSL_DEBUG_MSG( + 2, ("Unexpected message type %d", ssl->in_msgtype)); + return ret; + } + + /* + * Output early data + * + * For the time being, we print received data via debug message. + * + * TODO: Remove it when `mbedtls_ssl_read_early_data` is ready. + */ + ssl->in_msg[ssl->in_msglen] = 0; + MBEDTLS_SSL_DEBUG_MSG(3, ("\n%s", ssl->in_msg)); + + /* RFC 8446 section 4.6.1 + * + * A server receiving more than max_early_data_size bytes of 0-RTT data + * SHOULD terminate the connection with an "unexpected_message" alert. + * + * TODO: Add received data size check here. + */ + + return 0; } /* From 0af63dc263da296b96baff8e5cda883b3747a9f2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 1 Dec 2023 17:14:51 +0800 Subject: [PATCH 142/653] improve comments and output message Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6245bb8632..7d5362caf6 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2835,22 +2835,7 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { - /* TODO: compute early transform here? - * - * RFC 8446, section A.2 - * | Send Finished - * | K_send = application - * +--------+--------+ - * No 0-RTT | | 0-RTT - * | | - * | | K_recv = early data - * | +------> WAIT_EOED -+ - * - * early transform is set after server finished in this section. But - * it breaks our key computation, so we put early transform computation - * at the end of client hello. For the time being, I am not sure the - * benifit for moving computation here. - */ + /* See RFC 8446 section A.2 for more information */ MBEDTLS_SSL_DEBUG_MSG( 1, ("Switch to early keys for inbound traffic. " "( K_recv = early data )")); @@ -2860,8 +2845,9 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) return 0; } #endif /* MBEDTLS_SSL_EARLY_DATA */ - - MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic")); + MBEDTLS_SSL_DEBUG_MSG( + 1, ("Switch to handshake keys for inbound traffic " + "( K_recv = handshake )")); mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); ssl_tls13_process_wait_flight2(ssl); From 03a00768c0dea338801e7966b263f5940151146f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 17:40:19 +0800 Subject: [PATCH 143/653] tls13: early_data: cli: improve comment This commit improves comment of the check for handshake parameters in Encrypted Extension. Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 62e99cfec8..0cdb02b6cc 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2182,14 +2182,15 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) * - The selected cipher suite * - The selected ALPN [RFC7301] protocol, if any * - * When parsing EncryptedExtensions, the client does not know if - * the server will accept early data and select the first proposed - * pre-shared key with a cipher suite that is different from the - * cipher suite associated to the selected pre-shared key. To address - * aforementioned case, when early data is involved, we check: - * - the selected pre-shared key is the first proposed one - * - the selected cipher suite same as the one associated with the - * pre-shared key. + * The server has sent an early data extension in its Encrypted + * Extension message thus accepted to receive early data. We + * check here that the additional constraints on the handshake + * parameters, when early data are exchanged, are met, + * namely: + * - the selected PSK for the handshake was the first one proposed + * by the client. + * - the selected ciphersuite for the handshake is the ciphersuite + * associated with the selected PSK. */ if (handshake->selected_identity != 0 || handshake->ciphersuite_info->id != From 9ae6534c201473aafb511fa8ec2b29817a88d00f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 17:46:06 +0800 Subject: [PATCH 144/653] tls13: early_data: cli: improve comment This commit improves comment of why we assign the identifier of the ciphersuite in handshake to `ssl->session_negotiate`. Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0cdb02b6cc..4273f38c0b 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2207,13 +2207,14 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) #endif /* - * Move `session_negotiate->ciphersuite` assignment here which after - * early data cipher suite check. - * - * We compute transform_handshake by the cipher suite chosen from - * the server in `handshake`. `session_negotiate->ciphersuite` is the - * cipher suite negotiated in previous connection and it is not used for - * computing transform_handshake. + * In case the client has proposed a PSK associated with a ticket, + * `ssl->session_negotiate->ciphersuite` still contains at this point the + * identifier of the ciphersuite associated with the ticket. This is that + * way because, if an exchange of early data is agreed upon, we need + * it to check that the ciphersuite selected for the handshake is the + * ticket ciphersuite (see above). This information is not needed + * anymore thus we can now set it to the identifier of the ciphersuite + * used in this session under negotiation. */ ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; From 99030e2a506cf7edc5611538a137658948d97179 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 1 Dec 2023 09:52:35 +0000 Subject: [PATCH 145/653] Remove trailing whitespace Signed-off-by: Thomas Daubney --- scripts/mbedtls_dev/build_tree.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index 86c8389000..14790fc9cc 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -24,7 +24,7 @@ def looks_like_root(path: str) -> bool: def crypto_core_directory(root: Optional[str] = None) -> str: """ - Return the path of the directory containing the PSA crypto core + Return the path of the directory containing the PSA crypto core for either TF-PSA-Crypto or Mbed TLS. """ if root is None: From 304fa091cf47fcdc4e289c1c2e5aa23abf856384 Mon Sep 17 00:00:00 2001 From: Oldes Huhuman Date: Fri, 1 Dec 2023 12:23:26 +0100 Subject: [PATCH 146/653] Shortening a comment line Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562 Signed-off-by: Oldes Huhuman --- library/platform_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index cc463402ce..63643d26fc 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -245,7 +245,7 @@ extern inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x); (defined(unix) || defined(__unix) || defined(__unix__) || \ (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__)) #include -#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__) || defined(__HAIKU__)) */ +#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__) || __HAIKU__) */ #if (defined(_POSIX_VERSION) && _POSIX_VERSION >= 199309L) || defined(__HAIKU__) mbedtls_ms_time_t mbedtls_ms_time(void) { From f1be1f6740b2148b4f2004da476ed8143d51c2cd Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 1 Dec 2023 13:53:45 +0000 Subject: [PATCH 147/653] Remove unused code Signed-off-by: Dave Rodgman --- library/constant_time.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index c7077c3523..d212ddfd81 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -21,19 +21,6 @@ #include -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#include "psa/crypto.h" -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif - #if !defined(MBEDTLS_CT_ASM) /* * Define an object with the value zero, such that the compiler cannot prove that it From 744577a429d3815169a590f5ca7d7b0118c99e9f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 22:33:59 +0800 Subject: [PATCH 148/653] tls13: early_data: cli: check a PSK has been selected in EE Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 4273f38c0b..1e1223e7ee 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2187,12 +2187,14 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) * check here that the additional constraints on the handshake * parameters, when early data are exchanged, are met, * namely: + * - a PSK has been selected for the handshake * - the selected PSK for the handshake was the first one proposed * by the client. * - the selected ciphersuite for the handshake is the ciphersuite * associated with the selected PSK. */ - if (handshake->selected_identity != 0 || + if ((!mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) || + handshake->selected_identity != 0 || handshake->ciphersuite_info->id != ssl->session_negotiate->ciphersuite) { From 4577bda6d52d6954eb00fd0ebfc516772a20f601 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 1 Dec 2023 16:51:24 +0100 Subject: [PATCH 149/653] pkcs[5|12]: use cipher enums for encrypt and decrypt Instead of re-defining MBEDTLS_PKCS5_[EN/DE]CRYPT and MBEDTLS_PKCS12_PBE_[EN/DE]CRYPT from scratch, since these values are to be used with the mbedtls_cipher_setkey() function, ensure that their value matches with enums in cipher.h. Signed-off-by: Valerio Setti --- include/mbedtls/pkcs12.h | 4 ++-- include/mbedtls/pkcs5.h | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index 42e84538ac..09f89a23a4 100644 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -31,8 +31,8 @@ #define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */ #define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */ -#define MBEDTLS_PKCS12_PBE_DECRYPT 0 -#define MBEDTLS_PKCS12_PBE_ENCRYPT 1 +#define MBEDTLS_PKCS12_PBE_DECRYPT MBEDTLS_DECRYPT +#define MBEDTLS_PKCS12_PBE_ENCRYPT MBEDTLS_ENCRYPT #ifdef __cplusplus extern "C" { diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index e004f4555c..6cfe96769b 100644 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -17,6 +17,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/md.h" +#include "mbedtls/cipher.h" #include #include @@ -30,8 +31,8 @@ /** Given private key password does not allow for correct decryption. */ #define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00 -#define MBEDTLS_PKCS5_DECRYPT 0 -#define MBEDTLS_PKCS5_ENCRYPT 1 +#define MBEDTLS_PKCS5_DECRYPT MBEDTLS_DECRYPT +#define MBEDTLS_PKCS5_ENCRYPT MBEDTLS_ENCRYPT #ifdef __cplusplus extern "C" { From 04c446cc2131781303f4b09f80c08a9f418ede2c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 1 Dec 2023 17:18:38 +0000 Subject: [PATCH 150/653] Modify crypto_core_directory to also return a relative path Signed-off-by: Thomas Daubney --- scripts/mbedtls_dev/build_tree.py | 9 ++++++++- tests/scripts/test_psa_compliance.py | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index 14790fc9cc..ec67e4cdfa 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -22,16 +22,23 @@ def looks_like_mbedtls_root(path: str) -> bool: def looks_like_root(path: str) -> bool: return looks_like_tf_psa_crypto_root(path) or looks_like_mbedtls_root(path) -def crypto_core_directory(root: Optional[str] = None) -> str: +def crypto_core_directory(root: Optional[str] = None, relative: Optional[bool] = False) -> str: """ Return the path of the directory containing the PSA crypto core for either TF-PSA-Crypto or Mbed TLS. + + Returns either the full path or relative path depending on the + "relative" boolean argument. """ if root is None: root = guess_project_root() if looks_like_tf_psa_crypto_root(root): + if relative: + return "core" return os.path.join(root, "core") elif looks_like_mbedtls_root(root): + if relative: + return "library" return os.path.join(root, "library") else: raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 984ddf3e17..57e4fbd526 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -51,7 +51,7 @@ def main(library_build_dir: str): in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir) crypto_name = build_tree.crypto_library_filename(root_dir) - library_subdir = build_tree.crypto_core_directory(root_dir) + library_subdir = build_tree.crypto_core_directory(root_dir, relative = True) crypto_lib_filename = (library_build_dir + '/' + library_subdir + '/' + From 3a0690647e98f40837336ba96dee97ec7b6a3422 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 1 Dec 2023 18:27:25 +0000 Subject: [PATCH 151/653] Use guess_mbedtls_root in Mbed-TLS-only script Signed-off-by: Thomas Daubney --- tests/scripts/audit-validity-dates.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index ab09b4a1e6..96b705a281 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -265,7 +265,7 @@ class Auditor: @staticmethod def find_test_dir(): """Get the relative path for the Mbed TLS test directory.""" - return os.path.relpath(build_tree.guess_project_root() + '/tests') + return os.path.relpath(build_tree.guess_mbedtls_root() + '/tests') class TestDataAuditor(Auditor): From 10769bca9eeafb7b417a76142ee812760b9b82f1 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 1 Dec 2023 23:47:59 +0000 Subject: [PATCH 152/653] Fix bad whitespace in keyword argument assignment Signed-off-by: Thomas Daubney --- tests/scripts/test_psa_compliance.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 57e4fbd526..0d56ddfd97 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -51,7 +51,7 @@ def main(library_build_dir: str): in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir) crypto_name = build_tree.crypto_library_filename(root_dir) - library_subdir = build_tree.crypto_core_directory(root_dir, relative = True) + library_subdir = build_tree.crypto_core_directory(root_dir, relative=True) crypto_lib_filename = (library_build_dir + '/' + library_subdir + '/' + From 3be850782c8d89edffae4ca813a6203ba514d15b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 4 Dec 2023 09:58:54 +0800 Subject: [PATCH 153/653] fix various issues - improve comments - rename function and macros name - remove unnecessary comments - remove extra empty lines - remove unnecessary condition Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 61 +++++++++++++------------------------- 1 file changed, 21 insertions(+), 40 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 7d5362caf6..2e51572a62 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2758,7 +2758,6 @@ static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - /* * RFC 8446 section A.2 * @@ -2795,11 +2794,15 @@ static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) * * * The following function handles the state changes after WAIT_FLIGHT2 in the - * above diagram. + * above diagram. We are not going to receive early data related messages + * anymore, prepare to receive the first handshake message of the client + * second flight. */ -static void ssl_tls13_process_wait_flight2(mbedtls_ssl_context *ssl) +static void ssl_tls13_prepare_for_handshake_second_flight( + mbedtls_ssl_context *ssl) { - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_process_wait_flight2")); + MBEDTLS_SSL_DEBUG_MSG( + 2, ("=> ssl_tls13_prepare_for_handshake_second_flight")); if (ssl->handshake->certificate_request_sent) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); @@ -2809,7 +2812,8 @@ static void ssl_tls13_process_wait_flight2(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); } - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_process_wait_flight2")); + MBEDTLS_SSL_DEBUG_MSG( + 2, ("<= ssl_tls13_prepare_for_handshake_second_flight")); } /* @@ -2850,7 +2854,7 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) "( K_recv = handshake )")); mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); - ssl_tls13_process_wait_flight2(ssl); + ssl_tls13_prepare_for_handshake_second_flight(ssl); return 0; } @@ -2859,13 +2863,14 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) /* * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA */ -#define SSL_END_OF_EARLY_GOT_END_OF_EARLY_DATA 0 -#define SSL_END_OF_EARLY_GOT_APPLICATION_DATA 1 +#define SSL_GOT_END_OF_EARLY_DATA 0 +#define SSL_GOT_APPLICATION_DATA 1 /* Coordination: - * Deals with the ambiguity of not knowing if a EndOfEarlyData will be sent. + * Deals with the ambiguity of not knowing if the next message is an + * EndOfEarlyData message or an application message containing early data. * Returns a negative code on failure, or - * - SSL_END_OF_EARLY_GOT_END_OF_EARLY_DATA - * - SSL_END_OF_EARLY_GOT_APPLICATION_DATA + * - SSL_GOT_END_OF_EARLY_DATA + * - SSL_GOT_APPLICATION_DATA * indicating which message is received. */ MBEDTLS_CHECK_RETURN_CRITICAL @@ -2882,12 +2887,12 @@ static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) { MBEDTLS_SSL_DEBUG_MSG(3, ("got end_of_early_data message.")); - return SSL_END_OF_EARLY_GOT_END_OF_EARLY_DATA; + return SSL_GOT_END_OF_EARLY_DATA; } if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { MBEDTLS_SSL_DEBUG_MSG(3, ("got application_data message")); - return SSL_END_OF_EARLY_GOT_APPLICATION_DATA; + return SSL_GOT_APPLICATION_DATA; } MBEDTLS_SSL_DEBUG_MSG(1, ("got unexpected message.")); @@ -2918,13 +2923,6 @@ static int ssl_tls13_process_early_application_data(mbedtls_ssl_context *ssl) return ret; } - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA) { - MBEDTLS_SSL_DEBUG_MSG( - 2, ("Unexpected message type %d", ssl->in_msgtype)); - return ret; - } - /* * Output early data * @@ -2992,7 +2990,7 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_end_of_early_data_coordinate(ssl)); - if (ret == SSL_END_OF_EARLY_GOT_END_OF_EARLY_DATA) { + if (ret == SSL_GOT_END_OF_EARLY_DATA) { unsigned char *buf; size_t buf_len; @@ -3013,9 +3011,9 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, buf, buf_len)); - ssl_tls13_process_wait_flight2(ssl); + ssl_tls13_prepare_for_handshake_second_flight(ssl); - } else if (ret == SSL_END_OF_EARLY_GOT_APPLICATION_DATA) { + } else if (ret == SSL_GOT_APPLICATION_DATA) { MBEDTLS_SSL_PROC_CHK(ssl_tls13_process_early_application_data(ssl)); } else { MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); @@ -3023,7 +3021,6 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) goto cleanup; } - cleanup: MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_process_end_of_early_data")); return ret; @@ -3450,22 +3447,6 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - /* RFC 8446 section A.2 - * - * | Send Finished ( SERVER_FINISHED ) - * | K_send = application - * +--------+--------+ - * No 0-RTT | | 0-RTT - * | | - * K_recv = handshake | | K_recv = early data - * [Skip decrypt errors] | +------> WAIT_EOED -+ - * | | Recv | | Recv EndOfEarlyData - * | | early data | | K_recv = handshake - * | +------------+ | - * | | - * +> WAIT_FLIGHT2 <--------+ - * | - */ case MBEDTLS_SSL_SERVER_FINISHED: ret = ssl_tls13_write_server_finished(ssl); break; From fbf039932ad0a824b3b222b659c4ec76bd35bc2e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 4 Dec 2023 10:00:37 +0800 Subject: [PATCH 154/653] Send decode error alert when EOED parsing fail Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2e51572a62..65688cffc8 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2910,7 +2910,12 @@ static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl, * struct {} EndOfEarlyData; */ ((void) ssl); - return buf == end ? 0 : MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + if (buf != end) { + MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR); + return MBEDTLS_ERR_SSL_DECODE_ERROR; + } + return 0; } MBEDTLS_CHECK_RETURN_CRITICAL From 7bb40a36503f5a649141d3a69b1371c63e804e4b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 4 Dec 2023 10:04:15 +0800 Subject: [PATCH 155/653] send unexpected alert when not received eoed or app during reading early data Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 65688cffc8..1c359a2685 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2897,6 +2897,8 @@ static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(1, ("got unexpected message.")); + MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, + MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } From fb0f47b1f8c7dc79a4ac550747796f02b76949b9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 4 Dec 2023 15:27:28 +0800 Subject: [PATCH 156/653] tls13: srv: check tls version in ClientHello with min_tls_version When server is configured as TLS 1.3 only and receives ClientHello from a TLS 1.2 only client, it's expected to abort the handshake instead of downgrading protocol to TLS 1.2 and continuing handshake. This commit adds a check to make sure server min_tls_version always larger than received version in ClientHello. Signed-off-by: Yanray Wang --- library/ssl_tls13_server.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d983a00395..b3f25b5e87 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1920,6 +1920,15 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) * will dispatch to the TLS 1.2 state machine. */ if (SSL_CLIENT_HELLO_TLS1_2 == parse_client_hello_ret) { + /* Check if server supports TLS 1.2 */ + if (ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2) { + MBEDTLS_SSL_DEBUG_MSG( + 1, ("Unsupported version of TLS 1.2 was received")); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } ssl->keep_current_message = 1; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; return 0; From 3d82ffce5bd6c00d3b96f214326b8c3c0b91c6ec Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 4 Dec 2023 15:32:20 +0800 Subject: [PATCH 157/653] ssl-opt: test handshake for TLS 1.2 only cli with TLS 1.3 only srv Signed-off-by: Yanray Wang --- tests/ssl-opt.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4762285b00..e67cf02f08 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11613,6 +11613,22 @@ run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.2" \ -S "Version: TLS1.2" \ -C "Protocol : TLSv1.2" +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 m->m: Not supported version check: cli TLS 1.2 only, srv TLS 1.3 only, fail" \ + "$P_SRV debug_level=4 max_version=tls13 min_version=tls13" \ + "$P_CLI debug_level=4 max_version=tls12 min_version=tls12" \ + 1 \ + -c "The SSL configuration is tls12 only" \ + -c "supported_versions(43) extension does not exist." \ + -c "A fatal alert message was received from our peer" \ + -s "The SSL configuration is tls13 only" \ + -s "Unsupported version of TLS 1.2 was received" \ + -s "! mbedtls_ssl_handshake returned" + requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C From 40a93dff3291682ffaad1d873fdbf9bad470b40d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:14:47 +0100 Subject: [PATCH 158/653] all.sh: keep CTR_DRBG enabled in test_psa_crypto_config_accel_cipher_aead() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 462597ba6e..3e4baa71e8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3729,7 +3729,6 @@ common_psa_crypto_config_accel_cipher_aead() { scripts/config.py unset MBEDTLS_PKCS5_C scripts/config.py unset MBEDTLS_PKCS12_C - scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_NIST_KW_C } From fbefe04bf3fa8e2a1e6233251a3d755b8501eda2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:15:43 +0100 Subject: [PATCH 159/653] check_config: fix requirements for CTR_DRBG The module now depends on either: - AES_C, which is the default and the preferred solution for backward compatibility - CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the new solution when AES_C is not defined Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 9b5b6467ea..34ddcb1596 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -153,7 +153,9 @@ #endif /* not all curves accelerated */ #endif /* some curve accelerated */ -#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \ + (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_AES) && \ + defined(PSA_WANT_ALG_ECB_NO_PADDING))) #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #endif From 5f4b28defc85f95498e0dc9332c2a094d0125cb4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:18:16 +0100 Subject: [PATCH 160/653] ctr_drbg: add alternative PSA implementation when AES_C is not defined Signed-off-by: Valerio Setti --- include/mbedtls/ctr_drbg.h | 18 +++++ library/ctr_drbg.c | 148 ++++++++++++++++++++++++++++++++++++- 2 files changed, 164 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index d1f19e6071..c00756df1b 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -32,7 +32,14 @@ #include "mbedtls/build_info.h" +/* In case AES_C is defined then it is the primary option for backward + * compatibility purposes. If that's not available, PSA is used instead */ +#if defined(MBEDTLS_AES_C) #include "mbedtls/aes.h" +#else +#include "psa/crypto.h" +#endif + #include "entropy.h" #if defined(MBEDTLS_THREADING_C) @@ -150,6 +157,13 @@ extern "C" { #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2 #endif +#if !defined(MBEDTLS_AES_C) +typedef struct mbedtls_ctr_drbg_psa_context { + mbedtls_svc_key_id_t key_id; + psa_cipher_operation_t operation; +} mbedtls_ctr_drbg_psa_context; +#endif + /** * \brief The CTR_DRBG context structure. */ @@ -175,7 +189,11 @@ typedef struct mbedtls_ctr_drbg_context { * This is the maximum number of requests * that can be made between reseedings. */ +#if defined(MBEDTLS_AES_C) mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ +#else + mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */ +#endif /* * Callbacks (Entropy) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index cf3816e9fd..da34f950b8 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -24,15 +24,60 @@ #include #endif +/* Using error translation functions from PSA to MbedTLS */ +#if !defined(MBEDTLS_AES_C) +#include "psa_util_internal.h" +#endif + #include "mbedtls/platform.h" +#if !defined(MBEDTLS_AES_C) +static psa_status_t ctr_drbg_setup_psa_context(mbedtls_ctr_drbg_psa_context *psa_ctx, + unsigned char *key, size_t key_len) +{ + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status; + + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_ENCRYPT); + psa_set_key_algorithm(&key_attr, PSA_ALG_ECB_NO_PADDING); + psa_set_key_type(&key_attr, PSA_KEY_TYPE_AES); + status = psa_import_key(&key_attr, key, key_len, &psa_ctx->key_id); + if (status != PSA_SUCCESS) { + goto exit; + } + + status = psa_cipher_encrypt_setup(&psa_ctx->operation, psa_ctx->key_id, PSA_ALG_ECB_NO_PADDING); + if (status != PSA_SUCCESS) { + goto exit; + } + +exit: + psa_reset_key_attributes(&key_attr); + return status; +} + +static void ctr_drbg_destroy_psa_contex(mbedtls_ctr_drbg_psa_context *psa_ctx) +{ + psa_cipher_abort(&psa_ctx->operation); + psa_destroy_key(psa_ctx->key_id); + + psa_ctx->operation = psa_cipher_operation_init(); + psa_ctx->key_id = MBEDTLS_SVC_KEY_ID_INIT; +} +#endif + /* * CTR_DRBG context initialization */ void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx) { memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context)); +#if defined(MBEDTLS_AES_C) mbedtls_aes_init(&ctx->aes_ctx); +#else + ctx->psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; + ctx->psa_ctx.operation = psa_cipher_operation_init(); +#endif /* Indicate that the entropy nonce length is not set explicitly. * See mbedtls_ctr_drbg_set_nonce_len(). */ ctx->reseed_counter = -1; @@ -56,7 +101,11 @@ void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx) mbedtls_mutex_free(&ctx->mutex); } #endif +#if defined(MBEDTLS_AES_C) mbedtls_aes_free(&ctx->aes_ctx); +#else + ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); +#endif mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context)); ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL; ctx->reseed_counter = -1; @@ -117,8 +166,17 @@ static int block_cipher_df(unsigned char *output, unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE]; unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; unsigned char *p, *iv; - mbedtls_aes_context aes_ctx; int ret = 0; +#if defined(MBEDTLS_AES_C) + mbedtls_aes_context aes_ctx; +#else + psa_status_t status; + size_t tmp_len; + mbedtls_ctr_drbg_psa_context psa_ctx; + + psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_ctx.operation = psa_cipher_operation_init(); +#endif int i, j; size_t buf_len, use_len; @@ -129,7 +187,6 @@ static int block_cipher_df(unsigned char *output, memset(buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16); - mbedtls_aes_init(&aes_ctx); /* * Construct IV (16 bytes) and S in buffer @@ -151,10 +208,20 @@ static int block_cipher_df(unsigned char *output, key[i] = i; } +#if defined(MBEDTLS_AES_C) + mbedtls_aes_init(&aes_ctx); + if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } +#else + status = ctr_drbg_setup_psa_context(&psa_ctx, key, sizeof(key)); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif /* * Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data @@ -170,10 +237,19 @@ static int block_cipher_df(unsigned char *output, use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain)) != 0) { goto exit; } +#else + status = psa_cipher_update(&psa_ctx.operation, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE, + chain, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif } memcpy(tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE); @@ -187,23 +263,46 @@ static int block_cipher_df(unsigned char *output, /* * Do final encryption with reduced data */ +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } +#else + ctr_drbg_destroy_psa_contex(&psa_ctx); + + status = ctr_drbg_setup_psa_context(&psa_ctx, tmp, MBEDTLS_CTR_DRBG_KEYSIZE); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE; p = output; for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv)) != 0) { goto exit; } +#else + status = psa_cipher_update(&psa_ctx.operation, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE, + iv, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE); p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } exit: +#if defined(MBEDTLS_AES_C) mbedtls_aes_free(&aes_ctx); +#else + ctr_drbg_destroy_psa_contex(&psa_ctx); +#endif /* * tidy up the stack */ @@ -236,6 +335,10 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, unsigned char *p = tmp; int i, j; int ret = 0; +#if !defined(MBEDTLS_AES_C) + psa_status_t status; + size_t tmp_len; +#endif memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN); @@ -252,10 +355,19 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, /* * Crypt counter block */ +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p)) != 0) { goto exit; } +#else + status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter), + p, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } @@ -267,10 +379,20 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, /* * Update key and counter */ +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } +#else + ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); + + status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, tmp, MBEDTLS_CTR_DRBG_KEYSIZE); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE); @@ -447,10 +569,20 @@ int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, good_nonce_len(ctx->entropy_len)); /* Initialize with an empty key. */ +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { return ret; } +#else + psa_status_t status; + + status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, key, MBEDTLS_CTR_DRBG_KEYSIZE); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + return status; + } +#endif /* Do the initial seeding. */ if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len, @@ -531,10 +663,22 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, /* * Crypt counter block */ +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp)) != 0) { goto exit; } +#else + psa_status_t status; + size_t tmp_len; + + status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter), + tmp, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif use_len = (output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len; From 402cfba4dce9bd954be534e3d0de4460dd7ec670 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:24:32 +0100 Subject: [PATCH 161/653] psa: free RNG implementation before checking for remaining open key slots Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 9 +++++++++ library/psa_crypto.c | 24 ++++++++++++------------ tests/include/test/psa_crypto_helpers.h | 11 ++++++++--- 3 files changed, 29 insertions(+), 15 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index ef29b77db8..8005dcb2fa 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -193,6 +193,15 @@ psa_status_t mbedtls_psa_register_se_key( /**@}*/ +/** + * \brief PSA random deinitialization. + * + * This function frees the RNG implementation used by PSA. + * + * This is an Mbed TLS extension. + */ +void mbedtls_psa_random_free(void); + /** * \brief Library deinitialization. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 114994019e..6caab03e1e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7327,14 +7327,16 @@ static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng) /** Deinitialize the PSA random generator. */ -static void mbedtls_psa_random_free(mbedtls_psa_random_context_t *rng) +void mbedtls_psa_random_free(void) { + if (global_data.rng_state != RNG_NOT_INITIALIZED) { #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - memset(rng, 0, sizeof(*rng)); + memset(&global_data.rng, 0, sizeof(global_data.rng)); #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE); - rng->entropy_free(&rng->entropy); + mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE); + global_data.rng.entropy_free(&global_data.rng.entropy); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ + } } /** Seed the PSA random generator. @@ -7661,9 +7663,7 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources( void mbedtls_psa_crypto_free(void) { psa_wipe_all_key_slots(); - if (global_data.rng_state != RNG_NOT_INITIALIZED) { - mbedtls_psa_random_free(&global_data.rng); - } + mbedtls_psa_random_free(); /* Wipe all remaining data, including configuration. * In particular, this sets all state indicator to the value * indicating "uninitialized". */ @@ -7714,6 +7714,11 @@ psa_status_t psa_crypto_init(void) } global_data.drivers_initialized = 1; + status = psa_initialize_key_slots(); + if (status != PSA_SUCCESS) { + goto exit; + } + /* Initialize and seed the random generator. */ mbedtls_psa_random_init(&global_data.rng); global_data.rng_state = RNG_INITIALIZED; @@ -7723,11 +7728,6 @@ psa_status_t psa_crypto_init(void) } global_data.rng_state = RNG_SEEDED; - status = psa_initialize_key_slots(); - if (status != PSA_SUCCESS) { - goto exit; - } - #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS) status = psa_crypto_load_transaction(); if (status == PSA_SUCCESS) { diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 04b90b9231..f4c49fb020 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -34,6 +34,7 @@ #define PSA_DONE() \ do \ { \ + mbedtls_psa_random_free(); \ mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ mbedtls_test_psa_purge_key_storage(); \ mbedtls_psa_crypto_free(); \ @@ -125,17 +126,21 @@ const char *mbedtls_test_helper_is_psa_leaking(void); /** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. * Expect a clean shutdown, with no slots in use. + * mbedtls_psa_random_free() is called before any check for remaining open + * keys because when AES_C is not defined, CTR_DRBG relies on PSA to perform + * AES-ECB so it holds an open AES key for that since psa_crypto_init(). * * If some key slots are still in use, record the test case as failed and * jump to the `exit` label. */ #define PSA_SESSION_DONE() \ - do \ - { \ + do \ + { \ + mbedtls_psa_random_free(); \ mbedtls_test_psa_purge_key_cache(); \ ASSERT_PSA_PRISTINE(); \ mbedtls_psa_crypto_free(); \ - } \ + } \ while (0) From dc32ac20fd76b76a023e0d6360659adb216526c1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:27:56 +0100 Subject: [PATCH 162/653] test_suite_[ctr_drbg/random]: initialize/close PSA in tests This commit also adds AES_PSA_[INIT/DONE] in "psa_crypto_helpers.h". Its scope is to call PSA_[INIT/DONE] only when AES_C is not defined (which is when PSA is effectively required for CTR_DRBG). Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 23 +++++++++++++++++++++++ tests/suites/test_suite_ctr_drbg.function | 20 ++++++++++++++++++++ tests/suites/test_suite_random.function | 9 +++++++++ 3 files changed, 52 insertions(+) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index f4c49fb020..cd64dc7adf 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -397,4 +397,27 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MD_OR_USE_PSA_DONE() ((void) 0) #endif +/** \def AES_PSA_INIT + * + * Call this macro to initialize the PSA subsystem if AES_C is not defined, + * so that CTR_DRBG uses PSA implementation to get AES-ECB. + * + * If the initialization fails, mark the test case as failed and jump to the + * \p exit label. + */ +/** \def AES_PSA_DONE + * + * Call this macro at the end of a test case if you called #AES_PSA_INIT. + * + * This is like #PSA_DONE except it does nothing under the same conditions as + * #AES_PSA_INIT. + */ +#if defined(MBEDTLS_AES_C) +#define AES_PSA_INIT() ((void) 0) +#define AES_PSA_DONE() ((void) 0) +#else /* MBEDTLS_AES_C */ +#define AES_PSA_INIT() PSA_INIT() +#define AES_PSA_DONE() PSA_DONE() +#endif /* MBEDTLS_AES_C */ + #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index c6896998ee..066e70b352 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -137,10 +137,12 @@ void ctr_drbg_validate_no_reseed(data_t *add_init, data_t *entropy, data_t *result_string) { data_t empty = { 0, 0 }; + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_NEVER, add_init, entropy->len, entropy, &empty, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -151,10 +153,12 @@ void ctr_drbg_validate_pr(data_t *add_init, data_t *entropy, data_t *result_string) { data_t empty = { 0, 0 }; + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_ALWAYS, add_init, entropy->len / 3, entropy, &empty, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -164,10 +168,12 @@ void ctr_drbg_validate_reseed_between(data_t *add_init, data_t *entropy, data_t *add1, data_t *add_reseed, data_t *add2, data_t *result_string) { + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_SECOND, add_init, entropy->len / 2, entropy, add_reseed, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -177,10 +183,12 @@ void ctr_drbg_validate_reseed_first(data_t *add_init, data_t *entropy, data_t *add1, data_t *add_reseed, data_t *add2, data_t *result_string) { + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_FIRST, add_init, entropy->len / 2, entropy, add_reseed, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -196,6 +204,8 @@ void ctr_drbg_entropy_strength(int expected_bit_strength) size_t byte_strength = expected_bit_strength / 8; mbedtls_ctr_drbg_init(&ctx); + + AES_PSA_INIT(); test_offset_idx = 0; test_max_idx = sizeof(entropy); memset(entropy, 0, sizeof(entropy)); @@ -214,6 +224,7 @@ void ctr_drbg_entropy_strength(int expected_bit_strength) exit: mbedtls_ctr_drbg_free(&ctx); + AES_PSA_DONE(); } /* END_CASE */ @@ -228,6 +239,9 @@ void ctr_drbg_entropy_usage(int entropy_nonce_len) size_t expected_idx = 0; mbedtls_ctr_drbg_init(&ctx); + + AES_PSA_INIT(); + test_offset_idx = 0; test_max_idx = sizeof(entropy); memset(entropy, 0, sizeof(entropy)); @@ -307,6 +321,7 @@ void ctr_drbg_entropy_usage(int entropy_nonce_len) exit: mbedtls_ctr_drbg_free(&ctx); + AES_PSA_DONE(); } /* END_CASE */ @@ -317,6 +332,8 @@ void ctr_drbg_seed_file(char *path, int ret) mbedtls_ctr_drbg_init(&ctx); + AES_PSA_INIT(); + TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_rnd_std_rand, NULL, NULL, 0) == 0); TEST_ASSERT(mbedtls_ctr_drbg_write_seed_file(&ctx, path) == ret); @@ -324,12 +341,15 @@ void ctr_drbg_seed_file(char *path, int ret) exit: mbedtls_ctr_drbg_free(&ctx); + AES_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void ctr_drbg_selftest() { + AES_PSA_INIT(); TEST_ASSERT(mbedtls_ctr_drbg_self_test(1) == 0); + AES_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function index 58cddb7158..155b8e7083 100644 --- a/tests/suites/test_suite_random.function +++ b/tests/suites/test_suite_random.function @@ -26,7 +26,12 @@ void random_twice_with_ctr_drbg() unsigned char output1[OUTPUT_SIZE]; unsigned char output2[OUTPUT_SIZE]; +#if defined(MBEDTLS_AES_C) MD_PSA_INIT(); +#else + USE_PSA_INIT(); +#endif + /* First round */ mbedtls_entropy_init(&entropy); @@ -56,7 +61,11 @@ void random_twice_with_ctr_drbg() exit: mbedtls_ctr_drbg_free(&drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_AES_C) MD_PSA_DONE(); +#else + USE_PSA_DONE(); +#endif } /* END_CASE */ From 0a903db804e45ae53888cfc4b0ac235344e6807f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:29:53 +0100 Subject: [PATCH 163/653] test_suite_psa_crypto_slot_management: some fix for available key slots When AES_C is not defined, CTR_DRBG relies on PSA to get AES-ECB. This means that PSA holds an open AES key since psa_crypto_init() is called, which - reduces the maximum number of available key slots - shifts the 1st available index Signed-off-by: Valerio Setti --- ..._suite_psa_crypto_slot_management.function | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index b4f2d234ea..2137aba227 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -90,8 +90,10 @@ static int invalidate_psa(invalidate_method_t invalidate_method) break; } - PSA_ASSERT(psa_crypto_init()); + /* When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB so it + * holds an open key once psa_crypto_init() is called. */ ASSERT_PSA_PRISTINE(); + PSA_ASSERT(psa_crypto_init()); return 1; exit: @@ -746,19 +748,12 @@ void invalid_handle(int handle_construction, * MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) is a volatile * key identifier as the imported key is a volatile key. Volatile * key identifiers are in the range from PSA_KEY_ID_VOLATILE_MIN - * to PSA_KEY_ID_VOLATILE_MAX included. Thus pick a key identifier - * in the range from PSA_KEY_ID_VOLATILE_MIN to - * PSA_KEY_ID_VOLATILE_MAX different from - * MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) to build an - * unopened and thus invalid identifier. + * to PSA_KEY_ID_VOLATILE_MAX included. It is very unlikely that + * all IDs are used up to the last one, so pick + * PSA_KEY_ID_VOLATILE_MAX to build an unopened and thus invalid + * identifier. */ - - if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(valid_handle) == - PSA_KEY_ID_VOLATILE_MIN) { - key_id = PSA_KEY_ID_VOLATILE_MIN + 1; - } else { - key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(valid_handle) - 1; - } + key_id = PSA_KEY_ID_VOLATILE_MAX; invalid_handle = mbedtls_svc_key_id_make(0, key_id); @@ -938,11 +933,16 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() mbedtls_svc_key_id_t persistent_key2 = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t *keys = NULL; + mbedtls_psa_stats_t psa_key_slots_stats; + size_t available_key_slots = 0; TEST_ASSERT(MBEDTLS_PSA_KEY_SLOT_COUNT >= 1); - TEST_CALLOC(keys, MBEDTLS_PSA_KEY_SLOT_COUNT); PSA_ASSERT(psa_crypto_init()); + mbedtls_psa_get_stats(&psa_key_slots_stats); + available_key_slots = psa_key_slots_stats.empty_slots; + + TEST_CALLOC(keys, available_key_slots); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY); @@ -961,10 +961,10 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() TEST_ASSERT(mbedtls_svc_key_id_equal(returned_key_id, persistent_key)); /* - * Create MBEDTLS_PSA_KEY_SLOT_COUNT volatile keys + * Create the maximum available number of volatile keys */ psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE); - for (i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++) { + for (i = 0; i < available_key_slots; i++) { PSA_ASSERT(psa_import_key(&attributes, (uint8_t *) &i, sizeof(i), &keys[i])); @@ -983,12 +983,12 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() * Check we can export the volatile key created last and that it has the * expected value. Then, destroy it. */ - PSA_ASSERT(psa_export_key(keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1], + PSA_ASSERT(psa_export_key(keys[available_key_slots - 1], exported, sizeof(exported), &exported_length)); - i = MBEDTLS_PSA_KEY_SLOT_COUNT - 1; + i = available_key_slots - 1; TEST_MEMORY_COMPARE(exported, exported_length, (uint8_t *) &i, sizeof(i)); - PSA_ASSERT(psa_destroy_key(keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1])); + PSA_ASSERT(psa_destroy_key(keys[available_key_slots - 1])); /* * Check that we can now access the persistent key again. @@ -1011,7 +1011,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() * Check we can export the remaining volatile keys and that they have the * expected values. */ - for (i = 0; i < (MBEDTLS_PSA_KEY_SLOT_COUNT - 1); i++) { + for (i = 0; i < (available_key_slots - 1); i++) { PSA_ASSERT(psa_export_key(keys[i], exported, sizeof(exported), &exported_length)); From 6ef82ae39dd6dac197447a53a39dd3def527446a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:32:34 +0100 Subject: [PATCH 164/653] test_suite_psa_crypto_driver_wrappers: improving driver access counters When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This means that, when AES-ECB is accelerated, each random operation goes through driver access as well. This might result in unexpectedly increased counters for driver's access. We add extra counters in test_driver_[cipher/key_management].c to be more specific on which driver functions are accessed and ignore extra accesses due to CTR_DRBG. Signed-off-by: Valerio Setti --- tests/include/test/drivers/cipher.h | 3 +- tests/include/test/drivers/key_management.h | 4 +- tests/src/drivers/test_driver_cipher.c | 1 + .../src/drivers/test_driver_key_management.c | 1 + ..._suite_psa_crypto_driver_wrappers.function | 37 ++++++++++++++++--- 5 files changed, 38 insertions(+), 8 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 950a17440e..2e299da723 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -25,9 +25,10 @@ typedef struct { psa_status_t forced_status; /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; + unsigned long cipher_encrypt_hits; } mbedtls_test_driver_cipher_hooks_t; -#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 } +#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0 } static inline mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks_init(void) { diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 9e2c898853..24ecbc3c52 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -26,6 +26,8 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; + /* Subset of hits which only counts key operations with EC key */ + unsigned long export_public_key_hits; /* Location of the last key management driver called to import a key. */ psa_key_location_t location; } mbedtls_test_driver_key_management_hooks_t; @@ -34,7 +36,7 @@ typedef struct { * sense that no PSA specification will assign a meaning to this location * (stated first in version 1.0.1 of the specification) and that it is not * used as a location of an opaque test drivers. */ -#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 } +#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks_init(void) { diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 678d8d5d6a..324590c0af 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -41,6 +41,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 6442f22316..f73ae97f67 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -529,6 +529,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( uint8_t *data, size_t data_size, size_t *data_length) { ++mbedtls_test_driver_key_management_hooks.hits; + ++mbedtls_test_driver_key_management_hooks.export_public_key_hits; if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_key_management_hooks.forced_status; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 1d96f72aca..7a41fc2f9a 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -845,10 +845,10 @@ void validate_key(int force_status_arg, psa_set_key_bits(&attributes, 0); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); - mbedtls_test_driver_key_management_hooks.forced_status = force_status; - PSA_ASSERT(psa_crypto_init()); + mbedtls_test_driver_key_management_hooks.hits = 0; + mbedtls_test_driver_key_management_hooks.forced_status = force_status; actual_status = psa_import_key(&attributes, key_input->x, key_input->len, &key); TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); TEST_EQUAL(actual_status, expected_status); @@ -906,6 +906,7 @@ void export_key(int force_status_arg, } mbedtls_test_driver_key_management_hooks.hits = 0; + mbedtls_test_driver_key_management_hooks.export_public_key_hits = 0; mbedtls_test_driver_key_management_hooks.forced_status = force_status; if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) { @@ -923,7 +924,7 @@ void export_key(int force_status_arg, if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) && !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) { - TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); + TEST_EQUAL(mbedtls_test_driver_key_management_hooks.export_public_key_hits, 1); } if (actual_status == PSA_SUCCESS) { @@ -1059,9 +1060,11 @@ void cipher_encrypt_validation(int alg_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); + mbedtls_test_driver_cipher_hooks.hits = 0; + mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, output1_buffer_size, &output1_length)); - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); @@ -1161,6 +1164,7 @@ void cipher_encrypt_multipart(int alg_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); + mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; @@ -1289,6 +1293,7 @@ void cipher_decrypt_multipart(int alg_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); + mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; @@ -1414,6 +1419,7 @@ void cipher_decrypt(int alg_arg, mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; } + mbedtls_test_driver_cipher_hooks.hits = 0; status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output, output_buffer_size, &output_length); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); @@ -1468,10 +1474,12 @@ void cipher_entry_points(int alg_arg, int key_type_arg, * First test that if we don't force a driver error, encryption is * successful, then force driver error. */ + mbedtls_test_driver_cipher_hooks.hits = 0; + mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); TEST_EQUAL(status, PSA_SUCCESS); mbedtls_test_driver_cipher_hooks.hits = 0; @@ -1481,10 +1489,19 @@ void cipher_entry_points(int alg_arg, int key_type_arg, output[i] = 0xa5; } + mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); +#if defined(MBEDTLS_AES_C) + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); +#else + /* The call to psa_cipher_encrypt() is intentionally supposed to fail on the + * 1st access to the driver since "forced_status" is set. However this + * initial access happens in psa_cipher_update() (random number generation + * for IV) so psa_cipher_encrypt() never gets called. */ + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 0); +#endif TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); /* * Check that the output buffer is still in the same state. @@ -1554,7 +1571,15 @@ void cipher_entry_points(int alg_arg, int key_type_arg, status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length); /* When generating the IV fails, it should call abort too */ +#if defined(MBEDTLS_AES_C) TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); +#else + /* Previously failed call to psa_cipher_encrypt() above caused PSA to abort + * the cipher operation related to RNG. Therefore this call to + * psa_cipher_generate_iv() will failed due to unitialized RNG. Only the + * last driver call to psa_cipher_abort() remains. */ + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); +#endif TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); /* * Check that the output buffer is still in the same state. From 45337a88954105374118d8d21f8742871169e4d6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Nov 2023 14:35:02 +0100 Subject: [PATCH 165/653] test_suite_psa_crypto_driver_wrappers: add counter for cipher_update() Signed-off-by: Valerio Setti --- tests/include/test/drivers/cipher.h | 3 ++- tests/src/drivers/test_driver_cipher.c | 1 + tests/suites/test_suite_psa_crypto_driver_wrappers.function | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 2e299da723..71682303ce 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -26,9 +26,10 @@ typedef struct { /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; unsigned long cipher_encrypt_hits; + unsigned long cipher_update_hits; } mbedtls_test_driver_cipher_hooks_t; -#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0 } +#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0 } static inline mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks_init(void) { diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 324590c0af..76ccdcffbe 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -234,6 +234,7 @@ psa_status_t mbedtls_test_transparent_cipher_update( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.cipher_update_hits++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 7a41fc2f9a..4fbc5e4b96 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1489,7 +1489,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, output[i] = 0xa5; } - mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; + mbedtls_test_driver_cipher_hooks.cipher_update_hits = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); @@ -1500,7 +1500,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, * 1st access to the driver since "forced_status" is set. However this * initial access happens in psa_cipher_update() (random number generation * for IV) so psa_cipher_encrypt() never gets called. */ - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 0); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_update_hits, 1); #endif TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); /* From 7ab90723c4f85082bcd1dd6ca5ba576c9ff4e189 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Nov 2023 16:29:51 +0100 Subject: [PATCH 166/653] mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 96a3e437d5..758a514249 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2607,6 +2607,13 @@ * The CTR_DRBG generator uses AES-256 by default. * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above. * + * AES support can either be achived through builtin (MBEDTLS_AES_C) or PSA. + * Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA + * is used. + * + * \warning When using PSA, the user should call `psa_crypto_init()` before + * using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`). + * * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set. * * \note To achieve a 256-bit security strength with CTR_DRBG, @@ -2616,7 +2623,9 @@ * Module: library/ctr_drbg.c * Caller: * - * Requires: MBEDTLS_AES_C + * Requires: MBEDTLS_AES_C or + * (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and + * MBEDTLS_PSA_CRYPTO_C) * * This module provides the CTR_DRBG AES random number generator. */ @@ -3155,8 +3164,7 @@ * * Module: library/psa_crypto.c * - * Requires: MBEDTLS_CIPHER_C, - * either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, + * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. * From 7448367f68bba55da8ff2920cd5aec3584b8dfd9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Nov 2023 08:36:12 +0100 Subject: [PATCH 167/653] test_suite_psa_crypto_slot_management: modify check on open key slots This commit - Reverts changes previously done to psa_crypto_helpers.[c,h] - Implements a new check for open key slots in mbedtls_test_helper_is_psa_leaking(): - when CTR_DRBG does not use AES_C or PSA does not have an external RNG, then we allow 1 key slot (it's the one holding the AES key) - when the above conditions are not met, then we fallback to the usual check for "no open key slots remaining" Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 11 +++-------- tests/src/psa_crypto_helpers.c | 11 +++++++++++ .../test_suite_psa_crypto_slot_management.function | 6 +++--- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index cd64dc7adf..0b8c221946 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -34,7 +34,6 @@ #define PSA_DONE() \ do \ { \ - mbedtls_psa_random_free(); \ mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ mbedtls_test_psa_purge_key_storage(); \ mbedtls_psa_crypto_free(); \ @@ -126,21 +125,17 @@ const char *mbedtls_test_helper_is_psa_leaking(void); /** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. * Expect a clean shutdown, with no slots in use. - * mbedtls_psa_random_free() is called before any check for remaining open - * keys because when AES_C is not defined, CTR_DRBG relies on PSA to perform - * AES-ECB so it holds an open AES key for that since psa_crypto_init(). * * If some key slots are still in use, record the test case as failed and * jump to the `exit` label. */ #define PSA_SESSION_DONE() \ - do \ - { \ - mbedtls_psa_random_free(); \ + do \ + { \ mbedtls_test_psa_purge_key_cache(); \ ASSERT_PSA_PRISTINE(); \ mbedtls_psa_crypto_free(); \ - } \ + } \ while (0) diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index d59a8f8721..e1ea2b5c81 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -70,9 +70,20 @@ const char *mbedtls_test_helper_is_psa_leaking(void) mbedtls_psa_get_stats(&stats); +#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) && \ + !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) + /* When AES_C is not defined and PSA does not have an external RNG, + * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key + * slot is used internally from PSA to hold the AES key and it should + * not be taken into account when evaluating remaining open slots. */ + if (stats.volatile_slots > 1) { + return "A volatile slot has not been closed properly."; + } +#else if (stats.volatile_slots != 0) { return "A volatile slot has not been closed properly."; } +#endif if (stats.persistent_slots != 0) { return "A persistent slot has not been closed properly."; } diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 2137aba227..cc530e22c2 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -90,10 +90,10 @@ static int invalidate_psa(invalidate_method_t invalidate_method) break; } - /* When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB so it - * holds an open key once psa_crypto_init() is called. */ - ASSERT_PSA_PRISTINE(); PSA_ASSERT(psa_crypto_init()); + + ASSERT_PSA_PRISTINE(); + return 1; exit: From 0ca1868fcdc582ba0c89adc747d855af089342e4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Nov 2023 12:10:23 +0100 Subject: [PATCH 168/653] test_suite_psa_crypto_driver_wrappers: fix missing hit counter reset before test Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 4fbc5e4b96..43465527f2 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1490,6 +1490,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, } mbedtls_test_driver_cipher_hooks.cipher_update_hits = 0; + mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); From 83e0de84815b3fc3e6012719b52e24548545ac3a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Nov 2023 12:13:05 +0100 Subject: [PATCH 169/653] crypto_extra: revert changes to mbedtls_psa_random_free() Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 9 --------- library/psa_crypto.c | 14 +++++++------- .../test_suite_psa_crypto_slot_management.function | 2 -- 3 files changed, 7 insertions(+), 18 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 8005dcb2fa..ef29b77db8 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -193,15 +193,6 @@ psa_status_t mbedtls_psa_register_se_key( /**@}*/ -/** - * \brief PSA random deinitialization. - * - * This function frees the RNG implementation used by PSA. - * - * This is an Mbed TLS extension. - */ -void mbedtls_psa_random_free(void); - /** * \brief Library deinitialization. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6caab03e1e..c90119fe4a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7327,16 +7327,14 @@ static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng) /** Deinitialize the PSA random generator. */ -void mbedtls_psa_random_free(void) +static void mbedtls_psa_random_free(mbedtls_psa_random_context_t *rng) { - if (global_data.rng_state != RNG_NOT_INITIALIZED) { #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - memset(&global_data.rng, 0, sizeof(global_data.rng)); + memset(rng, 0, sizeof(*rng)); #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE); - global_data.rng.entropy_free(&global_data.rng.entropy); + mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE); + rng->entropy_free(&rng->entropy); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - } } /** Seed the PSA random generator. @@ -7663,7 +7661,9 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources( void mbedtls_psa_crypto_free(void) { psa_wipe_all_key_slots(); - mbedtls_psa_random_free(); + if (global_data.rng_state != RNG_NOT_INITIALIZED) { + mbedtls_psa_random_free(&global_data.rng); + } /* Wipe all remaining data, including configuration. * In particular, this sets all state indicator to the value * indicating "uninitialized". */ diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index cc530e22c2..8564d352a4 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -91,9 +91,7 @@ static int invalidate_psa(invalidate_method_t invalidate_method) } PSA_ASSERT(psa_crypto_init()); - ASSERT_PSA_PRISTINE(); - return 1; exit: From 7ef35a9b3cb81e9de6c652961e69a79e88791e05 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Nov 2023 12:51:42 +0100 Subject: [PATCH 170/653] test_suite_psa_crypto_driver_wrappers: add counter for failing psa_cipher_update() Signed-off-by: Valerio Setti --- tests/include/test/drivers/cipher.h | 2 +- tests/src/drivers/test_driver_cipher.c | 2 +- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 71682303ce..67047afaca 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -26,7 +26,7 @@ typedef struct { /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; unsigned long cipher_encrypt_hits; - unsigned long cipher_update_hits; + unsigned long cipher_update_forced_status_hits; } mbedtls_test_driver_cipher_hooks_t; #define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0 } diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 76ccdcffbe..b9da5d2442 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -234,7 +234,6 @@ psa_status_t mbedtls_test_transparent_cipher_update( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; - mbedtls_test_driver_cipher_hooks.cipher_update_hits++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { @@ -250,6 +249,7 @@ psa_status_t mbedtls_test_transparent_cipher_update( } if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { + ++mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits; return mbedtls_test_driver_cipher_hooks.forced_status; } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 43465527f2..309b395c58 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1489,7 +1489,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, output[i] = 0xa5; } - mbedtls_test_driver_cipher_hooks.cipher_update_hits = 0; + mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits = 0; mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, @@ -1501,7 +1501,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, * 1st access to the driver since "forced_status" is set. However this * initial access happens in psa_cipher_update() (random number generation * for IV) so psa_cipher_encrypt() never gets called. */ - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_update_hits, 1); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits, 1); #endif TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); /* From 829ce0facffb6d5a21708fc247fdd9750fba3816 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 27 Nov 2023 12:27:46 +0100 Subject: [PATCH 171/653] test_driver_cipher: add forced return status for encrypt and set_iv Signed-off-by: Valerio Setti --- tests/include/test/drivers/cipher.h | 10 +++-- tests/src/drivers/test_driver_cipher.c | 10 ++++- ..._suite_psa_crypto_driver_wrappers.function | 40 ++++++------------- 3 files changed, 27 insertions(+), 33 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 67047afaca..2fe47e4d7a 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -23,13 +23,17 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; + psa_status_t forced_status_encrypt; + psa_status_t forced_status_set_iv; /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; - unsigned long cipher_encrypt_hits; - unsigned long cipher_update_forced_status_hits; + unsigned long hits_encrypt; + unsigned long hits_set_iv; } mbedtls_test_driver_cipher_hooks_t; -#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0 } +#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, \ + PSA_SUCCESS, PSA_SUCCESS, PSA_SUCCESS, \ + 0, 0, 0 } static inline mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks_init(void) { diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index b9da5d2442..2bc751a8a2 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -41,7 +41,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; - mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits++; + mbedtls_test_driver_cipher_hooks.hits_encrypt++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { @@ -59,6 +59,9 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_cipher_hooks.forced_status; } + if (mbedtls_test_driver_cipher_hooks.forced_status_encrypt != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status_encrypt; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) @@ -209,10 +212,14 @@ psa_status_t mbedtls_test_transparent_cipher_set_iv( size_t iv_length) { mbedtls_test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.hits_set_iv++; if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_cipher_hooks.forced_status; } + if (mbedtls_test_driver_cipher_hooks.forced_status_set_iv != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status_set_iv; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) @@ -249,7 +256,6 @@ psa_status_t mbedtls_test_transparent_cipher_update( } if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - ++mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits; return mbedtls_test_driver_cipher_hooks.forced_status; } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 309b395c58..ff449acf48 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1061,10 +1061,10 @@ void cipher_encrypt_validation(int alg_arg, &key)); mbedtls_test_driver_cipher_hooks.hits = 0; - mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; + mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, output1_buffer_size, &output1_length)); - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); @@ -1475,34 +1475,25 @@ void cipher_entry_points(int alg_arg, int key_type_arg, * successful, then force driver error. */ mbedtls_test_driver_cipher_hooks.hits = 0; - mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; + mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); TEST_EQUAL(status, PSA_SUCCESS); mbedtls_test_driver_cipher_hooks.hits = 0; - mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + mbedtls_test_driver_cipher_hooks.forced_status_encrypt = PSA_ERROR_GENERIC_ERROR; /* Set the output buffer in a given state. */ for (size_t i = 0; i < output_buffer_size; i++) { output[i] = 0xa5; } - mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits = 0; - mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; + mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); -#if defined(MBEDTLS_AES_C) - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); -#else - /* The call to psa_cipher_encrypt() is intentionally supposed to fail on the - * 1st access to the driver since "forced_status" is set. However this - * initial access happens in psa_cipher_update() (random number generation - * for IV) so psa_cipher_encrypt() never gets called. */ - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits, 1); -#endif + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); /* * Check that the output buffer is still in the same state. @@ -1563,25 +1554,18 @@ void cipher_entry_points(int alg_arg, int key_type_arg, TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); mbedtls_test_driver_cipher_hooks.hits = 0; + mbedtls_test_driver_cipher_hooks.hits_set_iv = 0; - mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_ERROR_GENERIC_ERROR; /* Set the output buffer in a given state. */ for (size_t i = 0; i < 16; i++) { output[i] = 0xa5; } status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length); - /* When generating the IV fails, it should call abort too */ -#if defined(MBEDTLS_AES_C) - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); -#else - /* Previously failed call to psa_cipher_encrypt() above caused PSA to abort - * the cipher operation related to RNG. Therefore this call to - * psa_cipher_generate_iv() will failed due to unitialized RNG. Only the - * last driver call to psa_cipher_abort() remains. */ - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); -#endif - TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_set_iv, 1); + TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status_set_iv); + mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_SUCCESS; /* * Check that the output buffer is still in the same state. * This will fail if the output buffer is used by the core to pass the IV From 302a487499d049ad8fce868a85ea93bddc078f2e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Dec 2023 10:27:00 +0100 Subject: [PATCH 172/653] test_driver_key_management: rename counter for export_public_key() hits Signed-off-by: Valerio Setti --- tests/include/test/drivers/key_management.h | 2 +- tests/src/drivers/test_driver_key_management.c | 2 +- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 24ecbc3c52..526adbb91b 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -27,7 +27,7 @@ typedef struct { * is called. */ unsigned long hits; /* Subset of hits which only counts key operations with EC key */ - unsigned long export_public_key_hits; + unsigned long hits_export_public_key; /* Location of the last key management driver called to import a key. */ psa_key_location_t location; } mbedtls_test_driver_key_management_hooks_t; diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index f73ae97f67..d522ebfe8d 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -529,7 +529,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( uint8_t *data, size_t data_size, size_t *data_length) { ++mbedtls_test_driver_key_management_hooks.hits; - ++mbedtls_test_driver_key_management_hooks.export_public_key_hits; + ++mbedtls_test_driver_key_management_hooks.hits_export_public_key; if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_key_management_hooks.forced_status; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index ff449acf48..032fa478f1 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -906,7 +906,7 @@ void export_key(int force_status_arg, } mbedtls_test_driver_key_management_hooks.hits = 0; - mbedtls_test_driver_key_management_hooks.export_public_key_hits = 0; + mbedtls_test_driver_key_management_hooks.hits_export_public_key = 0; mbedtls_test_driver_key_management_hooks.forced_status = force_status; if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) { @@ -924,7 +924,7 @@ void export_key(int force_status_arg, if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) && !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) { - TEST_EQUAL(mbedtls_test_driver_key_management_hooks.export_public_key_hits, 1); + TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_export_public_key, 1); } if (actual_status == PSA_SUCCESS) { From fe23daf8a3c0186f941068011761e34bd1ab7c99 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 4 Dec 2023 14:37:31 +0100 Subject: [PATCH 173/653] Remove leftover code from initial changelog support Signed-off-by: Gabor Mezei --- scripts/assemble_changelog.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index b2fa96a07e..07e6fc58ac 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -246,10 +246,7 @@ class ChangeLog: self.categories = OrderedDict() for category in STANDARD_CATEGORIES: self.categories[category] = '' - if self.header: - offset = (self.header + self.top_version_title).count('\n') + 1 - else: - offset = 0 + offset = (self.header + self.top_version_title).count('\n') + 1 self.add_categories_from_text(input_stream.name, offset, top_version_body, True) From 10149c9516812e700922afd5d8b8832415b2e18d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Dec 2023 09:21:46 +0100 Subject: [PATCH 174/653] changelog: add changelog for AEAD support without CIPHER_C Signed-off-by: Valerio Setti --- ChangeLog.d/8357.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/8357.txt diff --git a/ChangeLog.d/8357.txt b/ChangeLog.d/8357.txt new file mode 100644 index 0000000000..24ba1404b6 --- /dev/null +++ b/ChangeLog.d/8357.txt @@ -0,0 +1,8 @@ +Features + * It is now possible to have AEADs support (CCM, GCM and ChaChaPoly) without + MBEDTLS_CIPHER_C. This holds both for the builtin suport (MBEDTLS_CCM_C, + MBEDTLS_GCM_C and MBEDTLS_CHACHAPOLY_c) as well as the PSA one + (PSA_WANT_ALG_CCM, PSA_WANT_ALG_GCM, PSA_WANT_ALG_CHACHA20_POLY1305). + On the PSA side this means that it is possible to enable + MBEDTLS_PSA_CRYPTO_C without MBEDTLS_CIPHER_C if any of the + non-authenticated ciphers is enabled. From 20e93a2a9d958329cf46a4bff33f3f45406f6773 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Dec 2023 11:29:36 +0100 Subject: [PATCH 175/653] driver-only-builds: update documentation for AEADs Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 4bad2e879a..200f439413 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -55,6 +55,7 @@ For now, only the following (families of) mechanisms are supported: - hashes: SHA-3, SHA-2, SHA-1, MD5, etc. - elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types. - finite-field Diffie-Hellman: FFDH algorithm, DH key types. +- AEADs: GCM, CCM and ChachaPoly Supported means that when those are provided only by drivers, everything (including PK, X.509 and TLS if `MBEDTLS_USE_PSA_CRYPTO` is enabled) should @@ -63,7 +64,7 @@ in the "Limitations" sub-sections of the sections dedicated to each family below. In the near future (end of 2023), we are planning to also add support for -ciphers (AES) and AEADs (GCM, CCM, ChachaPoly). +ciphers (AES, ARIA, Camellia). Currently (mid-2023) we don't have plans to extend this to RSA. If you're interested in driver-only support for RSA, please let us know. @@ -240,3 +241,26 @@ removing builtin support (i.e. `MBEDTLS_DHM_C`). ### Limitations Support for deterministic derivation of a DH keypair (i.e. `PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE`) is not supported. + +AEADs +----- + +It is possible to have all AEADs operations provided only by a driver. + +More precisely you can: +- enable desired PSA algorithm(s) and key type(s): + - `PSA_WANT_ALG_[CCM|GCM]` with `PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]` + - `PSA_WANT_ALG_CHACHA20_POLY1305` with `PSA_WANT_KEY_TYPE_CHACHA20`; +- enable `MBEDTLS_PSA_ACCEL_xxx` symbol(s) which correspond to the + `PSA_WANT_xxx` of the previous step; +- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY]_C` algorithms and + key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs which are + accelerated. + +In such a build all AEADs operations requested through the PSA Crypto API +(including those in TLS and X.509) will be performed by the provided driver. +Of course direct calls to the disabled builtin modules +(ex: `mbedtls_ccm_init()`, etc) won't be possible. + +If no other non-authenticated cipher is required, it is also possible to +disable `MBEDTLS_CIPHER_C` in order to further reduce code's footprint. From 58d0206f390a2322b7a8e93bf0c6430126dcaebb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Dec 2023 12:01:06 +0100 Subject: [PATCH 176/653] test_suite_block_cipher: fix depends_on for Camellia tests Signed-off-by: Valerio Setti --- tests/suites/test_suite_block_cipher.data | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/suites/test_suite_block_cipher.data b/tests/suites/test_suite_block_cipher.data index cf321ae47a..097b567e41 100644 --- a/tests/suites/test_suite_block_cipher.data +++ b/tests/suites/test_suite_block_cipher.data @@ -182,56 +182,74 @@ depends_on:MBEDTLS_ARIA_C test_vec:MBEDTLS_CIPHER_ID_ARIA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"00112233445566778899aabbccddeeff":"f92bd7c79fb72e2f2b8f80c1972d24fc" Camellia-128-ECB Encrypt RFC3713 #1 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba9876543210":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43" Camellia-192-ECB Encrypt RFC3713 #1 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba98765432100011223344556677":"0123456789abcdeffedcba9876543210":"b4993401b3e996f84ee5cee7d79b09b9" Camellia-256-ECB Encrypt RFC3713 #1 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff":"0123456789abcdeffedcba9876543210":"9acc237dff16d76c20ef7c919e3a7509" Camellia-128-ECB Encrypt Perl EVP #1 [#1] +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F":"00112233445566778899AABBCCDDEEFF":"77CF412067AF8270613529149919546F" Camellia-192-ECB Encrypt Perl EVP #1 [#1] +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F1011121314151617":"00112233445566778899AABBCCDDEEFF":"B22F3C36B72D31329EEE8ADDC2906C68" Camellia-256-ECB Encrypt Perl EVP #1 [#1] +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"00112233445566778899AABBCCDDEEFF":"2EDF1F3418D53B88841FC8985FB1ECF2" Camellia-128-ECB Encrypt Perl EVP #1 [#2] +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"6BC1BEE22E409F96E93D7E117393172A":"432FC5DCD628115B7C388D770B270C96" Camellia-128-ECB Encrypt Perl EVP #2 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"0BE1F14023782A22E8384C5ABB7FAB2B" Camellia-128-ECB Encrypt Perl EVP #3 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"30C81C46A35CE411E5FBC1191A0A52EF":"A0A1ABCD1893AB6FE0FE5B65DF5F8636" Camellia-128-ECB Encrypt Perl EVP #4 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"F69F2445DF4F9B17AD2B417BE66C3710":"E61925E0D5DFAA9BB29F815B3076E51A" Camellia-192-ECB Encrypt Perl EVP #1 [#2] +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"6BC1BEE22E409F96E93D7E117393172A":"CCCC6C4E138B45848514D48D0D3439D3" Camellia-192-ECB Encrypt Perl EVP #2 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"5713C62C14B2EC0F8393B6AFD6F5785A" Camellia-192-ECB Encrypt Perl EVP #3 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"30C81C46A35CE411E5FBC1191A0A52EF":"B40ED2B60EB54D09D030CF511FEEF366" Camellia-192-ECB Encrypt Perl EVP #4 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"F69F2445DF4F9B17AD2B417BE66C3710":"909DBD95799096748CB27357E73E1D26" Camellia-256-ECB Encrypt Perl EVP #1 [#2] +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"6BC1BEE22E409F96E93D7E117393172A":"BEFD219B112FA00098919CD101C9CCFA" Camellia-256-ECB Encrypt Perl EVP #2 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"C91D3A8F1AEA08A9386CF4B66C0169EA" Camellia-256-ECB Encrypt Perl EVP #3 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"30C81C46A35CE411E5FBC1191A0A52EF":"A623D711DC5F25A51BB8A80D56397D28" Camellia-256-ECB Encrypt Perl EVP #4 +depends_on:MBEDTLS_CAMELLIA_C test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"F69F2445DF4F9B17AD2B417BE66C3710":"7960109FB6DC42947FCFE59EA3C5EB6B" From 5e18b90c95068efd1f3e872707b88994758af09c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Dec 2023 12:07:30 +0100 Subject: [PATCH 177/653] config-tfm: disable CIPHER_C We also add a check in "all.sh" components: - component_test_tfm_config_p256m_driver_accel_ec - component_test_tfm_config to ensure that CIPHER_C was not re-enabled accidentally. Signed-off-by: Valerio Setti --- configs/config-tfm.h | 5 +++++ tests/scripts/all.sh | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 85b677b4cc..f6f527e006 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -45,6 +45,11 @@ #undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS #undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE +/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it + * does not need CIPHER_C to be enabled, so we can disabled it in order + * to reduce code size further. */ +#undef MBEDTLS_CIPHER_C + /* * In order to get an example config that works cleanly out-of-the-box * for both baremetal and non-baremetal builds, we detect baremetal builds diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 462597ba6e..a2dc841988 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3265,6 +3265,10 @@ component_test_tfm_config_p256m_driver_accel_ec () { # Check that p256m was built grep -q p256_ecdsa_ library/libmbedcrypto.a + # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration + # files, so we want to ensure that it has not be re-enabled accidentally. + not grep mbedtls_cipher library/cipher.o + # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" make test @@ -3286,6 +3290,10 @@ component_test_tfm_config() { # Check that p256m was not built not grep p256_ecdsa_ library/libmbedcrypto.a + # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration + # files, so we want to ensure that it has not be re-enabled accidentally. + not grep mbedtls_cipher library/cipher.o + msg "test: TF-M config" make test } From 8aec84f3a7d427c6ef6eca69801800cd61c484f3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Dec 2023 16:04:21 +0100 Subject: [PATCH 178/653] pkwrite: minor code reshape Signed-off-by: Valerio Setti --- library/pkwrite.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index c7eb1148b4..bd592f4f69 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -44,15 +44,13 @@ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) #define PK_MAX_EC_PUBLIC_KEY_SIZE PSA_EXPORT_PUBLIC_KEY_MAX_SIZE #define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH -#else -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#elif defined(MBEDTLS_USE_PSA_CRYPTO) #define PK_MAX_EC_PUBLIC_KEY_SIZE PSA_EXPORT_PUBLIC_KEY_MAX_SIZE #define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH #else #define PK_MAX_EC_PUBLIC_KEY_SIZE MBEDTLS_ECP_MAX_PT_LEN #define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_ECP_MAX_BYTES #endif -#endif /****************************************************************************** * Internal functions for RSA keys. From 2fffc45febbf883aa565176385f3ccd807697fb9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Dec 2023 22:22:07 +0100 Subject: [PATCH 179/653] fixup! Correct function names prefixes where they diverge from module names Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 41ae99e7e0..80b94213a0 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -82,7 +82,7 @@ PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthed | `aes.h` | `mbedtls_aes_` | [Symmetric encryption](#symmetric-encryption) | | `aria.h` | `mbedtls_aria_` | [Symmetric encryption](#symmetric-encryption) | | `asn1.h` | `mbedtls_asn1_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `asn1write.h` | `mbedtls_asn1write_` | No change ([PK support interface](#pk-format-support-interfaces)) | +| `asn1write.h` | `mbedtls_asn1_write_` | No change ([PK support interface](#pk-format-support-interfaces)) | | `base64.h` | `mbedtls_base64_` | No change ([PK support interface](#pk-format-support-interfaces)) | | `bignum.h` | `mbedtls_mpi_` | None (no low-level arithmetic) | | `build_info.h` | `MBEDTLS_` | No change (not a crypto API) | @@ -709,7 +709,7 @@ A curve is fully determined by a curve family identifier and the private key siz | `MBEDTLS_ECP_DP_BP512R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 512 | | `MBEDTLS_ECP_DP_CURVE25519` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 255 | | `MBEDTLS_ECP_DP_SECP192K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 192 | -| `MBEDTLS_ECP_DP_SECP224K1` | not supported | 224 | +| `MBEDTLS_ECP_DP_SECP224K1` | not supported | N/A | | `MBEDTLS_ECP_DP_SECP256K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | | `MBEDTLS_ECP_DP_CURVE448` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 448 | From 06002c5624d55eb660e0949d8586d24f613d7a41 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Dec 2023 22:24:25 +0100 Subject: [PATCH 180/653] typos and minor clarifications Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 80b94213a0..cdc2ce11f9 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -597,7 +597,7 @@ The functions `mbedtls_pkcs12_derivation` and `mbedtls_pkcs12_pbe` are only inte ### Random generation interface -The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually, so most applications using PSA crypto do not need the interfaces from `entropy.h`, `ctr_drbg.` and `hmac_drbg.h`. See the next sections for remaining use cases for [entropy](#entropy-sources) and [DRBG](#deterministic-pseudorandom-generation). +The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually, so most applications using PSA crypto do not need the interfaces from `entropy.h`, `ctr_drbg.h` and `hmac_drbg.h`. See the next sections for remaining use cases for [entropy](#entropy-sources) and [DRBG](#deterministic-pseudorandom-generation). The PSA API uses its internal random generator to generate keys (`psa_generate_key`), nonces for encryption (`psa_cipher_generate_iv`, `psa_cipher_encrypt`, `psa_aead_generate_nonce`, `psa_aead_encrypt`, `psa_asymmetric_encrypt`), and other random material as needed. If you need random data for some other purposes, call [`psa_generate_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). @@ -928,7 +928,7 @@ Use [`PSA_SIGN_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/dev This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext` and `mbedtls_ecdsa_write_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details. The equivalent of `mbedtls_pk_verify` or `mbedtls_pk_verify_ext` to verify an already calculated hash is [`psa_verify_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gae2ffbf01e5266391aff22b101a49f5f5). -The key must be a public key or a key pair allowing the usage `PSA_KEY_USAGE_VERIFY_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). +The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_VERIFY_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_verify`, `mbedtls_rsa_rsassa_pkcs1_v15_verify`, `mbedtls_rsa_rsassa_pss_verify`, `mbedtls_rsa_rsassa_pss_verify_ext`, `mbedtls_ecdsa_verify` amd `mbedtls_ecdsa_read_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details. Generally, `psa_sign_hash` and `psa_verify_hash` require the input to have the correct length for the hash (this has historically not always been enforced in the corresponding legacy APIs). @@ -1006,7 +1006,7 @@ With respect to the salt length: ### Asymmetric encryption and decryption The equivalent of `mbedtls_pk_encrypt`, `mbedtls_rsa_pkcs1_encrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_encrypt` or `mbedtls_rsa_rsaes_oaep_encrypt` to encrypt a short message (typically a symmetric key) is [`psa_asymmetric_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gaa17f61e4ddafd1823d2c834b3706c290). -The key must be a public key or a key pair allowing the usage `PSA_KEY_USAGE_ENCRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). +The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_ENCRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). Use the macro [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a66ba3bd93e5ec52870ccc3848778bad8) or [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size. The equivalent of `mbedtls_pk_decrypt`, `mbedtls_rsa_pkcs1_decrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_decrypt` or `mbedtls_rsa_rsaes_oaep_decrypt` to decrypt a short message (typically a symmetric key) is [`psa_asymmetric_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga4f968756f6b22aab362b598b202d83d7). @@ -1064,7 +1064,9 @@ There is no PSA equivalent to Mbed TLS's custom key type names exposed by `mbedt The PSA API has a generic interface for key agreement, covering the main use of both `ecdh.h` and `dhm.h`. - + #### Diffie-Hellman key pair management @@ -1125,7 +1127,7 @@ The corresponding flow with the PSA API is as follows: * `our_pub`: a buffer of size [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) (where `key_type` is the value passed to `psa_set_key_size` in step 2) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to hold our key. * `their_pub`: a buffer of the same size, to hold the peer's key. This can be the same as `our_pub` if the application does not need to hold both at the same time; * `shared_secret`: a buffer of size [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) (if not using a key derivation operation). -2. Prepare an attribute structure as desccribed in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”, in particular selecting the curve with `psa_set_key_type`. +2. Prepare an attribute structure as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”, in particular selecting the curve with `psa_set_key_type`. 3. Call [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) on `attributes` and `our_key` (output) to generate a key pair, then [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on `our_key` and `our_pub` (output) to obtain our public key. 4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order. 5. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). @@ -1218,7 +1220,7 @@ The bit-size used by the PSA API is the size of the private key. For most curves | Curve | `grp->nbits` | `grp->pbits` | `curve_info->bit_size` | PSA bit-size | | ----- | ------------ | ------------ | ---------------------- | ------------ | -| secp224k1 | 224 | 225 | 224 | not supported | +| secp224k1 | 225 | 224 | 224 | not supported | | Curve25519 | 253 | 255 | 256 | 255 | | Curve448 | 446 | 448 | 448 | 448 | From 5eeca33749a072576a988e3884a878c541005570 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Dec 2023 22:35:12 +0100 Subject: [PATCH 181/653] Use "workflow" rather than "flow" for clarity Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index cdc2ce11f9..184dcef4e5 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -328,7 +328,7 @@ Here is an overview of the lifecycle of a key object. ### Unauthenticated cipher operations -Recall the flow of an unauthenticated cipher operation in the legacy Mbed TLS cipher API: +Recall the workflow of an unauthenticated cipher operation in the legacy Mbed TLS cipher API: 1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. 2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable. @@ -336,12 +336,12 @@ Recall the flow of an unauthenticated cipher operation in the legacy Mbed TLS ci 4. For a one-shot operation, call `mbedtls_cipher_crypt`. To pass the input in multiple parts, call `mbedtls_cipher_update` as many times as necessary followed by `mbedtls_cipher_finish`. 5. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. -For a one-shot operation (where the whole plaintext or ciphertext is passed as a single input), the equivalent flow with the PSA API is to call a single function: +For a one-shot operation (where the whole plaintext or ciphertext is passed as a single input), the equivalent workflow with the PSA API is to call a single function: * [`psa_cipher_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga61f02fbfa681c2659546eca52277dbf1) to perform encryption with a random IV of the default size (indicated by [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH)). (To encrypt with a specified IV, use the multi-part API described below.) You can use the macro [`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. * [`psa_cipher_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gab3593f5f14d8c0431dd306d80929215e) to perform decryption with a specified IV. You can use the macro [`PSA_CIPHER_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. -For a multi-part operation, the equivalent flow with the PSA API is as follows: +For a multi-part operation, the equivalent workflow with the PSA API is as follows: 1. Create an operation object of type [`psa_cipher_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1399de29db657e3737bb09927aae51fa) and zero-initialize it (or use the corresponding `INIT` macro). 2. Select the key and algorithm with [`psa_cipher_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga587374c0eb8137a572f8e2fc409bb2b4) or [`psa_cipher_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaa4ba3a167066eaef2ea49abc5dcd1d4b) depending on the desired direction. @@ -353,7 +353,7 @@ If you need to interrupt the operation after calling the setup function without ### Authenticated cipher operations -Recall the flow of an authenticated cipher operation in the legacy Mbed TLS cipher API (or similar flows in the `chachapoly`, `ccm` and `gcm` modules): +Recall the workflow of an authenticated cipher operation in the legacy Mbed TLS cipher API (or similar workflows in the `chachapoly`, `ccm` and `gcm` modules): 1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. 2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable. @@ -370,7 +370,7 @@ For a one-shot operation, the PSA API allows you to call a single function: * [`psa_aead_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae72e1eb3c2da3ebd843bb9c8db8df509) to perform authenticated encryption with a random nonce of the default size (indicated by [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH)), with the authentication tag written at the end of the output. (To encrypt with a specified nonce, or to separate the tag from the rest of the ciphertext, use the multi-part API described below.) You can use the macro [`PSA_AEAD_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE) or [`PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. * [`psa_aead_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae799f6196a22d50c216c947e0320d3ba) to perform authenticated decryption of a ciphertext with the authentication tag at the end. (If the tag is separate, use the multi-part API described below.) You can use the macro [`PSA_AEAD_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. -For a multi-part operation, the equivalent flow with the PSA API is as follows: +For a multi-part operation, the equivalent workflow with the PSA API is as follows: 1. Create an operation object of type [`psa_aead_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga14f6a01afbaa8c5b3d8c5d345cbaa3ed) and zero-initialize it (or use the corresponding `INIT` macro). 2. Select the key and algorithm with [`psa_aead_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga2732c40ce8f3619d41359a329e9b46c4) or [`psa_aead_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaaa5c5018e67a7a6514b7e76b9a14de26) depending on the desired direction. @@ -770,12 +770,12 @@ You can use glue functions in the PK module to create a key object using the leg #### Importing a PK key by wrapping -If you have a PK object, you can call `mbedtls_pk_wrap_as_opaque` to create a PSA key object with the same key material. (This function is only present in builds with `MBEDTLS_USE_PSA_CRYPTO` enabled. It is experimental and [will likely be replaced by a slightly different interface in a future version of Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/7760)). This function automatically determines the PSA key type and lets you specify the usage policy (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). Once you've called this function, you can destroy the PK object. This function calls `psa_import_key` internally; call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to destroy the PSA key object once your application no longer needs it. Common scenarios where this flow is useful are: +If you have a PK object, you can call `mbedtls_pk_wrap_as_opaque` to create a PSA key object with the same key material. (This function is only present in builds with `MBEDTLS_USE_PSA_CRYPTO` enabled. It is experimental and [will likely be replaced by a slightly different interface in a future version of Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/7760)). This function automatically determines the PSA key type and lets you specify the usage policy (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). Once you've called this function, you can destroy the PK object. This function calls `psa_import_key` internally; call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to destroy the PSA key object once your application no longer needs it. Common scenarios where this workflow is useful are: * You have working code that's calling `mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`, `mbedtls_pk_parse_keyfile` or `mbedtls_pk_parse_public_keyfile` to create a PK object. * You have working code that's using the `rsa.h` or `ecp.h` API to create a key object, and there is no PSA equivalent. -You can use this flow to import an RSA key via an `mbedtls_rsa_context` object or an ECC key via an `mbedtls_ecp_keypair` object: +You can use this workflow to import an RSA key via an `mbedtls_rsa_context` object or an ECC key via an `mbedtls_ecp_keypair` object: 1. Call `mbedtls_pk_init` then `mbedtls_pk_setup` to set up a PK context for the desired key type (`MBEDTLS_PK_RSA` or `MBEDTLS_PK_ECKEY`). 2. Call `mbedtls_pk_rsa` or `mbedtls_pk_ec` to obtain the underlying low-level context. @@ -1102,9 +1102,9 @@ Use the macros [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE`](https://mbed-tls.readthedoc Call [`psa_key_derivation_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga2cd5a8ac906747d3204ec442db78745f) instead of `psa_raw_key_agreement` to use the resulting shared secret as the secret input to a key derivation. See “[HKDF](#hkdf)” for an example of the key derivation interface. -#### Translating a legacy key agreement contextless flow +#### Translating a legacy key agreement contextless workflow -A typical flow for ECDH using the legacy API without a context object is: +A typical workflow for ECDH using the legacy API without a context object is: 1. Initialize objects: * `mbedtls_ecp_group grp` for the curve; @@ -1119,7 +1119,7 @@ A typical flow for ECDH using the legacy API without a context object is: 6. Use the raw shared secret `z`, typically, to construct a shared key. 7. Free `grp`, `our_priv`, `our_pub`, `their_pub` and `z`. -The corresponding flow with the PSA API is as follows: +The corresponding workflow with the PSA API is as follows: 1. Initialize objects: * `psa_key_id_t our_key`: a handle to our key pair; @@ -1136,9 +1136,9 @@ The corresponding flow with the PSA API is as follows: Steps 4–5 are only performed once for ephemeral Diffie-Hellman, but repeated multiple times for static Diffie-Hellman. -#### Translating a legacy key agreement TLS server flow +#### Translating a legacy key agreement TLS server workflow -The legacy API offers the following flow for a Diffie-Hellman key agreement in a TLS server. This flow can also be used with other protocols, on the side of the party that selects the curve or group and sends its public key first. +The legacy API offers the following workflow for a Diffie-Hellman key agreement in a TLS server. This workflow can also be used with other protocols, on the side of the party that selects the curve or group and sends its public key first. 1. Setup phase: 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. @@ -1149,7 +1149,7 @@ The legacy API offers the following flow for a Diffie-Hellman key agreement in a 4. Call `mbedtls_ecdh_read_public` or `mbedtls_dhm_read_public` on the peer's public key, then call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret. 5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`. -The corresponding flow with the PSA API is as follows: +The corresponding workflow with the PSA API is as follows: 1. Setup phase: 1. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”. @@ -1161,9 +1161,9 @@ The corresponding flow with the PSA API is as follows: Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). 5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair. -#### Translating a legacy key agreement TLS client flow +#### Translating a legacy key agreement TLS client workflow -The legacy API offers the following flow for a Diffie-Hellman key agreement in a TLS client. This flow can also be used with other protocols, on the side of the party that receives a message indicating both the choice of curve or group, and the peer's public key. +The legacy API offers the following workflow for a Diffie-Hellman key agreement in a TLS client. This workflow can also be used with other protocols, on the side of the party that receives a message indicating both the choice of curve or group, and the peer's public key. 1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. @@ -1173,7 +1173,7 @@ The legacy API offers the following flow for a Diffie-Hellman key agreement in a 4. Call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret. 5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`. -The corresponding flow with the PSA API is as follows: +The corresponding workflow with the PSA API is as follows: 1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: 1. Decode the selected curve/group and use this to determine a PSA key type (`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)` or `PSA_KEY_TYPE_DH_KEY_PAIR(group)`), a key size and an algorithm. From d921391bf4d6d9783b3cf41e8f3018bc478774b4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Dec 2023 22:35:34 +0100 Subject: [PATCH 182/653] Note a few things about PAKE (thanks Manuel) Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 184dcef4e5..fdf6cdae52 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -1304,3 +1304,9 @@ In Mbed TLS 4.0, we are planning to keep the ASN.1 interfaces mostly unchanged. ## EC-JPAKE The PSA API exposes EC-JPAKE via the algorithm [`PSA_ALG_JPAKE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#c.PSA_ALG_JPAKE) and the PAKE API functions. At the time of writing, the PAKE API is still experimental, but it should offer the same functionality as the legacy `ecjpake.h`. Please consult the documentation of your version of Mbed TLS for more information. + +Please note a few differences between the two APIs: the legacy API is geared towards the use of EC-JPAKE in TLS 1.2, whereas the PSA API is protocol-agnostic. + +* The PSA API is finer-grained and offers more flexibility in message ordering. Where the legacy API makes a single function call, the PSA API may require multiple calls. +* The legacy API uses the TLS 1.2 wire format in the input or output format of several functions. In particular, one of the messages embeds the curve identifier in the TLS protocol. The PSA API uses protocol-agnostic formats. +* The legacy API always applies the key derivation specified by TLS 1.2 to the shared secret. With the PSA API, use a key derivation with `PSA_ALG_TLS12_ECJPAKE_TO_PMS` for the same calculation. From 76bc64e101b5321f89e5cfeabccc9a61c89de969 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Dec 2023 22:49:18 +0100 Subject: [PATCH 183/653] Diffie-Hellman: several clarifications and corrections Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index fdf6cdae52..cb76c3d579 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -1115,9 +1115,8 @@ A typical workflow for ECDH using the legacy API without a context object is: 2. Call `mbedtls_ecp_group_load` on `grp` to select the curve. 3. Call `mbedtls_ecdh_gen_public` on `grp`, `our_priv` (output) and `our_pub` (output) to generate a key pair and retrieve the corresponding public key. 4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order. -5. Call `mbedtls_ecdh_compute_shared` on `grp`, `z` (output), `their_pub` and `our_priv`. -6. Use the raw shared secret `z`, typically, to construct a shared key. -7. Free `grp`, `our_priv`, `our_pub`, `their_pub` and `z`. +5. Call `mbedtls_ecdh_compute_shared` on `grp`, `z` (output), `their_pub` and `our_priv`. Use the raw shared secret `z`, typically, to construct a shared key. +6. Free `grp`, `our_priv`, `our_pub`, `their_pub` and `z`. The corresponding workflow with the PSA API is as follows: @@ -1134,11 +1133,11 @@ The corresponding workflow with the PSA API is as follows: Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). 6. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) on `key_id`, and free the memory buffers. -Steps 4–5 are only performed once for ephemeral Diffie-Hellman, but repeated multiple times for static Diffie-Hellman. +Steps 4–6 are only performed once for a "true" ephemeral Diffie-Hellman. They may be repeated multiple times for a "fake ephemeral" Diffie-Hellman where the same private key is used for multiple key exchanges, but it not saved. -#### Translating a legacy key agreement TLS server workflow +#### Translating a legacy ephemeral key agreement TLS server workflow -The legacy API offers the following workflow for a Diffie-Hellman key agreement in a TLS server. This workflow can also be used with other protocols, on the side of the party that selects the curve or group and sends its public key first. +The legacy API offers the following workflow for an ephemeral Diffie-Hellman key agreement in a TLS 1.2 server. The PSA version of this workflow can also be used with other protocols, on the side of the party that selects the curve or group and sends its public key first. 1. Setup phase: 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. @@ -1161,9 +1160,9 @@ The corresponding workflow with the PSA API is as follows: Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). 5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair. -#### Translating a legacy key agreement TLS client workflow +#### Translating a legacy ephemeral key agreement TLS client workflow -The legacy API offers the following workflow for a Diffie-Hellman key agreement in a TLS client. This workflow can also be used with other protocols, on the side of the party that receives a message indicating both the choice of curve or group, and the peer's public key. +The legacy API offers the following workflow for an ephemeral Diffie-Hellman key agreement in a TLS 1.2 client. The PSA version of this workflow can also be used with other protocols, on the side of the party that receives a message indicating both the choice of curve or group, and the peer's public key. 1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. @@ -1206,7 +1205,7 @@ The PSA API for finite-field Diffie-Hellman only supports predefined groups. The #### Restartable key agreement -Restartable key agreement is not yet available through the PSA API. It will be added in a future version of the library. +Restartable key agreement (enabled by `mbedtls_ecdh_enable_restart`) is not yet available through the PSA API. It will be added under the name “interruptible key agreement” in a future version of the library, with an interface that's similar to the interruptible signature interface described in “[Restartable ECDSA signature](#restartable-ecdsa-signature)”. ### Additional information about Elliptic-curve cryptography From 32dfaf485c1f606391161ce2212555bfd6bcd537 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Dec 2023 23:14:25 +0100 Subject: [PATCH 184/653] More information about output buffer sizes Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index cb76c3d579..e9261c782c 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -75,6 +75,10 @@ Mbed TLS functions return a status of type `int`: 0 for success (or occasionally PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/#group__error_1ga05676e70ba5c6a7565aff3c36677c1f9): `PSA_SUCCESS == 0` for success, or a negative value [`PSA_ERROR_xxx`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/) indicating an error. +### Memory management + +Functions that output data require an output buffer of sufficient size. For all PSA crypto API functions that have an output buffer, there is a corresponding macro, generally called `PSA_XXX_OUTPUT_SIZE`, that calculates a sufficient size for the output buffer, given the relevant parameters. In some cases, there may be macros with less precision which can be resolved at compile time. For example, for the size of a buffer containing a hash, you can use `PSA_HASH_LENGTH(hash_alg)` where `hash_alg` is a specific hash algorithm, or `PSA_HASH_MAX_SIZE` for a buffer that is long enough for any supported hash. See the relevant sections of this document and of the reference documentation for more details. + ## Summary of API modules | Header | Function prefix | PSA equivalent | @@ -338,16 +342,16 @@ Recall the workflow of an unauthenticated cipher operation in the legacy Mbed TL For a one-shot operation (where the whole plaintext or ciphertext is passed as a single input), the equivalent workflow with the PSA API is to call a single function: -* [`psa_cipher_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga61f02fbfa681c2659546eca52277dbf1) to perform encryption with a random IV of the default size (indicated by [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH)). (To encrypt with a specified IV, use the multi-part API described below.) You can use the macro [`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. -* [`psa_cipher_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gab3593f5f14d8c0431dd306d80929215e) to perform decryption with a specified IV. You can use the macro [`PSA_CIPHER_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. +* [`psa_cipher_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga61f02fbfa681c2659546eca52277dbf1) to perform encryption with a random IV of the default size (indicated by [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH)). (To encrypt with a specified IV, use the multi-part API described below.) You can use the macro [`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. +* [`psa_cipher_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gab3593f5f14d8c0431dd306d80929215e) to perform decryption with a specified IV. You can use the macro [`PSA_CIPHER_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. For a multi-part operation, the equivalent workflow with the PSA API is as follows: 1. Create an operation object of type [`psa_cipher_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1399de29db657e3737bb09927aae51fa) and zero-initialize it (or use the corresponding `INIT` macro). 2. Select the key and algorithm with [`psa_cipher_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga587374c0eb8137a572f8e2fc409bb2b4) or [`psa_cipher_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaa4ba3a167066eaef2ea49abc5dcd1d4b) depending on the desired direction. 3. When encrypting with a random IV, use [`psa_cipher_generate_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga29fd7d32a5729226a2f73e7b6487bd8a). When encrypting with a chosen IV, or when decrypting, set the IV with [`psa_cipher_set_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga9caddac1a429a5032d6d4a907fb70ba1). Skip this step with ECB since it does not use an IV. -4. Call [`psa_cipher_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gac3ca27ac6682917c48247d01fd96cd0f) as many times as needed. You can use [`PSA_CIPHER_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE) or [`PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ab1f6598efd6a7dc56e7ad7e34719eb32) to determine the size of the output buffer. -5. Call [`psa_cipher_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1dcb58b8befe23f8a4d7a1d49c99249b) to obtain the last part of the output. You can use [`PSA_CIPHER_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_SIZE) or [`PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE) to determine the size of the output buffer. +4. Call [`psa_cipher_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gac3ca27ac6682917c48247d01fd96cd0f) as many times as needed. You can use [`PSA_CIPHER_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE) or [`PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ab1f6598efd6a7dc56e7ad7e34719eb32) to determine a sufficient size for the output buffer. +5. Call [`psa_cipher_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1dcb58b8befe23f8a4d7a1d49c99249b) to obtain the last part of the output. You can use [`PSA_CIPHER_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_SIZE) or [`PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_cipher_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaad482cdca2098bca0620596aaa02eaa4). @@ -367,8 +371,8 @@ Steps 3–6 can be replaced by a single call to `mbedtls_cipher_auth_encrypt_ext For a one-shot operation, the PSA API allows you to call a single function: -* [`psa_aead_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae72e1eb3c2da3ebd843bb9c8db8df509) to perform authenticated encryption with a random nonce of the default size (indicated by [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH)), with the authentication tag written at the end of the output. (To encrypt with a specified nonce, or to separate the tag from the rest of the ciphertext, use the multi-part API described below.) You can use the macro [`PSA_AEAD_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE) or [`PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. -* [`psa_aead_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae799f6196a22d50c216c947e0320d3ba) to perform authenticated decryption of a ciphertext with the authentication tag at the end. (If the tag is separate, use the multi-part API described below.) You can use the macro [`PSA_AEAD_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. +* [`psa_aead_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae72e1eb3c2da3ebd843bb9c8db8df509) to perform authenticated encryption with a random nonce of the default size (indicated by [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH)), with the authentication tag written at the end of the output. (To encrypt with a specified nonce, or to separate the tag from the rest of the ciphertext, use the multi-part API described below.) You can use the macro [`PSA_AEAD_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE) or [`PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. +* [`psa_aead_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae799f6196a22d50c216c947e0320d3ba) to perform authenticated decryption of a ciphertext with the authentication tag at the end. (If the tag is separate, use the multi-part API described below.) You can use the macro [`PSA_AEAD_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. For a multi-part operation, the equivalent workflow with the PSA API is as follows: @@ -376,10 +380,10 @@ For a multi-part operation, the equivalent workflow with the PSA API is as follo 2. Select the key and algorithm with [`psa_aead_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga2732c40ce8f3619d41359a329e9b46c4) or [`psa_aead_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaaa5c5018e67a7a6514b7e76b9a14de26) depending on the desired direction. 3. When encrypting with a random nonce, use [`psa_aead_generate_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga5799df1c555efd35970b65be51cb07d1). When encrypting with a chosen nonce, or when decrypting, set the nonce with [`psa_aead_set_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga59132751a6f843d038924cb217b5e13b). If the algorithm is CCM, you must also call [`psa_aead_set_lengths`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gad3431e28d05002c2a7b0760610176050) before or after setting the nonce (for other algorithms, this is permitted but not needed). 4. Call [`psa_aead_update_ad`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga6d0eed03f832e5c9c91cb8adf2882569) as many times as needed. -5. Call [`psa_aead_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaf6d49864951ca42136b4a9b71ea26e5c) as many times as needed. You can use [`PSA_AEAD_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_SIZE) or [`PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE) to determine the size of the output buffer. +5. Call [`psa_aead_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaf6d49864951ca42136b4a9b71ea26e5c) as many times as needed. You can use [`PSA_AEAD_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_SIZE) or [`PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. 6. Finally: - * When encrypting, call [`psa_aead_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga759791bbe1763b377c3b5447641f1fc8) to obtain the last part of the ciphertext and the authentication tag. You can use [`PSA_AEAD_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_SIZE) or [`PSA_AEAD_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE) to determine the size of the output buffer. - * When decrypting, call [`psa_aead_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae0280e2e61a185b893c36d858453f0d0) to obtain the last part of the plaintext and check the authentication tag. You can use [`PSA_AEAD_VERIFY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_SIZE) or [`PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE) to determine the size of the output buffer. + * When encrypting, call [`psa_aead_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga759791bbe1763b377c3b5447641f1fc8) to obtain the last part of the ciphertext and the authentication tag. You can use [`PSA_AEAD_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_SIZE) or [`PSA_AEAD_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. + * When decrypting, call [`psa_aead_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae0280e2e61a185b893c36d858453f0d0) to obtain the last part of the plaintext and check the authentication tag. You can use [`PSA_AEAD_VERIFY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_SIZE) or [`PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. If you need to interrupt the operation after calling the setup function without calling the finish or verify function, call [`psa_aead_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae8a5f93d92318c8f592ee9fbb9d36ba0). @@ -924,7 +928,7 @@ You can wrap a PSA key object in a PK key context with `mbedtls_pk_setup_opaque` The equivalent of `mbedtls_pk_sign` or `mbedtls_pk_sign_ext` to sign an already calculated hash is [`psa_sign_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga785e746a31a7b2a35ae5175c5ace3c5c). The key must be a key pair allowing the usage `PSA_KEY_USAGE_SIGN_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -Use [`PSA_SIGN_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGN_OUTPUT_SIZE) or [`PSA_SIGNATURE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGNATURE_MAX_SIZE) (similar to `MBEDTLS_PK_SIGNATURE_MAX_SIZE`) to determine the size of the output buffer. +Use [`PSA_SIGN_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGN_OUTPUT_SIZE) or [`PSA_SIGNATURE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGNATURE_MAX_SIZE) (similar to `MBEDTLS_PK_SIGNATURE_MAX_SIZE`) to determine a sufficient size for the output buffer. This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext` and `mbedtls_ecdsa_write_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details. The equivalent of `mbedtls_pk_verify` or `mbedtls_pk_verify_ext` to verify an already calculated hash is [`psa_verify_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gae2ffbf01e5266391aff22b101a49f5f5). @@ -1095,10 +1099,10 @@ Here is an overview of the lifecycle of a key object. #### Performing a key agreement Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain the public key that needs to be sent to the other party. -Use the macros [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to determine the size of the output buffer. +Use the macros [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to determine a sufficient size for the output buffer. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to calculate the shared secret from your private key and the other party's public key. -Use the macros [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) to determine the size of the output buffer. +Use the macros [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. Call [`psa_key_derivation_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga2cd5a8ac906747d3204ec442db78745f) instead of `psa_raw_key_agreement` to use the resulting shared secret as the secret input to a key derivation. See “[HKDF](#hkdf)” for an example of the key derivation interface. From e5044a0eb2a1b23d69045d2e10e264f4bd16ff0e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Dec 2023 23:14:45 +0100 Subject: [PATCH 185/653] Add a generic section about key management Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index e9261c782c..d0a0de6565 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -77,8 +77,28 @@ PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthed ### Memory management +Apart from keys, as described in “[Key management](#key-management)” below, APIs that need to preserve state between function calls store this state in a structure allocated by the calling code. For example, multipart operations store state in a multipart operation object. + +All PSA operation objects must be zero-initialized (or equivalently, initialized with the provided `PSA_XXX_INIT` macro or `psa_xxx_init()` function) before calling any API function. + Functions that output data require an output buffer of sufficient size. For all PSA crypto API functions that have an output buffer, there is a corresponding macro, generally called `PSA_XXX_OUTPUT_SIZE`, that calculates a sufficient size for the output buffer, given the relevant parameters. In some cases, there may be macros with less precision which can be resolved at compile time. For example, for the size of a buffer containing a hash, you can use `PSA_HASH_LENGTH(hash_alg)` where `hash_alg` is a specific hash algorithm, or `PSA_HASH_MAX_SIZE` for a buffer that is long enough for any supported hash. See the relevant sections of this document and of the reference documentation for more details. +#### Key management + +One of the major differences between the legacy API and the PSA API is that in the PSA API, access to keys is indirect. Operations that require a key take a parameter of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t), which is an identifier for the key. This allows the API to be used with keys that are not directly accessible to the application, for example because they are stored in a secure environment that does not allow the key material to be exported. + +To use a key: + +1. First create a key object with a key creation function. The two most common ones are [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) if you have the key material available and [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) to create a random key. The key creation function has the key identifier as an output parameter. +2. Use the key as desired, passing the key identifier obtained during the key creation. +3. Finally destroy the key object with [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2). + +See “[Cipher key management](#cipher-key-management)”, “[MAC key management](#mac-key-management)”, “[Key lifecycle for asymmetric cryptography](#key-lifecycle-for-asymmetric-cryptography)”, “[Creating keys for asymmetric cryptography](#creating-keys-for-asymmetric-cryptography)” and “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)” for more details about key management in specific workflows, including information about choosing the key's attributes. + +If you need access to the key material, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf). If you need the public key corresponding to a key pair object, call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062). + +Note that a key consumes a key store entry, which is distinct from heap memory, until it is destroyed or the application exits. (This is not true for persistent keys, which instead consume disk space. Since persistent keys have no analog in the legacy API, we will not discuss them further in this document.) + ## Summary of API modules | Header | Function prefix | PSA equivalent | From b55f9eb5c5eadf802a02541fbac659564113ad67 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 5 Dec 2023 10:27:17 +0800 Subject: [PATCH 186/653] fix various issues - remove unnecessary statements - improve macro name - improve output message Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 1c359a2685..fcf57f06df 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1889,11 +1889,9 @@ static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl) return ret; } } - #endif /* MBEDTLS_SSL_EARLY_DATA */ return 0; - } /* @@ -2801,19 +2799,12 @@ static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) static void ssl_tls13_prepare_for_handshake_second_flight( mbedtls_ssl_context *ssl) { - MBEDTLS_SSL_DEBUG_MSG( - 2, ("=> ssl_tls13_prepare_for_handshake_second_flight")); - if (ssl->handshake->certificate_request_sent) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate")); - MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify")); + MBEDTLS_SSL_DEBUG_MSG(2, ("Skip certificate and certificate verify parsing")); mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); } - - MBEDTLS_SSL_DEBUG_MSG( - 2, ("<= ssl_tls13_prepare_for_handshake_second_flight")); } /* @@ -2864,13 +2855,13 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA */ #define SSL_GOT_END_OF_EARLY_DATA 0 -#define SSL_GOT_APPLICATION_DATA 1 +#define SSL_GOT_EARLY_DATA 1 /* Coordination: * Deals with the ambiguity of not knowing if the next message is an * EndOfEarlyData message or an application message containing early data. * Returns a negative code on failure, or * - SSL_GOT_END_OF_EARLY_DATA - * - SSL_GOT_APPLICATION_DATA + * - SSL_GOT_EARLY_DATA * indicating which message is received. */ MBEDTLS_CHECK_RETURN_CRITICAL @@ -2886,17 +2877,15 @@ static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) { - MBEDTLS_SSL_DEBUG_MSG(3, ("got end_of_early_data message.")); + MBEDTLS_SSL_DEBUG_MSG(3, ("Received an end_of_early_data message.")); return SSL_GOT_END_OF_EARLY_DATA; } if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { - MBEDTLS_SSL_DEBUG_MSG(3, ("got application_data message")); - return SSL_GOT_APPLICATION_DATA; + MBEDTLS_SSL_DEBUG_MSG(3, ("Received early data")); + return SSL_GOT_EARLY_DATA; } - MBEDTLS_SSL_DEBUG_MSG(1, ("got unexpected message.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; @@ -2911,7 +2900,6 @@ static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl, * * struct {} EndOfEarlyData; */ - ((void) ssl); if (buf != end) { MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, MBEDTLS_ERR_SSL_DECODE_ERROR); @@ -3020,7 +3008,7 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) ssl_tls13_prepare_for_handshake_second_flight(ssl); - } else if (ret == SSL_GOT_APPLICATION_DATA) { + } else if (ret == SSL_GOT_EARLY_DATA) { MBEDTLS_SSL_PROC_CHK(ssl_tls13_process_early_application_data(ssl)); } else { MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); From ebb1b1d48f810558d63149ec4ca8c3e30a1fb1c1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 5 Dec 2023 11:02:15 +0800 Subject: [PATCH 187/653] fix ci test failure "skip parse certificate verify" can not be changed. It is used in `Authentication: client badcert, server none` test. Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index fcf57f06df..32893acac8 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2802,7 +2802,10 @@ static void ssl_tls13_prepare_for_handshake_second_flight( if (ssl->handshake->certificate_request_sent) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("Skip certificate and certificate verify parsing")); + MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify")); + MBEDTLS_SSL_DEBUG_MSG( + 2, ("Skip certificate and certificate verify parsing")); + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); } } From 70fbdcf904605fd1a53c4f6e5ff7415a753ee458 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 4 Dec 2023 08:46:02 +0000 Subject: [PATCH 188/653] Change early data flag to input file Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 83 +++++++++++++++++++++++++------ tests/opt-testcases/tls13-misc.sh | 4 +- 2 files changed, 70 insertions(+), 17 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f6a6bb6d9d..ecf2256882 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -52,7 +52,7 @@ int main(void) #define DFL_KEY_OPAQUE 0 #define DFL_KEY_PWD "" #define DFL_PSK "" -#define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED +#define DFL_EARLY_DATA_FILE "" #define DFL_PSK_OPAQUE 0 #define DFL_PSK_IDENTITY "Client_identity" #define DFL_ECJPAKE_PW NULL @@ -347,8 +347,9 @@ int main(void) #if defined(MBEDTLS_SSL_EARLY_DATA) #define USAGE_EARLY_DATA \ - " early_data=%%d default: 0 (disabled)\n" \ - " options: 0 (disabled), 1 (enabled)\n" + " early_data=%%s The file path to read early data from\n" \ + " default: \"\" (do nothing)\n" \ + " option: a file path\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -543,7 +544,7 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ #if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data; /* support for early data */ + const char *early_data_file; /* the file path of early data */ #endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ @@ -716,6 +717,46 @@ exit: return ret; } +#if defined(MBEDTLS_SSL_EARLY_DATA) + +#define MBEDTLS_ERR_EARLY_FILE_IO_ERROR -2 + +int ssl_early_data_read_file(const char *path, unsigned char **buffer, size_t *length) +{ + FILE *f; + long size; + + if ((f = fopen(path, "rb")) == NULL) { + return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + } + + fseek(f, 0, SEEK_END); + if ((size = ftell(f)) == -1) { + fclose(f); + return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + } + fseek(f, 0, SEEK_SET); + + *length = (size_t) size; + if (*length + 1 == 0 || + (*buffer = mbedtls_calloc(1, *length + 1)) == NULL) { + fclose(f); + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + + if (fread(*buffer, 1, *length, f) != *length) { + fclose(f); + return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + } + + fclose(f); + + (*buffer)[*length] = '\0'; + + return 0; +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + int main(int argc, char *argv[]) { int ret = 0, len, tail_len, i, written, frags, retry_left; @@ -741,6 +782,10 @@ int main(int argc, char *argv[]) size_t cid_renego_len = 0; #endif +#if defined(MBEDTLS_SSL_EARLY_DATA) + unsigned char *early_data = NULL; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -912,7 +957,7 @@ int main(int argc, char *argv[]) opt.groups = DFL_GROUPS; opt.sig_algs = DFL_SIG_ALGS; #if defined(MBEDTLS_SSL_EARLY_DATA) - opt.early_data = DFL_EARLY_DATA; + opt.early_data_file = DFL_EARLY_DATA_FILE; #endif opt.transport = DFL_TRANSPORT; opt.hs_to_min = DFL_HS_TO_MIN; @@ -1196,15 +1241,7 @@ usage: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "early_data") == 0) { - switch (atoi(q)) { - case 0: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - case 1: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - break; - default: goto usage; - } + opt.early_data_file = q; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1971,7 +2008,16 @@ usage: } #if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_conf_early_data(&conf, opt.early_data); + int early_data_enabled = 0; + size_t early_data_len; + if (strlen(opt.early_data_file) > 0 && + ssl_early_data_read_file(opt.early_data_file, + &early_data, &early_data_len) == 0) { + early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; + } else { + early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; + } + mbedtls_ssl_conf_early_data(&conf, early_data_enabled); #endif /* MBEDTLS_SSL_EARLY_DATA */ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { @@ -3029,6 +3075,13 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ssl_session_free(&saved_session); +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (early_data != NULL) { + mbedtls_platform_zeroize(early_data, early_data_len); + } + mbedtls_free(early_data); +#endif + if (session_data != NULL) { mbedtls_platform_zeroize(session_data, session_data_len); } diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index f03a386a04..cf8aa745af 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -263,7 +263,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ --earlydata --maxearlydata 16384 --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ + "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ 0 \ -c "received max_early_data_size: 16384" \ -c "Reconnecting with saved session" \ @@ -287,7 +287,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ + "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1" \ 0 \ -c "Reconnecting with saved session" \ -C "NewSessionTicket: early_data(42) extension received." \ From 4ac2c1883465d3fac2e7e578c4e3569b1de8b886 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 5 Dec 2023 07:59:01 +0100 Subject: [PATCH 189/653] pk_wrap: try both ECDSA signature schemes in ecdsa_sign_psa() Instead of extracting key's properties in order to check whether it supports deterministic or non-deterministic ECDSA, we try both. Signed-off-by: Valerio Setti --- library/pk_wrap.c | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 182d07f72b..0fb3c42176 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -955,37 +955,34 @@ static int pk_ecdsa_sig_asn1_from_psa(unsigned char *sig, size_t *sig_len, return 0; } -/* Common helper for ECDSA sign using PSA functions. */ +/* Common helper for ECDSA sign using PSA functions. + * Instead of extracting key's properties in order to check which kind of ECDSA + * signature it supports, we try both deterministic and non-deterministic. + */ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status; - psa_algorithm_t psa_sig_md; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg, alg2; - status = psa_get_key_attributes(key_id, &key_attr); - if (status != PSA_SUCCESS) { + status = psa_sign_hash(key_id, + PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)), + hash, hash_len, sig, sig_size, sig_len); + if (status == PSA_SUCCESS) { + goto done; + } else if (status != PSA_ERROR_NOT_PERMITTED) { return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); } - alg = psa_get_key_algorithm(&key_attr); - alg2 = psa_get_key_enrollment_algorithm(&key_attr); - psa_reset_key_attributes(&key_attr); - if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) || PSA_ALG_IS_DETERMINISTIC_ECDSA(alg2)) { - psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); - } else { - psa_sig_md = PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); - } - - status = psa_sign_hash(key_id, psa_sig_md, hash, hash_len, - sig, sig_size, sig_len); + status = psa_sign_hash(key_id, + PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)), + hash, hash_len, sig, sig_size, sig_len); if (status != PSA_SUCCESS) { return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); } +done: ret = pk_ecdsa_sig_asn1_from_psa(sig, sig_len, sig_size); return ret; From 631e6bd221a75bf46cc9baaaaf5a9feefff56a49 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 5 Dec 2023 15:34:49 +0800 Subject: [PATCH 190/653] ChangeLog: add fix-tls13-server-min-version-check.txt Signed-off-by: Yanray Wang --- ChangeLog.d/fix-tls13-server-min-version-check.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix-tls13-server-min-version-check.txt diff --git a/ChangeLog.d/fix-tls13-server-min-version-check.txt b/ChangeLog.d/fix-tls13-server-min-version-check.txt new file mode 100644 index 0000000000..b05ad7c542 --- /dev/null +++ b/ChangeLog.d/fix-tls13-server-min-version-check.txt @@ -0,0 +1,4 @@ +Bugfix + * Add missing check for `min_tls_version` in TLS 1.3 server-side. + Without this, TLS 1.3 server may downgrade protocol to a TLS version + below its supported minimum TLS version. Fixes #8593. From 42020fb1862375ac4fa921cabe2cf8d987319444 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 5 Dec 2023 17:35:53 +0800 Subject: [PATCH 191/653] revert output message which used by testing Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 32893acac8..bfe805f496 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2802,9 +2802,8 @@ static void ssl_tls13_prepare_for_handshake_second_flight( if (ssl->handshake->certificate_request_sent) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate")); MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify")); - MBEDTLS_SSL_DEBUG_MSG( - 2, ("Skip certificate and certificate verify parsing")); mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); } From 9f55e8e44267ab76bcae94184716122b6729b517 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Dec 2023 22:21:09 +0100 Subject: [PATCH 192/653] Add a section about ALT implementations Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index d0a0de6565..acfd64ab19 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -226,6 +226,12 @@ When PSA Crypto mechanisms are implemented by the built-in code from Mbed TLS, t The PSA Crypto API may use accelerator drivers. In this case any options controlling the driver behavior are driver-specific. +### Alternative implementations (`MBEDTLS_xxx_ALT` options) + +In the Mbed TLS legacy interface, you can replace some cryptographic primitives and modes by an alternative implementation, by enabling configuration options of the form `MBEDTLS_xxx_ALT` and linking with your own implementation of the affected function or module. Alternative implementations remain supported in Mbed TLS 3.x even if the application code uses the PSA API. However, they will be removed from the next version of the library. + +The corresponding PSA feature is accelerator drivers. To implement an accelerator driver, see the [PSA cryptoprocessor driver example and guide](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-driver-example-and-guide.md). In an application that uses both the legacy interface and the PSA interface for the same mechanism, only some algorithms support calling a PSA driver from the legacy interface. See the [Guide to driver-only builds](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/driver-only-builds.md) for more information. + ### Self-tests There is currently [no PSA equivalent to the self-tests](https://github.com/Mbed-TLS/mbedtls/issues/7781) enabled by `MBEDTLS_SELF_TEST`. From 6c678d7543d47a2e1ba0a69e98b5ffd1b7020bf6 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 02:20:51 +0000 Subject: [PATCH 193/653] Improve the comments of early data input Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ecf2256882..64d2a1e39a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -348,8 +348,8 @@ int main(void) #if defined(MBEDTLS_SSL_EARLY_DATA) #define USAGE_EARLY_DATA \ " early_data=%%s The file path to read early data from\n" \ - " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " default: \"\" (do nothing)\n" \ + " option: a file path\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -544,7 +544,8 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ #if defined(MBEDTLS_SSL_EARLY_DATA) - const char *early_data_file; /* the file path of early data */ + const char *early_data_file; /* the path of the file containing the + * early data to send */ #endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ From b1db72923e1b9c08bcb19b526ad142f8340fdc2c Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 02:33:38 +0000 Subject: [PATCH 194/653] Rename the generic read functions to ssl_read_file_text Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 64d2a1e39a..d4ca4d824f 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -720,21 +720,22 @@ exit: #if defined(MBEDTLS_SSL_EARLY_DATA) -#define MBEDTLS_ERR_EARLY_FILE_IO_ERROR -2 +#define MBEDTLS_ERR_FILE_IO_ERROR -2 -int ssl_early_data_read_file(const char *path, unsigned char **buffer, size_t *length) +static int ssl_read_file_text(const char *path, + unsigned char **buffer, size_t *length) { FILE *f; long size; if ((f = fopen(path, "rb")) == NULL) { - return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + return MBEDTLS_ERR_FILE_IO_ERROR; } fseek(f, 0, SEEK_END); if ((size = ftell(f)) == -1) { fclose(f); - return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + return MBEDTLS_ERR_FILE_IO_ERROR; } fseek(f, 0, SEEK_SET); @@ -747,7 +748,7 @@ int ssl_early_data_read_file(const char *path, unsigned char **buffer, size_t *l if (fread(*buffer, 1, *length, f) != *length) { fclose(f); - return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + return MBEDTLS_ERR_FILE_IO_ERROR; } fclose(f); From eaebedb30b3810ff4dde12395d396a92740c847b Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 02:55:16 +0000 Subject: [PATCH 195/653] Refine the detect code to enable early data or not Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d4ca4d824f..848fa123d6 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2010,14 +2010,12 @@ usage: } #if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data_enabled = 0; + int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; size_t early_data_len; if (strlen(opt.early_data_file) > 0 && - ssl_early_data_read_file(opt.early_data_file, - &early_data, &early_data_len) == 0) { + ssl_read_file_text(opt.early_data_file, + &early_data, &early_data_len) == 0) { early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; - } else { - early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; } mbedtls_ssl_conf_early_data(&conf, early_data_enabled); #endif /* MBEDTLS_SSL_EARLY_DATA */ From f8fe11d14d5cfbfbd16589fc44aa974757b7db11 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 07:40:50 +0000 Subject: [PATCH 196/653] Remove the generic file read functions and simply the early data read Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 67 ++++++++------------------------------ 1 file changed, 14 insertions(+), 53 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 848fa123d6..297da65b2b 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -718,47 +718,6 @@ exit: return ret; } -#if defined(MBEDTLS_SSL_EARLY_DATA) - -#define MBEDTLS_ERR_FILE_IO_ERROR -2 - -static int ssl_read_file_text(const char *path, - unsigned char **buffer, size_t *length) -{ - FILE *f; - long size; - - if ((f = fopen(path, "rb")) == NULL) { - return MBEDTLS_ERR_FILE_IO_ERROR; - } - - fseek(f, 0, SEEK_END); - if ((size = ftell(f)) == -1) { - fclose(f); - return MBEDTLS_ERR_FILE_IO_ERROR; - } - fseek(f, 0, SEEK_SET); - - *length = (size_t) size; - if (*length + 1 == 0 || - (*buffer = mbedtls_calloc(1, *length + 1)) == NULL) { - fclose(f); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - if (fread(*buffer, 1, *length, f) != *length) { - fclose(f); - return MBEDTLS_ERR_FILE_IO_ERROR; - } - - fclose(f); - - (*buffer)[*length] = '\0'; - - return 0; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - int main(int argc, char *argv[]) { int ret = 0, len, tail_len, i, written, frags, retry_left; @@ -784,10 +743,6 @@ int main(int argc, char *argv[]) size_t cid_renego_len = 0; #endif -#if defined(MBEDTLS_SSL_EARLY_DATA) - unsigned char *early_data = NULL; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -2011,11 +1966,18 @@ usage: #if defined(MBEDTLS_SSL_EARLY_DATA) int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; - size_t early_data_len; - if (strlen(opt.early_data_file) > 0 && - ssl_read_file_text(opt.early_data_file, - &early_data, &early_data_len) == 0) { - early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; + FILE *early_data_fp = NULL; + size_t early_data_len = 0; + if (strlen(opt.early_data_file) > 0) { + if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { + mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", + opt.early_data_file); + goto exit; + } + early_data_len = fread(buf, 1, sizeof(buf), early_data_fp); + if (early_data_len > 0) { + early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; + } } mbedtls_ssl_conf_early_data(&conf, early_data_enabled); #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -3076,10 +3038,9 @@ exit: mbedtls_ssl_session_free(&saved_session); #if defined(MBEDTLS_SSL_EARLY_DATA) - if (early_data != NULL) { - mbedtls_platform_zeroize(early_data, early_data_len); + if (early_data_fp != NULL) { + fclose(early_data_fp); } - mbedtls_free(early_data); #endif if (session_data != NULL) { From fbbafa0d2d52d0b78ae52b9e66cb73058b285aa3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Dec 2023 10:07:34 +0100 Subject: [PATCH 197/653] pkparse: do not set key algorithm for Montgomery keys in pk_ecc_set_key() Signed-off-by: Valerio Setti --- library/pkparse.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index edebf92ff7..18498e5f0b 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -105,16 +105,21 @@ static int pk_ecc_set_key(mbedtls_pk_context *pk, { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_usage_t flags; psa_status_t status; psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); - psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); - psa_key_usage_t flags = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE; - /* Montgomery allows only ECDH, others ECDSA too */ - if (pk->ec_family != PSA_ECC_FAMILY_MONTGOMERY) { - flags |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE; - psa_set_key_enrollment_algorithm(&attributes, - MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(PSA_ALG_ANY_HASH)); + if (pk->ec_family == PSA_ECC_FAMILY_MONTGOMERY) { + /* Do not set algorithm here because Montgomery keys cannot do ECDSA and + * the PK module cannot do ECDH. When the key will be used in TLS for + * ECDH, it will be exported and then re-imported with proper flags + * and algorithm. */ + flags = PSA_KEY_USAGE_EXPORT; + } else { + psa_set_key_algorithm(&attributes, + MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(PSA_ALG_ANY_HASH)); + flags = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_EXPORT; } psa_set_key_usage_flags(&attributes, flags); From 611c717c02751b07870f482fcfd415ec38371f60 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 09:24:58 +0000 Subject: [PATCH 198/653] Sync the early_data option with internal parameters in ssl_client2 Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 297da65b2b..69f9d5131d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -544,8 +544,8 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ #if defined(MBEDTLS_SSL_EARLY_DATA) - const char *early_data_file; /* the path of the file containing the - * early data to send */ + const char *early_data; /* the path of the file containing the + * early data to send */ #endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ @@ -914,7 +914,7 @@ int main(int argc, char *argv[]) opt.groups = DFL_GROUPS; opt.sig_algs = DFL_SIG_ALGS; #if defined(MBEDTLS_SSL_EARLY_DATA) - opt.early_data_file = DFL_EARLY_DATA_FILE; + opt.early_data = DFL_EARLY_DATA_FILE; #endif opt.transport = DFL_TRANSPORT; opt.hs_to_min = DFL_HS_TO_MIN; @@ -1198,7 +1198,7 @@ usage: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "early_data") == 0) { - opt.early_data_file = q; + opt.early_data = q; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1968,10 +1968,10 @@ usage: int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; FILE *early_data_fp = NULL; size_t early_data_len = 0; - if (strlen(opt.early_data_file) > 0) { - if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { + if (strlen(opt.early_data) > 0) { + if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) { mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", - opt.early_data_file); + opt.early_data); goto exit; } early_data_len = fread(buf, 1, sizeof(buf), early_data_fp); From bced8bc8d7c77c76dd5cfd962cd97c15ba33cab3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Dec 2023 10:40:47 +0100 Subject: [PATCH 199/653] ssl_tls12_server: export/import PK parsed key in TLS side Instead of setting both algorithm and enrollement algorithm in the PK module when parsing the key: - for Weierstrass keys we only set ECDSA algorithm, - for Montgomery keys we don't set any algorithm. Reasons: - PK module can only do ECDSA and not ECDH - ECDH is only used in TLS - Montgomery keys cannot be used to do ECDSA, while Weierstrass ones can do both ECDSA and ECDH. So the idea is that once TLS needs the key to do ECDH (either Weierstrass and Montgomery), it exports the one parsed from the PK module and then re-imports it setting proper algorithm and flags. In this way the TLS module will own the new key so it will be its duty to clear it on exit. Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 49 ++++++++++++++++++++++++++++---------- 1 file changed, 36 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a07d0fb346..f9ce7a6b64 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2597,12 +2597,12 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) mbedtls_pk_context *pk; mbedtls_pk_type_t pk_type; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; + unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; + size_t key_len; #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) uint16_t tls_id = 0; psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - size_t key_len; mbedtls_ecp_group_id grp_id; - unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; mbedtls_ecp_keypair *key; #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ @@ -2625,22 +2625,41 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } - ssl->handshake->xxdh_psa_privkey = pk->priv_id; - - /* Key should not be destroyed in the TLS library */ - ssl->handshake->xxdh_psa_privkey_is_external = 1; - - status = psa_get_key_attributes(ssl->handshake->xxdh_psa_privkey, - &key_attributes); + /* Get the attributes of the key previously parsed by PK module in + * order to extract its type and length (in bits). */ + status = psa_get_key_attributes(pk->priv_id, &key_attributes); if (status != PSA_SUCCESS) { - ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return PSA_TO_MBEDTLS_ERR(status); + ret = PSA_TO_MBEDTLS_ERR(status); + goto exit; } - ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); - psa_reset_key_attributes(&key_attributes); + /* Now export and then re-import the same key with proper flags + * and algorithm. We also set key's type and bits that we just got + * above. */ + key_attributes = psa_key_attributes_init(); + psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); + psa_set_key_type(&key_attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); + psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); + + status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len); + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto exit; + } + status = psa_import_key(&key_attributes, buf, key_len, + &ssl->handshake->xxdh_psa_privkey); + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto exit; + } + + /* Set this key as owned by the TLS library: it will be its duty + * to clear it exit. */ + ssl->handshake->xxdh_psa_privkey_is_external = 0; ret = 0; break; @@ -2696,6 +2715,10 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } +exit: + psa_reset_key_attributes(&key_attributes); + mbedtls_platform_zeroize(buf, sizeof(buf)); + return ret; } #else /* MBEDTLS_USE_PSA_CRYPTO */ From 01da35e2c868ee7f324bad239d835b1670759b27 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 15:09:22 +0800 Subject: [PATCH 200/653] add early data extension of NST Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 69 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index bfe805f496..78a85633b9 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3195,6 +3195,49 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, return 0; } +#if defined(MBEDTLS_SSL_EARLY_DATA) +/* RFC 8446 section 4.2.10 + * + * struct { + * select ( Handshake.msg_type ) { + * case new_session_ticket: uint32 max_early_data_size; + * ... + * }; + * } EarlyDataIndication; + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_write_early_data_ext_of_nst(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *out_len) +{ + unsigned char *p = buf; + *out_len = 0; + + if ((ssl->session->ticket_flags & + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { + MBEDTLS_SSL_DEBUG_MSG( + 4, ("Skip early_data extension in NST for it is not allowed.")); + return 0; + } + + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 8); + + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); + MBEDTLS_PUT_UINT16_BE(4, p, 2); + MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); + MBEDTLS_SSL_DEBUG_MSG( + 4, ("Sent max_early_data_size=%u", + (unsigned int) ssl->conf->max_early_data_size)); + + *out_len = 8; + + mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); + + return 0; +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /* This function creates a NewSessionTicket message in the following format: * * struct { @@ -3232,10 +3275,20 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, mbedtls_ssl_session *session = ssl->session; size_t ticket_len; uint32_t ticket_lifetime; + unsigned char *p_extensions_len; + size_t output_len; + + ((void) output_len); *out_len = 0; MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg")); +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { + session->ticket_flags |= MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA; + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /* * ticket_lifetime 4 bytes * ticket_age_add 4 bytes @@ -3293,15 +3346,25 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, /* Ticket Extensions * - * Note: We currently don't have any extensions. - * Set length to zero. + * Extension extensions<0..2^16-2>; */ ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(0, p, 0); + p_extensions_len = p; p += 2; +#if defined(MBEDTLS_SSL_EARLY_DATA) + if ((ret = ssl_tls13_write_early_data_ext_of_nst( + ssl, p, end, &output_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_early_data_ext_of_nst", ret); + return ret; + } + p += output_len; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + + MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0); + *out_len = p - buf; MBEDTLS_SSL_DEBUG_BUF(4, "ticket", buf, *out_len); MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket")); From fceddb310e740605b389cf97035b8d9303fb4b58 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 15:30:34 +0800 Subject: [PATCH 201/653] Add early data permission check Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 78a85633b9..e3ee95b1c0 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1845,6 +1845,14 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) } + if (mbedtls_ssl_session_get_ticket_flags( + ssl->session_negotiate, + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { + MBEDTLS_SSL_DEBUG_MSG( + 1, + ("EarlyData: rejected, denied by ticket permission bits.")); + return; + } ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; From 3c2b21ed0e182586caab4954517149f5ca44a147 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 8 Feb 2023 16:39:13 +0800 Subject: [PATCH 202/653] Enable multi max_early_data_size value for connections For test purpose, we set different value for each session Signed-off-by: Jerry Yu --- programs/ssl/ssl_server2.c | 61 +++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 20 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c96128b94c..4ef2494682 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -122,7 +122,7 @@ int main(void) #define DFL_SNI NULL #define DFL_ALPN_STRING NULL #define DFL_GROUPS NULL -#define DFL_MAX_EARLY_DATA_SIZE 0 +#define DFL_MAX_EARLY_DATA_SIZE NULL #define DFL_SIG_ALGS NULL #define DFL_DHM_FILE NULL #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM @@ -427,11 +427,15 @@ int main(void) #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#define ARRAY_LENGTH(a) (sizeof(a)/sizeof(a[0])) #if defined(MBEDTLS_SSL_EARLY_DATA) + #define USAGE_EARLY_DATA \ - " max_early_data_size=%%d default: -1 (disabled)\n" \ - " options: -1 (disabled), " \ - " >= 0 (enabled, max amount of early data )\n" + " max_early_data_size=%%d default: -1 (disabled)\n" \ + " The max amount of 0-RTT data for 1st and 2nd connection\n" \ + " format: 1st_connection_value[,2nd_connection_value]\n" \ + " available values: < 0 (disabled), >= 0 (enabled).\n" \ + " The absolute value is the max amount of 0-RTT data.\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -556,6 +560,7 @@ int main(void) USAGE_GROUPS \ USAGE_SIG_ALGS \ USAGE_KEY_OPAQUE_ALGS \ + USAGE_EARLY_DATA \ "\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -693,7 +698,7 @@ struct options { const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ int reproducible; /* make communication reproducible */ - uint32_t max_early_data_size; /* max amount of early data */ + const char *max_early_data_size; /* max amount list of early data */ int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ int force_srtp_profile; /* SRTP protection profile to use or all */ @@ -1609,7 +1614,9 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_SRTP */ #if defined(MBEDTLS_SSL_EARLY_DATA) - int tls13_early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; + long long max_early_data_size_list[2]; + size_t max_early_data_size_count = 0; + size_t tls13_connection_counter = 0; #endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); @@ -1979,12 +1986,23 @@ usage: #endif #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "max_early_data_size") == 0) { - long long value = atoll(q); - tls13_early_data_enabled = - value >= 0 ? MBEDTLS_SSL_EARLY_DATA_ENABLED : - MBEDTLS_SSL_EARLY_DATA_DISABLED; - if (tls13_early_data_enabled) { - opt.max_early_data_size = atoi(q); + char *endptr, *str; + opt.max_early_data_size = q; + str = endptr = q; + for (size_t early_data_size_iter = 0; + early_data_size_iter < ARRAY_LENGTH(max_early_data_size_list); + early_data_size_iter++) { + long long value = strtoll(str, &endptr, 0); + if (str == endptr || (*endptr != ',' && *endptr != '\0')) { + mbedtls_printf("fail\n illegal digital number for max_early_data_size %s\n", + endptr); + goto exit; + } + max_early_data_size_list[max_early_data_size_count++] = value; + if (*endptr == '\0') { + break; + } + str = endptr + 1; } } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -2806,14 +2824,6 @@ usage: mbedtls_ssl_conf_cert_req_ca_list(&conf, opt.cert_req_ca_list); } -#if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_conf_early_data(&conf, tls13_early_data_enabled); - if (tls13_early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { - mbedtls_ssl_conf_max_early_data_size( - &conf, opt.max_early_data_size); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) /* exercise setting DN hints for server certificate request * (Intended for use where the client cert expected has been signed by @@ -3311,6 +3321,17 @@ usage: mbedtls_printf(" ok\n"); reset: + +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (tls13_connection_counter < max_early_data_size_count) { + long long max_early_data_size = max_early_data_size_list[tls13_connection_counter]; + mbedtls_ssl_conf_early_data( + &conf, max_early_data_size < 0 ? MBEDTLS_SSL_EARLY_DATA_DISABLED : + MBEDTLS_SSL_EARLY_DATA_ENABLED); + mbedtls_ssl_conf_max_early_data_size(&conf, (uint32_t) llabs(max_early_data_size)); + } + tls13_connection_counter++; +#endif /* MBEDTLS_SSL_EARLY_DATA */ #if !defined(_WIN32) if (received_sigterm) { mbedtls_printf(" interrupted by SIGTERM (not in net_accept())\n"); From 391c9433401a673b849e37ebbc4b5c985e650d1d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Nov 2023 12:46:58 +0800 Subject: [PATCH 203/653] Add tests for ticket early data permission bit Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-misc.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index e4df1fe2f0..5b624b5ec8 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -502,7 +502,7 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \ 1 \ -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension does not exist." \ + -s "EncryptedExtensions: early_data(42) extension does not exist." \ -s "NewSessionTicket: early_data(42) extension does not exist." \ -s "Last error was: -29056 - SSL - Verification of the message MAC failed" @@ -518,7 +518,10 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \ -d 10 -r --earlydata $EARLY_DATA_INPUT " \ 0 \ + -s "NewSessionTicket: early_data(42) extension exists." \ + -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ -s "ClientHello: early_data(42) extension exists." \ -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "NewSessionTicket: early_data(42) extension does not exist." \ -s "$( tail -1 $EARLY_DATA_INPUT )" + + From 3db60dfe5e9b6b1a377f488b898a6facac3dd003 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Nov 2023 16:39:10 +0800 Subject: [PATCH 204/653] rename nst early data write function Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e3ee95b1c0..9f4926a9fe 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3214,10 +3214,10 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, * } EarlyDataIndication; */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_early_data_ext_of_nst(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) +static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *out_len) { unsigned char *p = buf; *out_len = 0; @@ -3363,9 +3363,9 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, p += 2; #if defined(MBEDTLS_SSL_EARLY_DATA) - if ((ret = ssl_tls13_write_early_data_ext_of_nst( + if ((ret = ssl_tls13_write_nst_early_data_ext( ssl, p, end, &output_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_early_data_ext_of_nst", ret); + MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_nst_early_data_ext", ret); return ret; } p += output_len; From ea96ac3da97a3647b6d801a20ca524156c327757 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Nov 2023 17:06:36 +0800 Subject: [PATCH 205/653] fix various issues - get ticket_flags with function. - improve output message and check it. - improve `ssl_server2` help message Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 10 ++++++---- programs/ssl/ssl_server2.c | 4 +++- tests/opt-testcases/tls13-misc.sh | 2 -- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 9f4926a9fe..7a02c71690 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1850,7 +1850,8 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { MBEDTLS_SSL_DEBUG_MSG( 1, - ("EarlyData: rejected, denied by ticket permission bits.")); + ("EarlyData: rejected, early_data not allowed in ticket " + "permission bits.")); return; } @@ -3222,10 +3223,11 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *p = buf; *out_len = 0; - if ((ssl->session->ticket_flags & - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { + if (mbedtls_ssl_session_get_ticket_flags( + ssl->session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { MBEDTLS_SSL_DEBUG_MSG( - 4, ("Skip early_data extension in NST for it is not allowed.")); + 4, ("early_data not allowed, skip early_data extension in " + "NewSessionTicket")); return 0; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 4ef2494682..28cd33b115 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -435,7 +435,9 @@ int main(void) " The max amount of 0-RTT data for 1st and 2nd connection\n" \ " format: 1st_connection_value[,2nd_connection_value]\n" \ " available values: < 0 (disabled), >= 0 (enabled).\n" \ - " The absolute value is the max amount of 0-RTT data.\n" + " The absolute value is the max amount of 0-RTT data \n" \ + " up to UINT32_MAX. \n" + #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA */ diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 5b624b5ec8..74b6aa2d01 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -523,5 +523,3 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \ -s "ClientHello: early_data(42) extension exists." \ -s "EncryptedExtensions: early_data(42) extension exists." \ -s "$( tail -1 $EARLY_DATA_INPUT )" - - From 4da7c22cd67782f67f3fea523a474ce637b8194d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Nov 2023 17:30:43 +0800 Subject: [PATCH 206/653] add early data flag check function Signed-off-by: Jerry Yu --- library/ssl_misc.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index eae192bacb..36f332f8cc 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2795,6 +2795,13 @@ static inline unsigned int mbedtls_ssl_session_ticket_allow_psk_ephemeral( MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); } +static inline unsigned int mbedtls_ssl_session_ticket_allow_early_data( + mbedtls_ssl_session *session) +{ + return !mbedtls_ssl_session_check_ticket_flags(session, + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); +} + static inline void mbedtls_ssl_session_set_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { From c2b1bc4fb62ef7acd9e82aceeb8b6c88109fae5f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Nov 2023 10:08:13 +0800 Subject: [PATCH 207/653] replace early data permission check Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 6 ++---- library/ssl_tls13_server.c | 7 ++----- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 052df7e66e..bc8b161282 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -695,10 +695,8 @@ static int ssl_tls13_early_data_has_valid_ticket(mbedtls_ssl_context *ssl) mbedtls_ssl_session *session = ssl->session_negotiate; return ssl->handshake->resume && session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - (session->ticket_flags & - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) && - mbedtls_ssl_tls13_cipher_suite_is_offered( - ssl, session->ciphersuite); + mbedtls_ssl_session_ticket_allow_early_data(session) && + mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, session->ciphersuite); } #endif diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 7a02c71690..dd2bb69427 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1845,9 +1845,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) } - if (mbedtls_ssl_session_get_ticket_flags( - ssl->session_negotiate, - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { + if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session_negotiate)) { MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, early_data not allowed in ticket " @@ -3223,8 +3221,7 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *p = buf; *out_len = 0; - if (mbedtls_ssl_session_get_ticket_flags( - ssl->session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { + if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session)) { MBEDTLS_SSL_DEBUG_MSG( 4, ("early_data not allowed, skip early_data extension in " "NewSessionTicket")); From 10795a0c3b2b03e5dbfc82530fc855c43915bcb1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Nov 2023 12:29:17 +0800 Subject: [PATCH 208/653] replace ticket permission set Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index dd2bb69427..900ed006ee 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3292,7 +3292,8 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { - session->ticket_flags |= MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA; + mbedtls_ssl_session_set_ticket_flags( + session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); } #endif /* MBEDTLS_SSL_EARLY_DATA */ From db6fda71e588a20e77e3dd61ba0d18682b24aa76 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Nov 2023 12:40:20 +0800 Subject: [PATCH 209/653] improve early data comments Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 900ed006ee..df10cc64fd 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3206,10 +3206,10 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, /* RFC 8446 section 4.2.10 * * struct { - * select ( Handshake.msg_type ) { - * case new_session_ticket: uint32 max_early_data_size; - * ... - * }; + * select (Handshake.msg_type) { + * case new_session_ticket: uint32 max_early_data_size; + * ... + * }; * } EarlyDataIndication; */ MBEDTLS_CHECK_RETURN_CRITICAL From 525990fb62a9b72cc59e37e4a3342e4285f3c2f2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Nov 2023 14:51:18 +0800 Subject: [PATCH 210/653] set init value for max_early_data_size in session Signed-off-by: Jerry Yu --- library/ssl_tls.c | 3 +++ library/ssl_tls13_server.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4daf2e7eec..02e828e58c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1100,6 +1100,9 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) /* Initialize structures */ mbedtls_ssl_session_init(ssl->session_negotiate); ssl_handshake_params_init(ssl->handshake); +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) + ssl->session_negotiate->max_early_data_size = ssl->conf->max_early_data_size; +#endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_ssl_transform_init(ssl->transform_negotiate); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index df10cc64fd..c04b8bd461 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -564,6 +564,9 @@ static int ssl_tls13_parse_pre_shared_key_ext( #if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_session session; mbedtls_ssl_session_init(&session); +#if defined(MBEDTLS_SSL_EARLY_DATA) + session.max_early_data_size = ssl->conf->max_early_data_size; +#endif #endif MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, identities_end, 2 + 1 + 4); From d450fd25ae5f2935e1a8ce98b606b1b1e1846d2c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Nov 2023 16:38:00 +0800 Subject: [PATCH 211/653] change max_early_data_size source Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index c04b8bd461..4ce9670f8d 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3235,10 +3235,10 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); MBEDTLS_PUT_UINT16_BE(4, p, 2); - MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); + MBEDTLS_PUT_UINT32_BE(ssl->session->max_early_data_size, p, 4); MBEDTLS_SSL_DEBUG_MSG( 4, ("Sent max_early_data_size=%u", - (unsigned int) ssl->conf->max_early_data_size)); + (unsigned int) ssl->session->max_early_data_size)); *out_len = 8; From 2f5d93b1c9908cfa4c175e5ccd60ea5228e91201 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 17:27:55 +0800 Subject: [PATCH 212/653] Revert "set init value for max_early_data_size in session" This reverts commit 8b02d75ed1af883e135979d24e38c0847e66fede. Signed-off-by: Jerry Yu --- library/ssl_tls.c | 3 --- library/ssl_tls13_server.c | 3 --- 2 files changed, 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 02e828e58c..4daf2e7eec 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1100,9 +1100,6 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) /* Initialize structures */ mbedtls_ssl_session_init(ssl->session_negotiate); ssl_handshake_params_init(ssl->handshake); -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) - ssl->session_negotiate->max_early_data_size = ssl->conf->max_early_data_size; -#endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_ssl_transform_init(ssl->transform_negotiate); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4ce9670f8d..84129f729a 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -564,9 +564,6 @@ static int ssl_tls13_parse_pre_shared_key_ext( #if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_session session; mbedtls_ssl_session_init(&session); -#if defined(MBEDTLS_SSL_EARLY_DATA) - session.max_early_data_size = ssl->conf->max_early_data_size; -#endif #endif MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, identities_end, 2 + 1 + 4); From 930ce4cfac0f149ea4b4b40a5266fbd55d0d8e59 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 17:28:01 +0800 Subject: [PATCH 213/653] Revert "change max_early_data_size source" This reverts commit 3d8d6a770f3a0f3045820970bc4a5d6ee7df8e10. Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 84129f729a..df10cc64fd 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3232,10 +3232,10 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); MBEDTLS_PUT_UINT16_BE(4, p, 2); - MBEDTLS_PUT_UINT32_BE(ssl->session->max_early_data_size, p, 4); + MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); MBEDTLS_SSL_DEBUG_MSG( 4, ("Sent max_early_data_size=%u", - (unsigned int) ssl->session->max_early_data_size)); + (unsigned int) ssl->conf->max_early_data_size)); *out_len = 8; From f135bac89cfd4e92698cb623ca545a145f5ed4cc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 18:10:51 +0800 Subject: [PATCH 214/653] Add max_early_data_size check Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index df10cc64fd..d5f740e1e4 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3291,7 +3291,8 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg")); #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { + if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && + ssl->conf->max_early_data_size > 0) { mbedtls_ssl_session_set_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); } @@ -3363,12 +3364,17 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, p += 2; #if defined(MBEDTLS_SSL_EARLY_DATA) - if ((ret = ssl_tls13_write_nst_early_data_ext( - ssl, p, end, &output_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_nst_early_data_ext", ret); - return ret; + if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && + ssl->conf->max_early_data_size > 0) { + if ((ret = mbedtls_ssl_tls13_write_early_data_ext( + ssl, p, end, &output_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET( + 1, "mbedtls_ssl_tls13_write_early_data_ext", ret); + return ret; + } + p += output_len; } - p += output_len; + #endif /* MBEDTLS_SSL_EARLY_DATA */ MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0); From 1a160703f86c23e49bdc71fb70e77fa7ee4ee312 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 18:17:38 +0800 Subject: [PATCH 215/653] set max_early_data_size of ticket to keep consistent Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d5f740e1e4..18fbbc70da 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3295,6 +3295,9 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, ssl->conf->max_early_data_size > 0) { mbedtls_ssl_session_set_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); + /* In resumption connection, server get `max_early_data_size` from + * ticket. */ + session->max_early_data_size = ssl->conf->max_early_data_size; } #endif /* MBEDTLS_SSL_EARLY_DATA */ From 0069abc141fab9a262fa253c0cd2f34e9a167450 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 21:07:28 +0800 Subject: [PATCH 216/653] improve comments of new session ticket Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 18fbbc70da..133245baa6 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3262,12 +3262,13 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, * The following fields are placed inside the ticket by the * f_ticket_write() function: * - * - creation time (start) - * - flags (flags) + * - creation time (ticket_creation_time) + * - flags (ticket_flags) * - age add (ticket_age_add) - * - key (key) - * - key length (key_len) + * - key (resumption_key) + * - key length (resumption_key_len) * - ciphersuite (ciphersuite) + * - max_early_data_size (max_early_data_size) */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, From 5233539d9f6c0eb7132d95cf58e0a853f30bb16b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 18:06:06 +0800 Subject: [PATCH 217/653] share write_early_data_ext function Signed-off-by: Jerry Yu --- library/ssl_misc.h | 3 ++- library/ssl_tls13_client.c | 4 +++- library/ssl_tls13_generic.c | 34 ++++++++++++++++++++------ library/ssl_tls13_server.c | 48 +++---------------------------------- 4 files changed, 35 insertions(+), 54 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 36f332f8cc..8c3da4902c 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2115,7 +2115,8 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, - size_t *out_len); + size_t *out_len, + const mbedtls_ssl_session *session); #if defined(MBEDTLS_SSL_SRV_C) #define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index bc8b161282..fa6c4c6936 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1174,7 +1174,9 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, if (mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) && ssl_tls13_early_data_has_valid_ticket(ssl) && ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { - ret = mbedtls_ssl_tls13_write_early_data_ext(ssl, p, end, &ext_len); + + ret = mbedtls_ssl_tls13_write_early_data_ext( + ssl, p, end, &ext_len, NULL); if (ret != 0) { return ret; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index cc77a9438e..938bf808c8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1402,28 +1402,48 @@ cleanup: * * struct { * select ( Handshake.msg_type ) { - * ... + * case new_session_ticket: uint32 max_early_data_size; * case client_hello: Empty; * case encrypted_extensions: Empty; * }; * } EarlyDataIndication; + * + * We use `mbedtls_ssl_is_handshake_over()` to decide if `max_early_data_size` + * should be sent for `new_session_ticket` is post-handshake message. */ #if defined(MBEDTLS_SSL_EARLY_DATA) int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, - size_t *out_len) + size_t *out_len, + const mbedtls_ssl_session *session) { unsigned char *p = buf; - *out_len = 0; - ((void) ssl); - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); +#if defined(MBEDTLS_SSL_SRV_C) + const size_t needed = session != NULL ? 8 : 4; +#else + const size_t needed = 4; + ((void) session); +#endif + + *out_len = 0; + + MBEDTLS_SSL_CHK_BUF_PTR(p, end, needed); MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); - MBEDTLS_PUT_UINT16_BE(0, p, 2); + MBEDTLS_PUT_UINT16_BE(needed - 4, p, 2); - *out_len = 4; +#if defined(MBEDTLS_SSL_SRV_C) + if (session != NULL) { + MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 4); + MBEDTLS_SSL_DEBUG_MSG( + 4, ("Sent max_early_data_size=%u", + (unsigned int) session->max_early_data_size)); + } +#endif + + *out_len = needed; mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 133245baa6..addbbe1885 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2524,7 +2524,8 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { - ret = mbedtls_ssl_tls13_write_early_data_ext(ssl, p, end, &output_len); + ret = mbedtls_ssl_tls13_write_early_data_ext( + ssl, p, end, &output_len, NULL); if (ret != 0) { return ret; } @@ -3202,49 +3203,6 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, return 0; } -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* RFC 8446 section 4.2.10 - * - * struct { - * select (Handshake.msg_type) { - * case new_session_ticket: uint32 max_early_data_size; - * ... - * }; - * } EarlyDataIndication; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - *out_len = 0; - - if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session)) { - MBEDTLS_SSL_DEBUG_MSG( - 4, ("early_data not allowed, skip early_data extension in " - "NewSessionTicket")); - return 0; - } - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 8); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); - MBEDTLS_PUT_UINT16_BE(4, p, 2); - MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); - MBEDTLS_SSL_DEBUG_MSG( - 4, ("Sent max_early_data_size=%u", - (unsigned int) ssl->conf->max_early_data_size)); - - *out_len = 8; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); - - return 0; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - /* This function creates a NewSessionTicket message in the following format: * * struct { @@ -3371,7 +3329,7 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && ssl->conf->max_early_data_size > 0) { if ((ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, p, end, &output_len)) != 0) { + ssl, p, end, &output_len, session)) != 0) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_write_early_data_ext", ret); return ret; From db97163ac7fc1c81672d6a37846d24c60049811a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Nov 2023 15:27:59 +0800 Subject: [PATCH 218/653] add ticket max_early_data_size check Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index addbbe1885..e0cdf23232 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -247,6 +247,11 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( #endif /* MBEDTLS_HAVE_TIME */ +#if defined(MBEDTLS_SSL_EARLY_DATA) + MBEDTLS_SSL_DEBUG_MSG(2, ("ticket->max_early_data_size=%u", + (unsigned int) session->max_early_data_size)); +#endif + exit: if (ret != 0) { mbedtls_ssl_session_free(session); From 9e7f9bc253cb45c8a6a18700d28fcd9bcee2138c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Nov 2023 16:52:07 +0800 Subject: [PATCH 219/653] Add missing debug message Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e0cdf23232..22f8ab726a 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3340,6 +3340,10 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, return ret; } p += output_len; + } else { + MBEDTLS_SSL_DEBUG_MSG( + 4, ("early_data not allowed, " + "skip early_data extension in NewSessionTicket")); } #endif /* MBEDTLS_SSL_EARLY_DATA */ From ebe1de62f92ac41313830f21ee13ca611c122b9a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 28 Nov 2023 15:16:35 +0800 Subject: [PATCH 220/653] fix various issue - rename connection time variable - remove unnecessary comments Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 938bf808c8..f711e97474 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1407,9 +1407,6 @@ cleanup: * case encrypted_extensions: Empty; * }; * } EarlyDataIndication; - * - * We use `mbedtls_ssl_is_handshake_over()` to decide if `max_early_data_size` - * should be sent for `new_session_ticket` is post-handshake message. */ #if defined(MBEDTLS_SSL_EARLY_DATA) int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, From 163e12f7ffacae88b27ca164ac9c654b3f5f8b0f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 5 Dec 2023 10:37:23 +0800 Subject: [PATCH 221/653] remove assignment for `session->max_early_data_size` Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 22f8ab726a..6c49f8d524 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -247,11 +247,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( #endif /* MBEDTLS_HAVE_TIME */ -#if defined(MBEDTLS_SSL_EARLY_DATA) - MBEDTLS_SSL_DEBUG_MSG(2, ("ticket->max_early_data_size=%u", - (unsigned int) session->max_early_data_size)); -#endif - exit: if (ret != 0) { mbedtls_ssl_session_free(session); @@ -3259,9 +3254,6 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, ssl->conf->max_early_data_size > 0) { mbedtls_ssl_session_set_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); - /* In resumption connection, server get `max_early_data_size` from - * ticket. */ - session->max_early_data_size = ssl->conf->max_early_data_size; } #endif /* MBEDTLS_SSL_EARLY_DATA */ From c59c586ac4c761230107f2c58b57df6228d955ad Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 5 Dec 2023 10:40:49 +0800 Subject: [PATCH 222/653] change prototype of `write_early_data_ext` Signed-off-by: Jerry Yu --- library/ssl_misc.h | 4 ++-- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 14 +++++++------- library/ssl_tls13_server.c | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8c3da4902c..b9801a06c3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2113,10 +2113,10 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( #if defined(MBEDTLS_SSL_EARLY_DATA) int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, + int in_new_session_ticket, unsigned char *buf, const unsigned char *end, - size_t *out_len, - const mbedtls_ssl_session *session); + size_t *out_len); #if defined(MBEDTLS_SSL_SRV_C) #define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index fa6c4c6936..ae1136431e 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1176,7 +1176,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, p, end, &ext_len, NULL); + ssl, 0, p, end, &ext_len); if (ret != 0) { return ret; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f711e97474..fe2a2eba78 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1410,18 +1410,18 @@ cleanup: */ #if defined(MBEDTLS_SSL_EARLY_DATA) int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, + int in_new_session_ticket, unsigned char *buf, const unsigned char *end, - size_t *out_len, - const mbedtls_ssl_session *session) + size_t *out_len) { unsigned char *p = buf; #if defined(MBEDTLS_SSL_SRV_C) - const size_t needed = session != NULL ? 8 : 4; + const size_t needed = in_new_session_ticket ? 8 : 4; #else const size_t needed = 4; - ((void) session); + ((void) in_new_session_ticket); #endif *out_len = 0; @@ -1432,11 +1432,11 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE(needed - 4, p, 2); #if defined(MBEDTLS_SSL_SRV_C) - if (session != NULL) { - MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 4); + if (in_new_session_ticket) { + MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); MBEDTLS_SSL_DEBUG_MSG( 4, ("Sent max_early_data_size=%u", - (unsigned int) session->max_early_data_size)); + (unsigned int) ssl->conf->max_early_data_size)); } #endif diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6c49f8d524..39caa9baaf 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2525,7 +2525,7 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, p, end, &output_len, NULL); + ssl, 0, p, end, &output_len); if (ret != 0) { return ret; } @@ -3326,7 +3326,7 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && ssl->conf->max_early_data_size > 0) { if ((ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, p, end, &output_len, session)) != 0) { + ssl, 1, p, end, &output_len)) != 0) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_write_early_data_ext", ret); return ret; From 95648b0134d555e9c26c61eb7ace331f749a7ca7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 6 Dec 2023 15:03:34 +0800 Subject: [PATCH 223/653] Some minor improvement - move early data check to `prepare` - avoid `((void) output_len) - replace check with `session_ticket_allow` in 2nd place Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 39caa9baaf..fe7a674d66 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3137,6 +3137,15 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, mbedtls_ssl_session_set_ticket_flags( session, ssl->handshake->tls13_kex_modes); #endif + +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && + ssl->conf->max_early_data_size > 0) { + mbedtls_ssl_session_set_ticket_flags( + session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); /* Generate ticket_age_add */ @@ -3242,21 +3251,10 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, size_t ticket_len; uint32_t ticket_lifetime; unsigned char *p_extensions_len; - size_t output_len; - - ((void) output_len); *out_len = 0; MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg")); -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && - ssl->conf->max_early_data_size > 0) { - mbedtls_ssl_session_set_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - /* * ticket_lifetime 4 bytes * ticket_age_add 4 bytes @@ -3323,8 +3321,9 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, p += 2; #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && - ssl->conf->max_early_data_size > 0) { + if (mbedtls_ssl_session_ticket_allow_early_data(session)) { + size_t output_len; + if ((ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, 1, p, end, &output_len)) != 0) { MBEDTLS_SSL_DEBUG_RET( From 750e06743f4ecbb929dc28779bfb1081575589de Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 6 Dec 2023 15:43:23 +0800 Subject: [PATCH 224/653] remove misbehavior tests and code Signed-off-by: Jerry Yu --- programs/ssl/ssl_server2.c | 62 ++++++++++--------------------- tests/opt-testcases/tls13-misc.sh | 16 -------- 2 files changed, 20 insertions(+), 58 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 28cd33b115..e6ebd8e1df 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -122,7 +122,7 @@ int main(void) #define DFL_SNI NULL #define DFL_ALPN_STRING NULL #define DFL_GROUPS NULL -#define DFL_MAX_EARLY_DATA_SIZE NULL +#define DFL_MAX_EARLY_DATA_SIZE 0 #define DFL_SIG_ALGS NULL #define DFL_DHM_FILE NULL #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM @@ -427,17 +427,11 @@ int main(void) #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#define ARRAY_LENGTH(a) (sizeof(a)/sizeof(a[0])) #if defined(MBEDTLS_SSL_EARLY_DATA) - #define USAGE_EARLY_DATA \ - " max_early_data_size=%%d default: -1 (disabled)\n" \ - " The max amount of 0-RTT data for 1st and 2nd connection\n" \ - " format: 1st_connection_value[,2nd_connection_value]\n" \ - " available values: < 0 (disabled), >= 0 (enabled).\n" \ - " The absolute value is the max amount of 0-RTT data \n" \ - " up to UINT32_MAX. \n" - + " max_early_data_size=%%d default: -1 (disabled)\n" \ + " options: -1 (disabled), " \ + " >= 0 (enabled, max amount of early data )\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -700,7 +694,7 @@ struct options { const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ int reproducible; /* make communication reproducible */ - const char *max_early_data_size; /* max amount list of early data */ + uint32_t max_early_data_size; /* max amount of early data */ int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ int force_srtp_profile; /* SRTP protection profile to use or all */ @@ -1616,9 +1610,7 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_SRTP */ #if defined(MBEDTLS_SSL_EARLY_DATA) - long long max_early_data_size_list[2]; - size_t max_early_data_size_count = 0; - size_t tls13_connection_counter = 0; + int tls13_early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; #endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); @@ -1988,23 +1980,12 @@ usage: #endif #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "max_early_data_size") == 0) { - char *endptr, *str; - opt.max_early_data_size = q; - str = endptr = q; - for (size_t early_data_size_iter = 0; - early_data_size_iter < ARRAY_LENGTH(max_early_data_size_list); - early_data_size_iter++) { - long long value = strtoll(str, &endptr, 0); - if (str == endptr || (*endptr != ',' && *endptr != '\0')) { - mbedtls_printf("fail\n illegal digital number for max_early_data_size %s\n", - endptr); - goto exit; - } - max_early_data_size_list[max_early_data_size_count++] = value; - if (*endptr == '\0') { - break; - } - str = endptr + 1; + long long value = atoll(q); + tls13_early_data_enabled = + value >= 0 ? MBEDTLS_SSL_EARLY_DATA_ENABLED : + MBEDTLS_SSL_EARLY_DATA_DISABLED; + if (tls13_early_data_enabled) { + opt.max_early_data_size = atoi(q); } } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -2826,6 +2807,14 @@ usage: mbedtls_ssl_conf_cert_req_ca_list(&conf, opt.cert_req_ca_list); } +#if defined(MBEDTLS_SSL_EARLY_DATA) + mbedtls_ssl_conf_early_data(&conf, tls13_early_data_enabled); + if (tls13_early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { + mbedtls_ssl_conf_max_early_data_size( + &conf, opt.max_early_data_size); + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) /* exercise setting DN hints for server certificate request * (Intended for use where the client cert expected has been signed by @@ -3323,17 +3312,6 @@ usage: mbedtls_printf(" ok\n"); reset: - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (tls13_connection_counter < max_early_data_size_count) { - long long max_early_data_size = max_early_data_size_list[tls13_connection_counter]; - mbedtls_ssl_conf_early_data( - &conf, max_early_data_size < 0 ? MBEDTLS_SSL_EARLY_DATA_DISABLED : - MBEDTLS_SSL_EARLY_DATA_ENABLED); - mbedtls_ssl_conf_max_early_data_size(&conf, (uint32_t) llabs(max_early_data_size)); - } - tls13_connection_counter++; -#endif /* MBEDTLS_SSL_EARLY_DATA */ #if !defined(_WIN32) if (received_sigterm) { mbedtls_printf(" interrupted by SIGTERM (not in net_accept())\n"); diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 74b6aa2d01..a4742030bc 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -490,22 +490,6 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \ EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 )) EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 )) -requires_gnutls_next -requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ - "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=-1" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \ - 1 \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension does not exist." \ - -s "NewSessionTicket: early_data(42) extension does not exist." \ - -s "Last error was: -29056 - SSL - Verification of the message MAC failed" - requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ From 2bd53667d6d7d3d3f47e9abaf660bc86668d264d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 5 Dec 2023 10:14:06 +0100 Subject: [PATCH 225/653] pk: guard key enrollment function with PSA_CRYPTO_CLIENT Use key enrollment function only when MBEDTLS_PSA_CRYPTO_CLIENT is enabled, i.e. when the Mbed TLS implementation of PSA Crypto is being used. Signed-off-by: Valerio Setti --- library/pk.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/library/pk.c b/library/pk.c index 5a1698f123..957f64ed1e 100644 --- a/library/pk.c +++ b/library/pk.c @@ -311,7 +311,6 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, } psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t key_alg, key_alg2; psa_status_t status; status = psa_get_key_attributes(ctx->priv_id, &attributes); @@ -319,8 +318,15 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, return 0; } - key_alg = psa_get_key_algorithm(&attributes); - key_alg2 = psa_get_key_enrollment_algorithm(&attributes); + psa_algorithm_t key_alg = psa_get_key_algorithm(&attributes); + /* Key's enrollment is available only when MBEDTLS_PSA_CRYPTO_CLIENT is + * defined, i.e. when the Mbed TLS implementation of PSA Crypto is being used. + * Even though we don't officially support using other implementations of PSA + * Crypto with TLS and X.509 (yet), we're still trying to simplify the life of + * people who would like to try it before it's officially supported. */ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) + psa_algorithm_t key_alg2 = psa_get_key_enrollment_algorithm(&attributes); +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ key_usage = psa_get_key_usage_flags(&attributes); psa_reset_key_attributes(&attributes); @@ -329,18 +335,23 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, } /* - * Common case: the key alg or alg2 only allows alg. + * Common case: the key alg [or alg2] only allows alg. * This will match PSA_ALG_RSA_PKCS1V15_CRYPT & PSA_ALG_IS_ECDH * directly. * This would also match ECDSA/RSA_PKCS1V15_SIGN/RSA_PSS with - * a fixed hash on key_alg/key_alg2. + * a fixed hash on key_alg [or key_alg2]. */ - if (alg == key_alg || alg == key_alg2) { + if (alg == key_alg) { return 1; } +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) + if (alg == key_alg2) { + return 1; + } +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /* - * If key_alg or key_alg2 is a hash-and-sign with a wildcard for the hash, + * If key_alg [or key_alg2] is a hash-and-sign with a wildcard for the hash, * and alg is the same hash-and-sign family with any hash, * then alg is compliant with this key alg */ @@ -351,12 +362,13 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, (alg & ~PSA_ALG_HASH_MASK) == (key_alg & ~PSA_ALG_HASH_MASK)) { return 1; } - +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) if (PSA_ALG_IS_SIGN_HASH(key_alg2) && PSA_ALG_SIGN_GET_HASH(key_alg2) == PSA_ALG_ANY_HASH && (alg & ~PSA_ALG_HASH_MASK) == (key_alg2 & ~PSA_ALG_HASH_MASK)) { return 1; } +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ } return 0; From ae952174a7f211238980c7cbc4afd3f92c7031d3 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 10:27:27 +0000 Subject: [PATCH 226/653] Enable early data depend on whether the early data file exist Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 69f9d5131d..ceffb2f3d5 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1967,17 +1967,13 @@ usage: #if defined(MBEDTLS_SSL_EARLY_DATA) int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; FILE *early_data_fp = NULL; - size_t early_data_len = 0; if (strlen(opt.early_data) > 0) { if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) { mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", opt.early_data); goto exit; } - early_data_len = fread(buf, 1, sizeof(buf), early_data_fp); - if (early_data_len > 0) { - early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; - } + early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; } mbedtls_ssl_conf_early_data(&conf, early_data_enabled); #endif /* MBEDTLS_SSL_EARLY_DATA */ From 69402fd6a2f9ccae6f209e3cd9dad235aab4e9cb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Dec 2023 11:32:10 +0100 Subject: [PATCH 227/653] changelog: fix typos and working Signed-off-by: Valerio Setti --- ChangeLog.d/8357.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/8357.txt b/ChangeLog.d/8357.txt index 24ba1404b6..9cae396ec5 100644 --- a/ChangeLog.d/8357.txt +++ b/ChangeLog.d/8357.txt @@ -1,8 +1,8 @@ Features * It is now possible to have AEADs support (CCM, GCM and ChaChaPoly) without MBEDTLS_CIPHER_C. This holds both for the builtin suport (MBEDTLS_CCM_C, - MBEDTLS_GCM_C and MBEDTLS_CHACHAPOLY_c) as well as the PSA one + MBEDTLS_GCM_C and MBEDTLS_CHACHAPOLY_C) as well as the PSA one (PSA_WANT_ALG_CCM, PSA_WANT_ALG_GCM, PSA_WANT_ALG_CHACHA20_POLY1305). On the PSA side this means that it is possible to enable - MBEDTLS_PSA_CRYPTO_C without MBEDTLS_CIPHER_C if any of the + MBEDTLS_PSA_CRYPTO_C without MBEDTLS_CIPHER_C if none of the non-authenticated ciphers is enabled. From 1e3fcc5692c776695b8e7190cfe17939e28499c1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Dec 2023 11:56:08 +0100 Subject: [PATCH 228/653] config-tfm: fix typo in comment Signed-off-by: Valerio Setti --- configs/config-tfm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index f6f527e006..197b80814e 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -46,7 +46,7 @@ #undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE /* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it - * does not need CIPHER_C to be enabled, so we can disabled it in order + * does not need CIPHER_C to be enabled, so we can disable it in order * to reduce code size further. */ #undef MBEDTLS_CIPHER_C From acd7bafcbbc1d97abc82551958cdba8d580e1f74 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Dec 2023 15:17:12 +0100 Subject: [PATCH 229/653] driver-only-build: update AEADs section Note: this section shouldn't actually be updated in #8357, but rather in #8358 which is the wrapup related to cipher and AEADs accelaration. As a consequence we start the AEAD section with a disclaimer explaining that the information written there will be updated soon by a follow up PR. Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 200f439413..2dcfe67975 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -245,6 +245,9 @@ Support for deterministic derivation of a DH keypair AEADs ----- +[This section might contain incomplete data and it is going to be updated in +#8358, i.e. the wrap-up task for accelerated ciphers and AEADs.] + It is possible to have all AEADs operations provided only by a driver. More precisely you can: @@ -252,15 +255,20 @@ More precisely you can: - `PSA_WANT_ALG_[CCM|GCM]` with `PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]` - `PSA_WANT_ALG_CHACHA20_POLY1305` with `PSA_WANT_KEY_TYPE_CHACHA20`; - enable `MBEDTLS_PSA_ACCEL_xxx` symbol(s) which correspond to the - `PSA_WANT_xxx` of the previous step; -- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY]_C` algorithms and - key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs which are - accelerated. + `PSA_WANT_xxx` of the previous step (both for algorithms and key types); +- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY|POLY1305]_C` + algorithms and key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs + which are accelerated. -In such a build all AEADs operations requested through the PSA Crypto API -(including those in TLS and X.509) will be performed by the provided driver. -Of course direct calls to the disabled builtin modules -(ex: `mbedtls_ccm_init()`, etc) won't be possible. +In a build in which all AEADs algorithms and related key types are accelerated +all AEADs operations requested through the PSA Crypto API (including those in +TLS and X.509) will be performed by the driver. +Moreover if no unauthenticated cipher is required, it is also possible to +disable all built-in block cipher's key types +(i.e. `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C`) and `MBEDTLS_CIPHER_C`. This +helps in further reducing code's footprint, but unfortunately it makes the +following modules unavailable: +- `MBEDTLS_PKCS[5|12]_C` +- `MBEDTLS_CTR_DRBG_C` +- `MBEDTLS_NIST_KW_C` -If no other non-authenticated cipher is required, it is also possible to -disable `MBEDTLS_CIPHER_C` in order to further reduce code's footprint. From 0354d04d3c5258df49cc7d1adcb5f9598dcb16d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 6 Dec 2023 16:14:37 +0100 Subject: [PATCH 230/653] Do not run Valgrind tests in PR jobs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Dave Rodgman Signed-off-by: Bence Szépkúti --- tests/scripts/all.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 462597ba6e..5c9b464634 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2100,7 +2100,7 @@ component_test_memsan_constant_flow_psa () { make test } -component_test_valgrind_constant_flow () { +component_release_test_valgrind_constant_flow () { # This tests both (1) everything that valgrind's memcheck usually checks # (heap buffer overflows, use of uninitialized memory, use-after-free, # etc.) and (2) branches or memory access depending on secret values, @@ -2134,7 +2134,7 @@ component_test_valgrind_constant_flow () { make memcheck } -component_test_valgrind_constant_flow_psa () { +component_release_test_valgrind_constant_flow_psa () { # This tests both (1) everything that valgrind's memcheck usually checks # (heap buffer overflows, use of uninitialized memory, use-after-free, # etc.) and (2) branches or memory access depending on secret values, @@ -5767,7 +5767,7 @@ component_test_memsan () { fi } -component_test_valgrind () { +component_release_test_valgrind () { msg "build: Release (clang)" # default config, in particular without MBEDTLS_USE_PSA_CRYPTO CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . @@ -5795,7 +5795,7 @@ component_test_valgrind () { fi } -component_test_valgrind_psa () { +component_release_test_valgrind_psa () { msg "build: Release, full (clang)" # full config, in particular with MBEDTLS_USE_PSA_CRYPTO scripts/config.py full From f482dcc6c7a6003a86a69948f1f05f4e9490967e Mon Sep 17 00:00:00 2001 From: Jan Bruckner Date: Wed, 15 Mar 2023 09:09:06 +0100 Subject: [PATCH 231/653] Comply with the received Record Size Limit extension Fixes #7010 Signed-off-by: Jan Bruckner --- include/mbedtls/ssl.h | 5 ++ library/ssl_misc.h | 18 ++++ library/ssl_tls.c | 24 ++++++ library/ssl_tls13_client.c | 11 ++- library/ssl_tls13_generic.c | 48 +++++++++-- library/ssl_tls13_server.c | 13 ++- programs/ssl/ssl_server2.c | 2 +- tests/scripts/all.sh | 7 +- tests/ssl-opt.sh | 168 ++++++++++++++++++++++++++++++++++-- 9 files changed, 263 insertions(+), 33 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 043988f255..39baa4213c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1188,6 +1188,11 @@ struct mbedtls_ssl_session { unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ +/*!< Record Size Limit for outgoing data requested by peer */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + uint16_t MBEDTLS_PRIVATE(record_size_limit); +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + unsigned char MBEDTLS_PRIVATE(exported); /** TLS version negotiated in the session. Used if and when renegotiating diff --git a/library/ssl_misc.h b/library/ssl_misc.h index eae192bacb..6b799eebd3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -439,6 +439,24 @@ size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl); size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) +/** + * \brief Return the record size limit (in bytes) for + * the output buffer. This is less than the value requested by the + * peer (using RFC 8449), since it subtracts the space required for the + * content type and padding of the TLSInnerPlaintext struct (RFC 8446). + * Returns MBEDTLS_SSL_OUT_CONTENT_LEN if no limit was requested by the peer. + * + * \sa mbedtls_ssl_get_max_out_record_payload() + * ssl_compute_internal_record_size_limit() + * + * \param ssl SSL context + * + * \return Current record size limit for the output buffer. + */ +size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl); +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) static inline size_t mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4daf2e7eec..7a8c759fa3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2455,6 +2455,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( * uint8 ticket_flags; * opaque resumption_key<0..255>; * uint32 max_early_data_size; + * uint16 record_size_limit; * select ( endpoint ) { * case client: ClientOnlyData; * case server: uint64 ticket_creation_time; @@ -2490,6 +2491,9 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_EARLY_DATA) needed += 4; /* max_early_data_size */ #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + needed += 2; /* record_size_limit */ +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_HAVE_TIME) needed += 8; /* ticket_creation_time or ticket_reception_time */ @@ -2534,6 +2538,10 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0); p += 4; #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + MBEDTLS_PUT_UINT16_BE(session->record_size_limit, p, 0); + p += 2; +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { @@ -2610,6 +2618,13 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session, session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0); p += 4; #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + if (end - p < 2) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); + p += 2; +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { @@ -3458,6 +3473,7 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; #if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ + !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && \ !defined(MBEDTLS_SSL_PROTO_DTLS) (void) ssl; #endif @@ -3470,6 +3486,14 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) } #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + const size_t record_size_limit = mbedtls_ssl_get_output_record_size_limit(ssl); + + if (max_len > record_size_limit) { + max_len = record_size_limit; + } +#endif + #if defined(MBEDTLS_SSL_PROTO_DTLS) if (mbedtls_ssl_get_current_mtu(ssl) != 0) { const size_t mtu = mbedtls_ssl_get_current_mtu(ssl); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 052df7e66e..1a246c4dfc 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2113,12 +2113,11 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_parse_record_size_limit_ext( ssl, p, p + extension_data_len); - - /* TODO: Return unconditionally here until we handle the record - * size limit correctly. Once handled correctly, only return in - * case of errors. */ - return ret; - + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET( + 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret); + return ret; + } break; #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index cc77a9438e..7c7aac80e4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1714,7 +1714,7 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit)); - /* RFC 8449, section 4 + /* RFC 8449, section 4: * * Endpoints MUST NOT send a "record_size_limit" extension with a value * smaller than 64. An endpoint MUST treat receipt of a smaller value @@ -1727,13 +1727,47 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } - MBEDTLS_SSL_DEBUG_MSG( - 2, ("record_size_limit extension is still in development. Aborting handshake.")); + ssl->session_negotiate->record_size_limit = record_size_limit; - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; + return 0; +} + +static inline size_t ssl_compute_internal_record_size_limit(size_t record_size_limit) +{ + /* RFC 8449, section 4: + * + * This value [record_size_limit] is the length of the plaintext of a protected record. + * The value includes the content type and padding added in TLS 1.3 (that is, the complete + * length of TLSInnerPlaintext). + * + * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY + * and subtract 1 (for the content type that will be added later) + */ + return ((record_size_limit / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; +} + +size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl) +{ + const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; + size_t record_size_limit = max_len; + + if (ssl->session != NULL && + ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && + ssl->session->record_size_limit < max_len) { + record_size_limit = ssl_compute_internal_record_size_limit(ssl->session->record_size_limit); + } + + // TODO: this is currently untested + /* During a handshake, use the value being negotiated */ + if (ssl->session_negotiate != NULL && + ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && + ssl->session_negotiate->record_size_limit < max_len) { + record_size_limit = ssl_compute_internal_record_size_limit( + ssl->session_negotiate->record_size_limit); + } + + return record_size_limit; } #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index bfe805f496..9e2cbbf249 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1699,14 +1699,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_parse_record_size_limit_ext( ssl, p, extension_data_end); - - /* - * TODO: Return unconditionally here until we handle the record - * size limit correctly. - * Once handled correctly, only return in case of errors. - */ - return ret; - + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET( + 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret); + return ret; + } break; #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c96128b94c..8f90345f5b 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3520,7 +3520,7 @@ handshake: mbedtls_printf(" [ Record expansion is unknown ]\n"); } -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) || defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n", (unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl)); mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n", diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 462597ba6e..27e020db92 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5709,11 +5709,8 @@ component_test_tls13_only_record_size_limit () { msg "test_suite_ssl: TLS 1.3 only, record size limit extension enabled" cd tests; ./test_suite_ssl; cd .. - msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension tests only)" - # Both the server and the client will currently abort the handshake when they encounter the - # record size limit extension. There is no way to prevent gnutls-cli from sending the extension - # which makes all G_NEXT_CLI + P_SRV tests fail. Thus, run only the tests for the this extension. - tests/ssl-opt.sh -f "Record Size Limit" + msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension enabled)" + tests/ssl-opt.sh } component_build_mingw () { diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4762285b00..427849d241 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4837,22 +4837,24 @@ run_test "Max fragment length: DTLS client, larger message" \ requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -run_test "Record Size Limit: TLS 1.3: Server-side parsing, debug output and fatal alert" \ +run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ "$P_SRV debug_level=3 force_version=tls13" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ - 1 \ + 0 \ -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ -c "Sending extension Record Size Limit/28 (2 bytes)" \ -s "ClientHello: record_size_limit(28) extension received."\ -s "found record_size_limit extension" \ -s "RecordSizeLimit: 16385 Bytes" \ - -c "Received alert \[110]: An unsupported extension was sent" + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 16384" \ + -s "bytes written in 1 fragments" requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_gnutls_next_disable_tls13_compat requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -run_test "Record Size Limit: TLS 1.3: Client-side parsing, debug output and fatal alert" \ +run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \ "$P_CLI debug_level=4 force_version=tls13" \ 0 \ @@ -4863,8 +4865,162 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing, debug output and f # -s "Sending extension Record Size Limit/28 (2 bytes)" \ # -c "EncryptedExtensions: record_size_limit(28) extension received."\ # -c "found record_size_limit extension" \ -# -c "RecordSizeLimit: 16385 Bytes" \ -# -s "Received alert \[110]: An unsupported extension was sent" +# -c "RecordSizeLimit: 16385 Bytes" + +# In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the +# maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size". +# There is currently a lower limit of 512, caused by this function not respecting the +# "%ALLOW_SMALL_RECORDS" priority string and not using the more recent function +# https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size. +# There is currently an upper limit of 4096, caused by the cli arg parser: +# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/src/cli-args.def#L395. +# Thus, these tests are currently limit to that value range. +# Moreover, the value sent in the extension is expected to be larger by one compared +# to the value passed on the cli: +# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142 +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=256" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 511" \ + -s "256 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=768" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 511" \ + -s "768 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=1280" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 511" \ + -s "1280 bytes written in 3 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=512" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 1023" \ + -s "512 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 1023" \ + -s "1536 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 1023" \ + -s "2560 bytes written in 3 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 4095" \ + -s "2048 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 4095" \ + -s "6144 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ + 0 \ + -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ + -c "Sending extension Record Size Limit/28 (2 bytes)" \ + -s "ClientHello: record_size_limit(28) extension received."\ + -s "found record_size_limit extension" \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 4095" \ + -s "10240 bytes written in 3 fragments" # Tests for renegotiation From 9aec1c71f2055c742ba854359cbc25f302224e14 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 5 Dec 2023 20:08:51 +0000 Subject: [PATCH 232/653] Add record size checking during handshake Signed-off-by: Waleed Elmelegy --- include/mbedtls/ssl.h | 2 +- library/ssl_misc.h | 4 +- library/ssl_msg.c | 12 ++-- library/ssl_tls.c | 5 +- library/ssl_tls13_generic.c | 3 +- tests/ssl-opt.sh | 111 +++++++++++++++++++++--------------- 6 files changed, 79 insertions(+), 58 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 39baa4213c..85ec7ab364 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1188,7 +1188,7 @@ struct mbedtls_ssl_session { unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -/*!< Record Size Limit for outgoing data requested by peer */ +/*!< RecordSizeLimit received by peer */ #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) uint16_t MBEDTLS_PRIVATE(record_size_limit); #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 6b799eebd3..fabb48bd8f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -441,9 +441,9 @@ size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) /** - * \brief Return the record size limit (in bytes) for + * \brief Return the RecordSizeLimit (in bytes) for * the output buffer. This is less than the value requested by the - * peer (using RFC 8449), since it subtracts the space required for the + * peer (see RFC 8449), since it subtracts the space required for the * content type and padding of the TLSInnerPlaintext struct (RFC 8446). * Returns MBEDTLS_SSL_OUT_CONTENT_LEN if no limit was requested by the peer. * diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 6579c9686d..29518c385a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -917,6 +917,7 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, #endif size_t add_data_len; size_t post_avail; + int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl); /* The SSL context is only used for debugging purposes! */ #if !defined(MBEDTLS_DEBUG_C) @@ -957,11 +958,11 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload", data, rec->data_len); - if (rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { + if (rec->data_len > (size_t) max_out_record_len) { MBEDTLS_SSL_DEBUG_MSG(1, ("Record content %" MBEDTLS_PRINTF_SIZET " too large, maximum %" MBEDTLS_PRINTF_SIZET, rec->data_len, - (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); + (size_t) max_out_record_len)); return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -2742,7 +2743,7 @@ int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_t * ... */ *buf = ssl->out_msg + 4; - *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4; + *buf_len = mbedtls_ssl_get_max_out_record_payload(ssl) - 4; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = hs_type; @@ -2779,6 +2780,7 @@ int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const size_t hs_len = ssl->out_msglen - 4; const unsigned char hs_type = ssl->out_msg[0]; + int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("=> write handshake message")); @@ -2817,12 +2819,12 @@ int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, * * Note: We deliberately do not check for the MTU or MFL here. */ - if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) { + if (ssl->out_msglen > (size_t) max_out_record_len) { MBEDTLS_SSL_DEBUG_MSG(1, ("Record too large: " "size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET, ssl->out_msglen, - (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); + (size_t) max_out_record_len)); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7a8c759fa3..419185c567 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7004,6 +7004,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) const mbedtls_x509_crt *crt; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; + int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); @@ -7048,10 +7049,10 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) while (crt != NULL) { n = crt->raw.len; - if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) { + if (n > max_out_record_len - 3 - i) { MBEDTLS_SSL_DEBUG_MSG(1, ("certificate too large, %" MBEDTLS_PRINTF_SIZET " > %" MBEDTLS_PRINTF_SIZET, - i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); + i + 3 + n, (size_t) max_out_record_len)); return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7c7aac80e4..2375021785 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1376,13 +1376,14 @@ static int ssl_tls13_write_change_cipher_spec_body(mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec")); /* Write CCS message */ MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_change_cipher_spec_body( ssl, ssl->out_msg, - ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, + ssl->out_msg + max_out_record_len, &ssl->out_msglen)); ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 427849d241..c6ae2cab7d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4837,6 +4837,7 @@ run_test "Max fragment length: DTLS client, larger message" \ requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ "$P_SRV debug_level=3 force_version=tls13" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ @@ -4854,6 +4855,7 @@ requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_gnutls_next_disable_tls13_compat requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \ "$P_CLI debug_level=4 force_version=tls13" \ @@ -4878,57 +4880,67 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ # Moreover, the value sent in the extension is expected to be larger by one compared # to the value passed on the cli: # https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142 -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=256" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ - 0 \ - -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ - -c "Sending extension Record Size Limit/28 (2 bytes)" \ - -s "ClientHello: record_size_limit(28) extension received."\ - -s "found record_size_limit extension" \ - -s "RecordSizeLimit: 513 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 511" \ - -s "256 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=768" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ - 0 \ - -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ - -c "Sending extension Record Size Limit/28 (2 bytes)" \ - -s "ClientHello: record_size_limit(28) extension received."\ - -s "found record_size_limit extension" \ - -s "RecordSizeLimit: 513 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 511" \ - -s "768 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=1280" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ - 0 \ - -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ - -c "Sending extension Record Size Limit/28 (2 bytes)" \ - -s "ClientHello: record_size_limit(28) extension received."\ - -s "found record_size_limit extension" \ - -s "RecordSizeLimit: 513 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 511" \ - -s "1280 bytes written in 3 fragments" + +# Currently test certificates being used do not fit in 513 record size limit +# so 513 record size limit tests will not pass until certificates size +# is reduced. +# TODO: use smaller certificates in during MbedTLS TLS 1.3 server testing. + +# requires_gnutls_tls1_3 +# requires_gnutls_record_size_limit +# requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +# requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +# run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \ +# "$P_SRV debug_level=3 force_version=tls13 response_size=256" \ +# "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ +# 0 \ +# -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ +# -c "Sending extension Record Size Limit/28 (2 bytes)" \ +# -s "ClientHello: record_size_limit(28) extension received."\ +# -s "found record_size_limit extension" \ +# -s "RecordSizeLimit: 513 Bytes" \ +# -s "ClientHello: record_size_limit(28) extension exists." \ +# -s "Maximum outgoing record payload length is 511" \ +# -s "256 bytes written in 1 fragments" + +# requires_gnutls_tls1_3 +# requires_gnutls_record_size_limit +# requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +# requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +# run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \ +# "$P_SRV debug_level=3 force_version=tls13 response_size=768" \ +# "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ +# 0 \ +# -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ +# -c "Sending extension Record Size Limit/28 (2 bytes)" \ +# -s "ClientHello: record_size_limit(28) extension received."\ +# -s "found record_size_limit extension" \ +# -s "RecordSizeLimit: 513 Bytes" \ +# -s "ClientHello: record_size_limit(28) extension exists." \ +# -s "Maximum outgoing record payload length is 511" \ +# -s "768 bytes written in 2 fragments" + +# requires_gnutls_tls1_3 +# requires_gnutls_record_size_limit +# requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +# requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +# run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \ +# "$P_SRV debug_level=3 force_version=tls13 response_size=1280" \ +# "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ +# 0 \ +# -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ +# -c "Sending extension Record Size Limit/28 (2 bytes)" \ +# -s "ClientHello: record_size_limit(28) extension received."\ +# -s "found record_size_limit extension" \ +# -s "RecordSizeLimit: 513 Bytes" \ +# -s "ClientHello: record_size_limit(28) extension exists." \ +# -s "Maximum outgoing record payload length is 511" \ +# -s "1280 bytes written in 3 fragments" requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \ "$P_SRV debug_level=3 force_version=tls13 response_size=512" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ @@ -4945,6 +4957,7 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \ "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ @@ -4961,6 +4974,7 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \ "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ @@ -4977,6 +4991,7 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \ "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ @@ -4993,6 +5008,7 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \ "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ @@ -5009,6 +5025,7 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \ "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ From 202bb71dcd3c6da9e273fbf21c7145bf5970f851 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Dec 2023 17:05:24 +0100 Subject: [PATCH 233/653] ssl_tls12_server: do not export/import opaque keys Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 56 ++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 23 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index f9ce7a6b64..923b093af9 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2635,31 +2635,41 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); - /* Now export and then re-import the same key with proper flags - * and algorithm. We also set key's type and bits that we just got - * above. */ - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); - psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); + if (pk_type == MBEDTLS_PK_OPAQUE) { + /* Opaque key is created by the user (externally from Mbed TLS) + * so we assume it already has the right algorithm and flags + * set. Just copy its ID as reference. */ + ssl->handshake->xxdh_psa_privkey = pk->priv_id; + ssl->handshake->xxdh_psa_privkey_is_external = 1; + } else { + /* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK + * module and only have ECDSA capabilities. Since we need + * them for ECDH later, we export and then re-import them with + * proper flags and algorithm. Of course We also set key's type + * and bits that we just got above. */ + key_attributes = psa_key_attributes_init(); + psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); + psa_set_key_type(&key_attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); + psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); - status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - status = psa_import_key(&key_attributes, buf, key_len, - &ssl->handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } + status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len); + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto exit; + } + status = psa_import_key(&key_attributes, buf, key_len, + &ssl->handshake->xxdh_psa_privkey); + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto exit; + } - /* Set this key as owned by the TLS library: it will be its duty - * to clear it exit. */ - ssl->handshake->xxdh_psa_privkey_is_external = 0; + /* Set this key as owned by the TLS library: it will be its duty + * to clear it exit. */ + ssl->handshake->xxdh_psa_privkey_is_external = 0; + } ret = 0; break; From 4749007f6488dfcc7b78649e510f725c28ae3fd2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 6 Dec 2023 17:22:53 +0000 Subject: [PATCH 234/653] Fix possible integer overflows before widening When calculating a result to go into an mbedtls_ms_time_t, make sure that arithmetic is performed at the final size to prevent overflow. Signed-off-by: David Horstmann --- library/ssl_client.c | 3 ++- library/ssl_ticket.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 55fe352fe4..270db41683 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -753,7 +753,8 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) session_negotiate->ticket != NULL) { mbedtls_ms_time_t now = mbedtls_ms_time(); mbedtls_ms_time_t age = now - session_negotiate->ticket_reception_time; - if (age < 0 || age > session_negotiate->ticket_lifetime * 1000) { + if (age < 0 || + age > (mbedtls_ms_time_t) session_negotiate->ticket_lifetime * 1000) { /* Without valid ticket, disable session resumption.*/ MBEDTLS_SSL_DEBUG_MSG( 3, ("Ticket expired, disable session resumption")); diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 8e7c145bc7..cd730fb312 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -510,7 +510,8 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, } #endif - mbedtls_ms_time_t ticket_lifetime = ctx->ticket_lifetime * 1000; + mbedtls_ms_time_t ticket_lifetime = + (mbedtls_ms_time_t) ctx->ticket_lifetime * 1000; if (ticket_age < 0 || ticket_age > ticket_lifetime) { ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; From e705f572f927fa69297b2aaed8b9061d8988c955 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 6 Dec 2023 16:38:15 +0800 Subject: [PATCH 235/653] Add components to test crypto_full w/wo accelerated RSA Signed-off-by: Pengyu Lv --- tests/scripts/all.sh | 75 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 462597ba6e..f40253fa48 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3434,6 +3434,81 @@ component_test_psa_crypto_config_accel_rsa_signature () { make test } +config_psa_crypto_accel_rsa () { + driver_only=$1 + + # Start from crypto_full config (no X.509, no TLS) + helper_libtestdriver1_adjust_config "crypto_full" + + if [ "$driver_only" -eq 1 ]; then + # Remove RSA support and its dependencies + scripts/config.py unset MBEDTLS_RSA_C + scripts/config.py unset MBEDTLS_PKCS1_V15 + scripts/config.py unset MBEDTLS_PKCS1_V21 + + # We need PEM parsing in the test library as well to support the import + # of PEM encoded RSA keys. + scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C + scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C + fi +} + +component_test_psa_crypto_config_accel_rsa_crypto () { + msg "build: crypto_full with accelerated RSA" + + loc_accel_list="ALG_RSA_OAEP ALG_RSA_PSS \ + ALG_RSA_PKCS1V15_CRYPT ALG_RSA_PKCS1V15_SIGN \ + KEY_TYPE_RSA_PUBLIC_KEY \ + KEY_TYPE_RSA_KEY_PAIR_BASIC \ + KEY_TYPE_RSA_KEY_PAIR_GENERATE \ + KEY_TYPE_RSA_KEY_PAIR_IMPORT \ + KEY_TYPE_RSA_KEY_PAIR_EXPORT" + + # Configure + # --------- + + config_psa_crypto_accel_rsa 1 + + # Build + # ----- + + # These hashes are needed for unit tests. + loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512 ALG_MD5" + helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" + + helper_libtestdriver1_make_main "$loc_accel_list" + + # Make sure this was not re-enabled by accident (additive config) + not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o + not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o + not grep mbedtls_rsa_rsaes_pkcs1_v15_encrypt library/rsa.o + not grep mbedtls_rsa_rsaes_oaep_encrypt library/rsa.o + + # Run the tests + # ------------- + + msg "test: crypto_full with accelerated RSA" + make test +} + +component_test_psa_crypto_config_reference_rsa_crypto () { + msg "build: crypto_full with non-accelerated RSA" + + # Configure + # --------- + config_psa_crypto_accel_rsa 0 + + # Build + # ----- + make + + # Run the tests + # ------------- + msg "test: crypto_full with non-accelerated RSA" + make test +} + # This is a temporary test to verify that full RSA support is present even when # only one single new symbols (PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) is defined. component_test_new_psa_want_key_pair_symbol() { From f1cacad87090a7166cf5fb4fcc96f2ffc0b59ea2 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 6 Dec 2023 16:52:48 +0800 Subject: [PATCH 236/653] Correctly use asymmetric encrypt/decrypt driver Signed-off-by: Pengyu Lv --- tests/src/drivers/test_driver_asymmetric_encryption.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c index c906a664a3..ff46387d58 100644 --- a/tests/src/drivers/test_driver_asymmetric_encryption.c +++ b/tests/src/drivers/test_driver_asymmetric_encryption.c @@ -46,8 +46,7 @@ psa_status_t mbedtls_test_transparent_asymmetric_encrypt( return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; } -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) return libtestdriver1_mbedtls_psa_asymmetric_encrypt( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, @@ -88,8 +87,7 @@ psa_status_t mbedtls_test_transparent_asymmetric_decrypt( return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; } -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) return libtestdriver1_mbedtls_psa_asymmetric_decrypt( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, From 9e976f36493881a270683cdc02fec33105cfc207 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 6 Dec 2023 16:58:05 +0800 Subject: [PATCH 237/653] Conditionally check the attribute of generated RSA key `psa_get_key_attributes` depends on some built-in implementation of RSA. Guard the check with coresponding macros. Signed-off-by: Pengyu Lv --- tests/suites/test_suite_psa_crypto.data | 2 +- tests/suites/test_suite_psa_crypto.function | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index e239a44528..1bd8b65002 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7342,7 +7342,7 @@ PSA generate key: RSA, e=1 generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: RSA, e=2 -generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"02":PSA_ERROR_INVALID_ARGUMENT PSA generate key: FFDH, 2048 bits, good depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index a510f8e01a..154d4150a4 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9685,6 +9685,9 @@ void generate_key_rsa(int bits_arg, } /* Test the key information */ +#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) PSA_ASSERT(psa_get_key_attributes(key, &attributes)); TEST_EQUAL(psa_get_key_type(&attributes), type); TEST_EQUAL(psa_get_key_bits(&attributes), bits); @@ -9696,6 +9699,10 @@ void generate_key_rsa(int bits_arg, } else { TEST_MEMORY_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len); } +#else + (void) e_read_length; + (void) is_default_public_exponent; +#endif /* Do something with the key according to its type and permitted usage. */ if (!mbedtls_test_psa_exercise_key(key, usage, alg)) { From 3cd16c47bd3397085dcdf9d05d98d752701a956e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 6 Dec 2023 18:17:39 +0800 Subject: [PATCH 238/653] Add analyze_driver_vs_reference_rsa for analyze_outcomes Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 32 +++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index ca349d38e9..5e3f469c59 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -501,6 +501,38 @@ KNOWN_TASKS = { ], } } + }, + 'analyze_driver_vs_reference_rsa': { + 'test_function': do_analyze_driver_vs_reference, + 'args': { + 'component_ref': 'test_psa_crypto_config_reference_rsa_crypto', + 'component_driver': 'test_psa_crypto_config_accel_rsa_crypto', + 'ignored_suites': [ + # Modules replaced by drivers. + 'rsa', 'pkcs1_v15', 'pkcs1_v21', + # We temporarily don't care about PK staff. + 'pk', 'pkwrite', 'pkparse' + ], + 'ignored_tests': { + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], + # Following tests depend on RSA_C but are not about + # them really, just need to know some error code is there. + 'test_suite_error': [ + 'Low and high error', + 'Single high error' + ], + # Constant time operations only used for PKCS1_V15 + 'test_suite_constant_time': [ + re.compile(r'mbedtls_ct_zeroize_if .*'), + re.compile(r'mbedtls_ct_memmove_left .*') + ], + } + } } } From 57db59058635e620fdda31b5bd20e99eb5fb81df Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 03:29:22 +0000 Subject: [PATCH 239/653] Rework to revert the early_data enabled flag We have two options for early data. early_data to indicate early data enable or not. early_data_file to provide path file to read early data from Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 44 ++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ceffb2f3d5..02004c3f70 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -52,6 +52,7 @@ int main(void) #define DFL_KEY_OPAQUE 0 #define DFL_KEY_PWD "" #define DFL_PSK "" +#define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED #define DFL_EARLY_DATA_FILE "" #define DFL_PSK_OPAQUE 0 #define DFL_PSK_IDENTITY "Client_identity" @@ -347,9 +348,11 @@ int main(void) #if defined(MBEDTLS_SSL_EARLY_DATA) #define USAGE_EARLY_DATA \ - " early_data=%%s The file path to read early data from\n" \ - " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " early_data=%%d default: 0 (disabled)\n" \ + " options: 0 (disabled), 1 (enabled)\n" \ + " early_data_file=%%s The file path to read early data from\n" \ + " default: \"\" (do nothing)\n" \ + " option: a file path\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -544,8 +547,8 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ #if defined(MBEDTLS_SSL_EARLY_DATA) - const char *early_data; /* the path of the file containing the - * early data to send */ + int early_data; /* support for early data */ + const char *early_data_file; /* the path of the file to read early data from */ #endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ @@ -743,6 +746,10 @@ int main(int argc, char *argv[]) size_t cid_renego_len = 0; #endif +#if defined(MBEDTLS_SSL_EARLY_DATA) + FILE *early_data_fp = NULL; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -914,7 +921,8 @@ int main(int argc, char *argv[]) opt.groups = DFL_GROUPS; opt.sig_algs = DFL_SIG_ALGS; #if defined(MBEDTLS_SSL_EARLY_DATA) - opt.early_data = DFL_EARLY_DATA_FILE; + opt.early_data = DFL_EARLY_DATA; + opt.early_data_file = DFL_EARLY_DATA_FILE; #endif opt.transport = DFL_TRANSPORT; opt.hs_to_min = DFL_HS_TO_MIN; @@ -1198,7 +1206,17 @@ usage: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "early_data") == 0) { - opt.early_data = q; + switch (atoi(q)) { + case 0: + opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + case 1: + opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + break; + default: goto usage; + } + } else if (strcmp(p, "early_data_file") == 0) { + opt.early_data_file = q; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1965,17 +1983,7 @@ usage: } #if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; - FILE *early_data_fp = NULL; - if (strlen(opt.early_data) > 0) { - if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) { - mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", - opt.early_data); - goto exit; - } - early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; - } - mbedtls_ssl_conf_early_data(&conf, early_data_enabled); + mbedtls_ssl_conf_early_data(&conf, opt.early_data); #endif /* MBEDTLS_SSL_EARLY_DATA */ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { From 2a8035b49506a888bd4edc1891a27b51c920105f Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 03:54:40 +0000 Subject: [PATCH 240/653] Add read early data code Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 02004c3f70..85ba831f4f 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3007,6 +3007,22 @@ reconnect: (unsigned int) -ret); goto exit; } +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (opt.early_data == MBEDTLS_SSL_EARLY_DATA_ENABLED + && strlen(opt.early_data) > 0) { + if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { + mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", + opt.early_data); + goto exit; + } + + /* TODO: read the early data from early_data_fp in chunks, and call + * mbedtls_ssl_write_early_data() to initial the handshake and send + * out the early data. Then finish the handshake. + */ + + } +#endif while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && From dd8a7f8acfe8997e3b6d37bbdefc88ce8ac145db Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 03:58:05 +0000 Subject: [PATCH 241/653] Revert the early data test case Signed-off-by: Xiaokang Qian --- tests/opt-testcases/tls13-misc.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index cf8aa745af..f03a386a04 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -263,7 +263,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ --earlydata --maxearlydata 16384 --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ 0 \ -c "received max_early_data_size: 16384" \ -c "Reconnecting with saved session" \ @@ -287,7 +287,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ 0 \ -c "Reconnecting with saved session" \ -C "NewSessionTicket: early_data(42) extension received." \ From 35c026c09eb5cf91b070ca7d34ca298a72986464 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 06:10:34 +0000 Subject: [PATCH 242/653] Read early data file Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 85ba831f4f..cdc43522bc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3007,21 +3007,24 @@ reconnect: (unsigned int) -ret); goto exit; } -#if defined(MBEDTLS_SSL_EARLY_DATA) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA) if (opt.early_data == MBEDTLS_SSL_EARLY_DATA_ENABLED - && strlen(opt.early_data) > 0) { + && strlen(opt.early_data_file) > 0) { if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", - opt.early_data); + opt.early_data_file); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto exit; } + mbedtls_printf("Read early data successfully..."); + /* TODO: read the early data from early_data_fp in chunks, and call * mbedtls_ssl_write_early_data() to initial the handshake and send * out the early data. Then finish the handshake. */ - } + } else #endif while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { From 864c62a906b4df17e1db10156ca225067c530229 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 06:11:38 +0000 Subject: [PATCH 243/653] Add one test case with early_data_file Signed-off-by: Xiaokang Qian --- tests/opt-testcases/tls13-misc.sh | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index f03a386a04..a98cfa05ad 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -295,6 +295,32 @@ run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ -C "EncryptedExtensions: early_data(42) extension received." \ -C "EncryptedExtensions: early_data(42) extension exists." +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_EARLY_DATA +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "TLS 1.3 m->G: EarlyData: write early data, fallback, good" \ + "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ + --earlydata --maxearlydata 16384 --disable-client-cert" \ + "$P_CLI debug_level=4 early_data=1 early_data_file=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ + 0 \ + -c "received max_early_data_size: 16384" \ + -c "Reconnecting with saved session" \ + -c "Read early data successfully..." \ + -c "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension exists." \ + -c "EncryptedExtensions: early_data(42) extension received." \ + -c "EncryptedExtensions: early_data(42) extension exists." \ + -c "<= write EndOfEarlyData" \ + -s "Parsing extension 'Early Data/42' (0 bytes)" \ + -s "Sending extension Early Data/42 (0 bytes)" \ + -s "END OF EARLY DATA (5) was received." \ + -s "early data accepted" + #TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked. skip_next_test requires_openssl_tls1_3 From daddfb520d5b9113b5c73dc10c435817abe2287b Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 08:14:30 +0000 Subject: [PATCH 244/653] Open the file once read in the file path Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cdc43522bc..dfae74549a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1217,6 +1217,12 @@ usage: } } else if (strcmp(p, "early_data_file") == 0) { opt.early_data_file = q; + if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { + mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", + opt.early_data_file); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto exit; + } } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -3007,25 +3013,6 @@ reconnect: (unsigned int) -ret); goto exit; } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA) - if (opt.early_data == MBEDTLS_SSL_EARLY_DATA_ENABLED - && strlen(opt.early_data_file) > 0) { - if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { - mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", - opt.early_data_file); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto exit; - } - - mbedtls_printf("Read early data successfully..."); - - /* TODO: read the early data from early_data_fp in chunks, and call - * mbedtls_ssl_write_early_data() to initial the handshake and send - * out the early data. Then finish the handshake. - */ - - } else -#endif while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && From 963468035dc857c121899f1f83856b3c0b96ae82 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 09:19:43 +0000 Subject: [PATCH 245/653] Add the test framework of early data Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index dfae74549a..c15a75dcf4 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -34,6 +34,10 @@ int main(void) #define MAX_REQUEST_SIZE 20000 #define MAX_REQUEST_SIZE_STR "20000" + +/* the max record size of TLS 1.3 is 2^14 */ +#define MAX_EARLY_DATA_CHUNK_SIZE 16384 + #define DFL_SERVER_NAME "localhost" #define DFL_SERVER_ADDR NULL #define DFL_SERVER_PORT "4433" @@ -721,6 +725,29 @@ exit: return ret; } +#if defined(MBEDTLS_SSL_EARLY_DATA) +int ssl_write_early_data(mbedtls_ssl_context *ssl, FILE *fp, + int *early_data_written) +{ + + /* TODO: Will add code of calling mbedtls_ssl_write_early_data() + * to write real early data. + */ + unsigned char early_data_buf[MAX_EARLY_DATA_CHUNK_SIZE]; + unsigned char *p_early_data_start = &early_data_buf[0]; + unsigned char *p_early_data_end = p_early_data_start + + MAX_EARLY_DATA_CHUNK_SIZE; + ((void) fp); + ((void) early_data_buf); + ((void) p_early_data_start); + ((void) p_early_data_end); + ((void) early_data_written); + + return mbedtls_ssl_handshake(ssl); + +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + int main(int argc, char *argv[]) { int ret = 0, len, tail_len, i, written, frags, retry_left; @@ -3014,7 +3041,14 @@ reconnect: goto exit; } +#if defined(MBEDTLS_SSL_EARLY_DATA) + + int early_data_written = 0; + while ((ret = ssl_write_early_data(&ssl, early_data_fp, + &early_data_written)) != 0) { +#else while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { +#endif if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { From dce183f2e2eae9e1910f2d1316a62dbcb2e46946 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 09:22:38 +0000 Subject: [PATCH 246/653] Remove the duplicate cases and add early_data_file option Signed-off-by: Xiaokang Qian --- tests/opt-testcases/tls13-misc.sh | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index a98cfa05ad..2fe81141c6 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -263,7 +263,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ --earlydata --maxearlydata 16384 --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ + "$P_CLI debug_level=4 early_data=1 early_data_file=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ 0 \ -c "received max_early_data_size: 16384" \ -c "Reconnecting with saved session" \ @@ -295,32 +295,6 @@ run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ -C "EncryptedExtensions: early_data(42) extension received." \ -C "EncryptedExtensions: early_data(42) extension exists." -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_EARLY_DATA -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: EarlyData: write early data, fallback, good" \ - "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ - --earlydata --maxearlydata 16384 --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 early_data_file=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ - 0 \ - -c "received max_early_data_size: 16384" \ - -c "Reconnecting with saved session" \ - -c "Read early data successfully..." \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "EncryptedExtensions: early_data(42) extension exists." \ - -c "<= write EndOfEarlyData" \ - -s "Parsing extension 'Early Data/42' (0 bytes)" \ - -s "Sending extension Early Data/42 (0 bytes)" \ - -s "END OF EARLY DATA (5) was received." \ - -s "early data accepted" - #TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked. skip_next_test requires_openssl_tls1_3 From 98a90c6542e4e8c7063e2c4918f24864288c0c20 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 7 Dec 2023 17:23:25 +0800 Subject: [PATCH 247/653] Fix various issue Signed-off-by: Pengyu Lv --- tests/scripts/all.sh | 5 +---- tests/scripts/analyze_outcomes.py | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f40253fa48..a98a04d779 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3480,10 +3480,7 @@ component_test_psa_crypto_config_accel_rsa_crypto () { helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o - not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o - not grep mbedtls_rsa_rsaes_pkcs1_v15_encrypt library/rsa.o - not grep mbedtls_rsa_rsaes_oaep_encrypt library/rsa.o + not grep mbedtls_rsa library/rsa.o # Run the tests # ------------- diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 5e3f469c59..d3ea8c0e1a 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -510,7 +510,7 @@ KNOWN_TASKS = { 'ignored_suites': [ # Modules replaced by drivers. 'rsa', 'pkcs1_v15', 'pkcs1_v21', - # We temporarily don't care about PK staff. + # We temporarily don't care about PK stuff. 'pk', 'pkwrite', 'pkparse' ], 'ignored_tests': { From abeca020d8a7004719b6a39bfe6a40ee0803c385 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 7 Dec 2023 17:25:15 +0800 Subject: [PATCH 248/653] Remove test_psa_crypto_config_accel_rsa_signature Signed-off-by: Pengyu Lv --- tests/scripts/all.sh | 74 -------------------------------------------- 1 file changed, 74 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a98a04d779..4281557fac 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3360,80 +3360,6 @@ component_test_psa_ecc_key_pair_no_generate() { build_and_test_psa_want_key_pair_partial "ECC" "GENERATE" } -component_test_psa_crypto_config_accel_rsa_signature () { - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" - - loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" - - # Configure - # --------- - - # Start from default config (no TLS 1.3, no USE_PSA) - helper_libtestdriver1_adjust_config "default" - - # It seems it is not possible to remove only the support for RSA signature - # in the library. Thus we have to remove all RSA support (signature and - # encryption/decryption). AS there is no driver support for asymmetric - # encryption/decryption so far remove RSA encryption/decryption from the - # application algorithm list. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT - - # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - - # Make sure both the library and the test library support the SHA hash - # algorithms and only those ones (SHA256 is included by default). That way: - # - the test library can compute the RSA signatures even in the case of a - # composite RSA signature algorithm based on a SHA hash (no other hash - # used in the unit tests). - # - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is - # fulfilled as the hash SHA algorithm is supported by the library, and - # thus the tests are run, not skipped. - # - when testing a signature key with an algorithm wildcard built from - # PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash - # algorithm based on the hashes supported by the library is also - # supported by the test library. - # Disable unwanted hashes here, we'll enable hashes we want in loc_extra_list. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160_C - scripts/config.py unset MBEDTLS_MD5_C - scripts/config.py unset MBEDTLS_RIPEMD160_C - - # We need PEM parsing in the test library as well to support the import - # of PEM encoded RSA keys. - scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C - scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C - - # Build - # ----- - - # These hashes are needed for some RSA-PSS signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o - not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o - - # Run the tests - # ------------- - - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" - make test -} - config_psa_crypto_accel_rsa () { driver_only=$1 From 303121eb1682f3e4e18f2a7d9578c21a53f17f2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 7 Dec 2023 12:05:07 +0100 Subject: [PATCH 249/653] Fix a typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/architecture/psa-migration/md-cipher-dispatch.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index a4c8fccf0f..f165b21e07 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -351,7 +351,7 @@ This excludes things like: ### Dual-dispatch for block cipher primitives -Considering the priorities stated above, initially we want to support GCM, CCM and CTR-DRBG. All trhee of them use the block cipher primitive only in the encrypt direction. Currently, GCM and CCM use the Cipher layer in order to work with AES, Aria and Camellia (DES is excluded by the standards due to its smaller block size) and CTR-DRBG directly uses the low-level API from `aes.h`. In all cases, access to the "block cipher primitive" is done by using "ECB mode" (which for both Cipher and `aes.h` only allows a single block, contrary to PSA which implements actual ECB mode). +Considering the priorities stated above, initially we want to support GCM, CCM and CTR-DRBG. All three of them use the block cipher primitive only in the encrypt direction. Currently, GCM and CCM use the Cipher layer in order to work with AES, Aria and Camellia (DES is excluded by the standards due to its smaller block size) and CTR-DRBG directly uses the low-level API from `aes.h`. In all cases, access to the "block cipher primitive" is done by using "ECB mode" (which for both Cipher and `aes.h` only allows a single block, contrary to PSA which implements actual ECB mode). The two AEAD modes, GCM and CCM, have very similar needs and positions in the stack, strongly suggesting using the same design for both. On the other hand, there are a number of differences between CTR-DRBG and them. - CTR-DRBG only uses AES (and there is no plan to extend it to other block ciphers at the moment), while GCM and CCM need to work with 3 block ciphers already. From 9f06681cb4d44ea31d9200909dd075f80729d91f Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 7 Dec 2023 11:02:48 +0000 Subject: [PATCH 250/653] Update psa-thread-safety.md Signed-off-by: Ryan Everett --- docs/architecture/psa-thread-safety.md | 34 ++++++++++++-------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/docs/architecture/psa-thread-safety.md b/docs/architecture/psa-thread-safety.md index 0d03e324d5..79881a624a 100644 --- a/docs/architecture/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety.md @@ -281,28 +281,24 @@ Note that a thread must hold the global mutex when it reads or changes a slot's #### Slot states -For concurrency purposes, a slot can be in one of three states: +For concurrency purposes, a slot can be in one of four states: -* UNUSED: no thread is currently accessing the slot. It may be occupied by a volatile key or a cached key. -* WRITING: a thread has exclusive access to the slot. This can only happen in specific circumstances as detailed below. -* READING: any thread may read from the slot. +* EMPTY: no thread is currently accessing the slot, and no information is stored in the slot. +* FILLING: one thread is currently loading or creating material to fill the slot, this thread is responsible for the next state transition. +* FULL: the slot contains a key, and any thread is able to use the key after registering as a reader. +* PENDING_DELETION: the key within the slot has been destroyed or marked for destruction, but at least one thread is still registered as a reader. No thread can register to read this slot. The slot must not be wiped until the last reader de-registers, wiping the slot by calling `psa_wipe_key_slot`. -A high-level view of state transitions: +To change `slot` to state `new_state`, a function must call `psa_slot_state_transition(slot, new_state)`. -* `psa_get_empty_key_slot`: UNUSED → WRITING. -* `psa_get_and_lock_key_slot_in_memory`: UNUSED or READING → READING. This function only accepts slots in the UNUSED or READING state. A slot with the correct id but in the WRITING state is considered free. -* `psa_unlock_key_slot`: READING → UNUSED or READING. -* `psa_finish_key_creation`: WRITING → READING. -* `psa_fail_key_creation`: WRITING → UNUSED. -* `psa_wipe_key_slot`: any → UNUSED. If the slot is READING or WRITING on entry, this function must wait until the writer or all readers have finished. (By the way, the WRITING state is possible if `mbedtls_psa_crypto_free` is called while a key creation is in progress.) See [“Destruction of a key in use”](#destruction-of-a-key-in-use). +A counter field within each slot keeps track of how many readers have registered. Library functions must call `psa_register_read` before reading the key data witin a slot, and `psa_unregister_read` after they have finished operating. -The current `state->lock_count` corresponds to the difference between UNUSED and READING: a slot is in use iff its lock count is nonzero, so `lock_count == 0` corresponds to UNUSED and `lock_count != 0` corresponds to READING. +Library functions which operate on a slot will return `PSA_ERROR_BAD_STATE` if the slot is in an inappropriate state for the function at the linearization point. -There is currently no indication of when a slot is in the WRITING state. This only happens between a call to `psa_start_key_creation` and a call to one of `psa_finish_key_creation` or `psa_fail_key_creation`. This new state can be conveyed by a new boolean flag, or by setting `lock_count` to `~0`. +A state transition diagram can be found in docs/architecture/psa-thread-safety/key-slot-state-transitions.jpg. In this diagram, an arrow between two states `q1` and `q2` with label `f` indicates that if the state of a slot is `q1` immediately before `f`'s linearization point, it may be `q2` immediately after `f`'s linearization point. This means that the linearization point of a state changing call to a function must be a call to `psa_slot_state_transition`. #### Destruction of a key in use -Problem: In [Key destruction long-term requirements](#key-destruction-long-term-requirements) we require that the key slot is destroyed (by `psa_wipe_key_slot`) even while it's in use (READING or WRITING). +Problem: In [Key destruction long-term requirements](#key-destruction-long-term-requirements) we require that the key slot is destroyed (by `psa_wipe_key_slot`) even while it's in use (FILLING or with at least one reader). How do we ensure that? This needs something more sophisticated than mutexes (concurrency number >2)! Even a per-slot mutex isn't enough (we'd need a reader-writer lock). @@ -310,11 +306,11 @@ Solution: after some team discussion, we've decided to rely on a new threading a ##### Mutex only -When calling `psa_wipe_key_slot` it is the callers responsibility to set the slot state to WRITING first. For most functions this is a clean UNUSED -> WRITING transition: psa_get_empty_key_slot, psa_get_and_lock_key_slot, psa_close_key, psa_purge_key. +When calling `psa_wipe_key_slot` it is the callers responsibility to set the slot state to PENDING_DELETION first. For most functions this is a clean {FULL, !has_readers} -> PENDING_DELETION transition: psa_get_empty_key_slot, psa_get_and_lock_key_slot, psa_close_key, psa_purge_key. `psa_wipe_all_key_slots` is only called from `mbedtls_psa_crypto_free`, here we will need to return an error as we won't be able to free the key store if a key is in use without compromising the state of the secure side. This is acceptable as an untrusted application cannot call `mbedtls_psa_crypto_free` in a crypto service. In a service integration, `mbedtls_psa_crypto_free` on the client cuts the communication with the crypto service. Also, this is the current behaviour. -`psa_destroy_key` marks the slot as deleted, deletes persistent keys and opaque keys and returns. This only works if drivers are protected by a mutex (and the persistent storage as well if needed). When the last reading operation finishes, it wipes the key slot. This will free the key ID, but the slot might be still in use. In case of volatile keys freeing up the ID while the slot is still in use does not provide any benefit and we don't need to do it. +`psa_destroy_key` marks the slot as deleted, deletes persistent keys and opaque keys and returns. This only works if drivers are protected by a mutex (and the persistent storage as well if needed).`psa_destroy_key` transfers to PENDING_DELETION as an intermediate state, then, when the last reading operation finishes, it wipes the key slot. This will free the key ID, but the slot might be still in use. In case of volatile keys freeing up the ID while the slot is still in use does not provide any benefit and we don't need to do it. These are serious limitations, but this can be implemented with mutexes only and arguably satisfies the [Key destruction short-term requirements](#key-destruction-short-term-requirements). @@ -329,9 +325,9 @@ We can't reuse the `lock_count` field to mark key slots deleted, as we still nee #### Condition variables -Clean UNUSED -> WRITING transition works as before. +Clean UNUSED -> PENDING_DELETION transition works as before. -`psa_wipe_all_key_slots` and `psa_destroy_key` mark the slot as deleted and go to sleep until the slot state becomes UNUSED. When waking up, they wipe the slot, and return. +`psa_wipe_all_key_slots` and `psa_destroy_key` mark the slot as deleted and go to sleep until the slot has no registered readers. When waking up, they wipe the slot, and return. If the slot is already marked as deleted the threads calling `psa_wipe_all_key_slots` and `psa_destroy_key` go to sleep until the deletion completes. To satisfy [Key destruction long-term requirements](#key-destruction-long-term-requirements) none of the threads may return from the call until the slot is deleted completely. This can be achieved by signalling them when the slot has already been wiped and ready for use, that is not marked for deletion anymore. To handle spurious wake-ups, these threads need to be able to tell whether the slot was already deleted. This is not trivial, because by the time the thread wakes up, theoretically the slot might be in any state. It might have been reused and maybe even marked for deletion again. @@ -354,7 +350,7 @@ Alternatively, protecting operation contexts can be left as the responsibility o #### Drivers -Each driver that hasn’t got the "thread_safe” property set has a dedicated mutex. +Each driver that hasn’t got the "thread_safe” property set has a dedicated mutex. Implementing "thread_safe” drivers depends on the condition variable protection in the key store, as we must guarantee that the core never starts the destruction of a key while there are operations in progress on it. From 1e9733c6a8d2505218801dd415065fdf34a8aa7c Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 7 Dec 2023 11:03:14 +0000 Subject: [PATCH 251/653] Add graph Signed-off-by: Ryan Everett --- .../key-slot-state-transitions.drawio | 183 ++++++++++++++++++ .../key-slot-state-transitions.jpg | Bin 0 -> 46583 bytes 2 files changed, 183 insertions(+) create mode 100644 docs/architecture/psa-thread-safety/key-slot-state-transitions.drawio create mode 100644 docs/architecture/psa-thread-safety/key-slot-state-transitions.jpg diff --git a/docs/architecture/psa-thread-safety/key-slot-state-transitions.drawio b/docs/architecture/psa-thread-safety/key-slot-state-transitions.drawio new file mode 100644 index 0000000000..5da2a7fcc9 --- /dev/null +++ b/docs/architecture/psa-thread-safety/key-slot-state-transitions.drawio @@ -0,0 +1,183 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/architecture/psa-thread-safety/key-slot-state-transitions.jpg b/docs/architecture/psa-thread-safety/key-slot-state-transitions.jpg new file mode 100644 index 0000000000000000000000000000000000000000..ebfadcb4963d39f59cc3f21d30a21a62ce1676c0 GIT binary patch literal 46583 zcmeFZ2UL^mwl4fZC{jc3BubYmU8D-qM5HKPKm?=-5d{g-dj|o5B}nfAA~p101VlPW zs0o5}5~M_FH|~AbI(zMN_8n`V@sB&kKkj`qNXXan&9}_?%xBK|U3|G%254?;Xlnoj z1OPyQe*qVBfEoZI{MCNFgYb=rgy>hhL_$JLLUxIqoa_=A8961GlAMB?f{cucmWmoo zLqkhLPDw{kM?;VQpXS#^2!5RjBD#b>k%oed0>Aa&Y!@8>?InV4f=v(sEkH<10HP(h z=mDVk`y?j#TLb>15fFlih)GB4~aPOBPp<&?>kx|h}$*)sV(|&uCo|j)xSX5k6 z`mVaBwyqx0(Ad<~-P7CG|8Zb&d}4BHdgjY45`|v*y1MplePa{5|NY?b=ot6o=P$Vk z0MOsX!oUAruz!*Z-w6bSMEEWx{UsLxp%?xSL`y_`MVy50rU9vqJ3W^~&?N@d#N4V* zGHyvj4CA9`W8_RcQYc>RFVX%c*dckE{?W%h^YXI17%dDossn{99I24w{=8!Bl|kIa~jc=>?FViZi+Z!csFY zfc_G~@S2kcr^Ed(3U5#NbRYQU&+R`I zK<>|sJ5++=()T@E;+|xkqeMmM|)@B0tJ#gL~KB=`-zF8`(~QC zeRh|1q}RFSVzYyjJIuvq)w(UgWBPc9)~8OeJ>5goPm?1l=)hA}WMvot?1zv^A9~F%sf(cD= z34K{q)3tu)-*3g3A|~=Jyzl1NwV%*gAX73!ZaerGA-4nl-b1_}=0GB_8GY#q-Pxg8 z;@G1^#)7mq&e1(jd5>n}Yf`VeKIf^F7rZxld+qwJ0BA&dZw`tQjmmd=d7vE-U|+f5 zOtYS>=~+Cd`EKsZYn`%>JWWmEl7s_XeXC{UVV7QIQ6@VwH5Zu4X!46bBA9u3tSS83~9CtR8crzIeHb}-BUehjngx>kk6!7Zyc{psZ*cY ztrI#qnX_^Ien;d8J;tJhg)HoQhh4f%*yKNz#S+tJ?v`1(QGv3ix&Z85B)5?5k$dIk z_inXUwbj&~NO#wD-nH5x`6~L}0U=%^B&Sau^53l--~tG*I!jevUu|OyK-m`uU^f9} zRC$1X!cRF^m^IGKY3cN3AQc3#thF>R=Lj6C%x}Q(D->!VfI(-I~mqIw(8Qqx&?``5f|vl)_LtLY8W1{-}clnme8b6^rX^p*D3aVuw1JH!BL#O)1WI zbsCM_u2^`tdD)BaAp!ZVfJ^X*&Ma;$q;=Uv$JNN!I)JIP#C#LkSQ|dQCa)!;X7R)L zStFRS)*_^lAX$)PEr*=$l&={}8r6=vK6$EMfwRzWby41l6Y54bY1_UNDTqBf_o%ku z*?c-@Js=Ld!=0v24CvWoWV>F_&FNC-mnFN%MmgwCs0SlgS1cDoPTHcl6QOy_GT(=R zr&$DNDHXo570#~Z@P4c8?lE|>&h)`Bm1vHOPU^(L7KM*aOyxY;tpVv*$xogM-?7ER z7;zQm{_Pc4aC94+I_DDdR2qYJIn$W-nX8x?ACmiItZ_Y8Yq<9AmACTET6T3ImtQ>y z^z;|SEXDcr;!I3&J}b%;>oVrdQNj-6hwO3kJiPXR+8Zv)$gBqZ59jn*559)VADfm|PO zvVKLU_6@j7#>~*2Je^UFjfNa+cLE%J*(Uads?7bOf09+Cy2xkvsqUVM+UW5Q7)x3|06|k9?thHERdP+`2Kdq`Ip$l4 zuX+KlMi0x>{=Cd-tDIskqttbw&TFzL*d?NokOo91@=)M1tzalQ$w+FTBHup&pg+T* z|MCqq*lxG?LpmWO;7IRO@d7AX7XVE;{sVye=QH*zXXVdzZI_qMk}m*oz(x}}aA^J~ z$o0=>{39Iu3;Pr`6&+x3jm4e&V z!zP9It^^s!C~3~WRw)bwtJc+Cr|JEj?I--_kPBeKgMnbP_J5;<{#(t2-$?qg?JBMq zo2-lJecvwDtHa5Dce?E|uIyIh)S=uHk0C{-{=1W&>^}0IjY)lLQr_w<&g1hMsFpf) zfxX5+@k3ZbHnWJ-u*6DFJL3}%FwG@j9*+v4yW{9<@FI$ngXsMo!=qWZcrIUBnn>0A zHKoQkRj5N&9AXrN(9KkQ${gk!O&(c-(_NEqf z**D`m;c?>Z$#ehOlt%6mpnt_FaiVgpMF)^aT*>f7S6^220!?Sf^bG;lz3SpAV4k`|et z#fhc%2wY_~7N(~pSzd0ES;Nl!z!aZESf1oY~6*KlNWBf z`?(h*H;$@y5Fw6mhjf|bK~INtI^eoqq%zdkWu-FEN@n8J9{XZRHAM-s`P9t3+sW}; zZ+ZmsP)GhFOAEoL#7IzXcEovD&M*h zRu`UaLzE_KVj@wlKi3s)_BHWKn7R>BDi1)w7bsU25DO)9JD|7#7?Gz2m{=rVn({2H zPT;Wlaa~sHmI5;x8Y`K{+&LSDB_m0Ln-*(;j4 ztG=JeE>pevtPXgL-?$Yg{JtcTLQ=c~@Z=dK<#fdsFR!k}_@OQIVw9+|wZ?l~{Q@AZ z&ePL*ns%}HA1PrSoARPfiY2`~3aZVHX{SEiW9wh0qVIj_dS0m%!yI{8$D*OoY}@Wt z-Vm#?e7K1mh(+-EFyI15^h3xoBq zr3miAqM=kGheJ?GJuH2<_|}cAkq;XqWpgnZ6`Pz2B{6$`gM;0UazwP9Ih2REVa(dM z{-bQlg9Q4GpY`qX3!2YeiWfWOH%16y_D$-3m?Q}X#;+k03Gf4V=c%Rj?{^8(tc?4;#LO@n8yLc13dkiIkLUFVw8qn{T6>JU*eR`+52vB z^C|p89G~1yA)UopDfe6Rmc);PA0HbI&Ry!H2&7Kd!*ydW0K*y4T9*Kt*-Nh5wK40S zGR+~|vSp<@?u>aBpP+Q|t!070H(whaIu&3V+aBvNLI8gTqu-*j)ODfit*GIxF4Hnc zqp#Bhe#$2(H1uAlmVjSofkc5zxARf6<1Oh)#C>=Cchf#e%=i54*N_87Gm%;*_ON_ro>BuMS2o zM8}HfQ0dXav%CGlf!e-REvX?viZqT+z@5>_$n&W&7I0>(jF; zoJ!%vx)TRGQ1$V;jk@OMEqLvKh$q>56yoaBaaW$Y*v8MyV90pSs~jeegkRI+0$}U? z+x&3LEt_|&f`=2;HAfp|^=Xp}SEbmt&^3N!>AaWa2-54Zk{f_{Exp>nS_T1Im zn|Eh;p@qicrYlR58P9hfVM~*=P4Jo)Q5!S1IHU#Uq?Ehd&g6(Zt0>=bRrqOn zYGTkU5qRgxSQU8(ZHmIa0AY4y8=tQ%CcMlg2ZunDhS%!eJsCO?NzE_2>8fyUE74yq z$06xv_w*X|?GKz(!2PrpXcvou9BC{+u5=l9z+RSYPx9{PYDrD%vct9V-XqCa=xYuP zJco44n%SQL4l}kS?XjjmId5a}^3NEDWU^ zo>;JTyhQKI4=dc-eKZcUpRPz+()V3?LdQIJb%aILkr0IoTc)j)4NHiZA}B8}b3=L^ zy;gRn`@pN;+w6}fxNOT$5-9DlV4*YpFlkF`vI3SHjds!IsefaCKZ}*^YCf+v!T2o? z`_1xl>PuXKBBTETIzx<3_yY#Yec3O7>HyT#zzO)Wy zYObgqS-pwc;ph6*QIE!lH<+V*7#n%?htIbiAuCHhls+yL6o0j>Tm zq}*3oDZ3Q@Y`6aob9!G8NiJ_(e4(qLU)lDkRd1aq%L1>(v)o**{@+SIsVK^#+Plv5 zmi=pr;o--3Yb^O(snK2MGn#%DMp?*n*V|~^Zz26s-~0O3RK`DIPX{llQ_})c=X@Iw zAza<_T+7oNA~5PG-oZ_pEg8g5%6&5QmpJ0N+1k$gWU~F>)CUqFf&}3J`V@3>4L;Ky z0M5g#Rk@>5r_g#4M@vqKhV)xWVqiVzaq-7trp%^1jx$6g$;5#}`oxu_z7TACH;f(* zHO2BGBGxc_-6eH%@;*C)LR&l5_Y(|L%ihwnfy?Nrh0pIl63pHTY2I#eOHVS_vdnxr$26fyZ(`cajBy{8rdG5 zjLzIi3l^3>liBOuH-oh_kaLH#@)LrIkyksxQUH@@fGp<7sgl?$D zO)Tr|g{K2prfi?Gk;lfHd#Y0&>u4>vyew5w^Z85Jc6wFSN`5&scO5~W>hxx<`(;vJ zioVIe0Bl@t1cV8Dwo|Rw&-n9Ac|1cZ9;8mF9!q>F`tdljYjlA2V}nYPROuBP6}EP& zbLQe8f4tq9H-6a!hjzYHj5YWBFt%qsJX2U3KDg;)6d>WW5)}`6 zMLWaJd!=iROfO}FrD9U2JTmVtnM7{AK=wy;dHbaKwPFx_S36(P{C_X!-6 z1M6+9zG7I}PFFW5BRpJ3XpVhY)*!|pLKD%_lr*@%XVx@n%~|X#C>GJtl(0jV=gejj0?}cHFktyY`>nKt{Q7PsSc`#R zdUhib5m!!2zZDx@} zJR~;zVoPTtJi#6uK~-3vyKLra6uV6~qnbpLqU^UeaQrBFkcuZ_?Z;cYIzWF)*+Dr< z#88`Q*LhD;e8V(Q$?-uXvJ5`=_p=8$4haRiQ)njNqAa{(HDv( z?XC=NQ>-4d%`nF*9<|%N$C+EOUw!|ce{y?go38VHm%x___eXgqBCF+hd*2d%0gj>J zSrjp-Z-KR9#D%lX$vQP!@7=!Gyx-LuR_qR_6RzNi+g%I1;ruWBpZ_t6{ImZB8u1r8 z)xtu9Ji#RE5L%39cBE$jn~TKy(b(c<|6K%Pf7{J%(TvxW&ox)%fsHM{FrJ&-32<(1 zE?c7P=I^eZsF3zXcAbB}KTTEFB8zoS-k33dQS%!mGrhWWv(l_RLV_pJ+h#UefMh91 z+0nbj2J2=Wo{Tf^qA<&uD*7;4E*;(`a+d8$Nypn^%5*8Sp}%^vv9 z4owK4(Ts;F@F{RI_O(`6ZKRst4JmO>w6Jh`CX*tv^DWy4#?U+En+CkoGJ6A%7e)u_ z7MxF+u+`V0TtJvZk0BAy<=V!UDbIlFyd_RmABq?YZAy~GO)Y!GqmL76+y#j&Ng7XU z35qd3M+uYu!nkxQMSsSvpT;3&W((FEY?G;Ji+5i2atTs|r;iJ8c^jR6?2&wM)#yp} zTS8zDDZdhX0f59>pcS7HUTj9&O-WW?<}AuGk~uR5n0}CF*Yw274u}gzMt}O|$Q396 zMOyTXV5wms(^JTlG>fpbye`OKvYaH>oro>=Xmrrb-U3>aaUF@4^8T7G2h5+})RzT3 z+ey!5ZeoMYEOanivlgc7KV7HudD3noC+;`WNg-_oZoYAy;+Bxn{P`8|>>w@rSLXlE zblU$I4E*^r9HhOsy-b+W=p;?&=fqN;!+4%`47!2b zj0ea~^4Wl*00(G@P3?$Smti+knhSBdMd!Okb=Y%C$<`hnFY-a|mN}`UL8`8gUIW|? zqCJ5!OUvM31-S|fIHKc)!)+{e){OP+_r;}6+36SV3o={3<=31TY9wks?UOzFEuBP<$#}&kHviGHs#cQfnB@6BrUx~~i zk2r$kl+vG=TV{vxOrQ}y+OCBYb@D^3sR6r+0MeU?jM33=$4;y`{&O&)N4jwfc4{>8FQzX2EF?eFuocpd%;_(^q<;vY{kZ z)rx(bjHS22l8vEmRHT$NS5?(DSc5?V!K%FDqIo_CuEoc)+EV#XlXwJ|In%Z)JXdhO z*60e^Ua}S2ym`l$BD-&WZ&KHB@#2!O(nJ<<`eYO<+jj2?#Isu&R7f5X=pDsP9!lcL z1@-d@+*=W46yfCigA+aC;gYXgTx(KwNv7NJdL$~8-P;$y_nEj_0&uv3Ha2gj$BF~v z5L?^MK7b}`@pLM2o-wXxPAKRvl!h$X8aOFq@GF$)4Y!JO`gL(tSC9W0FXP#GJ^O}h^$)OX? zA*Fou5;L-^jdua&KoV3klCO=z+Fdefl8q@U`ZiCt&xX;B1wp8Qm#`iFJa~H#l)BvG z0w5@1`+~I&|5pEI+iF+dTFj*GMMDyU;0VX<3huZ;ncN|P0RSquWgJi|eQ@J$raM|J zDht{^alkmSQ&czR>1y-d_kP-pj*rK^qe?(azcVO*wtav8 z29m#zg+|oMx8CSBpQ+tZ`exd20?DMB8dvB2dZP0~zl_Gt@7-|Sv!?|scxR>TNE3hb z`wPIqI&_h_Zl-plE(08)#M;8}zgb3HYafKu47WIL#;GAh7^+bGlpkn%8B#8du zzOJ?<77moDRcaSo)EB~FyagtYui0zy*g0`iO$tdFB;BBk_8|vW&$;0+LsyU&8~ZN1 z>nI5NhYg$aIRAG)H=1fT_N(6d&H!4#*cJ==1(`TfGfYZ_! z)6LX-PRPvH%rDXe9;K75&}j-n$g4kG2|AD>NX+w9#xRFh2Gq95EysawH-E7`QBTdF zq;pj?c_wiEI){%wiC(m?%R5{E+B&F3AoVD&5MJu3~i7wqGB!^2J#@+s`McsdjA zL=}j`1whn|`PP{olntVzx`(a|D#YR^yQuL6U|AQ_V{ABYF1Txf7@x50a2bYf-fX#n_9RFc@{WE30-_FS}sq6?1dnpzDN%&xo zc57X-t3@1X7T%}aTzdTi2+}8ghwm&7y-20&zD$_63E*gdF&w`}l4RY4K9;z!@!klL zLI@}Lt0N(&(8{-tikGY9waRfyph-8z)1v5!o)^!r`}-S~U6EVHZaadS;!VbDPRI43E{&cVy^nt$)c$xV}gzv8t z@DgUW;j-yYOxIToKW{%}pw{L&U?5n7VyaGUumV!bL{EfGH0*!)I+bhKPw;T>d4 zzmEgQ`jY-~hzbYK1yEDmox#f2it|m+?jBZkQdsds2~~d3u#@A>nxJwJ=SlMY!a+a4 znnQ8{blt-$qoNaVruCpcC5YH2j4tjH=Za;7QlE!=s#CB;m8ZE%1i@^;g!n?!W@80zbPFMI(ps2CzYpHyN= zU!9^GK^;f3$X_Fm;ma@B<5yIk;#b}tC2Ie_rIVoy{!`HUgx<;s<=Xb((+RaaC%ucEYmr2;BdZbf%%E&$4@q{F@AB~uz$5^HExmLcW%+^uV*H&rNp zr}rREmFqVWy3RCC`WFeu*P6#gS6$j^anHsmq{{EwwO7Y_G;WUH%0J^yQuaIl0BRqr zixcWGS4@bM;?!8upOBV!tQ3B~^A*h4Lni?Ls=*;q{o!&vo@^BTU5bCfIsVyOfH1=F zmhC7EJC)X(sWTh^GIL7axMB3hw;K)T$+{XhIdp2QzN|*aQNBz@{Ya1pI99=@&IR5e z2mXj2VqlR0gbJLfy{L5P4t*XRdh+PFYusw#fs@R+4IH_lI=?il5@9>PL!8A`JS_i4 z=JWH*r1k5_z7(_wq`!xaIv> zE{=u*dHRWc(ToNv9RM`|ssprtA0~Wv5v;Z`QDBD9eoNiu)o`Ca!YwPz<`Y7B_8tM) zw*HZc!^s0@?@wv)AKXUzV8j1RV*6(k@Vg{`SPAeoT!mDY%*;VT&=LI*$BnNd@8GG9 z5#sBwK1Lt)d|Q=`?^>GdKFTYQAkhcw1YdH^jYlFGq6J>_xaWo4*S`jU0)ZVBx_=yS zZ&+CHsRSW2_ zRpytI9Dv~Ykq<5eA9Cez&XPc2?^YgtIjGzQS0&W+Leq{i={~Q)8uDLk6ea%nEc@^w z0N`~`haM9yq%VtXN;-hv8TzCdflY`$C@I)aQmn6kxwBJI3s)hSr4;8w%gW4G32R@5 zB;Y6Q|2G|t2jO=wfMipg>;+(V0dz0@bPEntH2$wB8#L5zzy6#5h%$JuAXv+O%0tNY zkw@BIR3-C{1k>^}tH=C7(}9W_fl3B5B8Pg6{-YNFokyllXFKcZz2c3U^$+ICp>0>R z^GuzhL_%Sg;Utyz4XM0CJcjgJSptOc7EAP(Hl;XXU!w|6IVIUR4)gk4N%bQF%=aDZ z$AT6lVzqdTVDrOwY0=h8ieNK6ysE5tM=b~ECvDL?zJ{T$^yZDs3~Qd}%P-EmZToqA zv-(Cj_hotDsV)FV^etGUmC9DYkq~-JLQjQPw-*dQK7^)DCNE~5F?^7P2GF`8AHC>I zRc_|`D)U^0HB0a;_Z0SSi&@X1Y#wJ~7NI`YB97J(m(3szKh(*ly=mhEuWGZk<&Y(D zw70*K@5mXXst&w#3y;C%uPjBhP!aF-I!v4zz`UIp`y&-@lGGJCr-@ro_ z0FfO|dD%=s9V>aecFLmL+@=lD@Z$TU2AQfKk$AhbNcGCEGlzQUoGt$degWjw zoHGCc-S^KwUjPRtzDi0p*_dC6e8oqe_ygKeorjGVz?MG21weK0&_qVe;TXWRz5m!4R+8Cw}<6vsFS#x(9!cEe?qn`m2SI@Ulh zXZ;rR?ktZVYwoB-Uxlf}i(VC9xT455_|wSjc*yw}8*Gh(ja(Wk5VA=y!0!J=gwrvfbD zl(As62ZZ;-xPorUMtXL{sqPAlbHkYHR)ed?sOjeM4w+9xN+O!JYqVUIcYlnln?@#( zY7gntzbJ}xcUlJ1!X;Iv71Vqc44$()n%nok{`oGB)Hv~>?<+QO9{1ZfDK%fS8fD(6 zq2>Z3_0XS-(ehH5qA*l89!>P%+&I;Bon7BWT8z~DRH*YHRBD149#f>IYay>~ zE&%d-!R;(9W?0FdrnCrYUHLnR08+DoVtDQjDpB(Y(~?fh!2WhSW}se{-NJ`u&s8g+ zwSjP?w=zmeW>mr2VR?ku8A3Pq)tbsV>uU34ivh=o(!9dF1IkUBu6>n7+RicMPX+we?yKpUJ`cwn18FJ|}ui^UXWj-Z!KBXt`(hy1HvD zBlw!yE_*#dwM2YA-A=sg%bjoOtAlIAryg`e1hV?b>U0Ia^)Man!6Yx+My|fnD(Q&O zpWm_ndU%=L8Z(8D`0kx?ICP62Vl5Lc0M1`4u>0r%KBYYYXM;~^ca8XCqXm9rBJP1w zo7lt!fZGA!vYlc$LH>^RNQhV?&KAqJHqvP&SU1Tt!POL_Z>f26vcQa7XwI3ogdOVi za9og&_35rI;Ip^gN)Mj>hB`ZVrA^uNKFqcJZqgZ68huuzI!~?hsRwgol(Ym7ayb@* zmUX$ivqZ3ZvE^Ctxvme#`yv74;=)5c0b(M;cVzPxS-)}UlQN?BW=B-8R+VU- zFA82OBBXb)?b+nfeK#|ty!u!%WI5j(f@lUJ;gCj_9I_UAjOua6jj7(XAZ%Jc z=vL$Oq2dcYYF+C1BNCUb#`oV6KAix~`=?t`teQw!f}n<=Xy6bJzCirFO*{}@Oi>+b zsO0pcr=`-`;H~rhA@(cKNM~TJjc{}3#&O3;g!#_qM+93!=s`@Qv2`0n=lYwFr*Z>w z%lf2Ve@B6&f7KuGhHbZH+v5n9;~08*baOUha+^P`d$eur}XpuqWL%j4{R~nxQp3JlJbEx&1;QI8rp_ENdy|lN3J-V673?(2lMc6 zJ5B1X!I& zTYWNyt@hWv-K0i|-&X4gm+wnFw5#GB5o>unN|bg15c@N3wq3qyE4&PgW}0IdOvEknnIRH@#TB9|%^0AyP<(Odu}>i`pqQWSE0*q zb$ImN;424qAKvARc&@@E+(Ik3pspNwYW5DE&hDkXvs34ysL)H?b8d1_Q9!95 zrV|;~vY)!2o=H*p5KjLlcu9N`dNk!0qdYo?hTdu(Vonh|k<(j0PB>a6;Dlq2^ zIKJ92HbzPhxAqRN7VgBwAu^qwKixf+RA19ruf9Eg+wM_8W8%QTBS*rvjOEhHldhg3 z0lhcUq99#riqV_(Fa3pg$)z5{&Dk9nc=iiY6~a%F8v2J-C}U98T{vk=Ny`vadszNt zt+nKd3|7j=T`}#q-F)h!sWu8H4G%D9_e= zrn7d(X*1Np3R;l)E=JpUmPsCG)ozxNMPUNPrLGZ5T=cY%UL>Y-WwN%xqD%~@Emfhk zvi&S54oieksW_h|TL~5b>6qXGmX&E7kJ}(Kr}R0_=EnKYU}C~BsV|QajSW2FsagxS zo0ACUZ^{AqDiaqd8Gc@d%d^zsiyy4$CzJ0~-*8P@bgZACuuu)7YPmVO9a$=9@U-E2 zp8#P`0F^(dy7X#~6@WqOlxRxHCW)p1E|F_m<3_J`h9b0Vj7hJAYEi4k0y??B$kwp! zgEQrBrAwnyF_wHzZo-$VCTtM#<7SMhno$NSac?ZAqL*LwK#K5LM8jft#-3amKXAP< z-8H!IqTAJ#yqCe{Ey_Rzu*(V#6#1Kb2j}l>|B}6I-ML4%c&esLZOsJ#e!n%tunlV+ zdD>j|ttkbmnR=P=5kfxm+%eIbDtK6h-uJ3r^?ARs`PFExjGLIawcw2_LqcErMe;!% zdjvZw5Q`jNReYXKC2BXhU`v_d{d=y-HrDm@%+Qz|q#oa!Qe96Md(PI^&R6IP;-0fz zZt_B+%)VZ2&?k}!U^-WHX8Ji2ywhTW29>V+-|*wpip^rRX3{IBqNC_$xUG3~zeZEx zho?UK01N5MBo(DhoFcjxJJK~m4sUR2pVNJ}Au~hg41IV)*7Pa|d z#QCna%q~#qiOoQtm!c|UyDtDt8ZNlIN9H>&%gdE%sXKY;!N$)gqdjS|$Mm0mdX|KJ zGu`D5m5N^x;3D4yu8*+$THvCvup>XLSIp^6tl(VttBp2hOonz&x6KpR!^e2^E&rxC zu|OkJZOD^{=2AhN(N4zGa@6L(6QevDcMTC{k1dP1~d6g8pL?L0#p zb%ifrN2ZmFxC!~u*6~enAM=v}P)ZEiYX|VBJe9!4_4l?K?w|CuQD*o4+!*uNA#yhE zFrQ^9jQ)(Z)!w#UlAJGp!Y^?<>mCCX@B{`t)R!kPSIr66cfiPgev9U_fOz$EL}n$)G~D+zuGe+UtZp)&nA zLs1*cVXf)c>fMnl;ohQ8>K?ERCUmaXE!y-aAB73e-97*4;(hSNF7}HZv^vF}dtk71 z|9o%oIyz9?0Y{5b+Pa;r+K7{0cB-9?rQ&^?#aZLX(ZQj5=dofzAI~d3&7sz+*mMBl zzO1NgN9$-!d#aYRF~+6tQnWGs(s0fkPbb;NYCqm)Am|WwAI1Ch6iKH_7*~9O3`{}f zJ3ivVkG!U5bVIFcO({OiyM8BMCW!me zkwb1i(xn%s#65P9K#hw)rG*~q3UzNr6__rr*H6rCY`$YuZ*dEIL|~-yh2$4o_Ur6x&-q)9gW%Bdqr2^dQ<4n?C3mc5kJ={x0UOzXu@(>>Y|SZcNe;Q-HD^*u53A8>1$9rJDZzs$!63PF1IW4P~S=`b5~)&M#aM2o7=EA zu|qLiZN@{7e*MV*GG?*T{@upQP#wj>o!5VhnSAs}Bs0FZNiFdE;LwgJFn!SW^ptwq zP0q@bq(NSiV^_tG&)=3J_~D72J14(_YNtE@at^^gFUHkdvHrLZJ# zywLXb>8#4N+p}(ubYgH)XIW2-_ge=)PWQ0x+r7ROYc2;Uy&64Spzryqm>sDgTQ=+5 zWR*)d;^bq0W0<(-jsz!wqN&+$l<<%n=w@7)Gv3uzAn}YnxkoIm~YpkFeT3|xy0R{Ip8{4P0ZHkSo#^y}qNQNd8^ zQ}Ja!=#el8AMDardPwbY{T_wo`p?*2gj5=n(j&pae)-~{yp(;}+MxRYxiY4%B>*Mm zc+T(3F>S>CupOC2BT{Lu)pB~S%4Jo$Oc%V+@fp-6sX~4M)RA^j=v{NMX7KPM&hv{; z$NKS3H7-{m`+Oh^B?R_oB>@gO&GF6ua%X>(p=ZX6(D#T9dv4k zWsYna3JALZNKXwaw4jfyT}JUy{IQuehbFz+YWL&3`ZPHreD)-D26#>;Wa}*u96l9>aaZu!&rxE275raMJzh9 zuH%*1o%7*{?KGH7F>2;bVT9WNMU`-GkgzsCU!Y4PS3@=%;ja7!ppl6MenrzN}6n+##yE?GC$i()zHePEL^xr5_ru+ zEaK(2$io;t4qxlW`nJjKLgpKHgPgdv3mucd&0M=ivR-QE{&og6(8hSqaaKTJ6T0v5 z6MU9@hG!@4-tYq)T>{8O%RMcYn0y7Wl5oujlbpq^2)Oy4=Hz3M#)5{b@3h9oatjJn z43&wk1>`w^0iNWjSh)bm@-?yY%WKu8?8N7jm>}1eH)8rc1fOcV$%VW zvl1o1+&jb^m!H2bLci@X6SE;&F+%J%E&1hWM}EpYhcr;);dvoch`^5S`mQI2Nv0|s0cu0Rjb83sf2Qc_w zgns|9wttulMo&dO-7$}?3R|;Dk#b>S8=si6vQlG#hfxF$i3^cNMnIA_K#;5gaXQ*# zIdwW)j1etEfeDnUN=scVZ7uJjC*67DYN!>y*P}XZX+kf3dkVgVIgaoUBU`V};>1iR zyA(O4UR|9-&S}tHpW%5+FrTEYsLk{CSDMY}uSrr8Ffg&Me57{>JG;Jd@Q>w^q$%*3 z^SiRBfU`hf{KCt1s{QlczaH;4k2uX#3i(@92%k7J5ug31iWP5@sP?bx=bQmwqE^6X zVwl5Ub>RP7MD+J=w1Zdnyu#_-$~Mo?nmSZt)k4>dm)kWrW|=%JiH^LMQw4lnwN=s4 zS`YdSa5s18-U;Y8kE@J6mlSzh>Lg+5q(qNUa?39I7|SO2{sGqKMLCF6uu8Slw?H)8 z@fB#|KfH+lVv@i{|EW+F%KF;(-P`eXecK>(!Wo5b&Y$=G#ef))Lv6Uy(H77v501)4 zX88A_PFg9ptu(xT9Ls$7ZhO2dbC&J4P%K}Q7)wL_{#QT^q};=Hlz?)j(8tO~img}uD7CNl`Q$!+6-bHLs-G|?W-IS} z-`M}r_INMN;mBWRN4{l#^#v+W=Frkdb9Avw(fnNg@st={*C(X_zo&zrs$#vau$(gx z|zc^a7$UGX=rhL|R>dJ0~rVYL+zfS_e7H(khFO1b?g7bz;Om$14xt(@E>1dl=`g>OlO$@SUDNO5xwWM_zI=* zFApqq3VKV1iH8@yBB<#4hKk>PqST^&Z05D{HHX68e{_lNy;K-xy#;gD9)A~cbXE8< zCi6!__}n(sS+0sX%i`MgGh923x5JB_3!o_n?0^$nX&#BX04|+!V(Im(gU9!JUh-xY zx)V3=Ma$VonN3mOy-(*pu)={)Li_Fze*ri_qi^V)avKanvn`1n42{p zD6)#t(aF>^Xs>H((BJRB+8H(wm&mdmMRt!}G7$fC4u9O2MBd$qVw|#3n#oLy9!im0 z-GcqMJ;Mt?Gx)5xXYVMLL?~jy^itQ=NGpqMi3c_PB-#lp! zrh1^sE{u4QsLrM<6k`gsy~kFQEMkYah9UY_F8~c~Hp{FBfudA^F#;!owZ02cK#coS z&kd2ZGHk(-t*fsQ=E>S+okGIT=N@#Q zhqdw4XDq`-Pt}wPbG~f83{P=vf0%lS%rvJqc_37{>)}`qIZG1Togc9TtIEvpPsP#M zaqhff;R)y+m?^e6=nzb~W!#imp6v9}@_qheSjBSez)=+aH7i|il>};@0O^$6UcjXO zEJeY`9R-CtBJouNLpuTYFfZDR7M7fue_ozA)qOXAqqQK{CiKB4wLTtgSb+wDhYLpe zIR~nzyRsKC17S(-G6%=ENTV{%EkMO)rU6c~)Nel-x}gquyB8C_^LKH)s*15U!>Fi0?=J z)p!8~ z9Ik#`b7~5=AEg>0qIQU?KC0%u0^d4&>#M^Qh1my3DYKng<~n5w;esEvr|gLt&OWY1 z1k1ZT4!v!J56WG6j(`d+v{wLj@S0BKQk;^~dOO4aV(&epn(WrK(I8#A^o~^NN*6*A zq=`sTsRAlBVCW?X5(McT1O%iB2-16vAiZ~_1OyU_R7nsaK)~;L*IsMA>)m^wZ|^hC zch1;9&JP9ye&xxW&z$#t-B&>nqFhw3ZGTcpxwgAsGH>Jz8DQmQBDL}b)P~SI8uNm>xEEZONb}&|Zf8PyE3AA3SR8VZk9MPlv}#tVc67AGFRLix$JFwud2Nt3 z#~vZ3A#fxi3gLMdEu@XL3byxpFHB-hGqe=IeGjw;w7mwTuy*R}ks!Y&oAU8%Hl^$9tt9);|OHp&PqTJef&NQ=PHrsWsPP@c<)DO^V&`PVb z`KrB1s(HkbluY2N8nQylJHd;2Z$pk?$>e9YfyU@tk<3^W^~s$MGmVDa_h_bEi=7}c zSY>ykG8+fJo8O@LU)-cyav_$lpM6|_$Q{c$>n58R9>+dnlH_Bu9lizl3#>%Us(`Rn z(Fb@BR8=UF4KjBt-G=qsHemMRk}g20FDASmCD7!Q^O#v;fS>BTD4F>hEp?F!C7wH> z`x;D8HH?eehI-grvT%wd%vmgF-Ikt3&fnny>1ZqlcvKpkX%6Tdno|IL8u^IJx#Gpe z1*E}625E*H(KY{SO?K!Izb9y`fWR`5U^AEpfrGA|e3i9faBAhs%7>Mi)(7Y!^ok*A zp^qMmfZP;ya{aAJ)e;r)WvM*RgN2;{4kQnzDXd~$s=Tg{5kp{$RduWd(>XMBT}p)P{YGV95LsYnH^T9?L&U7UIr(gGg|LdAR7?N5fQX=X-h_#A#<#nozs= zryH-;m_TYsuT41hZO{*80B0f2qwJuArQgNm7@u>*D%O z&0t(+Qqbddo0xit8c7jQmJJ08VI=V)Ku4WJg>$_4bWsc}Z+gVhKE-~!cFJ*8?V>hK z*2WKL7UJ`wpPY2;dxv1f*8hyd4jwysI8$&@B=d?%S$)I%6i@T%+ptq@b-3=-W$!hU z`}-25Kk_37D8B#%s+acvtl$VXg9K-O@n3uhB+V1d_iVK~3B^D3@Uatk<_4~@+KORF z;PS2G9ldFMM?}E=R`dElEAqb==6@8o27P}}!?=lbAw`33{^hucN2XB8?la?l!Ga)q z_653cbbQ7`Y!GV&!&XwCr54a8cc%?g5KpdZf4gE<7u%!P_qMpMy%iWVzO9$7KQ}6L z`PpRY6ZbBMAxTaQhIF+()K9P&f|*uto+xYn+heY}Rnn7$i?@mR?(Y@r0Ua!5Sj-~~ngxt`p8Nq3FKMa9s{tZw3fKcNHf{ zRzibr%;RDnyOF_Cv|2I6F{sy-{1d-eZ5?wMuUnv}%;x)jKmwjyeuB83PxRIIK!8*M zs6-q4LxV^!Cpu^@Nq3U86|e$D8^;Zb{K=zs?GIzfp5H}nG&dVaLeBH@6=<44FJ+5g z2kK(wb~pppI6qiGZVuFKFH?lC>qFUvhx9%v2BxRPlF-J@PO9>a!`9w|UjDTvC;qqf z<)&H=8qB%bh=XGeG~5VXq(|*B$Njpkb(6AGOsw8j^!`Q_qxd=Inh~Q#y5dE#lW~?t z0!DybN*WcY%6ZTqV?(N)cc&8fLz3f(jV@ZKy-~hj^Rn~3CX_#*cStM#xlN`(y~N{L z4Y4dI!jG8rFK})%+oa{(z3GO43+v6UAG4y5CZ@(VS@`2M+uoeMPO6~v zV@h5hZn0K3B+SIj?R8*D$PmON6|3-Tke}NsoS3l;M~RdYCt7V(TbYn5@*1mMyg&Nq z6V~npCYJ>1;dk1x!8Ad*JI_{ELR9F|4X~rYYz85TrgAa;+8|o@s$@~y!=EEFuKUaW z^}vA-tbA9cd?lDEVnNj0Xyz`8gJ?c@~PBS!4mA^HOdkOy1w-uE?g1SJlM8dr_RE=8;?ce+v9#Gl zi+2^ghxNlc<^`>(vBEz5_d5&Ni{IWL^gej4%IKEW-4t{acgLp`Rsq&qwR#q4YHzGEOMjq>h@M5UD~2-{Y>L3KYTfg>Q(Fl<~=QR z3T$#75nXX3gk2r(ocy-3WYu1Q=Cn$-vbAVd6Z)Lw)u1+bn6E#=7xrL=XiaQvgkT0h zGye7|NoZp6jQOx#T`Nh;=tlwmX*+$#3;41!iXtL`UPQsW^(RS5ohJ5Aheiqs*Xhs6 z@Wi+*0QW>T?O%sh;mZ2YKExRVBO8;3>0f_{#wcV9eY@miHO}7^y&2f22Wxxi+B$&F zDLR9wFe}|FS0O=UnDF;6WUQDLpkmO#ZNbB5Hm$GM9Xv_zB*XHkO8+=9sUHHyj#fe_ zgHYE%XaywmV*%97&(==dd%)N-<6~P}_$=dHUqiURqT?oqBdY=tVem|cb1vETjWo81 zkU(?N$c~1Ola83Z51o=vTL4zWha%*bWK7I&ad(I?ENrqcaxZf>;CORaT_;$@eH@|wklq|`{0cHxaS-3e4Z$II7& zYqh?@LD}R)_Z7Qg*8Tcsb8+!~$CgArS@fb5@A6{F;w?wX^9GNfhNPyLfHiM!7M~6} z07rE4BS#IhzY;vr`npg+Ub1MtpzT>vtz)MVMM@n57+bD`$lImx{+N|c3bS9T47dQR z)@hSj%f-d>Th3|6hFWS4zAZVDvZwqSptR=6PPDj89XPo41u|caXqz{Vnp$&wF1$|KqQe2te2O;Hk+#sT5+!jHPaB{j9e7mHyTI;USf2|!I)?zQ`HDzF!{(1l5GO(#n& z`IN6dc<_~1iAsUJJp@W^Wtd@yctlVwFO|HLH$iNGgNR>Mmx+;#Se8Oy?fgz&zM2c; z2_M)osc>;4?it&2)vSrt@OMHb`+hrq7ZU#b5y%whbFKwZk;7$G;U&)*rgn}^(Ut)^ z(EIfB5K{e`7R&5Ag6@;j2C#|Juw@;>;U3Rs&^O!$HdG%cT;Rkdf+Z>XxQ%2SYvGKq z3J7F}e$H=fPR*7}3>=-vGYTKuBj%3=t>bOZZ39IyRF_#FVSVE!QxdNA!}`xJ*;~qa z({<}xlBSq*g>c^8I}{uv#4p zAIDDij5WL(#uhAmvJE9xgGO%+Amu^a43|<)+*kQ0#bx!`O}@Gz?#N8cn{W3m*uCw^ zS|_M<2$zEvi?Y=uozBOF22-m`A{F)ASOAsZH5i{I@EpavQg;d=FFAo9q@AK%Qh=A2 zyF_smK|J)aEt2Kd%C%By5`Mw}6mwt6rG(2ee}eWzu>tiq1|r|8QaQ>ss)alrQhMti zqQRS8OBk-X8v8R5#EunO3(CcG_sGj-wr78GHksHyds4FiNh24SnUhDBzYM$@|FiV{ zu#CTYD4{swVhFU;&W$@BMw6ua!%1RFolYzq^5xP?Ajr%v32}+%op!dA$#=h$@sa4V z>O31a1Supi1x;BI(J|rU3x6D3Y?^Us-c|(~qbK0PC{Z+dbZGoQXtRW&T zo`Hck0KEvIeeQ;5!@Oro#)XJm^qJH*w|^C{w5th!#l<2iA+{;4Eija^;41bb#l9HH zaVn;s_^6s><6vK@Py?NgsZ7Vz^=I~smw&^(?AsYy{$gpfBR7#1^)zauP5sstU7lpM zB-+@v6BHR?!9^*U(9flKm(3v*?Xpk3W-$3nT-!8yma%d2!_2@rPn&6m{gU4mG|R@} zO!%u(FE!?)T%=MbGQ`4WhmEP@!xl0;zjQmTwXcW~;afXiEYQ7_kmitN3eBE0u_JgR zrp>}nh`@9JUX;QB0*!{ra2ofCTlY~MHGDQJXnt)U_e5JH;<}Z_vta%!G(r_1=$}*6 z|Kf%zyL{k>>bQu?kpOO(&sYEb4RaNlR$yDOJ!jGQ$&axj^{u3b7r3HHO!Jw&7Os;A&bsYvk4 z$Nwx?0b4*utZ8R!LbNxFtR$r#XHzu(wr6JJYtL2N{aY8ieyTtF(9!~k&t3ONn(a+M zY?nmX_zWy*CsI332DTYJXWF3mnsT?%#SaXYs=^GihihBsr$#t~mjBkWuBzO|E6=nG z2P(UfKrCL@q`h)e|D3!bcuSXoDYKzyW}iLm#Xa5-{S20sCIwa=!gpWc4m32oiVyOO zcU0-X_R7mGuauA5;L_WNjn#Hd;VZ)}P05oLa{O`=g+WiqCieu)m=l|c%~kCU$RRI# zg7`5Vk$7#W$Fo<(yG*SCR>)I&!1Y2C3d-EnGk49D3nz~Inmt46ch_958aQ2IPzh1F zba>7Hl*EmiV@SBI&bEKV{6sRD>X{1jVFg%v_KnRx^o#9 z6BGHDCs9FsE@uXDRlnl&jML304xrz&c|J!^30Gw5?#;3?_J)y}T1!Hq(8l;Y&9decW+Yp*(;>n0WEnX(;unS+JhtxiZeS3mK~- zhIw;Vn8RB=1I)Ie-w`vIIo4@t{i(Qw1RJYefIn|tlixDuNKIKdu_=hzXP?@Q%O!_% zLPcmhh^?B5xuSBr(f8$PTjrSyY~+50oAUc0JCUZ_p2Z@4surNpDY(NZVRyelLU#u( z!lP)>9BBzjmpg8Kb5-)_+%n3czCKffAk~;L17#YvminPq1o((II(eeufT^%NT5=C-kM0ORQ|+Qs(3FoDk0Pll{kFp#+hnvT`}5mU z_tjonb1+tHwosbK%+d4y8|YIS$o3Zi!}upp@4uS1n&RJo?}ne#2U`6G6}{yA_X9&N z%X78jW1ulRq6xdapWKfnwP~CWDML$M!G$k&o1XOtU$X96sO#EN&9J%VSGvgi&c*uWLkeyc z>W1?}^#>c?)qs|<2K(mdVSa@@dQ0NUS#OC-~i> zVQROq5kEcuyA3kXUj1(n9j+hM-`hb6lkZbymp!0|cj=5fdI3%mYmnSkeUIL`4o zMh9!|WGy($*uSJ(0F_(NUHhcBptcTYwgCNN18w33R+afWGmB$nUrB5pnj>rhZiAbR zcz2nYAGd8|{UXy>BB69gx^5<=j4^jL5XU1M0v~#A0!*fYByhh$YIWGVOlioz^rGQnZQ?1* zMe$m+V_iUr-rZoPXz$yDRv&{UomJ~1y4w~i;|iQD?90y_!;T`$%ZuW88X6|tHa^$r zglhHJZ`uW>ynRej9nwPp);O2Ji(yTBKD(iP+dh7KvJ6Yo8L`PJ42W0=MQ(lT|-Kw&=L*lEh7Y!7IY&nVmg=0ut zc@aBpj zr?C2e&u3wR502nv0j;7&Z^zlg5C5KN0tnCL4XW{QoK=O4F=OjASUWF*bi*`T?8g_d zADfpSr_uyTM}O|=^$t4t-a|lAb`);`!YClfF$XB$0?a*wH|@-m;9FI&oY_roT5~7g znuW@uLMoCSNO5a4ZJAKIZ<><5yBYZPoeLBZA@}i9oDo+NMzvE#7QRrtI`+m6=kKP7 zYtwE2DSH~*YRKi)f04?>|L*or_*54A%4SM4sot7X&?MlivQ!3E$p9TPh2Y=W0LrX_h}g!A|n-y!T?bvi~{iF{T6 z)Ga*xbKWP9h6O{~oe+^jcaeE{4HwguLx}kiQ@V4hjA`9rMh2x5H}s-EBHDrgArGK07KI-muIe=!|8gp*xP%s_qP zvki`I{r0E+5Pki*BS3jHA~UM%+eh5zLT62v@4e6dm4QV#gmC!{5@N@6Tz*lx@f$Qz z{}+PRe^;mfpO7#A%4O;8IP~JCg6|n)9WUQ*{e=tk2lD10u}|eD5D_AF$%|an_wd5( znlxd};^{KjkRa@e2#DN4PI~!cs#Ngg9AWB&fWEkZ}sqa#5u8$g((1X)Sx7SdZ_dPUn2;;GJZ|>>o=J3cq z9pbG5mf^|t(K!`w*W$gYa_C-pdA?qNiwi7GAwP;igqJs%@v$0+AQ*HdSj85210imq zIV8Bba%a_Rf!e_E2M^TgRUaqu(j_ZYjo0S4;-QV;3*MiSf-`n;Stl>v$YHDqL9evP z_;}XY{%Dvr_Kej(hfLY^NJs@6Zq z$JBK#Ga_myz(T7uG&{$)ljf6dgfGZ!$yJR_rfW&vri^K4&DDDso zrleIqG?`2ZetrzFP*1j5+Bz|kPx2~0fVcAGus*-h!DHu%U<3U^{`3C$pR*h*z-m0k z+FT|~{)H|1w<@1-;8J>LHt2e514bwW`f=ux4>F})3Nbbx-jH~Go$`}kfJehD8Rz}T z=k|Wh8X|?B1lQH56FPJ0tWO?u5n$Klkn(XAD2V=tYMeeGf7kdG z%g0;IZD~Tu^`o`()bn7rWlm%#ZlgNHc(HR75?t3d@){YOn9-;8o>z2`!v9zWwfb)h^2XW5aJ+a}&1 zEuVL8Y^_XyRzhC?fL4ho|5$NCP8F2ce|hmVQTvI{cLsu0Mdp3zMG|IL9XsC3eZ|Fu zydtBrD052mMuqpThVMidXVGWDP5nG3OSsg-xaE5!k9jx~!rCQwfMAL?w^hdI(WCF7 zy#_KLNAoiTrX{^gu0K}sDigL+e?Fp~Ch|t?DeV^;+#q&N4=0OGAYXumt+LrfKAYh) zOQl%;wxTsV2yt;P`f8zT?b&7-|E5-?&X82N>T(uNe54xLWWo78Lb5W@ps27_GRy5E zO8|wCLvPnNr|hdj#5VZ!J5@#;u6}$1O#B{Ww0jOH12sO+K=C)`n0;HJjk)e;!H>^n zJ{~ST>Axno-#bgrll0o~%93VCPqiWC0VDp|H2BsU!D^cg87{X+zHv4!GraUnyzt@2 zREQTiu~TMeN-UmpHFx8+fO~ZtBOy_+d*;D@0%omyR?ZKZ9)Y-XWhcEgJ0~;!;dZ0e zsrNP_W?{`Gt9g1j-Z(1U-k+i>EnZ5Eq#$VK67)*1s~U19(cxc&n^L}g1hqGwWw%Uk zkJN>-X@j@Du0I_ppX{3K8;!6NIaj+4)LxfgrJRxCIW_29(jDKXv$T}Lar-=T%R2(! zzHa>bwO{YiE02u5E59KB+(1mLbnKA!ULQdP{M;00JP9s?N3_eg&xpSOMy!?(8XM|< z9!1s<7DWHtC;nj~XD_Wablv}c^p}2wAxUne8?=EN$%nEou)mSEyxV1cBa;~vH!!ue zSDfQdWJp^1C-O@S5_+Hy@_*4Tjg{~HWTS`E3q;z4Yq0#lLpS<)a_h7U`+4lLKf4w_ zbS-9QT0Ni(_PwOW*hGLy3*zXz5D#fP1bTyUg)SK02Zqx z<5z=A&(~rQ`24F2(z-`Ra#LvW*m4&9R7X5=y*}QFVEkMY#;*I558D@qJ|NYj--GXW zP=Bjv-W_NQ<8OG@IcOfQFeW7hQr*`-m%Urd+O7h-A{f#ykL6>pNy@(=wd}ztG z<|vN{4kX2;u4FL3Nr()zaZlKYL@1%o7uOxWUs{&K9q)9W=4cwaOAic?zJm=PXJN}P zxwCq2I!WQ!yWDB$z;jdm)SoH`T6ve)x7O;H8ygR@bWLt^SqAsBM%|%NV-KRj<*sr^ z&>0k)2TJ2Y0xipSnO@p2DVAAU?Y^w&IZkJmtJ8Ns(dT|UNVHRGe>Zpo+-%61$Fv8B zCcHk$Y_Iz$SL8!!p;=k%$2phbqR_4nPV(dpAz$8LdDck&A!d~D)&YwQ!Am!!qrU#j zmAhZT*U@g2R%Xs0$IWWLde2J;9>&L%0Es@Ii)Ny-({3-d`x^XcBzcYn+1mt7y(DR4 z?ml2#z~7v4nEItkFI&3vGU3>}tave-_YhUJUmU%uGycOi$!6G#xBq*=4d1)&!~o*8 z-++nfLFykD6`Jk(Nn2!J-`^9@?AzHn=Dc?)$`0W(lX#+ieu}1I7-bk>p=VKGAo!tQ z#v;R4>CEOcnh`&}?}gN{h2(d+I?WeIF>{1A46VEOc&TyGR0J*Akl|&Ew-t+{WGVu5 zBOXukVC5FKWpILxlbd4K5isj5T^_iE@%1qK_hgISdWY+TpMXvZvI4@n^_ebT!#>EU zaH?KF?#RcKE{j(;Hb?g@EjzP5Gm;A=E>Ct9IumjTFvv?_wT*3<}$ zL=`GVU%uPIq=k}ghE8Cw!zE{*aFcu^VOaDG}Y(7vcxMxao8mzl|92XeK+Mr|}JmVMK3EJs;e>K^Qs*w*?@*v*pZ8 zV_049%Rn1ULITx;<0*5QI;7b2NG`Z>Y*K2_>$)I4OCpi^-ROKL!jcBu9p+HH9&-Yi zcY5b+557n?>5NQ9F1GG?EsT3^~LFFeN`cy|wDRmj*A7J0^>eeLHQrz0RK}fHK^UBAG_NO7`60jP5%xCLq z4`FX%L1)JbFMKRZo<)!8?S9H{SY}<;$yhTzjE%LYWg?m&&IS4!3Lpqb167%UqM_Kb z=9-aoXlb31byG5HZVYEFO7V7ATX9G&3}@&MgXW84&e}j1cA&PiBw&CZRzT1;o zFkhLqB@h(#xhmWzEZ~*N&@4o-DH>ALV4mV)pzw_#YG`Q4DjWpTO9*CTgCI3KB7lsv zD(W3YzMU2OuSW|NL38WQrmB#(CO1WL-dpu$blh#r?f30&@+1?amRt@8QGdqD zA^L4gLwJ|C6wbg|XqqY&$bzZUIFE}psuGAjE#rZGF{RXF0!>VHII5CBlAI}#%N_m! zsOqJ6_u2qr>}AhI;Rk40+3)^KRTH2)>#*mPHbWJx9qUIUmZ%snB9& z%c0kaqYEe= zvyV-8)9bL%s7$Gb;89962&Iam!>abF9(6>&^q2y(;TLhYq7khj@Bq^!vx0o?!}W{= zcEtBwSUeAnarBM6sO#af@d`5{ys;uBt02In@$Wi2!lBu*LF|4m>GzGzNCr7YQo zYDM&jEcta+ho9ydmHgg6t?#gN+#tJ0OFd_dQ$}S!>`%mNG`G*p8HHR98<{1W^^oXU zS`IsP5>r5hU)_4vrj&Y9jp!z+Wa;IYg(c3h=aPLI$Oxhsl{B6DrN=4Xjf~r=Oet30 zW#z~Vk!gO)e;%%Dck>gkIG_^k!bt9Ys~rBcV=a!WSmQMLZqxR4+9(97YG#^x#py)x zd0KPy)QqUV-*oHgP4&mgf=eSD%_NPv=VCZM{n3k)=s@jH&QxWKyYhY~6i<__W#rPC z!i7JC%qm#%H?=j#Ytu!&Q&4eO*D@r=aCfPazzR@5B1*R5^mqt5fy&tk=Vpn)x5mxf zYdi)dBF=K;9M6}f8%8|Hx$Ipc?u+VN4awvDx`x;KN_nP#5(bv%%JOSnb^)Y%x3izR zrDog8Dd~mrhe^g_+kn70S;@WAyne0(uCO&Y^A?}}gc$f13~9ATr&958A?>E7`zDi} zh<)x!+9oS$E)OM;m;8MBau81A!|D0+QO6u!TQ=^pplnB8@lL=k7injYCz=5q@#4Kb zk-I*E@+1b;7&Jr3 z!Zn`gr9U;VrMRZ$L^x6MKciRcQ$6&AQ+Di`V@)sPrv3%BB#gl}^}GvID(OaXQ#l>N z()*aJqxQWm{oknH&|_qlPoXuLotJ7lV3C&VH%o?)rm2bIv{4nkmGwDbTxeNUB*La< zioC}`iIZ2J#Yv2Z|5PoW%RyY`Gv_hcS}Y;rPXzxK-X3Ko)Nf5Ui)XC5Yd`ICp}2M* zac8Dm2Fkv+;sOBTm!!Dj$5?}ID`AAb;vm|JMK>Q80ZPDSn%9JE1cSr;VuvDd1xYN| zSgsK)|65f_kg&!XwAhtHHwQNI=k0eZ*lvOfC%G=2evXWuo;Eh&`oNx}>wLc(^8*if@pG(W3s$Pu~mVxy!iU-tvf$%5X=A)O#lu~iNo3a20i6wfNxnq|8?;2-}hwp zH^~QpM1#CP5bCcTM{C6s|7u{%1wnrndfW^E|Cj^wrfG?d={fwe+L=eA_ixKfI3B2n26%tDmaQ1=?l$%~Y9;lWopzD0GT#p?nr^sB z8iX5uIP@&Pb!)W#?grvmyNQRBG$fE1)d7M`o56x6@w*FgvjuRk>zO}|T0|Jey`%%D z2GmP8;u#+ssedR9rjGu{68#M_r4j#1iWfPE20mxXz79eX%M{=uZf(41GHmlWetF1u zuur1Etb%-Zv(qk`JT(&ZOXT066L8boCl%3}$;+z?#A$2&>DCX5xrYKPu8?TYZ1^Y} ztvT)e42_b^=eL#lTOUuF6=*x_Gfw3Um}BVKx}inm*!8huRcNw$J@&F~i@~F8^&9wM zm&g7Nu~xcHzHfk$#Q=dkh$iPKj&BVP81j1cy^I_0wWKoD!UUz3I9YftJJXWPELzT5 z+ogT8gpPbz5Hmu%uMIiXHs1oIbZe5-cq^-$J3nE$XsWdA64-eUdHFl>U!T=sG6R*8 zs&z~hRw`)r!Ulo22aPYPod|z~fz+r?`&;LF#VNXZ7yGPl;Zh|dU*K<{(l8f&nG*H; zP0Va>CckAr5H&9h5k^Y#f~|BGkL45ZFFSzb1MkT9DXW@HyUs46eU7SKF8PwD^%@c$ zHid5(L>=h2Q8deUsIf%kF*uAgzz(ZWyH}86FSv$`NS7^`i|!TN@+R+9YF{ zhvx zxmH` zeWDPL8cKF&5xyRN2ZY^!xYpkr=he@a{w9z>C}cI}J}{hUhq(TtpvbCzs0|h7ixe}x zg+CC?muhpQsL^@y$plnTayezgR9T;G+QY?;S$-{0x1+)_>0PGvx-i?d!9|oJR}RA8 z8X{=cKFuo@P#_IXtjb`TvIFS?HBxTu{)bU}m6X*L8kbgyI5gDHsAcB(n}v0E;W&}? zBaej@9dSF`+dusbZUy&;B)bxU9Q)7J@rHWhmPQj|-VZ%IN_)LvQ@uW)8XBrGV{rj| z8pRhif;Xe8Sgk6W$X;vT95_^}Cep=zU%QD7YAS|FyyENGM&~k^FK$t$UD5GASH)@V z{UW8S=)K5m{t2FV95`V19Q{P@t`5Pr4Vj8~;C)=`8oQN}=@de~0Fu^DIT@%~((QJm zBQv0EH`|!1@#N-%34euYbgG$u1hpxD_5i_Gygn8ld!)($qv>j=Rs&deLF}r$}F4~O^?ai(2jxN1cUF`SohX~P~W+f8ZblKE1_jUl$u-2eAFge%r#3C+BJPI|8HkzpzZ_*ar1&);FIfZKd|ntAO|T7E+H*(B+Av;@b5n!$D{V#t zN}Su-su3+MnH!Z{=KNvi?}nCI_%GJxDnKux|EQ%MaiQI3^3g|10LBiBc>tWQ_hK*WoeA_>%XpgAo5M3NVcV2A2rWWh7o<}87D=3}JTfi} z8WkNBoO#G$1oA!lJ9tkJRf^;8wD{5V3=Q?_ViPPVhumeSQa><=cF9twUVWbWwjKt? z7XpE&&zqpt#uhbfz_(Z^#lDM9kF{8N;K^*;uQg4IY( zt6-*Gmm=Y!a3E7sZq3!Xrs4m{-?ql`SflX1i6hzLwRR zokC}S@_jG`qZ)w%$gvWXNA-`J=>L?e{6C$`5Jq81`)NX!>61`cgI)j&+?vwzZFT12 zsc#bTUyVq#&Bw=qG>QTPag0?@8qy-L#a~{=b#=U*w1CBrIns;|J+>19b1BDx{EYrX zF>)oRDc>naaLU!2n{Mk^u`=Uj&g0S4U#$j2+ZS_johBUKz})3R2595032>n($?$eI zoH=S#k<(9mP9QpfokcutiY4=l!Ihq*)xz_M=lyC{E)GGAOFKxmv+2*(8#Xp%Z zE=jybsZv2^+3!j*nr5d3_&=LQsoy&8+>m0niyKK6b0yd=Kyi1!a_c@;bc<iyI28(}#De2SQ#_T3gEh{%PM0HG+@0-ADEi)+P zPSb>Jgej-?)thZ@9j|!|5WO@Ay&Uvs%CE$QocE;5C2X4Mms*$|)Og0mPt-GE871N$ zM+t4L1wT*|?Z@PzUg%Zw+fW6H#Gt*}0BdMVf>O@jIVbdU}ihhA?w5T@!5lf;zctv zq*nFfqUGHhP0FWFMR-E{b!8SU-E}m0mEiO0O8D$0 z`;0wSHBxr>H;4iEag&dzb*!+aOoJTSw~S;-wQY=0I5qN9>5)Q|=Wh|#{@HW@<>LPZ zZ3rEB2iv{c^ky9v_z(;4RFp}|uFQ;x6c-=Lfn8r`*@E+_(Qeyts}Q@)iQDJnAsDU# z_o@vUlN`RfjP9R@spjP4qzSfaoHL%*t_49T5gEpbt$3aQ{bo-%l?hgs{Y zSi>3bcAYsi4l7LC=(ILBA*_ro-EMaLs1P4XCVm&}hmm7^O4Hom17``mM@7>qO2Igp z5oE)*gU#?BJnefSzLsR)&N6r{E&AK*ha7c*ooe)#tlzs{p2_4g{`%~NmN~43@M5VZ z6yfkx?=2=JeZ<;k)cat0X}V0%{t>_}6Y9dg3zS{mr_qhg?iKUKJ!SpXbz?JFXci%a za=T{v8R!UQi<}d6Pu4!y#e2JzxZla6z6M{IMvca%SmRan4N#l;GC3ZtnAEv>J}Hjm zaY%UGyJTIJ7u4kIu@i)FlrSKr@72bOSrV*q(_DvM@=m-6Y#V0zLZrMO>>wp+IE8e* z-FdDkxM>JzZgP7%2yuRB)$ZS*7}Fr$+7`^mTp(|FSMrnjNE7X-Q_RP~c0qL${UH^r z!XNwu?n9{z&_^v{3Nj8riP&E?k5CY?isz7zq@v?f@*un+2$w59!fNL8WL z6U$|ZPvTAQY)(wlHg&Izs43ytuU3;T*`ifrRRl;PR#U^Gw?;Z7<9uKvt#B$OO1ZlnjX^>CB6*gqOnai=Lu_qH*ceY#aa+=9hGy`Bj`l(2iddvqDpx{meT<|DfNxpJgLhgwbq z9hkRx1Kjh1OD6GPY(hk0Bfuzhl2ftTh<$p6>-dW_D{~11D$lWckxlP)gP6+8d=jsT zT|seuMqQYUKb)4Op~9u1r;f*bGASb8Z5P?a-xaXZ;RzuJ#!c1#5Qzam;eR(qnRMJJ zkQe85eiv_CbCKr*r?40=fSf(t%2b}NtHBB+rH}qByuatdc^<3wNxH0#e!bZor1A!^ zVq_uA`;*g3^Y%B$d3=Ge3r=6r(S#VM??-)^yN1i^&f&=BO*274RloI%4j#2=^I1@N?(Nte%h`Zl$@1s1KX%xMolv{sX7P>5Fc zQPSs-?W=L$`SSt)34{I}4gF7kaVu+LVo>Az^w@j-$H8Cm;w~z2#oGoSoK7B$_4lM{ z*~pJ2N!OJ7{kV0daIA8~AQ@!`I-><1?J0FgFw;M}Zm>JykXYHVQ@?MXtTg7$4OBJ|#JoW}x5IOf}RRrkQD7)DdLbG5V7kXy~`in~XVPo{+ z(2r#`?2|jZ5%G7Qb&HB#AzKZ(ab@El^{2n-fA3f%eHUnwX~6Dsrv2rdd?TLIlj$p1 zPe$Y2k&c~az;my|to~w5@p>go()4K!%O`J@@pz`j_yEOY7yYum!Ys4k+phJZ{!mpFsl$p_s0&Hz#5(H|!? z$4m#k3VSEI7XwTZXu-1FQQ7#0NgI=3o4QjMiAh(R5usu4KI@8Y*{%gtCMY?%nLuUY}3~YtXLXC&Y?$VGu2MJAYVyW|AJ+tMCaSI@{sX~6& zvCXJh=#C6k5W|5TK|o^0MQ*QZxMEmkL%=gEch`yBCHwQtk%?WVADJ#!?l6mS)4ngG zR8a&h5&Gc?xum8xQ($l|U7)g9=4PCKmARGnr^SZyMw6+2j%0F;eLn99mH}Sjc)0Hj zK{0dh%A21n3lKxR0p@LbYiixHxurzI3;UKPtHq)?`HcyGw=_ew`6Y}Kp=Wnb5Z6~% z-ukIu`-+GDowhujICpd&o+G7%@8rMu>s$sK>>I}oFh{W0KOSS=CJ6S>dua4-!p&y-2EO}#U8D_&CfWlA1@UUUB>t^r4MTfMtswZh)dlN5XSQE@TOYrvmJ)V8T2*B*}9we=6Ol?J~|{lER5q~Tc&a5{)PYrt%TnRbAG z_Sb2>60_H|{*<+z&R5uZ_?FE`abnPfjsow0U?WOid{_iUzYyN>)@`O%=E(dc0UteIiKPDF~6niO*H)yJ# zJQ7#xZq4mcrPwv7u$IB@T$lN*s@?n>bT?MrHk(Vwnoj6_h~Q70S1RB#OSAVK+oXY6 zKU2wlwfaqk;_l??^wGQzd1V3Jf|bmOc$GwXVe_;tPl5>dQ3ua@KX2~);FmO=S^9db zxnYultZTagyJhEbUXNz;(>1HV{(2WH-(>tGEO~8jL8@$+S58-q(Pm?%M(wth->PFg z-n{b3ctHXUyi2wm$U@NvB=yHRc_+TDUprE%5K@a24o#;|_{BGdri97vYTdf54ZaDM zKIg}kX<+PH8T+D8mf0HG6Efp8+w%0VHk)@g+Ago$JnaSEQ3=<%(DzjHU*7MK`>tl| zPJx`;o5Q;Fa4{=tRh8l_j@Jw^2hm5OlgiTx{LbmVrnF3HN_Wp~X=?HZ<;hktsCG&ZZ6&wKq$nBNobc!SzrJ;q02 z9&dLgcMp{(-*s?xr=1_GpB_2nd=|5RoFfQ|PM|2m*oEP3KAuN|1=uCsXc)Ll|&Jg0Fv(bdQQQV_^Y*#DS-C4EvoV>@Sun8dT9 z!zX@JTHJt+c!Imm2F>}z`XO1k=7(w=LOpJDfcJ53Oc0gJOJ2M>CMV)UFPhU4Ks2%P z(fnU4CA@#NPKy_({cvmiRz6I`obpYJa=dOBM8ppWor8q%I)J-0E@jOv^5}pCR^)yA zXcVw&Z*@&C8+MrJhE~BHpA5bj7JDx2Dj0Hb(mCzz#yrB{5UlKln(MM*fyMML^E6@w zQ?V{x+%y8ydvPB#ssisLn!nn8P1X$@M77n-6z8zRg}+(|wj%c!PHi1@NDMkxBDf^6 zGhiRE%&msO~8C$xRoQGnuYy8^l+PR7A zgbQ2$`{)vYgO-bVxbhlK7(@l**2{G1V8LD5T-}!X=HyGwr>7SshW1QPf6>N!oByU} zvZm@w*)b==tpw_zIqtfOxrq9 zmjTeKBLhJJ01(;&{E^AwKoLOtH~io?Xl;g|Z7nxu83?Zqei6iH+3kmZC2G<#E$&@| z`bjnIOjTmQz!XO)6T@DBz$Tt|?L!xOK^~?y4Su074#d50BN)*rw6H|g-j5@0!QuT` zW2AW9Na3sE;byqR@$B9BuiumJzGcwr{6c#7H;5}xmb5p9`;Ffv*W8P$UzVTt>UYnR zoYUq~x}8sq#XS6hI((itUS04enXY>Npa>bsci>oyvT*DAc6Hox25?6-f2IAXezJVe z``w3ts2`O!!(pUZ{7!(KWSzoeKx}#qblXbuI2q$mL|t3w#Kl|Pf%%bAy3^X8?L)-v zRHqp5Vcd05&^ z+D@M`w*to~Pw^#zA22Cc=svk(A{`n`|*_D#f5Ef&zjfA`n2SVkjyK z(v<)qK?Fe{5ydDF-}%b@%JshS-o5wzcw^k38Rz8Woa}Y>-fOP8<}8AhMi|H^lB)rX z*v0PvIyeQ)S-C+DWb=f{ivp6}P{lO|!q9ZjyywH(4X5tR)}~1H)Kiw{m!avBv!`<2 zIyUUeL?JAOR z#YNsYz^tX$Q?akHRKFNIdd0;K;wGgQ8?>Z9CKvc|{p$^v>q{NMSFSbAOO2aY0_QvE zW2SYzThdKWYBsfqt1J^U$fjQQhgwjNP@7%_Qf9P4_&NI*m$4s040I=RW%bE@I#1cr zL9ZL`V15SV{vTZqtf`_8vHB?j;d0uuv1bl8jQR4P?{V+mIC7D0sJ&mdXyF%YMgCwj zx@rz}K$Kb0;|zmkN7LR^tF~pioDe|=2R%^BXHQ^r;#|=lIKr>ak;aJpFkgbHabc)@ zkTqfu5^rP1kqmfx*|dAFZ&lMJ!iRpJ_;>L)xNqSnrd{oJ^Il&w6Odz59**(7hiU2b z5^F_K)jz*KTi!MVZHbk&Q`K)Abhi>)b{0N@>)ydGdT=tsk#l-GQz3drCXlvf2KLFs z-#WQ;;YN#EifW2=G>6{j$??$McdfzvE|XGgam|`ClK_x zkvN|N_lrY)6|qsinU}J=^Z-m`XZFOvdKflwnhPr&_X^7oUG{F(yDekhztP<&c#?c_ zi(sm+ajcv-S98VL8A#xkmsRJe15HFEfc7X~FMsf;7MF!! zz~&FImOLASrDu1V3hP2Mt-JT4j!iFEVLxoNDRmu4&ItjoI{C_?^BG2(oF}V<4BnfG z+ywQ>M$w9O9m5T=-U`E?O*DMQHV;)U=1G~Dnd?xIK@~Y~q}{vrxGqmbpeNq|Nv8fa ziHv|omTY$Cj4J{J*?B`^+m{r3`e&C#8H6?1Ubps81(nIXwkyJBvgu~xtetd_OUy-$ z)$EKD9%hkB0~%}JxRRr4bn|xb?q1EgN(RDDJG23^JL%aetq^LpX(vkrJg*Gt_*Im^ zLiNqvKHT$O;>t${kiH2rl2{?H4sHry= zhn0+jFoj8`!ZAG3k}R*taR}iI|xMv_CQwNW|g@VHwMMJ1@ zu>!av0eR1dHJM8@IIV5$5a^8`(!`v}vI8|(peHqXujAanNDF)g#fn=pAf!0OanP!Q zxD|mFc0<;CAbJD7thw8x)eA$BDt$eSleWc1PtWjev|VAxDT87zxXg2?jX2l} z*s&+cG%or%3Ba3tU(3>wCWO0B$3HmiJy+8cr6YhkXZx z$sV3wDlG^PcVy$Ypi}woNAS%Puh~@+!p~@xRPwd}`(wm5_Vkr9jgHigz!fnCRt!b` zrmc!Q3u1#&1(yN~^T*fRjqAy|WaVo-A(DsoC|u=rfBp(m{!F*aFJf5iNt`t6rSfAn zxbnmOU*#g>NInN+TbFgBW+N{ER4r3qFZKoJ<|CdW3|;&uo+6q)`+cCq8Hcui1S`WE{kqW=JYv0u;#TR+CVE6#u!4N9aCF<(pQ(-jOX=#Km@?OTjMpjO)S zk#RnG2jbTys8PI|MVu?o96@D)g9k*9W#IbP?1NrmzES5#S#o4%v1JDX-H5NSYT7qV z;ygdm9XPNK3QfhB7ra!$vqO|2oE#LaznAz@yV|Q5>vCq57h_v#H8a>FR{x_6_UQ0( zgOt$N*jkw|{Q67exrlxlzl-u3igz5JcH;~v*Te|t~mO*%Ot@g09oXWX(mPN6D3K~z96AN^IEhQ zPmDnW)y~|l2E$o`5!7x00lhxBxh8O7`Ac@3VW6xyV?6Z( zOI{^u6Rw{~l7y#Km6M73bIYCq%N5NT-P#*kdA)*HGt_qMAQ)A0ykg00+Bdf_IchKi zC&$A*KxHSA#(m35yF19nbr*)6ukxD&%(BPwM8N1SNgIIz1&_tMQUSmR_;yU3!}b_) zx_{stf&R`>la7MrTQU4k5`&<54PqiA@&fK7hk+ut#T8w-L zsJcTWIf9+Zv7&i$uTw`F^MS-~EcdqzM0(BooR||C=G`9Kmn^BZyVcNh>roarWOHPt$OGls(V#%NR4mn(ZT>mvv z&}={|>MVE69ytw&i8{yp6l%6O14=gW8zvPKcM)2sRVF7a@y7lUP_mNpxajym)NN~w zw$#yN*NN$VOH?ZEJ7BYCKi*Rx5HUWn;fQJO@!}2~!wS|A2W1M9bsG3gU2BJ-BO~aQ z8jHwrT^_A3!fe~-{Tp+|709i9in$^ji@F&sWdKM-BKd|0K+3ou4%mp^=1q_yi-YI~;={sd18 zBThJI?GV+uY4C83{S5SJadluGwP8*H~(k+leM0%`C@z zxNo@hhwD_qa%80-syKM^4?Q0$nNGgSs)m&Nwu6fp-+9$&Jl(>XL85P#6em~#+R1>YThDW3` zUU5x1JdT5meTsD;O$;PLHMcYoS0)#oVTiDO<(qmTrU-16x~fp3cJLL1G#Q zdq3iN0Dg-3I20?qP>97Fn^tyKA}>_mb7^#mSdrCCRd!@N%{Wk{!6|phOzaOxjML8v zEdBz|)EqHN%5_|VP3#kl!EOx@`hUYe3QM!%5sx9s} zTl(h=uVko~Bop-$Jv((7F>g1ftz6fd5+8OI| z6!0kKt4NmuRtBKO)(W>G&Tv`t@d44yO3OQL6lT`poBg9L44u+&!KX^^(vWYY5;twn zowJsg1m3H2h#jFvrhwJ~C|RA_`hpEFPdiM_{oBn1zkm{61w3blv--$0CGOcBEoC{3 zN3Spas>%2RT)0GQ$KQSJu|V0isaD>Ht!7%5Wzn8<`dvFVxFTuV#-0vf9 z`)!4LRIuO2NB*>?Alz7bmfyz{jk_u}gv8}GiFM*~i!4DSBp2r^S20VYAeAx}>6UMgd+`pYA?tMr(*QV1+gqNU92c+NO z;7-hzjpLhpM&lGP98~KxJ)=GWAjan5BVwYPrBma0hPkoD$p>M>=T)gPM%o!BkF@UER7F*3v#JLt%umtWZf)N;ZGDW9T09sMGK_J zx6$Vl!(Q&U={iB~jIJybntY~}_Uv8Mm&5>WtI^|KvjM<{Cbj0`XDmBL%!(fIXjc1B zcO=5(0g?53`;zq8#}Byg&WS4>QfbdW_=+Gi7E;E;WvgA%|;F(?HR*cdy!A?m3@s zY%fbc$SK$&4+2>`50>y!5w)4D&LFEr(Xbdfc{Zt{MS7B z-}@BR5g*ou>IB2d7)d2OXvOlQa;<4as!M%-2@~&vr@Y>*EL8Mo2I17Sf>nFBdT5Y`QQ*Z{5FqenLM{|0b z9u=XDc0K@G*CG}aYuggA8jta)L}1L(T2q)chrxR^P>na$=ap}}d(?du7?-b`b9Z77 zUV4(N$MOW zSnJ$j9#!k>JClJ)dT*~+CJfYlDWT6%E)r2S{0K~%?sm_qM3g^tT(R4qu%e`M%a=3P z$NeBmNqie)zayk#697r>?FySR^z1HE85s#Z-Cf}F|GH_Yx;#zFbp?GZ-}0(*PEovH zpAWxTC;1W1xVHx@1K;<)u)q2?)64vouJNjDMLaQp@U#!=gTzhd;ZPiXAhMYXZW z@x3Z=<*?u-{@^Z3gG+a;*pqW8%Ii3Z#AB~M&5yKNmiMxaz@F$CrK^{TIePNAt6V|Y zK5s`)-ZEo+J$rg`M#=^3-ECLKa9$;JG}$jUcMvU{0WYFos2z~MNd z0CD3o*T~pnlp-w0P9Ba+18PHNf;p$&6dhRY{H8p1+wRQ~AtasXyULrq+<3XiZ~qY= z(~rY1V&6=j2VOcnmgO94Xw&U#9!Ln2+VVOiKJ=NVNM9o8Y&47Je0&i5*rr54AA~LZ zvD^zc6c_?sZ7>oj&F40HrsXgZ?daOcH3AE|wWxmu@wGtvZB$NI!TH1Dkmpl7_J#u# zx_!lC5IPS;%%_D3a4|!S4~NUWHa=2t0J;-oiz)$RuPWVZYx2^DyO$Em^ApStn82vn zBo8U~dWKF8{R>I|Kzp%IA^OHmbQ!rjG&mqtPt#r>S{`} zO!eDhq19F%>XLZ%r#4gjVKj8E(HyWrSKo|2tn4q(Wpn14!H)C^oE#O)``!~q_xPNh z-7bObt5|Z;4AIMKK%u}+5cMqiCPY$m*Mo8rn2C;NZa67EbAE9Q7qEzhu!K;Ku81X5 zo){%8e}T^gIwSIc3b6_m@Z6~+b>GgMT`IOZA_-RN>@Q4t<0Q$x3txbovVdYU{5A5k9h0|4$`ZuG5o*re+ d5U5ktw6nb3f))mHy6iZU!2foQ=lK5SzW`I|))@c* literal 0 HcmV?d00001 From 204c8524422e3a2c9010b01f9427d3b8d1daf35d Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 7 Dec 2023 11:03:43 +0000 Subject: [PATCH 252/653] Move psa-thread-safety.md Signed-off-by: Ryan Everett --- docs/architecture/{ => psa-thread-safety}/psa-thread-safety.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/architecture/{ => psa-thread-safety}/psa-thread-safety.md (100%) diff --git a/docs/architecture/psa-thread-safety.md b/docs/architecture/psa-thread-safety/psa-thread-safety.md similarity index 100% rename from docs/architecture/psa-thread-safety.md rename to docs/architecture/psa-thread-safety/psa-thread-safety.md From b8c4254f449e263cac03c282f9a9b0124c54151c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 7 Dec 2023 12:12:39 +0100 Subject: [PATCH 253/653] Update cipher light -> block cipher definition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../psa-migration/md-cipher-dispatch.md | 58 +++++++------------ 1 file changed, 21 insertions(+), 37 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index f165b21e07..bc92d00b37 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -379,6 +379,8 @@ Those costs could be avoided by refactoring (parts of) Cipher, but that would pr - significant differences in how the `cipher.h` API is implemented between builds with the full Cipher or only a subset; - or more work to apply the simplifications to all of Cipher. +Prototyping both approaches showed better code size savings and cleaner code with a new internal module. + ## Specification ### MD light @@ -564,50 +566,32 @@ The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a l * Compile-time dependencies: instead of checking `defined(MBEDTLS_PSA_CRYPTO_C)`, check `defined(MBEDTLS_PSA_CRYPTO_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)`. * Implementers of `MBEDTLS_PSA_CRYPTO_CLIENT` will need to provide `psa_can_do_hash()` (or a more general function `psa_can_do`) alongside `psa_crypto_init()`. Note that at this point, it will become a public interface, hence we won't be able to change it at a whim. -### Cipher light +### Internal "block cipher" abstraction (Cipher light) #### Definition -**Note:** this definition is tentative an may be refined when implementing and -testing, based and what's needed by internal users of Cipher light. The new -config symbol will not be considered public so its definition may change. +The new module is automatically enabled in `build_info.h` by modules that need +it, namely: CCM, GCM, only when `CIPHER_C` is not available. Note: CCM and GCM +currently depend on the full `CIPHER_C` (enforced by `check_config.h`); this +hard dependency would be replaced by the above auto-enablement. -Cipher light will be automatically enabled in `build_info.h` by modules that -need it, namely: CCM, GCM. Note: CCM and GCM currently depend on the full -`CIPHER_C` (enforced by `check_config.h`); this hard dependency would be -replaced by the above auto-enablement. - -Cipher light includes: -- some info functions; -- support for block ciphers in ECB mode, encrypt only (note: in Cipher, "ECB" - means just one block, contrary to PSA); -- part of the streaming API for unauthenticated ciphers; -- only AES, Aria and Camellia. - -This excludes: -- the one-shot API for unauthenticated ciphers; -- the AEAD/KW API (both one-shot and streaming); -- support for stream ciphers; -- support for other modes of block ciphers (CBC, CTR, CFB, etc.); -- DES and variants (3DES). - -The following API functions, and supporting types, are candidates for -inclusion in the Cipher light API, with limited features as above: +The following API functions are offered: ``` -mbedtls_cipher_info_from_values -mbedtls_cipher_info_get_block_size - -mbedtls_cipher_init -mbedtls_cipher_setup -mbedtls_cipher_setkey -mbedtls_cipher_free - -mbedtls_cipher_update +void mbedtls_block_cipher_init(mbedtls_block_cipher_context_t *ctx); +void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx); +int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx, + mbedtls_cipher_id_t cipher_id); +int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx, + const unsigned char *key, + unsigned key_bitlen); +int mbedtls_block_cipher_encrypt(mbedtls_block_cipher_context_t *ctx, + const unsigned char input[16], + unsigned char output[16]); ``` -Note: `mbedtls_cipher_info_get_block_size()` can be hard-coded to return 16, -as all three supported block ciphers have the same block size (DES was -excluded). +The only supported ciphers are AES, ARIA and Camellia. They are identified by +an `mbedtls_cipher_id_t` in the `setup()` function, because that's how they're +identifed by callers (GCM/CCM). #### Cipher light dual dispatch From 177a45f556f9a44f35c37a34926eefd45260def8 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 7 Dec 2023 11:24:30 +0000 Subject: [PATCH 254/653] Small clarifications in documentation Signed-off-by: Ryan Everett --- docs/architecture/psa-thread-safety/psa-thread-safety.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/architecture/psa-thread-safety/psa-thread-safety.md b/docs/architecture/psa-thread-safety/psa-thread-safety.md index 79881a624a..97273f3872 100644 --- a/docs/architecture/psa-thread-safety/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety/psa-thread-safety.md @@ -294,7 +294,7 @@ A counter field within each slot keeps track of how many readers have registered Library functions which operate on a slot will return `PSA_ERROR_BAD_STATE` if the slot is in an inappropriate state for the function at the linearization point. -A state transition diagram can be found in docs/architecture/psa-thread-safety/key-slot-state-transitions.jpg. In this diagram, an arrow between two states `q1` and `q2` with label `f` indicates that if the state of a slot is `q1` immediately before `f`'s linearization point, it may be `q2` immediately after `f`'s linearization point. This means that the linearization point of a state changing call to a function must be a call to `psa_slot_state_transition`. +A state transition diagram can be found in docs/architecture/psa-thread-safety/key-slot-state-transitions.jpg. In this diagram, an arrow between two states `q1` and `q2` with label `f` indicates that if the state of a slot is `q1` immediately before `f`'s linearization point, it may be `q2` immediately after `f`'s linearization point. The linearization point of a state changing call to a function must be a call to `psa_slot_state_transition`. #### Destruction of a key in use @@ -310,7 +310,7 @@ When calling `psa_wipe_key_slot` it is the callers responsibility to set the slo `psa_wipe_all_key_slots` is only called from `mbedtls_psa_crypto_free`, here we will need to return an error as we won't be able to free the key store if a key is in use without compromising the state of the secure side. This is acceptable as an untrusted application cannot call `mbedtls_psa_crypto_free` in a crypto service. In a service integration, `mbedtls_psa_crypto_free` on the client cuts the communication with the crypto service. Also, this is the current behaviour. -`psa_destroy_key` marks the slot as deleted, deletes persistent keys and opaque keys and returns. This only works if drivers are protected by a mutex (and the persistent storage as well if needed).`psa_destroy_key` transfers to PENDING_DELETION as an intermediate state, then, when the last reading operation finishes, it wipes the key slot. This will free the key ID, but the slot might be still in use. In case of volatile keys freeing up the ID while the slot is still in use does not provide any benefit and we don't need to do it. +`psa_destroy_key` registers as a reader, marks the slot as deleted, deletes persistent keys and opaque keys and unregisters before returning. This will free the key ID, but the slot might be still in use. This only works if drivers are protected by a mutex (and the persistent storage as well if needed). `psa_destroy_key` transfers to PENDING_DELETION as an intermediate state. The last reading operation will wipe the key slot upon unregistering. In case of volatile keys freeing up the ID while the slot is still in use does not provide any benefit and we don't need to do it. These are serious limitations, but this can be implemented with mutexes only and arguably satisfies the [Key destruction short-term requirements](#key-destruction-short-term-requirements). From 64cd2f21edfee11451768b0e793801d28752532e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 7 Dec 2023 14:14:21 +0000 Subject: [PATCH 255/653] Fix potential double-free in calloc selftest Where calloc returns two references to the same buffer, avoid calling free() on both references by setting one to NULL. Signed-off-by: David Horstmann --- programs/test/selftest.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 61dde5ed17..e132e4c0c5 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -79,6 +79,7 @@ static int calloc_self_test(int verbose) if (verbose) { mbedtls_printf(" CALLOC(0,1): passed (same non-null)\n"); } + empty2 = NULL; } else { if (verbose) { mbedtls_printf(" CALLOC(0,1): passed (distinct non-null)\n"); @@ -103,6 +104,7 @@ static int calloc_self_test(int verbose) if (verbose) { mbedtls_printf(" CALLOC(1,0): passed (same non-null)\n"); } + empty2 = NULL; } else { if (verbose) { mbedtls_printf(" CALLOC(1,0): passed (distinct non-null)\n"); @@ -119,6 +121,7 @@ static int calloc_self_test(int verbose) mbedtls_printf(" CALLOC(1): failed (same buffer twice)\n"); } ++failures; + buffer2 = NULL; } else { if (verbose) { mbedtls_printf(" CALLOC(1): passed\n"); From 419f841511e0e26e846b6d512094fd935b03ef2d Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 7 Dec 2023 18:30:22 +0000 Subject: [PATCH 256/653] Skip checking on maximum fragment length during handshake MbedTLS currently does not support maximum fragment length during handshake so we skip it for now. Signed-off-by: Waleed Elmelegy --- library/ssl_tls.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 419185c567..4d6b958637 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3472,6 +3472,10 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) { size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; + if (ssl == NULL || ssl->conf == NULL) { + return max_len; + } + #if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && \ !defined(MBEDTLS_SSL_PROTO_DTLS) @@ -3479,10 +3483,14 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) #endif #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); + /* MbedTLS currently does not support maximum fragment length + during handshake so we skip it for now. */ + if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { + const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); - if (max_len > mfl) { - max_len = mfl; + if (max_len > mfl) { + max_len = mfl; + } } #endif From 981ec147448829de901b75d1756867506ee42a1a Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 25 Oct 2023 11:39:49 +0800 Subject: [PATCH 257/653] tls13: rename ssl_tls13_check_*_key_exchange functions Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index fe7a674d66..6c42b73f42 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -95,9 +95,9 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl); +static int ssl_tls13_key_exchange_psk_available(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl); +static int ssl_tls13_key_exchange_psk_ephemeral_available(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_identity_match_ticket( @@ -176,11 +176,11 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( key_exchanges = 0; if (mbedtls_ssl_session_ticket_allow_psk_ephemeral(session) && - ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) { + ssl_tls13_key_exchange_psk_ephemeral_available(ssl)) { key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; } if (mbedtls_ssl_session_ticket_allow_psk(session) && - ssl_tls13_check_psk_key_exchange(ssl)) { + ssl_tls13_key_exchange_psk_available(ssl)) { key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; } @@ -1022,7 +1022,7 @@ static int ssl_tls13_ticket_permission_check(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl) +static int ssl_tls13_key_exchange_ephemeral_available(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) return mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) && @@ -1034,7 +1034,7 @@ static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl) } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl) +static int ssl_tls13_key_exchange_psk_available(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) return ssl_tls13_ticket_permission_check( @@ -1049,7 +1049,7 @@ static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl) } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl) +static int ssl_tls13_key_exchange_psk_ephemeral_available(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) return ssl_tls13_ticket_permission_check( @@ -1083,17 +1083,17 @@ static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl) ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; - if (ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) { + if (ssl_tls13_key_exchange_psk_ephemeral_available(ssl)) { ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral")); } else - if (ssl_tls13_check_ephemeral_key_exchange(ssl)) { + if (ssl_tls13_key_exchange_ephemeral_available(ssl)) { ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral")); } else - if (ssl_tls13_check_psk_key_exchange(ssl)) { + if (ssl_tls13_key_exchange_psk_available(ssl)) { ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk")); @@ -1737,8 +1737,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, * - The content up to but excluding the PSK extension, if present. */ /* If we've settled on a PSK-based exchange, parse PSK identity ext */ - if (ssl_tls13_check_psk_key_exchange(ssl) || - ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) { + if (ssl_tls13_key_exchange_psk_available(ssl) || + ssl_tls13_key_exchange_psk_ephemeral_available(ssl)) { ret = handshake->update_checksum(ssl, buf, pre_shared_key_ext - buf); if (0 != ret) { From 60a22567e42fa05a93ae8f1cdca4a7d5d69bddb7 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 25 Oct 2023 11:41:02 +0800 Subject: [PATCH 258/653] tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes To keep the convention in TLS code, check functions should return 0 when check is successful. Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 22 +++++++++++----------- library/ssl_tls13_client.c | 4 ++-- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b9801a06c3..08741bc05b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1904,37 +1904,37 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl); static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes(mbedtls_ssl_context *ssl, int kex_mode_mask) { - return (ssl->conf->tls13_kex_modes & kex_mode_mask) != 0; + return (ssl->conf->tls13_kex_modes & kex_mode_mask) == 0; } static inline int mbedtls_ssl_conf_tls13_psk_enabled(mbedtls_ssl_context *ssl) { - return mbedtls_ssl_conf_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); + return !mbedtls_ssl_conf_tls13_check_kex_modes(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); } static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(mbedtls_ssl_context *ssl) { - return mbedtls_ssl_conf_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); + return !mbedtls_ssl_conf_tls13_check_kex_modes(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); } static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled(mbedtls_ssl_context *ssl) { - return mbedtls_ssl_conf_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); + return !mbedtls_ssl_conf_tls13_check_kex_modes(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); } static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled(mbedtls_ssl_context *ssl) { - return mbedtls_ssl_conf_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); + return !mbedtls_ssl_conf_tls13_check_kex_modes(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); } static inline int mbedtls_ssl_conf_tls13_some_psk_enabled(mbedtls_ssl_context *ssl) { - return mbedtls_ssl_conf_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); + return !mbedtls_ssl_conf_tls13_check_kex_modes(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); } #if defined(MBEDTLS_SSL_SRV_C) && \ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ae1136431e..7844cedbec 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -684,7 +684,7 @@ static int ssl_tls13_has_configured_ticket(mbedtls_ssl_context *ssl) mbedtls_ssl_session *session = ssl->session_negotiate; return ssl->handshake->resume && session != NULL && session->ticket != NULL && - mbedtls_ssl_conf_tls13_check_kex_modes( + !mbedtls_ssl_conf_tls13_check_kex_modes( ssl, mbedtls_ssl_session_get_ticket_flags( session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL)); } @@ -1879,7 +1879,7 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl) goto cleanup; } - if (!mbedtls_ssl_conf_tls13_check_kex_modes( + if (mbedtls_ssl_conf_tls13_check_kex_modes( ssl, handshake->key_exchange_mode)) { ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; MBEDTLS_SSL_DEBUG_MSG( From fc2cb9632bb43f585c697bd499aec8b780ee6601 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 10 Nov 2023 10:22:36 +0800 Subject: [PATCH 259/653] tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes The function is renamed to mbedtls_ssl_conf_tls13_is_kex_mode_enabled. Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 26 +++++++++++++------------- library/ssl_tls13_client.c | 4 ++-- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 08741bc05b..8628384333 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1901,40 +1901,40 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl); /* * Helper functions around key exchange modes. */ -static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes(mbedtls_ssl_context *ssl, - int kex_mode_mask) +static inline int mbedtls_ssl_conf_tls13_is_kex_mode_enabled(mbedtls_ssl_context *ssl, + int kex_mode_mask) { - return (ssl->conf->tls13_kex_modes & kex_mode_mask) == 0; + return (ssl->conf->tls13_kex_modes & kex_mode_mask) != 0; } static inline int mbedtls_ssl_conf_tls13_psk_enabled(mbedtls_ssl_context *ssl) { - return !mbedtls_ssl_conf_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); + return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); } static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(mbedtls_ssl_context *ssl) { - return !mbedtls_ssl_conf_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); + return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); } static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled(mbedtls_ssl_context *ssl) { - return !mbedtls_ssl_conf_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); + return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); } static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled(mbedtls_ssl_context *ssl) { - return !mbedtls_ssl_conf_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); + return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); } static inline int mbedtls_ssl_conf_tls13_some_psk_enabled(mbedtls_ssl_context *ssl) { - return !mbedtls_ssl_conf_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); + return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); } #if defined(MBEDTLS_SSL_SRV_C) && \ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 7844cedbec..c2cd18d920 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -684,7 +684,7 @@ static int ssl_tls13_has_configured_ticket(mbedtls_ssl_context *ssl) mbedtls_ssl_session *session = ssl->session_negotiate; return ssl->handshake->resume && session != NULL && session->ticket != NULL && - !mbedtls_ssl_conf_tls13_check_kex_modes( + mbedtls_ssl_conf_tls13_is_kex_mode_enabled( ssl, mbedtls_ssl_session_get_ticket_flags( session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL)); } @@ -1879,7 +1879,7 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl) goto cleanup; } - if (mbedtls_ssl_conf_tls13_check_kex_modes( + if (!mbedtls_ssl_conf_tls13_is_kex_mode_enabled( ssl, handshake->key_exchange_mode)) { ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; MBEDTLS_SSL_DEBUG_MSG( From d72e858fd154a6ec37edf0a32ef5063feb9f922d Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 10 Nov 2023 10:37:18 +0800 Subject: [PATCH 260/653] tls13: srv: rename ssl_tls13_ticket_permission_check The function is renamed to ssl_tls13_ticket_is_kex_mode_permitted Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6c42b73f42..6995f47145 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1003,8 +1003,8 @@ static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_ticket_permission_check(mbedtls_ssl_context *ssl, - unsigned int kex_mode) +static int ssl_tls13_ticket_is_kex_mode_permitted(mbedtls_ssl_context *ssl, + unsigned int kex_mode) { #if defined(MBEDTLS_SSL_SESSION_TICKETS) if (ssl->handshake->resume) { @@ -1037,7 +1037,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_key_exchange_psk_available(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) - return ssl_tls13_ticket_permission_check( + return ssl_tls13_ticket_is_kex_mode_permitted( ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) && mbedtls_ssl_conf_tls13_psk_enabled(ssl) && mbedtls_ssl_tls13_psk_enabled(ssl) && @@ -1052,7 +1052,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_key_exchange_psk_ephemeral_available(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) - return ssl_tls13_ticket_permission_check( + return ssl_tls13_ticket_is_kex_mode_permitted( ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) && mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) && mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) && From 4f537f73fa11ae22bfa9df0fb672e34be9c08e2a Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 13 Nov 2023 18:07:22 +0800 Subject: [PATCH 261/653] tls13: rename mbedtls_ssl_session_check_ticket_flags The function is renamed to mbedtls_ssl_session_ticket_has_flags. Descriptions are added. Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 22 ++++++++++++++-------- library/ssl_tls13_server.c | 2 +- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8628384333..b6f213ef02 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2776,24 +2776,30 @@ static inline unsigned int mbedtls_ssl_session_get_ticket_flags( (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); } -static inline unsigned int mbedtls_ssl_session_check_ticket_flags( +/** + * Check if at least one of the given flags is set in + * the session ticket. See the definition of + * `MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK` to get all + * permitted flags. + */ +static inline int mbedtls_ssl_session_ticket_has_flags( mbedtls_ssl_session *session, unsigned int flags) { - return mbedtls_ssl_session_get_ticket_flags(session, flags) == 0; + return mbedtls_ssl_session_get_ticket_flags(session, flags) != 0; } -static inline unsigned int mbedtls_ssl_session_ticket_allow_psk( +static inline int mbedtls_ssl_session_ticket_allow_psk( mbedtls_ssl_session *session) { - return !mbedtls_ssl_session_check_ticket_flags(session, - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION); + return mbedtls_ssl_session_ticket_has_flags(session, + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION); } -static inline unsigned int mbedtls_ssl_session_ticket_allow_psk_ephemeral( +static inline int mbedtls_ssl_session_ticket_allow_psk_ephemeral( mbedtls_ssl_session *session) { - return !mbedtls_ssl_session_check_ticket_flags(session, - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); + return mbedtls_ssl_session_ticket_has_flags(session, + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); } static inline unsigned int mbedtls_ssl_session_ticket_allow_early_data( diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6995f47145..53a01cf71f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1008,7 +1008,7 @@ static int ssl_tls13_ticket_is_kex_mode_permitted(mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_SSL_SESSION_TICKETS) if (ssl->handshake->resume) { - if (mbedtls_ssl_session_check_ticket_flags( + if (!mbedtls_ssl_session_ticket_has_flags( ssl->session_negotiate, kex_mode)) { return 0; } From 0a1ff2b969d9750d66185bbf6ff61e94f2a0b476 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 14 Nov 2023 11:03:32 +0800 Subject: [PATCH 262/653] Consistent renaming Signed-off-by: Pengyu Lv --- library/ssl_client.c | 6 +++--- library/ssl_misc.h | 10 +++++----- library/ssl_tls.c | 2 +- library/ssl_tls13_client.c | 16 ++++++++-------- library/ssl_tls13_server.c | 6 +++--- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 270db41683..d585ca5246 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -609,7 +609,7 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, int ssl_write_supported_groups_ext_flags = 0; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (propose_tls13 && mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) { + if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { ssl_write_supported_groups_ext_flags |= SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG; } @@ -637,7 +637,7 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, int write_sig_alg_ext = 0; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) write_sig_alg_ext = write_sig_alg_ext || - (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl)); + (propose_tls13 && mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl)); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) write_sig_alg_ext = write_sig_alg_ext || propose_tls12; @@ -668,7 +668,7 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, /* The "pre_shared_key" extension (RFC 8446 Section 4.2.11) * MUST be the last extension in the ClientHello. */ - if (propose_tls13 && mbedtls_ssl_conf_tls13_some_psk_enabled(ssl)) { + if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) { ret = mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( ssl, p, end, &output_len, binders_len); if (ret != 0) { diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b6f213ef02..e362ebd9d2 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1907,31 +1907,31 @@ static inline int mbedtls_ssl_conf_tls13_is_kex_mode_enabled(mbedtls_ssl_context return (ssl->conf->tls13_kex_modes & kex_mode_mask) != 0; } -static inline int mbedtls_ssl_conf_tls13_psk_enabled(mbedtls_ssl_context *ssl) +static inline int mbedtls_ssl_conf_tls13_is_psk_enabled(mbedtls_ssl_context *ssl) { return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); } -static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(mbedtls_ssl_context *ssl) +static inline int mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(mbedtls_ssl_context *ssl) { return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); } -static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled(mbedtls_ssl_context *ssl) +static inline int mbedtls_ssl_conf_tls13_is_ephemeral_enabled(mbedtls_ssl_context *ssl) { return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); } -static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled(mbedtls_ssl_context *ssl) +static inline int mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(mbedtls_ssl_context *ssl) { return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); } -static inline int mbedtls_ssl_conf_tls13_some_psk_enabled(mbedtls_ssl_context *ssl) +static inline int mbedtls_ssl_conf_tls13_is_some_psk_enabled(mbedtls_ssl_context *ssl) { return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4daf2e7eec..1a66d915fc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1342,7 +1342,7 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl) * bad config. * */ - if (mbedtls_ssl_conf_tls13_ephemeral_enabled( + if (mbedtls_ssl_conf_tls13_is_ephemeral_enabled( (mbedtls_ssl_context *) ssl) && ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && ssl->conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c2cd18d920..82ebe7e60e 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -621,7 +621,7 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext(mbedtls_ssl_context *ssl, /* Skip writing extension if no PSK key exchange mode * is enabled in the config. */ - if (!mbedtls_ssl_conf_tls13_some_psk_enabled(ssl)) { + if (!mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) { MBEDTLS_SSL_DEBUG_MSG(3, ("skip psk_key_exchange_modes extension")); return 0; } @@ -640,14 +640,14 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext(mbedtls_ssl_context *ssl, */ p += 5; - if (mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl)) { + if (mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl)) { *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE; ke_modes_len++; MBEDTLS_SSL_DEBUG_MSG(4, ("Adding PSK-ECDHE key exchange mode")); } - if (mbedtls_ssl_conf_tls13_psk_enabled(ssl)) { + if (mbedtls_ssl_conf_tls13_is_psk_enabled(ssl)) { *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE; ke_modes_len++; @@ -1161,7 +1161,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, p += ext_len; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) { + if (mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len); if (ret != 0) { return ret; @@ -1171,7 +1171,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_EARLY_DATA) - if (mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) && + if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) && ssl_tls13_early_data_has_valid_ticket(ssl) && ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { @@ -1457,7 +1457,7 @@ static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl, ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, (size_t) (end - buf))); - if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) { + if (mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { ret = ssl_tls13_reset_key_share(ssl); if (ret != 0) { return ret; @@ -1499,7 +1499,7 @@ static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl, * in the ClientHello. * In a PSK only key exchange that what we expect. */ - if (!mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) { + if (!mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { MBEDTLS_SSL_DEBUG_MSG(1, ("Unexpected HRR in pure PSK key exchange.")); MBEDTLS_SSL_PEND_FATAL_ALERT( @@ -1776,7 +1776,7 @@ static int ssl_tls13_parse_server_hello(mbedtls_ssl_context *ssl, case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG(3, ("found key_shares extension")); - if (!mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) { + if (!mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; goto cleanup; } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 53a01cf71f..4fff15d7f1 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1025,7 +1025,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_key_exchange_ephemeral_available(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - return mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) && + return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) && ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); #else ((void) ssl); @@ -1039,7 +1039,7 @@ static int ssl_tls13_key_exchange_psk_available(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) return ssl_tls13_ticket_is_kex_mode_permitted( ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) && - mbedtls_ssl_conf_tls13_psk_enabled(ssl) && + mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) && mbedtls_ssl_tls13_psk_enabled(ssl) && ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); #else @@ -1054,7 +1054,7 @@ static int ssl_tls13_key_exchange_psk_ephemeral_available(mbedtls_ssl_context *s #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) return ssl_tls13_ticket_is_kex_mode_permitted( ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) && - mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) && + mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) && mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) && ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); #else From 2333b826f4e33bf233e617914866f19990e1d0bc Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 14 Nov 2023 12:03:49 +0800 Subject: [PATCH 263/653] tls13: srv: rename mbedtls_ssl_tls13_check_kex_modes The function is renamed to `mbedtls_ssl_tls13_is_kex_mode_supported` and the behaviour is reversed. Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e362ebd9d2..1439ca0f16 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1941,49 +1941,49 @@ static inline int mbedtls_ssl_conf_tls13_is_some_psk_enabled(mbedtls_ssl_context defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /** * Given a list of key exchange modes, check if at least one of them is - * supported. + * supported by peer. * * \param[in] ssl SSL context * \param kex_modes_mask Mask of the key exchange modes to check * - * \return 0 if at least one of the key exchange modes is supported, - * !=0 otherwise. + * \return True, if at least one of the key exchange modes is supported, + * False, otherwise. */ -static inline unsigned mbedtls_ssl_tls13_check_kex_modes(mbedtls_ssl_context *ssl, - int kex_modes_mask) +static inline int mbedtls_ssl_tls13_is_kex_mode_supported(mbedtls_ssl_context *ssl, + int kex_modes_mask) { - return (ssl->handshake->tls13_kex_modes & kex_modes_mask) == 0; + return (ssl->handshake->tls13_kex_modes & kex_modes_mask) != 0; } static inline int mbedtls_ssl_tls13_psk_enabled(mbedtls_ssl_context *ssl) { - return !mbedtls_ssl_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); + return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); } static inline int mbedtls_ssl_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl) { - return !mbedtls_ssl_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); + return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); } static inline int mbedtls_ssl_tls13_ephemeral_enabled(mbedtls_ssl_context *ssl) { - return !mbedtls_ssl_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); + return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); } static inline int mbedtls_ssl_tls13_some_ephemeral_enabled(mbedtls_ssl_context *ssl) { - return !mbedtls_ssl_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); + return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); } static inline int mbedtls_ssl_tls13_some_psk_enabled(mbedtls_ssl_context *ssl) { - return !mbedtls_ssl_tls13_check_kex_modes(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); + return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); } #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ From b2cfafbb9e65e98b98f2d53bdff6824782bdc5a8 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 14 Nov 2023 13:56:13 +0800 Subject: [PATCH 264/653] Consistent renaming Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 10 +++++----- library/ssl_tls13_server.c | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 1439ca0f16..e756c9aed6 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1955,32 +1955,32 @@ static inline int mbedtls_ssl_tls13_is_kex_mode_supported(mbedtls_ssl_context *s return (ssl->handshake->tls13_kex_modes & kex_modes_mask) != 0; } -static inline int mbedtls_ssl_tls13_psk_enabled(mbedtls_ssl_context *ssl) +static inline int mbedtls_ssl_tls13_is_psk_supported(mbedtls_ssl_context *ssl) { return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); } -static inline int mbedtls_ssl_tls13_psk_ephemeral_enabled( +static inline int mbedtls_ssl_tls13_is_psk_ephemeral_supported( mbedtls_ssl_context *ssl) { return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); } -static inline int mbedtls_ssl_tls13_ephemeral_enabled(mbedtls_ssl_context *ssl) +static inline int mbedtls_ssl_tls13_is_ephemeral_supported(mbedtls_ssl_context *ssl) { return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); } -static inline int mbedtls_ssl_tls13_some_ephemeral_enabled(mbedtls_ssl_context *ssl) +static inline int mbedtls_ssl_tls13_is_some_ephemeral_supported(mbedtls_ssl_context *ssl) { return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); } -static inline int mbedtls_ssl_tls13_some_psk_enabled(mbedtls_ssl_context *ssl) +static inline int mbedtls_ssl_tls13_is_some_psk_supported(mbedtls_ssl_context *ssl) { return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4fff15d7f1..5c4f2ea81d 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1040,7 +1040,7 @@ static int ssl_tls13_key_exchange_psk_available(mbedtls_ssl_context *ssl) return ssl_tls13_ticket_is_kex_mode_permitted( ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) && mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) && - mbedtls_ssl_tls13_psk_enabled(ssl) && + mbedtls_ssl_tls13_is_psk_supported(ssl) && ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); #else ((void) ssl); @@ -1055,7 +1055,7 @@ static int ssl_tls13_key_exchange_psk_ephemeral_available(mbedtls_ssl_context *s return ssl_tls13_ticket_is_kex_mode_permitted( ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) && mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) && - mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) && + mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) && ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); #else ((void) ssl); @@ -3072,7 +3072,7 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) * expected to be resolved with issue#6395. */ /* Sent NewSessionTicket message only when client supports PSK */ - if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) { + if (mbedtls_ssl_tls13_is_some_psk_supported(ssl)) { mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); } else From bc4aab7673ac6946f34563b99e6cd6d0757691b8 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 1 Dec 2023 15:37:24 +0800 Subject: [PATCH 265/653] Add "_is_" to functions ssl_tls13_key_exchange_.*_available Done by command: ``` sed -i \ "s/ssl_tls13_key_exchange_\(.*\)_available/ssl_tls13_key_exchange_is_\1_available/g" \ library/*.[ch] ``` Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5c4f2ea81d..e5e510ba3a 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -95,9 +95,9 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_psk_available(mbedtls_ssl_context *ssl); +static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_psk_ephemeral_available(mbedtls_ssl_context *ssl); +static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_identity_match_ticket( @@ -176,11 +176,11 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( key_exchanges = 0; if (mbedtls_ssl_session_ticket_allow_psk_ephemeral(session) && - ssl_tls13_key_exchange_psk_ephemeral_available(ssl)) { + ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; } if (mbedtls_ssl_session_ticket_allow_psk(session) && - ssl_tls13_key_exchange_psk_available(ssl)) { + ssl_tls13_key_exchange_is_psk_available(ssl)) { key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; } @@ -1022,7 +1022,7 @@ static int ssl_tls13_ticket_is_kex_mode_permitted(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_ephemeral_available(mbedtls_ssl_context *ssl) +static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) && @@ -1034,7 +1034,7 @@ static int ssl_tls13_key_exchange_ephemeral_available(mbedtls_ssl_context *ssl) } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_psk_available(mbedtls_ssl_context *ssl) +static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) return ssl_tls13_ticket_is_kex_mode_permitted( @@ -1049,7 +1049,7 @@ static int ssl_tls13_key_exchange_psk_available(mbedtls_ssl_context *ssl) } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_psk_ephemeral_available(mbedtls_ssl_context *ssl) +static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) return ssl_tls13_ticket_is_kex_mode_permitted( @@ -1083,17 +1083,17 @@ static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl) ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; - if (ssl_tls13_key_exchange_psk_ephemeral_available(ssl)) { + if (ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral")); } else - if (ssl_tls13_key_exchange_ephemeral_available(ssl)) { + if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) { ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral")); } else - if (ssl_tls13_key_exchange_psk_available(ssl)) { + if (ssl_tls13_key_exchange_is_psk_available(ssl)) { ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk")); @@ -1737,8 +1737,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, * - The content up to but excluding the PSK extension, if present. */ /* If we've settled on a PSK-based exchange, parse PSK identity ext */ - if (ssl_tls13_key_exchange_psk_available(ssl) || - ssl_tls13_key_exchange_psk_ephemeral_available(ssl)) { + if (ssl_tls13_key_exchange_is_psk_available(ssl) || + ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { ret = handshake->update_checksum(ssl, buf, pre_shared_key_ext - buf); if (0 != ret) { From 02e72f65da309885c4ae8e0b816cc269e0c1eba2 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 4 Dec 2023 16:11:51 +0800 Subject: [PATCH 266/653] Reword return value description for mbedtls_ssl_tls13_is_kex_mode_supported Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e756c9aed6..5e2aa60964 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1946,8 +1946,8 @@ static inline int mbedtls_ssl_conf_tls13_is_some_psk_enabled(mbedtls_ssl_context * \param[in] ssl SSL context * \param kex_modes_mask Mask of the key exchange modes to check * - * \return True, if at least one of the key exchange modes is supported, - * False, otherwise. + * \return Non-zero, if at least one of the key exchange modes is supported by + * the peer, otherwise \0. */ static inline int mbedtls_ssl_tls13_is_kex_mode_supported(mbedtls_ssl_context *ssl, int kex_modes_mask) From abd844f379884cde62e07b36546b2aff07277fdd Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 5 Dec 2023 15:28:58 +0800 Subject: [PATCH 267/653] Fix wrong format in the function doc Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5e2aa60964..32bef110e5 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1946,8 +1946,8 @@ static inline int mbedtls_ssl_conf_tls13_is_some_psk_enabled(mbedtls_ssl_context * \param[in] ssl SSL context * \param kex_modes_mask Mask of the key exchange modes to check * - * \return Non-zero, if at least one of the key exchange modes is supported by - * the peer, otherwise \0. + * \return Non-zero if at least one of the key exchange modes is supported by + * the peer, otherwise \c 0. */ static inline int mbedtls_ssl_tls13_is_kex_mode_supported(mbedtls_ssl_context *ssl, int kex_modes_mask) From 408ba6f7b8cdd8180972e2ed2af8fad234a36416 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 8 Dec 2023 10:18:03 +0800 Subject: [PATCH 268/653] tls13: srv: replace with internal API to check is_tls12_enabled Signed-off-by: Yanray Wang --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index b3f25b5e87..eb0b5281af 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1921,7 +1921,7 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) */ if (SSL_CLIENT_HELLO_TLS1_2 == parse_client_hello_ret) { /* Check if server supports TLS 1.2 */ - if (ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2) { + if (!mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Unsupported version of TLS 1.2 was received")); MBEDTLS_SSL_PEND_FATAL_ALERT( From 177e49ad7a2e1827089ff28484b985068a626985 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 8 Dec 2023 10:51:04 +0800 Subject: [PATCH 269/653] tls13: srv: improve DEBUG_MSG in case of TLS 1.2 disabled Signed-off-by: Yanray Wang --- library/ssl_tls13_server.c | 2 +- tests/ssl-opt.sh | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index eb0b5281af..52d2db6e77 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1923,7 +1923,7 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) /* Check if server supports TLS 1.2 */ if (!mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { MBEDTLS_SSL_DEBUG_MSG( - 1, ("Unsupported version of TLS 1.2 was received")); + 1, ("TLS 1.2 not supported.")); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e67cf02f08..764fb4a948 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11626,8 +11626,7 @@ run_test "TLS 1.3 m->m: Not supported version check: cli TLS 1.2 only, srv TLS 1 -c "supported_versions(43) extension does not exist." \ -c "A fatal alert message was received from our peer" \ -s "The SSL configuration is tls13 only" \ - -s "Unsupported version of TLS 1.2 was received" \ - -s "! mbedtls_ssl_handshake returned" + -s "TLS 1.2 not supported." requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C From 2bef917a3c11090d063aa2ebd59d445e185dbdb7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 8 Dec 2023 10:21:53 +0800 Subject: [PATCH 270/653] tls13: srv: return BAD_PROTOCOL_VERSION if chosen unsupported version Signed-off-by: Yanray Wang --- library/ssl_tls13_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 52d2db6e77..3baff36e7d 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1925,9 +1925,9 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG( 1, ("TLS 1.2 not supported.")); MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, + MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION); + return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } ssl->keep_current_message = 1; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; From 90acdc65e582151a58189ac0651036568316155e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 8 Dec 2023 10:29:42 +0800 Subject: [PATCH 271/653] tl13: srv: improve comment Improve comment when received version 1.2 of the protocol while TLS 1.2 is disabled on server side. Signed-off-by: Yanray Wang --- library/ssl_tls13_server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 3baff36e7d..67bf6daaee 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1913,7 +1913,8 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) * by MBEDTLS_SSL_PROC_CHK_NEG. */ /* - * Version 1.2 of the protocol has been chosen, set the + * Version 1.2 of the protocol has to be used for the handshake. + * If TLS 1.2 is not supported, abort the handshake. Otherwise, set the * ssl->keep_current_message flag for the ClientHello to be kept and parsed * as a TLS 1.2 ClientHello. We also change ssl->tls_version to * MBEDTLS_SSL_VERSION_TLS1_2 thus from now on mbedtls_ssl_handshake_step() From e9be2a259e831e6de4eec5808d0c328a5f9e5258 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 8 Dec 2023 10:38:13 +0800 Subject: [PATCH 272/653] fix-tls13-server-min-version-check.txt: rephrase ChangeLog Signed-off-by: Yanray Wang --- ChangeLog.d/fix-tls13-server-min-version-check.txt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/fix-tls13-server-min-version-check.txt b/ChangeLog.d/fix-tls13-server-min-version-check.txt index b05ad7c542..258ec6d38c 100644 --- a/ChangeLog.d/fix-tls13-server-min-version-check.txt +++ b/ChangeLog.d/fix-tls13-server-min-version-check.txt @@ -1,4 +1,3 @@ Bugfix - * Add missing check for `min_tls_version` in TLS 1.3 server-side. - Without this, TLS 1.3 server may downgrade protocol to a TLS version - below its supported minimum TLS version. Fixes #8593. + * Fix TLS server accepting TLS 1.2 handshake while TLS 1.2 + is disabled at runtime. Fixes #8593. From 94a42ccb3e26554498c6e4a3e78c6822036fc931 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 6 Dec 2023 10:04:17 +0800 Subject: [PATCH 273/653] Add tls13 in ticket flags helper function names ``` sed -i \ "s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \ library/*.[ch] ``` Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 28 ++++++++++++++-------------- library/ssl_tls13_client.c | 10 +++++----- library/ssl_tls13_server.c | 16 ++++++++-------- 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 32bef110e5..71d1407614 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2769,7 +2769,7 @@ int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, #define MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME (604800) -static inline unsigned int mbedtls_ssl_session_get_ticket_flags( +static inline unsigned int mbedtls_ssl_tls13_session_get_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { return session->ticket_flags & @@ -2782,40 +2782,40 @@ static inline unsigned int mbedtls_ssl_session_get_ticket_flags( * `MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK` to get all * permitted flags. */ -static inline int mbedtls_ssl_session_ticket_has_flags( +static inline int mbedtls_ssl_tls13_session_ticket_has_flags( mbedtls_ssl_session *session, unsigned int flags) { - return mbedtls_ssl_session_get_ticket_flags(session, flags) != 0; + return mbedtls_ssl_tls13_session_get_ticket_flags(session, flags) != 0; } -static inline int mbedtls_ssl_session_ticket_allow_psk( +static inline int mbedtls_ssl_tls13_session_ticket_allow_psk( mbedtls_ssl_session *session) { - return mbedtls_ssl_session_ticket_has_flags(session, - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION); + return mbedtls_ssl_tls13_session_ticket_has_flags( + session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION); } -static inline int mbedtls_ssl_session_ticket_allow_psk_ephemeral( +static inline int mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral( mbedtls_ssl_session *session) { - return mbedtls_ssl_session_ticket_has_flags(session, - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); + return mbedtls_ssl_tls13_session_ticket_has_flags( + session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); } -static inline unsigned int mbedtls_ssl_session_ticket_allow_early_data( +static inline unsigned int mbedtls_ssl_tls13_session_ticket_allow_early_data( mbedtls_ssl_session *session) { - return !mbedtls_ssl_session_check_ticket_flags(session, - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); + return mbedtls_ssl_tls13_session_ticket_has_flags( + session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); } -static inline void mbedtls_ssl_session_set_ticket_flags( +static inline void mbedtls_ssl_tls13_session_set_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { session->ticket_flags |= (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); } -static inline void mbedtls_ssl_session_clear_ticket_flags( +static inline void mbedtls_ssl_tls13_session_clear_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { session->ticket_flags &= ~(flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 82ebe7e60e..e418ee01bd 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -685,7 +685,7 @@ static int ssl_tls13_has_configured_ticket(mbedtls_ssl_context *ssl) return ssl->handshake->resume && session != NULL && session->ticket != NULL && mbedtls_ssl_conf_tls13_is_kex_mode_enabled( - ssl, mbedtls_ssl_session_get_ticket_flags( + ssl, mbedtls_ssl_tls13_session_get_ticket_flags( session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL)); } @@ -695,7 +695,7 @@ static int ssl_tls13_early_data_has_valid_ticket(mbedtls_ssl_context *ssl) mbedtls_ssl_session *session = ssl->session_negotiate; return ssl->handshake->resume && session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - mbedtls_ssl_session_ticket_allow_early_data(session) && + mbedtls_ssl_tls13_session_ticket_allow_early_data(session) && mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, session->ciphersuite); } #endif @@ -2685,7 +2685,7 @@ static int ssl_tls13_parse_new_session_ticket_early_data_ext( MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 4); session->max_early_data_size = MBEDTLS_GET_UINT32_BE(buf, 0); - mbedtls_ssl_session_set_ticket_flags( + mbedtls_ssl_tls13_session_set_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); MBEDTLS_SSL_DEBUG_MSG( 3, ("received max_early_data_size: %u", @@ -2836,7 +2836,7 @@ static int ssl_tls13_parse_new_session_ticket(mbedtls_ssl_context *ssl, session->ticket_len = ticket_len; /* Clear all flags in ticket_flags */ - mbedtls_ssl_session_clear_ticket_flags( + mbedtls_ssl_tls13_session_clear_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); @@ -2923,7 +2923,7 @@ static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl, session->resumption_key_len); /* Set ticket_flags depends on the selected key exchange modes */ - mbedtls_ssl_session_set_ticket_flags( + mbedtls_ssl_tls13_session_set_ticket_flags( session, ssl->conf->tls13_kex_modes); MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e5e510ba3a..9f3b39897e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -175,11 +175,11 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); key_exchanges = 0; - if (mbedtls_ssl_session_ticket_allow_psk_ephemeral(session) && + if (mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral(session) && ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; } - if (mbedtls_ssl_session_ticket_allow_psk(session) && + if (mbedtls_ssl_tls13_session_ticket_allow_psk(session) && ssl_tls13_key_exchange_is_psk_available(ssl)) { key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; } @@ -1008,7 +1008,7 @@ static int ssl_tls13_ticket_is_kex_mode_permitted(mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_SSL_SESSION_TICKETS) if (ssl->handshake->resume) { - if (!mbedtls_ssl_session_ticket_has_flags( + if (!mbedtls_ssl_tls13_session_ticket_has_flags( ssl->session_negotiate, kex_mode)) { return 0; } @@ -1845,7 +1845,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) } - if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session_negotiate)) { + if (!mbedtls_ssl_tls13_session_ticket_allow_early_data(ssl->session_negotiate)) { MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, early_data not allowed in ticket " @@ -3131,17 +3131,17 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, #endif /* Set ticket_flags depends on the advertised psk key exchange mode */ - mbedtls_ssl_session_clear_ticket_flags( + mbedtls_ssl_tls13_session_clear_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - mbedtls_ssl_session_set_ticket_flags( + mbedtls_ssl_tls13_session_set_ticket_flags( session, ssl->handshake->tls13_kex_modes); #endif #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && ssl->conf->max_early_data_size > 0) { - mbedtls_ssl_session_set_ticket_flags( + mbedtls_ssl_tls13_session_set_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -3321,7 +3321,7 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, p += 2; #if defined(MBEDTLS_SSL_EARLY_DATA) - if (mbedtls_ssl_session_ticket_allow_early_data(session)) { + if (mbedtls_ssl_tls13_session_ticket_allow_early_data(session)) { size_t output_len; if ((ret = mbedtls_ssl_tls13_write_early_data_ext( From e9efbc2aa543e00fabe4904550fec8e69cf6e166 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 8 Dec 2023 16:59:08 +0800 Subject: [PATCH 274/653] Error out when get domain_parameters is not supported From time being, domain_parameters could not be extracted from driver. We need to return error to indicate this situation. This is temporary and would be fixed after #6494. Signed-off-by: Pengyu Lv --- library/psa_crypto.c | 6 ++++++ library/psa_crypto_client.c | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 114994019e..894167abdb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1400,6 +1400,12 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, mbedtls_free(rsa); } break; +#else + case PSA_KEY_TYPE_RSA_KEY_PAIR: + case PSA_KEY_TYPE_RSA_PUBLIC_KEY: + attributes->domain_parameters = NULL; + attributes->domain_parameters_size = SIZE_MAX; + break; #endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c index 564463fedc..472d3d31a3 100644 --- a/library/psa_crypto_client.c +++ b/library/psa_crypto_client.c @@ -53,6 +53,11 @@ psa_status_t psa_get_key_domain_parameters( const psa_key_attributes_t *attributes, uint8_t *data, size_t data_size, size_t *data_length) { + if (attributes->domain_parameters == NULL && + attributes->domain_parameters_size == SIZE_MAX) { + return PSA_ERROR_NOT_SUPPORTED; + } + if (attributes->domain_parameters_size > data_size) { return PSA_ERROR_BUFFER_TOO_SMALL; } From d90fbf776941d66aeca66d0819eb3ec32044bd5e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 8 Dec 2023 17:13:22 +0800 Subject: [PATCH 275/653] Adjuest checks in generate_key_rsa suite Signed-off-by: Pengyu Lv --- tests/suites/test_suite_psa_crypto.function | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 154d4150a4..4c08a9017c 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9685,23 +9685,26 @@ void generate_key_rsa(int bits_arg, } /* Test the key information */ -#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) PSA_ASSERT(psa_get_key_attributes(key, &attributes)); TEST_EQUAL(psa_get_key_type(&attributes), type); TEST_EQUAL(psa_get_key_bits(&attributes), bits); - PSA_ASSERT(psa_get_key_domain_parameters(&attributes, - e_read_buffer, e_read_size, - &e_read_length)); + psa_status_t status = psa_get_key_domain_parameters(&attributes, + e_read_buffer, e_read_size, + &e_read_length); + + +#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) if (is_default_public_exponent) { TEST_EQUAL(e_read_length, 0); } else { + TEST_EQUAL(status, PSA_SUCCESS); TEST_MEMORY_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len); } #else - (void) e_read_length; (void) is_default_public_exponent; + TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED); #endif /* Do something with the key according to its type and permitted usage. */ From f75893bb36162c424ae26151ac27c1cc20d3a230 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 8 Dec 2023 17:21:39 +0800 Subject: [PATCH 276/653] Update comments Signed-off-by: Pengyu Lv --- library/psa_crypto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 894167abdb..5455fa2872 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1378,9 +1378,9 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) case PSA_KEY_TYPE_RSA_KEY_PAIR: case PSA_KEY_TYPE_RSA_PUBLIC_KEY: - /* TODO: reporting the public exponent for opaque keys - * is not yet implemented. - * https://github.com/ARMmbed/mbed-crypto/issues/216 + /* TODO: This is a temporary situation where domain parameters are deprecated, + * but we need it for namely generating an RSA key with a non-default exponent. + * This would be improved after https://github.com/Mbed-TLS/mbedtls/issues/6494. */ if (!psa_key_lifetime_is_external(slot->attr.lifetime)) { mbedtls_rsa_context *rsa = NULL; From f05b768457dd5088089391d3d350a74a53389ed9 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 8 Dec 2023 09:47:48 +0000 Subject: [PATCH 277/653] Use existing variable containing full path Signed-off-by: Thomas Daubney --- scripts/generate_driver_wrappers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index edd98a2de4..624ab81df1 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -181,7 +181,7 @@ def main() -> int: crypto_core_directory = build_tree.crypto_core_directory(project_root) output_directory = args.output_directory if args.output_directory is not None else \ - os.path.join(project_root, crypto_core_directory) + crypto_core_directory template_directory = args.template_dir if args.template_dir is not None else \ os.path.join(project_root, From aedfc0932b086e626948e3adbafb91afcb65a682 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Fri, 8 Dec 2023 10:42:08 +0000 Subject: [PATCH 278/653] Revert to ae952174a7 and addressing some comments Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 83 +++++++------------------------ tests/opt-testcases/tls13-misc.sh | 4 +- 2 files changed, 19 insertions(+), 68 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index c15a75dcf4..d2f47ff069 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -34,10 +34,6 @@ int main(void) #define MAX_REQUEST_SIZE 20000 #define MAX_REQUEST_SIZE_STR "20000" - -/* the max record size of TLS 1.3 is 2^14 */ -#define MAX_EARLY_DATA_CHUNK_SIZE 16384 - #define DFL_SERVER_NAME "localhost" #define DFL_SERVER_ADDR NULL #define DFL_SERVER_PORT "4433" @@ -56,8 +52,7 @@ int main(void) #define DFL_KEY_OPAQUE 0 #define DFL_KEY_PWD "" #define DFL_PSK "" -#define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED -#define DFL_EARLY_DATA_FILE "" +#define DFL_EARLY_DATA "" #define DFL_PSK_OPAQUE 0 #define DFL_PSK_IDENTITY "Client_identity" #define DFL_ECJPAKE_PW NULL @@ -352,11 +347,9 @@ int main(void) #if defined(MBEDTLS_SSL_EARLY_DATA) #define USAGE_EARLY_DATA \ - " early_data=%%d default: 0 (disabled)\n" \ - " options: 0 (disabled), 1 (enabled)\n" \ - " early_data_file=%%s The file path to read early data from\n" \ - " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " early_data=%%s The file path to read early data from\n" \ + " default: \"\" (do nothing)\n" \ + " option: a file path\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -551,8 +544,7 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ #if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data; /* support for early data */ - const char *early_data_file; /* the path of the file to read early data from */ + const char *early_data; /* the path of the file to read early data from */ #endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ @@ -725,29 +717,6 @@ exit: return ret; } -#if defined(MBEDTLS_SSL_EARLY_DATA) -int ssl_write_early_data(mbedtls_ssl_context *ssl, FILE *fp, - int *early_data_written) -{ - - /* TODO: Will add code of calling mbedtls_ssl_write_early_data() - * to write real early data. - */ - unsigned char early_data_buf[MAX_EARLY_DATA_CHUNK_SIZE]; - unsigned char *p_early_data_start = &early_data_buf[0]; - unsigned char *p_early_data_end = p_early_data_start + - MAX_EARLY_DATA_CHUNK_SIZE; - ((void) fp); - ((void) early_data_buf); - ((void) p_early_data_start); - ((void) p_early_data_end); - ((void) early_data_written); - - return mbedtls_ssl_handshake(ssl); - -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - int main(int argc, char *argv[]) { int ret = 0, len, tail_len, i, written, frags, retry_left; @@ -773,10 +742,6 @@ int main(int argc, char *argv[]) size_t cid_renego_len = 0; #endif -#if defined(MBEDTLS_SSL_EARLY_DATA) - FILE *early_data_fp = NULL; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -949,7 +914,6 @@ int main(int argc, char *argv[]) opt.sig_algs = DFL_SIG_ALGS; #if defined(MBEDTLS_SSL_EARLY_DATA) opt.early_data = DFL_EARLY_DATA; - opt.early_data_file = DFL_EARLY_DATA_FILE; #endif opt.transport = DFL_TRANSPORT; opt.hs_to_min = DFL_HS_TO_MIN; @@ -1233,23 +1197,7 @@ usage: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "early_data") == 0) { - switch (atoi(q)) { - case 0: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - case 1: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - break; - default: goto usage; - } - } else if (strcmp(p, "early_data_file") == 0) { - opt.early_data_file = q; - if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { - mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", - opt.early_data_file); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto exit; - } + opt.early_data = q; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -2016,7 +1964,17 @@ usage: } #if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_conf_early_data(&conf, opt.early_data); + int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; + FILE *early_data_fp = NULL; + if (strlen(opt.early_data) > 0) { + if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) { + mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", + opt.early_data); + goto exit; + } + early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; + } + mbedtls_ssl_conf_early_data(&conf, early_data_enabled); #endif /* MBEDTLS_SSL_EARLY_DATA */ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { @@ -3041,14 +2999,7 @@ reconnect: goto exit; } -#if defined(MBEDTLS_SSL_EARLY_DATA) - - int early_data_written = 0; - while ((ret = ssl_write_early_data(&ssl, early_data_fp, - &early_data_written)) != 0) { -#else while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { -#endif if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 2fe81141c6..cf8aa745af 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -263,7 +263,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ --earlydata --maxearlydata 16384 --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 early_data_file=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ + "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ 0 \ -c "received max_early_data_size: 16384" \ -c "Reconnecting with saved session" \ @@ -287,7 +287,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ + "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1" \ 0 \ -c "Reconnecting with saved session" \ -C "NewSessionTicket: early_data(42) extension received." \ From e04a97a1eb3586e2cafb74fb744cc5b3205b5539 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 8 Dec 2023 18:27:48 +0000 Subject: [PATCH 279/653] Move MPI initialization to start of function This prevents a call to mbedtls_mpi_free() on uninitialized data when USE_PSA_INIT() fails. Signed-off-by: David Horstmann --- tests/suites/test_suite_x509write.function | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 4de9addca0..b59fd48f3c 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -665,13 +665,15 @@ void x509_set_serial_check() mbedtls_x509write_cert ctx; uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1]; +#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) + mbedtls_mpi serial_mpi; + mbedtls_mpi_init(&serial_mpi); +#endif + USE_PSA_INIT(); memset(invalid_serial, 0x01, sizeof(invalid_serial)); #if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi serial_mpi; - - mbedtls_mpi_init(&serial_mpi); TEST_EQUAL(mbedtls_mpi_read_binary(&serial_mpi, invalid_serial, sizeof(invalid_serial)), 0); TEST_EQUAL(mbedtls_x509write_crt_set_serial(&ctx, &serial_mpi), From 656d4b3c748638ec024dc6182994c96d1f9522d9 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 8 Dec 2023 21:51:15 +0000 Subject: [PATCH 280/653] Avoid use of `ip_len` as it clashes with a macro in AIX system headers Fixes #8624 Signed-off-by: Tom Cosgrove --- include/mbedtls/net_sockets.h | 4 ++-- library/net_sockets.c | 14 +++++++------- programs/x509/cert_req.c | 6 +++--- programs/x509/cert_write.c | 6 +++--- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 026f627ce6..85c11971d8 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -143,7 +143,7 @@ int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char * * \param client_ctx Will contain the connected client socket * \param client_ip Will contain the client IP address, can be NULL * \param buf_size Size of the client_ip buffer - * \param ip_len Will receive the size of the client IP written, + * \param cip_len Will receive the size of the client IP written, * can be NULL if client_ip is null * * \return 0 if successful, or @@ -156,7 +156,7 @@ int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char * */ int mbedtls_net_accept(mbedtls_net_context *bind_ctx, mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *ip_len); + void *client_ip, size_t buf_size, size_t *cip_len); /** * \brief Check and wait for the context to be ready for read/write diff --git a/library/net_sockets.c b/library/net_sockets.c index 2b120c5513..edec5876ad 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -316,7 +316,7 @@ static int net_would_block(const mbedtls_net_context *ctx) */ int mbedtls_net_accept(mbedtls_net_context *bind_ctx, mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *ip_len) + void *client_ip, size_t buf_size, size_t *cip_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int type; @@ -399,22 +399,22 @@ int mbedtls_net_accept(mbedtls_net_context *bind_ctx, if (client_ip != NULL) { if (client_addr.ss_family == AF_INET) { struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr; - *ip_len = sizeof(addr4->sin_addr.s_addr); + *cip_len = sizeof(addr4->sin_addr.s_addr); - if (buf_size < *ip_len) { + if (buf_size < *cip_len) { return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL; } - memcpy(client_ip, &addr4->sin_addr.s_addr, *ip_len); + memcpy(client_ip, &addr4->sin_addr.s_addr, *cip_len); } else { struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr; - *ip_len = sizeof(addr6->sin6_addr.s6_addr); + *cip_len = sizeof(addr6->sin6_addr.s6_addr); - if (buf_size < *ip_len) { + if (buf_size < *cip_len) { return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL; } - memcpy(client_ip, &addr6->sin6_addr.s6_addr, *ip_len); + memcpy(client_ip, &addr6->sin6_addr.s6_addr, *cip_len); } } diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 072441bef5..6ae43a9d94 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -261,10 +261,10 @@ usage: } else if (strcmp(q, "DNS") == 0) { cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; } else if (strcmp(q, "IP") == 0) { - size_t ip_len = 0; + size_t ip_addr_len = 0; cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); - if (ip_len == 0) { + ip_addr_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); + if (ip_addr_len == 0) { mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n", subtype_value); goto exit; diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 8395f746f4..bf25c4cbdd 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -583,10 +583,10 @@ usage: } else if (strcmp(q, "DNS") == 0) { cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; } else if (strcmp(q, "IP") == 0) { - size_t ip_len = 0; + size_t ip_addr_len = 0; cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); - if (ip_len == 0) { + ip_addr_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); + if (ip_addr_len == 0) { mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n", subtype_value); goto exit; From a9581d2d5f83ef6b8d984ca997055b5310746911 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 11 Dec 2023 01:50:34 +0000 Subject: [PATCH 281/653] Fix CI failure of uninitialized fp Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d2f47ff069..1b3dedb22d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -742,6 +742,10 @@ int main(int argc, char *argv[]) size_t cid_renego_len = 0; #endif +#if defined(MBEDTLS_SSL_EARLY_DATA) + FILE *early_data_fp = NULL; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -1965,7 +1969,6 @@ usage: #if defined(MBEDTLS_SSL_EARLY_DATA) int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; - FILE *early_data_fp = NULL; if (strlen(opt.early_data) > 0) { if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) { mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", From c5b7285da99abc3ca65991d3fd4f87201a30d43e Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Mon, 11 Dec 2023 21:25:44 +0100 Subject: [PATCH 282/653] library: Remove unused psa_crypto_core.h include Remove unused psa_crypto_core.h include. The PSA util file provides helper functions when using the PSA API. It should not rely on PSA internal headers, and instead only use public headers. Signed-off-by: Joakim Andersson --- library/psa_util.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/psa_util.c b/library/psa_util.c index 0225bbf02b..b462d1859d 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -12,7 +12,6 @@ #include -#include "psa_crypto_core.h" #include "psa_util_internal.h" /* The following includes are needed for MBEDTLS_ERR_XXX macros */ From 0308d79a340b88463610afa5af3703258fb2d10e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 12 Dec 2023 19:20:30 +0100 Subject: [PATCH 283/653] Fix some MAC-related function names Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index acfd64ab19..7e3eceb904 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -427,7 +427,7 @@ The PSA API does have a direct interface for the AES-CMAC-PRF-128 from RFC 4615 ### Hash mechanism selection -The equivalent to `mbedtls_md_type_t` and `MBEDTLS_MD` constants is the type `psa_algorithm_t` and `PSA_ALG_xxx` constants (the type encompasses all categories of cryptographic algorithms, not just hashes). PSA offers a similar selection of algorithms, but note that SHA-1 and SHA-2 are spelled slightly differently. +The equivalent to `mbedtls_md_type_t` and `MBEDTLS_MD_XXX` constants is the type `psa_algorithm_t` and `PSA_ALG_xxx` constants (the type encompasses all categories of cryptographic algorithms, not just hashes). PSA offers a similar selection of algorithms, but note that SHA-1 and SHA-2 are spelled slightly differently. | Mbed TLS constant | PSA constant | | ---------------------- | ------------------- | @@ -574,7 +574,7 @@ To verify a MAC against an expected value, use the following process instead: If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_mac_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd). -The PSA API also offers functions for a one-shot MAC calculation, similar to `mbedtls_cipher_cmac`: +The PSA API also offers functions for a one-shot MAC calculation, similar to `mbedtls_cipher_cmac` and `mbedtls_md_hmac`: * [`psa_mac_compute`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gabf02ebd3595ea15436967092b5d52878) to calculate the MAC of a buffer in memory. * [`psa_mac_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gaf6988545df5d5e2466c34d753443b15a) to verify the MAC of a buffer in memory against an expected value. From 5feac959a5f18af7f6de9f8634179de30418b0f2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 12 Dec 2023 19:20:45 +0100 Subject: [PATCH 284/653] Correct and clarify discussion of AES-CMAC-PRF-128 Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 7e3eceb904..8cb94ccd53 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -423,7 +423,7 @@ There is no equivalent for the `mbedtls_cipher_get_xxx` functions to extract inf The PSA API groups functions by purpose rather than by underlying primitive: there is a MAC API (equivalent to `md.h` for HMAC, and `cmac.h` for CMAC) and a hash API (equivalent to `md.h` for hashing). There is no special API for a particular hash algorithm (`md5.h`, `sha1.h`, `sha256.h`, `sha512.h`, `sha3.h`). To migrate code using those low-level modules, please follow the recommendations in the following section, using the same principles as the corresponding `md.h` API. -The PSA API does have a direct interface for the AES-CMAC-PRF-128 from RFC 4615 at the time of writing. You can calculate it using the interface to AES-CMAC. +The PSA API does not have a direct interface for the AES-CMAC-PRF-128 algorithm from RFC 4615 calculated by `mbedtls_aes_cmac_prf_128` at the time of writing. You can implement it using the MAC interface with an AES key and the CMAC algorithm. ### Hash mechanism selection From 1ef1eb234fe18b2dfeedde4e524eb6688c1e23e3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Dec 2023 11:09:47 +0100 Subject: [PATCH 285/653] Clarify psa_constant_names Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 8cb94ccd53..067ffafbd3 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -240,7 +240,7 @@ There is currently [no PSA equivalent to the self-tests](https://github.com/Mbed ### Error messages -At the time of writing, there is no equivalent to the error messages provided by `mbedtls_strerror`. However, you can use the companion program `programs/psa/psa_constant_names` to convert various numbers (`psa_status_t`, `psa_algorithm_t`, `psa_key_type_t`, `psa_ecc_family_t`, `psa_dh_family_t`, `psa_key_usage_t`) to their input representation. The conversion doesn't depend on the library configuration or the target platform, so you can use a native build of this program even if you cross-compile your application. +At the time of writing, there is no equivalent to the error messages provided by `mbedtls_strerror`. However, you can use the companion program `programs/psa/psa_constant_names` to convert various numbers (`psa_status_t`, `psa_algorithm_t`, `psa_key_type_t`, `psa_ecc_family_t`, `psa_dh_family_t`, `psa_key_usage_t`) to a programmer-friendly representation. The conversion doesn't depend on the library configuration or the target platform, so you can use a native build of this program even if you cross-compile your application. ``` $ programs/psa/psa_constant_names error -138 From 4dde0b293cd84dd0eff77a1d6d5f9387a55f8a46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 14 Dec 2023 12:09:38 +0100 Subject: [PATCH 286/653] md-cipher-dispatch: editorial improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix a typo, add a reference. Signed-off-by: Manuel Pégourié-Gonnard --- docs/architecture/psa-migration/md-cipher-dispatch.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index bc92d00b37..430b0caec9 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -358,7 +358,7 @@ The two AEAD modes, GCM and CCM, have very similar needs and positions in the st - CTR-DRBG holds a special position in the stack: most users don't care about it per se, they only care about getting random numbers - in fact PSA users don't even need to know what DRBG is used. In particular, no part of the stack is asking questions like "is CTR-DRBG-AES available?" - an RNG needs to be available and that's it - contrary to similar questions about AES-GCM etc. which are asked for example by TLS. So, it makes sense to use different designs for CTR-DRBG on one hand, and GCM/CCM on the other hand: -- CTR-DRBG can just check if `AES_C` is present and "fall back" to PSA is not. +- CTR-DRBG can just check if `AES_C` is present and "fall back" to PSA if not. - GCM and CCM need an common abstraction layer that allows: - Using AES, Aria or Camellia in a uniform way. - Dispatching to built-in or driver. @@ -379,7 +379,7 @@ Those costs could be avoided by refactoring (parts of) Cipher, but that would pr - significant differences in how the `cipher.h` API is implemented between builds with the full Cipher or only a subset; - or more work to apply the simplifications to all of Cipher. -Prototyping both approaches showed better code size savings and cleaner code with a new internal module. +Prototyping both approaches showed better code size savings and cleaner code with a new internal module (see section "Internal "block cipher" abstraction (Cipher light)" below). ## Specification From f3c04f3f47c242924a9927c6c411bb5464aa1107 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 5 Dec 2023 12:06:11 +0000 Subject: [PATCH 287/653] Better definition of MBEDTLS_IS_BIG_ENDIAN for IAR Signed-off-by: Dave Rodgman --- library/alignment.h | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/library/alignment.h b/library/alignment.h index 4aab8e0275..634d610469 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -224,10 +224,25 @@ static inline uint64_t mbedtls_bswap64(uint64_t x) #endif /* !defined(MBEDTLS_BSWAP64) */ #if !defined(__BYTE_ORDER__) + +#if defined(__LITTLE_ENDIAN__) +/* IAR defines __xxx_ENDIAN__, but not __BYTE_ORDER__ */ +#define MBEDTLS_IS_BIG_ENDIAN 0 +#elif defined(__BIG_ENDIAN__) +#define MBEDTLS_IS_BIG_ENDIAN 1 +#else static const uint16_t mbedtls_byte_order_detector = { 0x100 }; #define MBEDTLS_IS_BIG_ENDIAN (*((unsigned char *) (&mbedtls_byte_order_detector)) == 0x01) +#endif + #else -#define MBEDTLS_IS_BIG_ENDIAN ((__BYTE_ORDER__) == (__ORDER_BIG_ENDIAN__)) + +#if (__BYTE_ORDER__) == (__ORDER_BIG_ENDIAN__) +#define MBEDTLS_IS_BIG_ENDIAN 1 +#else +#define MBEDTLS_IS_BIG_ENDIAN 0 +#endif + #endif /* !defined(__BYTE_ORDER__) */ /** From 650674bb41f2147be7eeb1d25913e45aa0dc4b39 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 5 Dec 2023 12:16:48 +0000 Subject: [PATCH 288/653] Add MBEDTLS_BSWAPxx intrinsics for IAR Signed-off-by: Dave Rodgman --- library/alignment.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/library/alignment.h b/library/alignment.h index 634d610469..9e1e044ec6 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -180,6 +180,16 @@ inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x) #define MBEDTLS_BSWAP32 __rev #endif +/* Detect IAR built-in byteswap routine */ +#if defined(__IAR_SYSTEMS_ICC__) +#if defined(__ARM_ACLE) +#include +#define MBEDTLS_BSWAP16(x) ((uint16_t) __rev16((uint32_t) (x))) +#define MBEDTLS_BSWAP32 __rev +#define MBEDTLS_BSWAP64 __revll +#endif +#endif + /* * Where compiler built-ins are not present, fall back to C code that the * compiler may be able to detect and transform into the relevant bswap or From 69928dbe86cefd1640b2fa08f6f8d896bde255d3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 14 Dec 2023 12:09:18 +0000 Subject: [PATCH 289/653] Fix compile warning from IAR Signed-off-by: Dave Rodgman --- library/ccm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ccm.c b/library/ccm.c index 6700dc743d..6b137d7bf9 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -91,7 +91,7 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, } #endif - return 0; + return ret; } /* From b349108b99283cf5afadb0a432d186ad18612302 Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Mon, 11 Dec 2023 21:29:19 +0100 Subject: [PATCH 290/653] library: Move mbedtls_ecc helper functions to psa_util Move the mbedtls_ecc helper functions from psa_core to psa_util. These files are not implemented as part of the PSA API and should not be part of the PSA crypto implementation. Signed-off-by: Joakim Andersson --- include/mbedtls/psa_util.h | 50 +++++++++++ include/psa/crypto_extra.h | 47 ---------- library/psa_crypto.c | 175 ------------------------------------- library/psa_util.c | 174 ++++++++++++++++++++++++++++++++++++ 4 files changed, 224 insertions(+), 222 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 643e8aac4a..5f6a05315a 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -14,6 +14,8 @@ #include "mbedtls/build_info.h" +#include "psa/crypto.h" + #if defined(MBEDTLS_PSA_CRYPTO_C) /* Expose whatever RNG the PSA subsystem uses to applications using the @@ -100,5 +102,53 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ +/** \defgroup psa_tls_helpers TLS helper functions + * @{ + */ +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#include + +/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. + * + * \note This function is provided solely for the convenience of + * Mbed TLS and may be removed at any time without notice. + * + * \param grpid An Mbed TLS elliptic curve identifier + * (`MBEDTLS_ECP_DP_xxx`). + * \param[out] bits On success, the bit size of the curve. + * + * \return The corresponding PSA elliptic curve identifier + * (`PSA_ECC_FAMILY_xxx`). + * \return \c 0 on failure (\p grpid is not recognized). + */ +psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, + size_t *bits); + +/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. + * + * \note This function is provided solely for the convenience of + * Mbed TLS and may be removed at any time without notice. + * + * \param curve A PSA elliptic curve identifier + * (`PSA_ECC_FAMILY_xxx`). + * \param bits The bit-length of a private key on \p curve. + * \param bits_is_sloppy If true, \p bits may be the bit-length rounded up + * to the nearest multiple of 8. This allows the caller + * to infer the exact curve from the length of a key + * which is supplied as a byte string. + * + * \return The corresponding Mbed TLS elliptic curve identifier + * (`MBEDTLS_ECP_DP_xxx`). + * \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized. + * \return #MBEDTLS_ECP_DP_NONE if \p bits is not + * correct for \p curve. + */ +mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, + size_t bits, + int bits_is_sloppy); +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + +/**@}*/ + #endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_UTIL_H */ diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index ef29b77db8..f7207a1be2 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -557,53 +557,6 @@ psa_status_t psa_get_key_domain_parameters( /**@}*/ -/** \defgroup psa_tls_helpers TLS helper functions - * @{ - */ -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#include - -/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. - * - * \note This function is provided solely for the convenience of - * Mbed TLS and may be removed at any time without notice. - * - * \param grpid An Mbed TLS elliptic curve identifier - * (`MBEDTLS_ECP_DP_xxx`). - * \param[out] bits On success, the bit size of the curve. - * - * \return The corresponding PSA elliptic curve identifier - * (`PSA_ECC_FAMILY_xxx`). - * \return \c 0 on failure (\p grpid is not recognized). - */ -psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, - size_t *bits); - -/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. - * - * \note This function is provided solely for the convenience of - * Mbed TLS and may be removed at any time without notice. - * - * \param curve A PSA elliptic curve identifier - * (`PSA_ECC_FAMILY_xxx`). - * \param bits The bit-length of a private key on \p curve. - * \param bits_is_sloppy If true, \p bits may be the bit-length rounded up - * to the nearest multiple of 8. This allows the caller - * to infer the exact curve from the length of a key - * which is supplied as a byte string. - * - * \return The corresponding Mbed TLS elliptic curve identifier - * (`MBEDTLS_ECP_DP_xxx`). - * \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized. - * \return #MBEDTLS_ECP_DP_NONE if \p bits is not - * correct for \p curve. - */ -mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy); -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -/**@}*/ /** \defgroup psa_external_rng External random generator * @{ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c90119fe4a..692da9f558 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -408,181 +408,6 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat } - - -/****************************************************************/ -/* Key management */ -/****************************************************************/ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, - size_t *bits) -{ - switch (grpid) { -#if defined(MBEDTLS_ECP_HAVE_SECP192R1) - case MBEDTLS_ECP_DP_SECP192R1: - *bits = 192; - return PSA_ECC_FAMILY_SECP_R1; -#endif -#if defined(MBEDTLS_ECP_HAVE_SECP224R1) - case MBEDTLS_ECP_DP_SECP224R1: - *bits = 224; - return PSA_ECC_FAMILY_SECP_R1; -#endif -#if defined(MBEDTLS_ECP_HAVE_SECP256R1) - case MBEDTLS_ECP_DP_SECP256R1: - *bits = 256; - return PSA_ECC_FAMILY_SECP_R1; -#endif -#if defined(MBEDTLS_ECP_HAVE_SECP384R1) - case MBEDTLS_ECP_DP_SECP384R1: - *bits = 384; - return PSA_ECC_FAMILY_SECP_R1; -#endif -#if defined(MBEDTLS_ECP_HAVE_SECP521R1) - case MBEDTLS_ECP_DP_SECP521R1: - *bits = 521; - return PSA_ECC_FAMILY_SECP_R1; -#endif -#if defined(MBEDTLS_ECP_HAVE_BP256R1) - case MBEDTLS_ECP_DP_BP256R1: - *bits = 256; - return PSA_ECC_FAMILY_BRAINPOOL_P_R1; -#endif -#if defined(MBEDTLS_ECP_HAVE_BP384R1) - case MBEDTLS_ECP_DP_BP384R1: - *bits = 384; - return PSA_ECC_FAMILY_BRAINPOOL_P_R1; -#endif -#if defined(MBEDTLS_ECP_HAVE_BP512R1) - case MBEDTLS_ECP_DP_BP512R1: - *bits = 512; - return PSA_ECC_FAMILY_BRAINPOOL_P_R1; -#endif -#if defined(MBEDTLS_ECP_HAVE_CURVE25519) - case MBEDTLS_ECP_DP_CURVE25519: - *bits = 255; - return PSA_ECC_FAMILY_MONTGOMERY; -#endif -#if defined(MBEDTLS_ECP_HAVE_SECP192K1) - case MBEDTLS_ECP_DP_SECP192K1: - *bits = 192; - return PSA_ECC_FAMILY_SECP_K1; -#endif -#if defined(MBEDTLS_ECP_HAVE_SECP224K1) - case MBEDTLS_ECP_DP_SECP224K1: - *bits = 224; - return PSA_ECC_FAMILY_SECP_K1; -#endif -#if defined(MBEDTLS_ECP_HAVE_SECP256K1) - case MBEDTLS_ECP_DP_SECP256K1: - *bits = 256; - return PSA_ECC_FAMILY_SECP_K1; -#endif -#if defined(MBEDTLS_ECP_HAVE_CURVE448) - case MBEDTLS_ECP_DP_CURVE448: - *bits = 448; - return PSA_ECC_FAMILY_MONTGOMERY; -#endif - default: - *bits = 0; - return 0; - } -} - -mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy) -{ - switch (curve) { - case PSA_ECC_FAMILY_SECP_R1: - switch (bits) { -#if defined(PSA_WANT_ECC_SECP_R1_192) - case 192: - return MBEDTLS_ECP_DP_SECP192R1; -#endif -#if defined(PSA_WANT_ECC_SECP_R1_224) - case 224: - return MBEDTLS_ECP_DP_SECP224R1; -#endif -#if defined(PSA_WANT_ECC_SECP_R1_256) - case 256: - return MBEDTLS_ECP_DP_SECP256R1; -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - case 384: - return MBEDTLS_ECP_DP_SECP384R1; -#endif -#if defined(PSA_WANT_ECC_SECP_R1_521) - case 521: - return MBEDTLS_ECP_DP_SECP521R1; - case 528: - if (bits_is_sloppy) { - return MBEDTLS_ECP_DP_SECP521R1; - } - break; -#endif - } - break; - - case PSA_ECC_FAMILY_BRAINPOOL_P_R1: - switch (bits) { -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - case 256: - return MBEDTLS_ECP_DP_BP256R1; -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - case 384: - return MBEDTLS_ECP_DP_BP384R1; -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - case 512: - return MBEDTLS_ECP_DP_BP512R1; -#endif - } - break; - - case PSA_ECC_FAMILY_MONTGOMERY: - switch (bits) { -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - case 255: - return MBEDTLS_ECP_DP_CURVE25519; - case 256: - if (bits_is_sloppy) { - return MBEDTLS_ECP_DP_CURVE25519; - } - break; -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - case 448: - return MBEDTLS_ECP_DP_CURVE448; -#endif - } - break; - - case PSA_ECC_FAMILY_SECP_K1: - switch (bits) { -#if defined(PSA_WANT_ECC_SECP_K1_192) - case 192: - return MBEDTLS_ECP_DP_SECP192K1; -#endif -#if defined(PSA_WANT_ECC_SECP_K1_224) - case 224: - return MBEDTLS_ECP_DP_SECP224K1; -#endif -#if defined(PSA_WANT_ECC_SECP_K1_256) - case 256: - return MBEDTLS_ECP_DP_SECP256K1; -#endif - } - break; - } - - (void) bits_is_sloppy; - return MBEDTLS_ECP_DP_NONE; -} -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type, size_t bits) { diff --git a/library/psa_util.c b/library/psa_util.c index b462d1859d..9b06de273f 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -156,4 +156,178 @@ int psa_pk_status_to_mbedtls(psa_status_t status) } } #endif /* MBEDTLS_PK_C */ + +/****************************************************************/ +/* Key management */ +/****************************************************************/ + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, + size_t *bits) +{ + switch (grpid) { +#if defined(MBEDTLS_ECP_HAVE_SECP192R1) + case MBEDTLS_ECP_DP_SECP192R1: + *bits = 192; + return PSA_ECC_FAMILY_SECP_R1; +#endif +#if defined(MBEDTLS_ECP_HAVE_SECP224R1) + case MBEDTLS_ECP_DP_SECP224R1: + *bits = 224; + return PSA_ECC_FAMILY_SECP_R1; +#endif +#if defined(MBEDTLS_ECP_HAVE_SECP256R1) + case MBEDTLS_ECP_DP_SECP256R1: + *bits = 256; + return PSA_ECC_FAMILY_SECP_R1; +#endif +#if defined(MBEDTLS_ECP_HAVE_SECP384R1) + case MBEDTLS_ECP_DP_SECP384R1: + *bits = 384; + return PSA_ECC_FAMILY_SECP_R1; +#endif +#if defined(MBEDTLS_ECP_HAVE_SECP521R1) + case MBEDTLS_ECP_DP_SECP521R1: + *bits = 521; + return PSA_ECC_FAMILY_SECP_R1; +#endif +#if defined(MBEDTLS_ECP_HAVE_BP256R1) + case MBEDTLS_ECP_DP_BP256R1: + *bits = 256; + return PSA_ECC_FAMILY_BRAINPOOL_P_R1; +#endif +#if defined(MBEDTLS_ECP_HAVE_BP384R1) + case MBEDTLS_ECP_DP_BP384R1: + *bits = 384; + return PSA_ECC_FAMILY_BRAINPOOL_P_R1; +#endif +#if defined(MBEDTLS_ECP_HAVE_BP512R1) + case MBEDTLS_ECP_DP_BP512R1: + *bits = 512; + return PSA_ECC_FAMILY_BRAINPOOL_P_R1; +#endif +#if defined(MBEDTLS_ECP_HAVE_CURVE25519) + case MBEDTLS_ECP_DP_CURVE25519: + *bits = 255; + return PSA_ECC_FAMILY_MONTGOMERY; +#endif +#if defined(MBEDTLS_ECP_HAVE_SECP192K1) + case MBEDTLS_ECP_DP_SECP192K1: + *bits = 192; + return PSA_ECC_FAMILY_SECP_K1; +#endif +#if defined(MBEDTLS_ECP_HAVE_SECP224K1) + case MBEDTLS_ECP_DP_SECP224K1: + *bits = 224; + return PSA_ECC_FAMILY_SECP_K1; +#endif +#if defined(MBEDTLS_ECP_HAVE_SECP256K1) + case MBEDTLS_ECP_DP_SECP256K1: + *bits = 256; + return PSA_ECC_FAMILY_SECP_K1; +#endif +#if defined(MBEDTLS_ECP_HAVE_CURVE448) + case MBEDTLS_ECP_DP_CURVE448: + *bits = 448; + return PSA_ECC_FAMILY_MONTGOMERY; +#endif + default: + *bits = 0; + return 0; + } +} + +mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, + size_t bits, + int bits_is_sloppy) +{ + switch (curve) { + case PSA_ECC_FAMILY_SECP_R1: + switch (bits) { +#if defined(PSA_WANT_ECC_SECP_R1_192) + case 192: + return MBEDTLS_ECP_DP_SECP192R1; +#endif +#if defined(PSA_WANT_ECC_SECP_R1_224) + case 224: + return MBEDTLS_ECP_DP_SECP224R1; +#endif +#if defined(PSA_WANT_ECC_SECP_R1_256) + case 256: + return MBEDTLS_ECP_DP_SECP256R1; +#endif +#if defined(PSA_WANT_ECC_SECP_R1_384) + case 384: + return MBEDTLS_ECP_DP_SECP384R1; +#endif +#if defined(PSA_WANT_ECC_SECP_R1_521) + case 521: + return MBEDTLS_ECP_DP_SECP521R1; + case 528: + if (bits_is_sloppy) { + return MBEDTLS_ECP_DP_SECP521R1; + } + break; +#endif + } + break; + + case PSA_ECC_FAMILY_BRAINPOOL_P_R1: + switch (bits) { +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) + case 256: + return MBEDTLS_ECP_DP_BP256R1; +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) + case 384: + return MBEDTLS_ECP_DP_BP384R1; +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) + case 512: + return MBEDTLS_ECP_DP_BP512R1; +#endif + } + break; + + case PSA_ECC_FAMILY_MONTGOMERY: + switch (bits) { +#if defined(PSA_WANT_ECC_MONTGOMERY_255) + case 255: + return MBEDTLS_ECP_DP_CURVE25519; + case 256: + if (bits_is_sloppy) { + return MBEDTLS_ECP_DP_CURVE25519; + } + break; +#endif +#if defined(PSA_WANT_ECC_MONTGOMERY_448) + case 448: + return MBEDTLS_ECP_DP_CURVE448; +#endif + } + break; + + case PSA_ECC_FAMILY_SECP_K1: + switch (bits) { +#if defined(PSA_WANT_ECC_SECP_K1_192) + case 192: + return MBEDTLS_ECP_DP_SECP192K1; +#endif +#if defined(PSA_WANT_ECC_SECP_K1_224) + case 224: + return MBEDTLS_ECP_DP_SECP224K1; +#endif +#if defined(PSA_WANT_ECC_SECP_K1_256) + case 256: + return MBEDTLS_ECP_DP_SECP256K1; +#endif + } + break; + } + + (void) bits_is_sloppy; + return MBEDTLS_ECP_DP_NONE; +} +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ From b461b8731c5549c5fb5e20f4c7f80ab8e40973bd Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 14 Dec 2023 14:40:36 +0000 Subject: [PATCH 291/653] Change how the state transition diagram is stored Store the source of the diagram as a url instead of an xml file. Signed-off-by: Ryan Everett --- .../key-slot-state-transitions.drawio | 183 ------------------ .../psa-thread-safety/psa-thread-safety.md | 6 + 2 files changed, 6 insertions(+), 183 deletions(-) delete mode 100644 docs/architecture/psa-thread-safety/key-slot-state-transitions.drawio diff --git a/docs/architecture/psa-thread-safety/key-slot-state-transitions.drawio b/docs/architecture/psa-thread-safety/key-slot-state-transitions.drawio deleted file mode 100644 index 5da2a7fcc9..0000000000 --- a/docs/architecture/psa-thread-safety/key-slot-state-transitions.drawio +++ /dev/null @@ -1,183 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/architecture/psa-thread-safety/psa-thread-safety.md b/docs/architecture/psa-thread-safety/psa-thread-safety.md index 97273f3872..d8256b5c5a 100644 --- a/docs/architecture/psa-thread-safety/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety/psa-thread-safety.md @@ -296,6 +296,12 @@ Library functions which operate on a slot will return `PSA_ERROR_BAD_STATE` if t A state transition diagram can be found in docs/architecture/psa-thread-safety/key-slot-state-transitions.jpg. In this diagram, an arrow between two states `q1` and `q2` with label `f` indicates that if the state of a slot is `q1` immediately before `f`'s linearization point, it may be `q2` immediately after `f`'s linearization point. The linearization point of a state changing call to a function must be a call to `psa_slot_state_transition`. +#### Generating the state transition diagram from source + +To generate the state transition diagram in https://app.diagrams.net/, open the following url: + +https://viewer.diagrams.net/?tags=%7B%7D&highlight=FFFFFF&edit=_blank&layers=1&nav=1&title=key-slot-state-transitions#R5Vxbd5s4EP4t%2B%2BDH5iAJcXms4ySbrdtNT7qX9MWHgGyrxcABHNv59SsM2EhgDBhs3PVL0CANoBl9fDMaMkC3i%2FWDb3jzz65F7AGUrPUAjQYQAqBh9ieSbGKJIqFYMPOplXTaC57pO0mEUiJdUosEXMfQde2QerzQdB2HmCEnM3zfXfHdpq7NX9UzZiQneDYNOy%2F9h1rhPJZqUN3Lfyd0Nk%2BvDBQ9PrMw0s7JkwRzw3JXGRG6G6Bb33XD%2BGixviV2NHnpvMTj7g%2Bc3d2YT5ywyoDv4H08%2Ffvxj9VX3XGGw5cf3o9PHxJjvBn2MnngAVRspm9o0Td2OIsO7%2F8aj1Mx0585U9B5bgQTnxgW8YP07Ksv9he1bOcn3KSTzm6c2Zc1hqs5DcmzZ5jRmRVzsegK4cJmLcAOjcCLjT6la2LtVGUnJZmnN%2BKHZJ0RJZP0QNwFCf0N65KclbXEYDuPTdqrjP0T0Txj%2BlRmJB4322neG4UdJHapYSMACowkzphjfYy8nbVM2wgCavIT5btLx4pmaCSxFpscf%2FNvcmrbeMk2Rutsv9Emba1puBvEjl8y8v2QqJGOOGiNwF36Jjnul6Hhz0hY0k%2BO%2BxGLW8V522Zshwtsl8p8YhshfePXfpFBkys8uZQ92UHXwYrgE%2FFzJ6Oya1VUpOo3euancWplJKiNpymnduttu0k4wQFhzgGXjk9mNAiJv13seX9kBhkbr%2BxlwK9Xm86cyEeZQxCfCaJlSRnafkxOLKhlRTqGPgnou%2FG61Re5khc93PZx8XCAR4XOVb56RADYvTOSq3CwXAQM0g2UVJ2zxAd4mt%2BkaoAwxJ1OA9KNLasA%2Ft3np28v14nevQNvvXXwTmBYysAwKIXhHdxLWbiXjsB9c%2FCGFcEb9Au8ec%2FJgWxl7D7yDugYrFO6mXE4LzAmU4Pak59kMzEZXofUdfoM2ema6SNkJ5ohp1Qc3x1%2B51%2FF94%2Fj8eOXh17DMFIuDMNyldderTjnt18u0Lm4kXAVIz3dfRlt3b2inUZ347tvj39%2BuU4b9Y7PqF3RmepRZbPotTmdSdNOx%2BgM7BWdgRJ7%2BWkyVAGLJmWs8G9BLCs3KsAq1FTMGkhQX5XrAEUgTfJ5yY5WyHXYFSdk4YWbLeEJbDfsMdlJF1Qfuc5OjXwuegOKXtTt48sNbhIwxaMuGjL1K98VYYwkpRijMDjg0QBEWawUZJAmqc1QRpYElGG%2BjgSX7DoFVow0U%2BrQYH41cVW6uE7Gmg%2FM7rKu8mCDWvEpRSvUegboKaKfgi3Npf%2B2RZaYbZwv51492dMcg6rm3FGvMEhWMecwitowb4MVQZHIoQ9ADPMBY5PplizPwzes82imSlL5fUGhPzjSX9bK9LOD%2BI6bLp7RUDYBfTA9%2B50sH%2Bkz%2Fvi0rha6CVsGFQO4lNEZjjWxXfNnhtTV0GDabkCiobVGeUtm8uyo%2BtFjf9A%2FtVEb6A%2BQxntZO1k1nr5CfC7sR0X74K3QzixwVwxrMzyz2zy9XBHw%2B5WnhyrkvATjhoAPDuVWzsQpUVGsUwhDFglC392cDl%2FNoPKKQW%2B3sFsIr2VN4eObdGGc6NA7ZN5wINg96smXYLzH4Kw%2BcB4EwJ4AFiN8mVwb0gBnbaSCorO12ausZtJ9CtDrXKQjZouQVn7P4l2iI8wWl%2BrvhtnmCyaup%2FZFbo3ysXgfC47bEvh1kVosNGT7OxeXxrfWCB7sFV4iIeDFTSsxkCrkDStG9G153HXtTpQumlZiRl3YhGqLPqV5zS5ThoWzc5barsqbFTwMdbhZUTVRiHsNKwpoCitChZfSXTluMSMprvDigsTeAkprpV0RoECekbQVj%2FH7Gl2UdhXb9Ux1%2FsehoQkMNYcTXBFO%2BhXVwQNp%2BdpwAgWWonRXMFrsdrDA7XKJoVzQUyOhtKIeyWXtryOpVL5Q26jZ2H0h1y6IAXQhEMuT3pwlz55TOohNfcESIXHSeA8TbbNAGpahrMs6RBoS9XL1GrAS0NRNA7GnyV4F6PxNqBK6UaG0%2B6HyJwJ6qTIA6ijDze%2Bso%2BxSPoToZXqpfK3%2Fz9JLT3S5Hk%2FhRNNmX9%2B%2B338yHccr%2FLCqHfLGFaE1%2BkizM%2BpWtTS2X2VrSKgnw2JeqDLc4iOZqvaoW6HPVWJuEQOzXcOaeMQPIlxxwi0ZY%2Ffk1q%2Bj2Gp6XVI7pM4JakoLOq6DGpaiQAuIiGVQGIie6Pxnq6mAl6wJqu9Cv9g3mFVT%2F1WL%2Bfa74OmW%2Brk2T%2Fnkbu4Lg8pFxIKiqtUee0WnLBnW3P%2Bnj7j7%2Fv%2BloLv%2FAA%3D%3D + #### Destruction of a key in use Problem: In [Key destruction long-term requirements](#key-destruction-long-term-requirements) we require that the key slot is destroyed (by `psa_wipe_key_slot`) even while it's in use (FILLING or with at least one reader). From 3b9de382084bb7a8b5f8735457844b0048e51748 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Thu, 14 Dec 2023 16:22:01 +0800 Subject: [PATCH 292/653] Make clienthello comment clear Signed-off-by: Wenxing Hou --- library/ssl_tls12_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 923b093af9..96b65f8b0e 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1128,11 +1128,11 @@ read_record_header: msg_len -= mbedtls_ssl_hs_hdr_len(ssl); /* - * ClientHello layer: + * ClientHello layout: * 0 . 1 protocol version * 2 . 33 random bytes (starting with 4 bytes of Unix time) - * 34 . 35 session id length (1 byte) - * 35 . 34+x session id + * 34 . 34 session id length (1 byte) + * 35 . 34+x session id, where x = session id length from byte 34 * 35+x . 35+x DTLS only: cookie length (1 byte) * 36+x . .. DTLS only: cookie * .. . .. ciphersuite list length (2 bytes) From a19c75381c726c072511da480e6528cb9396d252 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 14 Dec 2023 14:42:42 +0000 Subject: [PATCH 293/653] Remove redundant use of -O2 with ASAN_FLAGS Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 52 ++++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b8acfb5eb1..ab422ea154 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1441,7 +1441,7 @@ component_test_psa_external_rng_no_drbg_classic () { # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, # the SSL test programs don't have an RNG and can't work. Explicitly # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. - make CFLAGS="$ASAN_CFLAGS -O2 -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites" make test @@ -1460,7 +1460,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" make test @@ -1475,7 +1475,7 @@ component_test_psa_external_rng_use_psa_crypto () { scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_CTR_DRBG_C - make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" make test @@ -1954,7 +1954,7 @@ component_test_everest_curve25519_only () { scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED - make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: Everest ECDH context, only Curve25519" # ~ 50s make test @@ -3831,7 +3831,7 @@ component_test_aead_chachapoly_disabled() { scripts/config.py full scripts/config.py unset MBEDTLS_CHACHAPOLY_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 - make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY" make test @@ -3844,7 +3844,7 @@ component_test_aead_only_ccm() { scripts/config.py unset MBEDTLS_GCM_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM - make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY and GCM" make test @@ -3875,7 +3875,7 @@ component_build_psa_accel_alg_ecdh() { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. @@ -3885,7 +3885,7 @@ component_build_psa_accel_alg_hmac() { scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. @@ -3898,7 +3898,7 @@ component_build_psa_accel_alg_hkdf() { # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. @@ -3917,7 +3917,7 @@ component_build_psa_accel_alg_md5() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. @@ -3936,7 +3936,7 @@ component_build_psa_accel_alg_ripemd160() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. @@ -3955,7 +3955,7 @@ component_build_psa_accel_alg_sha1() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. @@ -3971,7 +3971,7 @@ component_build_psa_accel_alg_sha224() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. @@ -3987,7 +3987,7 @@ component_build_psa_accel_alg_sha256() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. @@ -4005,7 +4005,7 @@ component_build_psa_accel_alg_sha384() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. @@ -4024,7 +4024,7 @@ component_build_psa_accel_alg_sha512() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4038,7 +4038,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4052,7 +4052,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4066,7 +4066,7 @@ component_build_psa_accel_alg_rsa_oaep() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4080,7 +4080,7 @@ component_build_psa_accel_alg_rsa_pss() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4095,7 +4095,7 @@ component_build_psa_accel_key_type_rsa_key_pair() { scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4107,7 +4107,7 @@ component_build_psa_accel_key_type_rsa_public_key() { scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } @@ -4476,7 +4476,7 @@ component_test_platform_calloc_macro () { component_test_malloc_0_null () { msg "build: malloc(0) returns NULL (ASan+UBSan build)" scripts/config.py full - make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: malloc(0) returns NULL (ASan+UBSan build)" make test @@ -4800,7 +4800,7 @@ component_build_aes_via_padlock () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" grep -q mbedtls_padlock_has_support ./programs/test/selftest } @@ -5251,7 +5251,7 @@ component_test_m32_o2 () { msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, make, gcc -O2 (ASan build)" make test @@ -5267,7 +5267,7 @@ component_test_m32_everest () { msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s make test From 3eb4274a57cbfc514e9dcb36bf92fc231dcf9e1e Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 14 Dec 2023 14:47:03 +0000 Subject: [PATCH 294/653] Fix transitions in diagram Move the finish_key_creation transition Neaten the diagram Add transitions for the key loading functions in psa_get_and_lock_key_slot Add psa_wipe_key_slot transition Change file to be a png Signed-off-by: Ryan Everett --- .../key-slot-state-transitions.jpg | Bin 46583 -> 0 bytes .../key-slot-state-transitions.png | Bin 0 -> 70492 bytes .../psa-thread-safety/psa-thread-safety.md | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 docs/architecture/psa-thread-safety/key-slot-state-transitions.jpg create mode 100644 docs/architecture/psa-thread-safety/key-slot-state-transitions.png diff --git a/docs/architecture/psa-thread-safety/key-slot-state-transitions.jpg b/docs/architecture/psa-thread-safety/key-slot-state-transitions.jpg deleted file mode 100644 index ebfadcb4963d39f59cc3f21d30a21a62ce1676c0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 46583 zcmeFZ2UL^mwl4fZC{jc3BubYmU8D-qM5HKPKm?=-5d{g-dj|o5B}nfAA~p101VlPW zs0o5}5~M_FH|~AbI(zMN_8n`V@sB&kKkj`qNXXan&9}_?%xBK|U3|G%254?;Xlnoj z1OPyQe*qVBfEoZI{MCNFgYb=rgy>hhL_$JLLUxIqoa_=A8961GlAMB?f{cucmWmoo zLqkhLPDw{kM?;VQpXS#^2!5RjBD#b>k%oed0>Aa&Y!@8>?InV4f=v(sEkH<10HP(h z=mDVk`y?j#TLb>15fFlih)GB4~aPOBPp<&?>kx|h}$*)sV(|&uCo|j)xSX5k6 z`mVaBwyqx0(Ad<~-P7CG|8Zb&d}4BHdgjY45`|v*y1MplePa{5|NY?b=ot6o=P$Vk z0MOsX!oUAruz!*Z-w6bSMEEWx{UsLxp%?xSL`y_`MVy50rU9vqJ3W^~&?N@d#N4V* zGHyvj4CA9`W8_RcQYc>RFVX%c*dckE{?W%h^YXI17%dDossn{99I24w{=8!Bl|kIa~jc=>?FViZi+Z!csFY zfc_G~@S2kcr^Ed(3U5#NbRYQU&+R`I zK<>|sJ5++=()T@E;+|xkqeMmM|)@B0tJ#gL~KB=`-zF8`(~QC zeRh|1q}RFSVzYyjJIuvq)w(UgWBPc9)~8OeJ>5goPm?1l=)hA}WMvot?1zv^A9~F%sf(cD= z34K{q)3tu)-*3g3A|~=Jyzl1NwV%*gAX73!ZaerGA-4nl-b1_}=0GB_8GY#q-Pxg8 z;@G1^#)7mq&e1(jd5>n}Yf`VeKIf^F7rZxld+qwJ0BA&dZw`tQjmmd=d7vE-U|+f5 zOtYS>=~+Cd`EKsZYn`%>JWWmEl7s_XeXC{UVV7QIQ6@VwH5Zu4X!46bBA9u3tSS83~9CtR8crzIeHb}-BUehjngx>kk6!7Zyc{psZ*cY ztrI#qnX_^Ien;d8J;tJhg)HoQhh4f%*yKNz#S+tJ?v`1(QGv3ix&Z85B)5?5k$dIk z_inXUwbj&~NO#wD-nH5x`6~L}0U=%^B&Sau^53l--~tG*I!jevUu|OyK-m`uU^f9} zRC$1X!cRF^m^IGKY3cN3AQc3#thF>R=Lj6C%x}Q(D->!VfI(-I~mqIw(8Qqx&?``5f|vl)_LtLY8W1{-}clnme8b6^rX^p*D3aVuw1JH!BL#O)1WI zbsCM_u2^`tdD)BaAp!ZVfJ^X*&Ma;$q;=Uv$JNN!I)JIP#C#LkSQ|dQCa)!;X7R)L zStFRS)*_^lAX$)PEr*=$l&={}8r6=vK6$EMfwRzWby41l6Y54bY1_UNDTqBf_o%ku z*?c-@Js=Ld!=0v24CvWoWV>F_&FNC-mnFN%MmgwCs0SlgS1cDoPTHcl6QOy_GT(=R zr&$DNDHXo570#~Z@P4c8?lE|>&h)`Bm1vHOPU^(L7KM*aOyxY;tpVv*$xogM-?7ER z7;zQm{_Pc4aC94+I_DDdR2qYJIn$W-nX8x?ACmiItZ_Y8Yq<9AmACTET6T3ImtQ>y z^z;|SEXDcr;!I3&J}b%;>oVrdQNj-6hwO3kJiPXR+8Zv)$gBqZ59jn*559)VADfm|PO zvVKLU_6@j7#>~*2Je^UFjfNa+cLE%J*(Uads?7bOf09+Cy2xkvsqUVM+UW5Q7)x3|06|k9?thHERdP+`2Kdq`Ip$l4 zuX+KlMi0x>{=Cd-tDIskqttbw&TFzL*d?NokOo91@=)M1tzalQ$w+FTBHup&pg+T* z|MCqq*lxG?LpmWO;7IRO@d7AX7XVE;{sVye=QH*zXXVdzZI_qMk}m*oz(x}}aA^J~ z$o0=>{39Iu3;Pr`6&+x3jm4e&V z!zP9It^^s!C~3~WRw)bwtJc+Cr|JEj?I--_kPBeKgMnbP_J5;<{#(t2-$?qg?JBMq zo2-lJecvwDtHa5Dce?E|uIyIh)S=uHk0C{-{=1W&>^}0IjY)lLQr_w<&g1hMsFpf) zfxX5+@k3ZbHnWJ-u*6DFJL3}%FwG@j9*+v4yW{9<@FI$ngXsMo!=qWZcrIUBnn>0A zHKoQkRj5N&9AXrN(9KkQ${gk!O&(c-(_NEqf z**D`m;c?>Z$#ehOlt%6mpnt_FaiVgpMF)^aT*>f7S6^220!?Sf^bG;lz3SpAV4k`|et z#fhc%2wY_~7N(~pSzd0ES;Nl!z!aZESf1oY~6*KlNWBf z`?(h*H;$@y5Fw6mhjf|bK~INtI^eoqq%zdkWu-FEN@n8J9{XZRHAM-s`P9t3+sW}; zZ+ZmsP)GhFOAEoL#7IzXcEovD&M*h zRu`UaLzE_KVj@wlKi3s)_BHWKn7R>BDi1)w7bsU25DO)9JD|7#7?Gz2m{=rVn({2H zPT;Wlaa~sHmI5;x8Y`K{+&LSDB_m0Ln-*(;j4 ztG=JeE>pevtPXgL-?$Yg{JtcTLQ=c~@Z=dK<#fdsFR!k}_@OQIVw9+|wZ?l~{Q@AZ z&ePL*ns%}HA1PrSoARPfiY2`~3aZVHX{SEiW9wh0qVIj_dS0m%!yI{8$D*OoY}@Wt z-Vm#?e7K1mh(+-EFyI15^h3xoBq zr3miAqM=kGheJ?GJuH2<_|}cAkq;XqWpgnZ6`Pz2B{6$`gM;0UazwP9Ih2REVa(dM z{-bQlg9Q4GpY`qX3!2YeiWfWOH%16y_D$-3m?Q}X#;+k03Gf4V=c%Rj?{^8(tc?4;#LO@n8yLc13dkiIkLUFVw8qn{T6>JU*eR`+52vB z^C|p89G~1yA)UopDfe6Rmc);PA0HbI&Ry!H2&7Kd!*ydW0K*y4T9*Kt*-Nh5wK40S zGR+~|vSp<@?u>aBpP+Q|t!070H(whaIu&3V+aBvNLI8gTqu-*j)ODfit*GIxF4Hnc zqp#Bhe#$2(H1uAlmVjSofkc5zxARf6<1Oh)#C>=Cchf#e%=i54*N_87Gm%;*_ON_ro>BuMS2o zM8}HfQ0dXav%CGlf!e-REvX?viZqT+z@5>_$n&W&7I0>(jF; zoJ!%vx)TRGQ1$V;jk@OMEqLvKh$q>56yoaBaaW$Y*v8MyV90pSs~jeegkRI+0$}U? z+x&3LEt_|&f`=2;HAfp|^=Xp}SEbmt&^3N!>AaWa2-54Zk{f_{Exp>nS_T1Im zn|Eh;p@qicrYlR58P9hfVM~*=P4Jo)Q5!S1IHU#Uq?Ehd&g6(Zt0>=bRrqOn zYGTkU5qRgxSQU8(ZHmIa0AY4y8=tQ%CcMlg2ZunDhS%!eJsCO?NzE_2>8fyUE74yq z$06xv_w*X|?GKz(!2PrpXcvou9BC{+u5=l9z+RSYPx9{PYDrD%vct9V-XqCa=xYuP zJco44n%SQL4l}kS?XjjmId5a}^3NEDWU^ zo>;JTyhQKI4=dc-eKZcUpRPz+()V3?LdQIJb%aILkr0IoTc)j)4NHiZA}B8}b3=L^ zy;gRn`@pN;+w6}fxNOT$5-9DlV4*YpFlkF`vI3SHjds!IsefaCKZ}*^YCf+v!T2o? z`_1xl>PuXKBBTETIzx<3_yY#Yec3O7>HyT#zzO)Wy zYObgqS-pwc;ph6*QIE!lH<+V*7#n%?htIbiAuCHhls+yL6o0j>Tm zq}*3oDZ3Q@Y`6aob9!G8NiJ_(e4(qLU)lDkRd1aq%L1>(v)o**{@+SIsVK^#+Plv5 zmi=pr;o--3Yb^O(snK2MGn#%DMp?*n*V|~^Zz26s-~0O3RK`DIPX{llQ_})c=X@Iw zAza<_T+7oNA~5PG-oZ_pEg8g5%6&5QmpJ0N+1k$gWU~F>)CUqFf&}3J`V@3>4L;Ky z0M5g#Rk@>5r_g#4M@vqKhV)xWVqiVzaq-7trp%^1jx$6g$;5#}`oxu_z7TACH;f(* zHO2BGBGxc_-6eH%@;*C)LR&l5_Y(|L%ihwnfy?Nrh0pIl63pHTY2I#eOHVS_vdnxr$26fyZ(`cajBy{8rdG5 zjLzIi3l^3>liBOuH-oh_kaLH#@)LrIkyksxQUH@@fGp<7sgl?$D zO)Tr|g{K2prfi?Gk;lfHd#Y0&>u4>vyew5w^Z85Jc6wFSN`5&scO5~W>hxx<`(;vJ zioVIe0Bl@t1cV8Dwo|Rw&-n9Ac|1cZ9;8mF9!q>F`tdljYjlA2V}nYPROuBP6}EP& zbLQe8f4tq9H-6a!hjzYHj5YWBFt%qsJX2U3KDg;)6d>WW5)}`6 zMLWaJd!=iROfO}FrD9U2JTmVtnM7{AK=wy;dHbaKwPFx_S36(P{C_X!-6 z1M6+9zG7I}PFFW5BRpJ3XpVhY)*!|pLKD%_lr*@%XVx@n%~|X#C>GJtl(0jV=gejj0?}cHFktyY`>nKt{Q7PsSc`#R zdUhib5m!!2zZDx@} zJR~;zVoPTtJi#6uK~-3vyKLra6uV6~qnbpLqU^UeaQrBFkcuZ_?Z;cYIzWF)*+Dr< z#88`Q*LhD;e8V(Q$?-uXvJ5`=_p=8$4haRiQ)njNqAa{(HDv( z?XC=NQ>-4d%`nF*9<|%N$C+EOUw!|ce{y?go38VHm%x___eXgqBCF+hd*2d%0gj>J zSrjp-Z-KR9#D%lX$vQP!@7=!Gyx-LuR_qR_6RzNi+g%I1;ruWBpZ_t6{ImZB8u1r8 z)xtu9Ji#RE5L%39cBE$jn~TKy(b(c<|6K%Pf7{J%(TvxW&ox)%fsHM{FrJ&-32<(1 zE?c7P=I^eZsF3zXcAbB}KTTEFB8zoS-k33dQS%!mGrhWWv(l_RLV_pJ+h#UefMh91 z+0nbj2J2=Wo{Tf^qA<&uD*7;4E*;(`a+d8$Nypn^%5*8Sp}%^vv9 z4owK4(Ts;F@F{RI_O(`6ZKRst4JmO>w6Jh`CX*tv^DWy4#?U+En+CkoGJ6A%7e)u_ z7MxF+u+`V0TtJvZk0BAy<=V!UDbIlFyd_RmABq?YZAy~GO)Y!GqmL76+y#j&Ng7XU z35qd3M+uYu!nkxQMSsSvpT;3&W((FEY?G;Ji+5i2atTs|r;iJ8c^jR6?2&wM)#yp} zTS8zDDZdhX0f59>pcS7HUTj9&O-WW?<}AuGk~uR5n0}CF*Yw274u}gzMt}O|$Q396 zMOyTXV5wms(^JTlG>fpbye`OKvYaH>oro>=Xmrrb-U3>aaUF@4^8T7G2h5+})RzT3 z+ey!5ZeoMYEOanivlgc7KV7HudD3noC+;`WNg-_oZoYAy;+Bxn{P`8|>>w@rSLXlE zblU$I4E*^r9HhOsy-b+W=p;?&=fqN;!+4%`47!2b zj0ea~^4Wl*00(G@P3?$Smti+knhSBdMd!Okb=Y%C$<`hnFY-a|mN}`UL8`8gUIW|? zqCJ5!OUvM31-S|fIHKc)!)+{e){OP+_r;}6+36SV3o={3<=31TY9wks?UOzFEuBP<$#}&kHviGHs#cQfnB@6BrUx~~i zk2r$kl+vG=TV{vxOrQ}y+OCBYb@D^3sR6r+0MeU?jM33=$4;y`{&O&)N4jwfc4{>8FQzX2EF?eFuocpd%;_(^q<;vY{kZ z)rx(bjHS22l8vEmRHT$NS5?(DSc5?V!K%FDqIo_CuEoc)+EV#XlXwJ|In%Z)JXdhO z*60e^Ua}S2ym`l$BD-&WZ&KHB@#2!O(nJ<<`eYO<+jj2?#Isu&R7f5X=pDsP9!lcL z1@-d@+*=W46yfCigA+aC;gYXgTx(KwNv7NJdL$~8-P;$y_nEj_0&uv3Ha2gj$BF~v z5L?^MK7b}`@pLM2o-wXxPAKRvl!h$X8aOFq@GF$)4Y!JO`gL(tSC9W0FXP#GJ^O}h^$)OX? zA*Fou5;L-^jdua&KoV3klCO=z+Fdefl8q@U`ZiCt&xX;B1wp8Qm#`iFJa~H#l)BvG z0w5@1`+~I&|5pEI+iF+dTFj*GMMDyU;0VX<3huZ;ncN|P0RSquWgJi|eQ@J$raM|J zDht{^alkmSQ&czR>1y-d_kP-pj*rK^qe?(azcVO*wtav8 z29m#zg+|oMx8CSBpQ+tZ`exd20?DMB8dvB2dZP0~zl_Gt@7-|Sv!?|scxR>TNE3hb z`wPIqI&_h_Zl-plE(08)#M;8}zgb3HYafKu47WIL#;GAh7^+bGlpkn%8B#8du zzOJ?<77moDRcaSo)EB~FyagtYui0zy*g0`iO$tdFB;BBk_8|vW&$;0+LsyU&8~ZN1 z>nI5NhYg$aIRAG)H=1fT_N(6d&H!4#*cJ==1(`TfGfYZ_! z)6LX-PRPvH%rDXe9;K75&}j-n$g4kG2|AD>NX+w9#xRFh2Gq95EysawH-E7`QBTdF zq;pj?c_wiEI){%wiC(m?%R5{E+B&F3AoVD&5MJu3~i7wqGB!^2J#@+s`McsdjA zL=}j`1whn|`PP{olntVzx`(a|D#YR^yQuL6U|AQ_V{ABYF1Txf7@x50a2bYf-fX#n_9RFc@{WE30-_FS}sq6?1dnpzDN%&xo zc57X-t3@1X7T%}aTzdTi2+}8ghwm&7y-20&zD$_63E*gdF&w`}l4RY4K9;z!@!klL zLI@}Lt0N(&(8{-tikGY9waRfyph-8z)1v5!o)^!r`}-S~U6EVHZaadS;!VbDPRI43E{&cVy^nt$)c$xV}gzv8t z@DgUW;j-yYOxIToKW{%}pw{L&U?5n7VyaGUumV!bL{EfGH0*!)I+bhKPw;T>d4 zzmEgQ`jY-~hzbYK1yEDmox#f2it|m+?jBZkQdsds2~~d3u#@A>nxJwJ=SlMY!a+a4 znnQ8{blt-$qoNaVruCpcC5YH2j4tjH=Za;7QlE!=s#CB;m8ZE%1i@^;g!n?!W@80zbPFMI(ps2CzYpHyN= zU!9^GK^;f3$X_Fm;ma@B<5yIk;#b}tC2Ie_rIVoy{!`HUgx<;s<=Xb((+RaaC%ucEYmr2;BdZbf%%E&$4@q{F@AB~uz$5^HExmLcW%+^uV*H&rNp zr}rREmFqVWy3RCC`WFeu*P6#gS6$j^anHsmq{{EwwO7Y_G;WUH%0J^yQuaIl0BRqr zixcWGS4@bM;?!8upOBV!tQ3B~^A*h4Lni?Ls=*;q{o!&vo@^BTU5bCfIsVyOfH1=F zmhC7EJC)X(sWTh^GIL7axMB3hw;K)T$+{XhIdp2QzN|*aQNBz@{Ya1pI99=@&IR5e z2mXj2VqlR0gbJLfy{L5P4t*XRdh+PFYusw#fs@R+4IH_lI=?il5@9>PL!8A`JS_i4 z=JWH*r1k5_z7(_wq`!xaIv> zE{=u*dHRWc(ToNv9RM`|ssprtA0~Wv5v;Z`QDBD9eoNiu)o`Ca!YwPz<`Y7B_8tM) zw*HZc!^s0@?@wv)AKXUzV8j1RV*6(k@Vg{`SPAeoT!mDY%*;VT&=LI*$BnNd@8GG9 z5#sBwK1Lt)d|Q=`?^>GdKFTYQAkhcw1YdH^jYlFGq6J>_xaWo4*S`jU0)ZVBx_=yS zZ&+CHsRSW2_ zRpytI9Dv~Ykq<5eA9Cez&XPc2?^YgtIjGzQS0&W+Leq{i={~Q)8uDLk6ea%nEc@^w z0N`~`haM9yq%VtXN;-hv8TzCdflY`$C@I)aQmn6kxwBJI3s)hSr4;8w%gW4G32R@5 zB;Y6Q|2G|t2jO=wfMipg>;+(V0dz0@bPEntH2$wB8#L5zzy6#5h%$JuAXv+O%0tNY zkw@BIR3-C{1k>^}tH=C7(}9W_fl3B5B8Pg6{-YNFokyllXFKcZz2c3U^$+ICp>0>R z^GuzhL_%Sg;Utyz4XM0CJcjgJSptOc7EAP(Hl;XXU!w|6IVIUR4)gk4N%bQF%=aDZ z$AT6lVzqdTVDrOwY0=h8ieNK6ysE5tM=b~ECvDL?zJ{T$^yZDs3~Qd}%P-EmZToqA zv-(Cj_hotDsV)FV^etGUmC9DYkq~-JLQjQPw-*dQK7^)DCNE~5F?^7P2GF`8AHC>I zRc_|`D)U^0HB0a;_Z0SSi&@X1Y#wJ~7NI`YB97J(m(3szKh(*ly=mhEuWGZk<&Y(D zw70*K@5mXXst&w#3y;C%uPjBhP!aF-I!v4zz`UIp`y&-@lGGJCr-@ro_ z0FfO|dD%=s9V>aecFLmL+@=lD@Z$TU2AQfKk$AhbNcGCEGlzQUoGt$degWjw zoHGCc-S^KwUjPRtzDi0p*_dC6e8oqe_ygKeorjGVz?MG21weK0&_qVe;TXWRz5m!4R+8Cw}<6vsFS#x(9!cEe?qn`m2SI@Ulh zXZ;rR?ktZVYwoB-Uxlf}i(VC9xT455_|wSjc*yw}8*Gh(ja(Wk5VA=y!0!J=gwrvfbD zl(As62ZZ;-xPorUMtXL{sqPAlbHkYHR)ed?sOjeM4w+9xN+O!JYqVUIcYlnln?@#( zY7gntzbJ}xcUlJ1!X;Iv71Vqc44$()n%nok{`oGB)Hv~>?<+QO9{1ZfDK%fS8fD(6 zq2>Z3_0XS-(ehH5qA*l89!>P%+&I;Bon7BWT8z~DRH*YHRBD149#f>IYay>~ zE&%d-!R;(9W?0FdrnCrYUHLnR08+DoVtDQjDpB(Y(~?fh!2WhSW}se{-NJ`u&s8g+ zwSjP?w=zmeW>mr2VR?ku8A3Pq)tbsV>uU34ivh=o(!9dF1IkUBu6>n7+RicMPX+we?yKpUJ`cwn18FJ|}ui^UXWj-Z!KBXt`(hy1HvD zBlw!yE_*#dwM2YA-A=sg%bjoOtAlIAryg`e1hV?b>U0Ia^)Man!6Yx+My|fnD(Q&O zpWm_ndU%=L8Z(8D`0kx?ICP62Vl5Lc0M1`4u>0r%KBYYYXM;~^ca8XCqXm9rBJP1w zo7lt!fZGA!vYlc$LH>^RNQhV?&KAqJHqvP&SU1Tt!POL_Z>f26vcQa7XwI3ogdOVi za9og&_35rI;Ip^gN)Mj>hB`ZVrA^uNKFqcJZqgZ68huuzI!~?hsRwgol(Ym7ayb@* zmUX$ivqZ3ZvE^Ctxvme#`yv74;=)5c0b(M;cVzPxS-)}UlQN?BW=B-8R+VU- zFA82OBBXb)?b+nfeK#|ty!u!%WI5j(f@lUJ;gCj_9I_UAjOua6jj7(XAZ%Jc z=vL$Oq2dcYYF+C1BNCUb#`oV6KAix~`=?t`teQw!f}n<=Xy6bJzCirFO*{}@Oi>+b zsO0pcr=`-`;H~rhA@(cKNM~TJjc{}3#&O3;g!#_qM+93!=s`@Qv2`0n=lYwFr*Z>w z%lf2Ve@B6&f7KuGhHbZH+v5n9;~08*baOUha+^P`d$eur}XpuqWL%j4{R~nxQp3JlJbEx&1;QI8rp_ENdy|lN3J-V673?(2lMc6 zJ5B1X!I& zTYWNyt@hWv-K0i|-&X4gm+wnFw5#GB5o>unN|bg15c@N3wq3qyE4&PgW}0IdOvEknnIRH@#TB9|%^0AyP<(Odu}>i`pqQWSE0*q zb$ImN;424qAKvARc&@@E+(Ik3pspNwYW5DE&hDkXvs34ysL)H?b8d1_Q9!95 zrV|;~vY)!2o=H*p5KjLlcu9N`dNk!0qdYo?hTdu(Vonh|k<(j0PB>a6;Dlq2^ zIKJ92HbzPhxAqRN7VgBwAu^qwKixf+RA19ruf9Eg+wM_8W8%QTBS*rvjOEhHldhg3 z0lhcUq99#riqV_(Fa3pg$)z5{&Dk9nc=iiY6~a%F8v2J-C}U98T{vk=Ny`vadszNt zt+nKd3|7j=T`}#q-F)h!sWu8H4G%D9_e= zrn7d(X*1Np3R;l)E=JpUmPsCG)ozxNMPUNPrLGZ5T=cY%UL>Y-WwN%xqD%~@Emfhk zvi&S54oieksW_h|TL~5b>6qXGmX&E7kJ}(Kr}R0_=EnKYU}C~BsV|QajSW2FsagxS zo0ACUZ^{AqDiaqd8Gc@d%d^zsiyy4$CzJ0~-*8P@bgZACuuu)7YPmVO9a$=9@U-E2 zp8#P`0F^(dy7X#~6@WqOlxRxHCW)p1E|F_m<3_J`h9b0Vj7hJAYEi4k0y??B$kwp! zgEQrBrAwnyF_wHzZo-$VCTtM#<7SMhno$NSac?ZAqL*LwK#K5LM8jft#-3amKXAP< z-8H!IqTAJ#yqCe{Ey_Rzu*(V#6#1Kb2j}l>|B}6I-ML4%c&esLZOsJ#e!n%tunlV+ zdD>j|ttkbmnR=P=5kfxm+%eIbDtK6h-uJ3r^?ARs`PFExjGLIawcw2_LqcErMe;!% zdjvZw5Q`jNReYXKC2BXhU`v_d{d=y-HrDm@%+Qz|q#oa!Qe96Md(PI^&R6IP;-0fz zZt_B+%)VZ2&?k}!U^-WHX8Ji2ywhTW29>V+-|*wpip^rRX3{IBqNC_$xUG3~zeZEx zho?UK01N5MBo(DhoFcjxJJK~m4sUR2pVNJ}Au~hg41IV)*7Pa|d z#QCna%q~#qiOoQtm!c|UyDtDt8ZNlIN9H>&%gdE%sXKY;!N$)gqdjS|$Mm0mdX|KJ zGu`D5m5N^x;3D4yu8*+$THvCvup>XLSIp^6tl(VttBp2hOonz&x6KpR!^e2^E&rxC zu|OkJZOD^{=2AhN(N4zGa@6L(6QevDcMTC{k1dP1~d6g8pL?L0#p zb%ifrN2ZmFxC!~u*6~enAM=v}P)ZEiYX|VBJe9!4_4l?K?w|CuQD*o4+!*uNA#yhE zFrQ^9jQ)(Z)!w#UlAJGp!Y^?<>mCCX@B{`t)R!kPSIr66cfiPgev9U_fOz$EL}n$)G~D+zuGe+UtZp)&nA zLs1*cVXf)c>fMnl;ohQ8>K?ERCUmaXE!y-aAB73e-97*4;(hSNF7}HZv^vF}dtk71 z|9o%oIyz9?0Y{5b+Pa;r+K7{0cB-9?rQ&^?#aZLX(ZQj5=dofzAI~d3&7sz+*mMBl zzO1NgN9$-!d#aYRF~+6tQnWGs(s0fkPbb;NYCqm)Am|WwAI1Ch6iKH_7*~9O3`{}f zJ3ivVkG!U5bVIFcO({OiyM8BMCW!me zkwb1i(xn%s#65P9K#hw)rG*~q3UzNr6__rr*H6rCY`$YuZ*dEIL|~-yh2$4o_Ur6x&-q)9gW%Bdqr2^dQ<4n?C3mc5kJ={x0UOzXu@(>>Y|SZcNe;Q-HD^*u53A8>1$9rJDZzs$!63PF1IW4P~S=`b5~)&M#aM2o7=EA zu|qLiZN@{7e*MV*GG?*T{@upQP#wj>o!5VhnSAs}Bs0FZNiFdE;LwgJFn!SW^ptwq zP0q@bq(NSiV^_tG&)=3J_~D72J14(_YNtE@at^^gFUHkdvHrLZJ# zywLXb>8#4N+p}(ubYgH)XIW2-_ge=)PWQ0x+r7ROYc2;Uy&64Spzryqm>sDgTQ=+5 zWR*)d;^bq0W0<(-jsz!wqN&+$l<<%n=w@7)Gv3uzAn}YnxkoIm~YpkFeT3|xy0R{Ip8{4P0ZHkSo#^y}qNQNd8^ zQ}Ja!=#el8AMDardPwbY{T_wo`p?*2gj5=n(j&pae)-~{yp(;}+MxRYxiY4%B>*Mm zc+T(3F>S>CupOC2BT{Lu)pB~S%4Jo$Oc%V+@fp-6sX~4M)RA^j=v{NMX7KPM&hv{; z$NKS3H7-{m`+Oh^B?R_oB>@gO&GF6ua%X>(p=ZX6(D#T9dv4k zWsYna3JALZNKXwaw4jfyT}JUy{IQuehbFz+YWL&3`ZPHreD)-D26#>;Wa}*u96l9>aaZu!&rxE275raMJzh9 zuH%*1o%7*{?KGH7F>2;bVT9WNMU`-GkgzsCU!Y4PS3@=%;ja7!ppl6MenrzN}6n+##yE?GC$i()zHePEL^xr5_ru+ zEaK(2$io;t4qxlW`nJjKLgpKHgPgdv3mucd&0M=ivR-QE{&og6(8hSqaaKTJ6T0v5 z6MU9@hG!@4-tYq)T>{8O%RMcYn0y7Wl5oujlbpq^2)Oy4=Hz3M#)5{b@3h9oatjJn z43&wk1>`w^0iNWjSh)bm@-?yY%WKu8?8N7jm>}1eH)8rc1fOcV$%VW zvl1o1+&jb^m!H2bLci@X6SE;&F+%J%E&1hWM}EpYhcr;);dvoch`^5S`mQI2Nv0|s0cu0Rjb83sf2Qc_w zgns|9wttulMo&dO-7$}?3R|;Dk#b>S8=si6vQlG#hfxF$i3^cNMnIA_K#;5gaXQ*# zIdwW)j1etEfeDnUN=scVZ7uJjC*67DYN!>y*P}XZX+kf3dkVgVIgaoUBU`V};>1iR zyA(O4UR|9-&S}tHpW%5+FrTEYsLk{CSDMY}uSrr8Ffg&Me57{>JG;Jd@Q>w^q$%*3 z^SiRBfU`hf{KCt1s{QlczaH;4k2uX#3i(@92%k7J5ug31iWP5@sP?bx=bQmwqE^6X zVwl5Ub>RP7MD+J=w1Zdnyu#_-$~Mo?nmSZt)k4>dm)kWrW|=%JiH^LMQw4lnwN=s4 zS`YdSa5s18-U;Y8kE@J6mlSzh>Lg+5q(qNUa?39I7|SO2{sGqKMLCF6uu8Slw?H)8 z@fB#|KfH+lVv@i{|EW+F%KF;(-P`eXecK>(!Wo5b&Y$=G#ef))Lv6Uy(H77v501)4 zX88A_PFg9ptu(xT9Ls$7ZhO2dbC&J4P%K}Q7)wL_{#QT^q};=Hlz?)j(8tO~img}uD7CNl`Q$!+6-bHLs-G|?W-IS} z-`M}r_INMN;mBWRN4{l#^#v+W=Frkdb9Avw(fnNg@st={*C(X_zo&zrs$#vau$(gx z|zc^a7$UGX=rhL|R>dJ0~rVYL+zfS_e7H(khFO1b?g7bz;Om$14xt(@E>1dl=`g>OlO$@SUDNO5xwWM_zI=* zFApqq3VKV1iH8@yBB<#4hKk>PqST^&Z05D{HHX68e{_lNy;K-xy#;gD9)A~cbXE8< zCi6!__}n(sS+0sX%i`MgGh923x5JB_3!o_n?0^$nX&#BX04|+!V(Im(gU9!JUh-xY zx)V3=Ma$VonN3mOy-(*pu)={)Li_Fze*ri_qi^V)avKanvn`1n42{p zD6)#t(aF>^Xs>H((BJRB+8H(wm&mdmMRt!}G7$fC4u9O2MBd$qVw|#3n#oLy9!im0 z-GcqMJ;Mt?Gx)5xXYVMLL?~jy^itQ=NGpqMi3c_PB-#lp! zrh1^sE{u4QsLrM<6k`gsy~kFQEMkYah9UY_F8~c~Hp{FBfudA^F#;!owZ02cK#coS z&kd2ZGHk(-t*fsQ=E>S+okGIT=N@#Q zhqdw4XDq`-Pt}wPbG~f83{P=vf0%lS%rvJqc_37{>)}`qIZG1Togc9TtIEvpPsP#M zaqhff;R)y+m?^e6=nzb~W!#imp6v9}@_qheSjBSez)=+aH7i|il>};@0O^$6UcjXO zEJeY`9R-CtBJouNLpuTYFfZDR7M7fue_ozA)qOXAqqQK{CiKB4wLTtgSb+wDhYLpe zIR~nzyRsKC17S(-G6%=ENTV{%EkMO)rU6c~)Nel-x}gquyB8C_^LKH)s*15U!>Fi0?=J z)p!8~ z9Ik#`b7~5=AEg>0qIQU?KC0%u0^d4&>#M^Qh1my3DYKng<~n5w;esEvr|gLt&OWY1 z1k1ZT4!v!J56WG6j(`d+v{wLj@S0BKQk;^~dOO4aV(&epn(WrK(I8#A^o~^NN*6*A zq=`sTsRAlBVCW?X5(McT1O%iB2-16vAiZ~_1OyU_R7nsaK)~;L*IsMA>)m^wZ|^hC zch1;9&JP9ye&xxW&z$#t-B&>nqFhw3ZGTcpxwgAsGH>Jz8DQmQBDL}b)P~SI8uNm>xEEZONb}&|Zf8PyE3AA3SR8VZk9MPlv}#tVc67AGFRLix$JFwud2Nt3 z#~vZ3A#fxi3gLMdEu@XL3byxpFHB-hGqe=IeGjw;w7mwTuy*R}ks!Y&oAU8%Hl^$9tt9);|OHp&PqTJef&NQ=PHrsWsPP@c<)DO^V&`PVb z`KrB1s(HkbluY2N8nQylJHd;2Z$pk?$>e9YfyU@tk<3^W^~s$MGmVDa_h_bEi=7}c zSY>ykG8+fJo8O@LU)-cyav_$lpM6|_$Q{c$>n58R9>+dnlH_Bu9lizl3#>%Us(`Rn z(Fb@BR8=UF4KjBt-G=qsHemMRk}g20FDASmCD7!Q^O#v;fS>BTD4F>hEp?F!C7wH> z`x;D8HH?eehI-grvT%wd%vmgF-Ikt3&fnny>1ZqlcvKpkX%6Tdno|IL8u^IJx#Gpe z1*E}625E*H(KY{SO?K!Izb9y`fWR`5U^AEpfrGA|e3i9faBAhs%7>Mi)(7Y!^ok*A zp^qMmfZP;ya{aAJ)e;r)WvM*RgN2;{4kQnzDXd~$s=Tg{5kp{$RduWd(>XMBT}p)P{YGV95LsYnH^T9?L&U7UIr(gGg|LdAR7?N5fQX=X-h_#A#<#nozs= zryH-;m_TYsuT41hZO{*80B0f2qwJuArQgNm7@u>*D%O z&0t(+Qqbddo0xit8c7jQmJJ08VI=V)Ku4WJg>$_4bWsc}Z+gVhKE-~!cFJ*8?V>hK z*2WKL7UJ`wpPY2;dxv1f*8hyd4jwysI8$&@B=d?%S$)I%6i@T%+ptq@b-3=-W$!hU z`}-25Kk_37D8B#%s+acvtl$VXg9K-O@n3uhB+V1d_iVK~3B^D3@Uatk<_4~@+KORF z;PS2G9ldFMM?}E=R`dElEAqb==6@8o27P}}!?=lbAw`33{^hucN2XB8?la?l!Ga)q z_653cbbQ7`Y!GV&!&XwCr54a8cc%?g5KpdZf4gE<7u%!P_qMpMy%iWVzO9$7KQ}6L z`PpRY6ZbBMAxTaQhIF+()K9P&f|*uto+xYn+heY}Rnn7$i?@mR?(Y@r0Ua!5Sj-~~ngxt`p8Nq3FKMa9s{tZw3fKcNHf{ zRzibr%;RDnyOF_Cv|2I6F{sy-{1d-eZ5?wMuUnv}%;x)jKmwjyeuB83PxRIIK!8*M zs6-q4LxV^!Cpu^@Nq3U86|e$D8^;Zb{K=zs?GIzfp5H}nG&dVaLeBH@6=<44FJ+5g z2kK(wb~pppI6qiGZVuFKFH?lC>qFUvhx9%v2BxRPlF-J@PO9>a!`9w|UjDTvC;qqf z<)&H=8qB%bh=XGeG~5VXq(|*B$Njpkb(6AGOsw8j^!`Q_qxd=Inh~Q#y5dE#lW~?t z0!DybN*WcY%6ZTqV?(N)cc&8fLz3f(jV@ZKy-~hj^Rn~3CX_#*cStM#xlN`(y~N{L z4Y4dI!jG8rFK})%+oa{(z3GO43+v6UAG4y5CZ@(VS@`2M+uoeMPO6~v zV@h5hZn0K3B+SIj?R8*D$PmON6|3-Tke}NsoS3l;M~RdYCt7V(TbYn5@*1mMyg&Nq z6V~npCYJ>1;dk1x!8Ad*JI_{ELR9F|4X~rYYz85TrgAa;+8|o@s$@~y!=EEFuKUaW z^}vA-tbA9cd?lDEVnNj0Xyz`8gJ?c@~PBS!4mA^HOdkOy1w-uE?g1SJlM8dr_RE=8;?ce+v9#Gl zi+2^ghxNlc<^`>(vBEz5_d5&Ni{IWL^gej4%IKEW-4t{acgLp`Rsq&qwR#q4YHzGEOMjq>h@M5UD~2-{Y>L3KYTfg>Q(Fl<~=QR z3T$#75nXX3gk2r(ocy-3WYu1Q=Cn$-vbAVd6Z)Lw)u1+bn6E#=7xrL=XiaQvgkT0h zGye7|NoZp6jQOx#T`Nh;=tlwmX*+$#3;41!iXtL`UPQsW^(RS5ohJ5Aheiqs*Xhs6 z@Wi+*0QW>T?O%sh;mZ2YKExRVBO8;3>0f_{#wcV9eY@miHO}7^y&2f22Wxxi+B$&F zDLR9wFe}|FS0O=UnDF;6WUQDLpkmO#ZNbB5Hm$GM9Xv_zB*XHkO8+=9sUHHyj#fe_ zgHYE%XaywmV*%97&(==dd%)N-<6~P}_$=dHUqiURqT?oqBdY=tVem|cb1vETjWo81 zkU(?N$c~1Ola83Z51o=vTL4zWha%*bWK7I&ad(I?ENrqcaxZf>;CORaT_;$@eH@|wklq|`{0cHxaS-3e4Z$II7& zYqh?@LD}R)_Z7Qg*8Tcsb8+!~$CgArS@fb5@A6{F;w?wX^9GNfhNPyLfHiM!7M~6} z07rE4BS#IhzY;vr`npg+Ub1MtpzT>vtz)MVMM@n57+bD`$lImx{+N|c3bS9T47dQR z)@hSj%f-d>Th3|6hFWS4zAZVDvZwqSptR=6PPDj89XPo41u|caXqz{Vnp$&wF1$|KqQe2te2O;Hk+#sT5+!jHPaB{j9e7mHyTI;USf2|!I)?zQ`HDzF!{(1l5GO(#n& z`IN6dc<_~1iAsUJJp@W^Wtd@yctlVwFO|HLH$iNGgNR>Mmx+;#Se8Oy?fgz&zM2c; z2_M)osc>;4?it&2)vSrt@OMHb`+hrq7ZU#b5y%whbFKwZk;7$G;U&)*rgn}^(Ut)^ z(EIfB5K{e`7R&5Ag6@;j2C#|Juw@;>;U3Rs&^O!$HdG%cT;Rkdf+Z>XxQ%2SYvGKq z3J7F}e$H=fPR*7}3>=-vGYTKuBj%3=t>bOZZ39IyRF_#FVSVE!QxdNA!}`xJ*;~qa z({<}xlBSq*g>c^8I}{uv#4p zAIDDij5WL(#uhAmvJE9xgGO%+Amu^a43|<)+*kQ0#bx!`O}@Gz?#N8cn{W3m*uCw^ zS|_M<2$zEvi?Y=uozBOF22-m`A{F)ASOAsZH5i{I@EpavQg;d=FFAo9q@AK%Qh=A2 zyF_smK|J)aEt2Kd%C%By5`Mw}6mwt6rG(2ee}eWzu>tiq1|r|8QaQ>ss)alrQhMti zqQRS8OBk-X8v8R5#EunO3(CcG_sGj-wr78GHksHyds4FiNh24SnUhDBzYM$@|FiV{ zu#CTYD4{swVhFU;&W$@BMw6ua!%1RFolYzq^5xP?Ajr%v32}+%op!dA$#=h$@sa4V z>O31a1Supi1x;BI(J|rU3x6D3Y?^Us-c|(~qbK0PC{Z+dbZGoQXtRW&T zo`Hck0KEvIeeQ;5!@Oro#)XJm^qJH*w|^C{w5th!#l<2iA+{;4Eija^;41bb#l9HH zaVn;s_^6s><6vK@Py?NgsZ7Vz^=I~smw&^(?AsYy{$gpfBR7#1^)zauP5sstU7lpM zB-+@v6BHR?!9^*U(9flKm(3v*?Xpk3W-$3nT-!8yma%d2!_2@rPn&6m{gU4mG|R@} zO!%u(FE!?)T%=MbGQ`4WhmEP@!xl0;zjQmTwXcW~;afXiEYQ7_kmitN3eBE0u_JgR zrp>}nh`@9JUX;QB0*!{ra2ofCTlY~MHGDQJXnt)U_e5JH;<}Z_vta%!G(r_1=$}*6 z|Kf%zyL{k>>bQu?kpOO(&sYEb4RaNlR$yDOJ!jGQ$&axj^{u3b7r3HHO!Jw&7Os;A&bsYvk4 z$Nwx?0b4*utZ8R!LbNxFtR$r#XHzu(wr6JJYtL2N{aY8ieyTtF(9!~k&t3ONn(a+M zY?nmX_zWy*CsI332DTYJXWF3mnsT?%#SaXYs=^GihihBsr$#t~mjBkWuBzO|E6=nG z2P(UfKrCL@q`h)e|D3!bcuSXoDYKzyW}iLm#Xa5-{S20sCIwa=!gpWc4m32oiVyOO zcU0-X_R7mGuauA5;L_WNjn#Hd;VZ)}P05oLa{O`=g+WiqCieu)m=l|c%~kCU$RRI# zg7`5Vk$7#W$Fo<(yG*SCR>)I&!1Y2C3d-EnGk49D3nz~Inmt46ch_958aQ2IPzh1F zba>7Hl*EmiV@SBI&bEKV{6sRD>X{1jVFg%v_KnRx^o#9 z6BGHDCs9FsE@uXDRlnl&jML304xrz&c|J!^30Gw5?#;3?_J)y}T1!Hq(8l;Y&9decW+Yp*(;>n0WEnX(;unS+JhtxiZeS3mK~- zhIw;Vn8RB=1I)Ie-w`vIIo4@t{i(Qw1RJYefIn|tlixDuNKIKdu_=hzXP?@Q%O!_% zLPcmhh^?B5xuSBr(f8$PTjrSyY~+50oAUc0JCUZ_p2Z@4surNpDY(NZVRyelLU#u( z!lP)>9BBzjmpg8Kb5-)_+%n3czCKffAk~;L17#YvminPq1o((II(eeufT^%NT5=C-kM0ORQ|+Qs(3FoDk0Pll{kFp#+hnvT`}5mU z_tjonb1+tHwosbK%+d4y8|YIS$o3Zi!}upp@4uS1n&RJo?}ne#2U`6G6}{yA_X9&N z%X78jW1ulRq6xdapWKfnwP~CWDML$M!G$k&o1XOtU$X96sO#EN&9J%VSGvgi&c*uWLkeyc z>W1?}^#>c?)qs|<2K(mdVSa@@dQ0NUS#OC-~i> zVQROq5kEcuyA3kXUj1(n9j+hM-`hb6lkZbymp!0|cj=5fdI3%mYmnSkeUIL`4o zMh9!|WGy($*uSJ(0F_(NUHhcBptcTYwgCNN18w33R+afWGmB$nUrB5pnj>rhZiAbR zcz2nYAGd8|{UXy>BB69gx^5<=j4^jL5XU1M0v~#A0!*fYByhh$YIWGVOlioz^rGQnZQ?1* zMe$m+V_iUr-rZoPXz$yDRv&{UomJ~1y4w~i;|iQD?90y_!;T`$%ZuW88X6|tHa^$r zglhHJZ`uW>ynRej9nwPp);O2Ji(yTBKD(iP+dh7KvJ6Yo8L`PJ42W0=MQ(lT|-Kw&=L*lEh7Y!7IY&nVmg=0ut zc@aBpj zr?C2e&u3wR502nv0j;7&Z^zlg5C5KN0tnCL4XW{QoK=O4F=OjASUWF*bi*`T?8g_d zADfpSr_uyTM}O|=^$t4t-a|lAb`);`!YClfF$XB$0?a*wH|@-m;9FI&oY_roT5~7g znuW@uLMoCSNO5a4ZJAKIZ<><5yBYZPoeLBZA@}i9oDo+NMzvE#7QRrtI`+m6=kKP7 zYtwE2DSH~*YRKi)f04?>|L*or_*54A%4SM4sot7X&?MlivQ!3E$p9TPh2Y=W0LrX_h}g!A|n-y!T?bvi~{iF{T6 z)Ga*xbKWP9h6O{~oe+^jcaeE{4HwguLx}kiQ@V4hjA`9rMh2x5H}s-EBHDrgArGK07KI-muIe=!|8gp*xP%s_qP zvki`I{r0E+5Pki*BS3jHA~UM%+eh5zLT62v@4e6dm4QV#gmC!{5@N@6Tz*lx@f$Qz z{}+PRe^;mfpO7#A%4O;8IP~JCg6|n)9WUQ*{e=tk2lD10u}|eD5D_AF$%|an_wd5( znlxd};^{KjkRa@e2#DN4PI~!cs#Ngg9AWB&fWEkZ}sqa#5u8$g((1X)Sx7SdZ_dPUn2;;GJZ|>>o=J3cq z9pbG5mf^|t(K!`w*W$gYa_C-pdA?qNiwi7GAwP;igqJs%@v$0+AQ*HdSj85210imq zIV8Bba%a_Rf!e_E2M^TgRUaqu(j_ZYjo0S4;-QV;3*MiSf-`n;Stl>v$YHDqL9evP z_;}XY{%Dvr_Kej(hfLY^NJs@6Zq z$JBK#Ga_myz(T7uG&{$)ljf6dgfGZ!$yJR_rfW&vri^K4&DDDso zrleIqG?`2ZetrzFP*1j5+Bz|kPx2~0fVcAGus*-h!DHu%U<3U^{`3C$pR*h*z-m0k z+FT|~{)H|1w<@1-;8J>LHt2e514bwW`f=ux4>F})3Nbbx-jH~Go$`}kfJehD8Rz}T z=k|Wh8X|?B1lQH56FPJ0tWO?u5n$Klkn(XAD2V=tYMeeGf7kdG z%g0;IZD~Tu^`o`()bn7rWlm%#ZlgNHc(HR75?t3d@){YOn9-;8o>z2`!v9zWwfb)h^2XW5aJ+a}&1 zEuVL8Y^_XyRzhC?fL4ho|5$NCP8F2ce|hmVQTvI{cLsu0Mdp3zMG|IL9XsC3eZ|Fu zydtBrD052mMuqpThVMidXVGWDP5nG3OSsg-xaE5!k9jx~!rCQwfMAL?w^hdI(WCF7 zy#_KLNAoiTrX{^gu0K}sDigL+e?Fp~Ch|t?DeV^;+#q&N4=0OGAYXumt+LrfKAYh) zOQl%;wxTsV2yt;P`f8zT?b&7-|E5-?&X82N>T(uNe54xLWWo78Lb5W@ps27_GRy5E zO8|wCLvPnNr|hdj#5VZ!J5@#;u6}$1O#B{Ww0jOH12sO+K=C)`n0;HJjk)e;!H>^n zJ{~ST>Axno-#bgrll0o~%93VCPqiWC0VDp|H2BsU!D^cg87{X+zHv4!GraUnyzt@2 zREQTiu~TMeN-UmpHFx8+fO~ZtBOy_+d*;D@0%omyR?ZKZ9)Y-XWhcEgJ0~;!;dZ0e zsrNP_W?{`Gt9g1j-Z(1U-k+i>EnZ5Eq#$VK67)*1s~U19(cxc&n^L}g1hqGwWw%Uk zkJN>-X@j@Du0I_ppX{3K8;!6NIaj+4)LxfgrJRxCIW_29(jDKXv$T}Lar-=T%R2(! zzHa>bwO{YiE02u5E59KB+(1mLbnKA!ULQdP{M;00JP9s?N3_eg&xpSOMy!?(8XM|< z9!1s<7DWHtC;nj~XD_Wablv}c^p}2wAxUne8?=EN$%nEou)mSEyxV1cBa;~vH!!ue zSDfQdWJp^1C-O@S5_+Hy@_*4Tjg{~HWTS`E3q;z4Yq0#lLpS<)a_h7U`+4lLKf4w_ zbS-9QT0Ni(_PwOW*hGLy3*zXz5D#fP1bTyUg)SK02Zqx z<5z=A&(~rQ`24F2(z-`Ra#LvW*m4&9R7X5=y*}QFVEkMY#;*I558D@qJ|NYj--GXW zP=Bjv-W_NQ<8OG@IcOfQFeW7hQr*`-m%Urd+O7h-A{f#ykL6>pNy@(=wd}ztG z<|vN{4kX2;u4FL3Nr()zaZlKYL@1%o7uOxWUs{&K9q)9W=4cwaOAic?zJm=PXJN}P zxwCq2I!WQ!yWDB$z;jdm)SoH`T6ve)x7O;H8ygR@bWLt^SqAsBM%|%NV-KRj<*sr^ z&>0k)2TJ2Y0xipSnO@p2DVAAU?Y^w&IZkJmtJ8Ns(dT|UNVHRGe>Zpo+-%61$Fv8B zCcHk$Y_Iz$SL8!!p;=k%$2phbqR_4nPV(dpAz$8LdDck&A!d~D)&YwQ!Am!!qrU#j zmAhZT*U@g2R%Xs0$IWWLde2J;9>&L%0Es@Ii)Ny-({3-d`x^XcBzcYn+1mt7y(DR4 z?ml2#z~7v4nEItkFI&3vGU3>}tave-_YhUJUmU%uGycOi$!6G#xBq*=4d1)&!~o*8 z-++nfLFykD6`Jk(Nn2!J-`^9@?AzHn=Dc?)$`0W(lX#+ieu}1I7-bk>p=VKGAo!tQ z#v;R4>CEOcnh`&}?}gN{h2(d+I?WeIF>{1A46VEOc&TyGR0J*Akl|&Ew-t+{WGVu5 zBOXukVC5FKWpILxlbd4K5isj5T^_iE@%1qK_hgISdWY+TpMXvZvI4@n^_ebT!#>EU zaH?KF?#RcKE{j(;Hb?g@EjzP5Gm;A=E>Ct9IumjTFvv?_wT*3<}$ zL=`GVU%uPIq=k}ghE8Cw!zE{*aFcu^VOaDG}Y(7vcxMxao8mzl|92XeK+Mr|}JmVMK3EJs;e>K^Qs*w*?@*v*pZ8 zV_049%Rn1ULITx;<0*5QI;7b2NG`Z>Y*K2_>$)I4OCpi^-ROKL!jcBu9p+HH9&-Yi zcY5b+557n?>5NQ9F1GG?EsT3^~LFFeN`cy|wDRmj*A7J0^>eeLHQrz0RK}fHK^UBAG_NO7`60jP5%xCLq z4`FX%L1)JbFMKRZo<)!8?S9H{SY}<;$yhTzjE%LYWg?m&&IS4!3Lpqb167%UqM_Kb z=9-aoXlb31byG5HZVYEFO7V7ATX9G&3}@&MgXW84&e}j1cA&PiBw&CZRzT1;o zFkhLqB@h(#xhmWzEZ~*N&@4o-DH>ALV4mV)pzw_#YG`Q4DjWpTO9*CTgCI3KB7lsv zD(W3YzMU2OuSW|NL38WQrmB#(CO1WL-dpu$blh#r?f30&@+1?amRt@8QGdqD zA^L4gLwJ|C6wbg|XqqY&$bzZUIFE}psuGAjE#rZGF{RXF0!>VHII5CBlAI}#%N_m! zsOqJ6_u2qr>}AhI;Rk40+3)^KRTH2)>#*mPHbWJx9qUIUmZ%snB9& z%c0kaqYEe= zvyV-8)9bL%s7$Gb;89962&Iam!>abF9(6>&^q2y(;TLhYq7khj@Bq^!vx0o?!}W{= zcEtBwSUeAnarBM6sO#af@d`5{ys;uBt02In@$Wi2!lBu*LF|4m>GzGzNCr7YQo zYDM&jEcta+ho9ydmHgg6t?#gN+#tJ0OFd_dQ$}S!>`%mNG`G*p8HHR98<{1W^^oXU zS`IsP5>r5hU)_4vrj&Y9jp!z+Wa;IYg(c3h=aPLI$Oxhsl{B6DrN=4Xjf~r=Oet30 zW#z~Vk!gO)e;%%Dck>gkIG_^k!bt9Ys~rBcV=a!WSmQMLZqxR4+9(97YG#^x#py)x zd0KPy)QqUV-*oHgP4&mgf=eSD%_NPv=VCZM{n3k)=s@jH&QxWKyYhY~6i<__W#rPC z!i7JC%qm#%H?=j#Ytu!&Q&4eO*D@r=aCfPazzR@5B1*R5^mqt5fy&tk=Vpn)x5mxf zYdi)dBF=K;9M6}f8%8|Hx$Ipc?u+VN4awvDx`x;KN_nP#5(bv%%JOSnb^)Y%x3izR zrDog8Dd~mrhe^g_+kn70S;@WAyne0(uCO&Y^A?}}gc$f13~9ATr&958A?>E7`zDi} zh<)x!+9oS$E)OM;m;8MBau81A!|D0+QO6u!TQ=^pplnB8@lL=k7injYCz=5q@#4Kb zk-I*E@+1b;7&Jr3 z!Zn`gr9U;VrMRZ$L^x6MKciRcQ$6&AQ+Di`V@)sPrv3%BB#gl}^}GvID(OaXQ#l>N z()*aJqxQWm{oknH&|_qlPoXuLotJ7lV3C&VH%o?)rm2bIv{4nkmGwDbTxeNUB*La< zioC}`iIZ2J#Yv2Z|5PoW%RyY`Gv_hcS}Y;rPXzxK-X3Ko)Nf5Ui)XC5Yd`ICp}2M* zac8Dm2Fkv+;sOBTm!!Dj$5?}ID`AAb;vm|JMK>Q80ZPDSn%9JE1cSr;VuvDd1xYN| zSgsK)|65f_kg&!XwAhtHHwQNI=k0eZ*lvOfC%G=2evXWuo;Eh&`oNx}>wLc(^8*if@pG(W3s$Pu~mVxy!iU-tvf$%5X=A)O#lu~iNo3a20i6wfNxnq|8?;2-}hwp zH^~QpM1#CP5bCcTM{C6s|7u{%1wnrndfW^E|Cj^wrfG?d={fwe+L=eA_ixKfI3B2n26%tDmaQ1=?l$%~Y9;lWopzD0GT#p?nr^sB z8iX5uIP@&Pb!)W#?grvmyNQRBG$fE1)d7M`o56x6@w*FgvjuRk>zO}|T0|Jey`%%D z2GmP8;u#+ssedR9rjGu{68#M_r4j#1iWfPE20mxXz79eX%M{=uZf(41GHmlWetF1u zuur1Etb%-Zv(qk`JT(&ZOXT066L8boCl%3}$;+z?#A$2&>DCX5xrYKPu8?TYZ1^Y} ztvT)e42_b^=eL#lTOUuF6=*x_Gfw3Um}BVKx}inm*!8huRcNw$J@&F~i@~F8^&9wM zm&g7Nu~xcHzHfk$#Q=dkh$iPKj&BVP81j1cy^I_0wWKoD!UUz3I9YftJJXWPELzT5 z+ogT8gpPbz5Hmu%uMIiXHs1oIbZe5-cq^-$J3nE$XsWdA64-eUdHFl>U!T=sG6R*8 zs&z~hRw`)r!Ulo22aPYPod|z~fz+r?`&;LF#VNXZ7yGPl;Zh|dU*K<{(l8f&nG*H; zP0Va>CckAr5H&9h5k^Y#f~|BGkL45ZFFSzb1MkT9DXW@HyUs46eU7SKF8PwD^%@c$ zHid5(L>=h2Q8deUsIf%kF*uAgzz(ZWyH}86FSv$`NS7^`i|!TN@+R+9YF{ zhvx zxmH` zeWDPL8cKF&5xyRN2ZY^!xYpkr=he@a{w9z>C}cI}J}{hUhq(TtpvbCzs0|h7ixe}x zg+CC?muhpQsL^@y$plnTayezgR9T;G+QY?;S$-{0x1+)_>0PGvx-i?d!9|oJR}RA8 z8X{=cKFuo@P#_IXtjb`TvIFS?HBxTu{)bU}m6X*L8kbgyI5gDHsAcB(n}v0E;W&}? zBaej@9dSF`+dusbZUy&;B)bxU9Q)7J@rHWhmPQj|-VZ%IN_)LvQ@uW)8XBrGV{rj| z8pRhif;Xe8Sgk6W$X;vT95_^}Cep=zU%QD7YAS|FyyENGM&~k^FK$t$UD5GASH)@V z{UW8S=)K5m{t2FV95`V19Q{P@t`5Pr4Vj8~;C)=`8oQN}=@de~0Fu^DIT@%~((QJm zBQv0EH`|!1@#N-%34euYbgG$u1hpxD_5i_Gygn8ld!)($qv>j=Rs&deLF}r$}F4~O^?ai(2jxN1cUF`SohX~P~W+f8ZblKE1_jUl$u-2eAFge%r#3C+BJPI|8HkzpzZ_*ar1&);FIfZKd|ntAO|T7E+H*(B+Av;@b5n!$D{V#t zN}Su-su3+MnH!Z{=KNvi?}nCI_%GJxDnKux|EQ%MaiQI3^3g|10LBiBc>tWQ_hK*WoeA_>%XpgAo5M3NVcV2A2rWWh7o<}87D=3}JTfi} z8WkNBoO#G$1oA!lJ9tkJRf^;8wD{5V3=Q?_ViPPVhumeSQa><=cF9twUVWbWwjKt? z7XpE&&zqpt#uhbfz_(Z^#lDM9kF{8N;K^*;uQg4IY( zt6-*Gmm=Y!a3E7sZq3!Xrs4m{-?ql`SflX1i6hzLwRR zokC}S@_jG`qZ)w%$gvWXNA-`J=>L?e{6C$`5Jq81`)NX!>61`cgI)j&+?vwzZFT12 zsc#bTUyVq#&Bw=qG>QTPag0?@8qy-L#a~{=b#=U*w1CBrIns;|J+>19b1BDx{EYrX zF>)oRDc>naaLU!2n{Mk^u`=Uj&g0S4U#$j2+ZS_johBUKz})3R2595032>n($?$eI zoH=S#k<(9mP9QpfokcutiY4=l!Ihq*)xz_M=lyC{E)GGAOFKxmv+2*(8#Xp%Z zE=jybsZv2^+3!j*nr5d3_&=LQsoy&8+>m0niyKK6b0yd=Kyi1!a_c@;bc<iyI28(}#De2SQ#_T3gEh{%PM0HG+@0-ADEi)+P zPSb>Jgej-?)thZ@9j|!|5WO@Ay&Uvs%CE$QocE;5C2X4Mms*$|)Og0mPt-GE871N$ zM+t4L1wT*|?Z@PzUg%Zw+fW6H#Gt*}0BdMVf>O@jIVbdU}ihhA?w5T@!5lf;zctv zq*nFfqUGHhP0FWFMR-E{b!8SU-E}m0mEiO0O8D$0 z`;0wSHBxr>H;4iEag&dzb*!+aOoJTSw~S;-wQY=0I5qN9>5)Q|=Wh|#{@HW@<>LPZ zZ3rEB2iv{c^ky9v_z(;4RFp}|uFQ;x6c-=Lfn8r`*@E+_(Qeyts}Q@)iQDJnAsDU# z_o@vUlN`RfjP9R@spjP4qzSfaoHL%*t_49T5gEpbt$3aQ{bo-%l?hgs{Y zSi>3bcAYsi4l7LC=(ILBA*_ro-EMaLs1P4XCVm&}hmm7^O4Hom17``mM@7>qO2Igp z5oE)*gU#?BJnefSzLsR)&N6r{E&AK*ha7c*ooe)#tlzs{p2_4g{`%~NmN~43@M5VZ z6yfkx?=2=JeZ<;k)cat0X}V0%{t>_}6Y9dg3zS{mr_qhg?iKUKJ!SpXbz?JFXci%a za=T{v8R!UQi<}d6Pu4!y#e2JzxZla6z6M{IMvca%SmRan4N#l;GC3ZtnAEv>J}Hjm zaY%UGyJTIJ7u4kIu@i)FlrSKr@72bOSrV*q(_DvM@=m-6Y#V0zLZrMO>>wp+IE8e* z-FdDkxM>JzZgP7%2yuRB)$ZS*7}Fr$+7`^mTp(|FSMrnjNE7X-Q_RP~c0qL${UH^r z!XNwu?n9{z&_^v{3Nj8riP&E?k5CY?isz7zq@v?f@*un+2$w59!fNL8WL z6U$|ZPvTAQY)(wlHg&Izs43ytuU3;T*`ifrRRl;PR#U^Gw?;Z7<9uKvt#B$OO1ZlnjX^>CB6*gqOnai=Lu_qH*ceY#aa+=9hGy`Bj`l(2iddvqDpx{meT<|DfNxpJgLhgwbq z9hkRx1Kjh1OD6GPY(hk0Bfuzhl2ftTh<$p6>-dW_D{~11D$lWckxlP)gP6+8d=jsT zT|seuMqQYUKb)4Op~9u1r;f*bGASb8Z5P?a-xaXZ;RzuJ#!c1#5Qzam;eR(qnRMJJ zkQe85eiv_CbCKr*r?40=fSf(t%2b}NtHBB+rH}qByuatdc^<3wNxH0#e!bZor1A!^ zVq_uA`;*g3^Y%B$d3=Ge3r=6r(S#VM??-)^yN1i^&f&=BO*274RloI%4j#2=^I1@N?(Nte%h`Zl$@1s1KX%xMolv{sX7P>5Fc zQPSs-?W=L$`SSt)34{I}4gF7kaVu+LVo>Az^w@j-$H8Cm;w~z2#oGoSoK7B$_4lM{ z*~pJ2N!OJ7{kV0daIA8~AQ@!`I-><1?J0FgFw;M}Zm>JykXYHVQ@?MXtTg7$4OBJ|#JoW}x5IOf}RRrkQD7)DdLbG5V7kXy~`in~XVPo{+ z(2r#`?2|jZ5%G7Qb&HB#AzKZ(ab@El^{2n-fA3f%eHUnwX~6Dsrv2rdd?TLIlj$p1 zPe$Y2k&c~az;my|to~w5@p>go()4K!%O`J@@pz`j_yEOY7yYum!Ys4k+phJZ{!mpFsl$p_s0&Hz#5(H|!? z$4m#k3VSEI7XwTZXu-1FQQ7#0NgI=3o4QjMiAh(R5usu4KI@8Y*{%gtCMY?%nLuUY}3~YtXLXC&Y?$VGu2MJAYVyW|AJ+tMCaSI@{sX~6& zvCXJh=#C6k5W|5TK|o^0MQ*QZxMEmkL%=gEch`yBCHwQtk%?WVADJ#!?l6mS)4ngG zR8a&h5&Gc?xum8xQ($l|U7)g9=4PCKmARGnr^SZyMw6+2j%0F;eLn99mH}Sjc)0Hj zK{0dh%A21n3lKxR0p@LbYiixHxurzI3;UKPtHq)?`HcyGw=_ew`6Y}Kp=Wnb5Z6~% z-ukIu`-+GDowhujICpd&o+G7%@8rMu>s$sK>>I}oFh{W0KOSS=CJ6S>dua4-!p&y-2EO}#U8D_&CfWlA1@UUUB>t^r4MTfMtswZh)dlN5XSQE@TOYrvmJ)V8T2*B*}9we=6Ol?J~|{lER5q~Tc&a5{)PYrt%TnRbAG z_Sb2>60_H|{*<+z&R5uZ_?FE`abnPfjsow0U?WOid{_iUzYyN>)@`O%=E(dc0UteIiKPDF~6niO*H)yJ# zJQ7#xZq4mcrPwv7u$IB@T$lN*s@?n>bT?MrHk(Vwnoj6_h~Q70S1RB#OSAVK+oXY6 zKU2wlwfaqk;_l??^wGQzd1V3Jf|bmOc$GwXVe_;tPl5>dQ3ua@KX2~);FmO=S^9db zxnYultZTagyJhEbUXNz;(>1HV{(2WH-(>tGEO~8jL8@$+S58-q(Pm?%M(wth->PFg z-n{b3ctHXUyi2wm$U@NvB=yHRc_+TDUprE%5K@a24o#;|_{BGdri97vYTdf54ZaDM zKIg}kX<+PH8T+D8mf0HG6Efp8+w%0VHk)@g+Ago$JnaSEQ3=<%(DzjHU*7MK`>tl| zPJx`;o5Q;Fa4{=tRh8l_j@Jw^2hm5OlgiTx{LbmVrnF3HN_Wp~X=?HZ<;hktsCG&ZZ6&wKq$nBNobc!SzrJ;q02 z9&dLgcMp{(-*s?xr=1_GpB_2nd=|5RoFfQ|PM|2m*oEP3KAuN|1=uCsXc)Ll|&Jg0Fv(bdQQQV_^Y*#DS-C4EvoV>@Sun8dT9 z!zX@JTHJt+c!Imm2F>}z`XO1k=7(w=LOpJDfcJ53Oc0gJOJ2M>CMV)UFPhU4Ks2%P z(fnU4CA@#NPKy_({cvmiRz6I`obpYJa=dOBM8ppWor8q%I)J-0E@jOv^5}pCR^)yA zXcVw&Z*@&C8+MrJhE~BHpA5bj7JDx2Dj0Hb(mCzz#yrB{5UlKln(MM*fyMML^E6@w zQ?V{x+%y8ydvPB#ssisLn!nn8P1X$@M77n-6z8zRg}+(|wj%c!PHi1@NDMkxBDf^6 zGhiRE%&msO~8C$xRoQGnuYy8^l+PR7A zgbQ2$`{)vYgO-bVxbhlK7(@l**2{G1V8LD5T-}!X=HyGwr>7SshW1QPf6>N!oByU} zvZm@w*)b==tpw_zIqtfOxrq9 zmjTeKBLhJJ01(;&{E^AwKoLOtH~io?Xl;g|Z7nxu83?Zqei6iH+3kmZC2G<#E$&@| z`bjnIOjTmQz!XO)6T@DBz$Tt|?L!xOK^~?y4Su074#d50BN)*rw6H|g-j5@0!QuT` zW2AW9Na3sE;byqR@$B9BuiumJzGcwr{6c#7H;5}xmb5p9`;Ffv*W8P$UzVTt>UYnR zoYUq~x}8sq#XS6hI((itUS04enXY>Npa>bsci>oyvT*DAc6Hox25?6-f2IAXezJVe z``w3ts2`O!!(pUZ{7!(KWSzoeKx}#qblXbuI2q$mL|t3w#Kl|Pf%%bAy3^X8?L)-v zRHqp5Vcd05&^ z+D@M`w*to~Pw^#zA22Cc=svk(A{`n`|*_D#f5Ef&zjfA`n2SVkjyK z(v<)qK?Fe{5ydDF-}%b@%JshS-o5wzcw^k38Rz8Woa}Y>-fOP8<}8AhMi|H^lB)rX z*v0PvIyeQ)S-C+DWb=f{ivp6}P{lO|!q9ZjyywH(4X5tR)}~1H)Kiw{m!avBv!`<2 zIyUUeL?JAOR z#YNsYz^tX$Q?akHRKFNIdd0;K;wGgQ8?>Z9CKvc|{p$^v>q{NMSFSbAOO2aY0_QvE zW2SYzThdKWYBsfqt1J^U$fjQQhgwjNP@7%_Qf9P4_&NI*m$4s040I=RW%bE@I#1cr zL9ZL`V15SV{vTZqtf`_8vHB?j;d0uuv1bl8jQR4P?{V+mIC7D0sJ&mdXyF%YMgCwj zx@rz}K$Kb0;|zmkN7LR^tF~pioDe|=2R%^BXHQ^r;#|=lIKr>ak;aJpFkgbHabc)@ zkTqfu5^rP1kqmfx*|dAFZ&lMJ!iRpJ_;>L)xNqSnrd{oJ^Il&w6Odz59**(7hiU2b z5^F_K)jz*KTi!MVZHbk&Q`K)Abhi>)b{0N@>)ydGdT=tsk#l-GQz3drCXlvf2KLFs z-#WQ;;YN#EifW2=G>6{j$??$McdfzvE|XGgam|`ClK_x zkvN|N_lrY)6|qsinU}J=^Z-m`XZFOvdKflwnhPr&_X^7oUG{F(yDekhztP<&c#?c_ zi(sm+ajcv-S98VL8A#xkmsRJe15HFEfc7X~FMsf;7MF!! zz~&FImOLASrDu1V3hP2Mt-JT4j!iFEVLxoNDRmu4&ItjoI{C_?^BG2(oF}V<4BnfG z+ywQ>M$w9O9m5T=-U`E?O*DMQHV;)U=1G~Dnd?xIK@~Y~q}{vrxGqmbpeNq|Nv8fa ziHv|omTY$Cj4J{J*?B`^+m{r3`e&C#8H6?1Ubps81(nIXwkyJBvgu~xtetd_OUy-$ z)$EKD9%hkB0~%}JxRRr4bn|xb?q1EgN(RDDJG23^JL%aetq^LpX(vkrJg*Gt_*Im^ zLiNqvKHT$O;>t${kiH2rl2{?H4sHry= zhn0+jFoj8`!ZAG3k}R*taR}iI|xMv_CQwNW|g@VHwMMJ1@ zu>!av0eR1dHJM8@IIV5$5a^8`(!`v}vI8|(peHqXujAanNDF)g#fn=pAf!0OanP!Q zxD|mFc0<;CAbJD7thw8x)eA$BDt$eSleWc1PtWjev|VAxDT87zxXg2?jX2l} z*s&+cG%or%3Ba3tU(3>wCWO0B$3HmiJy+8cr6YhkXZx z$sV3wDlG^PcVy$Ypi}woNAS%Puh~@+!p~@xRPwd}`(wm5_Vkr9jgHigz!fnCRt!b` zrmc!Q3u1#&1(yN~^T*fRjqAy|WaVo-A(DsoC|u=rfBp(m{!F*aFJf5iNt`t6rSfAn zxbnmOU*#g>NInN+TbFgBW+N{ER4r3qFZKoJ<|CdW3|;&uo+6q)`+cCq8Hcui1S`WE{kqW=JYv0u;#TR+CVE6#u!4N9aCF<(pQ(-jOX=#Km@?OTjMpjO)S zk#RnG2jbTys8PI|MVu?o96@D)g9k*9W#IbP?1NrmzES5#S#o4%v1JDX-H5NSYT7qV z;ygdm9XPNK3QfhB7ra!$vqO|2oE#LaznAz@yV|Q5>vCq57h_v#H8a>FR{x_6_UQ0( zgOt$N*jkw|{Q67exrlxlzl-u3igz5JcH;~v*Te|t~mO*%Ot@g09oXWX(mPN6D3K~z96AN^IEhQ zPmDnW)y~|l2E$o`5!7x00lhxBxh8O7`Ac@3VW6xyV?6Z( zOI{^u6Rw{~l7y#Km6M73bIYCq%N5NT-P#*kdA)*HGt_qMAQ)A0ykg00+Bdf_IchKi zC&$A*KxHSA#(m35yF19nbr*)6ukxD&%(BPwM8N1SNgIIz1&_tMQUSmR_;yU3!}b_) zx_{stf&R`>la7MrTQU4k5`&<54PqiA@&fK7hk+ut#T8w-L zsJcTWIf9+Zv7&i$uTw`F^MS-~EcdqzM0(BooR||C=G`9Kmn^BZyVcNh>roarWOHPt$OGls(V#%NR4mn(ZT>mvv z&}={|>MVE69ytw&i8{yp6l%6O14=gW8zvPKcM)2sRVF7a@y7lUP_mNpxajym)NN~w zw$#yN*NN$VOH?ZEJ7BYCKi*Rx5HUWn;fQJO@!}2~!wS|A2W1M9bsG3gU2BJ-BO~aQ z8jHwrT^_A3!fe~-{Tp+|709i9in$^ji@F&sWdKM-BKd|0K+3ou4%mp^=1q_yi-YI~;={sd18 zBThJI?GV+uY4C83{S5SJadluGwP8*H~(k+leM0%`C@z zxNo@hhwD_qa%80-syKM^4?Q0$nNGgSs)m&Nwu6fp-+9$&Jl(>XL85P#6em~#+R1>YThDW3` zUU5x1JdT5meTsD;O$;PLHMcYoS0)#oVTiDO<(qmTrU-16x~fp3cJLL1G#Q zdq3iN0Dg-3I20?qP>97Fn^tyKA}>_mb7^#mSdrCCRd!@N%{Wk{!6|phOzaOxjML8v zEdBz|)EqHN%5_|VP3#kl!EOx@`hUYe3QM!%5sx9s} zTl(h=uVko~Bop-$Jv((7F>g1ftz6fd5+8OI| z6!0kKt4NmuRtBKO)(W>G&Tv`t@d44yO3OQL6lT`poBg9L44u+&!KX^^(vWYY5;twn zowJsg1m3H2h#jFvrhwJ~C|RA_`hpEFPdiM_{oBn1zkm{61w3blv--$0CGOcBEoC{3 zN3Spas>%2RT)0GQ$KQSJu|V0isaD>Ht!7%5Wzn8<`dvFVxFTuV#-0vf9 z`)!4LRIuO2NB*>?Alz7bmfyz{jk_u}gv8}GiFM*~i!4DSBp2r^S20VYAeAx}>6UMgd+`pYA?tMr(*QV1+gqNU92c+NO z;7-hzjpLhpM&lGP98~KxJ)=GWAjan5BVwYPrBma0hPkoD$p>M>=T)gPM%o!BkF@UER7F*3v#JLt%umtWZf)N;ZGDW9T09sMGK_J zx6$Vl!(Q&U={iB~jIJybntY~}_Uv8Mm&5>WtI^|KvjM<{Cbj0`XDmBL%!(fIXjc1B zcO=5(0g?53`;zq8#}Byg&WS4>QfbdW_=+Gi7E;E;WvgA%|;F(?HR*cdy!A?m3@s zY%fbc$SK$&4+2>`50>y!5w)4D&LFEr(Xbdfc{Zt{MS7B z-}@BR5g*ou>IB2d7)d2OXvOlQa;<4as!M%-2@~&vr@Y>*EL8Mo2I17Sf>nFBdT5Y`QQ*Z{5FqenLM{|0b z9u=XDc0K@G*CG}aYuggA8jta)L}1L(T2q)chrxR^P>na$=ap}}d(?du7?-b`b9Z77 zUV4(N$MOW zSnJ$j9#!k>JClJ)dT*~+CJfYlDWT6%E)r2S{0K~%?sm_qM3g^tT(R4qu%e`M%a=3P z$NeBmNqie)zayk#697r>?FySR^z1HE85s#Z-Cf}F|GH_Yx;#zFbp?GZ-}0(*PEovH zpAWxTC;1W1xVHx@1K;<)u)q2?)64vouJNjDMLaQp@U#!=gTzhd;ZPiXAhMYXZW z@x3Z=<*?u-{@^Z3gG+a;*pqW8%Ii3Z#AB~M&5yKNmiMxaz@F$CrK^{TIePNAt6V|Y zK5s`)-ZEo+J$rg`M#=^3-ECLKa9$;JG}$jUcMvU{0WYFos2z~MNd z0CD3o*T~pnlp-w0P9Ba+18PHNf;p$&6dhRY{H8p1+wRQ~AtasXyULrq+<3XiZ~qY= z(~rY1V&6=j2VOcnmgO94Xw&U#9!Ln2+VVOiKJ=NVNM9o8Y&47Je0&i5*rr54AA~LZ zvD^zc6c_?sZ7>oj&F40HrsXgZ?daOcH3AE|wWxmu@wGtvZB$NI!TH1Dkmpl7_J#u# zx_!lC5IPS;%%_D3a4|!S4~NUWHa=2t0J;-oiz)$RuPWVZYx2^DyO$Em^ApStn82vn zBo8U~dWKF8{R>I|Kzp%IA^OHmbQ!rjG&mqtPt#r>S{`} zO!eDhq19F%>XLZ%r#4gjVKj8E(HyWrSKo|2tn4q(Wpn14!H)C^oE#O)``!~q_xPNh z-7bObt5|Z;4AIMKK%u}+5cMqiCPY$m*Mo8rn2C;NZa67EbAE9Q7qEzhu!K;Ku81X5 zo){%8e}T^gIwSIc3b6_m@Z6~+b>GgMT`IOZA_-RN>@Q4t<0Q$x3txbovVdYU{5A5k9h0|4$`ZuG5o*re+ d5U5ktw6nb3f))mHy6iZU!2foQ=lK5SzW`I|))@c* diff --git a/docs/architecture/psa-thread-safety/key-slot-state-transitions.png b/docs/architecture/psa-thread-safety/key-slot-state-transitions.png new file mode 100644 index 0000000000000000000000000000000000000000..34cc79b3596d12a8e4e98ffbbb5620d0c7c8221c GIT binary patch literal 70492 zcmeGF2|Uzm|38i+)u3!cWy@fUD9hL<*<~HFm6EK3QDe!LE$fI;Axlljo`{M_DLYw; zLYt*Tqy=TmzWlCXrc<5n`<(m!oO8bSIsgB8^r)Hla=owjb-k|F>-l=Vp4S|Lp@G(B zdQN&ODyq#o+8V}GR5S=GD(WK025{uS-jgsYsw4M3_a5|g_Hl5+*;5Hhsjqz!l$5}_ zdUy&-X$VS6+PJxiVVrCn-EEvb#9Zt>!69(o*%jmD;AD?kyGBw%Qc4slDTbv?m;czyBlA1DN5}>Ia2a!lYDK+qEzpa;xr`OtN zw3CaM4>;x{FKZ5BCBPpfIHc+1Ztvg6xMIJlxgXbljvJ%+{{)ws-e%a&;lUjieY-OrCT?YOkP# zDrlGVM@pSM3gC+q`Mn(sMBOCxvXz!az`}Q>DB4;0UdmL%7DdR|f4zQa4{NAsl;r`XW|1Zs%BmK}0 z2Xu5#7@=HT)YJ|gbvvpjN}hOc8=Mz;a0Ml0ao|POFizg!qa*2~=6*Dqau~eHH)kkE zzd3}p@vw5Yx4{6br<}EQr?f;l@?$F`tMc&lrA#mwLtsmwLux0mPM-EAZZ>wL-kkvE z431$vopInBX<^%VxUCtOgOd-*VStrPYRb*#mmwpMB3Ol<_LLPsy6WFgE|=VAh*MH;Yg7L%8YyS<~6ho`;!s!Lou|E-?`#)Y=A1>yO7 zuZDASB;f@+uz>8{!8wxiasu&Bm3+e434W;0 zvLE@z-BK?39}mLhweXGK__d?>&w?;HoKiyQA>d0$Xvv-wLBB@eZ^P-=u)TT@4p#@$@t`-7KF*BN;chJg}^@{27mv=Uq$`DZO~l{M&AWpHxC;t z2OB4x)iHZtD?5;ic#^X3)zJLE8G0$}|DPOsNnQuc0eRh%4PTPHy#LN|nEXcHIB!iI zG+M_%>(>_dKb_Q4VkLQMq$qj8-!7bz^R{m$gaUxR0Y?83qrvz8dz8lCclycH=D(kQ z!@UL?t4nl^>H*gFP0`Vz~9Y2@X+6Ji~kjr zroiW~u=uy3^y)1XDE;-z9}cC-G4wZ~G&xZH!=SXJ1fUb-r6uK%lG1Y0G8Cep9K~d$ zWyR!>GIEmgax#)K(o#R*jXxe|BPn5%+yQB6GVrEAoWCv5CbM?mtSl1F1{A85y|bIA z?<&~#z=0CU|1Qv`IEQ~S&L-QPs3aK%QS9z-NpbxQ%Kh=)Tnto||8r_&?XFcil$TmlDw&arHpIp5lQz)|E*Uu;we2V@5 zEgk*OlC~cly`7i4_iB}S4N3oXHR<0^qObX>Z%b`tyt(F+))=s#R^NVaO`3e&Kg{Dx z%aP}wyq;v`egMsXyib>r{o#?644ATv{%eO$sSX0ogpDuAJSh#5E3*I{|DMX}S}T;c zoPEgU@UIFK)c1V893@2k-s82Ft86(tw5alu&OT9mSCUc<_LvfCcg+ztZKDNB-B~;V+C(KgXezMC#wlfk{pu=)XPP zT~}$p|68#5T_NT-1Je)50?EezH*|GhUDBT)P$a~pGoOV;)VfXxkmiMCV}?9ccX zHIf4iWmWtgBZ@Qy4}7~IelWH_JTv_**%e8~b&wKLz~`^wKOQ-M zN_J3+t^X!)+W%*%7^%8O3VUCr6kp@szp29gfwA&8S=`^7h>;VPe^~65`hhc)p?K^+ zFTP4qh+?u6|GF`c^2q->hW>?#*iTmvIhcOqs3{EJ|DxLBr>{V90Dr!_1~oY(>Idb| zU+b@tU{m_Hna|&>DEHI(BZJj%Oz_X((tfY_;(Mq63$^wO3HJwyFMe++j+_|&!=1P+ zrSL=XsDFHtBt?%=Kz_stUe6?OIlm+=3Dxcaxt|F3c1l${`C8~BTP ztMBC;P_k9_tIsw_wWf%?CDI1&`0{=A3F{P}PGcdL2)n#lN7)c&8%!oJG$|B9IU z|1Wy1d8c3h{gdBQGj#IuK|4rV$;&$$d7EqM*}1s5QPS4$FyoK5_1_gezG?yveOm$f z7wi`$=~^YtC<1{$E$JeIpWjTn$Q0>6EObjzq}OC9C_@p4Q9|V(pL9w6P`mzBrRDFC zbp3Sw{H~mf#G&C_Z7^1Dq#srVKd$EDxhi)CzkKHUT`u*zq-Cou*?KvFUoUm}KQu$y z2>UO^*ME^~^uxXW?X|kw0bP{+gmYnLDB^+y8Oe@2B!jiiZ2U`132y z;!oOP@Shv`e-;UUB6_35w_m~_NdZT4#9zbZSDhS*za+)ZuV;R_=?|(L{oe9FIown8ptR`ju;wP#pVuoLS4E)>OQmbbvKR>>9f_ww%huhb7t0|}F4O3CUsB|<`O?@m! zF44`h+buMv8LJ(Nk`-kobckpqZ($eRaoC3;DDfIRGw!l!W?YAwF-FKd)-ukJwb|f2 zoTd5v<@@tN$}vO{M_26*=-TCz&^Mjo>nsYI&h(tP26%%;V`RAc0F9U#V>@? z&sYwcs>O-ZsHryf)+Cu@*%|jfSN4=oK2mU)df%R-d6qLrCm!K2H}N(H*LBljsO4gg z`K_Zl_7BewO+DEs2Ng1qzELrqwAlRkk-}%3fx@V?l;?Xxr(@G2T@HQKArmWF+{f|4 zX4g|VlmhOQgft9ZyWJ}pwqdg*Z_r{9YA{y41spiK-S0i0$1ATFgafwYZ|+Y7xj1_) zEoKyUlyF`&MiI zjmo29clv0Gj}K^?+{EZeId@BYOtotz->95_kaBXm%UyBX_(G4%J$)I(MMZbN+ms>b zJFCKP8;Y=imoQv6tH zs730rbacaD#Z0e<^TNvV=N0^jiZ+bPk_P#q3#VB7hh-1Ry(*}&zx1KGY+mttfPh7gT< z+R+-h*8z6kue{8pPJFT`wyvR(vVXwFhmd>e7UuNwPEpxV(y^AMnb)q*FD z^plg~4R-64FvKV?-&tHaE7yw+ob8X`iEO@fqE|TS;&w$p2vTKdhxQ^mwrcM|)|7{G&^j8H zY+YKIxiAc4z#bT53Gpdx7a-zd51KHpEWgi+!ON%Tsq}@nFYciNlUgDDVxSvQfDH=dDa_lOF*yTr*(?B0lEn2B%>wDAlLvPQZjaLMmQDVNOA z1W6=yWi*dM6k?-E8+6|un;e5nN5L`^Xjf+5(h#$6lae4-Q(~?!TLIT8F|KaIc=Q3? z2i2zz>}&pnjd~+>37n{3>hkJn^qvXrcIH_@L$*jV7E(6o)Oy`9n(%C zmUrcw-H^3^kiask1-!$3vkk@?cosNA8f%HnY?HNv`91Gz7G@<_BaW=2=&4smlsV)- zMRiU>{nRGp?U(MSaqnN<^@0kSw;)752&DU>I~ol>o335C!;RL>=j8l{E3IH!M3RU| zy9U~5i22reHz>DO6&F_bOQw0o z_vb$x@p`uZ&ENx{ED>FF=3V#QE~`$LEu@VFHq+Es6DAlXB%*fUkb9bi|L83vjtRyA zQ(M+%`zNY9*L*hqEY-Q4gDMwA~k%`EuJjNKZ}Chb5Hx}!e$kcVAOD;Spt zHx<~ZZ5lo`ceoU%QwFiQ{w}{B{$gkP61lO15mX%JbSwI%R~qiBHg1l5Das}WPeJKs z*28u4FWZqV9>PN{Sr&I-xj%xJvEoLdLbc6_uABC8mt{r3bs{@250J;IiJm6g!?h!u zfH6FK*HAsebW-k>rwJwpTqUV@c^#!SE^5}xMtf&Zi&sMKSoi0*PTH`tv1X_48-9LG04XGhICl`ilT99AS?2Ud`e{lh zvpL-=n-YXgT6$cooDus{xe3C;NJ72j2N-!!YBi~(3>KzGTQm2buKgsEKN>Xi>cpzk z+o$-&^uU7tZ7D&-2mUKF!fS&)$WF7eJX6(r=lDQN=z4~Uqn79#;30;-ys(mE7cngi zbkRi@Sn>0uf9=RNdAD@Z5-gi|u(P=R$bp5(xHJN5e1Q^Y_eHWdzXmbf8o}>#mP@YG zE7B<@-}QARDT=*Ow!60jS#&boGl0CT52>aDn{lW+wK)gV9Czr0c=Dx}-aXDkt#YrW zb0h-C7R;iiSK~=tEH5(_7`>~3lF^nIkowo`iN^itQ?_2ZMFi%>|nC;H8E-$y` zJsr&pp7?MjE$O`IVO=BTp1lOZ=+5i`a;S&!gpeQrc=*eykuIsJO853v56_4iWahIf zJIpE6r7hK#ZA53tDzM`n*6``PQ))vJ%JH*PcP`&w_2w4EJ50d$*1! z-FYG6D4OO-?}*HXxpYgKy(zP(emt}Vzz7>grCDn}PI;!$n-9f$2oO47;M3oYYOI&( zTKHTg4nLI!>@f*={Ffz1pXmm6mpbnp%_SqS&X8&_N3JByq+WCnT|cxGMib7RIxbUm z#MEvgjr~nV3d$n~M1TL5<%Q3#)2~jv9@XH7B)%ZU$V=}Ftg3noj@*0h`MLMi;;_|< zB=9O1MjuD6O>aoKW-xR2^J|Bb_bJW6-}-9WuYh>UiwUwTFV$0p#-Dh7^2HersfLzI z3MUkdic0=Y$io5QkEqxgg+vAE<(A!SW zXARy!<97d+mQ=-_zGBvJe!bGZoPkxW3p1e|6XHhN;(e#P z9HFx8_m}KGSIlgAeesodkNyOaxnvx8k!Blt_RU5)+pf3=)i6Ul`@0;|oJrx&%RyO0 z#WG<0zC*(qjyGYMaoa+y0_X0Z;gWl_i9-@TY^XTVB=AP!MWIby!hAzxq)7|Fen}lC zFIv1TI3!h9e80I_-<@EGnC$Rp4}meOoUT5BsR>+keN?%W8Dg60|#B~xf9%HB? zBl=LH=ckv4WSO^@?|>MoTsY!=QNB5IuhF<>ALyZsezI($b}mkj2BwdK){gSMe(XCCal!FE{O=3Qs7@V!U#Av=w1fN2!qQw8FM_Q{ga{yVL3h{SEL z$Y(@}6Z~yaY{LBJWyh|UHONJ0>@n@m<&U+aO%0gP$rEYu@7Gou<-K4PST-U6d2LfE zBdgcT3YCrd@Z<_tO3=Z`TzW43#%Lb>&%G7)#U4=ElhV70TXMt3URVW%%N~hr27%sQ zpwYXl@}xf>r0Jn})vn~}H}_AkpGkJPt0QYJ>u6XcAx`G4O z%+;h*bhA1Wnr-ST2Gebz5%9he?tEkjGgwy7r-onb(>4MAE*y4;ppJ&=Z9U?7E;okG zNT>$7RP?B2^9aNWZ>n)0O5y~% zX=#HloWvYI-k;?`z=z8hT+)p9@Tu-S(JXj@Xq2THF6$gg$EA3Mf%Xi_nb`4e-%M6j$d$?~Z|XB|vxD0kubZkrx?9LtHA=Tz6u#Lui>c;8uMclj}fO9b-< zIL6m5`;Odpx%9H`w0REt;;2qy+jbQ^%(#W{v~}G^#)M4E!89AC1V+a**1URXZTro> z7I!`K@{F=h)jZ_Qe6trFE&m3RXI3K*L&;~Urh}wHYzceRDBwYQ+Cn3uDgwpxA~S3(d&+gc=oG7HLS&(hUnKuWE~ z@8f_(W!i@XgXsp~d&}82Gpmz=__t@I9x?AJmqr={xePPwp%eum zHi_RfccCtUl;Iil$S0o{JJRj>zD>1hBbQ9FVx=HC=-w69ZR!* zGQ)~C#s)%Og-xlj5e1gFU89CWU#QU?t(wgD~^)TE-j6{}oj@8PFm(|$X`F>`H$tI8a{Nu)&m;#U z=fV_}WGzECzyot>|C}NAmTWi^{9Vq$CabqJ|dOGS#t3jdu!woh3 zR^dxwilNHR=gavJxvyn$ov|0ta?8}UDJFTwf?Z=e31MlpT+&yZWG5x$wxChiz4EOd zagN0ee9)2hL2Cpb4Sj@J3c4$IT(ky9jZzs_-636HtKSx!UIv@v$$kfrOQNr>i;5nt zstWeP9_dc>xLiM6<({P^$gcS0O2VFq)H9BQ7iN*qvW>1SWB1Tb6xmOEERxC&6V}+3 z=$ot;WY2 zgSMcL1RgJ$v&*qFq3uwmvJy*qtfLdNvbU09p)qh_RA||)RM(OjDoek(eWLjaylY(; zf?A5oAVpqE%`i7$ld#G$w(~0Jwu9*?h&l|3#g7SRWJ<||M@}^-_PvjyXETmP!@#$9vI#n}N=p?0;x3-0+Q`u>%!p>5RC}phP9x&Jl%kPJOn)TACi33>S()WF zl#P%!&lc%IiPn{U_%{gRUYO$Gvvf(Ram&CeFmvm^q8+8b7_mg(&BlH7l4qAq>$A^3Q@i)V9zd+8_e$x! zS57+eN;xjbs<@)}oDc$2Sa*i`ZET93m_J__3a1wX9!lHPyUMC&3@}E3yskW5u*8APPU=uJav8*#U`o(B#c3gzB4U|C_i@t1sqxObL~U;{WOoT1?&bL~^x8tB za@wYz>6j)KXp5WyYrfja@$w;k4F(QHCdDbkaLv^_Le+xtAg67P{$-&ix~C$MQxZsq*^s?x|h%TLYBz>#6C-&b6|ssnP5e2k*T=D0EthWJB^z zBDyq$O>^EvQ+;?cu5v>1l!(DB9!=YeS`7qf>%Qu7Jjig)OuYKE~NHDP; zVkjTuCkm2=duo?Sxr>S=-x#2CqR!(v_Zi$D!$6-d32>+dt@NH+5|FINn@b#fUa-n4 z1mPK`bfaGJxHs_)Wu6ujF{JhE20e{+g&4L#)oucsk8mCX(w!;Ay|0u5)CKPwdsGBz zoFW=#rtTKCc@{igg`2i211X#bDI5Z<(Y0Lj5we=eYKK-wvIw+f>%`+@4a=qX)A_HY z6Gggi=Y3}1x${7Qg!0N_amIU*jl%~sqIN6skU(2@)iy~?WX3_qf<-_x#mS}_!}6Gm zOvecoq>i)JZ^28q>2{dTKj{$NKA@B&o?x zGezn=$O7$Vl^IwMd>fKyfUbv!o6F0&;r-^n4?;c8wEvAk6=p$p+z3(XX%gC_KbxeD# zBlXQzX&aabBsLs?4RLlgR*j__-`>{QC&-<6p_}81Uxt?Reb4eJ6&r!Ep=8&n^MjEB z(U6i7P0(XG-gr`^UgXchK4|{3Y@>+mx8YIrD=C}l^=DYPrf)ahX@9(+HajbGHATG! znHueRQ9f47kSRzfSb#`^7#t!QhYfwxv9vAud2{Q~Zw#c|^=MALcMy>I31THca+ zQ#RdwtQGLn@McfRa~k~?0HsTjvb8<(0H957dh9pREF_pc47i7tM#Dk^KY(2Eelqw7 z7LfyhkR5&D-m0`PB4EA=?`D~K_P})uryX@?=_luhZ!nG2Q#sr}z4e09+H4lC4*`rY zp$h;ZNe4hF$0frz(H&jUmMzt&9|UP*Z0*(2p4%6!@mKffM}6jfQ;t&0Ml<3z^WK?Rsb*7@@JM{}fk!-UTEn^E$(g z>L>>@Hd5jb_Zg^I3OhI*& zw|T=wY*2qMNKWf5j^Aguy*>}#UVmx+%iF^-i1i^vYwtJApR{kgyjsmYHoj#Q)NSg2 z#=?z1}GD#9HJ1WYpVC3rY6jY<|7!K=IB=ZWb$8PC_zA`UFXQ}~U5Y?!1e4Og=;>Zb^`~%lmJ3b@u znWS9kl*zpdrUeJvW1XJfV1A@~yd40J`3k`+FN{J`xV5-bN!S@xj=wbd{-R^*xzGK+ z?=CsEVQBeEE=Injy%j`@e4cyj+{2|hKU=j#ivYCbGZ^UTSSAyfEZUOus`+_wt3U-L zpJq8IaKy1NBe>6(gQcV9R(SmC4w|_$RF$+?At8elY~bR!*1EYq9*_8{<#|1WLW1m@ z9W3#nw4#qL&4Vm+!)eu_72c!f#h)t|a$cT#z1(CO)pcsOBUV@5XT2as-Tqp8ty}Qf z3+dA_=?z?$z1K|L$Hv+vV8^OS+7R7g2xgHIIF~Gr`P~sMJGJmZkVkN;-Q=!$)a0cN z7^TZc9dgw8l&`vwD2|J=muGg;aPX;g4g!Xw{_{sbWo#YYaP*_-;nHpVl9s-2*~hDF z!~tbb6BGZ06s{gr7Mz0~n`3Nx*Bdd)>)Gk}$aw;28N@ zWi{+c#U9;65!)A9b`#GJyIxcc+i(#W@WGE^5{SUZs-f|UIfnCE!%d2oZ?NdfrRl?A zCIZhY+M^`p48F9S4Q$G7=405^nU0c<&97^9ZT)aMg>{w?!anob^NGIu`x;)C-f~}u z79#Q{YVu?Vt+dO_PV}YS`_WV`^5D#&7Ao9FK(1Y2s~y-krh1Rzz`c>1r{%M~KR(rg z@E*#ZGl&~Ilgm-*IR4?qt3tlAE|B!y$HnKNdas?7e!@NFlOy4kP9O;G0EW(?xX4n0 zy08%Or5;aTmTT(UEP2iXi-sYvduRKO8xxg-Dg)Bp{A#WiT;NS7aZ%XDjVu+>dWhmjd z3{~Xr2%AJXqv~n(X+CfF(&>EJeqP0r+qTxB>-rG|B+^>*?Gk=ReecGM;1Rekfe{%J zoSuP^asgx)F0Opw3|;7bzK~<`B`P$)kqcqM)wj|%=)-7;hhbuu^)77b*r1eVYQq^eYi#NW)r3gC4Yw<3$Uao;poWG?ai5=!NB7Js27st@D&bShyQ~-` zNkCPkoe6;j1C;G^ePe`xNCoSX3&MeNB!@?Xk9{v6VB(R|*waQAf)+#|!0Y#cWr@N2aRWVUkoWfp9X&p5$h%z|U;jOl!Wr1U3~h1Qp$A zr`7i843EMAY2gb0nJxOX8n%EwPjwLDUxZ;ihFZ?ag3^dc68)lMC%&CA82VZcvZ>Z4 zvM6i)L~Z+7Vjqr4_m&7TPH2gT3;4^Cm_NHk{UhvQ-)|$#7T>1}{Q>9#e!*c-j%qCegWe*}chA>$e00_Svz>M?|=vHDra%6^f z$CuJ^4Pk2a>LP?pnlGP~cv3XHG#3t5lRj0%ZdvqVL8tWb$ole7S2_oVUX~WRY!*lL z<0Ujiwzfiecl9eYsyUL*9BsOcb#6n;J7j^8GD6L|GOI>T*3-rH-=XG@G%g*xoy?bn0XALs{Ir#0Av$_2eL1mp1t05kbC6K zaXgXvtoqX^y9YLBJI}OjvY|ivH1{0wc(oD>60D}PL}wTVo8EQ+qi1^(&8^0oA3oi! z?5>Z7a4^zbF(uGBC|6N$U5nr!_g`AxnW}f=r!F0cgM}EJ~-)znl%t_<#kBojE5| z$YPrbi#f0KrrG!m;k`uY&|zBJ8jIOkq0_ml3}HbGNdk=GvxO=+@S^^+@A|HU3e%ae zaBh*Nv6Roetd?I*O)phEu-Kh%CayEvltVWZizvBgSx;*PZHVAyT84LRY2q9bjdU(Q zlv3m~$~#_9tJXN#?9tR8ABK3m{h&u@eI7^0CYDTnZK)w;?(lItYR3|P0zSYZ_IS5l zIkS2|usrdm1M%J1u#HlIAg9DKBS(0(?e@W72D-ty5cv+d_WfA&wtI*DvHcw4kA)EE z<<>7)8kSyE>J^{nRS>}!CL(Tt+wcshyl6BU!?fw>ex)&yC>1f5U}CxqthnewkW4-f zPGVEx{lPvqr6E43iv=D?mXsh+))?-(^An>Y;CN1-KV6j- z@@8gM59x|_z)cuT*=Lr^Z(_EkDXPX3_OT+QA`uH*&TWW6YJINP&e~E2FF?K?QmwuW zgU4z@#FMm|pc-}girPYWuFNy9p?Lhl@pSLVT^?ulHLoFx(3SP49gDN}i&<(bpLFNs zA2|pum{ZleK?eW(H#oHVLW$hQ2n5B6&95PTf;<*-O?zZk44?|*@ z5X#HZu1wk0uF;~Abd2|zxzYC6p|Aw9*AVo1jpOF77xh3<#SWvA+!@(5) zrugtJj3(J;{(FjNckO0;iha?h=5Bqzy=&(P+0SpRChWUCx4!T=E``2ODANTb)FA5d z`WO(2yr!81s%{?BWukN3MN!L$x8M0!Ur4g@Hif9e8*J0jrL3e`{3;m zq6*{KMvVoPr|h&s7wg39Y16iMM-bHzZ{inKqhVRZrxN3Rol#wzo#_!=G>EYe$MM63 z2xk4EXWL&42o27PW`0q%tKI$Pargl`lOyGi$$qEws(SYX|9Vuk#es-T?%TW1gY3~R+d*`Lmbd8&aA8k23wmp!`EF~ zU*^FoNE1#}p=k>~F1oD1yg_S>D~^>jJ*2* zo1V8pe`6A}Qzb=!Ua#=6>?+X<~{ZSI-PvvNuFk?Zt z@S);{SJUA2;jO3)Z=*n+n=;;es>XL+iOOB$NCKIwOQ`s2va5A^_9=2Jj}A?6zEU>U zQhu?Z1&^dFMc$OM^)MNapeo~tY~42$`}T%R1xfHS!9y(s6~)tPJq$R98|5A3sX1|9 zKayBuBqOr+L|S(CbAo>JGb;xNWMbxT0O859YsXHI=BM{DTdVKYQ)_Y;v3YDntveI* z)J$aUX@$1O1olf>Hi-~es!yj{&~?K1ujc7)>cJAG5W3Lw@HF)@ua&VC#?C?#rGU}n zc^5P{QX%=`sJ#EV_H&@TO$B-BGjKN3C_EN^^;x_)_QP_2kf3v?GQT=nyG?`BinTTu zt_jPHYKbZ)+3;2xJTX(ShR+iyz2;=fXo~?Qvtrz{+B((FyjbA?b}N@2<-xfi!TT-R zv!n{`Vp_o?LofmXd@8-0AapiaSe?ZjqnT$u8e$zw0&{9zH-j{yh=Vt~Z6*Y74bUse zCqxK6vRq4`J8r~_uTxW-xUR+yXqg-3q6=Etk#vP|n@$Z%8Rb2TT{MDxqCdJjHZgWl zki_K}c0yuhc|_?rbU)u2h_2l*5LEmEa7IWHXT*(cXZzC2bU@4mGHgbwYLBP}Z@Qd~ z0(^#%eBug!`hu49Dt%?`^^pdyM{S`kK2T493JMmPN#Cv64 zSlG?ae7;e52bK<~FV!OFl}I>}`oP4zYfot_seZhEWg=wV7Z?C_=3@tUP(`Wm@sB+- zvm$hz>J~DMf9s$A=4|jM-XJ@>fn}CMwraQf*>@fw9(F0a-1l1fs=;OSwvTwOG_j0re>JojX%h%Vpd~=D(7^Hq;ls21 z3n);9y?tTl?cw7c?Ih~X5E5I%VHI~yK#P-6K%}2<3{>8TKs~6FEyQ6sxj*w}&>%Z< zRY6Axhg=G$ewRFU{HkF_Xh1f|G80{&JedQnR0lCv=dl;-UzD`3zmN@-8Buyv5bIAX zgYo-Xz-S3_yagOWYr|Qt)>E6gT0U2;xI`;_k}vlAauf)#ddgoZi|oIO5xe`Ie|RRQ zTmZowH$B?JFxe`U1`W_H6ldBdQB5k=gRD~^*ld3?saBoLyluBhiz#}fC%cYQ`gPQh1UEBGZFB8Sr&63vETGIcc#;h$q2=tAZ~U|=jj2{ z#(c;~Wc5&Ma`+iHsv4ZhWnK309T?h%7+%-w71QR$PEQaY2o?zC#j&s&c2JGF8-y>1 z=p;QpX8We40x*g>?r$Hk7O9`5?FsK*Pb#x!EZ+wT0{%L|6V%;t2hZOy2VxRqASUq< zP^oDRS+_B&OS5jdF31?bdi&)sH-b1Ol>2XonIIz+ONOzR2MB-%Fd1ZcB{EJMH!+I}Rl!`m; z>~cAf4%wErpJ{C#e=tQa8JZl^#@K zv|bAx9AP2kQ&qJz-SY;kS+94UR(u>(K6Aa-FldHTLR zi=^PNA!%@3?tVb{_QOO;uGCtb28(Nt>#MUaZg_4ebFj9Uu`*sPu;U zDR>95zBhkC>*KL=A9>d6pt)mxu#IOp?6ff&5V4k|L3^8rU}@nT9;FD2ZyMrM3vM3# zD3}{~=}Zis8L&QyfHst6y|ius5SM

d&V^xPxt`1u{SZJl+Il&MJLLq@Q1%9Pm05CLl?jYF~PN$>$~XP#qKF zHK4|L>&>5VG_&NOZQOWu2}z3x*&M>Beu@YrH&zh3_7L!d>J!{*#^pZ8QB&uV;p{qz zU?R`a-_1J$RC0{sk}KoEyEQ^F3i$Wi1IB7{99okmgeteoXHAf_&s>%e)3C+9+<8F9 z5a`eGW(H#)^X&%1{7}0tqaJ>1qs5H_v^UREacH*3#o9ox=p~M^q<@r5!a$nogi>M; zM0{Y4?|kIBqRlWL^b#nZ>7oHCcb$2&S}Tkb=v9%#1Kj+fgzz8*jrHQLDaL%r#iv*I z5Ay~JT-(e4{6ybB;c{K0m+4Mv#bt{=H4Vthy?m}-MGe39GhsS(G_whhQ; zA46(6=ENm+f=)F9ueXPhZ((hNYL6K$PQ@A&g#ixGQ1Bi($aN}V#t!DwS5W*YE)Di% zW+$@fUAvL3?PK#xv>YMG(XAEuwUDVa9Y?``MmoSpzCAlaB+)QTcR^ zYy&#MO{PzdnGkgR?z|ll6GWiGEEUAuXqD#Q3-G~Hp0>xaiJF&Gv(N?2KiwP_Yq)uv zD4kKP4N&40#_Crb5k%zKoqwW`KpbQX94%L2N$=c#>i`T61f)9+*={O~0`~DD&?g>* z=*T{Z0IG*i^N5f71cKtR{$p@mbU;n^R$&^zP|;C~(uK=3$7irA(Ewc{RJ2)jBM$~h zVWP(r7Oj|c(Kk1Ebwno+;o(i!84`${x3=$2TGSw^cG%U_4ERgn3nRt*0u7$tJam>D zWgKv#Eza;HDjB?6GFIr5-Ve`n5>Ppg4uru!II!s7o202Y2Tz3SW_?@$g&_CPP}caA z>QCKytWf{wwJ)?2h_j(O;>NVbn$`e?X9}W7axEa2CQdB*srx~I?Bj8;BB28)^J1qs z>H5I(Y-GN7F@PLP3`GsbJhSZ(^{?IBsHwg^~(99q`u_HU0H0iN)p%(k{y ztB(tINFdTu*~%sx+Q#XZ+`194H@G$htHY=`)mESxIJh%4@SPVBX(p3OH;`ry$CUn= z(gKSs_3)h%3m-KI1aaa>nKr2d83F_Z4Sv~HQ$?=>fC#Jszirks;50P!j6tzoeaM0f z$Q2dyGwbV9Z;i>Y3L+}4J5IBO1i@57rAy!>DKJS{#h)O!s&~w-Jaax9IH^M)Wxlv1 z5VNBX9XzoENypF?+r8hGm9?-N*UJyYT^o?RBS6!aDcE)FM#Y5pby@v0G!a;x+;a5n ztx?jW*p0tm52W1}+4x}A_=G8 zg)ZqLE~1K&Q@V*8R2giqy2s1)`qTkuv~dUkO+DY}z)$z{z5wY5lIR?I9^;XvEZHy( zN={k)K}Ge0q*CXml9)Xck?%ZbdDim)(tg`ig8DIWk%b7>__pmKZk*8%!q^{;+}ghv z=0lsQh9+;-K$=m(_A7iYFYW@Pek5oGlsl8c8MY<~o8)9~N>B5zgCm-U8t`BThrr}c ztIB`}lO8VGi9{8AlB{#mmM%U2SdQLptM20z!==%ltO;v-uC1fuRV=U%94yj6IbYsI zl5vFDn^ebyK)(Rt7s_3^g1C=41tgpqx*N9rsNFxudQ^%Vkih{BFxgwhO6%)dIAY7%{ANZna+A z&7;q*HdjS3^4zWaTsA|ri#}J*2MR%#Z5b-UR2))7t-Lh##GO}YCja_f5k4epwl8e+l}P}7lYo{^6TJ(_ z0%Dy&B?0cQFxev2D)o4eKz%TZlrFWbw`+`+0f@QsLuXOe%Sj+5ZW?NmCm}{Ygck3~ zlHt#w{8jza!LP&gU@MbK4Q_{-A+O##SZ#>y8$++V$KKPlkVaq zE9C7>`-ik95>|!QAvHGLe26^?#37&Sk-L)i_};X*!5KfM#Hov}t&>eSpGd^hV2Ijpeve*}2%J0+hU#2JcFmzbxJZIft>) zg%vHBB5qKlw6Ms1er5FbYfQ8jk5|GO!d)e-cS>ur{_D}1Xp}=Oo-TDM7>XYR+1`a^ zE@><*S$c8`Xo4WP_p@CVZZ+%GVEa&S6GoM`VQnNH22*EKrzM;gyQ_Wu!^^T_aa$VA z*8!7fNotXBxTI2vBd7(L76mdZ;2lqW89kGR&G_y3%qF0ueHosum@KAv;L}Qa> zk0V6VIcJ8b&c^E}o{dJ?in&ELlS;M8{5jk$@|wi5nUHYFS}@0%2P&dw%F3sTWAwr`Q)^B3QL@ z_yN1nxrXD$)BK162F_iy{LS+f0IjEvW_hWuqp1n04gnguWf4wji}W6a0w$$B)(l7+ z=M9Y9x%Keum{Y9rvB8`34+$b{`0_`)&rl@`HNMeBMh#mK+@6z z;R9@tHl87wB@lw!fn}FJM@kI6qKY`71~s@;oH2GMj1QNBGhS5Y5?0!X-PO4md5|RJ z58sx-5{zlv2lk6Sk1#>u*NxUcNZh$OXA4?d=#pm~kr&2IjPHDEN1!`td$aaNXlr@k z(tKQU_%I)0_Qjp0?PsaD#GL)U#77e4XZ#ceihwBaX6GG_jTm|wYB6GS=OCXK^9E^) zmc+qhgnDtL%^7Q&O6$9z#!PS`=?PMwWge1}Mq^E3KC^M@N9VjJZEqS%8)a#W`?xc-8dlo7w6sWx!4!LsBIDbIA#s|w} zqWZe>r2Uh3(lI&Vn~^L?)%-AzornxD5~uU%)W$(%B@wR2;hyDTpAtOB}X2 zn$8R1h)$cms)Cl#14E(AaXnmGb?D{%I6s1TKgGYDvrK0fva8&;7--3G*lpF0KmwEb z$`2GT?@!?;#gjIs?4Mgf6X-CZx2*Nu0>im8z64wM)x|ZKU+5&wn`) zNjIbdVNBvorR8%j6CRdXNy2E9gQ-B!IHe3 z=ApJqHxaF2lO~!Fs*O!qqM3Bhafj&a0JbdNQmF|5$5ynT(RNsMGuM9QN73@S4!Y=a zG%CgWp7$u{4qMBU85}ioh$yi4E@9vv3)2?PWDRpd=Wu&cUz#fZ^Z@3JH;ukgd3tzl z`T4xrL;iw@i<#UnmjFDeliVpPjBKWF>DGy6sg8a;6uv_1EAN(FzsTZMQyz@U1;NoM zO}F=~6~I_}SHHtp{83b;Cre1+S_)qZ1PfhiDg>Rg59hjfg3wb)xO!FGZ$(zFk@L^zyhHMdsS8W zF8V5fJy?x~he_HrX=WJhRyDQvqUNlU$GUe7K7lc9OuB@=uj4-Sj4`7fFBI?lJf<*@ zwKPgy*g+yihwh}82>n7{+wilP_{)g}`Kk{eps9EaAkI^fEz$b^CwHXe1Bw50 zl^uoAor7K4d~l4~+0afj+DB`L3Z(yduMleuDsOPf^nI%=l5apnXJmC>?AsZWF8ODU zLL5ldFs%^ni3@|tU?6U@>)R<|F10*cm+BHC%tg=A~uR&c!ek!B8A@J-Hovojd6UwKGr2cW>$zI(at>nNiBf zx%En>L~~C{!WS2Izquolwzd8~i{p)Yp~$$*5MjQ0Yx*tRSnbBgoU!uJccs|ia7RLN zY-e;}J8?D-haTF0`@v(&fm69<*Zg-O`S^H=MjL{6UB?t$ww1W(DJ-QDwG;r*IqG0* zp)xu)Jw4X*}3gP=@ zoi5B#xmO&f^HPEo36{;t&n_JVuj;-fRx?TYlH~g$!LH`R)nU-d=%^Cxx6?R zXP$~nEjPh<3nnUN6H2Bn0sKhSx=mk-A$a8! zi12*e$o@GF+d)LY&R5T0@gZVm8fJkGu6Z=T&ex@SkJ-it>8}a1(+NcU*+RVqn;@c3 zq|RmZ7c^S%=`ifABrp8-g@md5&D-5Nc1+fyytdEA8av0waM0p+Lj$bm`pykqG+|kP zZ+2Vk?w)+SUqJ(YswGf)3yAa<)_U*knwnelO?Qi1)w{9m=s1NIL2J=jUsrrZs{2ne0y1YIyj4^ zFT1*tQT1B0Vs2vIg>kUCsCgwzF&J{ZcEC=LMV!^JEYUEc1lZM4Wnf<_=vgYZod?hj z<8A6p1n4C*9dD&UQ;o~h8wS)*4+`c5?&vghi&Z~)X;Y(hD$H3>n|6oih8j)1*aE}D z%u5r?CLzQbx*D_K8N6dc*gDStkEt^cgtGnqf0!7AG4?ISGWKP%mn>u7vm{YsNGf~U zBt7lLQ

DwSm4q9_S%c4@O#6#AXJ=lOhp&;Q2UbKTc+uJeAM*U5rpVb`OS zAqC0TN&oW#plVUnXNV6&)Wr2yG?nVP)stH&cyIb#atP{KBYIvQpXt{|K6mCerfwG| zTl@G>pgdljuD8DMtfMd-7IcHsO5{zZ5BNsQu@ow6x|&}qi^v6E6tP1$zLoz18@H$T z2B;fn)q)xn<@X=L|R6@yeVqqJzRn(Y_myXFw0go zLO)F&o-$<(Yida78~!S1e*WSYCP_%qF#N99Q)x+J*EGDAhI!C!D2oq}X_BB&VPSUJ zHDpphWG0&04ZBLY1(+&G&+Ju_*rk6>UMVm>Ie&C$e~+snKNLOk6|Hs2wG!Gb&DD8C zm?#=}$M^ZGACs#e&TP!Cq`o9Unf6t8i9*47mU(`U!tbA7r_S&?8^;-0X%86FqIz>^ z(duD#`j}8ymabo6S*C@c%Zo%b{VDfYRi!?p`n93>xcyQVuTYCaCEKWfEO*7}WS`DC z-ImJG+ZzYlvb~v|p6fzTrRV)yf$wSD+y((x`zIC-5??l*PW_p;XtJV_eU^F%64uQ( zmTL1Yk`nCKA71%Ber{{nq-XMFJ`b#wSCt~$SM}$njgWT|uL>BJ#M>NliNji|I{0F? z4rUIgzVmX9&i}%cd~s5~28y)TjCWqM?G=iqQ1`KaU!}i=MF{cNa9Y?y--HtJN1oQF z@(MClmyeh()cg!TSSiT?#Rq+QiZDoQnT4n3;dEN#Hqk@Pc_9h=_WJhfuB5J^gIFAH zHth2v)@$JT#7_-~5}y%18<(xVgFqF>#-t?>p!kl$z8qf3Y}zG0`#M4kkKwaoYYYu2 zl(KSNY3EOhou`kO%(>p6cfJ=7;cjFc;vH4H zB+;c9bKB)wh5^qSWY)r~FTlJ)>Kj%e=P;#}bVW##!%#d}T~VGHc75){G_ldo143sILWOK2fe4~Z(KEyu&*@IAPt8K3)t6)+hG6UXLVNZ90~r96Dm z{6!tri-M{it`4Zxi?Z2Lhb|2_u4A(`j06K*78)&06Uf@H{e(Zy*Jd_NW*VuH`Tr_S6Zl+}3Q6MZb(Y>%}W(@C+j3s&bDTP$~lXYD~y_qiF zJZbMx&XmcW`Yv5mv!Nq1COgmHCPocTmc&Z#udqJqNNGHjZXIZ{>zaeWq%^yTNHOnH zH0CQMGk~YD-LVbt7|1zyiG zwU?}O3*-l4N`8ZlZ1m($*{HH|0e@+6x^=k4DNmy|*~a3FF4s7+*#?qjon>+jsgl;I zjx~B{cJ}X9(N=D5>QtMJo7EI{;hIxpNwFgApBG*)Ni$^GWKZ+6fAs>F^4iOr{mRE} z&BRAqskAb)W^m}=-xpM##5=w&yLv@RWvxc40Ap9f?lMUKbK-d6=kD;ddxJOXXI-J!eYXjvKwx?$v$$^WN@4Gs@JriAaqJ5t)dC+IZgIpOgsH;dt}F`Z8DfT6qtw zq1Kx8y;lR$H;(ThG5;8ReHJJUW&Kk71G_PONfU0A%p!?Z=ByC*I9Gc6AP<469xyvt zA)UC(jB>0QJvTqlVSGS@Q;a>Prb1R4?{xi1E+=WiLIWp=;j_6+b9#NFU%B9vBCqkx zA+*Ab@{eS95;4gat<+8E%#>6wSqW$mPiIGs+@PrVu@RX^7O)idyX8`jeu6)ge%M&} z-M4vPHa2ExXG=R&7lk=42hYFs&-44$2YN*{?0Mr7iTluYZ>L9qAz0XI6t5H%tDr7$ zEVb`x<0ehyxm`-%MrvUfEMeZ6_!HLNaQrDq)%Ds>9eW6609WlP*iSK=_9jLtyu{ey zV)zelK8H-lGtTUdOk#M`O;1ek{g{iz1qgM?lQF86J!$Tw7ABTHyUgvo$-;W57dZSN zaal>4^K7{xw!9Sr!!YOjicWW4a|kHayDi~;6rZbzT;aW>*j0zkrkszO=lQ;FC1(} zwax20xrjFX?-j%|#_kg*tT{q!?qm(~_KAW&F)!3P**FY)I{W(IhaN$K$qAD=6gpww zJ88I_3iL{OC3@lRVR)?6;=5U?a`^Saa9)FufEVtXTC&`P5<%K!=^DtqOp;N)4l7DO zKJD#(1U_V~wEMSOBwgkl z*nS|v(KxVP!;CV^cH-rwbKll7D`54yxg%!g<7^MgK55TzTb0AXy!WHPS7whL>sBD% z%NgRUOjQUV?4$=6pB>V8YV4p8!A|gLuGd zEotRR)W5DMAAiUL=F$PJr%7p}617~tal@;Par1@_i?3fE%*DqycBj>vuj zZHc4|$td_|-Jv5zzkYmG_7^ksO2j9+S>EU$(xt3fq%$;*h2Y15M&K=}e zJ8|#j9c*?}KH)7ZBs)_>8t-l*#@4*4>Q-)BhNjGinV^?ZU7urFCU*aP>s#qsL3-IA zp+Z2LWih5cGb5|8=kHRS4y~WMB&EB>11qiXT9dlvM-2TE@7>V%XJ-%JKk-%dFp49N zVTL4z=u4A@Z^TNMyr%`PwtU-wJUz&P@7Kt*NEALQSh^SQpWF2FD65^PKAita%_FB(C=Hk);@Ic%|0G0uey0MmLYhpLJ{DkI z>2~wN&lC58;-BWJ^34u?d-q5z<$Z;j*xxU?{GTsTysa+XldxkMgQY7~_(?L=9Hs9R zn;jzBxaOZPt9^Y1WK*AuRlr5*#?*ZIX=A72NmJoYUYZH822Dmuv21Tm<`!*V5EwH% zZgklHu)MmPH4c8c)ShkSTyps4F~(gth}yZ1-Pl=rZ)-VAoh-!D_m2f8Y6u@IGPXi= zp#ge8o6F|ShsZ;@B7)n$T4;{0kQ1}GDtkq_`ooW<4F&sh@Zp^jr>%CzpsiouI(S7Z zLgF|F1SZx@RWx;YDLa}>bZ@uG2AF*f%%uOs&|&wZxJhu{;mY*A?=J~-(O&?rcK3qL05DB&FW}b;_7FVl*^+S3d3DWoff5a05 zNZz{pfs`y_0rBg&=*V&r3OE9+-Pwu`?B(G5`#q2T^F7_aQjt=a0eaohmmLU0;@9HL zWOru-&AxNL{^)X64q zj|>QAbsBs89uoF5KuzEymX4g@T=!Z1u#(FdUKU3J#Q%+DRYL$2(9FC&@mw1rAUuxz zUK5_SW_TT73eI)1dn;WD;P~$PIrnMZ*%(rG9Nvjh6_CPa;(mA*(rz-M(dQ6o0wV~@ z#Qe)0F9(B+a&2MPtL>X{O<*o*4@}A{gVcEnO}d(e*~ae6S*ib~DTfYd1@ud49v@O6 zywM7I|Mo(dzzgH|QOou)3L$`Ocza!eIT(p&XCELV{69;<^m?iMr8C4{9UyJ#Lgjw% z+8K_MTcG4a3W8iVtNjnnsMdM0+?8TTqEN(P7rexaj39*{ zNh1g?ZakvwCf>|@yd{zDunA?6`H~R-ionCtaXF7aC=QB$KM7pZFeeC0Rf*W$4du?@s7pzwS)=8@Ipu@9^w@gs$y_fo%%}VXCj{`wfYW z^rrhCqLs;H)X@NIU{jPXC@?ERC@*`si}=WdY8}v@^s*Y89U5wXcWiJ3n3D^Q+$?TSfz9K#(oP2k2S= z0$byXOq3pDfw^vI-19;Xyb!2}J?|iUz+wI8D-;EK5@Sa&+AD)b!6t_g4>P^5WDwBS=;2RU3~oP?llQa)8*vB%>Zja zeN=r^V2(ouB-H9<@E)r5X#ez#g&cmQc_T?ISVPZ^bZ@S|#Prn8S6(nd5i{A`l)U`~ zSr27+=PGb`kP`zxeN`e@OVk#<2M5oARf1486I3Zy_ycic{8ahPbJ7cN^GX@XHOk}99UdQSfvIF+!<-|`i`X}|~q z-8yF_@-g_4m|=8GiiPdOAj95FIDQjGXZt5a!ae|G88C7N7SqL03pl1ft=zkM?TYjW zx(WSWoPx;yq4M}Y`-io9iZCu%z%8u%B2^UyMIW#`){ShQexxc=|iQ%LQGX?m3+ zF@CqA3zoRFbxjhavU`FWZ$Ab}xexSyUxk`$Bq8QO5uz<|{4qj4xz#)uz=34hf2iF5 z_Y0S@7<)dKK_HbBclb8h8~)N>w}4ZvzL-|h|G*Q% z3BGfJrvILguw4S0>H@+BvQ3!EW6KrJ=v3{0=lmt;MW7 z6_$W&Q6(foXYRiC%Dy9Ub}DOzZmY&y+O&b}?2bkob$>~ga7R#TOKyaE;ja}3!zk8J zT}19T`1SD$!n+EW@P!RY?g(q4yrdEZacImO4_Ya0L&HXCj%I%@a-7`>>Ma6IU|Ojv z`=tFlAK+ROz={B_j$ZED1Td2pSX8bcD;l9R1wK6WRf){xQ+s4N8dR=Cl*;~^HiRK_ zGB9uyo>v<-jGPZHgBkaJugv*6AUgC(I|O)$ATqn(c6UgA2!SLTDW26I@JRkpUs?_& zCZ(@%nOnu)fb&lEkA>-rN2fz-gWv5G`3#=nFH}jWpsWL{3+?O)o8+5Bj zzgl)6V!%8+Js;okI)2VPe#-?lG@eYJwKwOj=0c`;73Kf`q`)7H2+U?%n#=v*g98T) zz^Fh}(YOpEexOvksP+zo^Z4bOR~xyHl{E3z_7TJCR>P9bK!0(NNf&Q?Qhd(00Mf+o ztIi>iOyA=)N)(IFW059$oawd2@Hw}e#`YH(pVF{Co1V3a!><>!H@{s0i(L14FW!z#;)-TCl>G4pFJ}GUSe}wX2L1Ekh6OB7oE2w=h`K6*ME*g>z!>V7p_JDFrSpJ z`WACZ?Q26=LSjZ2*rF66zqJpC3G8AVU0C#92CHrB!OjltPVp0IdK#o2#1hu-IE~QM zfN3U}jqw+xaBOIB_nIzlOqdc6Nk*@hthVU2ksUGteRE>uaDD;6rR=f6?;=0nO!_EU zrzmUEI*+P#l%{?sJor?3gFI~P|F#1yV(Lqd;S%xYJ4%XDb!R%HMQTG2y>le@-}9NyO=!NxVsBwcHPskKAwUV^Ypf!sso8dXd;!n8!5~$@;J^d7cA2QkRy*Em-oLXp<=V0= zNHu!n=nxp&TzREdKnQ&=QYWjY2L(S)f3G4p{=JIOA%wqe@m(6R-BLPQrnchr!L{=; zz$C;8>LdO-`bz$DX?c-KG>cVf_iF6s-!Bj0`L zMk#tq?C%6|`gej%DHGT$=^9c>gvIX)YmFa~DD9!8nNrqqi+^Aw8p!#Je~7EQ$WFjL z-nn(dN-F8{mbtm^6q_HeJ6fIVxp9+oK%i5x?t8ZT=YeIowc3u~1tYLkp1V43L{vMV zOO+@Z>G0a`m|WUvxI?_z;1y;OO$R)k6~VA(fc`x#3Cj^3EA;{NnZP$)sV#@GbMsfcwU)vg&tY%?mcT_^#FaFu!b?Q_MZ}+ zE>`$?HF4pw=lyK#x-O*j)C9e`m$bf}CJ^oz@nzU)a}!)oRzLQBdixfNduIT#r3r!0 z;{cqM*b{JSklVA=1J9(%z(eT~Y1ljB{xS>O`kj#eNk+dVu@4s}lXY7)^v>4r(HbTUMk z$M*r0V9S~tA~Y21n85=jdQy91cnx>*Z(O->M~G0;;c$o4KJ^f;HC^6HO8aZdj=pbr zu#&hZKN%J7r~KWsLNA=hE`_E1883LokFHn1^x=q$=zYY`K7Fw~Bd@T{ZO2bd^(Vdy z=MI({=0cu1 zdcs>rsXFE8Rb#24hE$zbPt(o;79sUsE_2DbZx62di3daesseHb;$Hm^ovZkEwEQ*# z)YCxT()r2iw$sfwgBpFrE3HJke7Gc)b(@QN$JxH_&~Ad@c%8?EFzQ~ku$HuRak8*I z?i1)Md8Bf23WCqP{=5BLa-OrfHa_bd>kh;Xv%oTL-fos4$)?Vwt}(^r!Y+%7kKNDu zfm!Etbn+aED{0?5i7314?`_9-?}#NDKzY)c0Ww09^D?u-T;QowT5KaX_74{0;s$BT zEG^_r&PI9LJQdy;zTQ1id%)*7Wo=hmBOT3Pla!D0SiO!cn{b}AOeWKH ziwto^NeeCizcscL?fKHUlbVx6=GADYfNT%%fG9~Ql#-xWgCE`eC8tv}`Kd0YmEFU& z(a9^wm*W%AssmCUytb9XJ1B0edlXzws?(+MROX)k_I3nZoi7c5t+#Zmj>q1&O)V7?$7+!Er+?@o@ zC43Hue1seyqTMPclx}UQXCGSXlL4%g9Z~K`-A2R(o4HFG$^zH4XewT5I@>Pe9D*6o z04w8(fmc)$_oyH&%mjz8*XyAibhiL#}Q zKPQc`XGEOs+^?k_0#~&0Tehff!ykLEj}=(D*!rBOxz{wO49f>B+J z9C%joWwv(c$?28migIADhNpDSx7o*6Mt*Ut(7U>oI^2G}QJ)v7SHo_-T8bV{GFBnP z$<`Ny4U}bU-|f*$5KroFAzeC2VJ{c$-NncpaQAko@Ou1k^_~f7b?D4p`zZ%tJ#3=} zrs)b~$H(=|q`e-v)vue(Y^R?S(KMg=z}sOji7rQqXOZS%Id(>x_?FBg%Oj{1xm~(b zzmo)=f7=JPrK4ls7jF3x?OuF!nNQVW zrum9f7k@7HY+%2NeEP`A#bnnY9=X;yA(iPbFngx7$F(%mIO~rdYI7^DX&@_rlXzv% z@&v_dRe)!Uy!V&W*NZ~)$ORJ^YFEsfP9;}LCh7)v8!d)LaGoSuAEL~6r!vvP3l9+W1MOglqMQ=V`CB!Eqt zXFegFldgk4J?*H4*K^SKDY!lq*2b((PYoKav+mgPv~!WOHc19p+kajhKF(@jY2azL zv!o(n9f?e0w|sCD{}`5I$!Ayo383{d3l;iKy1`t_eHNcfum;RTyJ3`*jL(}Rrudx+ zTJMHurKE?i&OX1aUWl*U@x>Qddf2-H$L^RN?XfHl3B#YQ>3u7dboz+mU#5 zDn9s zKLyH8CdL%@!f}X~)qQ8kJZocrhKt$nv~9NIslGDND2z~1>M+W?Qe&Sw$T`C=CR)q= zpI^GTgJ5zvc`expx7*9-kb{Mz7B3@vq5sE=Z-K+rCZF!n0ywy~`X*BOq(750u8Lwi z-oB-*PH3Z$Woy zQY?mV$(|O=YI395|9SZ{yuBBPK`P-LZH0r2o!g-7M+fHxmugUL1a)#Dz}8AANZJ;u zr*t;)ybrOZH~uo`i8BC(GI*V=a$WEGgg6J2>0b02?pSLW*+yGdg_nTKyGXMq7m4eI zl(4t>r2eL9P^?Rd(ZK~+!aRYy&Tlvz=ZLvsR$vllWop`@Y0Aw+oRrGU=pegCYgyE> zElRhlC^_9H##ga;sJT`$_#b5IJO;0L|8~4Vug{rzO&)`9bJ0I?rG* zvi*vWFs54_&lED8vC%qWz{gl~KR!y0WHP!WQzsj+3l|F~at?2oMak|T8r*fyaQ$5B zjjzQo=)EnMt}x5!kWa9?dO6~@z0U2xvCDy90Q0j=g7rmyZj>&-rAuoTfs_-gW9rB{90E|DKK^fD%=3W~+$K zKn)XZ&1cAGd1{6Fgs4KW)|O4P&&^i3=3WgD8eG(Bv6SBQ&S$qrr0~Is>%%MWpzE2T zPO#3|P=C!Mj~6<__|V+TM6tMHfo3g>V7@M9KNOwmfpNcI@z&<3X*VlOpZEnKExRty zkjHXn+3CZnjIp9VQR0s?!30U?^kHk+q*Eztq#sQM`aN6M8Ip{JD1CG8?8hs=&Y3s) zqnuUi@}C{ZVVvQ+h5YtDK(_Rx=1EB=+GE0V)fMk+ruP61VQ<%SRTt^!s6xq^o$G=W zm50-Lo(5F*8N*&f{ti>AEsXP0)!c;fXsrk|na$F-^vPQeb|ejn{W(wLh$_+;IGbgM zRx;9yS+c7=YHA$7V$T!*2O}$L~YO>x>oS6E&nmj%E`^E_lNhZ5m+UYt*gV?HI zc-N%ym|(%&-kfL0%NmXc@akDDZFjkx$|5=HuB)l)@oJcOF8J%x&7~cLD*{1)*b=|D zs3@C^W;^uh#hAL)L9s?I@f{n-?B13thzMN>;r2x*+jAFWbjTWp4+d=qV|pXCUSdH$ z`P%A7M}Bl&x32g&t?Pc@@sQ<|s`OWk`o5<;n?6RlaTvbAgR;RXLfbh?{hf1*M<<)x z*|rK8-gUyL*YeHqJ3PN}!z;8;;j6JvvaCB)H@$bi-cToMmeiY5m%3B1g>0Ri zfBBAaO{rT`W*>79FWz`4%}Na}_z4YN1aL1B0Q*G02>j`zpy032wMnRqPvqO2AfLg z1WBU9k=|q>5qtLY(oTwF$*pSTZoN8;y?glqNj|pGTGn$e-aEL%h?}p@)2|#E4tKq_ z>Nt8nyU%Uh_njYhz^pm{Yee|5U9Y%@l)+TrglDV&a|?$E{3su}iG2pFs|)sFsijk% z@!gkCW5>^RzFjCx%@hY?oq~pqoBK@K4>_k5`ANCQyDN4|oe^JXK;6uF^Gm<2?YNit z`;9Tlw%XZO7G462tA7;^0Z%i=R8k}p1yZ;ow$s{rvIqWUk3>`eo=Y+@x zu}3)icCc}vPJF4_U+ecWBePfbaxU`VjIJI8GoB)n+$YAR=;6+df;VZ0>DIB}w(!Ew z4CnlSOIZkoy^Pc3L~9hltnMq=bP1f0!6`C3Nyo;~-eIIU=9yA18&ecB!g_e z=iX80KmxbW8~XvRFnolTIL|!X`bIojE5Mq9x4G|eqB;H=pCdaHgx9Q8C9aw zM*7W!jAmHcO3JOakXFDGFQ{Y>h`vZr#F9*%t+5dug-63u(pBqbhw#Z9>U_0ggys+N zXD58)_!Q>_o;AX1**qHTloR+XK&Zb*L+BRH&q(Kho=!Obi9HQ%$(*JEQmkX&+%UA? zcQ}d(HaYpJpWjL!-~YsYcHjN8Yt2Si*;LX~a~Wk!9%>=oIgGZE^zb ziH#JzW?CofwMGgzvXL-plxj*!_dV;55`MyM#~1Y|v{+u1$?1&J94?l9n^B(G*#|F< zk6e26Z>A5+PbjI{0^m?~Y(~Y@cBaAcA{F*=8N%fhX&M(QUJ6f5c{k3(G>0={)la7w zH|xq2pbppA4?6DQE$*Jdx@swm^2cK|sJM|Pg^{-{tB=9Xw}ldDO|0 zzf?{MGL?!;$qx4p(7k5?by}0S?+5vbw(%V)etVGm zewrsr>z!HfV&>O_|EE&$MG08_Xq}nuy!H7wCeq0QjS(@{L7r|CZYC+l-yp?C|E(Qr zf#jZ%;@KyFi;Y~RSF>a3*XZX^{RaT+Yl)hBfILUjc6bU93jb9=tu5?|K6MTjHszD+ zdX*knZuziXx}@lW*#pU}45Zx{3H~?f`SQR2nGUWfyO^>A9f8@mUzMJZ^BXWHJJILp zq&&YSARO{D?fU!Y5C4_15f&ZM=N|510_m*MDJkO&;T=cmb6BoCBqAOLwG+Gw7XSWA z0RF_go4uheiPYM|wI}LsiBMu{tP2l0Eq^r!#O9RPjlYT7^nYLe1O{n;v5&*n=U&OT z1e>ei4A@*EqLhXNAqzRV;@zUdQ+>0 zl!8Pfj;~0AwHM|fYd-AS8gm(&Jx1WVX7NF- z{QZ^yX=Gqdx*+NPGZ|!zOA$mS-`x<|T=DKZNROk_44x$GAxb**umX$5(!+JH;};KZ z{^RjU4N$_;7jJ?cphJn6Ik66zCsI%Tu}*-r?5B!UhT~*` zT6!bE8XCgQ?}RMW$iZqTz-Gtc?izW}LH5;u#M1vB`JghqCn!Z~-1%2s4+UdP(jFId zx3&DmoNCy##&4MieulPhIR^+BI&>yGeB1Y{H4J}E2B_avrr$R&Y9cnwxY+sa^ zvS~)H1pKSir>TJ!mT6`i4kcZ-vN?Z|Ge&>Y(Y{cT;*koqwa;lREUMkOWbuh}{D1;5 z%^gbQC(7>I2L7Lszl+7^@5DIiMxsyOl}a@5po3J}eYpan0axDT(;F|Y+Ja^X1j6Gu zvl!akUW6x&yyIzT^R(cx$9*1}$?*qSf#Kuc{mo`JNi=W8{@U^Y>lXq@XQJ8j9}q_B z`{>_6P)HA*H=0iut17|V{r-3EQlXZfl&Kd4Bqgtl@j$70A1G%5f4c@?YZADHHKb^l zAl=U`^O+fkXq8Y{52p2Au~&k~OL_74Kdiw6)C*2M9DaE6hT`7J9E8@27)7%FJ-h;nX_!GArH_pc_8z zHn4Ic(YIefYGkX-Z+hJAg*v)RUNVvSu+XPe|Gpyd=rL8bL$>xPw0H{!R7t0V#~ToF z?Lp=21$n6#v@S7YM~l?et8o+Hk~Ke(n1|@tN9&63BfDJV-}x)xM#46EAiYEoNH767 z&B^QQpcza&*+OWJftv7O4JZxcEC#DpMeHh6dtIn~w(}`czc~XHwvN+okKGV-)3(2w zc|EikIv%G(?*9Ol*&@W~(@h7#p&M<{0P1xdaS4twcFIY=VYB9%ak%j@^v ztOCcLxALuW@t8e82ihln1*x8733FvlsO*}kV&eZ45Og}rnu;;EW8waIg{qAZsrrqLd?;gnVxe>uXW zRUB~^T1x1`xY92}`J2tIIUCpQRS~oKbLU-;SlI3WKLvrt?!56xok%MZ6mw&AcCn%&k9e98Z9KXkB&@DnnSIT!YkCb(aN z!9H z8>XNdCwIyNK&1$MCnk-t`G~ zwkel%t~Z9V^qY4Z^QcV;V8W6wDodOtEy0w%09I7%_cV}v3gFG#x^6R+)H8<6WF*^^ z{{Bg}7k7{EOSsn}cotF}+Z10c?uTt4Wwsg&@L%NjZcY;Rwsu&Z z90HKKzGf}(p~6M}cfaEf=@jN4|MnLuhm?5uNgOsC;Re^qBF!wJCrZrJ(7+JWr1+(f z`Q)4KpXZH2egor6_qvLLurVtyD?mg0Wq^{fD4{EF>CvCZCnxHxwpzS|pK+7{+u z@n$RTD3~i7)qI}K>_yLaA|g4`q-WK|oY!h=9PtdYe5SYvCcD$siH4U@lZVu-x}iVE z5vVK7?>Tqm>s>!#IEJA08UuE@kI<5IkhxAF?;HN~>aG^erK3G?#sDHUHD z-_jnDQi_sEi6s#iHP{StW&JVM9M=^{TcB>3JtbxT<{!t6OEVoO{ZIR!I(7fZ{ZD7# zvz`A?aOqOWY5SN*l@EL3-jnBv$SiL-yDWRrU>fDhksSNU^4H3h&{`AEXJ*FVTkSWj zv>xZdj=jn$@k|<A)xve}DSJvBV!rTuZNuuBJ0Vs4 zYtg9a;85m7FY9?5JaeUF@MlXUDm!})9Esl|a>qz99Nz$shs2MXeqA(@(df^!h>5d4 z$fGX6hm~jh7qiPsSNSR>V$GQ!KwpDh=UBp4F-m|kT@e6*~ju!|6_ zD{Pr|2*jYS3oL=H>jHpM_ywe$V>Q*>twnVL-3O0+Zr$X8zkjP);`%G=(UC~=5*W#@ z^lIf_SxThvnSvu1kS27~S zm37Xa-_t1kr`2r*LHJn@vQC*BIh+3Ns(Nqqm~t(!$KHN)TNMxst}oeN7mzjLoxsJB z)P|TggAy?FE>!k!9IU}x?R zy6pYOZ{D5S3ifj)-=5BMAb)G;#K>kCH`rPHQv zmL&0!zayQ7!5o}r#J6lFj+NX^4(AXHs>{l8xekFUW)3bTqBSg@;}^iWbi4ccGQ8)% zXO{sOkVw2$`)*(Awd61vJ$j5rq6h_l54n zWhkn)-g(+6j-es+@btXeiC!B#0Wr?C9kZM;O1WwhDAh~bZbWKHEdh5fZrpZlo;VTq|GSa%!^$S19~BJ*Be!Fua>Ij zM5se5k%?(Hsmq%xbx6BpaAzHyczbF2()C|i)^=x_z~rvB6$f3jZ8b@4l%h62=&hmM zn#`l?O6_YND z63SL&X2(8mm9vzpjBc9?eZZRyi&Kfhu5U}Z{!Hscdx3FoI8W+RNH!endWYEuhQDJP zpYON_KKgnutZ?n=`7(4SDe@Xq56_+~y~3@Ot@QSg+CH79Bl}J*`Uuukzdn4|U!q7+wU(DKm=vvw) zeFE5!Jy(V$5X#`vxgDKD6)u*7K!PVN!K~_0TLbt{)-cNX{bW)-G_h_|YF4}SVeM|; z_bA7cuC3> zxuhiKA8A;fNF_Q~zo*@wMtZI1I3`E&Vr<@wJv(2YhZIvFaCKX`FGNhX-mmf5o<)+$ z!g1kLYpBITT>(3_-COlEs_yEm4#x1kR(Cse@a&XCUL$~EITR0j5h<&$Z-2v1eJn2w zriZ0S!+_YliM%O>ZX3wd+pVsf$}XJaY*ZwVkNUV~jCA@8o3S3;tb`&8Md!QY@&{k~*s+t$s>v9Gj-%XFoN4+kY8NRH zx7*2Qn7fp&vP-eL%Yhxh-F;)!Ki~dxS9APloEV|x@=9SljYSvR^gl1a&ykov8?WE8 zgvBuiL3yOGrS6d5BNgs`u9~CT_89a~H;8{JbHy@K4Nah4k+jD0z2{M8WvZ(yOlQOj zT;q!;*$qb-|E0d^Uu{a}eJbp`WlqL0(OnaLL!ioKtoH-d6)F76vXxw!50(Zwexkuz zhty)hZmaZxa2w(G)>MqwU9i0t9w=#BA^D6i8*rZ8cgzKAWMx0P3#Cd(8rqGDuSwJ2 zC=XutDb`r5m5O}REWHPKQ6t}L6OOQTPb7Ndul+fN^E2_)eP;HZb-AXWud_Mc%7~89 zXcf)68O)W6%Huk<>aO1cTk-fofR!qcnSOG8ph>eQP#PS`*4o*{udM6T_wAO~Ynz zvR&+foMKqBeG+seZNc!B!L2S{^F(^KUISa$p8DR-V+ugFvxemwb~(OW;V-1e}^ z2h}Lzjv7cT&^*#}y2YI2Y_k!1iGj&(Qrp?9X4p&a(TS^v+DGX&C$n>-u^(RYL`{C_ zP$l@xX6hHVr=H<>i)qtuioNO0JC^XYbChEyWb<;&&B8?Mri>-n5}!XT`qV`r#*@)rQ%QveY+12T+z zt2pb=QDnx~4GH)h+ya(Q&>&R)dX7Za$txOO^+}DZ6PzFJbsxrnr*&(VK1G?L9|~r9 z1_Bgz_@lA!qY;6iLUXqWUBi^wrg3ws%XsO?&Xu^_p^sP$NbV|y_RPJrL2alYd)JkRQBhS!jdVS zPTo1a6MezVw(PR;7g@`H*{VJ8vtLjS+x|mXYu8CZWkET?-K2fPi5jfYL7h0f_|?OK zVKRX=-FVW5cQi(sMUk|a=(kwX?9poAlhJ$G=+LcJW=ly5<=s0e9mv{(dQdvQ@MonzbW%d#Dr)>;YNAhlz*~xFWZbfD7-=W5cy-*McB25 zsk&C5>W>MNT9^~qF%z+4ZcVOfkC<*yBndtk>giZBlbux%BsfITzVqZWaT0DxJ!xu; zV%>y%AWh2g_x8GWHKC{5uBq!Kn#?%ZE!;xaFWe#Txl>$wyy+GBjoI{VwCqjET=JdE z(ZfGGucmx|slCx9e!0Gl%#b2IY-&=r7SFu4dmn}R$ucVaS-Iq*C)ep~%WZzCs`oJY zY{3b#vI>Bp`HFh)L%`{>#1$(D-4XVT zd?1~g!N?1|<~`A{Yf;912W6w_XJ#%c8}}-i_m@LV5TQ};xkB6Sdd5d}yyGv(D*S1a zOn8-eWR*Qw`!&68D-*3QT9&)6l`HaltF6_SJKyVnHRCyS)$iD#K9No(qcFAPTwdqc z&-|&l@^j&JnAF7StUfMFyV|WsT=c~!P)DV?*;2O)@>T7sOVlRMPKLK}jr~0EHobnd z+I4hT|D3^g+hh4^2ixqs*C)=_dxe?y<6Cw|>7w7S@Tn7+9Ca++MehXo|H$&4Ws``Y zp?2|Q#wF&=`n>Di=V~+|^YI#tQR*oeqqbj*PSvuqY3(RdJbk&O9&)==Q|Lt&g%h-P z+3O*22>%?@X;F&3A$=65kY#LVxZN*wnk8v$rwMv&9g>yw=&F1B%uw{9OzBgPr!s4P zF*(Jqdl2cjqpPVkw{}-$2L@6IQqd{H+6OL)8yzw6$IXbb5O9KQujK?iPW_4|+6gTl zsQ2ApuV2cw1})oIV`?9?sP<@%*ky^~mmjPQc-Za8?5q_TD-$q_`+cX1I1yGz7w4I1 ztql!gl~b&1BWEASh)%>ey}6x<`aOyDzhapt+?MuG)0zU4f&XT-v3siOGd{jkg4JKj zWK{^wk#V_XJ?4ypn$J>Ob{r)UGq@+*&{ZmABr*^e^@-;U|1tV<|sTq_OL zT>j&3RV~ZMXL*R-jRzu#vP45-{#SKIt7(pMw}JZaS2<&)f!bwuFV~J z@i}Dpy`G~T-M<0$h+v5vaa*pqJe`NT?AzKN$;c|?O5l1f&1YzQnR@Y=BNJ{!U3(XG zYd=+g-K`zrKIXoK`Uh99=Tfs*)<3K|uFoCKNVvzL%qiSiPo1s)O2oJi4x7{l)HY3q zdxuSW3GO;IVerzElj8;p!Lxp@#j0e5rL>h4GC8rDpU!16;I8&jvMqj)1wEgb81LdM zep$XziNY9j8&`PvIR8{wR_K9C!+Pg>FKKOUkd&X1vMqQnH~juM;ZEn|oupV*GqQ1X zRR@MIqf2ws-GRYbUskjAgyyYv4U76hy~Ca7P0ss?Hz%8&#pG&COShzj>1-5-xEIqi zzH+|29d+C1)`^t#MfIHP?XsLT*1yp>ypB%WZ}+H5yFC!q5=^M8#Wl;`@z?rD6SFc? z7gbECpH0iEN2`_xok0xSz6Y$honEx0XKb%w}lFDiIWOqBV|C#blVIIGKjfU8pdX z`Xn4bjbG54LxKL2(x4KUQZFRUTEdQftB(=Uu??(4^UJN~iaHgc%j~N}91Rx9{Prv7 z)WQ_o=*FaKi~XtW&rw1>YO(sk5>;A5s)^^sI4M8>Ut4D$59J=Vai+o8#}X>bjD44V z&AtuF&In;pNsFaKWZ%ZV8_`Ok&>*E!mWB{2Q6Wo6NJ&vhdhh3)&ii@)c+dGy!_54i z=lL!7eO=#c_Nte`qX&#v+l`-S`NXY!5@W(p`@V7zgm1xD#qwbIX*mLVU5S(S<;>PX zv$=YveI_0@WkY_A?J?!|Ft6)8oZsO6(A*{m>V;K=(R7VQ$$G|pS`n#JU#9<%C)(U+V4oX4Z9^;C(bN zUwr_T(-ql$m+ba-v;6l2eWOaSVo8VMrEvujwt_UXxNLUa9PtDENWFZJ&&u+vh*fWg zc(#5TIdtcvqLUaR3<8yXDoY~<3k)zDGpGT~Z80{fG$1#YbXz{drS+hCV!04xwxHQ^mkSz8ZDz{uIN_Sl!dyggv z)aLtW!|(fN-TQv3R_#k=UeUqYPA44|$*9-LBl9`zUL9wK6GK+vJ%x|HHg6-^1js9P z`(SL`lq_K#yei1a)mv489r$w)G@dP#Oj2ZFt{qggl?7FVD z-#TtC<$vimDl&suiVZcJL zA<`wtA1!0EQDOFdtHiR|^LA>w{&ikO);r%3{2!i4nN!J2)br26JT-n()tgdBjIq)aYPBMo@!wVy`fEUvEBv-Vn#*65HlRbWv z8vpf#x8s0n{qdJdn{nQ2ZR~8yJ+FmniAPkAP>oG2G1MCw$+e2YiC$M%#rm3cY;C;L z&@DdZjxc`eAzzPl^?boF8!=lhb8JUZzDAnRZC%@1a4UGluzt{InIdl=6rD;Zm85^T z7gS^0WEiE8wv1lIwz-)1JK`5qrIoC?r5NJP+ip{@WGeeS-FbS@2ce5zO8wLeGe7{9 zviIIP=9kcAsb7kGJY8?NdAbs`Sfihx)MPNC8R--m1Pna_zPiZ(_i{Ord|(!RaWS9Ze2Xq-Rf@I>&-tIBM@ zEXjPOM2sfy^F+$jw(pENPA8s~QI54j(LEAyh$lijg4jxbko!A&F(d6~K1dY$2WNj#KJ zo|IvVe2Ypkd>em2#~a_9Lizi!t$#AkVD{y>@25H6 z^my+wk+&_Kvl?hDQ9E6g!cDxNz+7NqF!)2EYH0iLtL(lh*X2JZEJ5ru`hLFVFO*6# z)5`0QuRL!iQoE-qhidpxme6*BVdlEtFxMp_6)eir_%DH*( z^8R@7t&+QT-jv8C_1A?@I+7%IXk@GSoLo!)mVNF)?8hrqd1H#i%GnT)JRy2CgGgO5 z#qUyxcfEzZ&$dU3tw_j|156>)Qb~F;Q?A6Ez6-Alc}@?~hbnwgDYaMa6$n1T`x}mK zt!b@_Wxe>hq--T+wxuQNO|Cl@ZTQxYZ*?m}T4-oNjCkkp6GA=}nTAqz4xBq5fbG5^ z0z1j?oPp?4Rrf1-cV9SrBu9lJ@U)XB<>jyxT#vXU`WpA`ghJl*RV4L&MKXtJdykw7 zpYOZFQKz&YWd6$Q-}ME@!4M=gX`KqgGM`>dp^k`6phGxUIvA`BsDtZ-e+C5Q&BndN z6;{d3K_5oh>nnLiFph$?>_xT3GyFR2bL8HIp#_w6^jl>rolh=aafeDF!Dj1#_7ul- zIbDP?PMczyP?00Wu*JgK@T?wYn~EI*Qx7`M#C6JKB@RPI_1&~qjcoGe<&iGB;0o36 z&0;^_$3Jt)ef!w8PJpM**F$^3aEq&F26qeV*v))6(13(`Ic?G(&z($}y(JRdMOc<$ zM;UGA0#pf8#n|^qelCYz<8V}Q&}7g#%s#xmaJ@`Pu-k-YzqsU`&a`WseqooF6T;M17xeJh5!%3GLDQyoRDZr!HI9id5qy zqwIVtM))oc+C-eaY~^E!a-NZ#@@W^h(jTkuBt1G`eL$OcvBGe$xjNd^Le1-U>bB{l zawljfm|8p@+RSAk#rFvR+1KX;Wn{`vsv&JWNy^A3PsbCRMB)8bLD%zWZ{uN>IRB+{ zRuVTwUgkb`HMnMAzbw5ImGqjEw4a&=C!r6DhzFDu%D)0>Fy-E177}h zre>2%_*Te$hc&S+%Li9Ps_~LZ8c&l%G=AQeZ`w6*KC$<93ex9rS`*WA`4Dn_(PBOK zv=P#E(Mss=$-IK{eea|6N3PtdOd&>1c7`2VE7^^U7U4C$AFSZdi!H=QS0q#D2=INBTc4&ITdAPIazT(X+yCuB&3sG>L)C4bgE!lZHgRX?7$H8)& zyRa8}gJR+DoDF0hrCLtaZsv0QwiHq(=fyu99HJJ;B+9V|x=y;nOZ=P+JT5kMekxwH z&{-8bgZ#DK<}Vd{%WrLopq!jPv^-Yez25Ak2)&*dp~&Iv-rXo7lop z^w7{(7hJ8=@D8S9I$Kb#C}fFye3lVj{%42jn#r&jw9EeM7Cv#ZZUJwl?4eIc98w7& z4cx7Q!1RK&2wNkrY+lvLCC4tNjBVx~B%x{!mi15^_}vF>FFk}?sw%o!SJ!${b(r() zn%FQcv0CWvY~;c)ZbP`>f!djGrz#XAGh-K@Y8-}8DZ-PRp9`7cBb;2cSS0sk>{7J> ziU0y|=rwijXzcDoEf$Ij>72&8 z79DP{E#S)jbLpnYO8qO{XGjC|XIHa4q`!d#sSP?HZSTN={^e>}P&NV=DDh-o1Y}4D zd@n9WiAOgapywA9IQtB_4c2`2_Cx2x^W@bs?^8$;!m9>G3f>xN!z6G_ScUF9y8+NO;D=e(lAlTN~f^gR!U& z!f0mcrbm<3cA0S;?79-j0~&>WqD zA4*AuRpm}Sup65JL#{?Tzmf((GAcfe4{u+mqt`c=bE(-2nv5@A=iE6qgP~PP&@V?a z&7+*D@F+wI`y}VcRE=zy9n2wpIMZ?e%q_o{hkI?G0T>Uw!}Ygwy$g;sE$MIw|bUF z8rdJ3f=xgkb=(6e9)2M5ENXq1clbA=|FQvJ_#da)LiV(0=*Of~^2GpXZ(KrR^g5eD zfi;kLv5}!QOY9iJC#rV7RkTYlJgEJ0C1;g9T4U_ED$n4` zM=%Y&1>Nj@Ph=SMhu(OEX1=FcS10D1Kxl^sbmK}9>{UPb?1?w)=0l$e#39~h$W|Ls zJ2oW!(f!7LgQb)=zeq?g7f-48d>E!Z>8fOhHjLFX0PC(Bk1uzk)rHlBpjafLgp&_X zvc}2GcOh-+bF1?{i0kyDq@fu%k1orsZk!MV7S7y&I1ePKCV$pHsR+VjQd^fn(a3wY zU!vGUw8R5^2F7?QXe!fnArS7yRgqlA-^54fnwHkJe5l)-pR9wFDmgH*5-#c91~B?; zsIuuOxV`#?&c5TC3+X8?OkPVk+py=*yHW&_0-;xri2|;WEcNH}1t&G-`h<3iK5mA1 zKjlc@-E&7~GBpPx`}ST8Zb%jpke@TQPF$yee=Es6c3n2ASFkcuR`Cshhp$&NGO%RSWW+KvkEgKHJRQ5Kd%4L~4ig_iK>9 zrJ1$5kO_>lQA04e_mV9I!`}LEFSL$_jghr8VgiS%@Fm~ZeJZ5nNxuWmNW1-FF*?IN^1bi_TOSxo) z@M7LThTc)IQZH?Nl2HzhPQ8oc zH%c#X>aVvAfx&FCcED@$wwHl+SuW!(2-5mknIC4y)h$B*PRsMb>D)W3A7no~o>6!c z9J+waeo7{8SPu1q($iol2RVxV4S0wLS}(xwrC91#VZ;;Yv?KI?uR5Bz42AF>i$_wT zLXH#7xKb172pWWiAdtXx-5+0wwB&F5^%+9ge(Hwvcx7KtI3$l z;DAt$q18XX?OY8q>A+B+4s{~G-|ZRioV(Qhf38eo8xo<;+`YY$9V0$;&Aq<`A_4Ol z!hrR5@{CPn{%&;lz<&R;y-5Z66$_?W2W@%-<`y1GqqMQ92U*2W#OC>w7#|li&#-iV z)6|-Uv#TR)4jyK9NGFT2Tpb5#Yi1jCi2Okw^3F+|n3ll6Fr2FTUaaOChGs^0OVlOb z^X$0#NuGi6Vkbfx=@ErHpMl8&F+J4!j%e6qvx5D_dm2VMQa_f4%jj0 zcppQ58%a|fDzHibR^Suq0Fj+>iP)pSJHYST=N$fQ|G~S*Wtt9vOv(P_?HkLErf5kU zig(?EMOoG8t#wiTrl9O|t1m73yK}|ZnO_fz0$y3gVbsClwof1h_DRB3S6LK2 z#%?JD@?$iC17N9cjsztUx%m}6C^vtCGvem^!2wy+h8QxHSwG5vse5jcBBp?_ot$b9 z4toITBx}|3VeVmcuY}YZ*5hfQERt;^!LC90OETO;w4}q5P2Ci(#WZ zdN6q&2F;XwvFqSZX=N1X15^6-RR{(cQ0d ze)F`pn;OV$)y_oj_W}=2$lE)w(hQ?9STw74iL$SGG<)ItmyrG;HxhAeMHt;p-+@AM zwQevLL$`6)>4Z(K0A2~n073Q7jiNbpD45nBAVTH+AVT6fTC27{h&zRQ?a1ZxVF5Z< zY!xEW(k$dNDU>ya(ozVTdK>l66{0zMD5UvU4IuFikZtFkYQZQ(L*^{^j@S{1 z(v=oR2|m2Oe*M$amypFCh-isSBv#a5vQ*2y^uv>@n}@!^7^Hi{@507TMBH`S8UvJy z_eA&%yCX1HrVTtU6N52!5$gtjHnOh@%)$2at_@Z#tRO zIRU+J>QL?df7CZCu1ig?zTmeXn~bP-x%`2N}G|uo)0R1>o4uc zOvZ+~Bj8Ez2bG&#laZFXGHji-tEu5Dq|mNiN4nR%X_L#4x7$RaT?qIP;W($)0;7HY zquhv7NhQ!O)ggSLU^+ZSFr<68XE@}tu{TxW#OC?k$OJzv*k_d_oP8IZvJ$8pn&mkD z*7gNKgA3Vng3!6O8irZilLCrwr}sBp`1}PSb=2r3=NnT6$-2zc9~NAxafTYCc!_Bc z#%Wew47*TKeK>`we(Fij%MOq&bpBtd4bL-%4WrR}r%q+<`$05OC#lf#Hu89wVT-%X zqZ~&QJU4$8S+Ks@LoCDHsEpc9KQM$mJ^^$Tw{8xRb0E0+`tnB3?pbCPfOg0cs=8DU zMXi`^?Dc*0KEe7#4&p59e)G28_xg#!FQFoJ5?N7sPG3OZ4(18pONE~lCL#nXSaV`Q zdWU&=s5$6r&O1o5-Xc@Hg~}j1txt1K+Mk7bxG^?HYFCUES=^&mrY4&=|8XD1>m zvH9RjnOK5r_bvC_Y_5e3SS)7W6OGp?!Z7S4PXRb=ZEb_xv>@^Lq4XYjZl#KLsq`4L zt$T|>d&qhoM@(_+oYK-_k2Ty#M%cpc1l!Q4hpW=Og zY6r7V+j(E>%SX6*-pMr^tskuqY?;57KD!^sN_0u(iVLT{5Nke;RZ@QchcLz-+~&}3 zvFlU1ge06!zMt3=|NgVP2Fch!IscW^C;odhNRX45KBP09D#k{5^ELwbzCTGfk}1dG zU<1&LPSF-6Q$m85wO)YGxt6oSj0>ptTjJjvb>iK*&R#F3>@}#Tcn=%$2N`_<`g5SX zq|u31cnYR%JW(^6n zGo*28ERTnYSJX<34VyY+0<+9R9Pt2X~0=alTEA{Sp1mrc7NG4rTI9 z)||5_nl}0DTb~rN*(wwpf=`Mb%^-)GToZCYzcY%>-%Ftq+WX_92MJOHtinl%N#V&RLOfnMw6PU@k0M~X0frZ2k7lGDHlZ^c2sm;Qu`WM z9BTv$3yI&`qnCbRuxE#B-8IRT#{5)F$h2I5z2{zYGGVaMYRnPLoqt!iw_pV$vtOL3 z`fml4MiCIMYk+CfzJFhWyfQTt?0j!uEM)$(NJ^tV#2PBIeCE=!7Ul{0gk~-&)Nb#p zzAW7#qxOv{xWJ$|NGCH;TgOYjXYEkQx}37i>+bo`zi(M)iaU1ok(LrrUnxQU(?F*l zV0#t$_a8}OLEu2M-k{^o%5_YbjhelGwOKG}MeBlfvZKnaJU00%Lti^4@RsTJ_?u*L zaHAbQk*^iOqW|#D^B(?DDFe>eI~MmvuzucXvUYg`dP}=rogfd&H`W%WU8xBy{tm^- zPTz-`uA1{iSack;>25OlK^py-s$cmEo3-pH&O6G{f$MOYHC0;c!}UmnUGN+MB%u zw;+6`9N8$yjA(Cj5Uy6lDcs>7k`zzTha5>6@jVqzI|#qFSo{%6MP6Kq{1b7H@)r_4 zuR#=tVOvJ*EejlLHI_xG&vrP_RhR$qv%PUmi|`63K4o4s0^k_6AR;jIgdD~ktw8n zDiJ^b>+9kt1^G@{@lQ>(-;5njoD_5FO?H}!?>4hJ1X+mnHaUKoLi(Ls-KlKKD{=)r zs?fVsL_cF+-U9(nm#8mr1u0YeaIP(-3iR~$*W#7`*m}yPeKU$})3AgLwmAmwIQ2xU z8KX{R#H2IaLXc$2YChILo?MS0lP4qJA8;V$-F8{{{r6F;hx|@&_A6h7%%rsUqc(`p zOKv8lUc9m{Rv6)y5gfO^^C;UQotXp()jeOqks80R**WL~_NfZgy6~*L(@!25Z?VKQ zCjE#XU4lkp&K?hI-eoL`RBuMpngSA#L3-4>6!q7B&a-$rEvf zL2lm68EmpIF!f(~8?_rO&!{};LE{XTHMF4R2P&xTx+1h3!!KH0%{tdQ z_{oJ?=%Fi8wgj9y=g=(myYBlT#Te_9%ic}6E9zeD*Og&s*s7K=EHM^vq3XHBl_A?8 zRbJ zb^#|-+>BLrf*;)p*#T^(iG5A8%=lvF2+NwzM4JCl2flt!rJq){NgWT%yWADN_u-1# zuCUmBa1Y-*KXNFY`Ex%2%vA;)P_aL+OmIAJfpF(pw~DtPTe%zt@-ym)Pva9N0Lk84 zX!G#)--$|?KD7r9yEx1!%#nO9$Q zdR5#@?3RL?BjgTql8igF7RPgr*8+mx*ic&3vaS&E>3V53nNF)=*k(I!f1QGg^YX93 zBFa~JOD1u0MiZFl)sd2l;BSe}eNUqa$1HTkvlFO6>=q?5Rzxc}W?HSTjr<)&Gqc#F z%T6m;3=6tJI^X3IDm-TgcdO3_+#4oS24>lbk8gr89J}0WKkT@Lx$o3{3*{D@kwYld zlgAXX)kyidNObB|kH~minjaio%pVxP{S{Zl4nCSyIGZ)h=XG6Ly6^Wu;(JXkm+83B z#81Q@@l)?(S*ZA!;s~i{!{HcwnnkV`AOBu?UUrz)T{3_-(4)G+Zyi_rDxniSX!wKZ z9;;Lpe%Y&%U~1mGjsyX0v(d-Wy%%kuB~Hf-jTljn*?mgxyOSeOvzzD&wmJ#*<3YFA zcM7vL9D|s?t6Gy#f0o}_fXChO37pI^VU%Ox6WSzrH7Dyk6i|n*(JF?-t~_`B_a2qr zje1>}urp4JTOLy5`u0Mh@Cs2LVU?p%a>n3i=!d#IH?igU?N>zC)c05Bg_@3WXwPEt z!n~{%o~ev=;+Hmlw*DC}JM-Gjp^2ZHUinI|N=1TvqmyM<-n46Y&dqKkKAuR~6l3y` z*fr0^WkU+iXK3uIl9Q!ma?%4++FQWgJvus*^V!JCrc8kGb0SPs$evRf8%vqGIRa&f z&NKEvlY?5;ZLdja5O}ft$`y{z-uDB0k8wCSA?+u_TCum|JDFyiDpeC~t>*g9c)Ebt zRkgs^Hfg`#-$jVO{Rl5Q@dG%gibczLbKl`t|B8M7bS>M?CLM$*4`Y__{yVOI^{aBJAzll$b5*I%? zGp{h>++(H!=>|PDR?~ODp43yz3#)W695AhFcjwgsh}6QtCc8CvrEqmc+(*m}4v@p* zmA!BtKKa`1h*0%Clb8gWHRwW^hu4c+WW`UaWf_)*k)cZEhzT z+R+ym%Y{CNbhCZ$S@fs3k5o2qm3LF;uInHR<1dY|d_t zvRl(hCz+Zf0O&4)v7)83tqXCq;s-ke-EXi!bpONAz7(?^(X-V1(mRdkQb?~%UYJN8 zidj^y#yV-MfKoO6ckXsVql_4~aC@Q|R_Pc%F;$ONUp47^y;IJ`PePLSgV-xs?5 z1xiZRb>&oCo#^0ON8X$x_?f5K#j;NTst|fJ2goRCb{6Lee{Y@R3|m_)^G4iM2RmB! zsQOTw+k?{qE~E|;C)rSXo(YeCRZ~n6grog8T@USw)~Ei7OLxakI*2f7a-8HpHg9)4 z`xuSrQgtH1&<|<_3Z_qNK`&%;146yNh_h_k^B+ZOx`>HuH_2EC*!qiFuHCj|^5V_E zPnsDH3$(xK_pXMV_t@O*-QMB(nh#LDk*Y4g5}ZrpzQcTC`QcFNQ!WcZd{GYM_gKdn z-W2fNXuFvQMm)Z?Kx&TRu>dkVL|49zpmiIlbUeZ z(54HBpgYg^D5e*Z;0RzWdGs=oEB+|6UXr{YcYdLq>jeO}_ai;3Z}$MCY$-2@NupzR z`3*&rPW7ROXP4XP`}GQU5ZdDr8Vd6qu8U} z##7`yn(gBKXS$)&+BrV>;7lMA{qd^a*FqJ*n_BzL9z1O_js|cM`{hG5|1NH^avU~c#Rz(@>2C&3$B?q+reQZVXcJrucB!hld zsT!J+710ZwG3Lnpg8A>EH{=Rpgw4bNTT+ Date: Thu, 14 Dec 2023 14:48:43 +0000 Subject: [PATCH 295/653] Add some clarifications in thread_safety.md Make it clearer how it is possible to reason here using linearization Signed-off-by: Ryan Everett --- docs/architecture/psa-thread-safety/psa-thread-safety.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/architecture/psa-thread-safety/psa-thread-safety.md b/docs/architecture/psa-thread-safety/psa-thread-safety.md index 8e9f59e302..f7452a5e19 100644 --- a/docs/architecture/psa-thread-safety/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety/psa-thread-safety.md @@ -292,9 +292,11 @@ To change `slot` to state `new_state`, a function must call `psa_slot_state_tran A counter field within each slot keeps track of how many readers have registered. Library functions must call `psa_register_read` before reading the key data witin a slot, and `psa_unregister_read` after they have finished operating. +Any call to `psa_slot_state_transition`, `psa_register_read` or `psa_unregister_read` must be performed by a function which holds the global mutex. + Library functions which operate on a slot will return `PSA_ERROR_BAD_STATE` if the slot is in an inappropriate state for the function at the linearization point. -A state transition diagram can be found in docs/architecture/psa-thread-safety/key-slot-state-transitions.jpg. In this diagram, an arrow between two states `q1` and `q2` with label `f` indicates that if the state of a slot is `q1` immediately before `f`'s linearization point, it may be `q2` immediately after `f`'s linearization point. The linearization point of a state changing call to a function must be a call to `psa_slot_state_transition`. +A state transition diagram can be found in docs/architecture/psa-thread-safety/key-slot-state-transitions.png. In this diagram, an arrow between two states `q1` and `q2` with label `f` indicates that if the state of a slot is `q1` immediately before `f`'s linearization point, it may be `q2` immediately after `f`'s linearization point. The linearization point of a state changing call to a function must be a call to `psa_slot_state_transition`. (A function which: locks the global mutex, performs some operation, calls `psa_slot_state_transition` and then unlocks the global mutex, cleans up and returns can satisfy this requirement). #### Generating the state transition diagram from source @@ -316,7 +318,7 @@ When calling `psa_wipe_key_slot` it is the callers responsibility to set the slo `psa_wipe_all_key_slots` is only called from `mbedtls_psa_crypto_free`, here we will need to return an error as we won't be able to free the key store if a key is in use without compromising the state of the secure side. This is acceptable as an untrusted application cannot call `mbedtls_psa_crypto_free` in a crypto service. In a service integration, `mbedtls_psa_crypto_free` on the client cuts the communication with the crypto service. Also, this is the current behaviour. -`psa_destroy_key` registers as a reader, marks the slot as deleted, deletes persistent keys and opaque keys and unregisters before returning. This will free the key ID, but the slot might be still in use. This only works if drivers are protected by a mutex (and the persistent storage as well if needed). `psa_destroy_key` transfers to PENDING_DELETION as an intermediate state. The last reading operation will wipe the key slot upon unregistering. In case of volatile keys freeing up the ID while the slot is still in use does not provide any benefit and we don't need to do it. +`psa_destroy_key` registers as a reader, marks the slot as deleted, deletes persistent keys and opaque keys and unregisters before returning. This will free the key ID, but the slot might be still in use. This only works if drivers are protected by a mutex (and the persistent storage as well if needed). `psa_destroy_key` transfers to PENDING_DELETION as an intermediate state. The last reading operation will wipe the key slot upon unregistering. In case of volatile keys freeing up the ID while the slot is still in use does not provide any benefit and we don't need to do it. These are serious limitations, but this can be implemented with mutexes only and arguably satisfies the [Key destruction short-term requirements](#key-destruction-short-term-requirements). From 6ecb9ce5fc7d77b6d54881ab4d78231fb4784f98 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 14 Dec 2023 14:54:24 +0000 Subject: [PATCH 296/653] Link directly to the state transition diagram Signed-off-by: Ryan Everett --- docs/architecture/psa-thread-safety/psa-thread-safety.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/architecture/psa-thread-safety/psa-thread-safety.md b/docs/architecture/psa-thread-safety/psa-thread-safety.md index f7452a5e19..4b122c838f 100644 --- a/docs/architecture/psa-thread-safety/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety/psa-thread-safety.md @@ -296,7 +296,9 @@ Any call to `psa_slot_state_transition`, `psa_register_read` or `psa_unregister_ Library functions which operate on a slot will return `PSA_ERROR_BAD_STATE` if the slot is in an inappropriate state for the function at the linearization point. -A state transition diagram can be found in docs/architecture/psa-thread-safety/key-slot-state-transitions.png. In this diagram, an arrow between two states `q1` and `q2` with label `f` indicates that if the state of a slot is `q1` immediately before `f`'s linearization point, it may be `q2` immediately after `f`'s linearization point. The linearization point of a state changing call to a function must be a call to `psa_slot_state_transition`. (A function which: locks the global mutex, performs some operation, calls `psa_slot_state_transition` and then unlocks the global mutex, cleans up and returns can satisfy this requirement). +![](key-slot-state-transitions.png) + +In the state transition diagram above, an arrow between two states `q1` and `q2` with label `f` indicates that if the state of a slot is `q1` immediately before `f`'s linearization point, it may be `q2` immediately after `f`'s linearization point. The linearization point of a state changing call to a function must be a call to `psa_slot_state_transition`. (A function which: locks the global mutex, performs some operation, calls `psa_slot_state_transition` and then unlocks the global mutex, cleans up and returns can satisfy this requirement). #### Generating the state transition diagram from source From 9ede76cd1d3ccac24c9545fd9c8b2eb6f2cf65cb Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Thu, 14 Dec 2023 14:17:31 +0100 Subject: [PATCH 297/653] changelog: add changelog for move of mbedtls_ecc psa helper functions add changelog for move of mbedtls_ecc psa helper functions. Signed-off-by: Joakim Andersson --- ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt diff --git a/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt b/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt new file mode 100644 index 0000000000..85d970c7f4 --- /dev/null +++ b/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt @@ -0,0 +1,3 @@ +Changes + * Moved declaration of functions mbedtls_ecc_group_to_psa and + mbedtls_ecc_group_of_psa from psa/crypto_extra.h to mbedtls/psa_util.h From 05d670b71152520169672421018c588d0e17c294 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 14 Dec 2023 16:00:57 +0000 Subject: [PATCH 298/653] Revert "Skip checking on maximum fragment length during handshake" This reverts commit 419f841511e0e26e846b6d512094fd935b03ef2d. Signed-off-by: Waleed Elmelegy --- library/ssl_tls.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4d6b958637..419185c567 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3472,10 +3472,6 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) { size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; - if (ssl == NULL || ssl->conf == NULL) { - return max_len; - } - #if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && \ !defined(MBEDTLS_SSL_PROTO_DTLS) @@ -3483,14 +3479,10 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) #endif #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - /* MbedTLS currently does not support maximum fragment length - during handshake so we skip it for now. */ - if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { - const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); + const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); - if (max_len > mfl) { - max_len = mfl; - } + if (max_len > mfl) { + max_len = mfl; } #endif From 26e36983575e857e5a0364b11f20700bcdc6f9a2 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 14 Dec 2023 16:14:05 +0000 Subject: [PATCH 299/653] Revert back checking on handshake messages length Revert back checking on handshake messages length due to limitation on our fragmentation support of handshake messages. Signed-off-by: Waleed Elmelegy --- library/ssl_msg.c | 12 +++++------- library/ssl_tls.c | 5 ++--- library/ssl_tls13_generic.c | 3 +-- tests/ssl-opt.sh | 3 +-- 4 files changed, 9 insertions(+), 14 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 29518c385a..6579c9686d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -917,7 +917,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, #endif size_t add_data_len; size_t post_avail; - int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl); /* The SSL context is only used for debugging purposes! */ #if !defined(MBEDTLS_DEBUG_C) @@ -958,11 +957,11 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload", data, rec->data_len); - if (rec->data_len > (size_t) max_out_record_len) { + if (rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { MBEDTLS_SSL_DEBUG_MSG(1, ("Record content %" MBEDTLS_PRINTF_SIZET " too large, maximum %" MBEDTLS_PRINTF_SIZET, rec->data_len, - (size_t) max_out_record_len)); + (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -2743,7 +2742,7 @@ int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_t * ... */ *buf = ssl->out_msg + 4; - *buf_len = mbedtls_ssl_get_max_out_record_payload(ssl) - 4; + *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = hs_type; @@ -2780,7 +2779,6 @@ int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const size_t hs_len = ssl->out_msglen - 4; const unsigned char hs_type = ssl->out_msg[0]; - int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("=> write handshake message")); @@ -2819,12 +2817,12 @@ int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, * * Note: We deliberately do not check for the MTU or MFL here. */ - if (ssl->out_msglen > (size_t) max_out_record_len) { + if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) { MBEDTLS_SSL_DEBUG_MSG(1, ("Record too large: " "size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET, ssl->out_msglen, - (size_t) max_out_record_len)); + (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 419185c567..7a8c759fa3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7004,7 +7004,6 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) const mbedtls_x509_crt *crt; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); @@ -7049,10 +7048,10 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) while (crt != NULL) { n = crt->raw.len; - if (n > max_out_record_len - 3 - i) { + if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) { MBEDTLS_SSL_DEBUG_MSG(1, ("certificate too large, %" MBEDTLS_PRINTF_SIZET " > %" MBEDTLS_PRINTF_SIZET, - i + 3 + n, (size_t) max_out_record_len)); + i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 2375021785..7c7aac80e4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1376,14 +1376,13 @@ static int ssl_tls13_write_change_cipher_spec_body(mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec")); /* Write CCS message */ MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_change_cipher_spec_body( ssl, ssl->out_msg, - ssl->out_msg + max_out_record_len, + ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, &ssl->out_msglen)); ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c6ae2cab7d..8fd295f300 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4883,8 +4883,7 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ # Currently test certificates being used do not fit in 513 record size limit # so 513 record size limit tests will not pass until certificates size -# is reduced. -# TODO: use smaller certificates in during MbedTLS TLS 1.3 server testing. +# is reduced or handshake messages fragmentation is supported. # requires_gnutls_tls1_3 # requires_gnutls_record_size_limit From 852de3c3f5df22820d215446cc4437a4c7a80104 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 14 Dec 2023 14:46:45 +0000 Subject: [PATCH 300/653] Build with -O2, but without assembly Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ab422ea154..6a83319540 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4561,7 +4561,7 @@ component_test_aesni () { # ~ 60s } support_test_aesni_m32() { - support_test_m32_o0 && (lscpu | grep -qw aes) + support_test_m32_no_asm && (lscpu | grep -qw aes) } component_test_aesni_m32 () { # ~ 60s @@ -5227,18 +5227,20 @@ component_build_psa_alt_headers () { programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H } -component_test_m32_o0 () { - # Build without optimization, so as to use portable C code (in a 32-bit +component_test_m32_no_asm () { + # Build without assembly, so as to use portable C code (in a 32-bit # build) and not the i386-specific inline assembly. - msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s + msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s scripts/config.py full + scripts/config.py unset MBEDTLS_HAVE_ASM + scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" - msg "test: i386, make, gcc -O0 (ASan build)" + msg "test: i386, make, gcc, no asm (ASan build)" make test } -support_test_m32_o0 () { +support_test_m32_no_asm () { case $(uname -m) in amd64|x86_64) true;; *) false;; @@ -5260,7 +5262,7 @@ component_test_m32_o2 () { tests/ssl-opt.sh } support_test_m32_o2 () { - support_test_m32_o0 "$@" + support_test_m32_no_asm "$@" } component_test_m32_everest () { @@ -5280,7 +5282,7 @@ component_test_m32_everest () { tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' } support_test_m32_everest () { - support_test_m32_o0 "$@" + support_test_m32_no_asm "$@" } component_test_mx32 () { From c1db99d3f52154d3a357485a08ffb08c302a64e1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Dec 2023 11:19:17 +0100 Subject: [PATCH 301/653] block_cipher: add PSA dispatch if possible "if possible" means: - PSA has been initialized - requested key type is available in PSA Signed-off-by: Valerio Setti --- include/mbedtls/block_cipher.h | 20 ++++++++ library/block_cipher.c | 92 ++++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+) diff --git a/include/mbedtls/block_cipher.h b/include/mbedtls/block_cipher.h index 154ae26e2d..d76d860eaa 100644 --- a/include/mbedtls/block_cipher.h +++ b/include/mbedtls/block_cipher.h @@ -24,6 +24,10 @@ #include "mbedtls/camellia.h" #endif +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) +#include "psa/crypto.h" +#endif + #ifdef __cplusplus extern "C" { #endif @@ -35,8 +39,24 @@ typedef enum { MBEDTLS_BLOCK_CIPHER_ID_ARIA, /**< The Aria cipher. */ } mbedtls_block_cipher_id_t; +/** + * Used internally to indicate whether a context uses legacy or PSA. + * + * Internal use only. + */ +typedef enum { + MBEDTLS_BLOCK_CIPHER_ENGINE_LEGACY = 0, + MBEDTLS_BLOCK_CIPHER_ENGINE_PSA, +} mbedtls_block_cipher_engine_t; + typedef struct { mbedtls_block_cipher_id_t MBEDTLS_PRIVATE(id); +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) + mbedtls_block_cipher_engine_t engine; + psa_cipher_operation_t psa_operation; + psa_key_type_t psa_key_type; + mbedtls_svc_key_id_t psa_key_id; +#endif union { unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ #if defined(MBEDTLS_AES_C) diff --git a/library/block_cipher.c b/library/block_cipher.c index 1118d3abbb..0fd78abdbd 100644 --- a/library/block_cipher.c +++ b/library/block_cipher.c @@ -11,12 +11,53 @@ #include "common.h" +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) +#include "psa_crypto_core.h" +#include "psa/crypto.h" +#include "psa_util_internal.h" +#endif + #include "block_cipher_internal.h" #if defined(MBEDTLS_BLOCK_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) +static psa_key_type_t psa_key_type_from_cipher_id(mbedtls_cipher_id_t cipher_id) +{ + switch (cipher_id) { +#if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) + case MBEDTLS_CIPHER_ID_AES: + return PSA_KEY_TYPE_AES; +#endif +#if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) + case MBEDTLS_CIPHER_ID_ARIA: + return PSA_KEY_TYPE_ARIA; +#endif +#if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) + case MBEDTLS_CIPHER_ID_CAMELLIA: + return PSA_KEY_TYPE_CAMELLIA; +#endif + default: + return PSA_KEY_TYPE_NONE; + } +} + +int mbedtls_cipher_error_from_psa(psa_status_t status) +{ + return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_cipher_errors, + psa_generic_status_to_mbedtls); +} +#endif /* MBEDTLS_BLOCK_CIPHER_SOME_PSA */ + void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx) { +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) + if (ctx->engine == MBEDTLS_BLOCK_CIPHER_ENGINE_PSA) { + psa_cipher_abort(&ctx->psa_operation); + psa_destroy_key(ctx->psa_key_id); + return; + } +#endif switch (ctx->id) { #if defined(MBEDTLS_AES_C) case MBEDTLS_BLOCK_CIPHER_ID_AES: @@ -42,6 +83,17 @@ void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx) int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx, mbedtls_cipher_id_t cipher_id) { +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) + if (psa_can_do_cipher(cipher_id)) { + ctx->psa_key_type = psa_key_type_from_cipher_id(cipher_id); + if (ctx->psa_key_type != PSA_KEY_TYPE_NONE) { + ctx->engine = MBEDTLS_BLOCK_CIPHER_ENGINE_PSA; + return 0; + } + } + ctx->engine = MBEDTLS_BLOCK_CIPHER_ENGINE_LEGACY; +#endif + switch (cipher_id) { #if defined(MBEDTLS_AES_C) case MBEDTLS_CIPHER_ID_AES: @@ -70,6 +122,32 @@ int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx, const unsigned char *key, unsigned key_bitlen) { +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) + if (ctx->engine == MBEDTLS_BLOCK_CIPHER_ENGINE_PSA) { + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status; + + psa_set_key_type(&key_attr, ctx->psa_key_type); + psa_set_key_bits(&key_attr, key_bitlen); + psa_set_key_algorithm(&key_attr, PSA_ALG_ECB_NO_PADDING); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_ENCRYPT); + + status = psa_import_key(&key_attr, key, key_bitlen/8, &ctx->psa_key_id); + if (status != PSA_SUCCESS) { + return mbedtls_cipher_error_from_psa(status); + } + psa_reset_key_attributes(&key_attr); + + status = psa_cipher_encrypt_setup(&ctx->psa_operation, ctx->psa_key_id, + PSA_ALG_ECB_NO_PADDING); + if (status != PSA_SUCCESS) { + return mbedtls_cipher_error_from_psa(status); + } + + return 0; + } +#endif /* MBEDTLS_BLOCK_CIPHER_SOME_PSA */ + switch (ctx->id) { #if defined(MBEDTLS_AES_C) case MBEDTLS_BLOCK_CIPHER_ID_AES: @@ -92,6 +170,20 @@ int mbedtls_block_cipher_encrypt(mbedtls_block_cipher_context_t *ctx, const unsigned char input[16], unsigned char output[16]) { +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) + if (ctx->engine == MBEDTLS_BLOCK_CIPHER_ENGINE_PSA) { + psa_status_t status; + size_t olen; + + status = psa_cipher_encrypt(ctx->psa_key_id, PSA_ALG_ECB_NO_PADDING, + input, 16, output, 16, &olen); + if (status != PSA_SUCCESS) { + return mbedtls_cipher_error_from_psa(status); + } + return 0; + } +#endif /* MBEDTLS_BLOCK_CIPHER_SOME_PSA */ + switch (ctx->id) { #if defined(MBEDTLS_AES_C) case MBEDTLS_BLOCK_CIPHER_ID_AES: From 8ceaa75b73bd84f10137e282386e3fba911d89e2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Dec 2023 11:20:18 +0100 Subject: [PATCH 302/653] psa_util: add error translations from PSA to cipher Signed-off-by: Valerio Setti --- library/psa_util.c | 15 +++++++++++++++ library/psa_util_internal.h | 4 ++++ 2 files changed, 19 insertions(+) diff --git a/library/psa_util.c b/library/psa_util.c index 0225bbf02b..d19458c4fb 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -38,6 +38,9 @@ #if defined(MBEDTLS_PK_C) #include #endif +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) +#include +#endif /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ @@ -50,6 +53,17 @@ const mbedtls_error_pair_t psa_to_md_errors[] = { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_MD_ALLOC_FAILED } }; #endif + +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) +const mbedtls_error_pair_t psa_to_cipher_errors[] = +{ + { PSA_SUCCESS, 0 }, + { PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE }, + { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA }, + { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_CIPHER_ALLOC_FAILED } +}; +#endif + #if defined(MBEDTLS_LMS_C) const mbedtls_error_pair_t psa_to_lms_errors[] = { @@ -58,6 +72,7 @@ const mbedtls_error_pair_t psa_to_lms_errors[] = { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_LMS_BAD_INPUT_DATA } }; #endif + #if defined(MBEDTLS_SSL_TLS_C) && \ (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) const mbedtls_error_pair_t psa_to_ssl_errors[] = diff --git a/library/psa_util_internal.h b/library/psa_util_internal.h index fcc79aef4c..3e62d5f850 100644 --- a/library/psa_util_internal.h +++ b/library/psa_util_internal.h @@ -52,6 +52,10 @@ typedef struct { extern const mbedtls_error_pair_t psa_to_md_errors[4]; #endif +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) +extern const mbedtls_error_pair_t psa_to_cipher_errors[4]; +#endif + #if defined(MBEDTLS_LMS_C) extern const mbedtls_error_pair_t psa_to_lms_errors[3]; #endif From c6f004f0e2ec4ff25d8e3f6101b081118073415c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Dec 2023 11:27:36 +0100 Subject: [PATCH 303/653] psa_crypto: add internal helper to signal that cipher driver is ready Signed-off-by: Valerio Setti --- library/psa_crypto.c | 8 ++++++++ library/psa_crypto_core.h | 12 ++++++++++++ 2 files changed, 20 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d61e118b54..a9ba787d0f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -115,6 +115,14 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) (void) hash_alg; return global_data.drivers_initialized; } + +int psa_can_do_cipher(psa_algorithm_t cipher_alg) +{ + (void) cipher_alg; + return global_data.drivers_initialized; +} + + #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 46c57755ec..43b1c2377e 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -33,6 +33,18 @@ */ int psa_can_do_hash(psa_algorithm_t hash_alg); +/** + * Tell if PSA is ready for this cipher. + * + * \note For now, only checks the state of the driver subsystem, + * not the algorithm. Might do more in the future. + * + * \param cipher_alg The cipher algorithm (ignored for now). + * + * \return 1 if the driver subsytem is ready, 0 otherwise. + */ +int psa_can_do_cipher(psa_algorithm_t cipher_alg); + typedef enum { PSA_SLOT_EMPTY = 0, PSA_SLOT_OCCUPIED, From 8bba087fe185526d9ae82f43d74c5fd20ba420f2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Dec 2023 11:49:02 +0100 Subject: [PATCH 304/653] adjust_legacy_crypto: add helpers for block ciphers capabilities Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index e66d67a1b7..5842d2a543 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -165,6 +165,56 @@ #endif /* MBEDTLS_MD_LIGHT */ +/* BLOCK_CIPHER module can dispatch to PSA when: + * - PSA is enabled and drivers have been initialized + * - desired key type is supported on the PSA side + * If the above conditions are not met, but the legacy support is enabled, then + * BLOCK_CIPHER will dinamically fallback to it. + */ +#if defined(MBEDTLS_BLOCK_CIPHER_C) + +#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#define MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA +#define MBEDTLS_BLOCK_CIPHER_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA) +#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA +#define MBEDTLS_BLOCK_CIPHER_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) +#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA +#define MBEDTLS_BLOCK_CIPHER_SOME_PSA +#endif +#endif /* MBEDTLS_PSA_CRYPTO_C */ + +#if defined(MBEDTLS_AES_C) +#define MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY +#endif +#if defined(MBEDTLS_ARIA_C) +#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY +#endif +#if defined(MBEDTLS_CAMELLIA_C) +#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY +#endif + +#endif /* MBEDTLS_BLOCK_CIPHER_C */ + +/* Generic helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or + * Camellia block ciphers via either PSA or legacy. */ +#if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) || \ + defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY) +#define MBEDTLS_BLOCK_CIPHER_CAN_AES +#endif +#if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) || \ + defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY) +#define MBEDTLS_BLOCK_CIPHER_CAN_ARIA +#endif +#if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) || \ + defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY) +#define MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA +#endif + /* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols: * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for From c0f9bbca2c3735eff94c2a3e5a5f9fc6d1f77e7c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Dec 2023 11:49:28 +0100 Subject: [PATCH 305/653] check_config: use new helpers for legacy GCM_C/CCM_C Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 34ddcb1596..30ef7d6fc5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -333,13 +333,17 @@ #endif #undef MBEDTLS_HAS_MEMSAN -#if defined(MBEDTLS_CCM_C) && ( \ - !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) +#if defined(MBEDTLS_CCM_C) && \ + !(defined(MBEDTLS_BLOCK_CIPHER_CAN_AES) || defined(MBEDTLS_AES_C) || \ + defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA) || defined(MBEDTLS_ARIA_C) || \ + defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA) || defined(MBEDTLS_CAMELLIA_C)) #error "MBEDTLS_CCM_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_GCM_C) && ( \ - !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) +#if defined(MBEDTLS_GCM_C) && \ + !(defined(MBEDTLS_BLOCK_CIPHER_CAN_AES) || defined(MBEDTLS_AES_C) || \ + defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA) || defined(MBEDTLS_ARIA_C) || \ + defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA) || defined(MBEDTLS_CAMELLIA_C)) #error "MBEDTLS_GCM_C defined, but not all prerequisites" #endif From 4bc7fac99a1a8492eb207efd1643fffbeb81d6c2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Dec 2023 11:52:36 +0100 Subject: [PATCH 306/653] crypto_builtin_composites: add missing guards for includes Signed-off-by: Valerio Setti --- include/psa/crypto_builtin_composites.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 35c2e29b9e..c14f5dd110 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -25,8 +25,12 @@ #include #include "mbedtls/cmac.h" +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) #include "mbedtls/gcm.h" +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) #include "mbedtls/ccm.h" +#endif #include "mbedtls/chachapoly.h" /* From f8e6cbacc0401e92ab61c11710bb5f8ffb42e471 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Dec 2023 11:53:39 +0100 Subject: [PATCH 307/653] all.sh: add new component for block_cipher dispatch to PSA Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 55 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 10a76ec182..85c32b0b4e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3824,6 +3824,61 @@ component_test_psa_crypto_config_reference_cipher_aead () { tests/compat.sh -V NO -p mbedTLS } +component_test_full_block_cipher_psa_dispatch () { + msg "build: full + PSA dispatch in block_cipher" + + loc_accel_list="ALG_ECB_NO_PADDING \ + KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" + + # Configure + # --------- + + # Start from the full config + helper_libtestdriver1_adjust_config "full" + + # Disable CCM/GCM support in PSA as we are testing dispatching of legacy + # modules (GCM_C/CCM_C through BLOCK_CIPHER_C) to PSA. + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM + + # Disable CIPHER_C because we want legacy GCM_C/CCM_C to use BLOCK_CIPHER_C. + scripts/config.py unset MBEDTLS_CIPHER_C + + # Disable unauthenticated ciphers which are not accelerated in this + # test component because their builtin support depends on CIPHER_C. + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_XTS + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER + + # Disable remaining direct dependencies on CIPHER_C. + scripts/config.py unset MBEDTLS_PKCS5_C + scripts/config.py unset MBEDTLS_PKCS12_C + scripts/config.py unset MBEDTLS_NIST_KW_C + scripts/config.py unset MBEDTLS_CMAC_C + + # Build + # ----- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + + helper_libtestdriver1_make_main "$loc_accel_list" + + # Make sure cipher was not re-enabled by accident (additive config) + not grep mbedtls_cipher library/cipher.o + + # Run the tests + # ------------- + + msg "test: full + PSA dispatch in block_cipher" + make test +} + component_test_aead_chachapoly_disabled() { msg "build: full minus CHACHAPOLY" scripts/config.py full From 10e9aa26c5a0eeba46810123bf909a05bce52313 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Dec 2023 11:54:20 +0100 Subject: [PATCH 308/653] tests: add PSA_INIT/PSA_DONE to CCM and GCM test suites Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 24 ++++++++++++++ tests/suites/test_suite_ccm.function | 42 +++++++++++++++++++++++++ tests/suites/test_suite_gcm.function | 22 +++++++++++++ 3 files changed, 88 insertions(+) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 0b8c221946..41d204da93 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -367,6 +367,30 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MD_PSA_DONE() ((void) 0) #endif /* MBEDTLS_MD_SOME_PSA */ +/** \def BLOCK_CIPHER_PSA_INIT + * + * Call this macro to initialize the PSA subsystem if BLOCK_CIPHER uses a driver, + * and do nothing otherwise. + * + * If the initialization fails, mark the test case as failed and jump to the + * \p exit label. + */ +/** \def BLOCK_CIPHER_PSA_DONE + * + * Call this macro at the end of a test case if you called #BLOCK_CIPHER_PSA_INIT. + * + * This is like #PSA_DONE except it does nothing under the same conditions as + * #BLOCK_CIPHER_PSA_INIT. + */ +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) +#define BLOCK_CIPHER_PSA_INIT() PSA_INIT() +#define BLOCK_CIPHER_PSA_DONE() PSA_DONE() +#else /* MBEDTLS_MD_SOME_PSA */ +#define BLOCK_CIPHER_PSA_INIT() ((void) 0) +#define BLOCK_CIPHER_PSA_DONE() ((void) 0) +#endif /* MBEDTLS_MD_SOME_PSA */ + + /** \def MD_OR_USE_PSA_INIT * * Call this macro to initialize the PSA subsystem if MD uses a driver, diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 5aaaaa2e4d..0685e5bd1e 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -69,7 +69,9 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ void mbedtls_ccm_self_test() { + BLOCK_CIPHER_PSA_INIT(); TEST_ASSERT(mbedtls_ccm_self_test(1) == 0); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -105,6 +107,7 @@ void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res) unsigned char tag[18]; int decrypt_ret; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_CALLOC_OR_SKIP(add, add_len); @@ -132,6 +135,7 @@ void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res) exit: mbedtls_free(add); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -148,6 +152,7 @@ void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len, unsigned char tag[18]; int decrypt_ret; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); memset(key, 0, sizeof(key)); @@ -174,6 +179,7 @@ void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len, exit: mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -198,6 +204,7 @@ void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key, /* Prepare tag buffer */ TEST_CALLOC(tag_buf, expected_tag_len); + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); /* Test with input == output */ @@ -230,6 +237,7 @@ exit: mbedtls_ccm_free(&ctx); mbedtls_free(io_msg_buf); mbedtls_free(tag_buf); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -241,6 +249,7 @@ void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key, uint8_t *output = NULL; size_t olen; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -255,6 +264,7 @@ void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key, exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -277,6 +287,7 @@ void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key, memcpy(io_msg_buf, msg->x, expected_msg_len); } + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); /* Test with input == output */ @@ -317,6 +328,7 @@ void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key, exit: mbedtls_free(io_msg_buf); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -364,6 +376,7 @@ void mbedtls_ccm_star_encrypt_and_tag(int cipher_id, iv[source_address->len + frame_counter->len] = sec_level; iv_len = sizeof(iv); + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); @@ -402,6 +415,7 @@ exit: mbedtls_ccm_free(&ctx); mbedtls_free(io_msg_buf); mbedtls_free(tag_buf); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -443,6 +457,7 @@ void mbedtls_ccm_star_auth_decrypt(int cipher_id, iv[source_address->len + frame_counter->len] = sec_level; iv_len = sizeof(iv); + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0); /* Test with input == output */ @@ -479,6 +494,7 @@ void mbedtls_ccm_star_auth_decrypt(int cipher_id, exit: mbedtls_ccm_free(&ctx); mbedtls_free(io_msg_buf); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -495,6 +511,7 @@ void mbedtls_ccm_skip_ad(int cipher_id, int mode, /* Sanity checks on the test data */ TEST_EQUAL(msg->len, result->len); + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -517,6 +534,7 @@ void mbedtls_ccm_skip_ad(int cipher_id, int mode, exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -529,6 +547,7 @@ void mbedtls_ccm_skip_update(int cipher_id, int mode, mbedtls_ccm_context ctx; uint8_t *output = NULL; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -545,6 +564,7 @@ void mbedtls_ccm_skip_update(int cipher_id, int mode, exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -556,6 +576,7 @@ void mbedtls_ccm_overflow_ad(int cipher_id, int mode, { mbedtls_ccm_context ctx; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -566,6 +587,7 @@ void mbedtls_ccm_overflow_ad(int cipher_id, int mode, TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); exit: mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -577,6 +599,7 @@ void mbedtls_ccm_unexpected_ad(int cipher_id, int mode, { mbedtls_ccm_context ctx; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -586,6 +609,7 @@ void mbedtls_ccm_unexpected_ad(int cipher_id, int mode, TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); exit: mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -599,6 +623,7 @@ void mbedtls_ccm_unexpected_text(int cipher_id, int mode, uint8_t *output = NULL; size_t olen; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -614,6 +639,7 @@ void mbedtls_ccm_unexpected_text(int cipher_id, int mode, exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -625,6 +651,7 @@ void mbedtls_ccm_incomplete_ad(int cipher_id, int mode, mbedtls_ccm_context ctx; uint8_t *output = NULL; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -639,6 +666,7 @@ void mbedtls_ccm_incomplete_ad(int cipher_id, int mode, exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -651,6 +679,7 @@ void mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode, { mbedtls_ccm_context ctx; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -663,6 +692,7 @@ void mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode, TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, 1)); exit: mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -679,6 +709,7 @@ void mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode, add_second_buffer[0] = add->x[add->len - 1]; add_second_buffer[1] = 0xAB; // some magic value + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -691,6 +722,7 @@ void mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode, TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add_second_buffer, 2)); exit: mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -704,6 +736,7 @@ void mbedtls_ccm_overflow_update(int cipher_id, int mode, uint8_t *output = NULL; size_t olen; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -719,6 +752,7 @@ void mbedtls_ccm_overflow_update(int cipher_id, int mode, exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -732,6 +766,7 @@ void mbedtls_ccm_incomplete_update(int cipher_id, int mode, uint8_t *output = NULL; size_t olen; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -752,6 +787,7 @@ void mbedtls_ccm_incomplete_update(int cipher_id, int mode, exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -766,6 +802,7 @@ void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode, uint8_t *output = NULL; size_t olen; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -783,6 +820,7 @@ void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode, exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -801,6 +839,7 @@ void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode, msg_second_buffer[0] = msg->x[msg->len - 1]; msg_second_buffer[1] = 0xAB; // some magic value + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -818,6 +857,7 @@ void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode, exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -829,6 +869,7 @@ void mbedtls_ccm_instant_finish(int cipher_id, int mode, mbedtls_ccm_context ctx; uint8_t *output = NULL; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); @@ -842,5 +883,6 @@ void mbedtls_ccm_instant_finish(int cipher_id, int mode, exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 747914f6bc..097e42408c 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -171,6 +171,7 @@ void gcm_bad_parameters(int cipher_id, int direction, mbedtls_gcm_context ctx; size_t tag_len = tag_len_bits / 8; + BLOCK_CIPHER_PSA_INIT(); mbedtls_gcm_init(&ctx); memset(output, 0x00, sizeof(output)); @@ -183,6 +184,7 @@ void gcm_bad_parameters(int cipher_id, int direction, exit: mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -200,6 +202,7 @@ void gcm_encrypt_and_tag(int cipher_id, data_t *key_str, size_t n1; size_t n1_add; + BLOCK_CIPHER_PSA_INIT(); mbedtls_gcm_init(&ctx); memset(output, 0x00, 128); @@ -230,6 +233,7 @@ void gcm_encrypt_and_tag(int cipher_id, data_t *key_str, exit: mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -247,6 +251,7 @@ void gcm_decrypt_and_verify(int cipher_id, data_t *key_str, size_t n1; size_t n1_add; + BLOCK_CIPHER_PSA_INIT(); mbedtls_gcm_init(&ctx); memset(output, 0x00, 128); @@ -287,6 +292,7 @@ void gcm_decrypt_and_verify(int cipher_id, data_t *key_str, exit: mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -300,6 +306,7 @@ void gcm_decrypt_and_verify_empty_cipher(int cipher_id, { mbedtls_gcm_context ctx; + BLOCK_CIPHER_PSA_INIT(); mbedtls_gcm_init(&ctx); TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); @@ -308,6 +315,7 @@ void gcm_decrypt_and_verify_empty_cipher(int cipher_id, cipher_update_calls); mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -322,6 +330,7 @@ void gcm_decrypt_and_verify_empty_ad(int cipher_id, { mbedtls_gcm_context ctx; + BLOCK_CIPHER_PSA_INIT(); mbedtls_gcm_init(&ctx); TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); @@ -330,6 +339,7 @@ void gcm_decrypt_and_verify_empty_ad(int cipher_id, ad_update_calls); mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -341,6 +351,7 @@ void gcm_decrypt_and_verify_no_ad_no_cipher(int cipher_id, { mbedtls_gcm_context ctx; + BLOCK_CIPHER_PSA_INIT(); mbedtls_gcm_init(&ctx); TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); @@ -348,6 +359,7 @@ void gcm_decrypt_and_verify_no_ad_no_cipher(int cipher_id, iv_str, tag_str); mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -361,6 +373,7 @@ void gcm_encrypt_and_tag_empty_cipher(int cipher_id, { mbedtls_gcm_context ctx; + BLOCK_CIPHER_PSA_INIT(); mbedtls_gcm_init(&ctx); TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); @@ -370,6 +383,7 @@ void gcm_encrypt_and_tag_empty_cipher(int cipher_id, exit: mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -384,6 +398,7 @@ void gcm_encrypt_and_tag_empty_ad(int cipher_id, { mbedtls_gcm_context ctx; + BLOCK_CIPHER_PSA_INIT(); mbedtls_gcm_init(&ctx); TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); @@ -393,6 +408,7 @@ void gcm_encrypt_and_tag_empty_ad(int cipher_id, exit: mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -404,6 +420,7 @@ void gcm_encrypt_and_verify_no_ad_no_cipher(int cipher_id, { mbedtls_gcm_context ctx; + BLOCK_CIPHER_PSA_INIT(); mbedtls_gcm_init(&ctx); TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); @@ -411,6 +428,7 @@ void gcm_encrypt_and_verify_no_ad_no_cipher(int cipher_id, iv_str, tag_str); mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -444,6 +462,7 @@ void gcm_update_output_buffer_too_small(int cipher_id, int mode, size_t olen = 0; size_t output_len = input->len - 1; + BLOCK_CIPHER_PSA_INIT(); mbedtls_gcm_init(&ctx); TEST_EQUAL(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8), 0); TEST_EQUAL(0, mbedtls_gcm_starts(&ctx, mode, iv->x, iv->len)); @@ -455,12 +474,15 @@ void gcm_update_output_buffer_too_small(int cipher_id, int mode, exit: mbedtls_free(output); mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ void gcm_selftest() { + BLOCK_CIPHER_PSA_INIT(); TEST_ASSERT(mbedtls_gcm_self_test(1) == 0); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ From 1cf81c3c8065c560c0aa79cc77b6e2c22aa064c5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Dec 2023 15:34:25 +0100 Subject: [PATCH 309/653] test_suite_block_cipher: add new data file for PSA/legacy dispatch test Signed-off-by: Valerio Setti --- tests/suites/test_suite_block_cipher.function | 34 ++++++++++++++++ tests/suites/test_suite_block_cipher.psa.data | 39 +++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 tests/suites/test_suite_block_cipher.psa.data diff --git a/tests/suites/test_suite_block_cipher.function b/tests/suites/test_suite_block_cipher.function index 239568c342..2b166ba50a 100644 --- a/tests/suites/test_suite_block_cipher.function +++ b/tests/suites/test_suite_block_cipher.function @@ -92,3 +92,37 @@ exit: mbedtls_block_cipher_free(&ctx); } /* END_CASE */ + +/* BEGIN_CASE */ +void block_cipher_psa_dynamic_dispatch(int cipher_type, int pre_psa_ret, int post_psa_engine) +{ + mbedtls_block_cipher_context_t ctx; + + /* Intentionally no PSA init here! (Will be done later.) */ + + mbedtls_block_cipher_init(&ctx); + + /* Before PSA crypto init */ + TEST_EQUAL(pre_psa_ret, mbedtls_block_cipher_setup(&ctx, cipher_type)); + +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) + TEST_EQUAL(ctx.engine, MBEDTLS_BLOCK_CIPHER_ENGINE_LEGACY); +#endif + + mbedtls_block_cipher_free(&ctx); + + /* Now initilize PSA Crypto */ + BLOCK_CIPHER_PSA_INIT(); + + mbedtls_block_cipher_init(&ctx); + /* After PSA Crypto init */ + TEST_EQUAL(0, mbedtls_block_cipher_setup(&ctx, cipher_type)); +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) + TEST_EQUAL(ctx.engine, post_psa_engine); +#endif + +exit: + mbedtls_block_cipher_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_block_cipher.psa.data b/tests/suites/test_suite_block_cipher.psa.data new file mode 100644 index 0000000000..e9b48e1955 --- /dev/null +++ b/tests/suites/test_suite_block_cipher.psa.data @@ -0,0 +1,39 @@ +# These tests behave differently depending on the presence of +# drivers and/or built-in, so they're isolated here for the benefit of +# analyze_outcomes.py (driver vs reference comparison). + +AES - legacy only +depends_on:MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY:!MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA +block_cipher_psa_dynamic_dispatch:MBEDTLS_CIPHER_ID_AES:0:MBEDTLS_BLOCK_CIPHER_ENGINE_LEGACY + +AES - driver only +depends_on:!MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY:MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA +block_cipher_psa_dynamic_dispatch:MBEDTLS_CIPHER_ID_AES:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:MBEDTLS_BLOCK_CIPHER_ENGINE_PSA + +AES - legacy + driver +depends_on:MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY:MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA +block_cipher_psa_dynamic_dispatch:MBEDTLS_CIPHER_ID_AES:0:MBEDTLS_BLOCK_CIPHER_ENGINE_PSA + +ARIA - legacy only +depends_on:MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY:!MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA +block_cipher_psa_dynamic_dispatch:MBEDTLS_CIPHER_ID_ARIA:0:MBEDTLS_BLOCK_CIPHER_ENGINE_LEGACY + +ARIA - driver only +depends_on:!MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY:MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA +block_cipher_psa_dynamic_dispatch:MBEDTLS_CIPHER_ID_ARIA:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:MBEDTLS_BLOCK_CIPHER_ENGINE_PSA + +ARIA - legacy + driver +depends_on:MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY:MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA +block_cipher_psa_dynamic_dispatch:MBEDTLS_CIPHER_ID_ARIA:0:MBEDTLS_BLOCK_CIPHER_ENGINE_PSA + +Camellia - legacy only +depends_on:MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY:!MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA +block_cipher_psa_dynamic_dispatch:MBEDTLS_CIPHER_ID_CAMELLIA:0:MBEDTLS_BLOCK_CIPHER_ENGINE_LEGACY + +Camellia - driver only +depends_on:!MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY:MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA +block_cipher_psa_dynamic_dispatch:MBEDTLS_CIPHER_ID_CAMELLIA:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:MBEDTLS_BLOCK_CIPHER_ENGINE_PSA + +Camellia - legacy + driver +depends_on:MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY:MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA +block_cipher_psa_dynamic_dispatch:MBEDTLS_CIPHER_ID_CAMELLIA:0:MBEDTLS_BLOCK_CIPHER_ENGINE_PSA From 849a1abfddc06609aa888624413776da96178c47 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 13 Dec 2023 16:34:07 +0100 Subject: [PATCH 310/653] block_cipher: remove useless use of psa_cipher_operation_t Signed-off-by: Valerio Setti --- include/mbedtls/block_cipher.h | 3 +-- library/block_cipher.c | 9 +-------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/block_cipher.h b/include/mbedtls/block_cipher.h index d76d860eaa..535412a857 100644 --- a/include/mbedtls/block_cipher.h +++ b/include/mbedtls/block_cipher.h @@ -25,7 +25,7 @@ #endif #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) -#include "psa/crypto.h" +#include "psa/crypto_types.h" #endif #ifdef __cplusplus @@ -53,7 +53,6 @@ typedef struct { mbedtls_block_cipher_id_t MBEDTLS_PRIVATE(id); #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) mbedtls_block_cipher_engine_t engine; - psa_cipher_operation_t psa_operation; psa_key_type_t psa_key_type; mbedtls_svc_key_id_t psa_key_id; #endif diff --git a/library/block_cipher.c b/library/block_cipher.c index 0fd78abdbd..fb09374c83 100644 --- a/library/block_cipher.c +++ b/library/block_cipher.c @@ -12,8 +12,8 @@ #include "common.h" #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) -#include "psa_crypto_core.h" #include "psa/crypto.h" +#include "psa_crypto_core.h" #include "psa_util_internal.h" #endif @@ -53,7 +53,6 @@ void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx) { #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) if (ctx->engine == MBEDTLS_BLOCK_CIPHER_ENGINE_PSA) { - psa_cipher_abort(&ctx->psa_operation); psa_destroy_key(ctx->psa_key_id); return; } @@ -138,12 +137,6 @@ int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx, } psa_reset_key_attributes(&key_attr); - status = psa_cipher_encrypt_setup(&ctx->psa_operation, ctx->psa_key_id, - PSA_ALG_ECB_NO_PADDING); - if (status != PSA_SUCCESS) { - return mbedtls_cipher_error_from_psa(status); - } - return 0; } #endif /* MBEDTLS_BLOCK_CIPHER_SOME_PSA */ From c4831224d50c975bb16093d56da1fde3424442a5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 13 Dec 2023 16:35:33 +0100 Subject: [PATCH 311/653] all.sh: keep PSA_WANT_ALG_[GCM/CCM] enabled in test_full_block_cipher_psa_dispatch() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 85c32b0b4e..3f8ada36a2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3836,11 +3836,6 @@ component_test_full_block_cipher_psa_dispatch () { # Start from the full config helper_libtestdriver1_adjust_config "full" - # Disable CCM/GCM support in PSA as we are testing dispatching of legacy - # modules (GCM_C/CCM_C through BLOCK_CIPHER_C) to PSA. - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - # Disable CIPHER_C because we want legacy GCM_C/CCM_C to use BLOCK_CIPHER_C. scripts/config.py unset MBEDTLS_CIPHER_C From 291571b44736bcb40bec24e31e2a61ce7acc0395 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 13 Dec 2023 16:41:19 +0100 Subject: [PATCH 312/653] block_cipher: add MBEDTLS_PRIVATE to new PSA fields in mbedtls_block_cipher_context_t Signed-off-by: Valerio Setti --- include/mbedtls/block_cipher.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/block_cipher.h b/include/mbedtls/block_cipher.h index 535412a857..2286a57812 100644 --- a/include/mbedtls/block_cipher.h +++ b/include/mbedtls/block_cipher.h @@ -52,9 +52,9 @@ typedef enum { typedef struct { mbedtls_block_cipher_id_t MBEDTLS_PRIVATE(id); #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) - mbedtls_block_cipher_engine_t engine; - psa_key_type_t psa_key_type; - mbedtls_svc_key_id_t psa_key_id; + mbedtls_block_cipher_engine_t MBEDTLS_PRIVATE(engine); + psa_key_type_t MBEDTLS_PRIVATE(psa_key_type); + mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_key_id); #endif union { unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ From 785ec17795c893ecdfd7cf15bdcf6499f604c5c7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 13 Dec 2023 16:49:05 +0100 Subject: [PATCH 313/653] block_cipher: use PSA_BITS_TO_BYTES() in mbedtls_block_cipher_setkey() Signed-off-by: Valerio Setti --- library/block_cipher.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/block_cipher.c b/library/block_cipher.c index fb09374c83..6f09d9476d 100644 --- a/library/block_cipher.c +++ b/library/block_cipher.c @@ -131,7 +131,7 @@ int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx, psa_set_key_algorithm(&key_attr, PSA_ALG_ECB_NO_PADDING); psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_ENCRYPT); - status = psa_import_key(&key_attr, key, key_bitlen/8, &ctx->psa_key_id); + status = psa_import_key(&key_attr, key, PSA_BITS_TO_BYTES(key_bitlen), &ctx->psa_key_id); if (status != PSA_SUCCESS) { return mbedtls_cipher_error_from_psa(status); } From 2684e3f2e380a0b6d1a5953fcf5eb20979d6d465 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 13 Dec 2023 16:53:02 +0100 Subject: [PATCH 314/653] config_adjust_legacy_crypto: fix typo Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 5842d2a543..5df3ebaf5a 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -169,7 +169,7 @@ * - PSA is enabled and drivers have been initialized * - desired key type is supported on the PSA side * If the above conditions are not met, but the legacy support is enabled, then - * BLOCK_CIPHER will dinamically fallback to it. + * BLOCK_CIPHER will dynamically fallback to it. */ #if defined(MBEDTLS_BLOCK_CIPHER_C) From ac7df142e8a251146fd7f6eb10add7eadfaa39d2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 13 Dec 2023 17:40:21 +0100 Subject: [PATCH 315/653] test_suite_block_cipher: fix unused variable when !MBEDTLS_BLOCK_CIPHER_SOME_PSA Signed-off-by: Valerio Setti --- tests/suites/test_suite_block_cipher.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_block_cipher.function b/tests/suites/test_suite_block_cipher.function index 2b166ba50a..3350b0f26b 100644 --- a/tests/suites/test_suite_block_cipher.function +++ b/tests/suites/test_suite_block_cipher.function @@ -97,6 +97,7 @@ exit: void block_cipher_psa_dynamic_dispatch(int cipher_type, int pre_psa_ret, int post_psa_engine) { mbedtls_block_cipher_context_t ctx; + (void) post_psa_engine; /* Intentionally no PSA init here! (Will be done later.) */ From 4a5d57d2255d2b0d862cb006b6743fdb894f62b2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 14 Dec 2023 09:34:15 +0100 Subject: [PATCH 316/653] adjust_legacy_crypto: enable BLOCK_CIPHER also when a driver is available As a consequence BLOCK_CIPHER will be enabled when: - CIPHER_C is not defined - a proper driver is present for one of AES, ARIA and/or Camellia key types Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 35 ++++++++++++------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 5df3ebaf5a..a926550bed 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -22,13 +22,6 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H -/* GCM_C and CCM_C can either depend on (in order of preference) CIPHER_C or - * BLOCK_CIPHER_C. If the former is not defined, auto-enable the latter. */ -#if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \ - !defined(MBEDTLS_CIPHER_C) -#define MBEDTLS_BLOCK_CIPHER_C -#endif - /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. */ @@ -170,9 +163,16 @@ * - desired key type is supported on the PSA side * If the above conditions are not met, but the legacy support is enabled, then * BLOCK_CIPHER will dynamically fallback to it. + * + * In case BLOCK_CIPHER is defined (see below) the following symbols/helpers + * can be used to define its capabilities: + * - MBEDTLS_BLOCK_CIPHER_SOME_PSA: there is at least 1 key type between AES, + * ARIA and Camellia which is supported through a driver; + * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_PSA: xxx key type is supported through a + * driver; + * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_LEGACY: xxx key type is supported through + * a legacy module (i.e. MBEDTLS_xxx_C) */ -#if defined(MBEDTLS_BLOCK_CIPHER_C) - #if defined(MBEDTLS_PSA_CRYPTO_C) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA @@ -198,10 +198,8 @@ #define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY #endif -#endif /* MBEDTLS_BLOCK_CIPHER_C */ - -/* Generic helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or - * Camellia block ciphers via either PSA or legacy. */ +/* Helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or Camellia + * block ciphers via either PSA or legacy. */ #if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) || \ defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY) #define MBEDTLS_BLOCK_CIPHER_CAN_AES @@ -215,6 +213,17 @@ #define MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA #endif +/* GCM_C and CCM_C can either depend on (in order of preference) BLOCK_CIPHER_C + * or CIPHER_C. The former is auto-enabled when: + * - CIPHER_C is not defined, which is also the legacy solution; + * - BLOCK_CIPHER_SOME_PSA because in this case BLOCK_CIPHER can take advantage + * of the driver's acceleration. + */ +#if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \ + (!defined(MBEDTLS_CIPHER_C) || defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)) +#define MBEDTLS_BLOCK_CIPHER_C +#endif + /* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols: * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for From bd7528a5920740722b9ab2cb830b45adf21aabfe Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 14 Dec 2023 09:36:03 +0100 Subject: [PATCH 317/653] ccm/gcm: use BLOCK_CIPHER whenever possible Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled. Signed-off-by: Valerio Setti --- include/mbedtls/ccm.h | 8 +++--- include/mbedtls/gcm.h | 8 +++--- library/ccm.c | 66 +++++++++++++++++++++---------------------- library/gcm.c | 50 ++++++++++++++++---------------- 4 files changed, 66 insertions(+), 66 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 8bf8c32387..018db64b66 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -40,7 +40,7 @@ #include "mbedtls/cipher.h" -#if !defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) #include "mbedtls/block_cipher.h" #endif @@ -84,10 +84,10 @@ typedef struct mbedtls_ccm_context { #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or #MBEDTLS_CCM_STAR_DECRYPT. */ -#if defined(MBEDTLS_CIPHER_C) - mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */ +#else + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ #endif int MBEDTLS_PRIVATE(state); /*!< Working value holding context's state. Used for chunked data input */ diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 3925f68271..631b392fd4 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -24,7 +24,7 @@ #include "mbedtls/cipher.h" -#if !defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) #include "mbedtls/block_cipher.h" #endif @@ -50,10 +50,10 @@ extern "C" { * \brief The GCM context structure. */ typedef struct mbedtls_gcm_context { -#if defined(MBEDTLS_CIPHER_C) - mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */ +#else + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ #endif uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */ uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */ diff --git a/library/ccm.c b/library/ccm.c index 6700dc743d..392ceb84bf 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -23,7 +23,7 @@ #include "mbedtls/error.h" #include "mbedtls/constant_time.h" -#if !defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) #include "block_cipher_internal.h" #endif @@ -56,7 +56,17 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) + mbedtls_block_cipher_free(&ctx->block_cipher_ctx); + + if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } + + if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } +#else const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, @@ -79,16 +89,6 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, MBEDTLS_ENCRYPT)) != 0) { return ret; } -#else - mbedtls_block_cipher_free(&ctx->block_cipher_ctx); - - if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { - return MBEDTLS_ERR_CCM_BAD_INPUT; - } - - if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { - return MBEDTLS_ERR_CCM_BAD_INPUT; - } #endif return 0; @@ -102,10 +102,10 @@ void mbedtls_ccm_free(mbedtls_ccm_context *ctx) if (ctx == NULL) { return; } -#if defined(MBEDTLS_CIPHER_C) - mbedtls_cipher_free(&ctx->cipher_ctx); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) mbedtls_block_cipher_free(&ctx->block_cipher_ctx); +#else + mbedtls_cipher_free(&ctx->cipher_ctx); #endif mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context)); } @@ -128,11 +128,11 @@ static int mbedtls_ccm_crypt(mbedtls_ccm_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char tmp_buf[16] = { 0 }; -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf); +#else size_t olen = 0; ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, &olen); -#else - ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf); #endif if (ret != 0) { ctx->state |= CCM_STATE__ERROR; @@ -158,7 +158,7 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; size_t len_left; -#if defined(MBEDTLS_CIPHER_C) +#if !defined(MBEDTLS_BLOCK_CIPHER_C) size_t olen; #endif @@ -206,10 +206,10 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx) } /* Start CBC-MAC with first block*/ -#if defined(MBEDTLS_CIPHER_C) - ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#else + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); #endif if (ret != 0) { ctx->state |= CCM_STATE__ERROR; @@ -292,7 +292,7 @@ int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t use_len, offset; -#if defined(MBEDTLS_CIPHER_C) +#if !defined(MBEDTLS_BLOCK_CIPHER_C) size_t olen; #endif @@ -334,10 +334,10 @@ int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx, add += use_len; if (use_len + offset == 16 || ctx->processed == ctx->add_len) { -#if defined(MBEDTLS_CIPHER_C) - ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#else + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); #endif if (ret != 0) { ctx->state |= CCM_STATE__ERROR; @@ -363,7 +363,7 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; size_t use_len, offset; -#if defined(MBEDTLS_CIPHER_C) +#if !defined(MBEDTLS_BLOCK_CIPHER_C) size_t olen; #endif @@ -403,10 +403,10 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx, mbedtls_xor(ctx->y + offset, ctx->y + offset, input, use_len); if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) { -#if defined(MBEDTLS_CIPHER_C) - ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#else + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); #endif if (ret != 0) { ctx->state |= CCM_STATE__ERROR; @@ -438,10 +438,10 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx, memcpy(output, local_output, use_len); if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) { -#if defined(MBEDTLS_CIPHER_C) - ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#else + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); #endif if (ret != 0) { ctx->state |= CCM_STATE__ERROR; diff --git a/library/gcm.c b/library/gcm.c index 8181ec88aa..ac6b945305 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -25,7 +25,7 @@ #include "mbedtls/error.h" #include "mbedtls/constant_time.h" -#if !defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) #include "block_cipher_internal.h" #endif @@ -66,11 +66,11 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx) memset(h, 0, 16); -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h); +#else size_t olen = 0; ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen); -#else - ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h); #endif if (ret != 0) { return ret; @@ -139,7 +139,17 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, return MBEDTLS_ERR_GCM_BAD_INPUT; } -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) + mbedtls_block_cipher_free(&ctx->block_cipher_ctx); + + if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { + return ret; + } + + if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { + return ret; + } +#else const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, @@ -162,16 +172,6 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, MBEDTLS_ENCRYPT)) != 0) { return ret; } -#else - mbedtls_block_cipher_free(&ctx->block_cipher_ctx); - - if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { - return ret; - } - - if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { - return ret; - } #endif if ((ret = gcm_gen_table(ctx)) != 0) { @@ -277,7 +277,7 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, const unsigned char *p; size_t use_len; uint64_t iv_bits; -#if defined(MBEDTLS_CIPHER_C) +#if !defined(MBEDTLS_BLOCK_CIPHER_C) size_t olen = 0; #endif @@ -320,10 +320,10 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, } -#if defined(MBEDTLS_CIPHER_C) - ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->base_ectr); +#else + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen); #endif if (ret != 0) { return ret; @@ -419,11 +419,11 @@ static int gcm_mask(mbedtls_gcm_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr); +#else size_t olen = 0; ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, &olen); -#else - ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr); #endif if (ret != 0) { mbedtls_platform_zeroize(ectr, 16); @@ -649,10 +649,10 @@ void mbedtls_gcm_free(mbedtls_gcm_context *ctx) if (ctx == NULL) { return; } -#if defined(MBEDTLS_CIPHER_C) - mbedtls_cipher_free(&ctx->cipher_ctx); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) mbedtls_block_cipher_free(&ctx->block_cipher_ctx); +#else + mbedtls_cipher_free(&ctx->cipher_ctx); #endif mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context)); } From efdb8261b9649e116113f57a9e77750a89608653 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 14 Dec 2023 09:36:54 +0100 Subject: [PATCH 318/653] all.sh: keep CIPHER_C enabled in test_full_block_cipher_psa_dispatch() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3f8ada36a2..464113c243 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3836,27 +3836,6 @@ component_test_full_block_cipher_psa_dispatch () { # Start from the full config helper_libtestdriver1_adjust_config "full" - # Disable CIPHER_C because we want legacy GCM_C/CCM_C to use BLOCK_CIPHER_C. - scripts/config.py unset MBEDTLS_CIPHER_C - - # Disable unauthenticated ciphers which are not accelerated in this - # test component because their builtin support depends on CIPHER_C. - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_XTS - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER - - # Disable remaining direct dependencies on CIPHER_C. - scripts/config.py unset MBEDTLS_PKCS5_C - scripts/config.py unset MBEDTLS_PKCS12_C - scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py unset MBEDTLS_CMAC_C - # Build # ----- @@ -3864,9 +3843,6 @@ component_test_full_block_cipher_psa_dispatch () { helper_libtestdriver1_make_main "$loc_accel_list" - # Make sure cipher was not re-enabled by accident (additive config) - not grep mbedtls_cipher library/cipher.o - # Run the tests # ------------- From 52ab8fa565d324e788d8053881d1b0e5171b616a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 14 Dec 2023 18:04:04 +0100 Subject: [PATCH 319/653] analyze_outcomes/all.sh: add reference component and entry for coverage comparison Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 13 +++++++++++++ tests/scripts/analyze_outcomes.py | 17 +++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 464113c243..a8c11003a2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1159,6 +1159,19 @@ component_test_default_cmake_gcc_asan_new_bignum () { tests/context-info.sh } +# This is a common component testing the full config. Its purpose is to be used +# as the "reference" for driver's acceleration tests below when possible (this +# not always the case because some reference test require extra configuration +# in addition to the default one) +component_test_full_common_reference () { + msg "build: full config (common reference)" + helper_libtestdriver1_adjust_config "full" + make + + msg "test: full config (common reference)" + make test +} + component_test_full_cmake_gcc_asan () { msg "build: full config, cmake, gcc, ASan" scripts/config.py full diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index d3ea8c0e1a..cb0f3655ff 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -533,6 +533,23 @@ KNOWN_TASKS = { ], } } + }, + 'analyze_block_cipher_dispatch': { + 'test_function': do_analyze_driver_vs_reference, + 'args': { + 'component_ref': 'test_full_common_reference', + 'component_driver': 'test_full_block_cipher_psa_dispatch', + 'ignored_suites': [ + ], + 'ignored_tests': { + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], + } + } } } From 17127e9f397fc58884883130328a458ddf824f93 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 14 Dec 2023 16:42:48 +0000 Subject: [PATCH 320/653] Use clang as default compiler for Asan Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 118 ++++++++++++++++++++++--------------------- 1 file changed, 60 insertions(+), 58 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6a83319540..7c7cce3c04 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -196,6 +196,8 @@ pre_initialize_variables () { # CFLAGS and LDFLAGS for Asan builds that don't use CMake # default to -O2, use -Ox _after_ this if you want another level ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + # Normally, tests should use this compiler for ASAN testing + ASAN_CC=clang # Platform tests have an allocation that returns null export ASAN_OPTIONS="allocator_may_return_null=1" @@ -928,7 +930,7 @@ helper_get_psa_key_type_list() { # Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed. helper_libtestdriver1_make_drivers() { loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" } # Build the main libraries, programs and tests, @@ -946,7 +948,7 @@ helper_libtestdriver1_make_main() { # we need flags both with and without the LIBTESTDRIVER1_ prefix loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" } ################################################################ @@ -1274,14 +1276,14 @@ component_test_ref_configs () { # whether they're on or off. So, disable cmake's (over-sensitive here) # dependency resolution for generated files and just rely on them being # present (thanks to pre_generate_files) by turning GEN_FILES off. - CC=gcc cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan . tests/scripts/test-ref-configs.pl } component_test_no_renegotiation () { msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s @@ -1297,7 +1299,7 @@ component_test_no_pem_no_fs () { scripts/config.py unset MBEDTLS_FS_IO scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s @@ -1310,7 +1312,7 @@ component_test_no_pem_no_fs () { component_test_rsa_no_crt () { msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min scripts/config.py set MBEDTLS_RSA_NO_CRT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s @@ -1333,7 +1335,7 @@ component_test_no_ctr_drbg_classic () { scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: Full minus CTR_DRBG, classic crypto - main suites" @@ -1355,7 +1357,7 @@ component_test_no_ctr_drbg_use_psa () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" @@ -1379,7 +1381,7 @@ component_test_no_hmac_drbg_classic () { scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: Full minus HMAC_DRBG, classic crypto - main suites" @@ -1406,7 +1408,7 @@ component_test_no_hmac_drbg_use_psa () { scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" @@ -1441,7 +1443,7 @@ component_test_psa_external_rng_no_drbg_classic () { # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, # the SSL test programs don't have an RNG and can't work. Explicitly # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. - make CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites" make test @@ -1460,7 +1462,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" make test @@ -1475,7 +1477,7 @@ component_test_psa_external_rng_use_psa_crypto () { scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_CTR_DRBG_C - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" make test @@ -1493,7 +1495,7 @@ component_test_psa_inject_entropy () { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE - make CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY" make test @@ -1527,7 +1529,7 @@ component_test_crypto_full_md_light_only () { # Note: MD-light is auto-enabled in build_info.h by modules that need it, # which we haven't disabled, so no need to explicitly enable it. - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" # Make sure we don't have the HMAC functions, but the hashing functions not grep mbedtls_md_hmac library/md.o @@ -1954,7 +1956,7 @@ component_test_everest_curve25519_only () { scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: Everest ECDH context, only Curve25519" # ~ 50s make test @@ -1964,7 +1966,7 @@ component_test_small_ssl_out_content_len () { msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" @@ -1975,7 +1977,7 @@ component_test_small_ssl_in_content_len () { msg "build: small SSL_IN_CONTENT_LEN (ASan build)" scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" @@ -1985,7 +1987,7 @@ component_test_small_ssl_in_content_len () { component_test_small_ssl_dtls_max_buffering () { msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" @@ -1995,7 +1997,7 @@ component_test_small_ssl_dtls_max_buffering () { component_test_small_mbedtls_ssl_dtls_max_buffering () { msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" @@ -2430,7 +2432,7 @@ component_test_no_use_psa_crypto_full_cmake_asan() { scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" @@ -3251,7 +3253,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { common_tfm_config # Build crypto library - make CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o @@ -3354,7 +3356,7 @@ build_and_test_psa_want_key_pair_partial() { # crypto_config.h so we just disable the one we don't want. scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want" - make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}" make test @@ -3831,7 +3833,7 @@ component_test_aead_chachapoly_disabled() { scripts/config.py full scripts/config.py unset MBEDTLS_CHACHAPOLY_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 - make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY" make test @@ -3844,7 +3846,7 @@ component_test_aead_only_ccm() { scripts/config.py unset MBEDTLS_GCM_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM - make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY and GCM" make test @@ -3875,7 +3877,7 @@ component_build_psa_accel_alg_ecdh() { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. @@ -3885,7 +3887,7 @@ component_build_psa_accel_alg_hmac() { scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. @@ -3898,7 +3900,7 @@ component_build_psa_accel_alg_hkdf() { # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. @@ -3917,7 +3919,7 @@ component_build_psa_accel_alg_md5() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. @@ -3936,7 +3938,7 @@ component_build_psa_accel_alg_ripemd160() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. @@ -3955,7 +3957,7 @@ component_build_psa_accel_alg_sha1() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. @@ -3971,7 +3973,7 @@ component_build_psa_accel_alg_sha224() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. @@ -3987,7 +3989,7 @@ component_build_psa_accel_alg_sha256() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. @@ -4005,7 +4007,7 @@ component_build_psa_accel_alg_sha384() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. @@ -4024,7 +4026,7 @@ component_build_psa_accel_alg_sha512() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4038,7 +4040,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4052,7 +4054,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4066,7 +4068,7 @@ component_build_psa_accel_alg_rsa_oaep() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4080,7 +4082,7 @@ component_build_psa_accel_alg_rsa_pss() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4095,7 +4097,7 @@ component_build_psa_accel_key_type_rsa_key_pair() { scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4107,7 +4109,7 @@ component_build_psa_accel_key_type_rsa_public_key() { scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } @@ -4346,7 +4348,7 @@ component_test_no_max_fragment_length () { # Run max fragment length tests with MFL disabled msg "build: default config except MFL extension (ASan build)" # ~ 30s scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: ssl-opt.sh, MFL-related tests" @@ -4356,7 +4358,7 @@ component_test_no_max_fragment_length () { component_test_asan_remove_peer_certificate () { msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)" scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" @@ -4377,7 +4379,7 @@ component_test_no_max_fragment_length_small_ssl_out_content_len () { scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: MFL tests (disabled MFL extension case) & large packet tests" @@ -4390,7 +4392,7 @@ component_test_no_max_fragment_length_small_ssl_out_content_len () { component_test_variable_ssl_in_out_buffer_len () { msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)" scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" @@ -4407,7 +4409,7 @@ component_test_dtls_cid_legacy () { msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)" scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)" @@ -4466,7 +4468,7 @@ component_test_platform_calloc_macro () { scripts/config.py set MBEDTLS_PLATFORM_MEMORY scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" @@ -4476,7 +4478,7 @@ component_test_platform_calloc_macro () { component_test_malloc_0_null () { msg "build: malloc(0) returns NULL (ASan+UBSan build)" scripts/config.py full - make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: malloc(0) returns NULL (ASan+UBSan build)" make test @@ -4800,7 +4802,7 @@ component_build_aes_via_padlock () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" grep -q mbedtls_padlock_has_support ./programs/test/selftest } @@ -5039,7 +5041,7 @@ component_test_ctr_drbg_aes_256_sha_256 () { scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" @@ -5051,7 +5053,7 @@ component_test_ctr_drbg_aes_128_sha_512 () { scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" @@ -5064,7 +5066,7 @@ component_test_ctr_drbg_aes_128_sha_256 () { scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" @@ -5088,7 +5090,7 @@ component_test_psa_crypto_drivers () { loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" loc_cflags="${loc_cflags} -I../tests/include -O2" - make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" msg "test: full + test drivers dispatching to builtins" make test @@ -5238,7 +5240,7 @@ component_test_m32_no_asm () { make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, make, gcc, no asm (ASan build)" - make test + #make test } support_test_m32_no_asm () { case $(uname -m) in @@ -5269,7 +5271,7 @@ component_test_m32_everest () { msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s make test @@ -5303,7 +5305,7 @@ support_test_mx32 () { component_test_min_mpi_window_size () { msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s @@ -5688,7 +5690,7 @@ component_test_tls13 () { scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 scripts/config.py set MBEDTLS_SSL_EARLY_DATA - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" make test @@ -5702,7 +5704,7 @@ component_test_tls13_no_compatibility_mode () { scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 scripts/config.py set MBEDTLS_SSL_EARLY_DATA - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" make test From 815b240d72f593bdadfd190098178121bd386698 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 14 Dec 2023 20:51:21 +0000 Subject: [PATCH 321/653] Fix unused function/variable warnings from clang Signed-off-by: Dave Rodgman --- library/ecp.c | 18 ++++-------------- .../suites/test_suite_psa_crypto_pake.function | 2 ++ 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index b6ea070a62..ee86cbc6e7 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1074,13 +1074,7 @@ cleanup: MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P)); \ } while (0) -#if (defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ - !(defined(MBEDTLS_ECP_NO_FALLBACK) && \ - defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \ - defined(MBEDTLS_ECP_ADD_MIXED_ALT))) || \ - (defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \ - !(defined(MBEDTLS_ECP_NO_FALLBACK) && \ - defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT))) +MBEDTLS_MAYBE_UNUSED static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp, mbedtls_mpi *X, const mbedtls_mpi *A, @@ -1092,7 +1086,6 @@ static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp, cleanup: return ret; } -#endif /* All functions referencing mbedtls_mpi_sub_mod() are alt-implemented without fallback */ /* * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int. @@ -1115,6 +1108,7 @@ cleanup: return ret; } +MBEDTLS_MAYBE_UNUSED static inline int mbedtls_mpi_mul_int_mod(const mbedtls_ecp_group *grp, mbedtls_mpi *X, const mbedtls_mpi *A, @@ -1128,6 +1122,7 @@ cleanup: return ret; } +MBEDTLS_MAYBE_UNUSED static inline int mbedtls_mpi_sub_int_mod(const mbedtls_ecp_group *grp, mbedtls_mpi *X, const mbedtls_mpi *A, @@ -1144,10 +1139,7 @@ cleanup: #define MPI_ECP_SUB_INT(X, A, c) \ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int_mod(grp, X, A, c)) -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ - !(defined(MBEDTLS_ECP_NO_FALLBACK) && \ - defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \ - defined(MBEDTLS_ECP_ADD_MIXED_ALT)) +MBEDTLS_MAYBE_UNUSED static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp, mbedtls_mpi *X, size_t count) @@ -1158,8 +1150,6 @@ static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp, cleanup: return ret; } -#endif \ - /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */ /* * Macro wrappers around ECP modular arithmetic diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 96c119592d..ecff8bc4ab 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -59,9 +59,11 @@ typedef enum { PAKE_ROUND_TWO } pake_round_t; +#if defined(PSA_WANT_ALG_JPAKE) /* The only two JPAKE user/peer identifiers supported for the time being. */ static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; +#endif /* * Inject an error on the specified buffer ONLY it this is the correct stage. From b90f87b9a877faed1424e07db70dacac204c8496 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 14 Dec 2023 23:27:33 +0000 Subject: [PATCH 322/653] Use gcc for -m32 Asan builds There seem to be known issues with clang for this target. Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c7cce3c04..553ba1d1c0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4802,7 +4802,7 @@ component_build_aes_via_padlock () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" grep -q mbedtls_padlock_has_support ./programs/test/selftest } @@ -5271,7 +5271,7 @@ component_test_m32_everest () { msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s make test From c1f0f5b8af1f0faee44c9cfa1ac2a4fd5ba0cd6f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 14 Dec 2023 23:34:48 +0000 Subject: [PATCH 323/653] Fix a typo Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_pake.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index ecff8bc4ab..fed2c412f2 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -44,7 +44,7 @@ typedef enum { ERR_INJECT_EXTRA_INPUT, ERR_INJECT_EXTRA_OUTPUT_AT_END, ERR_INJECT_EXTRA_INPUT_AT_END, - /* erros issued from the .data file */ + /* errors issued from the .data file */ ERR_IN_SETUP, ERR_IN_SET_USER, ERR_IN_SET_PEER, From a2cf240fff6787239891ce21223ad7f8dcfdfbcc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 15 Dec 2023 11:04:13 +0000 Subject: [PATCH 324/653] Add explanatory comment Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 553ba1d1c0..460fb33dfd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5232,6 +5232,9 @@ component_build_psa_alt_headers () { component_test_m32_no_asm () { # Build without assembly, so as to use portable C code (in a 32-bit # build) and not the i386-specific inline assembly. + # + # Note that we require gcc, because clang Asan builds fail to link for + # this target (cannot find libclang_rt.lsan-i386.a - this is a known clang issue). msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_HAVE_ASM From d5635e95e2e79a1c45a7a676db395cfabe304ac0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 15 Dec 2023 11:04:34 +0000 Subject: [PATCH 325/653] Undo accidental change Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 460fb33dfd..b37e3ee821 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5243,7 +5243,7 @@ component_test_m32_no_asm () { make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, make, gcc, no asm (ASan build)" - #make test + make test } support_test_m32_no_asm () { case $(uname -m) in From c1c6e0d906664103438fe96e7fc09c4f7a5e6d70 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 15 Dec 2023 12:26:38 +0000 Subject: [PATCH 326/653] Justify linearization points Signed-off-by: Ryan Everett --- .../psa-thread-safety/psa-thread-safety.md | 27 +++++++++++++++---- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/docs/architecture/psa-thread-safety/psa-thread-safety.md b/docs/architecture/psa-thread-safety/psa-thread-safety.md index 4b122c838f..70b1341c23 100644 --- a/docs/architecture/psa-thread-safety/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety/psa-thread-safety.md @@ -283,8 +283,8 @@ Note that a thread must hold the global mutex when it reads or changes a slot's For concurrency purposes, a slot can be in one of four states: -* EMPTY: no thread is currently accessing the slot, and no information is stored in the slot. -* FILLING: one thread is currently loading or creating material to fill the slot, this thread is responsible for the next state transition. +* EMPTY: no thread is currently accessing the slot, and no information is stored in the slot. Any thread is able to change the slot's state to FILLING and begin loading data. +* FILLING: one thread is currently loading or creating material to fill the slot, this thread is responsible for the next state transition. Other threads cannot read the contents of a slot which is in FILLING. * FULL: the slot contains a key, and any thread is able to use the key after registering as a reader. * PENDING_DELETION: the key within the slot has been destroyed or marked for destruction, but at least one thread is still registered as a reader. No thread can register to read this slot. The slot must not be wiped until the last reader de-registers, wiping the slot by calling `psa_wipe_key_slot`. @@ -292,15 +292,32 @@ To change `slot` to state `new_state`, a function must call `psa_slot_state_tran A counter field within each slot keeps track of how many readers have registered. Library functions must call `psa_register_read` before reading the key data witin a slot, and `psa_unregister_read` after they have finished operating. -Any call to `psa_slot_state_transition`, `psa_register_read` or `psa_unregister_read` must be performed by a function which holds the global mutex. +Any call to `psa_slot_state_transition`, `psa_register_read` or `psa_unregister_read` must be performed by a thread which holds the global mutex. + +##### Linearizability of the system + +To satisfy the requirements in [Correctness out of the box](#correctness-out-of-the-box), we require our functions to be "linearizable" (under certain constraints). This means that any (constraint satisfying) set of concurrent calls are performed as if they were executed in some sequential order. + +The standard way of reasoning that this is the case is to identify a "linearization point" for each call, this is a single execution step where the function takes effect (this is usually a step in which the effects of the call become visible to other threads). If every call has a linearization point, the set of calls is equivalent to sequentially performing the calls in order of when their linearization point occured. + +We only access and modify a slot's state and reader count while we hold the global lock. This ensures the memory in which these fields are stored is correctly synchronized. It also ensures that the key data within the slot is synchronised where needed (the writer unlocks the mutex after filling the data, and any reader must lock the mutex before reading the data). + +To help justify that our system is linearizable, here is a list of key slot state changing functions and their linearization points (for the sake of brevity not all failure cases are covered, but those cases are not complex): +* `psa_wipe_key_slot, psa_register_read, psa_unregister_read, psa_slot_state_transition,` - These functions are all always performed under the global mutex, so they have no effects visible to other threads (this implies that they are linearizable). +* `psa_get_empty_key_slot, psa_get_and_lock_key_slot_in_memory, psa_load_X_key_into_slot, psa_fail_key_creation` - These functions hold the mutex for all non-setup/finalizing code, their linearization points are the release of the mutex. +* `psa_get_and_lock_key_slot` - If the key is already in a slot, the linearization point is the linearization point of the call to `psa_get_and_lock_key_slot_in_memory`. If the key is not in a slot and is loaded into one, the linearization point is the linearization point of the call to `psa_load_X_key_into_slot`. +* `psa_finish_key_creation` - On a successful load, we lock the mutex and set the state of the slot to FULL, the linearization point is then the following unlock. On an unsuccessful load, the linearization point is when we return - no action we have performed has been made visible to another thread as the slot is still in a FILLING state. +* `psa_destroy_key, psa_close_key, psa_purge_key` - As per the requirements, we need only argue for the case where the key is not in use here. The linearization point is the unlock after wiping the data and setting the slot state to EMPTY. Library functions which operate on a slot will return `PSA_ERROR_BAD_STATE` if the slot is in an inappropriate state for the function at the linearization point. +##### Key slot state transition diagram + ![](key-slot-state-transitions.png) -In the state transition diagram above, an arrow between two states `q1` and `q2` with label `f` indicates that if the state of a slot is `q1` immediately before `f`'s linearization point, it may be `q2` immediately after `f`'s linearization point. The linearization point of a state changing call to a function must be a call to `psa_slot_state_transition`. (A function which: locks the global mutex, performs some operation, calls `psa_slot_state_transition` and then unlocks the global mutex, cleans up and returns can satisfy this requirement). +In the state transition diagram above, an arrow between two states `q1` and `q2` with label `f` indicates that if the state of a slot is `q1` immediately before `f`'s linearization point, it may be `q2` immediately after `f`'s linearization point. -#### Generating the state transition diagram from source +##### Generating the key slot state transition diagram from source To generate the state transition diagram in https://app.diagrams.net/, open the following url: From abd8977cc15a460213afc72a02aeca778c3f2bfd Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 15 Dec 2023 12:28:38 +0000 Subject: [PATCH 327/653] Make check_files ignore png files in docs Signed-off-by: Ryan Everett --- tests/scripts/check_files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index a2a9dfa8d0..a93b8256f0 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -105,6 +105,7 @@ class FileIssueTracker: BINARY_FILE_PATH_RE_LIST = [ r'docs/.*\.pdf\Z', + r'docs/.*\.png\Z', r'programs/fuzz/corpuses/[^.]+\Z', r'tests/data_files/[^.]+\Z', r'tests/data_files/.*\.(crt|csr|db|der|key|pubkey)\Z', From 4ff405cf809cae9f58a8ff12ca95261a753dc8b9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 15 Dec 2023 16:10:52 +0100 Subject: [PATCH 328/653] block_cipher: remove psa_key_type from mbedtls_block_cipher_context_t This information was redundant with the already existing mbedtls_block_cipher_id_t. Signed-off-by: Valerio Setti --- include/mbedtls/block_cipher.h | 1 - library/block_cipher.c | 37 +++++++++++++++++----------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/block_cipher.h b/include/mbedtls/block_cipher.h index 2286a57812..3f60f6f7dd 100644 --- a/include/mbedtls/block_cipher.h +++ b/include/mbedtls/block_cipher.h @@ -53,7 +53,6 @@ typedef struct { mbedtls_block_cipher_id_t MBEDTLS_PRIVATE(id); #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) mbedtls_block_cipher_engine_t MBEDTLS_PRIVATE(engine); - psa_key_type_t MBEDTLS_PRIVATE(psa_key_type); mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_key_id); #endif union { diff --git a/library/block_cipher.c b/library/block_cipher.c index 6f09d9476d..bfb605ec49 100644 --- a/library/block_cipher.c +++ b/library/block_cipher.c @@ -22,19 +22,19 @@ #if defined(MBEDTLS_BLOCK_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) -static psa_key_type_t psa_key_type_from_cipher_id(mbedtls_cipher_id_t cipher_id) +static psa_key_type_t psa_key_type_from_block_cipher_id(mbedtls_block_cipher_id_t cipher_id) { switch (cipher_id) { #if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) - case MBEDTLS_CIPHER_ID_AES: + case MBEDTLS_BLOCK_CIPHER_ID_AES: return PSA_KEY_TYPE_AES; #endif #if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) - case MBEDTLS_CIPHER_ID_ARIA: + case MBEDTLS_BLOCK_CIPHER_ID_ARIA: return PSA_KEY_TYPE_ARIA; #endif #if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) - case MBEDTLS_CIPHER_ID_CAMELLIA: + case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA: return PSA_KEY_TYPE_CAMELLIA; #endif default: @@ -82,37 +82,38 @@ void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx) int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx, mbedtls_cipher_id_t cipher_id) { + ctx->id = (cipher_id == MBEDTLS_CIPHER_ID_AES) ? MBEDTLS_BLOCK_CIPHER_ID_AES : + (cipher_id == MBEDTLS_CIPHER_ID_ARIA) ? MBEDTLS_BLOCK_CIPHER_ID_ARIA : + (cipher_id == MBEDTLS_CIPHER_ID_CAMELLIA) ? MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA : + MBEDTLS_BLOCK_CIPHER_ID_NONE; + #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) - if (psa_can_do_cipher(cipher_id)) { - ctx->psa_key_type = psa_key_type_from_cipher_id(cipher_id); - if (ctx->psa_key_type != PSA_KEY_TYPE_NONE) { - ctx->engine = MBEDTLS_BLOCK_CIPHER_ENGINE_PSA; - return 0; - } + if (psa_can_do_cipher(cipher_id) && + (psa_key_type_from_block_cipher_id(ctx->id) != PSA_KEY_TYPE_NONE)) { + ctx->engine = MBEDTLS_BLOCK_CIPHER_ENGINE_PSA; + return 0; } ctx->engine = MBEDTLS_BLOCK_CIPHER_ENGINE_LEGACY; #endif - switch (cipher_id) { + switch (ctx->id) { #if defined(MBEDTLS_AES_C) - case MBEDTLS_CIPHER_ID_AES: - ctx->id = MBEDTLS_BLOCK_CIPHER_ID_AES; + case MBEDTLS_BLOCK_CIPHER_ID_AES: mbedtls_aes_init(&ctx->ctx.aes); return 0; #endif #if defined(MBEDTLS_ARIA_C) - case MBEDTLS_CIPHER_ID_ARIA: - ctx->id = MBEDTLS_BLOCK_CIPHER_ID_ARIA; + case MBEDTLS_BLOCK_CIPHER_ID_ARIA: mbedtls_aria_init(&ctx->ctx.aria); return 0; #endif #if defined(MBEDTLS_CAMELLIA_C) - case MBEDTLS_CIPHER_ID_CAMELLIA: - ctx->id = MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA; + case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA: mbedtls_camellia_init(&ctx->ctx.camellia); return 0; #endif default: + ctx->id = MBEDTLS_BLOCK_CIPHER_ID_NONE; return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } } @@ -126,7 +127,7 @@ int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx, psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; - psa_set_key_type(&key_attr, ctx->psa_key_type); + psa_set_key_type(&key_attr, psa_key_type_from_block_cipher_id(ctx->id)); psa_set_key_bits(&key_attr, key_bitlen); psa_set_key_algorithm(&key_attr, PSA_ALG_ECB_NO_PADDING); psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_ENCRYPT); From 89dd5c0654f6ed0c44d893b807ca2df14bf42d00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 15 Dec 2023 17:05:15 +0100 Subject: [PATCH 329/653] Document release components in all.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 10a76ec182..e68ad2016c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -74,6 +74,7 @@ # * component_check_XXX: quick tests that aren't worth parallelizing. # * component_build_XXX: build things but don't run them. # * component_test_XXX: build and test. +# * component_release_XXX: tests that the CI should skip during PR testing. # * support_XXX: if support_XXX exists and returns false then # component_XXX is not run by default. # * post_XXX: things to do after running the tests. From 71c71eb91cb066c802c668a5b79297cd5af51d9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 15 Dec 2023 19:20:31 +0100 Subject: [PATCH 330/653] all.sh: Parse arguments before checking if a test is supported MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Support for each test was checked before the command line had been parsed, causing the support_ functions to ignore arguments that set a tool's location. Signed-off-by: Bence Szépkúti --- tests/scripts/all.sh | 46 ++++++++++++++++++++------------------------ 1 file changed, 21 insertions(+), 25 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 10a76ec182..beeff05d22 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -205,15 +205,8 @@ pre_initialize_variables () { # defined in this script whose name starts with "component_". ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//') - # Exclude components that are not supported on this platform. - SUPPORTED_COMPONENTS= - for component in $ALL_COMPONENTS; do - case $(type "support_$component" 2>&1) in - *' function'*) - if ! support_$component; then continue; fi;; - esac - SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" - done + # Delay determinig SUPPORTED_COMPONENTS until the command line options have a chance to override + # the commands set by the environment } # Test whether the component $1 is included in the command line patterns. @@ -423,22 +416,11 @@ check_tools() done } -pre_parse_command_line_for_dirs () { - # Make an early pass through the options given, so we can set directories - # for Arm compilers, before SUPPORTED_COMPONENTS is determined. - while [ $# -gt 0 ]; do - case "$1" in - --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; - --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; - esac - shift - done -} - pre_parse_command_line () { COMMAND_LINE_COMPONENTS= all_except=0 error_test=0 + list_components=0 restore_first=0 no_armcc= @@ -451,8 +433,8 @@ pre_parse_command_line () { --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";; --armcc) no_armcc=;; - --armc5-bin-dir) shift; ;; # assignment to ARMC5_BIN_DIR done in pre_parse_command_line_for_dirs - --armc6-bin-dir) shift; ;; # assignment to ARMC6_BIN_DIR done in pre_parse_command_line_for_dirs + --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; + --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; --clang-earliest) shift; CLANG_EARLIEST="$1";; --clang-latest) shift; CLANG_LATEST="$1";; --error-test) error_test=$((error_test + 1));; @@ -467,7 +449,7 @@ pre_parse_command_line () { --help|-h) usage; exit;; --keep-going|-k) KEEP_GOING=1;; --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; - --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; + --list-components) list_components=1;; --memory|-m) MEMORY=1;; --no-append-outcome) append_outcome=0;; --no-armcc) no_armcc=1;; @@ -494,6 +476,21 @@ pre_parse_command_line () { shift done + # Exclude components that are not supported on this platform. + SUPPORTED_COMPONENTS= + for component in $ALL_COMPONENTS; do + case $(type "support_$component" 2>&1) in + *' function'*) + if ! support_$component; then continue; fi;; + esac + SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" + done + + if [ $list_components -eq 1 ]; then + printf '%s\n' $SUPPORTED_COMPONENTS + exit + fi + # With no list of components, run everything. if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then all_except=1 @@ -6157,7 +6154,6 @@ run_component () { # Preliminary setup pre_check_environment -pre_parse_command_line_for_dirs "$@" pre_initialize_variables pre_parse_command_line "$@" From bbb5af9eae7b35a8f10ef6e5d3db919de55374ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 15 Dec 2023 20:58:15 +0100 Subject: [PATCH 331/653] Set OpenSSL/GnuTLS variables in release components MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e68ad2016c..442bd7ae0d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -748,7 +748,7 @@ pre_check_tools () { # Require OpenSSL and GnuTLS if running any tests (as opposed to # only doing builds). Not all tests run OpenSSL and GnuTLS, but this # is a good enough approximation in practice. - *" test_"*) + *" test_"* | *" release_test_"*) # To avoid setting OpenSSL and GnuTLS for each call to compat.sh # and ssl-opt.sh, we just export the variables they require. export OPENSSL="$OPENSSL" From eb075c5de48e3c029e61e7509dad856cb311e34c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 4 Oct 2023 18:38:14 +0100 Subject: [PATCH 332/653] Add cmake build type for tsan Building with clang ThreadSanitizer can now be done by setting the build type: cmake -D CMAKE_BUILD_TYPE:String=TSan . (ThreadSanitizer is available in clang 3.2 and gcc 4.8, README.md states that we test with clang 3.8 and gcc 5.4.) Signed-off-by: Janos Follath --- CMakeLists.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 36baa3b402..3badb5f726 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -117,7 +117,7 @@ endif() # If this is the root project add longer list of available CMAKE_BUILD_TYPE values if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} - CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull" + CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan" FORCE) endif() @@ -208,6 +208,7 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation") endif() set(CMAKE_C_FLAGS_RELEASE "-O2") + set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -g3 -O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") @@ -219,6 +220,7 @@ endif(CMAKE_COMPILER_IS_GNU) if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") set(CMAKE_C_FLAGS_RELEASE "-O2") + set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -g3 -O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") From 9338cac0509a862e64135799472f0c24bf2efc79 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 4 Oct 2023 18:55:39 +0100 Subject: [PATCH 333/653] Add tsan to all.sh component_test_tsan now builds and tests the library with clang ThreadSanitizer enabled. There are no multi-threaded unit tests so far, the goal is that they are automatically tested with TSan when they are added. Signed-off-by: Janos Follath --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 40a8fe0bf4..05fc1a0d54 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2159,6 +2159,18 @@ component_release_test_valgrind_constant_flow_psa () { make memcheck } +component_test_tsan () { + msg "build: TSan (clang)" + scripts/config.py set MBEDTLS_THREADING_C + scripts/config.py set MBEDTLS_THREADING_PTHREAD + + CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan . + make + + msg "test: main suites (TSan)" + make test +} + component_test_default_no_deprecated () { # Test that removing the deprecated features from the default # configuration leaves something consistent. From a16ee6b7d4789c501baf5955e492cc27189b2706 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 4 Oct 2023 19:05:26 +0100 Subject: [PATCH 334/653] Add multi-threaded unit test The unit test we add is designed to fail. The goal is to test the tests and show that they catch the problem. A later commit will fix the unit test and will make it pass. Signed-off-by: Janos Follath --- tests/suites/test_suite_ctr_drbg.data | 6 +++ tests/suites/test_suite_ctr_drbg.function | 64 +++++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index a72d8afa0d..70206e7d9a 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1096,5 +1096,11 @@ ctr_drbg_seed_file:"no_such_dir/file":MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: +CTR_DRBG Threads: no reseed +ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":10000 + +CTR_DRBG Threads: reseed +ctr_drbg_threads:"0d2dda60286dc738ddcc2dd3520bb988":25 + CTR_DRBG self test ctr_drbg_selftest: diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 066e70b352..bdf3dca59a 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -90,6 +90,19 @@ exit: mbedtls_ctr_drbg_free(&ctx); } +static const int thread_random_reps = 10; +void *thread_random_function( void* ctx ) +{ + unsigned char out[16]; + memset(out, 0, sizeof(out)); + + for(int i = 0; i < thread_random_reps; i++) { + TEST_EQUAL(mbedtls_ctr_drbg_random_with_add((mbedtls_ctr_drbg_context*) ctx, out, sizeof(out), NULL, 0), 0); + } + +exit: + return NULL; +} /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -325,6 +338,57 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD */ +void ctr_drbg_threads(data_t *expected_result, int reseed_interval) +{ +#define THREAD_CNT 5 + pthread_t threads[THREAD_CNT]; + + unsigned char out[16]; + memset(out, 0, sizeof(out)); + + unsigned char entropy[1024]; + memset(entropy, 0, sizeof(entropy)); + + test_offset_idx = 0; + test_max_idx = sizeof(entropy); + + mbedtls_ctr_drbg_context ctx; + mbedtls_ctr_drbg_init(&ctx); + + mbedtls_ctr_drbg_set_reseed_interval(&ctx, reseed_interval); + + /* There are too many calls in this test to conveniently provide enough + * entropy for this to be on. Test cases can trigger reseeding by setting + * \p reseed_interval appropriately. */ + mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_OFF); + + TEST_EQUAL( + mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_entropy_func, entropy, NULL, 0), + 0); + + for (size_t i = 0; i < THREAD_CNT; i++) { + TEST_EQUAL( + pthread_create(&threads[i], NULL, + thread_random_function, (void*) &ctx), + 0); + } + + for (size_t i = 0; i < THREAD_CNT; i++) { + TEST_EQUAL(pthread_join(threads[i], NULL), 0); + } + + /* Take a last output for comparing and thus verifying the DRBG state */ + TEST_EQUAL(mbedtls_ctr_drbg_random(&ctx, out, sizeof(out)), 0); + + TEST_MEMORY_COMPARE(out, sizeof(out), expected_result->x, expected_result->len); + +exit: + mbedtls_ctr_drbg_free(&ctx); +} +#undef THREAD_CNT +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ void ctr_drbg_seed_file(char *path, int ret) { From 178bf3ee8acdb40a10dbd149ee301cd87679b056 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 4 Oct 2023 19:08:23 +0100 Subject: [PATCH 335/653] Fix failing multi-threaded unit test Signed-off-by: Janos Follath --- tests/suites/test_suite_ctr_drbg.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index bdf3dca59a..0f1237c7e0 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -97,7 +97,7 @@ void *thread_random_function( void* ctx ) memset(out, 0, sizeof(out)); for(int i = 0; i < thread_random_reps; i++) { - TEST_EQUAL(mbedtls_ctr_drbg_random_with_add((mbedtls_ctr_drbg_context*) ctx, out, sizeof(out), NULL, 0), 0); + TEST_EQUAL(mbedtls_ctr_drbg_random((mbedtls_ctr_drbg_context*) ctx, out, sizeof(out)), 0); } exit: From 20b2efa2930e801c61ef1e9390cea1e11aad0e84 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 21 Nov 2023 14:46:51 +0000 Subject: [PATCH 336/653] Fix missing include Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 0f1237c7e0..7123d146cb 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -3,6 +3,10 @@ #include "mbedtls/ctr_drbg.h" #include "string.h" +#if defined(MBEDTLS_THREADING_PTHREAD) +#include "mbedtls/threading.h" +#endif + /* Modes for ctr_drbg_validate */ enum reseed_mode { RESEED_NEVER, /* never reseed */ From bda25dd29c64d91b2df7a223f424b0bd3624e8af Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 21 Nov 2023 17:07:40 +0000 Subject: [PATCH 337/653] Add re-seeding option to test Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.data | 4 +-- tests/suites/test_suite_ctr_drbg.function | 33 ++++++++++++++--------- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 70206e7d9a..827d74a4aa 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1097,10 +1097,10 @@ CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: CTR_DRBG Threads: no reseed -ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":10000 +ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0 CTR_DRBG Threads: reseed -ctr_drbg_threads:"0d2dda60286dc738ddcc2dd3520bb988":25 +ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1 CTR_DRBG self test ctr_drbg_selftest: diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 7123d146cb..72cbf7bc99 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -343,29 +343,37 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD */ -void ctr_drbg_threads(data_t *expected_result, int reseed_interval) +void ctr_drbg_threads(data_t *expected_result, int reseed) { #define THREAD_CNT 5 pthread_t threads[THREAD_CNT]; unsigned char out[16]; + unsigned char *entropy = NULL; + + const size_t n_random_calls = THREAD_CNT * thread_random_reps + 1; + memset(out, 0, sizeof(out)); - unsigned char entropy[1024]; - memset(entropy, 0, sizeof(entropy)); - - test_offset_idx = 0; - test_max_idx = sizeof(entropy); - mbedtls_ctr_drbg_context ctx; mbedtls_ctr_drbg_init(&ctx); - mbedtls_ctr_drbg_set_reseed_interval(&ctx, reseed_interval); + test_offset_idx = 0; - /* There are too many calls in this test to conveniently provide enough - * entropy for this to be on. Test cases can trigger reseeding by setting - * \p reseed_interval appropriately. */ - mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_OFF); + if (reseed == 0) { + mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_OFF); + mbedtls_ctr_drbg_set_reseed_interval(&ctx, n_random_calls + 1); + + TEST_CALLOC(entropy, MBEDTLS_CTR_DRBG_ENTROPY_LEN); + test_max_idx = MBEDTLS_CTR_DRBG_ENTROPY_LEN; + } else { + const size_t entropy_size = (n_random_calls + 1) * MBEDTLS_CTR_DRBG_ENTROPY_LEN; + + mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON); + + TEST_CALLOC(entropy, entropy_size); + test_max_idx = entropy_size; + } TEST_EQUAL( mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_entropy_func, entropy, NULL, 0), @@ -389,6 +397,7 @@ void ctr_drbg_threads(data_t *expected_result, int reseed_interval) exit: mbedtls_ctr_drbg_free(&ctx); + mbedtls_free(entropy); } #undef THREAD_CNT /* END_CASE */ From bbdfc8ad2c8a8479c161d0601f67a41c23c9256b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 23 Nov 2023 14:07:43 +0000 Subject: [PATCH 338/653] Add TsanDbg, standardise Tsan with other sanitisers Signed-off-by: Paul Elliott --- CMakeLists.txt | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3badb5f726..ad056466ad 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -117,7 +117,7 @@ endif() # If this is the root project add longer list of available CMAKE_BUILD_TYPE values if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} - CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan" + CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan TSanDbg" FORCE) endif() @@ -208,11 +208,12 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation") endif() set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -g3 -O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") + set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3") + set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_CHECK "-Os") set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual") endif(CMAKE_COMPILER_IS_GNU) @@ -220,13 +221,14 @@ endif(CMAKE_COMPILER_IS_GNU) if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -g3 -O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -O3") set(CMAKE_C_FLAGS_MEMSANDBG "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2") + set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3") + set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_CHECK "-Os") endif(CMAKE_COMPILER_IS_CLANG) From 8860021abcc77872d6e016d3a27b014b4fe775d3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 23 Nov 2023 14:24:30 +0000 Subject: [PATCH 339/653] Fix false claim of variables used unitialised GCC with TSan + O3 causes an error where it claims key_len and iv_len may be used uninitialised. This is, as far as I can tell incorrect (the only way it could not be set is in the error case, and then it is not used), however the simplest option seemed to be just to fix it. Signed-off-by: Paul Elliott --- library/ssl_tls13_keys.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index a6a2915d86..9b775ec954 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1140,8 +1140,8 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, size_t hash_len; unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; size_t transcript_len; - size_t key_len; - size_t iv_len; + size_t key_len = 0; + size_t iv_len = 0; mbedtls_ssl_tls13_early_secrets tls13_early_secrets; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -1341,8 +1341,8 @@ static int ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, size_t hash_len; unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; size_t transcript_len; - size_t key_len; - size_t iv_len; + size_t key_len = 0; + size_t iv_len = 0; mbedtls_ssl_handshake_params *handshake = ssl->handshake; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -1592,7 +1592,7 @@ static int ssl_tls13_generate_application_keys( size_t hash_len; /* Variables relating to the cipher for the chosen ciphersuite. */ - size_t key_len, iv_len; + size_t key_len = 0, iv_len = 0; MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive application traffic keys")); From 2667eda785009e075a12e4d291bff7e6fd08f54d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 29 Nov 2023 15:53:00 +0000 Subject: [PATCH 340/653] Explicitly link tests with pthreads Required to use pthreads within tests. Signed-off-by: Paul Elliott --- tests/CMakeLists.txt | 3 +++ tests/Makefile | 1 + 2 files changed, 4 insertions(+) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 0869aaa018..68bc57f5a5 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,5 +1,8 @@ +find_package(Threads) + set(libs ${mbedtls_target} + ${CMAKE_THREAD_LIBS_INIT} ) # Set the project root directory if it's not already defined, as may happen if diff --git a/tests/Makefile b/tests/Makefile index 2249a55df6..bcc3b9307f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -57,6 +57,7 @@ else DLEXT ?= so EXEXT= SHARED_SUFFIX= +LOCAL_LDFLAGS += -lpthread endif ifdef WINDOWS From 6a997c9994694b7c338a8ad8ebc22489872239c3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 30 Nov 2023 14:47:17 +0000 Subject: [PATCH 341/653] Fix code style Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 72cbf7bc99..5a77c1d433 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -95,13 +95,13 @@ exit: } static const int thread_random_reps = 10; -void *thread_random_function( void* ctx ) +void *thread_random_function(void *ctx) { unsigned char out[16]; memset(out, 0, sizeof(out)); - for(int i = 0; i < thread_random_reps; i++) { - TEST_EQUAL(mbedtls_ctr_drbg_random((mbedtls_ctr_drbg_context*) ctx, out, sizeof(out)), 0); + for (int i = 0; i < thread_random_reps; i++) { + TEST_EQUAL(mbedtls_ctr_drbg_random((mbedtls_ctr_drbg_context *) ctx, out, sizeof(out)), 0); } exit: @@ -382,7 +382,7 @@ void ctr_drbg_threads(data_t *expected_result, int reseed) for (size_t i = 0; i < THREAD_CNT; i++) { TEST_EQUAL( pthread_create(&threads[i], NULL, - thread_random_function, (void*) &ctx), + thread_random_function, (void *) &ctx), 0); } From 811c600d88108b6df02e86168666e9a931e643ba Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 30 Nov 2023 19:04:28 +0000 Subject: [PATCH 342/653] Guard tests correctly All guarded options change output, thus failing the test. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.data | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 827d74a4aa..1cc51e302f 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1097,9 +1097,11 @@ CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: CTR_DRBG Threads: no reseed +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0 CTR_DRBG Threads: reseed +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1 CTR_DRBG self test From fed410f58e4370cbd6025d959ac6084fe5864d73 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 30 Nov 2023 20:40:55 +0000 Subject: [PATCH 343/653] Increase entropy buffer sizes Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.function | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 5a77c1d433..329c222cf9 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -364,10 +364,11 @@ void ctr_drbg_threads(data_t *expected_result, int reseed) mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_OFF); mbedtls_ctr_drbg_set_reseed_interval(&ctx, n_random_calls + 1); - TEST_CALLOC(entropy, MBEDTLS_CTR_DRBG_ENTROPY_LEN); - test_max_idx = MBEDTLS_CTR_DRBG_ENTROPY_LEN; + TEST_CALLOC(entropy, MBEDTLS_CTR_DRBG_ENTROPY_LEN + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN); + test_max_idx = MBEDTLS_CTR_DRBG_ENTROPY_LEN + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN; } else { - const size_t entropy_size = (n_random_calls + 1) * MBEDTLS_CTR_DRBG_ENTROPY_LEN; + const size_t entropy_size = ((n_random_calls + 1) * MBEDTLS_CTR_DRBG_ENTROPY_LEN) + + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN; mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON); From bb0e48f94f456e099ae58848537c22c87438ea9f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 1 Dec 2023 18:05:19 +0000 Subject: [PATCH 344/653] Make number of threads a test argument Remove hard coded number of threads. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.data | 4 ++-- tests/suites/test_suite_ctr_drbg.function | 15 ++++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 1cc51e302f..b519da8951 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1098,11 +1098,11 @@ ctr_drbg_special_behaviours: CTR_DRBG Threads: no reseed depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C -ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0 +ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0:5 CTR_DRBG Threads: reseed depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C -ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1 +ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1:5 CTR_DRBG self test ctr_drbg_selftest: diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 329c222cf9..a5a85a0eba 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -343,16 +343,17 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD */ -void ctr_drbg_threads(data_t *expected_result, int reseed) +void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) { -#define THREAD_CNT 5 - pthread_t threads[THREAD_CNT]; + size_t thread_count = (size_t) arg_thread_count; + pthread_t *threads = NULL; unsigned char out[16]; unsigned char *entropy = NULL; - const size_t n_random_calls = THREAD_CNT * thread_random_reps + 1; + const size_t n_random_calls = thread_count * thread_random_reps + 1; + TEST_CALLOC(threads, sizeof(pthread_t) * thread_count); memset(out, 0, sizeof(out)); mbedtls_ctr_drbg_context ctx; @@ -380,14 +381,14 @@ void ctr_drbg_threads(data_t *expected_result, int reseed) mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_entropy_func, entropy, NULL, 0), 0); - for (size_t i = 0; i < THREAD_CNT; i++) { + for (size_t i = 0; i < thread_count; i++) { TEST_EQUAL( pthread_create(&threads[i], NULL, thread_random_function, (void *) &ctx), 0); } - for (size_t i = 0; i < THREAD_CNT; i++) { + for (size_t i = 0; i < thread_count; i++) { TEST_EQUAL(pthread_join(threads[i], NULL), 0); } @@ -399,8 +400,8 @@ void ctr_drbg_threads(data_t *expected_result, int reseed) exit: mbedtls_ctr_drbg_free(&ctx); mbedtls_free(entropy); + mbedtls_free(threads); } -#undef THREAD_CNT /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ From 356597f077c32d7206e252ecd93780a4c61e931e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 1 Dec 2023 18:09:41 +0000 Subject: [PATCH 345/653] Make TSan test run operate on full config Signed-off-by: Paul Elliott --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 05fc1a0d54..315c6e5cd7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2161,6 +2161,7 @@ component_release_test_valgrind_constant_flow_psa () { component_test_tsan () { msg "build: TSan (clang)" + scripts/config.py full scripts/config.py set MBEDTLS_THREADING_C scripts/config.py set MBEDTLS_THREADING_PTHREAD From 80fa88e2fab1850e2b5eb38eb8bc2759a7606269 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 24 Nov 2023 17:12:24 +0000 Subject: [PATCH 346/653] Remove warning with GCC 12 and TSan Compiler is unhappy that the return from mbedtls_cipher_get_name() could be NULL as this is used in a printf statement. Signed-off-by: Paul Elliott --- programs/aes/crypt_and_hash.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 226718bc63..f15b85e2c0 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -103,7 +103,14 @@ int main(int argc, char *argv[]) list = mbedtls_cipher_list(); while (*list) { cipher_info = mbedtls_cipher_info_from_type(*list); - mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); + if (cipher_info) { + const char *name = mbedtls_cipher_info_get_name(cipher_info); + + if (name) { + mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); + } + } + list++; } From be978a8c4fc52965b486125f2993251025b1a399 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 7 Dec 2023 11:46:04 +0000 Subject: [PATCH 347/653] Add option to pass make variables to depends.py Signed-off-by: Paul Elliott --- tests/scripts/depends.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 38c184a6ae..5fe26f158b 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -381,7 +381,7 @@ class DomainData: def __init__(self, options, conf): """Gather data about the library and establish a list of domains to test.""" - build_command = [options.make_command, 'CFLAGS=-Werror'] + build_command = [options.make_command] + options.make_vars.split(' ') + ['CFLAGS=-Werror'] build_and_test = [build_command, [options.make_command, 'test']] self.all_config_symbols = set(conf.settings.keys()) # Find hash modules by name. @@ -526,6 +526,9 @@ def main(): parser.add_argument('--make-command', metavar='CMD', help='Command to run instead of make (e.g. gmake)', action='store', default='make') + parser.add_argument('--make-vars', + help='optional variable/value pairs to pass to make', + action='store', default='') parser.add_argument('--unset-use-psa', help='Unset MBEDTLS_USE_PSA_CRYPTO before any test', action='store_true', dest='unset_use_psa') From 6587959a32f978aeb02766c27cf30b04d8a245e1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 7 Dec 2023 20:08:10 +0000 Subject: [PATCH 348/653] Add ability to pass make variables to psa_collect_statuses.py Signed-off-by: Paul Elliott --- tests/scripts/psa_collect_statuses.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index 11bbebcc1f..6291d7898e 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -82,10 +82,15 @@ def collect_status_logs(options): cwd='tests', stdout=sys.stderr) with open(os.devnull, 'w') as devnull: - make_q_ret = subprocess.call(['make', '-q', 'lib', 'tests'], - stdout=devnull, stderr=devnull) + build_command = ['make', '-q'] + options.make_vars.split(' ') + \ + ['lib', 'tests'] + make_q_ret = subprocess.call(build_command, stdout=devnull, + stderr=devnull) + print("blagh") if make_q_ret != 0: - subprocess.check_call(['make', 'RECORD_PSA_STATUS_COVERAGE_LOG=1'], + build_command = ['make'] + options.make_vars.split(' ') + \ + ['RECORD_PSA_STATUS_COVERAGE_LOG=1'] + subprocess.check_call(build_command, stdout=sys.stderr) rebuilt = True subprocess.check_call(['make', 'test'], @@ -112,6 +117,9 @@ def main(): help='Log file location (default: {})'.format( DEFAULT_STATUS_LOG_FILE )) + parser.add_argument('--make-vars', + help='optional variable/value pairs to pass to make', + action='store', default='') parser.add_argument('--psa-constant-names', metavar='PROGRAM', default=DEFAULT_PSA_CONSTANT_NAMES, help='Path to psa_constant_names (default: {})'.format( From 20a95bc09a540918da70d4e96d8a615cea934692 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 6 Dec 2023 19:24:49 +0000 Subject: [PATCH 349/653] Remove explicit linking of PThread in make This would break platforms that do not have pthread. Put the linking instead behind a define and add this define where required to all.sh. Signed-off-by: Paul Elliott --- tests/Makefile | 3 + tests/scripts/all.sh | 169 ++++++++++++++++++++++--------------------- 2 files changed, 89 insertions(+), 83 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index bcc3b9307f..72429a6429 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -57,8 +57,11 @@ else DLEXT ?= so EXEXT= SHARED_SUFFIX= + +ifdef PTHREAD LOCAL_LDFLAGS += -lpthread endif +endif ifdef WINDOWS PYTHON ?= python diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 315c6e5cd7..65203e8771 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -216,6 +216,9 @@ pre_initialize_variables () { esac SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" done + + # Option to enable linking with pthreads under make + MAKE_THREADING_FLAGS="PTHREAD=1" } # Test whether the component $1 is included in the command line patterns. @@ -930,7 +933,7 @@ helper_get_psa_key_type_list() { # Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed. helper_libtestdriver1_make_drivers() { loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # Build the main libraries, programs and tests, @@ -948,7 +951,7 @@ helper_libtestdriver1_make_main() { # we need flags both with and without the LIBTESTDRIVER1_ prefix loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS "$@" } ################################################################ @@ -1443,7 +1446,7 @@ component_test_psa_external_rng_no_drbg_classic () { # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, # the SSL test programs don't have an RNG and can't work. Explicitly # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites" make test @@ -1462,7 +1465,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" make test @@ -1477,7 +1480,7 @@ component_test_psa_external_rng_use_psa_crypto () { scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_CTR_DRBG_C - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" make test @@ -1495,7 +1498,7 @@ component_test_psa_inject_entropy () { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY" make test @@ -1529,14 +1532,14 @@ component_test_crypto_full_md_light_only () { # Note: MD-light is auto-enabled in build_info.h by modules that need it, # which we haven't disabled, so no need to explicitly enable it. - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS # Make sure we don't have the HMAC functions, but the hashing functions not grep mbedtls_md_hmac library/md.o grep mbedtls_md library/md.o msg "test: crypto_full with only the light subset of MD" - make test + make $MAKE_THREADING_FLAGS test } component_test_full_no_cipher () { @@ -1562,7 +1565,7 @@ component_test_full_no_cipher () { scripts/config.py unset MBEDTLS_LMS_PRIVATE msg "test: full no CIPHER no PSA_CRYPTO_C" - make test + make $MAKE_THREADING_FLAGS test } # This is a common configurator and test function that is used in: @@ -1611,7 +1614,7 @@ common_test_full_no_cipher_with_psa_crypto () { scripts/config.py unset MBEDTLS_PKCS12_C scripts/config.py unset MBEDTLS_PKCS5_C - make + make $MAKE_THREADING_FLAGS # Ensure that CIPHER_C was not re-enabled not grep mbedtls_cipher_init library/cipher.o @@ -1644,7 +1647,7 @@ component_test_full_no_ccm() { # PSA_WANT_ALG_CCM to be re-enabled. scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM - make + make $MAKE_THREADING_FLAGS msg "test: full no PSA_WANT_ALG_CCM" make test @@ -1672,7 +1675,7 @@ component_test_full_no_ccm_star_no_tag() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - make + make $MAKE_THREADING_FLAGS # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled not grep mbedtls_psa_cipher library/psa_crypto_cipher.o @@ -1729,7 +1732,7 @@ component_test_full_no_bignum () { scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - make + make $MAKE_THREADING_FLAGS msg "test: full minus bignum" make test @@ -2007,7 +2010,7 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { component_test_psa_collect_statuses () { msg "build+test: psa_collect_statuses" # ~30s scripts/config.py full - tests/scripts/psa_collect_statuses.py + tests/scripts/psa_collect_statuses.py --make-vars="$MAKE_THREADING_FLAGS" # Check that psa_crypto_init() succeeded at least once grep -q '^0:psa_crypto_init:' tests/statuses.log rm -f tests/statuses.log @@ -2186,7 +2189,7 @@ component_test_default_no_deprecated () { component_test_full_no_deprecated () { msg "build: make, full_no_deprecated config" # ~ 30s scripts/config.py full_no_deprecated - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' $MAKE_THREADING_FLAGS msg "test: make, full_no_deprecated config" # ~ 5s make test @@ -2203,7 +2206,7 @@ component_test_full_no_deprecated_deprecated_warning () { scripts/config.py full_no_deprecated scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED scripts/config.py set MBEDTLS_DEPRECATED_WARNING - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' $MAKE_THREADING_FLAGS msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s make test @@ -2223,7 +2226,7 @@ component_test_full_deprecated_warning () { # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. # Expect warnings from '#warning' directives in check_config.h and # from the use of deprecated functions in test suites. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' $MAKE_THREADING_FLAGS tests msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s make test @@ -2248,7 +2251,7 @@ component_build_crypto_default () { component_build_crypto_full () { msg "build: make, crypto only, full config" scripts/config.py crypto_full - make CFLAGS='-O1 -Werror' + make CFLAGS='-O1 -Werror' $MAKE_THREADING_FLAGS are_empty_libraries library/libmbedx509.* library/libmbedtls.* } @@ -2308,73 +2311,73 @@ support_build_baremetal () { # depends.py family of tests component_test_depends_py_cipher_id () { msg "test/build: depends.py cipher_id (gcc)" - tests/scripts/depends.py cipher_id --unset-use-psa + tests/scripts/depends.py cipher_id --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_cipher_chaining () { msg "test/build: depends.py cipher_chaining (gcc)" - tests/scripts/depends.py cipher_chaining --unset-use-psa + tests/scripts/depends.py cipher_chaining --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_cipher_padding () { msg "test/build: depends.py cipher_padding (gcc)" - tests/scripts/depends.py cipher_padding --unset-use-psa + tests/scripts/depends.py cipher_padding --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_curves () { msg "test/build: depends.py curves (gcc)" - tests/scripts/depends.py curves --unset-use-psa + tests/scripts/depends.py curves --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_hashes () { msg "test/build: depends.py hashes (gcc)" - tests/scripts/depends.py hashes --unset-use-psa + tests/scripts/depends.py hashes --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_kex () { msg "test/build: depends.py kex (gcc)" - tests/scripts/depends.py kex --unset-use-psa + tests/scripts/depends.py kex --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_pkalgs () { msg "test/build: depends.py pkalgs (gcc)" - tests/scripts/depends.py pkalgs --unset-use-psa + tests/scripts/depends.py pkalgs --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" } # PSA equivalents of the depends.py tests component_test_depends_py_cipher_id_psa () { msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py cipher_id + tests/scripts/depends.py cipher_id --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_cipher_chaining_psa () { msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py cipher_chaining + tests/scripts/depends.py cipher_chaining --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_cipher_padding_psa () { msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py cipher_padding + tests/scripts/depends.py cipher_padding --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_curves_psa () { msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py curves + tests/scripts/depends.py curves --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_hashes_psa () { msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py hashes + tests/scripts/depends.py hashes --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_kex_psa () { msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py kex + tests/scripts/depends.py kex --make-vars="$MAKE_THREADING_FLAGS" } component_test_depends_py_pkalgs_psa () { msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py pkalgs + tests/scripts/depends.py pkalgs --make-vars="$MAKE_THREADING_FLAGS" } component_build_no_pk_rsa_alt_support () { @@ -2386,7 +2389,7 @@ component_build_no_pk_rsa_alt_support () { scripts/config.py set MBEDTLS_X509_CRT_WRITE_C # Only compile - this is primarily to test for compile issues - make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' $MAKE_THREADING_FLAGS } component_build_module_alt () { @@ -2600,7 +2603,7 @@ component_test_psa_crypto_config_reference_ffdh () { # Disable things that are not supported scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - make + make $MAKE_THREADING_FLAGS msg "test suites: full with non-accelerated FFDH alg" make test @@ -2639,7 +2642,7 @@ component_test_psa_crypto_config_accel_pake() { # ------------- msg "test: full with accelerated PAKE" - make test + make $MAKE_THREADING_FLAGS test } component_test_psa_crypto_config_accel_ecc_some_key_types () { @@ -2699,7 +2702,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { # ------------- msg "test suites: full with accelerated EC algs and some key types" - make test + make $MAKE_THREADING_FLAGS test } # Run tests with only (non-)Weierstrass accelerated @@ -2898,7 +2901,7 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { # ------------- msg "test suites: full with accelerated EC algs" - make test + make $MAKE_THREADING_FLAGS test msg "ssl-opt: full with accelerated EC algs" tests/ssl-opt.sh @@ -2910,7 +2913,7 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () { config_psa_crypto_config_ecp_light_only 0 - make + make $MAKE_THREADING_FLAGS msg "test suites: full with non-accelerated EC algs" make test @@ -3003,7 +3006,7 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # ------------- msg "test: full + accelerated EC algs - ECP" - make test + make $MAKE_THREADING_FLAGS test msg "ssl-opt: full + accelerated EC algs - ECP" tests/ssl-opt.sh @@ -3017,7 +3020,7 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { config_psa_crypto_no_ecp_at_all 0 - make + make $MAKE_THREADING_FLAGS msg "test: full + non accelerated EC algs" make test @@ -3180,7 +3183,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM" - make test + make $MAKE_THREADING_FLAGS test msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" tests/ssl-opt.sh @@ -3211,7 +3214,7 @@ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target" - make + make $MAKE_THREADING_FLAGS msg "test suites: full + non accelerated EC algs + USE_PSA" make test @@ -3330,7 +3333,7 @@ build_full_minus_something_and_test_tls () { scripts/config.py unset $sym done - make + make $MAKE_THREADING_FLAGS msg "test: full minus something, test TLS" ( cd tests; ./test_suite_ssl ) @@ -3369,7 +3372,7 @@ build_and_test_psa_want_key_pair_partial() { # crypto_config.h so we just disable the one we don't want. scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want" - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}" make test @@ -3435,7 +3438,7 @@ component_test_psa_crypto_config_accel_rsa_crypto () { # ------------- msg "test: crypto_full with accelerated RSA" - make test + make $MAKE_THREADING_FLAGS test } component_test_psa_crypto_config_reference_rsa_crypto () { @@ -3447,7 +3450,7 @@ component_test_psa_crypto_config_reference_rsa_crypto () { # Build # ----- - make + make $MAKE_THREADING_FLAGS # Run the tests # ------------- @@ -3649,7 +3652,7 @@ component_test_psa_crypto_config_reference_hash_use_psa() { config_psa_crypto_hash_use_psa 0 - make + make $MAKE_THREADING_FLAGS msg "test: full without accelerated hashes" make test @@ -3814,7 +3817,7 @@ component_test_psa_crypto_config_accel_cipher_aead () { # ------------- msg "test: full config with accelerated cipher and AEAD" - make test + make $MAKE_THREADING_FLAGS test msg "ssl-opt: full config with accelerated cipher and AEAD" tests/ssl-opt.sh @@ -3827,7 +3830,7 @@ component_test_psa_crypto_config_reference_cipher_aead () { msg "build: full config with non-accelerated cipher and AEAD" common_psa_crypto_config_accel_cipher_aead - make + make $MAKE_THREADING_FLAGS msg "test: full config with non-accelerated cipher and AEAD" make test @@ -3844,7 +3847,7 @@ component_test_aead_chachapoly_disabled() { scripts/config.py full scripts/config.py unset MBEDTLS_CHACHAPOLY_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full minus CHACHAPOLY" make test @@ -3857,7 +3860,7 @@ component_test_aead_only_ccm() { scripts/config.py unset MBEDTLS_GCM_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full minus CHACHAPOLY and GCM" make test @@ -3888,7 +3891,7 @@ component_build_psa_accel_alg_ecdh() { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. @@ -3898,7 +3901,7 @@ component_build_psa_accel_alg_hmac() { scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. @@ -3911,7 +3914,7 @@ component_build_psa_accel_alg_hkdf() { # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. @@ -3930,7 +3933,7 @@ component_build_psa_accel_alg_md5() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. @@ -3949,7 +3952,7 @@ component_build_psa_accel_alg_ripemd160() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. @@ -3968,7 +3971,7 @@ component_build_psa_accel_alg_sha1() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. @@ -3984,7 +3987,7 @@ component_build_psa_accel_alg_sha224() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. @@ -4000,7 +4003,7 @@ component_build_psa_accel_alg_sha256() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. @@ -4018,7 +4021,7 @@ component_build_psa_accel_alg_sha384() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. @@ -4037,7 +4040,7 @@ component_build_psa_accel_alg_sha512() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4051,7 +4054,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4065,7 +4068,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4079,7 +4082,7 @@ component_build_psa_accel_alg_rsa_oaep() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4093,7 +4096,7 @@ component_build_psa_accel_alg_rsa_pss() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4108,7 +4111,7 @@ component_build_psa_accel_key_type_rsa_key_pair() { scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4120,7 +4123,7 @@ component_build_psa_accel_key_type_rsa_public_key() { scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS } @@ -4289,7 +4292,7 @@ component_test_no_platform () { # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs - make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test + make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' $MAKE_THREADING_FLAGS test } component_build_no_std_function () { @@ -4307,14 +4310,14 @@ component_build_no_ssl_srv () { msg "build: full config except SSL server, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_SRV_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' $MAKE_THREADING_FLAGS } component_build_no_ssl_cli () { msg "build: full config except SSL client, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_CLI_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' $MAKE_THREADING_FLAGS } component_build_no_sockets () { @@ -4489,7 +4492,7 @@ component_test_platform_calloc_macro () { component_test_malloc_0_null () { msg "build: malloc(0) returns NULL (ASan+UBSan build)" scripts/config.py full - make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: malloc(0) returns NULL (ASan+UBSan build)" make test @@ -5101,7 +5104,7 @@ component_test_psa_crypto_drivers () { loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" loc_cflags="${loc_cflags} -I../tests/include -O2" - make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: full + test drivers dispatching to builtins" make test @@ -5128,7 +5131,7 @@ test_build_opt () { $cc --version for opt in "$@"; do msg "build/test: $cc $opt, $info" # ~ 30s - make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" + make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" $MAKE_THREADING_FLAGS # We're confident enough in compilers to not run _all_ the tests, # but at least run the unit tests. In particular, runs with # optimizations use inline assembly whereas runs with -O0 @@ -5183,7 +5186,7 @@ component_build_mbedtls_config_file () { msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s scripts/config.py -w full_config.h full echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" + make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" $MAKE_THREADING_FLAGS # Make sure this feature is enabled. We'll disable it in the next phase. programs/test/query_compile_time_config MBEDTLS_NIST_KW_C make clean @@ -5192,7 +5195,7 @@ component_build_mbedtls_config_file () { # In the user config, disable one feature (for simplicity, pick a feature # that nothing else depends on). echo '#undef MBEDTLS_NIST_KW_C' >user_config.h - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" + make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" $MAKE_THREADING_FLAGS not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C rm -f user_config.h full_config.h @@ -5251,7 +5254,7 @@ component_test_m32_no_asm () { scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: i386, make, gcc, no asm (ASan build)" make test @@ -5269,7 +5272,7 @@ component_test_m32_o2 () { msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS msg "test: i386, make, gcc -O2 (ASan build)" make test @@ -5304,7 +5307,7 @@ support_test_m32_everest () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s scripts/config.py full - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' $MAKE_THREADING_FLAGS msg "test: 64-bit ILP32, make, gcc" make test @@ -5368,7 +5371,7 @@ component_test_no_udbl_division () { msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s scripts/config.py full scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CFLAGS='-Werror -O1' + make CFLAGS='-Werror -O1' $MAKE_THREADING_FLAGS msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s make test @@ -5378,7 +5381,7 @@ component_test_no_64bit_multiplication () { msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s scripts/config.py full scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CFLAGS='-Werror -O1' + make CFLAGS='-Werror -O1' $MAKE_THREADING_FLAGS msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s make test @@ -5392,7 +5395,7 @@ component_test_no_strings () { scripts/config.py unset MBEDTLS_ERROR_C scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY scripts/config.py unset MBEDTLS_VERSION_FEATURES - make CFLAGS='-Werror -Os' + make CFLAGS='-Werror -Os' $MAKE_THREADING_FLAGS msg "test: no strings" # ~ 10s make test @@ -5403,7 +5406,7 @@ component_test_no_x509_info () { scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl set MBEDTLS_X509_REMOVE_INFO - make CFLAGS='-Werror -O2' + make CFLAGS='-Werror -O2' $MAKE_THREADING_FLAGS msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s make test @@ -6006,7 +6009,7 @@ component_build_zeroize_checks () { scripts/config.py full # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" + make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" $MAKE_THREADING_FLAGS } From 40f0ec246ea68195e74ffe20c3d8f4c700f732d2 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 11 Dec 2023 17:40:54 +0000 Subject: [PATCH 350/653] Remove requirement for SHA512 from ctr_drbg test Set the entropy len prior to doing the test to ensure the outcome is the same regardless of whether SHA512 or SHA256 is used. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.data | 4 ++-- tests/suites/test_suite_ctr_drbg.function | 13 ++++++++++--- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index b519da8951..f314ac603b 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1097,11 +1097,11 @@ CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: CTR_DRBG Threads: no reseed -depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0:5 CTR_DRBG Threads: reseed -depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_ENTROPY_FORCE_SHA256:MBEDTLS_SHA512_C +depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1:5 CTR_DRBG self test diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index a5a85a0eba..504f28a6ef 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -353,6 +353,9 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) const size_t n_random_calls = thread_count * thread_random_reps + 1; + /* Based on the size of MBEDTLS_CTR_DRBG_ENTROPY_LEN for SHA512. */ + const size_t entropy_len = 48; + TEST_CALLOC(threads, sizeof(pthread_t) * thread_count); memset(out, 0, sizeof(out)); @@ -361,14 +364,18 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) test_offset_idx = 0; + /* Need to do this, otherwise if we are forced into using SHA256 for + * whaever reason, output will differ. */ + mbedtls_ctr_drbg_set_entropy_len(&ctx, entropy_len); + if (reseed == 0) { mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_OFF); mbedtls_ctr_drbg_set_reseed_interval(&ctx, n_random_calls + 1); - TEST_CALLOC(entropy, MBEDTLS_CTR_DRBG_ENTROPY_LEN + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN); - test_max_idx = MBEDTLS_CTR_DRBG_ENTROPY_LEN + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN; + TEST_CALLOC(entropy, entropy_len + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN); + test_max_idx = entropy_len + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN; } else { - const size_t entropy_size = ((n_random_calls + 1) * MBEDTLS_CTR_DRBG_ENTROPY_LEN) + const size_t entropy_size = ((n_random_calls + 1) * entropy_len) + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN; mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON); From 79dc6dad81a897caca0fe24cfce5be81925e48dc Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 11 Dec 2023 17:52:03 +0000 Subject: [PATCH 351/653] Improve make pthread linking mechanism Signed-off-by: Paul Elliott --- programs/Makefile | 2 +- tests/Makefile | 2 +- tests/scripts/all.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index a3fa81679f..ebdadc0567 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -139,7 +139,7 @@ APPS = \ x509/req_app \ # End of APPS -ifdef PTHREAD +ifeq ($(THREADING),pthread) APPS += ssl/ssl_pthread_server endif diff --git a/tests/Makefile b/tests/Makefile index 72429a6429..29197b7c71 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -58,7 +58,7 @@ DLEXT ?= so EXEXT= SHARED_SUFFIX= -ifdef PTHREAD +ifeq ($(THREADING),pthread) LOCAL_LDFLAGS += -lpthread endif endif diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 65203e8771..933c563d30 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -218,7 +218,7 @@ pre_initialize_variables () { done # Option to enable linking with pthreads under make - MAKE_THREADING_FLAGS="PTHREAD=1" + MAKE_THREADING_FLAGS="THREADING=pthread" } # Test whether the component $1 is included in the command line patterns. From e4b3f75298321d14fc20817ad2817d040788bb3f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 11 Dec 2023 17:57:16 +0000 Subject: [PATCH 352/653] Remove unnecessary check Signed-off-by: Paul Elliott --- programs/aes/crypt_and_hash.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index f15b85e2c0..b2cd704710 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -103,14 +103,11 @@ int main(int argc, char *argv[]) list = mbedtls_cipher_list(); while (*list) { cipher_info = mbedtls_cipher_info_from_type(*list); - if (cipher_info) { - const char *name = mbedtls_cipher_info_get_name(cipher_info); + const char *name = mbedtls_cipher_info_get_name(cipher_info); - if (name) { - mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); - } + if (name) { + mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); } - list++; } From 445af3c25ad86c3ea6dc1a68a1eb5663a7e17a8a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 11 Dec 2023 18:05:32 +0000 Subject: [PATCH 353/653] Move test dependancies to function file Dependancies are determined by code in this case. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.data | 1 - tests/suites/test_suite_ctr_drbg.function | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index f314ac603b..028a07f80d 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1097,7 +1097,6 @@ CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: CTR_DRBG Threads: no reseed -depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0:5 CTR_DRBG Threads: reseed diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 504f28a6ef..c60f8cd650 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -342,7 +342,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD */ +/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) { size_t thread_count = (size_t) arg_thread_count; From 7e11dd6ec622b3fbb453de927598e24f48fe09f0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 18 Dec 2023 15:52:44 +0100 Subject: [PATCH 354/653] driver-only-builds: add section for accelerated ciphers/AEADs Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 134 +++++++++++++++++++++++++++++-------- 1 file changed, 105 insertions(+), 29 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 2dcfe67975..c2d8f69d10 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -55,7 +55,12 @@ For now, only the following (families of) mechanisms are supported: - hashes: SHA-3, SHA-2, SHA-1, MD5, etc. - elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types. - finite-field Diffie-Hellman: FFDH algorithm, DH key types. -- AEADs: GCM, CCM and ChachaPoly +- AEADs: + - GCM and CCM with AES, ARIA and Camellia key types + - ChachaPoly with ChaCha20 Key type +- Ciphers: + - key types: AES, ARIA, Camellia, DES + - modes: ECB, CBC, CTR, CFB, OFB, XTS Supported means that when those are provided only by drivers, everything (including PK, X.509 and TLS if `MBEDTLS_USE_PSA_CRYPTO` is enabled) should @@ -63,9 +68,6 @@ work in the same way as if the mechanisms where built-in, except as documented in the "Limitations" sub-sections of the sections dedicated to each family below. -In the near future (end of 2023), we are planning to also add support for -ciphers (AES, ARIA, Camellia). - Currently (mid-2023) we don't have plans to extend this to RSA. If you're interested in driver-only support for RSA, please let us know. @@ -242,33 +244,107 @@ removing builtin support (i.e. `MBEDTLS_DHM_C`). Support for deterministic derivation of a DH keypair (i.e. `PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE`) is not supported. -AEADs ------ +Ciphers and AEADs +----------------- -[This section might contain incomplete data and it is going to be updated in -#8358, i.e. the wrap-up task for accelerated ciphers and AEADs.] +It is possible to have all ciphers and AEADs operations provided only by a +driver. More precisely, for each desired combination of key type and +algorithm/mode you can: +- enable desired PSA key type(s): + - `PSA_WANT_KEY_TYPE_AES`, + - `PSA_WANT_KEY_TYPE_ARIA`, + - `PSA_WANT_KEY_TYPE_CAMELLIA`, + - `PSA_WANT_KEY_TYPE_CHACHA20`, + - `PSA_WANT_KEY_TYPE_DES`; +- enable desired PSA algorithm(s): + - unauthenticated ciphers modes: + - `PSA_WANT_ALG_CBC_NO_PADDING`, + - `PSA_WANT_ALG_CBC_PKCS7`, + - `PSA_WANT_ALG_CCM_STAR_NO_TAG`, + - `PSA_WANT_ALG_CFB`, + - `PSA_WANT_ALG_CTR`, + - `PSA_WANT_ALG_ECB_NO_PADDING`, + - `PSA_WANT_ALG_OFB`, + - `PSA_WANT_ALG_STREAM_CIPHER`; + - AEADs: + - `PSA_WANT_ALG_CCM`, + - `PSA_WANT_ALG_GCM`, + - `PSA_WANT_ALG_CHACHA20_POLY1305`; +- enable `MBEDTLS_PSA_ACCEL_[KEY_TYPE_xxx|ALG_yyy]` symbol(s) which correspond + to the PSA_WANT_KEY_TYPE_xxx` and `PSA_WANT_ALG_yyy` of the previous steps; +- disable builtin support of key types: + - `MBEDTLS_AES_C`, + - `MBEDTLS_ARIA_C`, + - `MBEDTLS_CAMELLIA_C`, + - `MBEDTLS_DES_C`, + - `MBEDTLS_CHACHA20_C`; + and algorithms/modes: + - `MBEDTLS_CBC_C` + - `MBEDTLS_CFB_C` + - `MBEDTLS_CTR_C` + - `MBEDTLS_OFB_C` + - `MBEDTLS_XTS_C` + - `MBEDTLS_CCM_C` + - `MBEDTLS_GCM_C` + - `MBEDTLS_CHACHAPOLY_C` + - `MBEDTLS_NULL_CIPHER` -It is possible to have all AEADs operations provided only by a driver. +Once a key type and related algorithm are accelerated, all cipher and AEADs +operations of that type requested through the PSA Crypto API are performed by +the driver. Only functions belonging to legacy modules which are disabled won't +be available in this configuration. -More precisely you can: -- enable desired PSA algorithm(s) and key type(s): - - `PSA_WANT_ALG_[CCM|GCM]` with `PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]` - - `PSA_WANT_ALG_CHACHA20_POLY1305` with `PSA_WANT_KEY_TYPE_CHACHA20`; -- enable `MBEDTLS_PSA_ACCEL_xxx` symbol(s) which correspond to the - `PSA_WANT_xxx` of the previous step (both for algorithms and key types); -- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY|POLY1305]_C` - algorithms and key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs - which are accelerated. +### Legacy <-> PSA matching + +It should be noticed that the matching between legacy (i.e. `MBEDTLS_xxx_C`) +and PSA (i.e. `PSA_WANT_xxx`) symbols is not always 1:1. For example: +- ECB mode is always enabled in legacy configuration for each key type that + allows it (AES, ARIA, Camellia, DES), whereas it must be explicitly enabled + in PSA with `PSA_WANT_ALG_ECB`; +- similarly for stream ciphers, it is automatically enabled for key types that + support it (`CHACHA20_C` and `NULL_CIPHER`) whereas it must be explicitly + enabled in PSA with `PSA_WANT_ALG_STREAM_CIPHER`; +- legacy symbol `MBEDTLS_CCM_C` adds support for both cipher and AEAD, whereas + in PSA there are 2 different symbols: `PSA_WANT_ALG_CCM_STAR_NO_TAG` and + `PSA_WANT_ALG_CCM`, respectively. + +### Partial acceleration for CCM/GCM + +[This section depends on #8598 so it might updated while that PR progresses.] + +In case legacy CCM/GCM algorithms are enabled it is still possible to benefit +from PSA acceleration by enabling support for ECB mode +(`PSA_WANT_ALG_ECB_NO_PADDING`) together with desired key type(s) +(`PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`). In such configuration it is possible +to: +- still benefit from legacy functions belonging to CCM/GCM modules + (`mbedtls_[ccm|gcm]_xxx()`), +- disable legacy key types (`MBEDTLS_[AES|ARIA|CAMELLIA]_C`) if there is no + other dependency requiring them, of course. + +ChaChaPoly has not such feature, so it requires full acceleration (key type + +algorithm) in order to work with a driver. + +### CTR-DRBG + +Legacy CTR-DRBG module (enabled by `MBEDTLS_CTR_DRBG_C`) can also benefit from +PSA acceleration when: +- legacy AES module is not enabled (`MBEDTLS_AES_C`) and +- AES is supported on PSA side together with ECB mode, i.e. + `PSA_WANT_KEY_TYPE_AES` + `PSA_WANT_ALG_ECB_NO_PADDING`. + +### Disabling CIPHER_C + +This is possible when: + +- all ciphers and AEADs are accelerated; +- no legacy module, either cipher or AEAD, is enabled. The only exception being + CCM/GCM when key types are accelerated, as described in section + [Partial acceleration for CCM/GCM](#partial-acceleration-for-CCM/GCM). + +It should be noticed that disabling `MBEDTLS_CIPHER_C` helps in reducing code's +footprint, but unfortunately it makes the following modules unavailable: +- `MBEDTLS_PKCS[5|12]_C`, +- `MBEDTLS_NIST_KW_C`. -In a build in which all AEADs algorithms and related key types are accelerated -all AEADs operations requested through the PSA Crypto API (including those in -TLS and X.509) will be performed by the driver. -Moreover if no unauthenticated cipher is required, it is also possible to -disable all built-in block cipher's key types -(i.e. `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C`) and `MBEDTLS_CIPHER_C`. This -helps in further reducing code's footprint, but unfortunately it makes the -following modules unavailable: -- `MBEDTLS_PKCS[5|12]_C` -- `MBEDTLS_CTR_DRBG_C` -- `MBEDTLS_NIST_KW_C` From 22dbaf05b6ce1189d1af58bbd144406d827fc813 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 18 Dec 2023 18:18:04 +0000 Subject: [PATCH 355/653] Add AES_PSA_INIT() to thread test case Tests were failing when PSA was being used in ctr_drbg_seed() as PSA was not initialised. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index c60f8cd650..1f0a072c7c 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -356,6 +356,8 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) /* Based on the size of MBEDTLS_CTR_DRBG_ENTROPY_LEN for SHA512. */ const size_t entropy_len = 48; + AES_PSA_INIT(); + TEST_CALLOC(threads, sizeof(pthread_t) * thread_count); memset(out, 0, sizeof(out)); @@ -408,6 +410,8 @@ exit: mbedtls_ctr_drbg_free(&ctx); mbedtls_free(entropy); mbedtls_free(threads); + + AES_PSA_DONE(); } /* END_CASE */ From 66cbc838444b583d3128fdccccf4815656c8a88a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 18 Dec 2023 18:34:50 +0000 Subject: [PATCH 356/653] Use clang by default Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 40a8fe0bf4..1b9040b5fc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -189,6 +189,10 @@ pre_initialize_variables () { if [ -z "${MAKEFLAGS+set}" ]; then export MAKEFLAGS="-j$(all_sh_nproc)" fi + # if CC is not set, use clang by default to improve build times + if [ -z "${CC+set}" ]; then + export CC="clang" + fi # Include more verbose output for failing tests run by CMake or make export CTEST_OUTPUT_ON_FAILURE=1 From 0c5bfe816f807d40a1bc12cecf4befadebb2d85b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 18 Dec 2023 19:53:25 +0000 Subject: [PATCH 357/653] Ensure clang is present Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1b9040b5fc..fe3f59466f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -189,9 +189,9 @@ pre_initialize_variables () { if [ -z "${MAKEFLAGS+set}" ]; then export MAKEFLAGS="-j$(all_sh_nproc)" fi - # if CC is not set, use clang by default to improve build times - if [ -z "${CC+set}" ]; then - export CC="clang" + # if CC is not set, use clang by default (if present) to improve build times + if [ -z "${CC+set}" ] && (type clang > /dev/null 2>&1); then + export CC=$(type -p clang) fi # Include more verbose output for failing tests run by CMake or make From 9deb54900eb5d9f21724f9f016bba1b87e7f143c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 18 Dec 2023 21:01:18 +0100 Subject: [PATCH 358/653] Document the domain_parameters_size==SIZE_MAX hack It was introduced in https://github.com/Mbed-TLS/mbedtls/pull/8616 but not documented. Signed-off-by: Gilles Peskine --- include/psa/crypto_struct.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 5639ad05d4..1eb2463cee 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -254,6 +254,18 @@ struct psa_key_attributes_s { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + /* Unlike normal buffers, there are three cases for domain_parameters + * and domain_parameters_size: + * - domain_parameters_size == SIZE_MAX && domain_parameters == NULL: + * Access to domain parameters is not supported for this key. + * This is a hack which should not exist, intended for keys managed + * by a driver that doesn't support domain parameters. + * - domain_parameters_size == 0 && domain_parameters == NULL: + * The domain parameters are empty. + * - domain_parameters_size > 0 && + * domain_parameters == valid pointer to domain_parameters_size bytes: + * The domain parameters are non-empty. + */ void *MBEDTLS_PRIVATE(domain_parameters); size_t MBEDTLS_PRIVATE(domain_parameters_size); }; From 932ce859d5853c499f92487dc89ffd08708d7243 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 18 Dec 2023 19:55:40 +0000 Subject: [PATCH 359/653] Ensure test_psa_compliance uses gcc Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fe3f59466f..d0c59ffae8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6030,8 +6030,9 @@ component_test_zeroize () { } component_test_psa_compliance () { + # The arch tests build with gcc, so require use of gcc here to link properly msg "build: make, default config (out-of-box), libmbedcrypto.a only" - make -C library libmbedcrypto.a + CC=gcc make -C library libmbedcrypto.a msg "unit test: test_psa_compliance.py" ./tests/scripts/test_psa_compliance.py From d0a594d4446ac8436249b42ebde20a2aec910b1d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 18 Dec 2023 22:29:56 +0000 Subject: [PATCH 360/653] Use gcc in test_psa_compliance Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d0c59ffae8..67b205679b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6035,7 +6035,7 @@ component_test_psa_compliance () { CC=gcc make -C library libmbedcrypto.a msg "unit test: test_psa_compliance.py" - ./tests/scripts/test_psa_compliance.py + CC=gcc ./tests/scripts/test_psa_compliance.py } support_test_psa_compliance () { From 4bb5740a7d0a5518de23635484847928e09600a7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Dec 2023 16:11:59 +0100 Subject: [PATCH 361/653] Revert "pem: auto add newlines to header/footer in mbedtls_pem_write_buffer()" This reverts commit 180915018dd04f6ad66faa3e9fc66813a221643d. Signed-off-by: Valerio Setti --- include/mbedtls/pem.h | 3 --- library/pem.c | 7 +------ library/x509write_crt.c | 4 ++-- library/x509write_csr.c | 4 ++-- tests/suites/test_suite_pem.data | 12 ++++++------ tests/suites/test_suite_pem.function | 6 +++--- 6 files changed, 14 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index 2fe19d026c..cc617a9bcc 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -135,9 +135,6 @@ void mbedtls_pem_free(mbedtls_pem_context *ctx); * \param olen The address at which to store the total length written * or required (if \p buf_len is not enough). * - * \note Newlines are automatically appended to both header and - * footer. - * * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len * to request the length of the resulting PEM buffer in * `*olen`. diff --git a/library/pem.c b/library/pem.c index 7c0c447ee2..9500ffcf7f 100644 --- a/library/pem.c +++ b/library/pem.c @@ -473,10 +473,7 @@ int mbedtls_pem_write_buffer(const char *header, const char *footer, size_t len = 0, use_len, add_len = 0; mbedtls_base64_encode(NULL, 0, &use_len, der_data, der_len); - /* Newlines are appended to the end of both header and footer, so we - * account for an extra +2. */ - add_len = strlen(header) + strlen(footer) + 2 + \ - (((use_len > 2) ? (use_len - 2) : 0) / 64) + 1; + add_len = strlen(header) + strlen(footer) + (((use_len > 2) ? (use_len - 2) : 0) / 64) + 1; if (use_len + add_len > buf_len) { *olen = use_len + add_len; @@ -496,7 +493,6 @@ int mbedtls_pem_write_buffer(const char *header, const char *footer, memcpy(p, header, strlen(header)); p += strlen(header); - *p++ = '\n'; c = encode_buf; while (use_len) { @@ -510,7 +506,6 @@ int mbedtls_pem_write_buffer(const char *header, const char *footer, memcpy(p, footer, strlen(footer)); p += strlen(footer); - *p++ = '\n'; *p++ = '\0'; *olen = p - buf; diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 8d920f2676..4c019eee4e 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -651,8 +651,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, return (int) len; } -#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----" -#define PEM_END_CRT "-----END CERTIFICATE-----" +#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n" +#define PEM_END_CRT "-----END CERTIFICATE-----\n" #if defined(MBEDTLS_PEM_WRITE_C) int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt, diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 5ee683ff12..4e397553a4 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -302,8 +302,8 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, return ret; } -#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----" -#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----" +#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n" +#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" #if defined(MBEDTLS_PEM_WRITE_C) int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 238a0bc043..a4dff45f0b 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -1,20 +1,20 @@ Standard PEM write -mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8=\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8=\n-----END TEST-----\n" PEM write (zero data) -mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"":"-----START TEST-----\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"":"-----START TEST-----\n-----END TEST-----\n" PEM write (one byte) -mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"00":"-----START TEST-----\nAA==\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"00":"-----START TEST-----\nAA==\n-----END TEST-----\n" PEM write (more than line size) -mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8=\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8=\n-----END TEST-----\n" PEM write (exactly two lines) -mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\n-----END TEST-----\n" PEM write (exactly two lines + 1) -mbedtls_pem_write_buffer:"-----START TEST-----":"-----END TEST-----":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" +mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" PEM write length reporting mbedtls_pem_write_buffer_lengths diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index cb652d4584..413dc551c3 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -40,17 +40,17 @@ void mbedtls_pem_write_buffer_lengths() size_t olen_needed, olen; int ret; for (size_t l = 0; l <= sizeof(data); l++) { - ret = mbedtls_pem_write_buffer("", "", data, l, NULL, 0, &olen_needed); + ret = mbedtls_pem_write_buffer("\n", "\n", data, l, NULL, 0, &olen_needed); TEST_EQUAL(ret, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); /* Test that a bigger buffer still only requires `olen_needed` */ - ret = mbedtls_pem_write_buffer("", "", data, l, buf, sizeof(buf), &olen); + ret = mbedtls_pem_write_buffer("\n", "\n", data, l, buf, sizeof(buf), &olen); TEST_EQUAL(ret, 0); TEST_EQUAL(olen_needed, olen); /* Test that a buffer of exactly `olen_needed` works */ memset(buf, 1, sizeof(buf)); - ret = mbedtls_pem_write_buffer("", "", data, l, buf, olen_needed, &olen); + ret = mbedtls_pem_write_buffer("\n", "\n", data, l, buf, olen_needed, &olen); TEST_EQUAL(ret, 0); TEST_EQUAL(olen_needed, olen); /* Test the function didn't overflow the given buffer */ From 7f062a58fb3a3aa4803d922576c0f1da17adc0ea Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Dec 2023 16:29:56 +0100 Subject: [PATCH 362/653] pkwrite: add newlines when calling mbedtls_pem_write_buffer() New defines, which are shared with the pkparse module, lack the new line so we manually add it when invoking mbedtls_pem_write_buffer(). Signed-off-by: Valerio Setti --- library/pkwrite.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index bd592f4f69..1f0d3990ed 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -683,7 +683,7 @@ int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *bu goto cleanup; } - if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, + if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY "\n", PEM_END_PUBLIC_KEY "\n", output_buf + PUB_DER_MAX_BYTES - ret, ret, buf, size, &olen)) != 0) { goto cleanup; @@ -712,18 +712,18 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_RSA_C) if (pk_get_type_ext(key) == MBEDTLS_PK_RSA) { - begin = PEM_BEGIN_PRIVATE_KEY_RSA; - end = PEM_END_PRIVATE_KEY_RSA; + begin = PEM_BEGIN_PRIVATE_KEY_RSA "\n"; + end = PEM_END_PRIVATE_KEY_RSA "\n"; } else #endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) { if (mbedtls_pk_is_rfc8410(key)) { - begin = PEM_BEGIN_PRIVATE_KEY_PKCS8; - end = PEM_END_PRIVATE_KEY_PKCS8; + begin = PEM_BEGIN_PRIVATE_KEY_PKCS8 "\n"; + end = PEM_END_PRIVATE_KEY_PKCS8 "\n"; } else { - begin = PEM_BEGIN_PRIVATE_KEY_EC; - end = PEM_END_PRIVATE_KEY_EC; + begin = PEM_BEGIN_PRIVATE_KEY_EC "\n"; + end = PEM_END_PRIVATE_KEY_EC "\n"; } } else #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ From 70f05bedd6b77d99b1ac6b5c510f061c1299adec Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 18 Dec 2023 16:15:44 +0100 Subject: [PATCH 363/653] changelog: add changelog for accelerated ciphers and AEADs Signed-off-by: Valerio Setti --- ChangeLog.d/8358.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 ChangeLog.d/8358.txt diff --git a/ChangeLog.d/8358.txt b/ChangeLog.d/8358.txt new file mode 100644 index 0000000000..d4c847c827 --- /dev/null +++ b/ChangeLog.d/8358.txt @@ -0,0 +1,9 @@ +Features + * It is now possible to accelerate all ciphers and AEADs through a driver, + while completely removing legacy support and MBEDTLS_CIPHER_C, and still + get full functionality. Only unsupported features that still depend on + MBEDTLS_CIPHER_C are: MBEDTLS_PKCS[5|12]_C and MBEDTLS_NIST_KW_C. + * CTR-DRBG module can now take advantage of PSA driver. Legacy + MBEDTLS_AES_C is still the preferred solution, but when it's not available + it can rely on PSA if PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING + are defined. From 9da01a7f5358229fbe8bacb0731439ab03a66407 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 18 Dec 2023 17:38:18 +0100 Subject: [PATCH 364/653] all.sh: rename test_psa_crypto_config_accel_cipher to accel_des Renaming this test component in order to better explain what it really does. Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 10a76ec182..bdf46a3ed8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3643,13 +3643,20 @@ component_test_psa_crypto_config_reference_hash_use_psa() { tests/ssl-opt.sh } -component_test_psa_crypto_config_accel_cipher () { +component_test_psa_crypto_config_accel_des () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" + # Albeit this components aims at accelerating DES which should only support + # CBC and ECB modes, we need to accelerate more than that otherwise DES_C + # would automatically be re-enabled by "config_adjust_legacy_from_psa.c" loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \ ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \ KEY_TYPE_DES" + # Note: we cannot accelerate all ciphers' key types otherwise we would also + # have to either disable CCM/GCM or accelerate them, but that's out of scope + # of this component. This limitation will be addressed by #8598. + # Configure # --------- From 5ad95393636cf06627eecef9effd397f9e39e376 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 19 Dec 2023 12:22:46 +0100 Subject: [PATCH 365/653] Remove DSA and DH domain parameters from the documentation Mbed TLS doesn't support DSA at all, and doesn't support domain parameters for FFDH (only predefined groups). Signed-off-by: Gilles Peskine --- include/psa/crypto_extra.h | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f7207a1be2..f39d1eb0be 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -428,6 +428,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * of psa_set_key_type() when you need to specify domain parameters. * * The format for the required domain parameters varies based on the key type. + * Mbed TLS supports the following key type with domain parameters: * * - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR), * the domain parameter data consists of the public exponent, @@ -437,32 +438,6 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * key data and the exponent recorded in the attribute structure is ignored. * As an exception, the public exponent 65537 is represented by an empty * byte string. - * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR), - * the `Dss-Params` format as defined by RFC 3279 §2.3.2. - * ``` - * Dss-Params ::= SEQUENCE { - * p INTEGER, - * q INTEGER, - * g INTEGER - * } - * ``` - * - For Diffie-Hellman key exchange keys - * (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or - * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM)), the - * `DomainParameters` format as defined by RFC 3279 §2.3.3. - * ``` - * DomainParameters ::= SEQUENCE { - * p INTEGER, -- odd prime, p=jq +1 - * g INTEGER, -- generator, g - * q INTEGER, -- factor of p-1 - * j INTEGER OPTIONAL, -- subgroup factor - * validationParams ValidationParams OPTIONAL - * } - * ValidationParams ::= SEQUENCE { - * seed BIT STRING, - * pgenCounter INTEGER - * } - * ``` * * \note This function may allocate memory or other resources. * Once you have called this function on an attribute structure, From 1a9e05bf080e9ce770fd56ba88c25c52b4c38498 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 19 Dec 2023 12:23:22 +0100 Subject: [PATCH 366/653] Note that domain parameters are not supported with drivers Signed-off-by: Gilles Peskine --- include/psa/crypto_extra.h | 8 ++++++++ include/psa/crypto_struct.h | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f39d1eb0be..f132f7ed99 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -446,6 +446,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * \note This is an experimental extension to the interface. It may change * in future versions of the library. * + * \note Due to an implementation limitation, domain parameters are ignored + * for keys that are managed by a driver. + * * \param[in,out] attributes Attribute structure where the specified domain * parameters will be stored. * If this function fails, the content of @@ -476,6 +479,9 @@ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, * \note This is an experimental extension to the interface. It may change * in future versions of the library. * + * \note Due to an implementation limitation, domain parameters are not + * supported with keys that are managed by a driver. + * * \param[in] attributes The key attribute structure to query. * \param[out] data On success, the key domain parameters. * \param data_size Size of the \p data buffer in bytes. @@ -488,6 +494,8 @@ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, * * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED + * The key is managed by a driver. */ psa_status_t psa_get_key_domain_parameters( const psa_key_attributes_t *attributes, diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 1eb2463cee..5e52ffde06 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -259,7 +259,7 @@ struct psa_key_attributes_s { * - domain_parameters_size == SIZE_MAX && domain_parameters == NULL: * Access to domain parameters is not supported for this key. * This is a hack which should not exist, intended for keys managed - * by a driver that doesn't support domain parameters. + * by a driver, because drivers don't support domain parameters. * - domain_parameters_size == 0 && domain_parameters == NULL: * The domain parameters are empty. * - domain_parameters_size > 0 && From 590519f5356d0ceaa4e4504c0c65848eb12cdbcc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 19 Dec 2023 11:33:55 +0000 Subject: [PATCH 367/653] Enable -O2 in depends.py Signed-off-by: Dave Rodgman --- tests/scripts/depends.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 38c184a6ae..1a84531034 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -381,7 +381,7 @@ class DomainData: def __init__(self, options, conf): """Gather data about the library and establish a list of domains to test.""" - build_command = [options.make_command, 'CFLAGS=-Werror'] + build_command = [options.make_command, 'CFLAGS=-Werror -O2'] build_and_test = [build_command, [options.make_command, 'test']] self.all_config_symbols = set(conf.settings.keys()) # Find hash modules by name. From dfe5ce81ee18e34e3ec5f42296305c301ebd4f14 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 19 Dec 2023 11:47:18 +0000 Subject: [PATCH 368/653] Use clang -O2 in common_block_cipher_no_decrypt Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 67b205679b..b9c45261ca 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4922,7 +4922,7 @@ helper_block_cipher_no_decrypt_build_test () { msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" make clean - make CC=gcc CFLAGS="$cflags" LDFLAGS="$ldflags" + make CFLAGS="-O2 $cflags" LDFLAGS="$ldflags" # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o From ea03ef9a77bfd645d79909f7f1c17a4d77d7dd77 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 19 Dec 2023 12:19:59 +0000 Subject: [PATCH 369/653] Don't specify gcc unless the test requires it Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b9c45261ca..242df52888 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2168,7 +2168,7 @@ component_test_default_no_deprecated () { # configuration leaves something consistent. msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s scripts/config.py set MBEDTLS_DEPRECATED_REMOVED - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + make CFLAGS='-O -Werror -Wall -Wextra' msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s make test @@ -2177,7 +2177,7 @@ component_test_default_no_deprecated () { component_test_full_no_deprecated () { msg "build: make, full_no_deprecated config" # ~ 30s scripts/config.py full_no_deprecated - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + make CFLAGS='-O -Werror -Wall -Wextra' msg "test: make, full_no_deprecated config" # ~ 5s make test @@ -2194,7 +2194,7 @@ component_test_full_no_deprecated_deprecated_warning () { scripts/config.py full_no_deprecated scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED scripts/config.py set MBEDTLS_DEPRECATED_WARNING - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + make CFLAGS='-O -Werror -Wall -Wextra' msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s make test @@ -2207,14 +2207,14 @@ component_test_full_deprecated_warning () { scripts/config.py full scripts/config.py set MBEDTLS_DEPRECATED_WARNING # Expect warnings from '#warning' directives in check_config.h. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs + make CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. # Expect warnings from '#warning' directives in check_config.h and # from the use of deprecated functions in test suites. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests + make CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s make test @@ -2377,7 +2377,7 @@ component_build_no_pk_rsa_alt_support () { scripts/config.py set MBEDTLS_X509_CRT_WRITE_C # Only compile - this is primarily to test for compile issues - make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' + make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' } component_build_module_alt () { @@ -2410,7 +2410,7 @@ component_build_module_alt () { # We can only compile, not link, since we don't have any implementations # suitable for testing with the dummy alt headers. - make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib + make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib } component_build_dhm_alt () { @@ -2421,7 +2421,7 @@ component_build_dhm_alt () { scripts/config.py unset MBEDTLS_DEBUG_C # We can only compile, not link, since we don't have any implementations # suitable for testing with the dummy alt headers. - make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib + make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib } component_test_no_use_psa_crypto_full_cmake_asan() { @@ -3860,7 +3860,7 @@ component_test_ccm_aes_sha256() { cp "$CONFIG_TEST_DRIVER_H" "$CONFIG_H" cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H" - make CC=gcc + make msg "test: CCM + AES + SHA256 configuration" make test @@ -4324,7 +4324,7 @@ component_test_memory_buffer_allocator_backtrace () { scripts/config.py set MBEDTLS_PLATFORM_MEMORY scripts/config.py set MBEDTLS_MEMORY_BACKTRACE scripts/config.py set MBEDTLS_MEMORY_DEBUG - CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . + cmake -DCMAKE_BUILD_TYPE:String=Release . make msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE" @@ -4335,7 +4335,7 @@ component_test_memory_buffer_allocator () { msg "build: default config with memory buffer allocator" scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.py set MBEDTLS_PLATFORM_MEMORY - CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . + cmake -DCMAKE_BUILD_TYPE:String=Release . make msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C" @@ -4431,7 +4431,7 @@ component_test_ssl_alloc_buffer_and_mfl () { scripts/config.py set MBEDTLS_MEMORY_DEBUG scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . + cmake -DCMAKE_BUILD_TYPE:String=Release . make msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" @@ -4458,7 +4458,7 @@ component_test_when_no_ciphersuites_have_mac () { component_test_no_date_time () { msg "build: default config without MBEDTLS_HAVE_TIME_DATE" scripts/config.py unset MBEDTLS_HAVE_TIME_DATE - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . + cmake -D CMAKE_BUILD_TYPE:String=Check . make msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" @@ -4824,7 +4824,7 @@ component_test_aes_only_128_bit_keys () { scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH scripts/config.py unset MBEDTLS_PADLOCK_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra' + make CFLAGS='-Werror -Wall -Wextra' msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH" make test @@ -4849,7 +4849,7 @@ component_test_aes_only_128_bit_keys_have_builtins () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra' + make CFLAGS='-Werror -Wall -Wextra' msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" make test @@ -4861,7 +4861,7 @@ component_test_aes_only_128_bit_keys_have_builtins () { component_test_aes_fewer_tables () { msg "build: default config with AES_FEWER_TABLES enabled" scripts/config.py set MBEDTLS_AES_FEWER_TABLES - make CC=gcc CFLAGS='-Werror -Wall -Wextra' + make CFLAGS='-Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES" make test @@ -4870,7 +4870,7 @@ component_test_aes_fewer_tables () { component_test_aes_rom_tables () { msg "build: default config with AES_ROM_TABLES enabled" scripts/config.py set MBEDTLS_AES_ROM_TABLES - make CC=gcc CFLAGS='-Werror -Wall -Wextra' + make CFLAGS='-Werror -Wall -Wextra' msg "test: AES_ROM_TABLES" make test @@ -4880,7 +4880,7 @@ component_test_aes_fewer_tables_and_rom_tables () { msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" scripts/config.py set MBEDTLS_AES_FEWER_TABLES scripts/config.py set MBEDTLS_AES_ROM_TABLES - make CC=gcc CFLAGS='-Werror -Wall -Wextra' + make CFLAGS='-Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" make test @@ -5997,7 +5997,7 @@ component_build_zeroize_checks () { scripts/config.py full # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" + make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" } From d8d6451a6e372a29b3d7900fe5668efbe9e3c2de Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 19 Dec 2023 12:20:21 +0000 Subject: [PATCH 370/653] Add -O2 to some CFLAGS which were not setting it Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 242df52888..f6a0f10339 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4824,7 +4824,7 @@ component_test_aes_only_128_bit_keys () { scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH scripts/config.py unset MBEDTLS_PADLOCK_C - make CFLAGS='-Werror -Wall -Wextra' + make CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH" make test @@ -4849,7 +4849,7 @@ component_test_aes_only_128_bit_keys_have_builtins () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - make CFLAGS='-Werror -Wall -Wextra' + make CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" make test @@ -4861,7 +4861,7 @@ component_test_aes_only_128_bit_keys_have_builtins () { component_test_aes_fewer_tables () { msg "build: default config with AES_FEWER_TABLES enabled" scripts/config.py set MBEDTLS_AES_FEWER_TABLES - make CFLAGS='-Werror -Wall -Wextra' + make CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES" make test @@ -4870,7 +4870,7 @@ component_test_aes_fewer_tables () { component_test_aes_rom_tables () { msg "build: default config with AES_ROM_TABLES enabled" scripts/config.py set MBEDTLS_AES_ROM_TABLES - make CFLAGS='-Werror -Wall -Wextra' + make CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: AES_ROM_TABLES" make test @@ -4880,7 +4880,7 @@ component_test_aes_fewer_tables_and_rom_tables () { msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" scripts/config.py set MBEDTLS_AES_FEWER_TABLES scripts/config.py set MBEDTLS_AES_ROM_TABLES - make CFLAGS='-Werror -Wall -Wextra' + make CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" make test @@ -5295,7 +5295,7 @@ support_test_m32_everest () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s scripts/config.py full - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' + make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' msg "test: 64-bit ILP32, make, gcc" make test @@ -5323,7 +5323,7 @@ component_test_have_int32 () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' + make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' msg "test: gcc, force 32-bit bignum limbs" make test @@ -5335,7 +5335,7 @@ component_test_have_int64 () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' + make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' msg "test: gcc, force 64-bit bignum limbs" make test From d47186d6e3b9ce9d774d032d9a2db125a335525e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 19 Dec 2023 13:11:08 +0000 Subject: [PATCH 371/653] Disable automatic setting of clang target flags on old clang Old versions of clang don't support this pragma, so we have to assume that the user will have set the flags. Signed-off-by: Dave Rodgman --- library/aesni.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aesni.c b/library/aesni.c index 9da9f1b9ae..8e5bd55ab9 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -36,7 +36,7 @@ #pragma GCC push_options #pragma GCC target ("pclmul,sse2,aes") #define MBEDTLS_POP_TARGET_PRAGMA -#elif defined(__clang__) +#elif defined(__clang__) && (__clang_major__ >= 5) #pragma clang attribute push (__attribute__((target("pclmul,sse2,aes"))), apply_to=function) #define MBEDTLS_POP_TARGET_PRAGMA #endif From bc8e61d962b5a8cca65d6c29359ac4fadd8d07c1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 19 Dec 2023 14:07:15 +0000 Subject: [PATCH 372/653] Use gcc in test_full_deprecated_warning Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f6a0f10339..5fbb7a355f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2207,14 +2207,16 @@ component_test_full_deprecated_warning () { scripts/config.py full scripts/config.py set MBEDTLS_DEPRECATED_WARNING # Expect warnings from '#warning' directives in check_config.h. - make CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs + # Note that gcc is required to allow the use of -Wno-error=cpp, which allows us to + # display #warning messages without them being treated as errors. + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. # Expect warnings from '#warning' directives in check_config.h and # from the use of deprecated functions in test suites. - make CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s make test From fc5b9553b2f8c7445d2467237024b4fe91ee5d1b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 19 Dec 2023 16:08:19 +0000 Subject: [PATCH 373/653] Don't use full path for setting CC Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5fbb7a355f..6ce8e93c0a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -191,7 +191,7 @@ pre_initialize_variables () { fi # if CC is not set, use clang by default (if present) to improve build times if [ -z "${CC+set}" ] && (type clang > /dev/null 2>&1); then - export CC=$(type -p clang) + export CC="clang" fi # Include more verbose output for failing tests run by CMake or make From c393222643a7dd7b9c138a5d2e61b8a133ad6b8e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 19 Dec 2023 17:51:51 +0000 Subject: [PATCH 374/653] Work around clang 3.8 bug Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6ce8e93c0a..06ef19cc63 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4994,11 +4994,15 @@ config_block_cipher_no_decrypt () { } component_test_block_cipher_no_decrypt_aesni () { + # This consistently causes an llvm crash on clang 3.8, so use gcc + export CC=gcc config_block_cipher_no_decrypt 0 common_block_cipher_no_decrypt } component_test_block_cipher_no_decrypt_aesni_use_psa () { + # This consistently causes an llvm crash on clang 3.8, so use gcc + export CC=gcc config_block_cipher_no_decrypt 1 common_block_cipher_no_decrypt } From 4a8ef7cd9b70463fcf6751278c2286e139d3597f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 19 Dec 2023 11:16:27 +0100 Subject: [PATCH 375/653] all.sh: disable legacy AES/ARIA/CAMELLIA in test_full_block_cipher_psa_dispatch This commit also: - rename the reference component as component_test_full_block_cipher_legacy_dispatch() - add a common configuration function, named common_block_cipher_dispatch() that is used from both accelerated and reference components Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 79 +++++++++++++++++++++++++------ tests/scripts/analyze_outcomes.py | 4 +- 2 files changed, 67 insertions(+), 16 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a8c11003a2..4a3f721466 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1159,19 +1159,6 @@ component_test_default_cmake_gcc_asan_new_bignum () { tests/context-info.sh } -# This is a common component testing the full config. Its purpose is to be used -# as the "reference" for driver's acceleration tests below when possible (this -# not always the case because some reference test require extra configuration -# in addition to the default one) -component_test_full_common_reference () { - msg "build: full config (common reference)" - helper_libtestdriver1_adjust_config "full" - make - - msg "test: full config (common reference)" - make test -} - component_test_full_cmake_gcc_asan () { msg "build: full config, cmake, gcc, ASan" scripts/config.py full @@ -3837,6 +3824,46 @@ component_test_psa_crypto_config_reference_cipher_aead () { tests/compat.sh -V NO -p mbedTLS } +common_block_cipher_dispatch() { + TEST_WITH_DRIVER="$1" + + # Start from the full config + helper_libtestdriver1_adjust_config "full" + + if [ "$TEST_WITH_DRIVER" -eq 1 ]; then + # Disable key types that are accelerated (there is no legacy equivalent + # symbol for ECB) + scripts/config.py unset MBEDTLS_AES_C + scripts/config.py unset MBEDTLS_ARIA_C + scripts/config.py unset MBEDTLS_CAMELLIA_C + fi + + # Disable cipher's modes and AEADs that, when not accelerated, cause + # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h". + # Keep this also in the reference component in order to avoid re-enabling + # (in "config_adjust_legacy_from_psa.h") legacy cipher modes that were + # disabled in that component. + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM + + # Disable direct dependency on AES_C + scripts/config.py unset MBEDTLS_NIST_KW_C + + # Prevent the cipher module from using deprecated PSA path. The reason is + # that otherwise there will be tests relying on "aes_info" (defined in + # "cipher_wrap.c") whose functions are not available when AES_C is + # not defined. ARIA and Camellia are not a problem in this case because + # the PSA path is not tested for these key types. + scripts/config.py set MBEDTLS_DEPRECATED_REMOVED +} + component_test_full_block_cipher_psa_dispatch () { msg "build: full + PSA dispatch in block_cipher" @@ -3846,8 +3873,7 @@ component_test_full_block_cipher_psa_dispatch () { # Configure # --------- - # Start from the full config - helper_libtestdriver1_adjust_config "full" + common_block_cipher_dispatch 1 # Build # ----- @@ -3856,6 +3882,12 @@ component_test_full_block_cipher_psa_dispatch () { helper_libtestdriver1_make_main "$loc_accel_list" + # Make sure disabled components were not re-enabled by accident (additive + # config) + not grep mbedtls_aes_ library/aes.o + not grep mbedtls_aria_ library/aria.o + not grep mbedtls_camellia_ library/camellia.o + # Run the tests # ------------- @@ -3863,6 +3895,23 @@ component_test_full_block_cipher_psa_dispatch () { make test } +# This is the reference component of component_test_full_block_cipher_psa_dispatch +component_test_full_block_cipher_legacy_dispatch () { + msg "build: full + legacy dispatch in block_cipher" + + common_block_cipher_dispatch 0 + + # Disable cipher modes other than ECB as in the accelerated component. ECB + # does not have a configuration symbol and it's automatically enabled as + # long as underlying key types are. + scripts/config.py unset-all MBEDTLS_CIPHER_MODE + + make + + msg "test: full + legacy dispatch in block_cipher" + make test +} + component_test_aead_chachapoly_disabled() { msg "build: full minus CHACHAPOLY" scripts/config.py full diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index cb0f3655ff..085ba7a515 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -537,9 +537,11 @@ KNOWN_TASKS = { 'analyze_block_cipher_dispatch': { 'test_function': do_analyze_driver_vs_reference, 'args': { - 'component_ref': 'test_full_common_reference', + 'component_ref': 'test_full_block_cipher_legacy_dispatch', 'component_driver': 'test_full_block_cipher_psa_dispatch', 'ignored_suites': [ + # Skipped in the accelerated component + 'aes', 'aria', 'camellia', ], 'ignored_tests': { 'test_suite_platform': [ From 50333977c613c9190307050bbede116555935ea9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 19 Dec 2023 11:17:14 +0100 Subject: [PATCH 376/653] cipher_wrap: fix guards for alloc/free functions of CCM/GCM Signed-off-by: Valerio Setti --- library/cipher_wrap.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index c173899cbc..5be9799fce 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -114,7 +114,9 @@ enum mbedtls_cipher_base_index { MBEDTLS_CIPHER_BASE_PREVENT_EMPTY_ENUM }; -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_GCM_C) && \ + (defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA) || \ + defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)) /* shared by all GCM ciphers */ static void *gcm_ctx_alloc(void) { @@ -134,7 +136,9 @@ static void gcm_ctx_free(void *ctx) } #endif /* MBEDTLS_GCM_C */ -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_CCM_C) && \ + (defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA) || \ + defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)) /* shared by all CCM ciphers */ static void *ccm_ctx_alloc(void) { From bfa675fe480e2e75bada7c67f058c87567d2bf40 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 09:52:08 +0100 Subject: [PATCH 377/653] adjust_legacy_crypto: add macros for CCM/GCM capabilities with key types Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index a926550bed..e64a4b14d0 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -224,6 +224,22 @@ #define MBEDTLS_BLOCK_CIPHER_C #endif +/* Helpers for GCM/CCM capabilities */ +#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_AES)) +#define MBEDTLS_CCM_GCM_CAN_AES +#endif + +#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_ARIA_C)) || \ + (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA)) +#define MBEDTLS_CCM_GCM_CAN_ARIA +#endif + +#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_CAMELLIA_C)) || \ + (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA)) +#define MBEDTLS_CCM_GCM_CAN_CAMELLIA +#endif + /* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols: * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for From 689c0f71cb83abd22aef5a911145ed667015df88 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 09:53:39 +0100 Subject: [PATCH 378/653] tests: use new CCM/GCM capability macros in tests Signed-off-by: Valerio Setti --- include/mbedtls/ccm.h | 2 +- library/ccm.c | 2 +- library/gcm.c | 2 +- tests/suites/test_suite_ccm.data | 860 ++++++++++----------- tests/suites/test_suite_ccm.function | 4 +- tests/suites/test_suite_gcm.aes128_de.data | 368 ++++----- tests/suites/test_suite_gcm.aes128_en.data | 368 ++++----- tests/suites/test_suite_gcm.aes192_de.data | 340 ++++---- tests/suites/test_suite_gcm.aes192_en.data | 340 ++++---- tests/suites/test_suite_gcm.aes256_de.data | 340 ++++---- tests/suites/test_suite_gcm.aes256_en.data | 340 ++++---- tests/suites/test_suite_gcm.camellia.data | 108 +-- tests/suites/test_suite_gcm.function | 2 +- 13 files changed, 1538 insertions(+), 1538 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 018db64b66..1da57c921b 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -509,7 +509,7 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx, int mbedtls_ccm_finish(mbedtls_ccm_context *ctx, unsigned char *tag, size_t tag_len); -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_CCM_GCM_CAN_AES) /** * \brief The CCM checkup routine. * diff --git a/library/ccm.c b/library/ccm.c index 392ceb84bf..953c419306 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -628,7 +628,7 @@ int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, } #endif /* !MBEDTLS_CCM_ALT */ -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_CCM_GCM_CAN_AES) /* * Examples 1 to 3 from SP800-38C Appendix C */ diff --git a/library/gcm.c b/library/gcm.c index ac6b945305..20d55c0a89 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -659,7 +659,7 @@ void mbedtls_gcm_free(mbedtls_gcm_context *ctx) #endif /* !MBEDTLS_GCM_ALT */ -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_CCM_GCM_CAN_AES) /* * AES-GCM test vectors from: * diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index caf9a742d9..22150f7a71 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -2,15 +2,15 @@ CCM self test mbedtls_ccm_self_test: CCM init #1 AES-128: OK -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0 CCM init #2 CAMELLIA-256: OK -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_CAMELLIA:256:0 CCM init #3 AES-224: bad key size -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CCM_BAD_INPUT CCM init #4 DES: bad block size @@ -55,1709 +55,1709 @@ CCM* fixed tag lengths #2 all OK - tag length 0 ccm_star_lengths:5:10:5:0:0 CCM* encrypt and tag #1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_star_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"":"ACDE480000000001":"00000005":2:"08D0842143010000000048DEAC020500000055CF000051525354":"223BC1EC841AB553":0 CCM* encrypt and tag #2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_star_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"61626364":"ACDE480000000001":"00000005":4:"69DC842143020000000048DEAC010000000048DEAC0405000000":"D43E022B":0 CCM* encrypt and tag #3 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_star_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"CE":"ACDE480000000001":"00000005":6:"2BDC842143020000000048DEACFFFF010000000048DEAC060500000001":"D84FDE529061F9C6F1":0 CCM* auth decrypt tag #1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_star_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"223BC1EC841AB553":"ACDE480000000001":"00000005":2:"08D0842143010000000048DEAC020500000055CF000051525354":"":0 CCM* auth decrypt tag #2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_star_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"D43E022B":"ACDE480000000001":"00000005":4:"69DC842143020000000048DEAC010000000048DEAC0405000000":"61626364":0 CCM* auth decrypt tag #3 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_star_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"D84FDE529061F9C6F1":"ACDE480000000001":"00000005":6:"2BDC842143020000000048DEACFFFF010000000048DEAC060500000001":"CE":0 CCM encrypt and tag RFC 3610 #1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"00000003020100A0A1A2A3A4A5":"0001020304050607":"588C979A61C663D2F066D0C2C0F989806D5F6B61DAC38417E8D12CFDF926E0" CCM encrypt and tag RFC 3610 #2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"00000004030201A0A1A2A3A4A5":"0001020304050607":"72C91A36E135F8CF291CA894085C87E3CC15C439C9E43A3BA091D56E10400916" CCM encrypt and tag RFC 3610 #3 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20":"00000005040302A0A1A2A3A4A5":"0001020304050607":"51B1E5F44A197D1DA46B0F8E2D282AE871E838BB64DA8596574ADAA76FBD9FB0C5" CCM encrypt and tag RFC 3610 #4 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E":"00000006050403A0A1A2A3A4A5":"000102030405060708090A0B":"A28C6865939A9A79FAAA5C4C2A9D4A91CDAC8C96C861B9C9E61EF1" CCM encrypt and tag RFC 3610 #5 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E1F":"00000007060504A0A1A2A3A4A5":"000102030405060708090A0B":"DCF1FB7B5D9E23FB9D4E131253658AD86EBDCA3E51E83F077D9C2D93" CCM encrypt and tag RFC 3610 #6 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E1F20":"00000008070605A0A1A2A3A4A5":"000102030405060708090A0B":"6FC1B011F006568B5171A42D953D469B2570A4BD87405A0443AC91CB94" CCM encrypt and tag RFC 3610 #7 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"00000009080706A0A1A2A3A4A5":"0001020304050607":"0135D1B2C95F41D5D1D4FEC185D166B8094E999DFED96C048C56602C97ACBB7490" CCM encrypt and tag RFC 3610 #8 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"0000000A090807A0A1A2A3A4A5":"0001020304050607":"7B75399AC0831DD2F0BBD75879A2FD8F6CAE6B6CD9B7DB24C17B4433F434963F34B4" CCM encrypt and tag RFC 3610 #9 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20":"0000000B0A0908A0A1A2A3A4A5":"0001020304050607":"82531A60CC24945A4B8279181AB5C84DF21CE7F9B73F42E197EA9C07E56B5EB17E5F4E" CCM encrypt and tag RFC 3610 #10 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E":"0000000C0B0A09A0A1A2A3A4A5":"000102030405060708090A0B":"07342594157785152B074098330ABB141B947B566AA9406B4D999988DD" CCM encrypt and tag RFC 3610 #11 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E1F":"0000000D0C0B0AA0A1A2A3A4A5":"000102030405060708090A0B":"676BB20380B0E301E8AB79590A396DA78B834934F53AA2E9107A8B6C022C" CCM encrypt and tag RFC 3610 #12 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E1F20":"0000000E0D0C0BA0A1A2A3A4A5":"000102030405060708090A0B":"C0FFA0D6F05BDB67F24D43A4338D2AA4BED7B20E43CD1AA31662E7AD65D6DB" CCM encrypt and tag RFC 3610 #13 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8E78CF7CB0CDDD7B3" CCM encrypt and tag RFC 3610 #14 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"9020EA6F91BDD85AFA0039BA4BAFF9BFB79C7028949CD0EC":"0033568EF7B2633C9696766CFA":"63018F76DC8A1BCB":"4CCB1E7CA981BEFAA0726C55D378061298C85C92814ABC33C52EE81D7D77C08A" CCM encrypt and tag RFC 3610 #15 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"B916E0EACC1C00D7DCEC68EC0B3BBB1A02DE8A2D1AA346132E":"00103FE41336713C9696766CFA":"AA6CFA36CAE86B40":"B1D23A2220DDC0AC900D9AA03C61FCF4A559A4417767089708A776796EDB723506" CCM encrypt and tag RFC 3610 #16 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"12DAAC5630EFA5396F770CE1A66B21F7B2101C":"00764C63B8058E3C9696766CFA":"D0D0735C531E1BECF049C244":"14D253C3967B70609B7CBB7C499160283245269A6F49975BCADEAF" CCM encrypt and tag RFC 3610 #17 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"E88B6A46C78D63E52EB8C546EFB5DE6F75E9CC0D":"00F8B678094E3B3C9696766CFA":"77B60F011C03E1525899BCAE":"5545FF1A085EE2EFBF52B2E04BEE1E2336C73E3F762C0C7744FE7E3C" CCM encrypt and tag RFC 3610 #18 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"6435ACBAFB11A82E2F071D7CA4A5EBD93A803BA87F":"00D560912D3F703C9696766CFA":"CD9044D2B71FDB8120EA60C0":"009769ECABDF48625594C59251E6035722675E04C847099E5AE0704551" CCM encrypt and tag RFC 3610 #19 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"8A19B950BCF71A018E5E6701C91787659809D67DBEDD18":"0042FFF8F1951C3C9696766CFA":"D85BC7E69F944FB8":"BC218DAA947427B6DB386A99AC1AEF23ADE0B52939CB6A637CF9BEC2408897C6BA" CCM encrypt and tag RFC 3610 #20 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"1761433C37C5A35FC1F39F406302EB907C6163BE38C98437":"00920F40E56CDC3C9696766CFA":"74A0EBC9069F5B37":"5810E6FD25874022E80361A478E3E9CF484AB04F447EFFF6F0A477CC2FC9BF548944" CCM encrypt and tag RFC 3610 #21 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"A434A8E58500C6E41530538862D686EA9E81301B5AE4226BFA":"0027CA0C7120BC3C9696766CFA":"44A3AA3AAE6475CA":"F2BEED7BC5098E83FEB5B31608F8E29C38819A89C8E776F1544D4151A4ED3A8B87B9CE" CCM encrypt and tag RFC 3610 #22 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"B96B49E21D621741632875DB7F6C9243D2D7C2":"005B8CCBCD9AF83C9696766CFA":"EC46BB63B02520C33C49FD70":"31D750A09DA3ED7FDDD49A2032AABF17EC8EBF7D22C8088C666BE5C197" CCM encrypt and tag RFC 3610 #23 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"E2FCFBB880442C731BF95167C8FFD7895E337076":"003EBE94044B9A3C9696766CFA":"47A65AC78B3D594227E85E71":"E882F1DBD38CE3EDA7C23F04DD65071EB41342ACDF7E00DCCEC7AE52987D" CCM encrypt and tag RFC 3610 #24 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"ABF21C0B02FEB88F856DF4A37381BCE3CC128517D4":"008D493B30AE8B3C9696766CFA":"6E37A6EF546D955D34AB6059":"F32905B88A641B04B9C9FFB58CC390900F3DA12AB16DCE9E82EFA16DA62059" CCM encrypt and tag AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" CCM encrypt and tag NIST VTT AES-128 #1 (P=24, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"43b1a6bc8d0d22d6d1ca95c18593cca5":"a2b381c7d1545c408fe29817a21dc435a154c87256346b05":"9882578e750b9682c6ca7f8f86":"2084f3861c9ad0ccee7c63a7e05aece5db8b34bd8724cc06b4ca99a7f9c4914f":"cc69ed76985e0ed4c8365a72775e5a19bfccc71aeb116c85a8c74677" CCM encrypt and tag NIST VTT AES-128 #2 (P=24, N=13, A=32, T=6) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"44e89189b815b4649c4e9b38c4275a5a":"8db6ae1eb959963931d1c5224f29ef50019d2b0db7f5f76f":"374c83e94384061ac01963f88d":"cd149d17dba7ec50000b8c5390d114697fafb61025301f4e3eaa9f4535718a08":"df952dce0f843374d33da94c969eff07b7bc2418ca9ee01e32bc2ffa8600" CCM encrypt and tag NIST VTT AES-128 #3 (P=24, N=13, A=32, T=8) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"368f35a1f80eaaacd6bb136609389727":"1cccd55825316a94c5979e049310d1d717cdfb7624289dac":"842a8445847502ea77363a16b6":"34396dfcfa6f742aea7040976bd596497a7a6fa4fb85ee8e4ca394d02095b7bf":"1a58094f0e8c6035a5584bfa8d1009c5f78fd2ca487ff222f6d1d897d6051618" CCM encrypt and tag NIST VTT AES-128 #4 (P=24, N=13, A=32, T=10) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"996a09a652fa6c82eae8be7886d7e75e":"84cdd7380f47524b86168ed95386faa402831f22045183d0":"a8b3eb68f205a46d8f632c3367":"c71620d0477c8137b77ec5c72ced4df3a1e987fd9af6b5b10853f0526d876cd5":"a7fbf9dd1b099ed3acf6bcbd0b6f7cae57bee99f9d084f826d86e69c07f053d1a607" CCM encrypt and tag NIST VTT AES-128 #5 (P=24, N=13, A=32, T=12) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3ee186594f110fb788a8bf8aa8be5d4a":"d71864877f2578db092daba2d6a1f9f4698a9c356c7830a1":"44f705d52acf27b7f17196aa9b":"2c16724296ff85e079627be3053ea95adf35722c21886baba343bd6c79b5cb57":"b4dd74e7a0cc51aea45dfb401a41d5822c96901a83247ea0d6965f5aa6e31302a9cc2b36" CCM encrypt and tag NIST VTT AES-128 #6 (P=24, N=13, A=32, T=14) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7b2d52a5186d912cf6b83ace7740ceda":"ea384b081f60bb450808e0c20dc2914ae14a320612c3e1e8":"f47be3a2b019d1beededf5b80c":"76cf3522aff97a44b4edd0eef3b81e3ab3cd1ccc93a767a133afd508315f05ed":"79070f33114a980dfd48215051e224dfd01471ac293242afddb36e37da1ee8a88a77d7f12cc6" CCM encrypt and tag NIST VTT AES-128 #7 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4189351b5caea375a0299e81c621bf43":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9" CCM encrypt and tag NIST VTT AES-192 #1 (P=24, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"11fd45743d946e6d37341fec49947e8c70482494a8f07fcc":"ee7e6075ba52846de5d6254959a18affc4faf59c8ef63489":"c6aeebcb146cfafaae66f78aab":"7dc8c52144a7cb65b3e5a846e8fd7eae37bf6996c299b56e49144ebf43a1770f":"137d9da59baf5cbfd46620c5f298fc766de10ac68e774edf1f2c5bad" CCM encrypt and tag NIST VTT AES-192 #2 (P=24, N=13, A=32, T=6) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"146a163bbf10746e7c1201546ba46de769be23f9d7cc2c80":"473b6600559aefb67f7976f0a5cc744fb456efd86f615648":"f5827e51707d8d64bb522985bb":"599b12ebd3347a5ad098772c44c49eed954ec27c3ba6206d899ddaabca23a762":"26d2be30e171439d54a0fec291c6024d1de09d61b44f53258ba1360406f9" CCM encrypt and tag NIST VTT AES-192 #3 (P=24, N=13, A=32, T=8) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"bdf277af2226f03ec1a0ba7a8532ade6aea9b3d519fe2d38":"0ff89eff92a530b66684cd75a39481e7e069a7d05e89b692":"cc3c596be884e7caed503315c0":"4d6546167b3ed55f01c62bd384e02e1039c0d67ef7abe33291fecb136272f73b":"6ef66a52c866bd5df20ec5096de92167ad83cab0e095ad0c778a299f1224f10c" CCM encrypt and tag NIST VTT AES-192 #4 (P=24, N=13, A=32, T=10) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"62f8eba1c2c5f66215493a6fa6ae007aae5be92f7880336a":"f5522e3405d9b77cbf3257db2b9675e618e8744a0ee03f0f":"15769753f503aa324f4b0e8ee0":"1bc05440ee3e34d0f25e90ca1ecbb555d0fb92b311621d171be6f2b719923d23":"b9103942dbbb93e15086751c9bb0a3d33112b55f95b7d4f32ff0bb90a8879812683f" CCM encrypt and tag NIST VTT AES-192 #5 (P=24, N=13, A=32, T=12) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5a5667197f46b8027980d0a3166c0a419713d4df0629a860":"d0e4024d6e33daafc011fe463545ed20f172872f6f33cefa":"6236b01079d180fce156fbaab4":"29bdf65b29394d363d5243d4249bad087520f8d733a763daa1356be458d487e5":"479f3d408bfa00d1cd1c8bf11a167ce7ae4bcdb011f04e38733013b8ebe5e92b1917640c" CCM encrypt and tag NIST VTT AES-192 #6 (P=24, N=13, A=32, T=14) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d2d4482ea8e98c1cf309671895a16610152ce283434bca38":"78168e5cc3cddf4b90d5bc11613465030903e0196f1fe443":"6ee177d48f59bd37045ec03731":"9ef2d0d556d05cf9d1ee9dab9b322a389c75cd4e9dee2c0d08eea961efce8690":"e2324a6d5643dfc8aea8c08cbbc245494a3dcbcb800c797c3abcdb0563978785bf7fd71c6c1f" CCM encrypt and tag NIST VTT AES-192 #7 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a7177fd129674c6c91c1c89f4408139afe187026b8114893":"2cea0f7304860a4f40a28c8b890db60f3891b9982478495e":"31bb28f0e1e63c36ca3959dd18":"2529a834668187213f5342a1f3deea0dc2765478c7d71c9c21b9eb1351a5f6cb":"5bb7aa6ab9c02a5712d62343fbe61f774e598d6b87545612380ea23dcffc9574f672bca92e306411" CCM encrypt and tag NIST VTT AES-256 #1 (P=24, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9074b1ae4ca3342fe5bf6f14bcf2f27904f0b15179d95a654f61e699692e6f71":"239029f150bccbd67edbb67f8ae456b4ea066a4beee065f9":"2e1e0132468500d4bd47862563":"3c5f5404370abdcb1edde99de60d0682c600b034e063b7d3237723da70ab7552":"9c8d5dd227fd9f81237601830afee4f0115636c8e5d5fd743cb9afed" CCM encrypt and tag NIST VTT AES-256 #2 (P=24, N=13, A=32, T=6) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8596a69890b0e47d43aeeca54b52029331da06fae63aa3249faaca94e2605feb":"f0b065da6ecb9ddcab855152d3b4155037adfa758ba96070":"20442e1c3f3c88919c39978b78":"4e0d3aa502bd03fe1761b167c4e0df1d228301d3ebaa4a0281becd813266e255":"d6a0f377f7c1b14dcdba729cae5271b027e71cc7850173ec265867a29eb3" CCM encrypt and tag NIST VTT AES-256 #3 (P=24, N=13, A=32, T=8) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"bae73483de27b581a7c13f178a6d7bda168c1b4a1cb9180512a13e3ab914eb61":"28ef408d57930086011b167ac04b866e5b58fe6690a0b9c3":"daf54faef6e4fc7867624b76f2":"7022eaa52c9da821da72d2edd98f6b91dfe474999b75b34699aeb38465f70c1c":"356367c6cee4453658418d9517f7c6faddcd7c65aef460138cf050f48c505151" CCM encrypt and tag NIST VTT AES-256 #4 (P=24, N=13, A=32, T=10) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d5b321b0ac2fedce0933d57d12195c7b9941f4caa95529125ed21c41fac43374":"6aa6ea668df60b0db85592d0a819c9df9e1099916272aafb":"b35fb2262edfa14938a0fba03e":"ba762bbda601d711e2dfc9dbe3003d39df1043ca845612b8e9dc9ff5c5d06ec4":"97027de5effd82c58f8dbfb909d7696fbe2d54916262912001a4d765bc1c95c90a95" CCM encrypt and tag NIST VTT AES-256 #5 (P=24, N=13, A=32, T=12) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7f4af6765cad1d511db07e33aaafd57646ec279db629048aa6770af24849aa0d":"7ebef26bf4ecf6f0ebb2eb860edbf900f27b75b4a6340fdb":"dde2a362ce81b2b6913abc3095":"404f5df97ece7431987bc098cce994fc3c063b519ffa47b0365226a0015ef695":"353022db9c568bd7183a13c40b1ba30fcc768c54264aa2cd2927a053c9244d3217a7ad05" CCM encrypt and tag NIST VTT AES-256 #6 (P=24, N=13, A=32, T=14) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5c8b59d3e7986c277d5ad51e4a2233251076809ebf59463f47cd10b4aa951f8c":"138ee53b1914d3322c2dd0a4e02faab2236555131d5eea08":"21ff892b743d661189e205c7f3":"f1e0af185180d2eb63e50e37ba692647cac2c6a149d70c81dbd34685ed78feaa":"5b2f3026f30fdd50accc40ddd093b7997f23d7c6d3c8bc425f82c828413643b8794494cb5236" CCM encrypt and tag NIST VTT AES-256 #7 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"60823b64e0b2da3a7eb772bd5941c534e6ff94ea96b564e2b38f82c78bb54522":"a8be794613835c4366e75817d228438f011a2ec8a86f9797":"48526f1bffc97dd65e42906983":"fab62b3e5deda7a9c1128663cc81c44b74ab1bfe70bc1c9dec7c7fd08173b80a":"cc3efe04d84a4ec5cb6a6c28dc2c2d386a359d9550dbdec963ddd56464aed6d0613159d1aa181dcb" CCM encrypt and tag NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2ebf60f0969013a54a3dedb19d20f6c8":"":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880" CCM encrypt and tag NIST VPT AES-128 #2 (P=1, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6ae7a8e907b8720f4b0d5507c1d0dc41":"0e":"7f18ad442e536a0159e7aa8c0f":"9c9b0f11e020c6512a63dfa1a5ec8df8bd8e2ad83cf87b80b38635621c5dc0d7":"4c201784bdab19e255787fecd02000c49d" CCM encrypt and tag NIST VPT AES-128 #3 (P=2, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3d746ae6cac5cefd01f021c0bbf4bc3c":"4360":"597b3614ff9cd567afd1aad4e5":"90446190e1ff5e48e8a09d692b217de3ad0ab4a670e7f1b437f9c07a902cad60":"e38fdb77c1f8bbac2903a2ec7bc0f9c5654d" CCM encrypt and tag NIST VPT AES-128 #4 (P=3, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3e4fa1c6f8b00f1296956735ee86e310":"3a6734":"c6a170936568651020edfe15df":"00d57896da2435a4271afb9c98f61a650e63a4955357c47d073c5165dd4ea318":"384be657bfc5f385b179be7333eb3f57df546b" CCM encrypt and tag NIST VPT AES-128 #5 (P=4, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7ccbb8557f6e08f436d0957d4bbe7fdf":"4cabeb02":"bb8e2ef2ed9484f9021cda7073":"fba1d18a74a3bb38671ab2842ffaa434cd572a0b45320e4145930b3008d8d350":"32501f4235c4dd96e83d5ab4c3c31c523453c317" CCM encrypt and tag NIST VPT AES-128 #6 (P=5, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3725c7905bfaca415908c617b78f8dee":"f5499a7082":"c98ec4473e051a4d4ac56fd082":"11bc87f1c2d2076ba47c5cb530dd6c2a224f7a0f7f554e23d7d29077c7787680":"e378b776242066751af249d521c6eaebdff40b2642" CCM encrypt and tag NIST VPT AES-128 #7 (P=6, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"80bead98a05d1bb173cd4fca463b8fa3":"e479990bf082":"8a14a6d255aa4032ebff37a3d7":"bb4e706e73d21df66f64173859d47e247527cd9832e20dccff8548ed5f554108":"89c9246238878427f36b1f6c633e4542f32b50ca8edb" CCM encrypt and tag NIST VPT AES-128 #8 (P=7, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"dc8ec91184ba18eae31ac2d3b252673f":"2a5775986551c8":"0da4c988f521f5648259f2bec2":"6d5573c9279897d7d1602d8a95c04bb5ca3fad2dbe89a024b3651eb227e73bb5":"4f259f2a718faea852a7c4358dfa9f5467357638acac90" CCM encrypt and tag NIST VPT AES-128 #9 (P=8, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"19f97ef5318b8005fc7133fa31dd1236":"6d972a673fbe1ca1":"01ce9814c6329dbee1d02b1321":"85853f120981f33cf1d50fde6b8bc865fe988a9f12579acdb336f9f992b08b89":"2f12a7e7acecae5d2563309efc19368cdee8266538ca89d3" CCM encrypt and tag NIST VPT AES-128 #10 (P=9, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c17944bfaeeb808eed66ae7242ab545f":"7caae2640e734539d3":"910b3db64df3728ca98219e01b":"edf64f98b3ab593cbcf68ab37a8c9472e49cb849d4a744deae925a5a43faf262":"0dae8b3ccf0b439f6ff8ee4a233dfb7753f6bfe321b3e26959" CCM encrypt and tag NIST VPT AES-128 #11 (P=10, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0fb9df6f638847f5de371f003dd938f4":"e10cc36bc1c5d3c646ab":"c9ddf61c052f3502ad6b229819":"4f9938d5bc3dcbe47f6b256d5e99723d0891e50c6175aba41b011e4686113c49":"7f797367de50be6dc04e4cf0d8c24189affd35060cb7ca3dd136" CCM encrypt and tag NIST VPT AES-128 #12 (P=11, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"006ff7d3153caf906ec7929f5aef9276":"31be1b241cae79c54c2446":"57db1541a185bd9cdc34d62025":"7d9681cac38e778fba11f4464f69ed9ebfea31b7ffcaf2925b3381c65d975974":"9dd8a4244fbdb30b624578a625c43233476bbb959acd9edebe2883" CCM encrypt and tag NIST VPT AES-128 #13 (P=12, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"026331e98aba9e8c23a9e8a91d0b0c97":"a82200ef3a08c390dec5cbf9":"bccfe69bba168b81cbdf7d018a":"26e011143a686a7224ddb8c5b1e5d31713fa22c386785e2c34f498ae56d07ed5":"adf4fc6f9be113066c09248fcb56a9c1a1c3bb16fbb9fbaedacdb12b" CCM encrypt and tag NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa":"89f15b1cb665a8851da03b874ca6f73242f2f227350c0277e4e72cdaa6" CCM encrypt and tag NIST VPT AES-128 #15 (P=14, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7301c907b9d2aaac355c5416ff25c59b":"484300aa3a506afcd313b49ead8d":"7304b65b6dab466273862c88b9":"2c5d114eff62c527cc2e03c33c595a80fe609bfc0fe13ce3380efe05d85cceac":"928ca58b0d373dc50c52afac787ce8eeb5d5b493661259a9d91ea31a5f7e" CCM encrypt and tag NIST VPT AES-128 #16 (P=15, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"38be46d271bf868c198052391f8a2147":"61bd1385be92097e866550a55278f0":"6758f67db9bfea5f0e0972e08b":"c6de3be97f11d0e2ab85c9353b783f25b37366a78a2012cecf5b7a87138b3c86":"7c9fa8d99b38f825315ece6a2613f55e902f296dcce870263ae50cda4fadae" CCM encrypt and tag NIST VPT AES-128 #17 (P=16, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"70010ed90e6186ecad41f0d3c7c42ff8":"be322f58efa7f8c68a635e0b9cce77f2":"a5f4f4986e98472965f5abcc4b":"3fec0e5cc24d67139437cbc8112414fc8daccd1a94b49a4c76e2d39303547317":"8e4425ae573974f0f0693a188b525812eef08e3fb15f4227e0d989a4d587a8cf" CCM encrypt and tag NIST VPT AES-128 #18 (P=17, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"79eae5baddc5887bdf3031fd1d65085b":"001343e6191f5f1738e7d19d4eec2b9592":"9da59614535d1fad35f2ece00f":"46603500af9e4e7a2f9545411a58b21a6efd21f2b5f315d02d964c09270145b3":"2162e27bfbf1d00f2404754a254665fd9270f0edb415993588b2535e2e0e4fd086" CCM encrypt and tag NIST VPT AES-128 #19 (P=18, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c14eda0f958465246fe6ab541e5dfd75":"617868ae91f705c6b583b5fd7e1e4086a1bb":"32b63ca7e269223f80a56baaaa":"733f8e7670de3446016916510dfe722ce671570121d91331a64feb3d03f210e6":"b2dc1e548b3d3f225a34082f4391980a0788b4cc36852fd64a423fb8e872252b248e" CCM encrypt and tag NIST VPT AES-128 #20 (P=19, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c5e7147f56ba4530b8799ababeb82772":"2f3bf0b566440912a1e47a0c07f1cfd39cb440":"bdd38e173fb20b981659c597d6":"3a069a2bfda44abbb0a82a97e5e9047258c803da2c66190d77149e0f010b3af9":"bd6265dcba9e14c59e515e395dc60bd053345fa6d7568c738e3a7fdf142d8f2d1562c0" CCM encrypt and tag NIST VPT AES-128 #21 (P=20, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"78c46e3249ca28e1ef0531d80fd37c12":"4802422c9b3b4459ba26e7863ad87b0c172cfe4b":"5de41a86ce3f3fb1b685b3ca4d":"e98a77f2a941b36232589486b05f4278275588665a06d98aec98915cc5607e06":"daea2234ea433533bf0716abe1aa3844b6d3c51e9d5ca3d8ec5065630d2de0717cdeb7d5" CCM encrypt and tag NIST VPT AES-128 #22 (P=21, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8883002bf13b3a94b2467225970df938":"d516bbff452e7706c91c7ace3e9baa76d65ff7050f":"818a702d5c8ee973b34e9acda1":"545aeac737c0ca2a3d5e1fd966840c3a0d71e0301abbe99c7af18d24cc7e9633":"b85242fdc06344f2bd9a97b408902ebcd22aece3d42f2da4dd4d817c9fa2d44bc02163a0a9" CCM encrypt and tag NIST VPT AES-128 #23 (P=22, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5cea00ee44cfb9cfbb598d3812e380ef":"33bfd0713f30fcac8f7f95920ac6d9b803ddd5480dd8":"948788a9c8188cb988430a7ebd":"50422c5e6a0fb8231b3bb6e2f89607019be6ad92a4dae8e0fe3f9e486476004b":"b168747dea3ae0fbede4402af9a3dc3185d6d162f859d828101682de32923788c70262b84814" CCM encrypt and tag NIST VPT AES-128 #24 (P=23, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cb83f77751e72711401cbbf4f61aa0ed":"eede01b08f9a303cdf14c99d7a45732972c6eff2a1db06":"c0b461b2e15b8b116ef9281704":"2bd112231f903fa0dff085db48a2e2a96ec0199249b005d5ab4c2eab753f9ad0":"feb114b7bd3b43497b62454a675a632c3546d2802462c6af57647efda119c59862cd5dd3904efc" CCM encrypt and tag NIST VPT AES-128 #25 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"43c1142877d9f450e12d7b6db47a85ba":"b506a6ba900c1147c806775324b36eb376aa01d4c3eef6f5":"76becd9d27ca8a026215f32712":"6a59aacadd416e465264c15e1a1e9bfa084687492710f9bda832e2571e468224":"14b14fe5b317411392861638ec383ae40ba95fefe34255dc2ec067887114bc370281de6f00836ce4" CCM encrypt and tag NIST VPT AES-192 #1 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"086e2967cde99e90faaea8a94e168bf0e066c503a849a9f3":"":"929542cd690f1babcf1696cb03":"58f70bab24e0a6137e5cd3eb18656f2b5ccddc3f538a0000c65190e4a3668e71":"3bf9d93af6ffac9ac84cd3202d4e0cc8" CCM encrypt and tag NIST VPT AES-192 #2 (P=1, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"992d38768b11a236945bd4b327c3728fac24c091238b6553":"1c":"b248a90b84b0122a5ad8e12760":"27cabc40da0e1eda0ea5f8abbb7c179e30776250a7b30d711b0e106c5ee9d84a":"1a96f58c3f38c44d1a345f3e2da6679f20" CCM encrypt and tag NIST VPT AES-192 #3 (P=2, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5012db40ff6ae23c1e1ce43768c5936c4400b0e79ae77f30":"0c6c":"b67e500b35d60ad7264240027c":"40affd355416200191ba64edec8d7d27ead235a7b2e01a12662273deb36379b8":"c996ef3d6ef9f981557506ecc8797bbaaaa7" CCM encrypt and tag NIST VPT AES-192 #4 (P=3, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fa15cc7f0de294d7341b1fd79326c8be78e67822343c1992":"bcb898":"e5257aed2bda0495aa44591db4":"31a0338c3839931fa1dd5131cb796c4c6cfde9fb336d8a80ac35dec463be7a94":"68f08298d9a2147776dca9c1a42382bce323b2" CCM encrypt and tag NIST VPT AES-192 #5 (P=4, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b5330a8447d74a7987fb718cfae246b5c7e057991064eeaf":"b46b343e":"2ef29d62b40d8643848797cde8":"1225b036e6044df52314016760e92750de0936120395de750a2c54a7fa0cea82":"c2c39d6f9344e2de064f269d065a2a6108605916" CCM encrypt and tag NIST VPT AES-192 #6 (P=5, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"30419145ae966591b408c29e5fd14d9112542909be5363f7":"8ceaeb89fd":"27e6b2a482bbc6f13702005708":"e04e81e860daf9696098c723085d8023c240ebe7a643131e35359ab04bd650fe":"ec9d5ed36243ddf77b33d8cf2963ba76fd4e19f3c5" CCM encrypt and tag NIST VPT AES-192 #7 (P=6, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"748ad503388a34041a7bdae6361d57894357c333bacf02ca":"24d6880aed7e":"518b79d194579b19f2d8845b70":"691dd98f61fd213b0840ec5a6f06ef9a1420be0d59bde5e43546347a2a865a94":"270120f9634ec15536e21d961c675070ec4cff9037bc" CCM encrypt and tag NIST VPT AES-192 #8 (P=7, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b930cca30a3fd230c237c8f3cc6792d0c4084dff5c18d775":"2a755e362373ef":"7574802fd82fe96c05431acd40":"1cf83928b6a9e525fe578c5c0f40c322be71b3092239bff954dd6883738d6d71":"f06238b0450fd1f4b6cab1383adb420c4724aa7bdfefb7" CCM encrypt and tag NIST VPT AES-192 #9 (P=8, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"314c136999e41d137bd7ba17201a9fa406025868334e39b3":"4d54d8b06b204445":"65f7a0f4c0f5bba9d26f7e0ddb":"5c7ce4819b30b975ae6ce58dcc1bfa29a8b6dda8f4b76c7e23516487745e829c":"2baf90c490b11f9607482362ab3f157c42d0e9c6c5cffcf0" CCM encrypt and tag NIST VPT AES-192 #10 (P=9, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a19f6be062ec0aaf33046bd52734f3336c85d8368bef86ab":"13511ae5ff6c6860a1":"7f2d07f8169c5672b4df7f6cac":"d68d5f763db6111c5d6324d694cb0236beab877daae8115ecb75d60530777b58":"b3859b757802ebd048467fd8e139eb9ee8fcdca45ed87dc1c8" CCM encrypt and tag NIST VPT AES-192 #11 (P=10, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"de1c8263345081d2dfa9afdf37675971135e178df554a4d8":"f777aba1fa70f94e6de9":"a301bb82f91a582db01355c388":"9ad52c041390d0d4aaf65a4667c3239c95e7eae6178acc23fb4e70a852d483c6":"9d8bff6d2dcde77104ac6aba025abc01416a7ca9f096ab2529cb" CCM encrypt and tag NIST VPT AES-192 #12 (P=11, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"248d36bd15f58e47fcf1c948272355821f8492e6e69f3661":"33709d9c7906e2f82dd9e2":"9e8d492c304cf6ad59102bca0e":"9ec08c7ed6b70823d819e9ab019e9929249f966fdb2069311a0ddc680ac468f5":"9114d36b79b1918b2720f40cddce66df9b4802f737bea4bd8f5378" CCM encrypt and tag NIST VPT AES-192 #13 (P=12, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"77a67fb504b961028633321111aac2c30eb6d71a8cf72056":"10554c062d269ff6dcd98493":"acadc0330194906f8c75ac287f":"8c18486d52571f70f2ba6a747aaa3d4b3ebc2e481ee1b70907dddb94bdfa0ca6":"7f8b0cad79b545e5addf0b04ff4b0f2b2a5067283210aba8630d0306" CCM encrypt and tag NIST VPT AES-192 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0d423519e4110c06063061323f8c7c95387776b6ee4e4b6e":"4021ff104ff1dbd91e46db249f":"39abe53826d9b8e300fe747533":"cdd9bf1b4f865e922c678ec4947ea0cb02e78bd5c1538f33aeb818ad3f47e519":"7953d3cd66d093785d123f65ba37f16761dd6aedbfc789ad96edf1490d" CCM encrypt and tag NIST VPT AES-192 #15 (P=14, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a60cf7ceb62bf3118532bc61daa25ce946991047f951b536":"d64f9426febce6a84c954dd5ded5":"7499494faa44a7576f9ed5580d":"baa482c64eefd09118549a8968f44cfea7a436913a428e30aa4ab44802a4ba35":"f7580f17266d68237747bf57c7ed8242ac1a1979c5a9e7bc67d7698c7efa" CCM encrypt and tag NIST VPT AES-192 #16 (P=15, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"82d4bc9aac298b09112073277205e1bf42176d1e6339b76c":"25a53fd3e476dc0860eeeea25fcb0c":"70325ef19e581b743095cd5eb1":"6d14bb2635c5d0ae83687f1824279cf141173527e1b32d1baf8a27f7fe34a542":"4a1cfd0023557a184b929965b0a445cb3993ca35acf354cb2b4254ff672e7f" CCM encrypt and tag NIST VPT AES-192 #17 (P=16, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6873f1c6c30975aff6f08470264321130a6e5984ade324e9":"5051a0b0b6766cd6ea29a672769d40fe":"7c4d2f7cec04361f187f0726d5":"77743b5d83a00d2c8d5f7e10781531b496e09f3bc9295d7ae9799e64668ef8c5":"0ce5ac8d6b256fb7580bf6acc76426af40bce58fd4cd6548df90a0337c842004" CCM encrypt and tag NIST VPT AES-192 #18 (P=17, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3cf8da27d5be1af024158985f725fd7a6242cbe0041f2c17":"f6dd2c64bf597e63263ccae1c54e0805fe":"07f77f114d7264a122a7e9db4f":"30457e99616f0247f1339b101974ea231904d0ef7bd0d5ee9b57c6c16761a282":"ce3031c3a70600e9340b2ddfe56aa72cffdc5e53e68c51ee55b276eb3f85d2cf63" CCM encrypt and tag NIST VPT AES-192 #19 (P=18, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b46a3a24c66eb846ca6413c001153dc6998970c12e7acd5a":"56d18d3e2e496440d0a5c9e1bcb464faf5bc":"b79c33c96a0a90030694163e2a":"ea9405d6a46cac9783a7b48ac2e25cc9a3a519c4658b2a8770a37240d41587fb":"01baba2e0d5b49d600d03a7ed84ee878926c0ca478f40a6fbde01f584d938a1c91bf" CCM encrypt and tag NIST VPT AES-192 #20 (P=19, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7b71045ccef735bd0c5bea3cf3b7e16e58d9c62061a204e0":"890d05420d57e3b3d8dbef117fe60c3fa6a095":"2b9ecfd179242c295fe6c6fa55":"b89166f97deb9cc7fdeb63639eeafb145895b307749ec1a293b27115f3aa8232":"f842ff6662684de8785af275fa2d82d587de0687ebe35e883cbd53b82f2a4624c03894" CCM encrypt and tag NIST VPT AES-192 #21 (P=20, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"dc7c67715f2709e150cceff020aaacf88a1e7568191acbcf":"f383bd3e6270876b74abbb5d35e7d4f11d83412c":"da56ea046990c70fa216e5e6c4":"f799818d91be7bab555a2e39f1f45810a94d07179f94fe1151d95ab963c47611":"377b5df263c5c74f63603692cbb61ea37b6d686c743f71e15490ca41d245768988719ede" CCM encrypt and tag NIST VPT AES-192 #22 (P=21, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f41e369a1599627e76983e9a4fc2e963dab4960b09ebe390":"81ad3f386bedcbf656ff535c63580d1f87e3c72326":"68ef8285b90f28bcd3cb1bacea":"dbe3e82e49624d968f5463ceb8af189fb3ad8b3b4122142b110d848a286dae71":"9f6028153e06d14d30b862a99a35413413c04a49dc6f68a03a11cf00d58f062a7b36465d13" CCM encrypt and tag NIST VPT AES-192 #23 (P=22, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3289e59e3a7b29bf4a309afc253030bba4b9bdd64f0722f9":"53911a67b65738f87fc7c20d6db8044bde1af95838d1":"30259ce106e9bd7a8bacbaf212":"2870bd9a26c510e9a256920899bbc77a4eb9b53f927045a943d5ed6b13638cf3":"70cf37d4b6f7e707376b1574ce17c040b5143da47abb2fe9afafc2fccd98ccf63b0fdec30eac" CCM encrypt and tag NIST VPT AES-192 #24 (P=23, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"40f1aff2e44d05f12126097a0f07ac0359ba1a609356a4e6":"8d98c580fb366f330dbfda20f91d99a0878b47efd14c6d":"0df3fc6396f851785fca9aa5ff":"e9699b20b0574fce8b5cbc4ef792eb96e2c1cce36b1b1f06ea2a95fe300633cc":"579cdf9da62a2df471e03450516adb4ce99ae0f70b1776a39c3b429a1f922fac0b59e29a122e43" CCM encrypt and tag NIST VPT AES-192 #25 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"91f9d636a071c3aad1743137e0644a73de9e47bd76acd919":"4eaf9384cad976f65f98042d561d760b5a787330dc658f6c":"1bf491ac320d660eb2dd45c6c3":"3bdfd7f18d2b6d0804d779f0679aaa2d7d32978c2df8015ae4b758d337be81dd":"635530cab14e3d0a135bb6eebb5829412676e6dd4995f99cb7e17f235bd660e7e17b2c65320e9fd4" CCM encrypt and tag NIST VPT AES-256 #1 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c6c14c655e52c8a4c7e8d54e974d698e1f21ee3ba717a0adfa6136d02668c476":"":"291e91b19de518cd7806de44f6":"b4f8326944a45d95f91887c2a6ac36b60eea5edef84c1c358146a666b6878335":"ca482c674b599046cc7d7ee0d00eec1e" CCM encrypt and tag NIST VPT AES-256 #2 (P=1, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cc49d4a397887cb57bc92c8a8c26a7aac205c653ef4011c1f48390ad35f5df14":"1a":"6df8c5c28d1728975a0b766cd7":"080f82469505118842e5fa70df5323de175a37609904ee5e76288f94ca84b3c5":"a5f24e87a11a95374d4c190945bf08ef2f" CCM encrypt and tag NIST VPT AES-256 #3 (P=2, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"36b0175379e7ae19c277fe656a2252a82796309be0f0d4e1c07fdde88aca4510":"be80":"021bd8b551947be4c18cf1a455":"b5c6e8313b9c68e6bb84bffd65fa4108d243f580eab99bb80563ed1050c8266b":"ecacc3152e43d9efea26e16c1d1793e2a8c4" CCM encrypt and tag NIST VPT AES-256 #4 (P=3, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ddb739acda6c56ec9aefc4f4cbc258587f443da4e76ddfa85dbe0813a8784944":"db457c":"0bddf342121b82f906368b0d7b":"887486fff7922768186363ef17eb78e5cf2fab8f47a4eb327de8b16d63b02acb":"54473c3f65d6be431e79700378049ac06f2599" CCM encrypt and tag NIST VPT AES-256 #5 (P=4, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"62b82637e567ad27c3066d533ed76e314522ac5c53851a8c958ce6c64b82ffd0":"87294078":"5bc2896d8b81999546f88232ab":"fffb40b0d18cb23018aac109bf62d849adca42629d8a9ad1299b83fe274f9a63":"2bc22735ab21dfdcfe95bd83592fb6b4168d9a23" CCM encrypt and tag NIST VPT AES-256 #6 (P=5, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"bc29a16e19cfbe32bf4948e8e4484159bc819b7eec504e4441a1a98ca210e576":"3e8c6d1b12":"4f18bcc8ee0bbb80de30a9e086":"574931ae4b24bdf7e9217eca6ce2a07287999e529f6e106e3721c42dacf00f5d":"45f3795fcf9c66e1a43103d9a18f5fba5fab83f994" CCM encrypt and tag NIST VPT AES-256 #7 (P=6, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5f4b4f97b6aa48adb3336c451aac377fde4adf47897fd9ccdf139f33be76b18c":"1b62ad19dcac":"7a76eac44486afdb112fc4aab9":"a66c980f6621e03ff93b55d5a148615c4ad36d6cbdd0b22b173b4b1479fb8ff7":"4ad1fcf57c12b14e0e659a6305b4aeffae82f8a66c94" CCM encrypt and tag NIST VPT AES-256 #8 (P=7, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f7aaeff3a1dc0cc5ecf220c67ad9f6dda060b4f1be3cc609cb4f18b2342a88a2":"d48daa2919348d":"d0d6871b9adc8623ac63faf00f":"e97175c23c5b47da8ce67811c6d60a7499b3b7e1347ad860519285b67201fe38":"eb32ab153a8e092fa325bafc176a07c31e6cc0a852d288" CCM encrypt and tag NIST VPT AES-256 #9 (P=8, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"493e14623cd250058a7fc66a3fee0c24b6e363b966c2314aff53b276b6c2ea7b":"e5653e512d8b0b70":"fe2d8ae8da94a6df563f89ce00":"579a637e37a0974cd2fc3b735d9ed088e8e488ffe210f043e0f9d2079a015ad6":"75d31f8d47bee5c4e2ba537355ae8ab25cc9ed3511ff5053" CCM encrypt and tag NIST VPT AES-256 #10 (P=9, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b23255372455c69244a0210e6a9e13b155a5ec9d6d0900e54a8f4d9f7a255e3a":"615d724ae94a5daf8d":"274846196d78f0af2df5860231":"69adcae8a1e9a3f2fe9e62591f7b4c5b19d3b50e769521f67e7ea8d7b58d9fc8":"f019ae51063239287d896e7127f17d13f98013b420219eb877" CCM encrypt and tag NIST VPT AES-256 #11 (P=10, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"dbf06366f766e2811ecd5d4384d6d08336adc37e0824d620cf0d9e7fd1e7afa9":"2e3cf0af8c96c7b22719":"b3503ed4e277ed9769b20c10c0":"9ae5a04baa9d02c8854e609899c6240851cbc83f81f752bc04c71affa4eed385":"e317df43ab46eb31be7e76f2730d771d56099a0c8d2703d7a24e" CCM encrypt and tag NIST VPT AES-256 #12 (P=11, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4dd555bd3a5253a90b68b5d4d46bd050340ee07ddad3a72048c657b5d76bb207":"8015c0f07a7acd4b1cbdd2":"bdb1b82ba864893c2ee8f7426c":"9bcc5848e928ba0068f7a867e79e83a6f93593354a8bfcfc306aeeb9821c1da1":"8e9f80c726980b3d42e43a6512a0481255b729a10f9edb5f07c60c" CCM encrypt and tag NIST VPT AES-256 #13 (P=12, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d3ad8cda9a0d91a205c4c05665728bb255d50a83403c9ab9243fcbbe95ae7906":"a203aeb635e195bc33fd42fa":"0b5f69697eb1af24e8e6fcb605":"ea26ea68facdac3c75ba0cdf7b1ad703c9474af83b3fbfc58e548d776b2529b9":"62666297a809c982b50722bd56bc555899345e0404b2938edf33168e" CCM encrypt and tag NIST VPT AES-256 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e300fc7a5b96806382c35af5b2c2e8e26382751b59010d4b1cfc90a4a9cb06df":"8714eb9ecf8bdb13e919de40f9":"55b59eb434dd1ba3723ee0dc72":"9b1d85384cb6f47c0b13514a303d4e1d95af4c6442691f314a401135f07829ec":"ba6063824d314aa3cbab14b8c54c6520dac0f073856d9b9010b7857736" CCM encrypt and tag NIST VPT AES-256 #15 (P=14, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3ae5be5904bae62609ac525e2d1cad90133447573d7b608975a6a2b16cb2efc0":"959403e0771c21a416bd03f38983":"61bf06b9fa5a450d094f3ddcb5":"0245484bcd987787fe97fda6c8ffb6e7058d7b8f7064f27514afaac4048767fd":"37a346bc4909965c5497838251826385a52c68914e9d1f63fd297ee6e7ed" CCM encrypt and tag NIST VPT AES-256 #16 (P=15, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fab62b3e5deda7a9c1128663cc81c44b74ab1bfe70bc1c9dec7c7fd08173b80a":"54be71705e453177b53c92bbf2ab13":"a5c1b146c82c34b2e6ebeceb58":"5e60b02b26e2d5f752eb55ea5f50bb354a6f01b800cea5c815ff0030b8c7d475":"788db949697b8cd9abbc74ed9aa40cd6852dc829469368491149d6bb140071" CCM encrypt and tag NIST VPT AES-256 #17 (P=16, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ee8ce187169779d13e443d6428e38b38b55dfb90f0228a8a4e62f8f535806e62":"d15f98f2c6d670f55c78a06648332bc9":"121642c4218b391c98e6269c8a":"718d13e47522ac4cdf3f828063980b6d452fcdcd6e1a1904bf87f548a5fd5a05":"cc17bf8794c843457d899391898ed22a6f9d28fcb64234e1cd793c4144f1da50" CCM encrypt and tag NIST VPT AES-256 #18 (P=17, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7da6ef35ad594a09cb74daf27e50a6b30d6b4160cf0de41ee32bbf2a208b911d":"b0053d1f490809794250d856062d0aaa92":"98a32d7fe606583e2906420297":"217d130408a738e6a833931e69f8696960c817407301560bbe5fbd92361488b4":"a6341ee3d60eb34a8a8bc2806d50dd57a3f628ee49a8c2005c7d07d354bf80994d" CCM encrypt and tag NIST VPT AES-256 #19 (P=18, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0786706f680c27b792d054faa63f499a8e6b5ddb90502946235bf74c022d772c":"6a26677836d65bd0d35a027d278b2534e7df":"f61ef1c8c10a863efeb4a1de86":"67874c808600a27fcab34d6f69cc5c730831ad4589075dd82479823cb9b41dc3":"d1c1f3c60603359c7d6a707f05ecb2296f8e52f2210b7a798ad5c778ee7cfd7fe6e0" CCM encrypt and tag NIST VPT AES-256 #20 (P=19, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"bac55f9847d93325bf5071c220c0a3dfeb38f214292d47b4acb7b0a597fe056f":"c1a994dc198f5676ea85801cd27cc8f47267ec":"05b50c458adbba16c55fcc454d":"89ad6ae1e550975eaa916a62615e6b6a66366a17a7e06380a95ea5cdcc1d3302":"7c9b138177590edaafec4728c4663e77458ffbe3243faec177de4a2e4a293952073e43" CCM encrypt and tag NIST VPT AES-256 #21 (P=20, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8beedeb85d42c2a7fa6f7237b05acb197dd8e1672471ac878064fe5319eab876":"7b125c3b9612a8b554913d0384f4795c90cd387c":"8479bdfad28ebe781e9c01a3f6":"7aebdfd955d6e8a19a701d387447a4bdd59a9382156ab0c0dcd37b89419d6eff":"6cc611d816b18c6847b348e46a4119465104254a04e2dfeeeac9c3255f6227704848d5b2" CCM encrypt and tag NIST VPT AES-256 #22 (P=21, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c3a0c126cad581012151c25cf85a44472c23f83b6095b6004f4f32cd60ec2db2":"73b09d18554471309141aa33b687f9248b50fe3154":"94ab51ce75db8b046d6ab92830":"2a243246bfe5b5ab05f51bf5f401af52d5bbaa2549cf57a18e197597fe15dd8c":"b7e8264ca70fd2a4fb76f20a8ad5da3c37f5893fb12abeeaef1187f815ca481ed8ddd3dd37" CCM encrypt and tag NIST VPT AES-256 #23 (P=22, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9cdebaeee8690b68751070691f49593668a6de12d3a948b38ddbd3f75218b2d4":"3cbb08f133270e4454bcaaa0f20f6d63c38b6572e766":"af1a97d43151f5ea9c48ad36a3":"f5353fb6bfc8f09d556158132d6cbb97d9045eacdc71f782bcef62d258b1950a":"3966930a2ae8fdd8f40e7007f3fde0bd6eb48a46e6d26eef83da9f6384b1a2bda10790dadb3f" CCM encrypt and tag NIST VPT AES-256 #24 (P=23, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d34264a12c35cdd67ac105e2826b071e46f8131d1e325f8e0ae80a6447375135":"79ac1a6a9eca5e07ce635bfd666ef72b16f3f2e140d56c":"3891e308b9f44c5b5a8b59004a":"0cda000ed754456a844c9ed61843deea9dadf5e723ea1448057712996d660f8c":"1abcc9b1649deaa0bfa7dcd23508282d9c50ca7fee72486950608d7bcb39dcf03a2cab01587f61" CCM encrypt and tag NIST VPT AES-256 #25 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4ad98dbef0fb2a188b6c49a859c920967214b998435a00b93d931b5acecaf976":"9cea3b061e5c402d48497ea4948d75b8af7746d4e570c848":"00d772b07788536b688ff2b84a":"5f8b1400920891e8057639618183c9c847821c1aae79f2a90d75f114db21e975":"f28ec535c2d834963c85814ec4173c0b8983dff8dc4a2d4e0f73bfb28ad42aa8f75f549a93594dd4" CCM encrypt and tag NIST VNT AES-128 #1 (P=24, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c0425ed20cd28fda67a2bcc0ab342a49":"4f065a23eeca6b18d118e1de4d7e5ca1a7c0e556d786d407":"37667f334dce90":"0b3e8d9785c74c8f41ea257d4d87495ffbbb335542b12e0d62bb177ec7a164d9":"768fccdf4898bca099e33c3d40565497dec22dd6e33dcf4384d71be8565c21a455db45816da8158c" CCM encrypt and tag NIST VNT AES-128 #2 (P=24, N=8, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0b6256bd328a4cda2510d527c0f73ed4":"78a292662b8e05abc2d44fbefd0840795e7493028015d9f2":"21fd9011d6d9484a":"66ff35c4f86ad7755b149e14e299034763023e7384f4af8c35277d2c7e1a7de2":"5a0be834c57b59d47a4590d8d19a1206d3c06e937a9b57f74034d9fdb43c3f48932aa72177b23bf6" CCM encrypt and tag NIST VNT AES-128 #3 (P=24, N=9, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"afdccc84f257cb768b7ad735edbd1990":"56d0942490e546798f30d3c60ad4e3e110fc04f5b1c1fa83":"b7776aa998f4d1189b":"9f9ac464de508b98e789243fdb32db458538f8a291ed93ddf8aeaacfbfc371aa":"96f124c74fd737819008ddef440320f4a3733d0062c83c893e259aecf12ba08f2a2e966a3341d6d4" CCM encrypt and tag NIST VNT AES-128 #4 (P=24, N=10, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6ccb68d3838d4ddf660b9cd904cad40f":"5ea35c082e2b190e9d98e6b2daad8672f587b4f2968072fc":"c4fb7519a19f13d9d1fc":"092e64fef08b5655a86cdb8de63ffaa7772e8730844e9016141af8bad2216246":"cda5fe3d15d00150b99120c7f206b88a4c2c4a39ca9143425603ab284a73a38cc916f8b653c92ab4" CCM encrypt and tag NIST VNT AES-128 #5 (P=24, N=11, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e6ab9e70a4fb51b01c2e262233e64c0d":"ba15916733550d7aa82b2f6b117cd3f54c83ddc16cd0288a":"74e689eb5af9441dd690a6":"42f6518ee0fbe42f28e13b4bb2eb60517b37c9744394d9143393a879c3e107c7":"dcc151443288f35d39ed8fae6f0ce1d1eb656f4f7fd65c0b16f322ce85d7c54e71ac560fd4da9651" CCM encrypt and tag NIST VNT AES-128 #6 (P=24, N=12, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"005e8f4d8e0cbf4e1ceeb5d87a275848":"b6f345204526439daf84998f380dcfb4b4167c959c04ff65":"0ec3ac452b547b9062aac8fa":"2f1821aa57e5278ffd33c17d46615b77363149dbc98470413f6543a6b749f2ca":"9575e16f35da3c88a19c26a7b762044f4d7bbbafeff05d754829e2a7752fa3a14890972884b511d8" CCM encrypt and tag NIST VNT AES-128 #7 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ac87fef3b76e725d66d905625a387e82":"959403e0771c21a416bd03f3898390e90d0a0899f69f9552":"61bf06b9fa5a450d094f3ddcb5":"0245484bcd987787fe97fda6c8ffb6e7058d7b8f7064f27514afaac4048767fd":"cabf8aa613d5357aa3e70173d43f1f202b628a61d18e8b572eb66bb8213a515aa61e5f0945cd57f4" CCM encrypt and tag NIST VNT AES-192 #1 (P=24, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ceb009aea4454451feadf0e6b36f45555dd04723baa448e8":"c8d275f919e17d7fe69c2a1f58939dfe4d403791b5df1310":"764043c49460b7":"6e80dd7f1badf3a1c9ab25c75f10bde78c23fa0eb8f9aaa53adefbf4cbf78fe4":"8a0f3d8229e48e7487fd95a28ad392c80b3681d4fbc7bbfd2dd6ef1c45d4ccb723dc074414db506d" CCM encrypt and tag NIST VNT AES-192 #2 (P=24, N=8, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1dd56442fa09a42890b1b4274b950770ea8beea2e048193d":"bd92d6744cde446fc8621625658fc4bc00dcb97f06195ad7":"ad749d596d88a4b4":"c67219909828adef64422286008e1e306867a1c0b3da95444507a68b45c953e4":"076cffd0ca978fe2bad411ced45a090abafb22a99896f6a75a1969276aa2b0cdb37ccaf2845dbf6e" CCM encrypt and tag NIST VNT AES-192 #3 (P=24, N=9, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8cc622645065c72d0d2aca75802cf1bbbd81096721627c08":"597b3614ff9cd567afd1aad4e5f52cc3fa4ca32b9b213c55":"cd84acbe9abb6a990a":"447b6f36acdad2d1cfd6e9a92f4055ad90142e61f4a19927caea9dbe634d3208":"2d7fb83e6621eed9073e0386d032c6941bef37b2cf36a4c6c5e36222d17c6fb0631c3f560a3ce4a4" CCM encrypt and tag NIST VNT AES-192 #4 (P=24, N=10, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ab72eef2aba30205c986e2052d6e2c67881d24ae5fceaa8f":"2a794b84fc9e4a7e6d70a82b5141fd132177a86b4e8fc13a":"d7a46e726ed43f1580eb":"baa86f14271b2be7dbb37ddc7c95ce4857e57aa94624d594d7bd6ceeaada8d5f":"2d7f76464417613bb61d3657481346b74fc9d6abc6a3babd39365dce86859cd82395d11bfc8cf188" CCM encrypt and tag NIST VNT AES-192 #5 (P=24, N=11, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"af84c6f302c59aeee6d5728ed5da2e3c64a5a781c52c4d1b":"6db41aeb5f7c24df8929dbc30483b3c7934b3bd1cdce5bb9":"df990c42a268950677c433":"a6ab5d78427f297a4b7e21f1091ff3a5b20caa3fe1cbcb09459d9df596a6c8e1":"8c9328258bf71970d33e23a3ff81cc1c9cbe196a1294264bfd6a7255e4801963bb30a63de3fc5b82" CCM encrypt and tag NIST VNT AES-192 #6 (P=24, N=12, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d49b255aed8be1c02eb6d8ae2bac6dcd7901f1f61df3bbf5":"062eafb0cd09d26e65108c0f56fcc7a305f31c34e0f3a24c":"1af29e721c98e81fb6286370":"64f8a0eee5487a4958a489ed35f1327e2096542c1bdb2134fb942ca91804c274":"721344e2fd05d2ee50713531052d75e4071103ab0436f65f0af2a663da51bac626c9f4128ba5ec0b" CCM encrypt and tag NIST VNT AES-192 #7 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"36ad1e3fb630d1b1fbccfd685f44edd8984427b78deae7a9":"8b9db1c8f9b4892a5654c85467bcffa2e15e28392c938952":"3af625df8be9d7685a842f260e":"308443033ecd4a814475672b814b7c6d813d0ec2a0caeecbcaba18a2840cdb6c":"6bc6890fee299c712fb8d9df9c141f24ee1572b8f15112c2f8c99ccf2d82788cf613a61d60dae458" CCM encrypt and tag NIST VNT AES-256 #1 (P=24, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"553521a765ab0c3fd203654e9916330e189bdf951feee9b44b10da208fee7acf":"644eb34b9a126e437b5e015eea141ca1a88020f2d5d6cc2c":"aaa23f101647d8":"a355d4c611812e5f9258d7188b3df8851477094ffc2af2cf0c8670db903fbbe0":"27ed90668174ebf8241a3c74b35e1246b6617e4123578f153bdb67062a13ef4e986f5bb3d0bb4307" CCM encrypt and tag NIST VNT AES-256 #2 (P=24, N=8, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"472bf7946bce1d3c6f168f4475e5bb3a67d5df2fa01e64bce8bb6e43a6c8b177":"59eb45bbbeb054b0b97334d53580ce03f699ac2a7e490143":"790134a8db83f2da":"a7a86a4407b7ecebc89434baa65ef173e88bd2dad9899b717ca578867c2d916f":"db4961070f528ccd1a5a0681ee4d0ce3515fb890bccedc2dbc00b1d8b2bc393a8d09e87af7811f55" CCM encrypt and tag NIST VNT AES-256 #3 (P=24, N=9, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"58ae7965a508e8dd2eda69b5d888a28a1cb3783bad55d59d5b0da87137b72e93":"e61bad17640ecff926d0b0238271ee4c9f8e801dd7243e9e":"caa3d928d2bf2b7f2c":"304678b3ffd3200e33a8912bcb556b3cfec53ca17f70ecba00d359f9f51d3e3b":"7bb1137c14cb4d324a4a8f1115c619ebf74927f0bed60a8d5a9140ff50dc4da375c7d2de80de097f" CCM encrypt and tag NIST VNT AES-256 #4 (P=24, N=10, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"aecc5e18088bf9fd7b17f089bdd5607b69903b04b726361f8a81e221b1c91891":"d4291c99901345afe29f58912a414a7498f37b44362bdf3c":"c527d309ab29ee91c5fc":"8f9a73e7bc1c11e2919020ba3a404cbddf861e9e78477218e3be2cd4337b278d":"392784a9e0b14bcd37639ec5409d6ead3e75f855e5a92c33ffc040ef3977e0035ce6ea6d157c18d3" CCM encrypt and tag NIST VNT AES-256 #5 (P=24, N=11, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"97bc7482a87ba005475dfa3448f59d4b3f9c4c969d08b39b1b21ef965c0f5125":"b99bf4dc781795fc4d3a8467b06e1665d4e543657f23129f":"0bcf78103ec52d6df28887":"049c10f0cb37ae08eae2d0766563b7c5a8454f841c2061a4f71a0a2158ae6ce5":"0d3891fa0caac1f7ebe41b480920ffd34d4155064c24f3b17a483163dd8f228d1f20cd4f86cf38fd" CCM encrypt and tag NIST VNT AES-256 #6 (P=24, N=12, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d6ff67379a2ead2ca87aa4f29536258f9fb9fc2e91b0ed18e7b9f5df332dd1dc":"98626ffc6c44f13c964e7fcb7d16e988990d6d063d012d33":"2f1d0717a822e20c7cd28f0a":"d50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c83997630":"50e22db70ac2bab6d6af7059c90d00fbf0fb52eee5eb650e08aca7dec636170f481dcb9fefb85c05" CCM encrypt and tag NIST VNT AES-256 #7 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4a75ff2f66dae2935403cce27e829ad8be98185c73f8bc61d3ce950a83007e11":"205f2a664a8512e18321a91c13ec13b9e6b633228c57cc1e":"46eb390b175e75da6193d7edb6":"282f05f734f249c0535ee396282218b7c4913c39b59ad2a03ffaf5b0e9b0f780":"58f1584f761983bef4d0060746b5d5ee610ecfda31101a7f5460e9b7856d60a5ad9803c0762f8176" CCM encrypt and tag NIST VADT AES-128 #1 (P=24, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab1123301219c70599b7c373ad4b3ad67b" CCM encrypt and tag NIST VADT AES-128 #2 (P=24, N=13, A=1, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"08b0da255d2083808a1b4d367090bacc":"1b156d7e2bf7c9a25ad91cff7b0b02161cb78ff9162286b0":"777828b13679a9e2ca89568233":"dd":"e8b80af4960d5417c15726406e345c5c46831192b03432eed16b6282283e16602331bcca9d51ce76" CCM encrypt and tag NIST VADT AES-128 #3 (P=24, N=13, A=2, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1538cc03b60880bf3e7d388e29f27739":"e7b819a853ffe79baaa72097ff0d04f02640ae62bcfd3da5":"9e734de325026b5d7128193973":"c93c":"1d8f42f9730424fa27240bd6277f4882604f440324b11b003ca01d874439b4e1f79a26d8c6dc433a" CCM encrypt and tag NIST VADT AES-128 #4 (P=24, N=13, A=3, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f149e41d848f59276cfddd743bafa9a9":"9759e6f21f5a588010f57e6d6eae178d8b20ab59cda66f42":"14b756d66fc51134e203d1c6f9":"f5827e":"f634bf00f1f9f1f93f41049d7f3797b05e805f0b14850f4e78e2a23411147a6187da6818506232ee" CCM encrypt and tag NIST VADT AES-128 #5 (P=24, N=13, A=4, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9a57a22c7f26feff8ca6cceff214e4c2":"035c516776c706a7dd5f181fa6aa891b04dd423042ea0667":"88f30fd2b04fb8ddbce8fc26e6":"a95bdff6":"b92f7ec2ebecebdbd2977b3874e61bf496a382153b2529fc9b6443a35f329b2068916fb6ab8227eb" CCM encrypt and tag NIST VADT AES-128 #6 (P=24, N=13, A=5, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"54caf96ef6d448734700aadab50faf7a":"c69f7c5a50f3e72123371bbfd6bdf532b99ef78500508dfe":"a3803e752ae849c910d8da36af":"5f476348dd":"20c43ad83610880249f1632dd418ec9a5ed333b50e996d1a4e5a32fbe7961b832b722bc07a18595b" CCM encrypt and tag NIST VADT AES-128 #7 (P=24, N=13, A=6, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cc0c084d7de011e2f031616a302e7a31":"15b369889699b6de1fa3ee73e5fe19814e46f129074c965b":"f0b4522847f6f8336fe534a4e7":"da853a27aee2":"f39755d160a64611368a8eccf6fcbc45ef7f1f56240eb19a2e3ca4ec3c776ab58843f617d605fd72" CCM encrypt and tag NIST VADT AES-128 #8 (P=24, N=13, A=7, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d7572ed0e37261efa02f8c83e695efdc":"1edef80c57d17f969f8bde10ab38a1a8811a124de72c526e":"f4f96d7b4384a3930b3d830f82":"922340ec94861f":"de14558cc686e1836f1f121ea1b941a9ebd4f0fb916dc870fd541b988a801cb5751c7faaf5b0c164" CCM encrypt and tag NIST VADT AES-128 #9 (P=24, N=13, A=8, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"98a42d7a0c5917deaf3b4de3f0cbe0a1":"9aa9c8358117564371366beeec923051ef433252197aaad5":"03d33ab0c2df7bfce88b5ee4c4":"2d5438b728b950d9":"9ff942baa60f440c17a78e9581216b9a947a67f04d54911feecfff971fdfaa856310b014aa59c978" CCM encrypt and tag NIST VADT AES-128 #10 (P=24, N=13, A=9, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2a68e3fe746f593c1b97cb637079c3e5":"13b4a874888db0e5d8fd814b5e7e04f7fdfbc1601ccc02bc":"cd62d0f27b7f4864dc7c343acd":"abe4f1d3812bfe3ccf":"032835a3dbf688d09cf2a32a92b101959d33ff47500f92f4fd49840440f866d1a22b0854996111d8" CCM encrypt and tag NIST VADT AES-128 #11 (P=24, N=13, A=10, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"46b067cf9b1a28cf187002e90b14e130":"cc0915194218d4536e467433cd6d79ff1d9eb9ff160ab684":"bad8c03292bf01cfd8d34f860c":"8d65880eddb9fd96d276":"bd56edc015692c6ab9bec493a9893863598414a3d11a6a0f27ecdcb257d0d30491e5bf1aa8f90958" CCM encrypt and tag NIST VADT AES-128 #12 (P=24, N=13, A=11, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e94dac9c90984790a7c0c867536615ff":"4d64461c55eb16bf7b9120f22be349598f2f394da8460dc6":"c19f06f91e645d4199365f18c0":"537038b5357e358a930bd6":"e9fc5004c2359724e1e4411ae6f834ef6bea046d549753c88790c1648f461a31c84e62ea8592a074" CCM encrypt and tag NIST VADT AES-128 #13 (P=24, N=13, A=12, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f6bb5d59b0fa9de0828b115303bf94aa":"011fc50329bfd63a85ebd4f7693363602f1a4147371270b7":"05358f33e1fc6a53ab5a5c98ce":"040b25771239cc2a39446e3c":"4432d7eb42980734d34f19c50cf8abf71ac1b19ed75a727854e5d050a405f755047d09cb0f49546a" CCM encrypt and tag NIST VADT AES-128 #14 (P=24, N=13, A=13, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d1da2e961e78063af8de41865b226873":"8e5fa1a6662a8378cda15697e926841594f2f394fa5a34ab":"03739f5474857006340cce554d":"e3afd091d2b588465872a6300f":"ca0d95e3ff186ad6b88d45fc4079e6b7b4a615e7e8dd5f4742d522cc9dc19c47a4fa0b1528069cf8" CCM encrypt and tag NIST VADT AES-128 #15 (P=24, N=13, A=14, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1eee667267ef10b03624cf9c341e3f75":"798e31cce0a83702a95171fb1162a17b9ce00ec3592ce262":"0630a3eae27e505c61c56e6560":"d24651ef0561282d3e20e834960c":"f3c3e52f1a1ff528a8d3783ee4e75f114e3e6416334815d2d9236d5c5c9319092078411b72c51ba8" CCM encrypt and tag NIST VADT AES-128 #16 (P=24, N=13, A=15, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"dbbd26f5d9e970e4e384b2273961be5a":"553714e17a208a2eceb847a4a2d95088388b1ac8d8ca43e0":"0b1eabe504ef4822542e397fec":"477937301c83ba02d50760b603e0ea":"1c80213268bad5402c4dc9b5d836ab7499810d0d8a974716df9a0e986ab2890736423bb3772cec3e" CCM encrypt and tag NIST VADT AES-128 #17 (P=24, N=13, A=16, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"10a7720f2e18f739c26924925af6b670":"e59782a9aea45f467b90e51a0fdf166baba05663def2d8b6":"8c4e7813ab9bce9dafee01c628":"a209941fab710fda38d11c68b13d930f":"e357b1ccdaca6f3506dc45279c2e4c59f5307a5fd6a99cd72341ea8c0785569973f90ee9ee645acc" CCM encrypt and tag NIST VADT AES-128 #18 (P=24, N=13, A=17, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6bffab1f4f4c1ff66b4a669b515b2f8d":"d91b12e8655dd92b1332fc1d71c391c96a17111562d90ba3":"ddb34d5e0140fb96d690e1a2b7":"5cbba9ea778e01af00afb2a934f28c7211":"d302e5b2d5d90433186b804cd7717e2db2f22cdc34fb2942ab30780a2c4f12af8f35350d65284c59" CCM encrypt and tag NIST VADT AES-128 #19 (P=24, N=13, A=18, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ae6136df9ab43631ef143515dacedbe7":"6a493c5ef3769ccc4101dbb2eb36e1e5bbc577a057ce0731":"c5c445792208a50c8e93d64aa3":"e04006b68c83a5dd4ceac3cde238e48895ae":"c7584c0203c2535c5702c6ae93b7cbfb066f4a055c627a180d6d676d11fce907b5c93fa1ed7bff2b" CCM encrypt and tag NIST VADT AES-128 #20 (P=24, N=13, A=19, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f1908328edf2996ebfc9655472ca5ad0":"eede01b08f9a303cdf14c99d7a45732972c6eff2a1db06eb":"4c693364546930b6c5250e2699":"4a3634e5028df97fbe00eb016e8ea4f1918faa":"90c850790b0b380f5aeb2488fdf43c9d5ef1759861e86f6e52570e769629dcc2e568737ba53a1195" CCM encrypt and tag NIST VADT AES-128 #21 (P=24, N=13, A=20, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"61cb8eb792e95d099a1455fb789d8d16":"6ad541695a37c32d73ff6d5f870abd5b0f362a8968c4fce0":"1f37b3e59137f2a60dc09d16ac":"09db3efac9473f713da630ae92c2c8604c61c51e":"e65fcc975865c1499b088b58ba163283085d8ca68dc3b235d89756e5d78753ef22c012ae34b39a20" CCM encrypt and tag NIST VADT AES-128 #22 (P=24, N=13, A=21, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"be1ed49e2cb0caf6b6a0940c58453b93":"a9eec383f63892521e4616fcbadc5485942ffaf4669c43a7":"b78ad129457681fa7346435b97":"161d92c7df1ebb0924719e066e08b95eb4914a5eda":"949be340720c4fdc4adc05cb777dd81a2549628d33fba07e62d2b338a7b34ebd9d85c244c952d681" CCM encrypt and tag NIST VADT AES-128 #23 (P=24, N=13, A=22, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"34ab6fd7f54a2e0276fcb7cf1e203aba":"8d164f598ea141082b1069776fccd87baf6a2563cbdbc9d1":"6091afb62c1a8eed4da5624dd7":"1ab5cc3d7b01dc74e6cf838bb565fea3187d33d552a2":"0d30ab07153b5153637969e6bd3539448c541e42b3d432fd7ef14622a9b621d1721b944c60f7fd67" CCM encrypt and tag NIST VADT AES-128 #24 (P=24, N=13, A=23, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ea96f90fbae12a857f5c97e0cba57943":"49db80f22bc267a70e5636dfbc8a21c83d9691fe4b9c3051":"21cc46d9ced1539b0ad946e600":"105258d2f25f62675aee975cfdb668aff833f05b61eb2a":"d2fcc8b7809b5fc07e44083e437d8180157f1782a9ce9f65c7fa9ee2e7cdc1b755258f2212a8a8f4" CCM encrypt and tag NIST VADT AES-128 #25 (P=24, N=13, A=24, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"35b403a15212097085d6e2b77ec3d4f2":"7dd7396db6613eb80909a3b8c0029b624912aabedda0659b":"daa423bf9256c3fcc347a293aa":"d3c0ed74e5f25e4c1e479e1a51182bb018698ec267269149":"5b00cf8a66baa7fe22502ed6f4861af71fa64b550d643f95eee82c19ecba34280604b58d92dacd3f" CCM encrypt and tag NIST VADT AES-128 #26 (P=24, N=13, A=25, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7a459aadb48f1a528edae71fcf698b84":"0b3d947de8632dc8ff752f619ba7c84716fac7a23e101641":"fa4616b715ea898772b0e89dd4":"0c0b4a45df5c3919c1e1669c5af5d398d9545e44307d95c481":"7db9f3f7dc26fc2adf58d4525d26d5601e977de5a7c33911a1138cff7b624f9908b5b4d7e90a824a" CCM encrypt and tag NIST VADT AES-128 #27 (P=24, N=13, A=26, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ca748225057f735f712ecc64791367f0":"e92cd0cb97afe4fb00c4f12e9b9abe1d08db98f49a27f461":"1341a6998eb1f50d4b710a13ac":"5fb96b045f494808c02014f06074bd45b8a8ad12b4cb448ec162":"82b666694232e86e82295beae66ae67d56aceb5d6b1484ceb4a6843ec16078038c10afedc41f5362" CCM encrypt and tag NIST VADT AES-128 #28 (P=24, N=13, A=27, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fdf2b2c7fcb3789b4e90abe607dca2af":"d7aa4efa5d75195a400018bd38f7d8cd53fdffe88df1837f":"a69ddc66e63a3415f21009d53a":"c76846da496ed87b9c0f65c6266c9a822224acde9775efb186a4a5":"150d9a8b78d9c04239d66207a1f95021bbb1b7c70d7c354825d05e5a2e76a90f6fe489fd74cab2a3" CCM encrypt and tag NIST VADT AES-128 #29 (P=24, N=13, A=28, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7d870d7e52d3053c65eefad47764cfeb":"109317556c21c969eda65a94176d7a11462c9ae18a865b6d":"37d888f4aa452d7bf217f5a529":"9610949f6d23d5b1f3989b2f4e524fab4f297a5bec8ddad4f16cb616":"4e6b967b1571c6d7b9e118b112b7ac949a4a175650316a242dd579cb0d201d22c86bbc7fbe47bd0d" CCM encrypt and tag NIST VADT AES-128 #30 (P=24, N=13, A=29, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8fcac40527c0e7ca8eaff265ca12c053":"78d1e96af8cebdcc7e7e2a4ddcfa34f6cf9a24fb85672ad7":"ae9f012fd9af60a400e20b1690":"9ce65598cd1f86afc9aaaf172809570cc306333c25523f863c6d0e0154":"9adb9a95a9379ad795d8d3ffd4e37a045160d6d727f974a6cb3b5151f327e65447e52c7525562c91" CCM encrypt and tag NIST VADT AES-128 #31 (P=24, N=13, A=30, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ddf9f150cc3f1c15e8e773663c5b061c":"79d8841ab83279724ce35e1a8abd4e158168dcf388ab4c3d":"98c5036b7d54da9a1177105600":"20c5ab290e6d97f53c74121951f39ba865b3acc465fa3f0fb8a591622277":"d00d29396ffa9e691290d746527777bf96a851f306d4da0b1816df1e0e82bb7bc8105930ad6a2232" CCM encrypt and tag NIST VADT AES-128 #32 (P=24, N=13, A=31, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b1dc81d116d94f5eced526b37c004b95":"54390715b6e7c7bd51a234db059a51ba030cf22ee00b7277":"97c8f69fb91b17299461fd8d63":"f8b08aa83bed09ca342249b2cf9e2b45a89dcfb8711a120395e455921af481":"cb629994c3418a662a8cde1b5f4d99aa7df66e24c53dc6df11297930fd44c63675b7cca70671ef4d" CCM encrypt and tag NIST VADT AES-128 #33 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5a33980e71e7d67fd6cf171454dc96e5":"a34dfa24847c365291ce1b54bcf8d9a75d861e5133cc3a74":"33ae68ebb8010c6b3da6b9cb29":"eca622a37570df619e10ebb18bebadb2f2b49c4d2b2ff715873bb672e30fc0ff":"7a60fa7ee8859e283cce378fb6b95522ab8b70efcdb0265f7c4b4fa597666b86dd1353e400f28864" CCM encrypt and tag NIST VADT AES-192 #1 (P=24, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"39f08a2af1d8da6212550639b91fb2573e39a8eb5d801de8":"15b369889699b6de1fa3ee73e5":"":"6342b8700edec97a960eb16e7cb1eb4412fb4e263ddd2206b090155d34a76c8324e5550c3ef426ed" CCM encrypt and tag NIST VADT AES-192 #2 (P=24, N=13, A=1, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9748798c0f3cc766795c8ce0e4c979c1930dfe7faefea84a":"100fa71462277d76ca81f2cfdb3d39d3894b0ca28074a0f0":"cdf4ba655acfe8e2134fa0542f":"67":"36e2415b4f888a6072f260d7e786d803be16f8b9cbee112d7ff74e3b05b7d7c13284573bd3e7e481" CCM encrypt and tag NIST VADT AES-192 #3 (P=24, N=13, A=2, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"393dcac5a28d77297946d7ab471ae03bd303ba3499e2ce26":"262f4ac988812500cb437f52f0c182148e85a0bec67a2736":"fe7329f343f6e726a90b11ae37":"1c8b":"e6d43f822ad168aa9c2e29c07f4592d7bbeb0203f418f3020ecdbc200be353112faf20e2be711908" CCM encrypt and tag NIST VADT AES-192 #4 (P=24, N=13, A=3, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a74abc4347e4be0acb0a73bb8f7d25c35bae13b77f80233a":"6372824bf416cd072a7ad0ae5f9f596c6127520c1b688ab4":"6a850e94940da8781159ba97ef":"a4490e":"b14a07bdc119d87611342c4c6935c5786ff1f9ae2eb49e6191c88a3cb4fbafcb8a4a157d587d7e39" CCM encrypt and tag NIST VADT AES-192 #5 (P=24, N=13, A=4, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"df052e95aea3769a433ce4e4e800b8418649bbe8c6297eb0":"e8c1a89228d8212f75c136bab7923a89f9fea18e781cb836":"ba356d392c3f700f4f2706a4ca":"8ffc0e3d":"66b5d782323925e1bd0a8413a9a5a881356453d5df2cbeb199b2e1e803550dcdde55fd66ecb45edd" CCM encrypt and tag NIST VADT AES-192 #6 (P=24, N=13, A=5, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"16d345606a315ad2406abbcb43cd8cabe948107ba6d17a72":"d3bef460223c81e4579c9d1d463ac5e0881685de1420a411":"d4ef3e9e04f1b7f20ffc5a022e":"a468f08d07":"abb85db49a9b1c8724ecbc734cc8373bd20083cfa4007b1cfe4d3a3bb25f89f692884be230c6035c" CCM encrypt and tag NIST VADT AES-192 #7 (P=24, N=13, A=6, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1c476cfd7dd300d961fd3f24a6fe0e80742b00851676ca63":"6f3938932b5c1280311e892280d8a822a828a0be7fdb1bcd":"e300fc7a5b96806382c35af5b2":"28130f938c45":"df48662fe134e75a85abc2cece2c3b6236c88a70fa792e9beadc9601adf9fbdf4e3e94b395b0a332" CCM encrypt and tag NIST VADT AES-192 #8 (P=24, N=13, A=7, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"79d1e38a70df1cf239be168833dcd0570bc8f37b3aa26c37":"83c24f3a77b83b4ef45277ba90225f3ba1722312f52b1a07":"8229d6d7e9e21fdc789bff5dcf":"076887d2abe900":"19d880f1d959a68f162de243d4a45747ace704613359b27218d1531a066de60a95d2924a6910e990" CCM encrypt and tag NIST VADT AES-192 #9 (P=24, N=13, A=8, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"72e6cebdaf88205c4e74428664bc0d7eb4687a272217b7ca":"54bc7e3c227df4e83252a5848fea12dfdb2d14b9e67c1629":"3820db475c7cb04a0f74d8e449":"f427c47e10c45bb3":"91e7baff2b42af63e26c87ce6991af22422c1f82906858b1721961de5c768f4d19bd3034f44f08d2" CCM encrypt and tag NIST VADT AES-192 #10 (P=24, N=13, A=9, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"39c03a0c8634047b1635348f284d3dc1e752ab40548eb337":"0662e63c88e963d3e0cf2c4653515ae4474a2c78ab0394c0":"9e2ea8eb7f56087ee506925648":"28d157f09a71da80dd":"01dcd4dd3b8c1369518136ce45e8bb9df565b0ad231a887b02ada34addf0aa2f4744ed2e07995491" CCM encrypt and tag NIST VADT AES-192 #11 (P=24, N=13, A=10, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e2a92ffbb0b5eb68cb82687f12449fae5167d375131b0b10":"048c9ba4597c3bb595bfd5048e5e9a1296f30e5c0118b177":"441ad5e1382e083a95224f395d":"2352648299b0413cb2ce":"25247a258e4ac0a988d8def60cc174a9d4578cd5346fb5150c96e8ab8774baa421f39c64a386c418" CCM encrypt and tag NIST VADT AES-192 #12 (P=24, N=13, A=11, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ef1ad3eb0bde7d4728389da2255d1f8a66ecb72e6f2f1ac4":"9f580cc6c62a05ce125c6bec109a48ca527ee26a64b14b68":"8e7d8a44244daa7df2b340993e":"521583c25eb4a3b2e46120":"ff0ff95bcb0bccd5e4aadd77ac6770f5013654eb3c6386fded2c87135861b43a99f258b6938f66e3" CCM encrypt and tag NIST VADT AES-192 #13 (P=24, N=13, A=12, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"44cba20b7204ed85327c9c71c6fea00b47ce7bdde9dea490":"6333bde218b784ccd8370492f7c8c722f8ef143af66d71d7":"f3329154d8908f4e4a5b079992":"f1e0af185180d2eb63e50e37":"b9401a4927b34dc15e9193db00212f85f0c319781ec90e3b4484d93cb422cb564acc63d3d18e169c" CCM encrypt and tag NIST VADT AES-192 #14 (P=24, N=13, A=13, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b5f43f3ae38a6165f0f990abe9ee50cd9ad7e847a0a51731":"3726c1aaf85ee8099a7ebd3268700e07d4b3f292c65bba34":"13501aebda19a9bf1b5ffaa42a":"ead4c45ff9db54f9902a6de181":"fd80e88f07dad09eed5569a4f9bb65c42ef426dda40450119503d811701642143013f28ce384d912" CCM encrypt and tag NIST VADT AES-192 #15 (P=24, N=13, A=14, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"13f179aa2a23bc90a85660306394940e9bb226ce3885ec01":"d3b36c6289ad6ae7c5d885fe83d62a76270689ce05fa3b48":"aaa52c63ca1f74a203d08c2078":"5cc924222692979a8e28ab1e0018":"bc4fcef401c2e1d1c335734ff23ea52c3474d2e6f31648a7f58649400ac9e825b038d67f0c2a6f1c" CCM encrypt and tag NIST VADT AES-192 #16 (P=24, N=13, A=15, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c1dfc48273d406a3a7b9176f80b2dc4e9a7f68134bab66d2":"67d9728a88f1fac3af43ed6d634ba902896bd226858697d9":"1ac53ba965cdaeeef7326a37e4":"39ba54a410a58a5d11615a2163cc3b":"360f0fc714994e3b59448b50cdd61d511b4f09e0e5fb5ac826a51fe5b9b598a17eb3da10f936813b" CCM encrypt and tag NIST VADT AES-192 #17 (P=24, N=13, A=16, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d8a662ab8449bd037da0346a24565683a3bbbbd1800e3c1c":"61fdd10938557080191d13dd6c3002dd445d9af988029199":"166fb8d0e110124c09013e0568":"1c1c082eeb5b8548283d50cc2ace1c35":"23c05927502a4ee6e61e4e10552d49b020643eab476eeacc867601fe79a122a7817819655183283e" CCM encrypt and tag NIST VADT AES-192 #18 (P=24, N=13, A=17, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"116f4855121d6aa53e8b8b43a2e23d468c8568c744f49de5":"1bd3b5db392402790be16e8d0a715453928f17f3384c13a7":"924322a3ef0c64412f460a91b2":"03c2d22a3bb08bbb96b2811ce4b1110a83":"ad736402626df0f9393fe4491eb812725ad39d6facf20b5b2f9340b0d48a17ae1cc71d7515e61ee9" CCM encrypt and tag NIST VADT AES-192 #19 (P=24, N=13, A=18, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e67f3ba11282d61fe36e38cab7b559c2fd9cbe8bf7eb5863":"d7a954dae563b93385c02c82e0143b6c17ce3067d8b54120":"a727ed373886dd872859b92ccd":"68d199e8fced02b7aeba31aa94068a25d27a":"c6cfaa1f54d041089bd81f89197e57a53b2880cefc3f9d877e30b2bcc3f1ea9ec2b8f28bf0af4ecf" CCM encrypt and tag NIST VADT AES-192 #20 (P=24, N=13, A=19, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e0a29a2c7840cf9b41de49780b9ee92d646a4bfc5b9da74a":"344dc8b6bd66a1fbbe330a95af5dd2a8783dc264d6a9267d":"fc9fd876b1edded09f70b18824":"36e15baafa0002efbb4bb26503b7e3b79f6c68":"43b3b96aa5a54378f3bb573ffda3e154aa7f425fc3008175b60a77b9d38740356b544b1c0f259086" CCM encrypt and tag NIST VADT AES-192 #21 (P=24, N=13, A=20, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"26d0a3a8509d97f81379d21981fe1a02c579121ab7356ca0":"37ab2a0b7b69942278e21032fc83eba6cdc34f5285a8b711":"8015c0f07a7acd4b1cbdd21b54":"093ed26ada5628cfb8cfc1391526b3bcc4af97d9":"a3a60b422eb070b499cf6da0a404b13a05cedda549c6b93e6ca0e07e04674f21a46df2659a5905fb" CCM encrypt and tag NIST VADT AES-192 #22 (P=24, N=13, A=21, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"aac60835c309d837aacc635931af95702a4784c214283ebb":"e8610756528f75607b83926597ef515f4b32a8386437e6d4":"0e20602d4dc38baa1ebf94ded5":"796e55fbe7bed46d025599c258964a99574c523f6a":"e0a3d5f43e688ce104f4ae1a4fcd85500aa6b8fdbcd1b8d3003c0c3b7369e79339433e1754c0937f" CCM encrypt and tag NIST VADT AES-192 #23 (P=24, N=13, A=22, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"671544bf2988056f7f9ccd526861391a27233793a23f811f":"576b069ae2713f53d2924c1fd68f786cb2eec68892f9e1be":"0a259148a1d081e0df381ecd0c":"61dafc237cb52f83ab773ba8a885462b6f77d4924611":"ce06b3d09b02921f290544032a081a7766612940048867281bb089af0245792c16e6320cf5ffa19e" CCM encrypt and tag NIST VADT AES-192 #24 (P=24, N=13, A=23, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"90e2c63b6e5394b1aeec03f95a9d13a01a7d4e9d58610786":"44dd098b1f869d670a8a841900c4bef023a1946a0c278354":"dada5465eb9b7229807a39e557":"f5629ca0eea589f6cf963d875a7d2efb656983f2dd2231":"6b38ca85450e05e7b9362ed7e6e291a130ff233b5a561cdef7ec84dd992fdf98514f845dac8f656e" CCM encrypt and tag NIST VADT AES-192 #25 (P=24, N=13, A=24, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"13cdaaa4f5721c6d7e709cc048063cfb8b9d92e6425903e6":"d7c837971b973f5f651102bf8d032e7dcd10e306739a0d6c":"f97b532259babac5322e9d9a79":"ad6622279832502839a82348486d42e9b38626e8f06317c4":"4709600418f2839841e6d126359f6982bdb53acc7ff209635623d15b24184481eadc63bb8c878fc4" CCM encrypt and tag NIST VADT AES-192 #26 (P=24, N=13, A=25, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"90851933d4d3257137984cdb9cba2ca737322dac4dbd64bc":"ba1785a149cb8b69a4e011c11a3ff06f6d7218f525ac81b5":"be02df3a840322df8d448c600c":"69a9dd9ac8be489c3a3f7f070bdaca10699171f66ab3da9351":"89ab2efefa8406336d9e2245199fbc9454f0ef650b9ed0f446c7246bd3130803bf8d703ef5bdf15c" CCM encrypt and tag NIST VADT AES-192 #27 (P=24, N=13, A=26, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5c5d02c93faa74a848e5046fc52f236049e28cd8096dcac6":"b4da43ebfe9396b68f4689fba8837c68d0064841c6ddd4a7":"54cbf2889437673b8875a0f567":"09fc21ac4a1f43de29621cacf3ad84e055c6b220721af7ce33bb":"d40725397229021a18f3481e3a85f70445557bb2a85e4ae8101a34c777e918e16186fda05a386572" CCM encrypt and tag NIST VADT AES-192 #28 (P=24, N=13, A=27, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0234dae5bd7ae66c67ff0c1a3f1a191a0d7bceb451bc2b7d":"0f960a89a7e806f8709047cb7a2e7c4211ad724692c88a05":"16d345606a315ad2406abbcb43":"c37fdf7449fd7e943595d75e977089c623be0a3926e63fdbbfdf4a":"3907880d25f910eab12dd14e704d1b33ea7c453634d54da2a461f44dac1112ae3f9c65671a931d3e" CCM encrypt and tag NIST VADT AES-192 #29 (P=24, N=13, A=28, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6351a67fd6daabd2fd49ee944dd41dd37301f958dd17fcc3":"0c0663dd69ccbffbbd0c8c2e9473d0354451ae7a20fa3695":"b8d517b033754058128d13d11a":"511c6924fa96db716f6b053b7a48aebdc1504145a56cd02d6be2590d":"19f2745df5007619c79c84d174e4521b942776478a0601d982c560fede4741e2fd3b54b3a48f3e38" CCM encrypt and tag NIST VADT AES-192 #30 (P=24, N=13, A=29, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9a5a9560baed3b8e0e90b92655d4e5f33889e5d7253d9f6c":"5bbe9c1fb2563e3e82999fe097b28da4dc6ff2e020f3b4f3":"c0049382cdd8646756d4e6bff5":"c95a86d52088a8b0107cc5b437a8938b2c9e74e46e2e03bb9bceecdbe3":"6d5401db42b5c48b79203b6ad82806d7460ac4c82ad0809b811020480e834f6fe55900a162a4e61a" CCM encrypt and tag NIST VADT AES-192 #31 (P=24, N=13, A=30, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3e61094c80df0053e86d43fccf4e1d3ee2cdb862d3237b0a":"1fada8f4c7daea0d1c370184c169485b80a278708ed41451":"63f00b2488809fdc49ca5f05d5":"a08763ca936abdeece06467bef8c3c47c3a473636a039d4db540c867d3e3":"680dd22f16a1290bde42c9792dfa997aed24d5bd2265b6e095aa6b99d3f894d3790c2aa2dae1ba2c" CCM encrypt and tag NIST VADT AES-192 #32 (P=24, N=13, A=31, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b5664dd6ed435df006052f6ded74bb7ce9482ca9229886f7":"0b6de49b530703affc94010c2b793ddc6de0c44d48037ff2":"7a1649896f3e030c18f0205599":"c5f1a26351e53e6509c8bbbed03c42c23ad81c65fccec7ffa1cb494c7f1fc4":"56b02fea595cc24e798691ae905be3d466ca68ca744005dba260b5ea3b047020b73b5bafa17e5084" CCM encrypt and tag NIST VADT AES-192 #33 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"50925853a84a33ff392154e4e737efc18dcfc98f4d5235a9":"718f061e8b972a3adcf465d66c5b28e8661f080127f6722f":"809343e986f6ff47f54d4cac22":"d70aef3532bdc5293a3ebb11589ac1f801c9f93ea0d656e1d04068facf9f768b":"bad3b0e6772e9c4c9c631c095e259d99692292932efb72b8966e91a19617bb748f3495aa433585bb" CCM encrypt and tag NIST VADT AES-256 #1 (P=24, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"72a60f345a1978fb40f28a2fa4":"":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e935753e601b79db4ae730b6ae3500731" CCM encrypt and tag NIST VADT AES-256 #2 (P=24, N=13, A=1, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a4490ed6ab51dbfccd6f3702a857575dad44da3a27eaf31178abc97da60d1e4b":"1b5cc6b1651dec4bbbf5130343852e971c7ff1774100d9be":"26ceaf6e3b28190a17c4f0c378":"9e":"789bce069a725a96c484e64a9e54dcb7a7c268c85df47815a462ff2dd8ba44a381e1f6edab12b5a9" CCM encrypt and tag NIST VADT AES-256 #3 (P=24, N=13, A=2, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"df594db94ef8eca56a417afe946085eaed444c7cc648d07d58132e6cb5bc2bc3":"f4d7978fad36223623ccb5bb18a7373cba8a6e3b1c921259":"c1ad812bf2bbb2cdaee4636ee7":"c0c3":"bea778540a90033b2c0d087e3cc447711ea25f7eea96855506ec97f23bd6ea97834f92f7263c3195" CCM encrypt and tag NIST VADT AES-256 #4 (P=24, N=13, A=3, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d98193ab2a465e3fcd85651aaeca18b8e91489b73b7c7e93b518c4b5b81fc6ac":"edba7d6312144e90ec9eaace7576045a46e553dcb8ee5a98":"2247dc7e2674e9e0a63fe70613":"4dc2f4":"44b9ea727c847336fd739ad11f4b906b292edb810462f06ef59626ad5cdac2e4d4cb07b538a1fd8f" CCM encrypt and tag NIST VADT AES-256 #5 (P=24, N=13, A=4, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"45c8afd7373cb0f6b092af3a633d9fd97c4ca378e19d75f9b74d089429726c29":"0b92adbb251dc29a67f0bb97f8e7160862b6c4e843d07fd9":"fdb1fa230ae0b172ff98fc7496":"270981af":"274e2faea3271ea6fa0494c1951f115b5491a893056c3ee4c76fc350e585277e373e9119bf9595cb" CCM encrypt and tag NIST VADT AES-256 #6 (P=24, N=13, A=5, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a2e6bf39efd1ceddc92b4333ed92d65efeea6c031ca345adb93a7770a8039bcd":"d822f84b023f12ea9e3ce16b904278e4aaab5e11c2c23f3f":"693cbb46bc8366086ec7cd7776":"3ba11282d6":"9f91fd2f6472e33b02b1eabb9d6655729d44c44dad6b3883fe0667bcc5806b225224b04ade8b21c1" CCM encrypt and tag NIST VADT AES-256 #7 (P=24, N=13, A=6, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c5a850167a5bfdf56636ce9e56e2952855504e35cc4f5d24ee5e168853be82d8":"e758796d7db73bccb1697c42df691ac57974b40ca9186a43":"c45b165477e8bfa9ca3a1cd3ca":"4759557e9bab":"93ad58bd5f4f77ac4f92b0ae16c62489e4074c7f152e2ed8a88179e0d32f4928eff13b4ce2873338" CCM encrypt and tag NIST VADT AES-256 #8 (P=24, N=13, A=7, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ae8f93c3efe38e2af07e256961dd33028faa0716e5320a7ab319a10d2f4c5548":"bc9ca92a9c9919e39095d3e53fb148694620ae61227e0069":"6333bde218b784ccd8370492f7":"0b1fabdf2a4107":"45811b0c8f754bf03950e520cd4afc81c2e3eb8a11f4fd386d5a6e4b1fbee15d35939c721004502e" CCM encrypt and tag NIST VADT AES-256 #9 (P=24, N=13, A=8, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"548c2d1eb7d91e003633d4d9ff199e4a8447180edd89ac7867d25a1db288b5ce":"49fd5cbe4aff89dc3b8718f9ce545d612cbbebb289ecbf42":"23b205bd6ff8ed0bab0c98999c":"a6601111cd92c943":"3cfc6211e359ae322802fc9566f377b0dfe17d1dfe0878ebf2a9047e37cc0be1fab0006af8db8dc4" CCM encrypt and tag NIST VADT AES-256 #10 (P=24, N=13, A=9, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"aab793e377a12484dbdd74c9b3a85c74c286e1cc498663fbd7c718b5633bb91a":"7c0889854658d3408c5d8043aad2f4ae4a89449a36f8a3b8":"10022cddb323e88b3c08f95a0f":"82b8c736037ce2f2e8":"1044250f58857c69f72b5d3454d43949e5c02b3822970b280de1a3f7fc5d06cc30f06075f5504ed7" CCM encrypt and tag NIST VADT AES-256 #11 (P=24, N=13, A=10, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"06ac39896073a44283611a66ccab067e2dd2faa8da82ff9a45bb29e54d2e6e77":"3216dce3b8b1ce0e79e40fffcac728ab191aaaf319d971d3":"6c7942c9819cf69b817bfcdb0a":"215e2a6c24325340fdec":"c5b3b50ed8a7b7b96b02ba9464b6a2ff80e90548605699a63d70e6dffb31a376a1eb7f94526dca48" CCM encrypt and tag NIST VADT AES-256 #12 (P=24, N=13, A=11, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"50412c6444bcf9829506ab019e98234af1541061557412740bc120b456052763":"6cdbd63f6d591f59776f828533b28e2453a214d1d0dd8a39":"85684f94c3702c5d870310166d":"f706a3e09df95d3e21d2e0":"8c8b4ae854a5d5c265b25e3b54bded9444cc454b3e0e6a24d6c05eaf406a5ebd578e19edd5227380" CCM encrypt and tag NIST VADT AES-256 #13 (P=24, N=13, A=12, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8a56588fe5e125237b6cdc30f940b8d88b2863ec501a0cb00b1abade1b5ce0ed":"c825952293e434ea866db558aaf486ef09a92bf366988f71":"d80210b9f9776ea36dc0e0a787":"e4296d1c8cf4ffc4b2635135":"b8b3b15fdf6a4a0b5abc313afc769e4e8413bd887552583ede3ed995d1b70561c8e28a7b1a7e3dc8" CCM encrypt and tag NIST VADT AES-256 #14 (P=24, N=13, A=13, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a4cc7e1c90f8684e6a5f95e6898ab4e3c194cb46e196d8228062b9f3fa744930":"10d4cff95ef490923c9e0906880729d4d05412e7675cce76":"cdc2712e51c7f333d6bad78eee":"569c56b27268d3db54e728aac0":"be3ce3e9dc72499839a98ae52abb17415e8547687e8a3c7b8aaaac20d4c9276f2851cbba2b04d185" CCM encrypt and tag NIST VADT AES-256 #15 (P=24, N=13, A=14, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"347e12eec56e95aafcc7d25bf10fc756b4e42bc2e43da7f97df24331f27f1f5c":"ca88dddfc876a12f45f19562bc9ca250f43267ab251a7f34":"b8d517b033754058128d13d11a":"511c6924fa96db716f6b053b7a48":"eeedcfa8f5b5b48c1d7e277526eecb7294213b9f5785167ae949b93003dfe63c95c1d49edfb4de3f" CCM encrypt and tag NIST VADT AES-256 #16 (P=24, N=13, A=15, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"520902aa27c16dee112812b2e685aa203aeb8b8633bd1bfc99728a482d96c1fe":"533fee7d2c7740db55770e48cb1b541d990ea3f8f08ed1a6":"ddf50502f414c1bf24888f1328":"22b4f8f1aac02a9b2ef785d0ff6f93":"fc867b319e0e4ab45ec518a1b5dcec4f29982173f3abfd4d8a8f8d14d2bdac84c3737cfbd75b7c0b" CCM encrypt and tag NIST VADT AES-256 #17 (P=24, N=13, A=16, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"57da1c2704219ed59abfdf04743a9a93c87a63d471818de0f1564b2db6421562":"ddc3c1aa73fb6de92bb4db138e26f3c2e0543ab4f5924871":"4b60a47b7e90f622fa0bf803e1":"0ae8c012ff39753510df3ee80707e4e2":"daa8256d4753fdf9cfef876295badaba89b45cc497f54d220ec2c6fb687753bca4580adc6aa2f296" CCM encrypt and tag NIST VADT AES-256 #18 (P=24, N=13, A=17, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9267ebc99ccf648b146cba3c251187e24a9947d806ceb0ced6894211641a1e0d":"967daf12f16f166b7b5038f83a1cf0b980f5abf4c7746f2a":"9b7298950280e8762ecdc9bbe4":"5824689453bc406bf891b85e4576e38fe8":"7cfe2a7a54306eb8d8a63d3d1ae86794f9a2c22198b2cb4f10ca926f1a430c08c12e23db3d913e93" CCM encrypt and tag NIST VADT AES-256 #19 (P=24, N=13, A=18, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7a855e1690ee638de01db43b37401dcd569c1ae03dc73dd0a917d0cadb5abc29":"33ae68ebb8010c6b3da6b9cb29fe9f8bd09b59ec39f4ce4b":"8f160a873a1166c8b32bccbba7":"72674aca7eba2fc0eeafbd143c2c4d8aa6c8":"b22afdf4f12c43ec23e01ac1215a3f5286059211207e957057e9a9203da74387a9468f8af5e27547" CCM encrypt and tag NIST VADT AES-256 #20 (P=24, N=13, A=19, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0ebdc6ddb4c502725dd6ee8da95d56a0d1044b4694d6ba8475a4434f23a8474f":"c7360282c85484a5a33ab1c68dd70873ab4e74ffd4a62cd5":"fb717a8c82114477253acc14f6":"41e9d65632f74f449a6842d5e6c4a86ef83791":"2e961b3a2fa1609a4e6fd04bff6ac5e306ae2638706f997b42be2e2ba05c54b619850db5c9d684fe" CCM encrypt and tag NIST VADT AES-256 #21 (P=24, N=13, A=20, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2ff64bbec197a63315c2f328dcb4837d0cdc21a5d6f89ff1d97cb51195330cd8":"4a17522da707b4b2587a0ae367a2cd2831bb593a18ef442a":"a235f8ee3de9896b71910ac02c":"2b411bea57b51d10a4d2fb17ef0f204aa53cf112":"1bf122798bd8ee8e73391d589bd046a294d1615794e69cb9e6f3ba30143acbc3a1c1c6ec74333107" CCM encrypt and tag NIST VADT AES-256 #22 (P=24, N=13, A=21, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"24e9f08a9a007f9976919e10dc432002e2e078a339677f00105c72ed35633a3f":"d3416a81b4246eb0bf8119a72a886bbc0ac9449c69f71d2f":"15977424eeec0ec7f647e6c798":"2d838eb51a4bc69a001a18adf2084a680f02a3c5fc":"e001a8fae390dc5d672cdd18f86a1f728158ec83a002050def9af5679edbcbb7db20ab6af30698db" CCM encrypt and tag NIST VADT AES-256 #23 (P=24, N=13, A=22, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0ec1b22b8df05dc92135d2dfbefed8ea81458f5ea1b801e8a218faf6cbdf1a79":"2f59d94d4ab8eeb84c2a6fefb7fb0a3ac059c1e1a65ae34a":"97ebcb8575bb58260208d5c227":"a2f6337f86dd00d1a58448851e95d8c9bace4a5c8710":"7ca0b1dbe34b0391e524b868b0af08b3e096917664d6aa2cabc1f9d0132394149c9062b74b82f04b" CCM encrypt and tag NIST VADT AES-256 #24 (P=24, N=13, A=23, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0875020959ed969cfb38636d1d5aabce9658b00171a7614ea9e5395331c7659c":"065ef9eeafbe077c1c7049f43eb0d8999708e8609f214d5c":"451101250ec6f26652249d59dc":"7cc9c51b69f98a06391ab32742fb6365e15106c811fe8a":"990065322a438e136860f7b019807e9feff52a642bf3d44a9163fa7a867f04cab6f52dc250070f31" CCM encrypt and tag NIST VADT AES-256 #25 (P=24, N=13, A=24, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ef4c1d2314e671f666cc6667660f1438a293208c7cc29b412d81277f0a635c91":"c99c3e79125b6fd95e737326a842424eb6c6ecea4c0475c4":"50b23b052922366c25dd40e348":"cd0522ebe1fed82465277d1c10ae9316a98b4469be63b180":"76df4be4ec8373864399acda11294b220b9f7c3a7d2b3660b25764e40ac6a171e7e6bab4fdee4288" CCM encrypt and tag NIST VADT AES-256 #26 (P=24, N=13, A=25, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8544808e8fbf8c3a5e1d4ca751d4b603af9fe119eabc6923205815e0e748b7e7":"617d54fc6a23601c79e3984f93bfc2d151fde420863206b3":"b44a58724596b4d8dea827c1a0":"f5b2c88f5232c37273b1e66aa31cfa7201e33c21d60054d025":"57b3414db48982c6567265e1e0173bf38fdfaffe4461fbebc1411af83237c0f9eb0bfe8ed914da66" CCM encrypt and tag NIST VADT AES-256 #27 (P=24, N=13, A=26, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e19eaddd9f1574447e7e6525f7fd67e3b42807e44fbb60e75d8c3e98abc18361":"b3b0de10b7c0996662f1b064e04e528b7d85ca1166985d33":"a8c459ce0223358826fb1ec0f0":"ef88f4393d6c1e7b7be55a12144209ee051bb779e440432721ef":"d63e6082c95c6c5ff2bc0771321a4f883ef61cff7b99e0ea8a20a1abe7c842ebc08c8c81a2743c81" CCM encrypt and tag NIST VADT AES-256 #28 (P=24, N=13, A=27, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9498f02e50487cfbda1ce6459e241233bd4c4cb10281dcb51915dbc7fb6545c0":"0d16cc69caa9f19b88b05e151b3d26accd018ca4a5786a80":"e3bd4bc3a60cddd26c20aa8636":"70cfcb828d483216b46c3cd22e2f9ee879e9e3059b566179b6e16c":"f1c4bedb8d6f91676881daa37656a7e6402f472735b04a0f1f8332f4236437737438e7aa1b5100c7" CCM encrypt and tag NIST VADT AES-256 #29 (P=24, N=13, A=28, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3ac7d5bc4698c021e49a685cd71057e09821633957d1d59c3c30cbc3f2d1dbf8":"89198d3acc39b950f0d411119c478c60b2422ffe7e26e00b":"54c8ff5459702aac058bb3be04":"ecbd7091732e49c0f4bda2e63235ea43bbf8c8730f955f9c049dd1ec":"7717b8e4447afcea1eeebf3e39ffdab2f52828e7931ef27e475acd27900478f09fec1f479ab3a7c8" CCM encrypt and tag NIST VADT AES-256 #30 (P=24, N=13, A=29, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"948882c3667caa81c9b900996e3d591e6fcb3d08333eeb29911e9c6338710c17":"8b9130b0c3c15366831bbb19f377e3209a8dbf7619cd09bd":"43b0aca2f0a9030f90559fa6d3":"a516ca8405e5c8854e667921b5c5e1968bdd052915b55ac9984b7eefb3":"4646b2acdeb11174171da23999cd54e297daa32bbc13d30512e57c576b315f48c11877178389aaa0" CCM encrypt and tag NIST VADT AES-256 #31 (P=24, N=13, A=30, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3bf52cc5ee86b9a0190f390a5c0366a560b557000dbe5115fd9ee11630a62769":"094b538110495e938b08cf748a6bcf3e0c80ff9c66570237":"f9fbd02f28ecc929d369182752":"ebf0b3e3199a5c3773c761c725c7600add5f9d8321c9f8e5e5fd1c7a5d2f":"4d8b53016fc8bc9677184c0fa15bbd3d671b9366d82ecb67f8562eadcdcbcdbad1299bea1523f5d2" CCM encrypt and tag NIST VADT AES-256 #32 (P=24, N=13, A=31, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e45bb1730d0d539aab3805350ac986540de9f0f6c239ee70395c291397b70309":"bc8b3bc48c7a88c9fafde258b6ccaa9d4f0d018703d63871":"d5c7824af715bb7822b6b340fe":"860f4a09ad8b3d345c2aa18ffb803f0bc3b734a4d047a1437701a5e3d95288":"95f083ad6bbaee6ab540fe023858f8baf25e333fd3e89c00e678a392d228b210dc5c991905dacf3f" CCM encrypt and tag NIST VADT AES-256 #33 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2e6e34070caf1b8820ed39edfa83459abe1c15a1827f1c39f7ac316c4c27910f":"771a7baa9cf83aa253349f6475d5e74dba4525307b022ba7":"c49ccef869bb86d21932cb443b":"d37e35d7cdccd9824a1ae4c787819735e4af798a3beb49d4705336d6496853ad":"eebac2475004970071dfa2cfb855c4e78b1add8dcbccfc0bd6b14027324b657a56263df148665393" CCM auth decrypt tag NIST DVPT AES-128 #1 (P=0, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"02209f55":"5a8aa485c316e9":"":4:0:"" CCM auth decrypt tag NIST DVPT AES-128 #2 (P=0, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"9a04c241":"3796cf51b87266":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #3 (P=0, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"75d582db43ce9b13ab4b6f7f14341330":"5a8aa485c316e9":"":16:0:"" CCM auth decrypt tag NIST DVPT AES-128 #4 (P=0, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3a65e03af37b81d05acc7ec1bc39deb0":"3796cf51b87266":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #5 (P=0, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"90156f3f":"5a8aa485c316e9403aff859fbb":"":4:0:"" CCM auth decrypt tag NIST DVPT AES-128 #6 (P=0, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"88909016":"a16a2e741f1cd9717285b6d882":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #7 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"fb04dc5a44c6bb000f2440f5154364b4":"5a8aa485c316e9403aff859fbb":"":16:0:"" CCM auth decrypt tag NIST DVPT AES-128 #8 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5447075bf42a59b91f08064738b015ab":"a16a2e741f1cd9717285b6d882":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #9 (P=24, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb703e1fa6b":"5a8aa485c316e9":"":4:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22" CCM auth decrypt tag NIST DVPT AES-128 #10 (P=24, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f23e5d81c":"31f8fa25827d48":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #11 (P=24, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f2d9a3fbc210595b7b8b1b41523111a8e":"5a8aa485c316e9":"":16:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22" CCM auth decrypt tag NIST DVPT AES-128 #12 (P=24, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd2463af747cc88a001fa94e060290f209c4":"31f8fa25827d48":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #13 (P=24, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134a3e138b9":"5a8aa485c316e9403aff859fbb":"":4:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697" CCM auth decrypt tag NIST DVPT AES-128 #14 (P=24, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654091a5ae9":"49004912fdd7269279b1f06a89":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #15 (P=24, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb6a9a970b9beb2ac1bd4fd62168f8378a":"5a8aa485c316e9403aff859fbb":"":16:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697" CCM auth decrypt tag NIST DVPT AES-128 #16 (P=24, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065a65666144994bad0c8195bcb4ade1337":"49004912fdd7269279b1f06a89":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #17 (P=0, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"782e4318":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:"" CCM auth decrypt tag NIST DVPT AES-128 #18 (P=0, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"a04f270a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #19 (P=0, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"41b476013f45e4a781f253a6f3b1e530":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:"" CCM auth decrypt tag NIST DVPT AES-128 #20 (P=0, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"f9f018fcd125822616083fffebc4c8e6":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #21 (P=0, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"9f69f24f":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:"" CCM auth decrypt tag NIST DVPT AES-128 #22 (P=0, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"e17afaa4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #23 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"1859ac36a40a6b28b34266253627797a":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:"" CCM auth decrypt tag NIST DVPT AES-128 #24 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"edf8b46eb69ac0044116019dec183072":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #25 (P=24, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b338f125fa":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768" CCM auth decrypt tag NIST DVPT AES-128 #26 (P=24, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c728a66b69":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #27 (P=24, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b512cf3a20b7fd7c49e6e79bef475c2906f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768" CCM auth decrypt tag NIST DVPT AES-128 #28 (P=24, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a3081d18ca149d6766bfaccec88f194eb5b":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #29 (P=24, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"934f893824e880f743d196b22d1f340a52608155087bd28ac25e5329":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5" CCM auth decrypt tag NIST DVPT AES-128 #30 (P=24, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a6559b3b3ee":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-128 #31 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375c0a458bfcafa3b2609afe0f825cbf503":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5" CCM auth decrypt tag NIST DVPT AES-128 #32 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c390042ba8bb5f6798dab01c5afad7306":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #1 (P=0, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"9d4b7f3b":"5a8aa485c316e9":"":4:0:"" CCM auth decrypt tag NIST DVPT AES-192 #2 (P=0, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"80745de9":"3796cf51b87266":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #3 (P=0, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"17223038fa99d53681ca1beabe78d1b4":"5a8aa485c316e9":"":16:0:"" CCM auth decrypt tag NIST DVPT AES-192 #4 (P=0, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"d0e1eeef4d2a264536bb1c2c1bde7c35":"3796cf51b87266":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #5 (P=0, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"fe69ed84":"5a8aa485c316e9403aff859fbb":"":4:0:"" CCM auth decrypt tag NIST DVPT AES-192 #6 (P=0, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"db7ffc82":"a16a2e741f1cd9717285b6d882":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #7 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":"5a8aa485c316e9403aff859fbb":"":16:0:"" CCM auth decrypt tag NIST DVPT AES-192 #8 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"38757b3a61a4dc97ca3ab88bf1240695":"a16a2e741f1cd9717285b6d882":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #9 (P=24, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138cddc93a54":"5a8aa485c316e9":"":4:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22" CCM auth decrypt tag NIST DVPT AES-192 #10 (P=24, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"32b649ab56162e55d4148a1292d6a225a988eb1308298273b6889036":"31f8fa25827d48":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #11 (P=24, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8c5a5ebecf7ac8607fe412189e83d9d20":"5a8aa485c316e9":"":16:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22" CCM auth decrypt tag NIST DVPT AES-192 #12 (P=24, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6e699f15f14d34dcaf9ba8ed4b877c97d":"31f8fa25827d48":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #13 (P=24, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a34fad277":"5a8aa485c316e9403aff859fbb":"":4:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697" CCM auth decrypt tag NIST DVPT AES-192 #14 (P=24, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5a35df775":"49004912fdd7269279b1f06a89":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #15 (P=24, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671ea7ade30a07d185692ab0ebdf4c78cf7a":"5a8aa485c316e9403aff859fbb":"":16:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697" CCM auth decrypt tag NIST DVPT AES-192 #16 (P=24, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312ef042c86363cc05afb98c66e16be8a445":"49004912fdd7269279b1f06a89":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #17 (P=0, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"1d089a5f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:"" CCM auth decrypt tag NIST DVPT AES-192 #18 (P=0, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"2f46022a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #19 (P=0, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5280a2137fee3deefcfe9b63a1199fb3":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:"" CCM auth decrypt tag NIST DVPT AES-192 #20 (P=0, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"d40a7318c5f2d82f838c0beeefe0d598":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #21 (P=0, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5e0eaebd":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:"" CCM auth decrypt tag NIST DVPT AES-192 #22 (P=0, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"71b7fc33":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #23 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"d07ccf9fdc3d33aa94cda3d230da707c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:"" CCM auth decrypt tag NIST DVPT AES-192 #24 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"65fe32b649dc328c9f531584897e85b3":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #25 (P=24, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"9f6ca4af9b159148c889a6584d1183ea26e2614874b0504575dea8d1":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768" CCM auth decrypt tag NIST DVPT AES-192 #26 (P=24, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1ebd7965825":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #27 (P=24, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd14d1d980d6fe0fb44b421992662b97975":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768" CCM auth decrypt tag NIST DVPT AES-192 #28 (P=24, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa206603c51d36c826f01384100886198a7f6a3":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #29 (P=24, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854cccc25e9fce":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5" CCM auth decrypt tag NIST DVPT AES-192 #30 (P=24, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae98ecedb3e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-192 #31 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f3178464a6f7fa2b76744e8e8d95691cecb8":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5" CCM auth decrypt tag NIST DVPT AES-192 #32 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c06bd6dc2e6bcc3436cffb969ae900388":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #1 (P=0, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"469c90bb":"a544218dadd3c1":"":4:0:"" CCM auth decrypt tag NIST DVPT AES-256 #2 (P=0, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"46a908ed":"d3d5424e20fbec":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #3 (P=0, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8207eb14d33855a52acceed17dbcbf6e":"a544218dadd3c1":"":16:0:"" CCM auth decrypt tag NIST DVPT AES-256 #4 (P=0, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"60f8e127cb4d30db6df0622158cd931d":"d3d5424e20fbec":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #5 (P=0, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8a19a133":"a544218dadd3c10583db49cf39":"":4:0:"" CCM auth decrypt tag NIST DVPT AES-256 #6 (P=0, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"2e317f1b":"3c0e2815d37d844f7ac240ba9d":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #7 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"97e1a8dd4259ccd2e431e057b0397fcf":"a544218dadd3c10583db49cf39":"":16:0:"" CCM auth decrypt tag NIST DVPT AES-256 #8 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"5a9596c511ea6a8671adefc4f2157d8b":"3c0e2815d37d844f7ac240ba9d":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #9 (P=24, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b722aa8d59":"a544218dadd3c1":"":4:0:"d3d5424e20fbec43ae495353ed830271515ab104f8860c98" CCM auth decrypt tag NIST DVPT AES-256 #10 (P=24, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a20277d00a75":"bfcda8b5a2d0d2":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #11 (P=24, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd374f3bb6db8377ebfc79674858c4f305":"a544218dadd3c1":"":16:0:"d3d5424e20fbec43ae495353ed830271515ab104f8860c98" CCM auth decrypt tag NIST DVPT AES-256 #12 (P=24, N=7, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"afa1fa8e8a70e26b02161150556d604101fdf423f332c3363275f2a4907d51b734fe7238cebbd48f":"bfcda8b5a2d0d2":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #13 (P=24, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f4123d14fb3f":"a544218dadd3c10583db49cf39":"":4:0:"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e" CCM auth decrypt tag NIST DVPT AES-256 #14 (P=24, N=13, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d8d0c0099":"894dcaa61008eb8fb052c60d41":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #15 (P=24, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c423a578d179902f912f9ea1afbce1120b3":"a544218dadd3c10583db49cf39":"":16:0:"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e" CCM auth decrypt tag NIST DVPT AES-256 #16 (P=24, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae769084607b83bd06e6442eac8dacf583cc":"894dcaa61008eb8fb052c60d41":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #17 (P=0, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"92d00fbe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:0:"" CCM auth decrypt tag NIST DVPT AES-256 #18 (P=0, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"9143e5c4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #19 (P=0, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"93af11a08379eb37a16aa2837f09d69d":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:0:"" CCM auth decrypt tag NIST DVPT AES-256 #20 (P=0, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"d19b0c14ec686a7961ca7c386d125a65":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #21 (P=0, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"866d4227":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:0:"" CCM auth decrypt tag NIST DVPT AES-256 #22 (P=0, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"94cb1127":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"867b0d87cf6e0f718200a97b4f6d5ad5":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:0:"" CCM auth decrypt tag NIST DVPT AES-256 #24 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"677a040d46ee3f2b7838273bdad14f16":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #25 (P=24, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc56083ebc7720":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:0:"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3" CCM auth decrypt tag NIST DVPT AES-256 #26 (P=24, N=7, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81c44db2c9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #27 (P=24, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce1ac68bd42f5ec7fa7e068cc0ecd79c2a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:0:"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3" CCM auth decrypt tag NIST DVPT AES-256 #28 (P=24, N=7, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"d543acda712b898cbb27b8f598b2e4438ce587a836e2785147c3338a2400809e739b63ba8227d2f9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #29 (P=24, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69ef891339":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:0:"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3" CCM auth decrypt tag NIST DVPT AES-256 #30 (P=24, N=13, A=32, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f63d488623":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":4:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM auth decrypt tag NIST DVPT AES-256 #31 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781367f30f2eaad8c063ca50795acd90203":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:0:"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3" CCM auth decrypt tag NIST DVPT AES-256 #32 (P=24, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc4b41096dfdbe9cc1ab610f8f3e038d16":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":16:MBEDTLS_ERR_CCM_AUTH_FAILED:"" CCM-Camellia encrypt and tag RFC 5528 #1 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"00000003020100A0A1A2A3A4A5":"0001020304050607":"BA737185E719310492F38A5F1251DA55FAFBC949848A0DFCAECE746B3DB9AD" CCM-Camellia encrypt and tag RFC 5528 #2 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"00000004030201A0A1A2A3A4A5":"0001020304050607":"5D2564BF8EAFE1D99526EC016D1BF0424CFBD2CD62848F3360B2295DF24283E8" CCM-Camellia encrypt and tag RFC 5528 #3 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20":"00000005040302A0A1A2A3A4A5":"0001020304050607":"81F663D6C7787817F9203608B982AD15DC2BBD87D756F79204F551D6682F23AA46" CCM-Camellia encrypt and tag RFC 5528 #4 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E":"00000006050403A0A1A2A3A4A5":"000102030405060708090A0B":"CAEF1E827211B08F7BD90F08C77288C070A4A08B3A933A63E497A0" CCM-Camellia encrypt and tag RFC 5528 #5 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E1F":"00000007060504A0A1A2A3A4A5":"000102030405060708090A0B":"2AD3BAD94FC52E92BE438E827C1023B96A8A77258FA17BA7F331DB09" CCM-Camellia encrypt and tag RFC 5528 #6 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E1F20":"00000008070605A0A1A2A3A4A5":"000102030405060708090A0B":"FEA5480BA53FA8D3C34422AACE4DE67FFA3BB73BABAB36A1EE4FE0FE28" CCM-Camellia encrypt and tag RFC 5528 #7 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"00000009080706A0A1A2A3A4A5":"0001020304050607":"54532026E54C119A8D36D9EC6E1ED97416C8708C4B5C2CACAFA3BCCF7A4EBF9573" CCM-Camellia encrypt and tag RFC 5528 #8 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"0000000A090807A0A1A2A3A4A5":"0001020304050607":"8AD19B001A87D148F4D92BEF34525CCCE3A63C6512A6F5757388E4913EF14701F441" CCM-Camellia encrypt and tag RFC 5528 #9 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20":"0000000B0A0908A0A1A2A3A4A5":"0001020304050607":"5DB08D62407E6E31D60F9CA2C60474219AC0BE50C0D4A5778794D6E230CD25C9FEBF87" CCM-Camellia encrypt and tag RFC 5528 #10 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E":"0000000C0B0A09A0A1A2A3A4A5":"000102030405060708090A0B":"DB118CCEC1B8761C877CD8963A67D6F3BBBC5CD09299EB11F312F23237" CCM-Camellia encrypt and tag RFC 5528 #11 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E1F":"0000000D0C0B0AA0A1A2A3A4A5":"000102030405060708090A0B":"7CC83D8DC49103525B483DC5CA7EA9AB812B7056079DAFFADA16CCCF2C4E" CCM-Camellia encrypt and tag RFC 5528 #12 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0C0D0E0F101112131415161718191A1B1C1D1E1F20":"0000000E0D0C0BA0A1A2A3A4A5":"000102030405060708090A0B":"2CD35B8820D23E7AA351B0E92FC79367238B2CC748CBB94C2947793D64AF75" CCM-Camellia encrypt and tag RFC 5528 #13 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"C6B5F3E6CA2311AEF7472B203E735EA561ADB17D56C5A3":"00A970110E1927B160B6A31C1C":"6B7F464507FAE496":"A435D727348DDD22907F7EB8F5FDBB4D939DA6524DB4F64558C02D25B127EE" CCM-Camellia encrypt and tag RFC 5528 #14 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"01F6CE6764C574483BB02E6BBF1E0ABD26A22572B4D80EE7":"0083CD8CE0CB42B160B6A31C1C":"986605B43DF15DE7":"8AE052508FBECA932E346F05E0DC0DFBCF939EAFFA3E587C867D6E1C48703806" CCM-Camellia encrypt and tag RFC 5528 #15 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"CDF1D8406FC2E9014953897005FBFB8BA57276F92404608E08":"005F54950B18F2B160B6A31C1C":"48F2E7E1A7671A51":"08B67EE21C8BF26E473E408599E9C0836D6AF0BB18DF55466CA80878A790476DE5" CCM-Camellia encrypt and tag RFC 5528 #16 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"B005DCFA0B59181426A961685A993D8C43185B":"00EC600863319AB160B6A31C1C":"DE97DF3B8CBD6D8E5030DA4C":"63B78B4967B19EDBB733CD1114F64EB226089368C354828D950CC5" CCM-Camellia encrypt and tag RFC 5528 #17 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"2E20211298105F129D5ED95B93F72D30B2FACCD7":"0060CFF1A31EA1B160B6A31C1C":"A5EE93E457DF05466E782DCF":"0BC6BBE2A8B909F4629EE6DC148DA44410E18AF43147383276F66A9F" CCM-Camellia encrypt and tag RFC 5528 #18 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"2645941E75632D3491AF0FC0C9876C3BE4AA7468C9":"000F85CD995C97B160B6A31C1C":"24AA1BF9A5CD876182A25074":"222AD632FA31D6AF970C345F7E77CA3BD0DC25B340A1A3D31F8D4B44B7" CCM-Camellia encrypt and tag RFC 5528 #19 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"070135A6437C9DB120CD61D8F6C39C3EA125FD95A0D23D":"00C29B2CAAC4CDB160B6A31C1C":"691946B9CA07BE87":"05B8E1B9C49CFD56CF130AA6251DC2ECC06CCC508FE697A0066D57C84BEC182768" CCM-Camellia encrypt and tag RFC 5528 #20 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"C8C0880E6C636E20093DD6594217D2E18877DB264E71A5CC":"002C6B7595EE62B160B6A31C1C":"D0C54ECB84627DC4":"54CEB968DEE23611575EC003DFAA1CD48849BDF5AE2EDB6B7FA775B150ED4383C5A9" CCM-Camellia encrypt and tag RFC 5528 #21 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"F75DAA0710C4E64297794DC2B7D2A20757B1AA4E448002FFAB":"00C53CD4C2AA24B160B6A31C1C":"E285E0E4808CDA3D":"B1404546BF667210CA28E309B39BD6CA7E9FC8285FE698D43CD20A02E0BDCAED2010D3" CCM-Camellia encrypt and tag RFC 5528 #22 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"C238822FAC5F98FF929405B0AD127A4E41854E":"00BEE9267FBADCB160B6A31C1C":"6CAEF9941141570D7C813405":"94C8959C11569A297831A721005857AB61B87A2DEA0936B6EB5F625F5D" CCM-Camellia encrypt and tag RFC 5528 #23 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"4DBF3E774AD245E5D5891F9D1C32A0AE022C85D7":"00DFA8B1245007B160B6A31C1C":"36A52CF16B19A2037AB7011E":"5869E3AAD2447C74E0FC05F9A4EA74577F4DE8CA8924764296AD04119CE7" CCM-Camellia encrypt and tag RFC 5528 #24 -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"9DC9EDAE2FF5DF8636E8C6DE0EED55F7867E33337D":"003B8FD8D3A937B160B6A31C1C":"A4D499F78419728C19178B0C":"4B198156393B0F7796086AAFB454F8C3F034CCA966945F1FCEA7E11BEE6A2F" CCM encrypt, skip ad AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" CCM* encrypt, skip ad AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" CCM decrypt, skip ad AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" CCM* decrypt, skip ad AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" CCM encrypt, skip ad NIST VADT AES-128 (P=24, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":"1123301219c70599b7c373ad4b3ad67b" CCM* encrypt, skip ad NIST VADT AES-128 (P=24, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":"1123301219c70599b7c373ad4b3ad67b" CCM decrypt, skip ad NIST DVPT AES-192 (P=24, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":"ddc93a54" CCM* decrypt, skip ad NIST DVPT AES-192 (P=24, N=7, A=0, T=4) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":"ddc93a54" CCM encrypt, skip update AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" CCM decrypt, skip update AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" CCM* encrypt, skip update AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" CCM* decrypt, skip update AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" CCM encrypt, skip update NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"2ebf60f0969013a54a3dedb19d20f6c8":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880" CCM* encrypt, skip update NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"2ebf60f0969013a54a3dedb19d20f6c8":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880" CCM decrypt, skip update NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"867b0d87cf6e0f718200a97b4f6d5ad5" CCM* decrypt, skip update NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"867b0d87cf6e0f718200a97b4f6d5ad5" CCM encrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM encrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM encrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM encrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM encrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM encrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM encrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM encrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM decrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM decrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM decrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM decrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM decrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM decrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM decrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM decrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM* encrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM* encrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM* encrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM* encrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM* encrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM* encrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM* encrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM* encrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM* decrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM* decrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM* decrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM* decrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" CCM* decrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM* decrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM* decrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM* decrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM encrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98" CCM decrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98" CCM* encrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98" CCM* decrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98" CCM encrypt, instant finish AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af" CCM decrypt, instant finish AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af" CCM* encrypt, instant finish AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af" CCM* decrypt, instant finish AES-128 (P=0, N=13, A=0, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af" CCM pass unexpected auth data, NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_unexpected_ad::MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM encrypt, unexpected ciphertext/plaintext data, NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_unexpected_text:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" CCM* encrypt, no auth NIST VADT AES-256 #1 (P=24, N=13) -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_ccm_star_no_tag:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"72a60f345a1978fb40f28a2fa4":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e" CCM* decrypt, no auth NIST DVPT AES-128 #15 (P=24, N=13) -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES mbedtls_ccm_star_no_tag:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"90929a4b0ac65b350ad1591611fe4829":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697" diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 0685e5bd1e..9831666c3e 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -66,7 +66,7 @@ exit: * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ +/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_CCM_GCM_CAN_AES */ void mbedtls_ccm_self_test() { BLOCK_CIPHER_PSA_INIT(); @@ -95,7 +95,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ +/* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */ void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res) { mbedtls_ccm_context ctx; diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data index ede6f243c1..a6d5e57bda 100644 --- a/tests/suites/test_suite_gcm.aes128_de.data +++ b/tests/suites/test_suite_gcm.aes128_de.data @@ -1,735 +1,735 @@ AES-GCM NIST Validation (AES-128,128,0,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d785dafea3e966731ef6fc6202262584":"":"d91a46205ee94058b3b8403997592dd2":"":128:"3b92a17c1b9c3578a68cffea5a5b6245":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aec963833b9098de1ababc853ab74d96":"":"4e0ffd93beffd732c6f7d6ad606a2d24":"":128:"e9fcedc176dfe587dc61b2011010cdf1":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c4fb9e3393681da9cec5ec96f87c5c31":"":"845e910bc055d895879f62101d08b4c7":"":128:"99fb783c497416e4b6e2a5de7c782057":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2a930f2e09beceacd9919cb76f2ac8d3":"":"340d9af44f6370eff534c653033a785a":"":120:"0c1e5e9c8fe5edfd11f114f3503d63":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe71177e02073b1c407b5724e2263a5e":"":"83c23d20d2a9d4b8f92da96587c96b18":"":120:"43b2ca795420f35f6cb39f5dfa47a2":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b02392fd7f228888c281e59d1eaa15fb":"":"2726344ba8912c737e195424e1e6679e":"":120:"a10b601ca8053536a2af2cc255d2b6":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"21895cbafc16b7b8bf5867e88e0853d4":"":"f987ce1005d9bbd31d2452fb80957753":"":112:"952a7e265830d58a6778d68b9450":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bb9742bf47f68caf64963d7c10a97b0":"":"34a85669de64e1cd44731905fddbcbc5":"":112:"e9b6be928aa77b2de28b480ae74c":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4e9708e4b37e2e1b5feaf4f5ab54e2a6":"":"1c53a9fdd23919b036d99560619a9939":"":112:"6611b50d6fbca83047f9f5fe1768":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"82fede79db25f00be96eb050a22cea87":"":"e9c50b517ab26c89b83c1f0cac50162c":"":104:"d0c0ce9db60b77b0e31d05e048":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1d98566fca5201abb12914311a8bd532":"":"590aef4b46a9023405d075edab7e6849":"":104:"a1cfd1a27b341f49eda2ca8305":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3038771820c2e1319f02a74b8a7a0c08":"":"e556d9f07fb69d7e9a644261c80fac92":"":104:"4d2f005d662b6a8787f231c5e1":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0fb7eef50de598d7d8b508d019a30d5a":"":"a2a2617040116c2c7e4236d2d8278213":"":96:"68413c58df7bb5f067197ca0":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8cc58b609204215c8ab4908286e56e5c":"":"fb83ea637279332677b5f68081173e99":"":96:"a2a9160d82739a55d8cd419f":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81a5fd184742a478432963f6477e8f92":"":"da297cbb53b11d7c379e0566299b4d5a":"":96:"200bee49466fdda2f21f0062":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f604ac66d626959e595cbb7b4128e096":"":"269d2a49d533c6bb38008711f38e0b39":"":64:"468200fa4683e8be":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2e308ba7903e925f768c1d00ff3eb623":"":"335acd2aa48a47a37cfe21e491f1b141":"":64:"4872bfd5e2ff55f6":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1304e2a5a3520454a5109df61a67da7a":"":"dbe8b452acf4fa1444c3668e9ee72d26":"":64:"83a0d3440200ca95":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ecf1ec2c9a8f2e9cc799f9b9fddb3232":"":"ddf0b695aef5df2b594fcaae72b7e41c":"":32:"2819aedf":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9ab5c8ca905b5fe50461f4a68941144b":"":"96dd3927a96e16123f2e9d6b367d303f":"":32:"6e0c53ef":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5fc7af605721a9cfe61c1ee6a4b3e22":"":"6b757d4055823d1035d01077666037d6":"":32:"e8c09ddd":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"03c0b4a6e508a8490db0d086a82c9db7":"":"ac52f6c1a05030321fa39f87e89fdb5e":"33316ca79d10a79f4fd038593e8eef09625089dc4e0ffe4bc1f2871554fa6666ab3e7fe7885edef694b410456f3ec0e513bb25f1b48d95e4820c5972c1aabb25c84c08566002dadc36df334c1ce86847964a122016d389ac873bca8c335a7a99bcef91e1b985ae5d488a2d7f78b4bf14e0c2dc715e814f4e24276057cf668172":128:"756292d8b4653887edef51679b161812":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b228d3d15219ea9ad5651fce02c8374d":"":"5c7eafaead029c3fe3cf3835fe758d0e":"8c35dd805c08686b9b4d460f81b4dcb8c46c6d57842dc3e72ba90952e2bebf17fe7184445b02f801800a944486d662a127d01d3b7f42679052cdc73ce533129af8d13957415c5495142157d6ce8a68aa977e56f562fed98e468e42522767656ce50369471060381bb752dd5e77c79677a4cadffa39e518e30a789e793b07ea21":128:"a4dde1ab93c84937c3bbc3ad5237818d":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"776afcbabedd5577fe660a60f920b536":"":"5bbb7f1b14084e520408dd87b97705e9":"44631fc9d4a07416b0dfb4e2b42071e3e2be45502c9ddf72b3e61810eeda31a7d685ebb2ee43a2c06af374569f439ee1668c550067de2dece9ec46ee72b260858d6033f814e85275c5ae669b60803a8c516de32804fa34d3a213ccfaf6689046e25eeb30b9e1608e689f4d31cc664b83a468a51165f5625f12f098a6bf7ddab2":128:"a5347d41d93b587240651bcd5230264f":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"20abeafa25fc4ea7d0592cb3e9b4d5fe":"":"3aba79a58c5aa664856b41d552c7a8d3":"98cfecaae9eb9a7c3b17e6bc5f80d8a4bf7a9f4fa5e01b74cae15ee6af14633205aafe3b28fb7b7918e12322ea27352056a603746d728a61361134a561619400ff2bf679045bac2e0fbc2c1d41f8faba4b27c7827bceda4e9bf505df4185515dd3a5e26f7639c8ad5a38bc5906a44be062f02cc53862678ae36fa3de3c02c982":120:"2a67ad1471a520fe09a304f0975f31":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2bc73fba942ff105823b5dccf6befb1c":"":"902c3e3b69b1ef8395d7281ff74cce38":"4adec0b4ac00325a860044d9f9519daa4f7c163229a75819b0fd7d8e23319f030e61dfa8eadabff42ea27bc36bdb6cad249e801ca631b656836448b7172c11126bad2781e6a1aa4f62c4eda53409408b008c057e0b81215cc13ddabbb8f1915f4bbab854f8b00763a530ad5055d265778cd3080d0bd35b76a329bdd5b5a2d268":120:"ebdd7c8e87fe733138a433543542d1":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"356a4c245868243d61756cabe86da887":"":"b442f2ec6d45a17144c258fd59fe5b3b":"12cccc3c60474b0a1579c5006c2134850724fa6c9da3a7022d4f65fd238b052bdf34ea34aa7dbadad64996065acee588ab6bd29726d07ed24ffae2d33aadf3e66ebb87f57e689fd85128be1c9e3d8362fad1f8096ee391f75b576fb213d394cef6f091fc5488d9aa152be69475b9167abd6dd4fd93bbbc7b8ca316c952eb19c6":120:"ed26080dcb670590613d97d7c47cf4":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dfa7e93aff73600fc552324253066e2c":"":"c20001e93f1cd05253c277a9445d61e4":"a64d1e20058a1f7e698622a02f7ff8dc11886717ede17bbdc3c4645a66a71d8b04346fb389a251ffb0a7f445a25faf642bb7e4697d2cacf925e78c4be98457996afb25b0516b50f179441d1923312364947f8f1e0f5715b43bd537727bf943d7b4679b0b0b28b94e56e7bbf554d9cf79fcee4387f32bb6f91efdd23620035be6":112:"6ba5e4dace9a54b50b901d9b73ad":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2ecea80b48d2ecd194a7699aa7d8ccfc":"":"8b4db08bafc23b65ae50a2d20661d270":"efc2ca1a3b41b90f8ddf74291d68f072a6e025d0c91c3ce2b133525943c73ebadc71f150be20afeb097442fa51be31a641df65d90ebd81dcbaf32711ed31f5e0271421377ffe14ddafea3ca60a600588d484856a98de73f56a766ae60bae384a4ae01a1a06821cf0c7a6b4ee4c8f413748457b3777283d3310218fb55c107293":112:"246a9d37553088b6411ebb62aa16":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d38fee3fd3d6d08224c3c83529a25d08":"":"a942ccb11cf9468186fabfc18c899801":"1c92a4ce0a1dae27e720d6f9b1e460276538de437f3812ab1177cf0273b05908f296f33ba0f4c790abe2ce958b1d92b930a0d81243e6ad09ef86ee8e3270243095096537cb1054fcfcf537d828b65af9b6cf7c50f5b8470f7908f314d0859107eed772ee1732c78e8a2e35b2493f3e8c1e601b08aeab8d9729e0294dca168c62":112:"803a08700ec86fdeb88f7a388921":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1899b0cbae41d705c6eed3226afb5bc0":"":"82d0910aa53e300a487d880d018d0dea":"6bf5583cc1007d74f3529db63b8d4e085400ccf3725eab8e19cb145f3910c61465a21486740a26f74691866a9f632af9fae81f5f0bffedf0c28a6ce0fd520bb4db04a3cd1a7d29d8801e05e4b9c9374fd89bcb539489c2f7f1f801c253a1cc737408669bcd133b62da357f7399a52179125aa59fae6707d340846886d730a835":104:"c5d58870fee9ce157f5ec1fa8f":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8b95323d86d02754f4c2874b42ec6eb0":"":"4f76084acbdef9999c71dcc794238d7c":"ebc75788377c0b264818a6f97c19cf92c29f1c7cdeb6b5f0a92d238fa4614bc35d0cfe4ec9d045cd628ff6262c460679ac15b0c6366d9289bbd217e5012279e0af0fb2cfcbdf51fe16935968cbb727f725fe5bcd4428905849746c8493600ce8b2cfc1b61b04c8b752b915fed611d6b54ef73ec4e3950d6db1807b1ce7ed1dcc":104:"c4724ff1d2c57295eb733e9cad":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30da555559eb11cf7e0eff9d99e9607d":"":"7799275bf12335f281ec94a870f90a0b":"e735d556e15aec78d9736016c8c99db753ed14d4e4adaaa1dd7eaad702ea5dc337433f8c2b45afdf2f385fdf6c55574425571e079ca759b6235f877ed11618ff212bafd865a22b80b76b3b5cf1acfd24d92fd41607bbb7382f26cd703757088d497b16b32de80e1256c734a9b83356b6fced207177de75458481eaef59a431d7":104:"3c82272130e17c4a0a007a908e":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ed2ac74af896c5190c271cfa6af02fd2":"":"e0226e2d8da47badad1fb78b9a797f27":"8f11353ae476ff923013e6e736ffc9d23101a1c471ccc07ad372a8430d6559c376075efce2e318cdf4c9443dbf132e7e6da5524045028c97e904633b44c4d189a4b64237ac7692dd03c0e751ce9f04d0fdbd8a96074cd7dfa2fd441a52328b4ac3974b4902db45663f7b6f24947dba618f8b9769e927faf84c9f49ad8239b9fb":96:"db8af7a0d548fc54d9457c73":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0225b73fe5fbbe52f838d873173959d8":"":"02a048764f48d9aed1147ee922395bbf":"9b46a57b06e156c877e94c089814493ead879397dab3dfcab2db349ef387efcd0cc339a7e79131a2c580188fc7429044a465b8329d74cd8f47272a4ed32582b1c5c7e3d32341ae902ea4923dc33df8062bc24bb51a11d2ecc82f464f615041387f9c82bd2135d4e240fe56fa8a68e6a9a417e6702430a434b14d70cf02db3181":96:"e2c2ce4022c49a95c9ac9026":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"89ca3771a0ef3287568b4ac036120198":"":"7e83d2ffa8af8c554cfd71a0db56ef5b":"1bd7a9d6262882bd12c62bd50942965b3cdcadf5e0fab2dc4d0daf0ee4b16e92c6e2464c0caa423cdce88e4d843490609716ec5e44c41672c656ac0e444d3622557ea8420c94deae3ad190ddaf859f6f8c23e4e2e32a46d28df23de4f99bd6c34f69e06eddfdfa5f263dbe8baf9d4296b2c543e4c4847271e7590374edf46234":96:"06b2bf62591dc7ec1b814705":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a41a297bd96e224942998fe2192934a1":"":"6827f2c5a0b7ecd6bbc696abb0adf556":"f32041abd8543415cbac423d945dda5378a16a7e94d9ab5dbd2d32eb1c5048cc7c8e4df3ca84ec725f18c34cfdeaa7595392aabfd66d9e2f37c1165369cd806cd9d2110def6f5fad4345e5a6e2326c9300199438fcc078cd9fcf4d76872cac77fc9a0a8ac7e4d63995078a9addecf798460ff5910861b76c71bccfb6b629d722":64:"49a4917eef61f78e":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a9372c058f42e0a1d019bdb528313919":"":"8d03f423230c8f00a5b6b712d426a2af":"cfef4e70fcc1821eeccf7c7b5eb3c0c3b5f72dc762426e0bd26242f8aa68c5b716ab97eded5e5720caccc1965da603d556d8214d5828f2cf276d95bf552d47313876796221f62ccb818a6d801088755d58cfb751bfed0d5a19718d4e0f94b850e0279b3a69295d1837cba958a6cc56e7594080b9e5b954a199fdc9e54ddc8583":64:"b82cd11cd3575c8d":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6302b7338f8fa84195ad9abbacd89b4e":"":"e1bed5c53547cbc85f3411fbb43bb08b":"bcd329c076e8da2797d50dcdcf271cecf3ce12f3c136ed746edc722f907be6133276ee099038fdc5d73eec812739c7489d4bcc275f95451b44890416e3ffe5a1b6fa3986b84eee3adad774c6feaecb1f785053eeda2cfc18953b8547866d98918dbe0a6abc168ac7d77467a367f11c284924d9d186ef64ef0fd54eacd75156d2":64:"5222d092e9e8bd6c":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78b5c28d62e4b2097873a1180bd5a3a5":"":"c93902c2819ee494f0fc4b259ee65dd8":"e6b1192674a02083a6cf36d4ba93ba40a5331fadf63fd1eb2efa2ee9c0d8818472aaaf2b4705746011753f30f447c8f58dd34d29606daf57eadc172529837058cb78a378b19da8d63c321f550dfa256b5fd9f30e93d8f377443bfcd125f86a079a1765d2010be73d060f24eebae8d05e644688b2149bc39e18bd527bc066f2ba":32:"eae48137":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d84130578070e036c9e3df5b5509473":"":"3b9b4950523a19c6866fd2b0cde541fd":"a764931e1b21a140c54a8619aacdb4358834987fb6e263cec525f888f9e9764c165aaa7db74f2c42273f912daeae6d72b232a872ac2c652d7cd3af3a5753f58331c11b6c866475697876dbc4c6ca0e52a00ba015ee3c3b7fb444c6e50a4b4b9bbe135fc0632d32a3f79f333d8f487771ed12522e664b9cf90e66da267f47a74d":32:"79987692":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08428605ab4742a3e8a55354d4764620":"":"128f5f4a817e4af04113847a223adeb0":"464b484ed79d93a48e0f804e04df69d7ca10ad04ba7188d69e6549ab50503baaec67e0acba5537d1163c868fd3e350e9d0ae9123046bc76815c201a947aa4a7e4ed239ce889d4ff9c8d043877de06df5fc27cf67442b729b02e9c30287c0821ef9fa15d4cccbc53a95fa9ec3ed432ca960ebbf5a169ccada95a5bf4c7c968830":32:"3eb3e3a2":"":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dd358bc3f992f26e81e3a2f3aa2d517":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"d8c750bb443ee1a169dfe97cfe4d855b":"":128:"a81d13973baa22a751833d7d3f94b3b1":"":"77949b29f085bb3abb71a5386003811233056d3296eb093370f7777dadd306d93d59dcb9754d3857cf2758091ba661f845ef0582f6ae0e134328106f0d5d16b541cd74fdc756dc7b53f4f8a194daeea9369ebb1630c01ccb307b848e9527da20a39898d748fd59206f0b79d0ed946a8958033a45bd9ae673518b32606748eb65":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"43b5f18227e5c74288dbeff03801acd6":"f58d630f10cfca61d4644d4f6505bab629e8e8faf1673e64417f9b79e622966a7011cfb3ff74db5cebf09ad3f41643d4437d213204a6c8397e7d59b8a5b1970aed2b6bb5ea1933c72c351f6ba96c0b0b98188f6e373f5db6c5ebece911ec7a1848abd3ae335515c774e0027dab7d1c07d047d3b8825ff94222dbaf6f9ab597ee":"08ee12246cf7edb81da3d610f3ebd167":"":128:"82d83b2f7da218d1d1441a5b37bcb065":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a433c612d7e1bdff881e4d63ba8b141":"ce10758332f423228b5e4ae31efda7677586934a1d8f05d9b7a0dc4e2010ec3eaacb71a527a5fff8e787d75ebd24ad163394c891b33477ed9e2a2d853c364cb1c5d0bc317fcaf4010817dbe5f1fd1037c701b291b3a66b164bc818bf5c00a4c210a1671faa574d74c7f3543f6c09aaf117e12e2eb3dae55edb1cc5b4086b617d":"8b670cf31f470f79a6c0b79e73863ca1":"":128:"8526fd25daf890e79946a205b698f287":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8e9d75c781d63b29f1816859f7a0e0a0":"a9f1883f58e4ef78377992101ab86da0dafcefa827904dd94dff6f6704b1e45517165a34c5555a55b04c6992fb6d0840a71bd262fe59815e5c7b80fe803b47d5ba44982a3f72cb42f591d8b62df38c9f56a5868af8f68242e3a15f97be8ef2399dbace1273f509623b6f9e4d27a97436aebf2d044e75f1c62694db77ceac05de":"748a3b486b62a164cedcf1bab9325add":"":120:"131e0e4ce46d768674a7bcacdcef9c":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe6b8553002c69396d9976bb48d30779":"786f4801b16de7a4931ab143b269c7acc68f1ed9b17a95e8929ccec7d53413059fd4267bedbf079d9d69e90314c1345bc9cb9132f1af69323157ddf7533ced42b4b7bd39004f14d326f5b03bc19084d231d93bcab328312d99b426c1e86e8e049d380bb492e2e32ad690af4cf86838d89a0dfdcbc30e8c9e9039e423a234e113":"595b17d0d76b83780235f5e0c92bd21f":"":120:"8879de07815a88877b0623de9be411":"":"b15dc7cd44adcb0783f30f592e5e03ccd47851725af9fe45bfc5b01ae35779b9a8b3f26fec468b188ec3cad40785c608d6bfd867b0ccf07a836ec20d2d9b8451636df153a32b637e7dcdbd606603d9e53f6e4c4cc8396286ce64b0ea638c10e5a567c0bc8e808080b71be51381e051336e60bf1663f6d2d7640a575e0752553b":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"14898c56009b459172fef9c17993b54f":"e7ba6ef722273238b975d551f95d3e77e9b75b24c547b86eafb457d409803bdf6e1443839d8604ee497020e1a3dbd687a819b17fdde0fcf240ce2129792792a58bfcd825773001ee959bf9ec8d228e27ce1cd93d7fb86769a3793361b6f82bf7daf284afc1ece657a1ee6346ea9294880755b9b623563ad2657ba2286488a2ef":"0862f8f87289988711a877d3231d44eb":"":120:"36938974301ae733760f83439437c4":"":"3fd56897a62743e0ab4a465bcc9777d5fd21ad2c9a59d7e4e1a60feccdc722b9820ec65cb47e1d1160d12ff2ea93abe11bc101b82514ead7d542007fee7b4e2dd6822849cd3e82d761ff7cf5ce4f40ad9fec54050a632a401451b426812cf03c2b16a8667a88bb3f7497e3308a91de6fd646d6a3562c92c24272411229a90802":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe5253d4b071793b081ebc122cc2a5f8":"b57a0bd7714ae95e77fa9452e11a7ed4a2bec60f81ad6ddb956d4b1cb5dfc277dcb4034d501801b26733b5e08c710c3cfdccc1b208dc7a92cd7ebe166320582bcaff64cc943c36fbe7008f004e5db70c40de05fa68b0c9d4c16c8f976130f20702b99674cd2f4c93aeaeb3abca4b1114dbc3a4b33e1226ad801aa0e21f7cc49b":"49e82d86804e196421ec19ddc8541066":"":112:"e8b8ae34f842277fe92729e891e3":"":"c4a31c7ec820469f895d57579f987733337ec6547d78d17c44a18fab91f0322cfe05f23f9afaf019cf9531dec2d420f3591d334f40d78643fd957b91ab588a7e392447bd702652017ede7fb0d61d444a3b3cc4136e1d4df13d9532eb71bcf3ff0ae65e847e1c572a2f90632362bc424da2249b36a84be2c2bb216ae7708f745c":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b3502d6f0d172246e16503cdf5793296":"09268b8046f1558794e35cdc4945b94227a176dd8cb77f92f883542b1c4be698c379541fd1d557c2a07c7206afdd49506d6a1559123de1783c7a60006df06d87f9119fb105e9b278eb93f81fd316b6fdc38ef702a2b9feaa878a0d1ea999db4c593438f32e0f849f3adabf277a161afb5c1c3460039156eec78944d5666c2563":"6ce994689ff72f9df62f386a187c1a13":"":112:"21cdf44ff4993eb54b55d58e5a8f":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5fb33dd73db309b9dfd3aee605cd94bf":"f4e011f8c99038c46854b427475f23488077ebf051c4b705a1adfdd493a0a10af7a7e9453965b94f52f61ae62ce9243a82a2dbf9c5a285db3fe34ed34ed08b5926f34c48171195f7062d02a6e6e795322a0475017371cb8f645cdcac94afc66dc43e7583bdf1c25790f4235076a53de6c64f3bc5004e5a9ce4783fbf639fad97":"3f6486f9e9e645292e0e425bac232268":"":112:"7ee5e0e2082b18d09abf141f902e":"":"0503cb531f1c967dae24f16dd651d544988a732020134896a0f109222e8639bf29ff69877c6ef4ac3df1b260842f909384e3d4409b99a47112681c4b17430041ca447a903a6c1b138f0efbb3b850d8290fceac9723a32edbf8e2d6e8143b1cbc7bf2d28d1b6c7f341a69918758cc82bbab5d898fa0f572d4ceaa11234cb511ec":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a958fe3b520081b638d9e4c7d5da7ac7":"dfa9487378c7d8af9c8dbd9e533cd81503d9e4e7dab43133bad11fd3050a53a833df9cc3208af1a86110567d311d5fc54b0d627de433c381b10e113898203ac5225140f951cdb64c6494592b6453f9b6f952ec5ece732fb46c09a324f26b27cdad63588006bb5c6c00b9aa10d5d3b2f9eaab69beeddd6f93966654f964260018":"c396109e96afde6f685d3c38aa3c2fae":"":104:"06ca91004be43cf46ed4599e23":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec319fb143eac8215b51541daec268f2":"d298d988e74927736237eb8ab09d7a86b854fa2fd1f7f3be83b417ac10aa9291f4af5b3fbaf75a296ac32369ad57ded3984b84711953e477de3035ba430a30ffb84c941936e6c8d2cae8d80159876f87dd682747f2dccc36d7c32ab227032b8ac70b313fa4202ea236e3ec4d9e4d8b48cf3b90b378edc5b1dbeec929549344f8":"8a4684f42a1775b03806574f401cff78":"":104:"e91acb1bfda191630b560debc9":"":"27ce4a622959930f4059f247d29d1438257093cc973bf1bae4e0515da88b9a7e21ec59c7e4d062035cdf88b91254d856b11c8c1944865fa12922227ded3eecccaa36341ecf5405c708e9ea173f1e6cdf090499d3bb079910771080814607a1efe62ec6835dc0333d19dd39dd9ea9f31cd3632128536149a122050bb9365b521d":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"14a3e69f351ac39b4297749a90c1365c":"051224f7b208549dcfda5f9d56ce5f0a072ef1f23f3810c693516c92622be6ed4d7a9e0f9450980ba490b2e9e3468ea7eef10bc9ebd673d91f32b748c1bf2c50cc4ebb59fc409c6d780bba00700d563ce1dc9927a6c860095a42ed053f3d640debfbfa7a4e6d5de234af19755000d95e7f414f1f78285ee165410c020038286b":"eb1c6c04437aa5a32bcc208bb3c01724":"":104:"e418815960559aefee8e0c3831":"":"797310a6ed9ce47cdc25f7f88f5dbbf6f8f4837701704d7afced250585922744598d6f95ba2eecf86e030cc5ee71b328fc1c4f2d4df945d1b91a2803d6ae8eba6881be5fe0f298dd0c0279e12720ede60b9e857ccca5abe9b4d7ee7f25108beebbfe33f05c0d9903bf613c2e7ed6a87b71b5e386d81b3ae53efd01055bbcccc2":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c34827771fc3918d1cee09ba9401b832":"ce79701b661066e53191c9acdaf677ad41622314898d7216e3f113e2e6e215d26d8bd139827f06ab3ea5c4105694e87db1dd6cec10e1f86a8744d4c541f08e40319e22ab42fc1a6c89edfd486b6f142c6bbbf84a73912e0b2e55b79db306ccabf839855afdd889e52ae981520c89e7dc29bb2adb1906cca8c93fcb21290a095b":"2379bbd39a1c22bc93b9b9cc45f3840b":"":96:"26e1f6cf0d9e0f36dfd669eb":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b1f9bd2006ec550b7b9913d383200b5d":"6d9fc8f586d50d6e0128172ae147844e80136905d3a297497a9566ca7c7445029028f14c9950acee92a5c12a9150f5e024e01c7505dd83937542b0b1288de9c292ae8ad918a09b2edf8493540b74c73d2794f2eb6eed18eba520ddea9567462c83330f33d7892fcde0b10c73a4e26ab1bef037cec7e0190b95188e9a752fee6f":"ca28fa6b64bb3b32ef7d211f1c8be759":"":96:"c87aac7ad0e85dbb103c0733":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8b2cef1a92aa0af2b00fb2a99855d5bc":"fd09525ef3c65ab5823e1b6c36b4a9449a3975c5d3a9e7e33c61fb32edcbb8e8c915b6202e3fbce87d73cc3b66d83d9ea7e1e353cc7468f08626932cf0235563e2a28953ee5a0afadb1c3cb513b1f1fc9a8a6cf326174b877448672f7731dd6430a51619da1a169ab302da5af5b38802f8bbf5890b5d9b45deda799679501dc4":"08d87b7acee87d884667f6b1e32e34d0":"":96:"3bd7685318010b0c5fe3308b":"":"583e64631c218549923e8ad33b728d07f23b0f19d2aff1ad7e20d564c591db0e117caa8f21e3f3345e3d84f0ccbb27274cddf9274410fc342cb2a5d4aea4e925d0dd5350389ee0dea23a842ff3f5c1198374a96f41e055f999cfbc2f47ceaa883da8eb6ff729f583eff1f91bd3f3254d4e81e60d9993b3455e67f405708e4422":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"175c306f8644b0c4b894ae3d0971505e":"fbe7ced7048f83e3a075661c4924eb77da1b4d6019d504afb942d728b31fd3b17557bd101c08453540a5e28d3505aeb8801a448afac2d9f68d20c0a31c7ef22bd95438851789eef1bebe8d96ac29607025b7e1366fecd3690ba90c315528dc435d9a786d36a16808d4b3e2c7c5175a1279792f1daccf51b2f91ac839465bb89a":"9860268ca2e10974f3726a0e5b9b310f":"":64:"f809105e5fc5b13c":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08c0edcfe342a676ccdc04bdf854b4b0":"1fc8ef8480c32d908b4bcbfa7074a38e915c20ed7a1c608422087e89442d7c5af6fe9c9a716c55793248062d8e6c6e8e904e2804da3a43701e4c78ecdb67e0b25308afc6d9b463356439cd095cff1bdf0fd91ab301c79fd257046cba79a5d5cd99f2502ad968420e4d499110106072dc687f434db0955c756a174a9024373c48":"4a7b70753930fe659f8cc38e5833f0c7":"":64:"9ab1e2f3c4606376":"":"983458c3f198bc685d98cea2b23cf71f0eb126e90937cab3492a46d9dc85d76bbb8035c6e209c34b2a7187df007faabe9f3064dc63f1cb15bf5a10655e39b94732e0c6583d56327e9701344e048887a81b256181cdfa9ec42ebc990875e4852240ddcb3cbc4ea4e6307075fd314f7190f3553267bd68b19e954e310ec3f8dbab":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"241067a0301edf0f825d793e03383ea1":"6984bb9830843529fad7f5e7760db89c778d62c764fcd2136ffb35d7d869f62f61d7fef64f65b7136398c1b5a792844528a18a13fba40b186ae08d1153b538007fc460684e2add8a9ed8dd82acbb8d357240daaa0c4deb979e54715545db03fe22e6d3906e89bdc81d535dae53075a58f65099434bfeed943dbc6024a92aa06a":"a30994261f48a66bb6c1fc3d69659228":"":64:"36c3b4a732ba75ae":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"03cccb5357bd2848332d1696f2ff90cb":"5e2f18cbc1e773df9f28be08abb3d0b64d545c870c5778ac8bb396bef857d2ac1342ae1afb3bf5d64e667bf837458415d48396204fe560e3b635eb10e560e437f2d0396952998fd36e116cd047c1d7f6fc9901094454d24165c557a8816e0d0a8e0ce41e040ba6f26ca567c74fc47d9738b8cd8dae5dfc831c65bc1ba9603a07":"e0754022dfb1f813ccaf321558790806":"":32:"c75f0246":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4e5e53c84a05d5a5348bac7b2611cf62":"489c00c05dec06f282924c680f621ab99ac87f7d33ebbb4ca0eee187ec177d30d2b4afb4ee9f0dc019cf1a4da16d84b7f5f5c7fce72a32461db115b5a5a433024fd5ed3d47161836bb057a0189ed768f95e45fa967d0cc512fc91b555808c4033c945e8f2f7d36428dcb61f697e791b74e5c79b2bcb9cb81bec70d8119cd8d76":"47e40543b7d16bc9122c40b106d31d43":"":32:"81eec75d":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c94008bf377f90b7a1c0d2ea38f730c":"7b3d619d115de9970b2df4e1f25194940b3f3da04c653231e8e6946de9dc08ae5ba37e2a93c232e1f9445f31c01333045f22bd832e3b5f9833f37070fafb0ef1c44cc5637058ab64d9e07bb81b32852d4cf749a3ddbfdb494f8de8bb4e31f46033f8a16bc22e2595d023845505ea5db74dd69ab4ca940078b09efb4ff19bdb66":"abfe92931a8411a39986b74560a38211":"":32:"47d42e78":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"69eedf3777e594c30e94e9c5e2bce467":"5114e9983c96fecec3f7304ca42f52aa16cb7c6aadfb62ad537c93a3188835ca0703dad34c73cf96435b668b68a7a1d056931959316e8d3ab956bf64c4e07479c7767f9d488b0c0c351333ccf400b7e0be19a0fd173e3f2a1ae313f27e516952260fd2da9ab9daca478ebb93cd07d0b7503b32364d8e308d904d966c58f226bb":"a3330638a809ba358d6c098e4342b81e":"df4e3f2b47cf0e8590228fcf9913fb8a5eb9751bba318fd2d57be68c7e788e04fabf303699b99f26313d1c4956105cd2817aad21b91c28f3b9251e9c0b354490fa5abfcea0065aa3cc9b96772eb8af06a1a9054bf12d3ae698dfb01a13f989f8b8a4bb61686cf3adf58f05873a24d403a62a092290c2481e4159588fea6b9a09":128:"5de3068e1e20eed469265000077b1db9":"":"208e6321238bf5c6e2ef55a4b8f531cbbfb0d77374fe32df6dd663486cf79beeed39bb6910c3c78dd0cc30707a0a12b226b2d06024db25dcd8a4e620f009cafa5242121e864c7f3f4360aaf1e9d4e548d99615156f156008418c1c41ff2bbc007cecf8f209c73203e6df89b32871de637b3d6af2e277d146ae03f3404d387b77":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"45cc35311eedf0ba093bf901931a7036":"5dc8d7525eaad035c19714ae1b1e538cb66a4089027245351e0ad9297410fb3a0c1155407c10a8bb95a9ca624a9c9925dac003ee78926c6e90ff4ccdba10e8a78bda1c4478162a0e302de5ff05fb0f94c89c3c7429fb94828bdcd97d21333c2ee72963ee6f056ce272b8bab007e653a42b01d1d2041ba627f169c8c0d32e6dae":"fed5084de3c348f5a0adf4c2fd4e848a":"6e210914e4aed188d576f5ad7fc7e4cf7dd8d82f34ea3bcbdb7267cfd9045f806978dbff3460c4e8ff8c4edb6ad2edba405a8d915729d89aab2116b36a70b54f5920a97f5a571977e0329eda6c696749be940eabfc6d8b0bbd6fbdb87657b3a7695da9f5d3a7384257f20e0becd8512d3705cc246ee6ca1e610921cf92603d79":128:"266a895fc21da5176b44b446d7d1921d":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9edb5231ca4a136b4df4ae22b8588f9f":"493df801c57f8bb591955712d92d3fc34518f0599fec8533b2b4473364e1df4f560c12444cf50eeb584676b7e955c742189de6b50b8e012dfa6642f3679fb02bc6d8e08d1db88c8ae955a7946263e06494e17f8df246b672942661e5563302252208f2e00a0d77068a020e26082c291a75a06f63c41e2830292a418b2b5fd9dd":"c342e9bdabe7be922b2695f5894e032c":"a45c7f8032ac5144deef8d5380f033aea2786b0592720a867f4831eaccc6b85d3fd568aedc6e472e017455b0b5b30cf7a08ea43ca587f35e1646ecd9b4dc774d11e350c82c65692be1e9541cbd72a283bdcf93dc7115545f373747b4f8d5915ed0c42fbeefd3e9bd86003d65efc2361fde5b874ddabcf8265e6b884615102eff":128:"5ed3ea75c8172fa0e8755fef7b4c90f1":"":"56696e501fac1e8d5b83ef911ed11337d5d51ff5342a82993dd5340bb9632e6606eef68ec5fe8cec6b34ebbc596c279e6cbc9221c4cde933f6d93ae014e3c4ca49593f35eaa638606d059519bac3a3373519e6184e7227d2aa62170c36479fe239cb698bfca863925a4c9fb1338685a55a6dfd3bd9c52d8ae12be8551fce6e1a":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d5fdcb8f5225090e63fae9b68f92c7cb":"d39b9cba95e3a3aab9bc1d03ff475c04faeb5b7f0510777f39e5a05756606eb7ddd154aac035d9ddaf3535629821dd8f014dedd52cd184f52fc706e3c89a3a271398c9125d9a624dafb297a56022ca2ea331ea7359ab5e65f8e14814788e64e0a886a9b1a0144bf268fdcf9d94c3d10a0452f40111da9df108252e9039eacea3":"581c818282a0905df5ffff652e5604e9":"f1ae6cd7b07f261105f555cf812a1d5bf8dd9aac07666318acffa11abb77d0238156663acbf7543825b45c6e9cddb481a40995ecd78bb5f4cba5df7c7efb00fc19c7f45e94d37697aca8ef368b99165393b6107f900194c797cd3289cb097eb5915f2abfd6aa52dd1effffdde448e30075a1c053246db54b0ec16eadca1c0071":120:"827e66b5b70dce56215cfb86c9a642":"":"cec11a12e47fd443f878e8e9fe23c65f29dd2d53cec59b799bcb0928de8e2f92fe85c27cec5c842ef30967b919accafe0c0d731b57f0bb5685d90a3061cb473e50e8aeca1346d1f47f7db06941f83f21ba5976d97c28cab547d8c1f38387a04b8a0b212da55b75fbaf9562eeeabd78eadcbab66457f0cd4e0d28133a64cb063f":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"036198cd3a3ab9319684d0f811cf2992":"6b95b9e82a695fb7b466ce3adb536f525d8314f95eada39efb49baf121093ce7d5439f0d8223e03530b85accd388a70650ca9f7e63eb32afecb7b1916ed9b762128cc641caf3e08e027c3d88481d653b6b15172e977dfb9b3f88465911aee162501cbf8501ce2b66ee151bbfdc23225f638f18750c239d62471663e5ee2a5856":"47dffc6b3b80ffef4b943bde87b9cf3c":"ec4de476cd337f564a3facb544d0ff31cd89af4c3d9a28543e45156189f8eff8f804494dda83a1fb2c30ce858884a01ec63db59268452b1eea0f0d48280bb7340eaacc84509469dd94d303774d053d7ab4fb5f6c26581efeb19165f8cb09d58ec314d09ab8356731e87fd081f661e7b2d1a7c3aa4af5448a12b742e7b210b0b0":120:"6cf68a374bea08a977ec8a04b92e8b":"":"5c2f7c408167be3d266ff634e1993fe291aef7efae245fa0b6b5bde886a810c866ae6a078286684d1b66116e636e285f03646e09f3c4ed7b184e7c171ba84f3bfd9500c6f35964a404892b4cdcdd3f697fc5b01934a86019810987a9fea7efca016049873f1072f62df3c17f57ea1d88ccd8757f7e3c5d96e8a18d5366a39ea9":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c9fbbff8f25f951ba874dfc5ff38584e":"ca401071396da00376add467490abc6e6a7d8a85852026979f7013a09cf689113c8d833560cd6c5b8fdaa8fdd818e773ac13954839a0a2c91efeaf4e0e14de43308419a8b86fa2ae600a88a6bd39dfaabc16a3c7c1b77a5c2aab7f7caceb2f8595324125efbb7c96ba16c47d0bd10568b24bf445d72d683268466e68e46df500":"1c1fc752673be6d4ff4cc749fc11e0fe":"abfde0b60acfe265b62ed68ebebc1f5f725f155c4b8a8aeec8d704701c51ff7817060c1b0ce6b80d6efc9836c9ea2bc022ec67db4cd34e945e3a1b153fd2e0f7ac84bb4b07e04cbb529ee24014b16067f9f082b940c9d5e54024d3e5e910310457478560721587da7b5343d89eec5a8fce389c01185db15e7faa9a3fa32e8ab9":120:"ff0b2c384e03b50e7e829c7a9f95aa":"":"239637fac6e180e71b2c9fa63ce8805f453d81499623ec2deba9b033350250662897867bffaf0c314244baf9e1fe3e1bb7c626d616bfbf3e0ac09a32aaf718b432337c9dc57c2d6fc4a0a09bdc05b9184d1b90c7193b7869f91e2caa8b3b35c10c6621ffae4c609bdf4e4e3f06e930541c381451ef58f4f30a559d2b79b0e6b6":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a314ec178da96311e42334a616fb38b":"518b3f5384ab54f80497d55be7a5d6902bc7718386212c2ec7537db331514b3838f104bf9054e03039a4cfb73f41e5d0a9648e569ed738cea8d33917430dff6afa8f07a75e324b9262fa196a4439dcd66b0535ee5bea0d292600227c2a79ed03be0671740e5cb7b306d855612bd3abcbf02cf7e7cecbb6cdbb33d57b4e3234a2":"d7ea27c819e3eb2666611bb1c7fc068d":"db8dcc31a5681f13d56abd51bd2dcb0d2b171628186e215a68bf16167b4acd00c3441973c3fa62fa2698ee5c6749fc20e542364d63c40756d8bcff780269e5201bafdced3cdc97931d8203873431882c84522c151b775285d0a3c5d7667254c74724ff0ea9d417aa6c62835865dfded34edd331c0c235a089427672c5a9211c9":112:"1e774647b1ca406e0ed7141a8e1e":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e818372a63b7e2c23b524e29ba752bdb":"c1bf1b702a95ceaa6b48a1cdd888ae51f58a9fc3232bd6c784529a83301c6d0cdda6e605ad9a2563f54a8d59f624ae7c589e48b85041a010dcb6fb8739d43e79a456fc0e8574af086df78680460c3cdc4e00dc3b9d4e76b0de26e9aec546705249fa7e7466c01001c2667eaf2813be1f0f116916f34843a06b201d653aa1b27e":"36e617e787cb25e154f73af1da68cb06":"71801d69796c2ce36b043c157aec9fd2e06fd1ec596126d10c26b6d44e3dc36c4fa30a030d65c382b6ddfd958e71fe9c16732e595137a3d6764c15480fc3358e9a113ba492b31274663f5842df5d1cc6bad70e83b34675a4411e2e70755aede0ff5035601be130562e27a20283d6f144ff1bdb5276dec05fad80d51b28d50688":112:"3744262bc76f283964c1c15dc069":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a04f16882ff45816739d1b6697ce8b7":"6a4f3dbb3371f64258fd1f831349e745a4e19a33aad794b1de3788729618beed619586092120e9e5dc3ac6e0d52f991f7be61afbfaa4399ac716ad79a2734827254b1627791dc92a128a6f43426b8085dee94242e83176a3d762658f18ecc1e37e3e1531648c9caed212ea2cf3b3843cb92cb07730f30fe2dca3925470fadd06":"66f504d9a9128ad7fb7f1430d37c4784":"f641c53c83c4fb1ff8044bfa97cdf63fe75d8159d65b3e5ad585b89c083a53cf4a2f7a58eaeaf45fa71f2c07bc5725a6b03307d7f32884a133a4c803700bf1e12564b98b71f63b434ddf13ad2c467dda25ffa6effcafa72452b20c34cfae71e47096f8745b487e9f1945f5bec83f7ec2709a13b504d92315b1b727a78902be84":112:"fbb37084396394fecd9581741f3c":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"38cf029a4b20607030586cd2d82146e6":"f4c9f4476561c9ebdac71b282ae6e2f9f03547da98e66d4d857720db2fcc9ed1f363858db34c9dcaca0109d7c81db24150493115f2bb6985efa8686e3d2ab719d33b230aa4c5c70696bf42f225fb3c6704711c054a882d89b320884a78cb59cd2100496edf4010487597fb9135d8ca79693a43843e9626fd6c64a8722b3a27dc":"6330084319e2bf32cd5240f4826944bc":"80746cfb0127c592f8164d751b0e14a5b379056a884cece7ee4e9b80538d7ff6be56a3b19c135786722aaf315123b47672b0251e87ea45f0fd3601cf93f9efa6cbd9ad537f54d57f1e187f821faac24096ecec19d137c9f4cf145c278af4cd8de01c7758784fda06f1cc62d92ae1977786f3d0645714ab4ab6f48c8794b12f73":104:"7b021de5cda915ba58f90ceef4":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cf4d81fc5997c744a572bed71f4ae609":"f3d65d70326e641fbe7fd945fe9cf66c74f17d0d1020ae8ac488f39b7285c99d8632bc2201960f3d77daccfecc04428abe0853aa8d82b90a93127c72b2d2af53f7f1bd0afb99d50f0b3b24e934ec98eddb278b2c65866442cebf10208c7ce1b7ecf764858480b2a269b106fa6d2428d5ad17612e53e62ccc7ad1184663aeb9a7":"bc4e20c56931c967ce8e3b8f5f1c392f":"b6b8294abf7da5703f864721f7904d3821f5568bf4b269e44edef4f1c95ddc172d83a06c0ad9f7f1fd2e292c17a876392bc5bb705d370b2f16ff721bef7648f423346fd3a4d762676e6fcf2d690553a47224af29afed0f452d263be90eb8150a13d720f1db6f1abc1c2ec18cfbf93b8ed3c5aa7cfc1dcb514d69f90409687a4d":104:"0a86142a0af81c8df64ba689f4":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d88ad40b42ead744f1b7a36685658be1":"e99d2566fe6bcb2a04d167605db7c0f1e5567ff2d8d3292c15bbccc5d1e872bcb15a30b3bb8b1eb45e02fba15946e6bca310583a6740845a0f74f4ebfd5c59ced46875823e369e0447cc3e5d03dae530adf3c9846362c94e7f9d17207bf92d4d59981d8fd904eb8b96a0a23eb0f8d7e7a87e8e8892a2451524da6841ce575c27":"52c3158f5bd65a0a7ce1c5b57b9b295e":"dde2663335c40e5550ae192b843fa9fb4ef357b5c09d9f39dafda3296a4d14031817ee4dc1a201d677597d81e37050cd3dc86c25adbd551e947a080b6c47ec7be8a927ef7920bd1bb81f2c59801a2b9d745d33344cbe4838bcf2eb8dce53ab82c75c9bbab8e406597f6908aaa81fbbdef25aa69116c8f7a8cdc9958435aa32ac":104:"7643b3534eb5cb38331ed2e572":"":"6f87f6be2f4e7421aa26fe321045d1e23066a02158634bef35890581c92367d0bc232940de30974c70a66c60137a9f3924d12db1e5bc1b0e7131ea3620a25eb805b7d670263b82c8bbfcd6839305025390fc17d42d82daebe1b24f73ff9aa4617e3866785dded88f8b55ef89b2798ea2641a592a46428d9020f9bf853c194576":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3ce86a212a30e724b4c624057db4e79":"3582ef7a9565c9a8e4496750ee5ca3e3a80df6238f7b7608e3394ec56d1360777921da039ede34abcedd01081babd496ba4de74a7de501181d6bb2022a6cc7f79d89a4c6a97676fb0f2b42f70e2d0bc1eaac364c3646df4f611c1d6b09737451b81b5a4da73c05fb58391c74e44498b80b26f1c29562d23c39b5d3f086b280cb":"9e03f0dd4cb2b3d830a6925e4400ed89":"92c48a39d93ea3308f55f6650d33fdf17a902076d582a94a82ac99496de9f62312292b844bbca5a683ef0f0710bbc1c7f89cbcca8f9c0299f154590d32059bd99fca5d78c450ede0d11d55075947caf2151218ce7a06c1e81985a7781a3444054170b457fd7ba816026310112abb47c8eddfd3ab7f679a0f60efc6c6dd3b759e":96:"3230fe94b6ccd63e605f87d0":"":"052347a4273cddba65b2a0b961477f07edee440a9117ab204359d2dd45ad2a6dad3b60ead891e7da6d79f3017ac90f95725a0089f04d25ce537bf53b7ea8e1ea58692d34c221db141e2a9fd7211adcee03ef8b5bf3c5d36311d20bb3d81f70f7e7272d0e2b6d12293b1a2c31b70f140a8f08d98c6231a3c429c3d0a10b2e1c1c":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a0155360b84420b5bf4fb410ea02f31e":"ecdb51522fc440f7471ea6a31f7c1ef1ec2153e5bcf6303297dbf8ddb3830b45ed9866157375ce4bdeb5e32fcbc6607984fccd7e6552628736608ab13072856d432ceccd3e90d1bb52ca9ada9cee90eb89ac10e887a1978fd0fb3d7bb20caaf35539e150be8044b725b8427c4c4a910f79980865d36344a8784bcc3d58460acb":"46f0386be7363887e7e357376305eab5":"611bc290f91798ad84f0a5ecb5a7cb8fa35e9ab6a5a51c9869a68a076e96f92c9c117595f92cbac5d33343fa2accd2541473907cbc54792c5e215ae857424c921b04ca4b81376bbedbfcc0e565c118f2aced08f247698eed5e2d202c48245161cabeac9fa195219f9799fa253e339561e13012167f1d02b4012b7791b7c863ba":96:"ac5addcc10cae6c1345520f1":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"694f621f594d96b16c32254ff06f3f9c":"e61476b8b7f101ca6005f25af2b9bee795d62720bbbf59357057ca7cd473e00f0d465255fce8d6164657603323549fb4e3d33fa51054b1a70cc7e492916dea85453e9107fe781bfeb4a622c5b2306a8dddef99386dc50745003aa7220cd7f32fb0a060fa7682576769a48f9169c7d11fe0a8a61b95f5d6dfcf216f7d0c652a84":"542db4e107485a3cd24c7ad337a4f1b5":"27b7bfa5eb34ba376e515e58ab8b6556c396820d0074a1fe3b984945dcf5251ca450456ccb4bb66ec739b03fdc5f72d24553e843255adc012d1f1c95aa3cdac5d12926465354217203052cbd4869a8b5be2e01d0fe66b5a6a8da0a2ce351557e2991ce77baa812b9c67b8e1c5a1fc348710e1a73a0fd49acfd538b7db6bef8b3":96:"0bdef4d771a1740381e7db97":"":"8b27a338fd2153d304f04655e09bd9bdf4468890ecce1e3b51de2c9a25a8d9336a9acd753ce270b1fe8d50196feac68145e0fd59c9cb3aa7c1e8af03494bc4279c6e287c849f3c775ada584ae173100946ae6921ef7c96bbc6f216093548702cf1867bb1bf1f4c9e90a34230a2b2aeb584622dd615023a43a406e64428bd9170":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78826a5215a1d5e1b39cad5a06861f8f":"0fe2c798d7015d3e2f8725648d95729c45d357dc0c89fc63b9df5a68d3e65419540f663e9190793a29c58c495d5c6a731782acf119e2df8a96fb180ad772c301d098dbc5e3560ac45b6631a01cef7eed6db51f223775d601d2e11b9baa55e2f0651344777e5a03f6738a2013626a891b5f134f07b16598b8cbe3aeaefa1c2a26":"feb9d740fd1e221e328b5ef5ed19eff5":"ca9411b368d8295210d7a04da05a351d287f2f67d978ef1bb936de9f8065473f6fa11495da2eab13a1002231c86411d5409bbc718e2042ee99e013b1df1ef786e9fc1f2d43293c854128184efb9317c4ef82a002eac8b28fcd91d8a714a3aa25fc3c0ae4af9f4bcf5ad19a30cd8ec4b1785df70aa92074da419abe433dd4c435":64:"a724bbb295a02883":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d450f5253251121606e56687952bf2f1":"479b4f421bd8ac7f615c4a507da187cb5d4b1f1e2c6113d1f9678c1ba92dc5e17c5b525d7f3208733223eb82af0820b8476e9b08ca714ce044417b24d2238720cb8ffdc69db558cbaff52e3651b400e16c9d5ac8ed8949a19c35516f80394a04bd1cfdced7b204f779d792086e00b2ebca2f55a1140e85f5ee9ac7cfc5a31747":"fe7ff90b020fc77d7fcd90bc583850ac":"a3bca9ff25a60006eb18f993dcdc99681e414e27605264dfd25652195d7fe1489550afd07fc7346b88d93b59eb6642913646e93bf50ee1db5dd30106cf181124d8ad01c72ed99038c9798620abdf5c78c419b08c97f982b34d9e9105d9aa4538afcd37f62e2412f14f7a248fcd60abaf2b66cd4554767f99030f1a495d56a5ae":64:"6446398aff73ed23":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90a59f6b0abf932311f0b65623c17740":"be5a948a771a8df12adaf74d702f064a75f6483c03203365fbde7d184844fe6dee0b84cf344be05b1d163817ba1516fcb87b9167ed81f884ada73b0058e2b38cba515bbbe462f4c21f8de1d41bca2cf4340aa659f9f07886c2bb620d9c3295318c07fa3c17fe8242409359c08bcb337e5cf268880839b6a20f4ee4b3f04e7024":"20778bea82a6717038e7064f48a31981":"4022d04f1454a72d2efe57533bd32757595220b20f3a37d166cec0412fb1eb2588f939ecd906c805f4827338669888e9f730905001eb1b136b95e306edf70d9ba1e5cd0aa13a25a1f28ab55cff36f9cd7036c735e3b285d26002ad2ed1074b566e252ea3ec8a9ce10882375dc3f1d9676e301dcb179eaae991120b796cc35648":64:"dc77c1d7e0902d48":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6be4ef629f0b38194c74f7b66418922d":"b67ea20a320f4ec0e4185c62a4ad79a3c97a8189a5e4d1deff9d3edff0f9a9323532853c1a2a2c1e62e4d1afebfcdf1d8461921ea601750380e63b912d8b7389198f976851d88a19f1aa32c97143668ad00838d98da1c4f2be0e6e2dc964d170d7f7ad2e2997982e5ca110e744b6e10c24ca18eadff6b129b1f290c8a7e0a593":"fb77a4b9b246271abfc656433f87628c":"e5d5227725a19a3050fbf2a97a6e854bc1218b94a4a3403b721ace3447daff68fff5553a26edd41219e68fb61fb9e964d0a3c29796251ae4eb942187cdc55d13a09dfb487e93d9e2072d7271456a77c6ccb81154443eea176314d6e3a08619b52cd880f1c28ae5214ac0090a3855dbd74f87389fe8afebd464330fb683dff81a":32:"3d8fc6fb":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c50e37244931e8debc12b3d561c83ba2":"b9abf0796f2d2f774735546cf809030f65ed0c7f6bd469ef2fe0ef32aa0225b57fbce07c36017bbc1806a81ff1a429278160a07643f864485b4e0e35d57553dc1a131e32aa10f1f91d663b10f0a418f472ed7b4bca54fd7ffdbb22c4d7764d94a7ffd04730614459431eb64335b9b65363de292c04275d40a7b968c0f5c486e9":"6c0b1fd7ab424a6883c36457d1b5521f":"516dc25f6452ae169ce293c5cee440de47353ca5ba770dca0f04175950e87a2d4c3f84fbc6eeacaac436853492929680066f959e74de4b736ab924d8367b90aaa6e9492561ad4b5aa78b6737d562e960edc3b983e2e01a186e9f22896f48d8dfcfb6a42cfe2c6006c687a27772820a1e8875bdf09e8104248ce4db883376bc04":32:"7d4393f0":"":"962509e494f10269b70ebad02b0cd799d1d41191a734863ef502aff3d3ba48dc2acf9da9a3fc3f40be4d210dc5e128bc00499aec57aa0a4669863165428687b88d46fad41e36af8ea6605586eaa5c0736d0d53b9d523e0cb5a0b285048e060a73cbf4b587d2cd787debdb2b4c8cda731a61a15b19fe8b561fbdd3a7373853ae1":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8531ddb03977383405baf2ee9ca7d64b":"d90c9e26509bdba9b1dea8d2b94f2b1881d22c2bd756ad23cd61944710a1c1f2807170ed47a6870ae654e44757fcb3822ef28b37946cafc07284f8a0c22ae3552954f0d87b8d8c825bd546935b494cacb4262d9e2a88f254f200ad31367d8b3715afbabea5f34214ffedb14d7c84806022aba2dc8f88a314ffbb24017d1a9b9f":"baf623867d6a25fd85d1f08e599c0566":"18f92cdd37dcd7f99b06838f3f68748aba367baabaebd0da9ee787d70e752fa07dea553a43b643b8d8f460175c0746675205e20a7a98acfcac864d7c4cf5ab4c41c031738c76882acda003c5af47b1c4df8894a827a317935d970d4afaee17715c9cfd1883e8c345f19d1f89e229b8edba6b4f53b86d8da1c0f159afb83b6b33":32:"2fc9de46":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"862dd5b362cfa556ca37e73cff7f4a0e":"":"81530a243655a60d22d9ab40d2520447":"":128:"3b9b2af54e610ed0b3dda96961dd8783":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3452b7bc100c334292e08343f139b9d0":"":"8f92739a30fe4ba24079f5d42753d6ac":"":128:"0eeca69f8b95e1a902cc3ab1aaa8e2af":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"31a0cbaf21b943f8badc939e94eac7eb":"":"d5bb2c4eaec47088230972ae34fcda9c":"":128:"580e728512c8e44fbb3fe2c498e05323":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9e8fca537746e7cbff97f1dcd40a3392":"":"43e9f2bf186b2af8cc022e7c7412d641":"":120:"4465a3f9d9751789bcef5c7c58cbc5":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"35b5854ca83792ad691dbda1a66790fb":"":"cff61cf9b32ea30cf7e3692aa6e74bed":"":120:"726793199df533dd9055b0ac7c939d":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"07259267c1c6a015437a5d8cfa92f9e6":"":"18b9cf2ad7ace6ec1c8366b72878cf20":"":120:"4340f6263f0ba2d82c2eb79cb0cc7e":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa1df8955aa3ef191900b06e7c1b7d46":"":"6928c138c98a4350c318fbdccd3f44ba":"":112:"7c89d9e77515d271b6ed54c9c4e3":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c04200ce41ce77d772babb206315ec7d":"":"a885d58f0f38f9ff26d906fa1bfb12f4":"":112:"9ee0d025421f2bf18caf563953fb":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"650df049461be341c3099bd1613dcead":"":"8a4ff6327b49d297248ce2d5bd38afa8":"":112:"13f067ef0d7b448d56e70d282fed":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ee61b5bf5060fcc637dc833926898508":"":"b2dcf21f9ffa4a883044d29f087f9b85":"":104:"9ab1d66666d4dea3cbb5982238":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"01cc56ca7e64db7fbef66236a5c49493":"":"8ea5b63004189792cc040ef18b37e550":"":104:"d685aeb54aa129a21bed17766e":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"134dd72ac8e28ab46720c2f42284a303":"":"c6368e4c0ba0ec90fa7488af9997a4c7":"":104:"4ad9cdf19ff7d7fd7e273efced":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"180c04b2bde6901edcda66085f73ecd9":"":"9193b206beade4cb036f01a9db187cb8":"":96:"530f5e9ed0879ccef3a7b360":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aaac85742a55ffa07e98106d6d6b1004":"":"630cd8ab849253c4da95ac80324ecc28":"":96:"37911820c810e3700c3a9321":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ab663c4f8f2fdc7d5eabf6ef26169b4e":"":"86e6100669929e329a1d258cd3552dc9":"":96:"958d6141f7fb2b2dc7d851a6":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dd756d49fd25380c4026ea03cafc2da":"":"6a6f7e39b0d730ea1670e13d16c12c28":"":64:"872ef05a28da5ea1":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bd8a834b288bdc7578b6c6ab36f5d068":"":"aa77de0af5fa4dd1ed2ada5cb94813a0":"":64:"c5c094e83755f2b6":"":"":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"020d280dbd06939bbb5e6edc6f6d39c6":"":"09aea6f0e57598452719d6f63b6fe5a0":"":64:"05d6c56ba601e85b":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e47f41a27a2722df293c1431badc0f90":"":"227c036fca03171a890806b9fa0c250d":"":32:"86c22189":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9d3e112114b94e26e93d3855d4be26bd":"":"99b98525160c4bb2029da5553ff82b59":"":32:"33bee715":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5b4b7688588125349fbb66004a30d5d4":"":"b4ae363edb529d8b927c051cf21a2d9d":"":32:"6a920617":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c4b6c5b8e21c32f36b0ae4ef3b75d5cd":"":"3d1036bf0000e6f1b77a799f2ef32dec":"1cf2b6cbe86a87b4b5bb3cc50024aeb27c48143658d47b41f2f20b87ed67bd6fc3b85a3a803f66d3576608f5d6ce6cad11e02fe12de5390722dccb8242e1dd140051bef51aa9716c860d45d45bca6effbb1a4797e6e7406a04db5d823766c0f011ebc28e9a8cd4446ec8a75ea8bdc1b2fdbb5cc364fa9877886e30404593df34":128:"a49725014c214ef7cc2d28b9b2b53da7":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"63c3f81500746eaf383fe3975d84f849":"":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":128:"c53d01e53ee4a6ea106ea4a66538265e":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0c88b191ce6e8e4a3941f7960b7eae5":"":"e2a899961c332c815685c553351fa519":"308bf10570af48d632911f3641dea60d78046211c01a63bb8e4e5cbddfff8841d2f2b11e18ccb2170805ef4cacf7804d64e0feef40731a1704907f33b77788c18ccf35b224ec3046a67664ac9a3481d2385b6ddeec6da4f32423f94ea9663a5c51cc388cef33744a8159b4fb654dfdb5092718bf926c824be31197f07f276b5f":128:"92604d37407aff33f8b677326cbb94fc":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c818dfa0885a09f65ef78712f5ce6609":"":"ca279284723530fdd68ae880e0ce775c":"2a562abdbb483ca5f355f9cc1c5e607bdd624a078a76b717ce0f8f35d0d4c54b629f372f15d20c848d01420c6af5a7040d42063704a17b46259dcc53723caf2d4bf556143ff9117c752fa4f22c9c155c99b7bf5949d089cdafd562165b9cbf53ff51cec21f49128c8a599718bbcdb4a5d705d20509c44c8945e2a133164b9942":120:"20e9a3a98d71d460743e1efaab13c6":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2354c6b6afaa883e7ce91faca4981f8b":"":"604f2730c756c8c39a0527093bc2feb5":"959b4b0b9ce2e9120b327d2d090117553999ee10bdd384a546fc6de0957ef4b447daf07b3d07ef7dbc811f36b0fc09a175d26e4d1263cb5e21eda5ecab85d763807bb20b3cb6ac3f31d548dff00aae058d434ebcf6f7e3a37f11324134f453dd0ea7f51094863486426ff1706129a5a93c53d8c5ccb56cafa5881981fe233cb0":120:"3588c9aa769897dfa328549fbbd10a":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0af48e6aebbb6ff5b7c92bd140b085f":"":"d210d6502a5221ac1274a9c7f5a81725":"d725311ca10eb4b4aa24e6dd19c5e72dc34fc1ff53feb25d924a9b7d8d72205790ca4b1275bd93ad60c27a5587a45659bca07c111e9748fb683a03465153ffd735b7d134b479674ab8596f0596496fe2090f623fd1e4dd730c5283d8b172db8a25df42d9b34f388ed32676a56b8ba03347e47379702654508ccd0a21ff03516e":120:"e6222f068a1e18f09ba6c771eabd86":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a05fe482fe164b2eca7f6c3e377b39d8":"":"145327bcc10335fccb93afbf4b17e6e7":"ea6f2e93b5e1bf127d40440b8d6397405246b1b48eebe16964f18928f6b4b8ee2c36322d7126905c1a5b816996e340404b586edc2d77afac11a6c1266511f9eff1a320b035442d4078f8e42ca63cf26d12a971a7adf4645d1bd9a8e4d0a20722f7c2d529beaecc4033f7738075e1cdc6d8a929da5582540678935b82e7b7ba68":112:"3900bde9fa9ae2cbeee54d04f224":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dacbadf819eb16a63f6f091d13ed04d4":"":"b9ebce724b0dcb0989ac2d8e7ff8aaec":"7dc6e2189d8a96f3507e352e05e8fd1b4bab988c2f1c706115887119f63b78084f015d85f6b460901a02880103e4d36e8f6527dfd74e4a3acd3f578c0cc726b528875f701ff8b66e5c11b4689c346a098e123bebfa253362cb86829be73c2b85a6881fa976aa730fabb76775027feec7fd920a6c8965a4a509ea812d7c413a95":112:"8988fca83c8cfb1f8feefac46f04":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"969244c7444f3f3bf193b28f8e8e96dc":"":"49b2845a1a1c87fa66eb8f78c05ac029":"1414a07e86d8b61d1eff43e1ff4ab42c1c95e159058b74c731e3007d21a5eb78bc17b7e920363a3974aeb8608813dc9a4655199b6703ed337450702d8ab16a89776831b2c7c811fec3acc23598a0aa01680a7bf42a4e258145beb08c9f0eacf2bb5f56d26bea3ad11e1a956a630b80f3d22bf35592b4704f7c464b08b06dd7f8":112:"a291c7527385f037f62e60fd8a96":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"525abe490c8434802b69439c590a5290":"":"141f79f0501316e66451c41c7af0f0cd":"be440db66d3f81be467605a7b2805ec1df5e71e1b1b04bd7a4d05e912f5aa1912ba08de72df18613b32b7edf78963c48c80c25178b3b19262b85bb829f5377e0b368b500d6d3b442f54172d4ca4500eb5b4d478b602e5dc11d090539455087ce1e5b9ea74355fc06e9b60cbf25a9804d3f8c623fff130abc48bc2d8d116b8366":104:"038c7e95f790e6ca5ce73f9551":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51644e025659de983f5c8156516b812e":"":"614837c743d0974e9cca497f13038c02":"60c5d062ade2c5c2dec68b734dd3e58ec474a586d1c4797fdfa2337800510134cb27a10d501927632af3c1febc275010c0d2e5abee630cd2bc792963fa82a42286ab047b934a261927311b40f5f953bfd661427921147cac7613d95ee86e16326ef67c1ed097e8fb87a78753d785de34e03a182232786079cb6be00182e41c9e":104:"77e3deba2c7f9386f85bc4a801":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08566ca7310302dfb84d76ea0525ba20":"":"5f20ec9c35c08aa7f1c0e8a20fdbd2b3":"5d84e32768b8d1e7e3c426b3118d48e35491bf1bb454b359c8429220216efd8826be94fe1919409a128ccd8125a594f1691c9421fc3dbbb3f757bf2355bb0d074ceec165eb70e26eb53fa2cb5d84dfae06babb557805ef7b8c61c1bc76137571bcc5e84bf5987dc49013831d78bd497ccc49cde7dca2cb75e7ab967da8c6ce81":104:"873f037fc05252a44dc76f8155":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dfb54db96383fa911bf5b4fa1218ef9a":"":"7e849e24983f63f1194b396bbd2d55e0":"d3fb689c5818810dd104693f3306a10b27178444af26798a194f7c2ab31ff3a172904b951942b1a26c8ae5b5b1ee2d86dc78bb72a335fde350766d7d9aef6f549871dd46b04b2cc319fcdd47be437d431ad18cab82d51ca9fa57f4108a8de622a92f87d28c0349fab27757fd773413f559a8c00d30e258c1f6cd96f9759bd957":96:"dada7fc7fed58db462854ef6":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"389cf888474e9403e5f4d0e22ffec439":"":"ef57794cf6fac9f9cea3e8499b53b1d6":"7ea7f7f4763ad208eb6199285b6b2819756c4e3caf2d0ac6f5076ae6785fecdcc4b138a51860ff8b87aaac3a18c2df778a4818308d458dba28f5017513e1454f60be20dae68736ea6d48b1f9deadb517df63140acbd329fbfbc9b82f3ca1862c9e998f0faff1d3ae60b005bf66829f5cf0c5fa03efbdd92d39351e3954be0257":96:"92726d90ad26130e65f2beb4":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e55abb2ca36c822bf2a030ac703cb8b4":"":"d86f7177e8ec90f9e9edf10175d5012d":"777a9d93091de56324c10712243f5541722e0b27e1f303fef6faa387a8666161ab354dbea6c43c82a24e8623bfec39aab13164add6be0dfd55d23204c0975b4ba6fbda51363befde482a9ccc1eb9f151e6ad59c77a1e24dd268389e4686f198a936dd603044a3fb653d63cff80597f5a2913c8a2ec1b7d9dce5728dd56c78c2c":96:"65025250343ed8c09b3fceed":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"586114f3b1dc087e1b2739b28c592dfe":"":"ae5a38ddd455505284434a4bcfe81ef2":"531ff8c285e532d961f49bd210a5523cd9b19a697a3a3fb26db940a496f253862405b1e825daeda7eb0445c98022b8342c8f8ea20301618483f8ab04b6ebccd7e7fc57878fb544a5bf78fa896f50ac30126ff8afca8a86388666b64c643d16812729bfd7e5c03ba52f7e6ea4c6a685404f7bcbd956964417fa0ea9a6d7290c41":64:"467a815610faeb82":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cbfe806bddb7f06b3826b097550c68f5":"":"04c1b6c9fd2ab76fc2adfe15d3421bbb":"cfa86d02599652cb4ffff027b9c6ef2336dc9fe946f64fa5ce83f624e144563d4738381bc5371c3cb55cf41ceda07e62cb635ff37246bfa428785229c6e869d5df69d7949a8577889a29e3d05b788ddd43608d9c14e3f1b51ce2085b9a976fe843e3396a74922babe6797d5f01c37ead623b5b582505bcd29edf8a6ea36b0fc7":64:"0697ac372a9acafd":"":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"96ce3a095a91effdd91d616f1f02ddcd":"":"579d6633ec6687afa24ef874899b58e0":"3ff3c0038148ed391b6a10aad623a82fe9209c5ba74482f11506d597b5fc7af977235d8ee9e28cf2160346ddd0e33a5bd1fb67b87dad7167fdd4b2b4000d8460ef7b3e1b59b9d61d06cfbe7945379ed6b650de86f396a38cc70d47b8a349f067d00144c903c276b323be6a929a7d7dd8ae7d254d640cdc1176f98e01a1d8c82f":64:"55a0f61032e048f3":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"24ece168c2971cf2b404ea206dc9e29d":"":"e9db62a42491664a6c46cbb0b2bafc92":"3579f6c0cb3d2a5d0c4548855c7c052d36b6a8dfc60f4ca1b4bbe28ed87306119e71982dd84c4205ceba918d675472753df1b5192d3693dbf6a061c6056e312135ffc5ff426895a7e30f7f675d2cb21de06eea5e3761b94deef7537b985d324864c9ff6ab6e230a1006720f98c958912b604a6d03e3979887c07be3ceaafc78f":32:"d2b15a23":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d3c3cf993f6740a019e61ce13c29955c":"":"af900ac348082ff32d2e0ab886079516":"2ddd0e8c99661f0757f04aa79a1ffa24ad48fbe5da68b9e71f7a0cf1b4f2ca9b757695900b7549d48847ae49950dc9b270b1569d29dcbef412216737bd83509c17ae41c34ccda318939cb37a0a380762993a7568c0b07794e78746173dd5c0d921cd50de4b548c1589e142c3dadbad42161aaeda2310f3c6d5c722d9ac69e96d":32:"f2d3a6ff":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5f1e5bd45ee8bb207ebbd730510ff218":"":"8846424a194f5de858556e6be5b65d7f":"e968947fc0e49136e730b97f6b16e393d5e4fdf3e4803a23af79211ef59f29167c60ead72fd489da32d2ffa43b2bca2074f9d1b4f5396ca65004b0806cb7c6dfa751fb6afbee3e443f3c9b0e3df6722e0d1320441400c5ca508afb657c2b7f1669b0de21761dccab9a40fc513768bd1f552692626ce35078a2e0e12f5d930647":32:"0d6c15da":"":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3997050377cfbb802cc438d973661688":"b02f0dd373e42c65e8e1db2dd76a432e0b2bf6e630c8aaf0d48af51b3709b175de9a19b3245ae75818274c771c06fae225c4f8b002236712336e805ab006449eb29cc5e29abd82b06c32d4c36ee99acb9a6d7d9eae6ec6ec263c002a22c4a898c74f6abd6d92112367ca7ffe82787c5b39e7012ba22825d3612af3d41e8008a8":"c95c84c263bdfd5f1de66e7e616cf3fb":"":128:"b35b3cf6ed59ccb69dbc9b47a3f284ae":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c58583f6479d9bc9f1bffddefee66e59":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"cee448b48d3506ff3ecc227a87987846":"":128:"361fc2896d7ee986ecef7cbe665bc60c":"":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0bc2bde877e881aea512068105694968":"1a6369a45e8ef2846c42d54f92d0d140a94f9633432782dcbf094f1444a1d006acd07ef6076cd0faee226f9ff14adc1fb23e3c63ed818c9a743efbe16624981663e5a64f03f411dcd326e0c259bcadca3b3dd7660ed985c1b77f13a3b232a5934f8b54e46f8368c6e6eb75f933196fa973e7413e4b1442b9dee5e265b44255ed":"05f0c34ab2e8e8026b0a23719344b71f":"":128:"46bab9fc2dbe87b8f6ca0ed4d73e5368":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e14f45ba5d1eb52e0412240da5d7b5f9":"9a85fda19ce923f093a0c25b0c52f5d9534828af7c7687d22307004ae2d10c4592242c0f2704070307ab55b137780d1e2013a19396ab43ff6a295b63fdcf323456d149758f9a2bb37f1418d62ea6368b24d5067b9c63d2968e06d6586c7e3275faffa005f7c7bfef51303e4c2b2ed4564acd17d50efac9f5e3e7f16ce589c39b":"d7f8ef12f66f8b7c60aea02ef6ff688f":"":120:"beede05e4928c808bc660f3de95634":"":"4ad5b9ace0c0c7c07df2900faf37a902899471e7aa4a0a1ad5387f8f56d73f78f619be79a4e253f95b15d52895a05bae9ecffa916d35efacd8baf1c704d2aa4a38c234efc4dcfb191ec0fa0b522328fa5b5dff55e8c443fee660ebe3d8ad85de157a889aefc823720030a4cd6ba94a6309dd61806f0abb27772432018bc61701":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a64579f3601b0022d357b601cd876ab":"88be1f4bc8c81b8a9d7abc073cb2751e209ab6b912c15dc094002f95a57a660b9f08b1b34f5947223205b579e704d70a9ecb54520ce3491e52965be643f729516f5cb018beeedc68a7d66c0d40a3f392ec7729c566ce1e9f964c4c0bd61b291ccb96e3d1fac18a401a302f3775697c71edb8ff5a8275a815eba9dd3b912e3759":"515efc6d036f95db7df56b1bbec0aff2":"":120:"13ea92ba35fced366d1e47c97ca5c9":"":"7fc8565760c168d640f24896c69758355b17310dbc359f38b73fc7b57fe3f4b6ecad3f298be931c96a639df3c5744f7e932b32d222f5534efb8eb5d5b98d218dce3efef5c8c7ce65738bf63412d0a8ed209071218a6fa2f7be79b38d0b2f5b571ec73f1a91721bd409b1722b313683e97d53df19ded95fd471124fa5f294a4bb":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1bda4acfd10ab635f357935bb0ab7020":"c9ac8d4ef7d83848fdc03664957c28b9b76710797d5db1c21e713e85eb0898892223e52be1644fc7362c95026ebb9c9ca74d7d3739eff10cab1eda00c36628dae0b98d119a14635800e37cd340faa6fbba9c3d41d52722cc3969612b1a8c5ca9a68773f5ee654506cb88ea65fb1eddf5ab6312d0170dc03324e483342448b854":"48b77c587616ffaa449533a91230b449":"":120:"8325e4394c91719691145e68e56439":"":"1287ad3719508a9be70c19e3b134a2eaa4415d736c55922e9abcfd7f621ea07ffb9b78d8a9668c74bbd548b5e6519ea12609d2d6197c8bd3da9c13c46628f218e7ff81884ff7eb34664ab00f86e09cd623bec248d8898ef054fce8f718a0e0978e8b5d037709c524114ec37809ac3fd1604e223e08f594e7aa12097f7dc1850b":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d21cf24bc5bd176b4b0fd4c8477bb70d":"2e7108fd25c88b799263791940594ec80b26ccd53455c837b2e6cf4e27fcf9707af3f0fe311355e1b03ac3b5ee0af09fb6fb9f0311f8545d40a658119e6a87ba8ba72cc5fdb1386bc455c8fec51a7c0fec957bed4d6441180741197962d51b17c393b57553e53602f2a343a0871ea2dc4b1506663b2768ce271b89c4ed99eec6":"208cb9dced20b18edddb91596e902124":"":112:"7edfb9daf8ca2babcc02537463e9":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d02e2b02170986944487cba8448f998":"bc1d7553f4a28754cf59ed6f7a901901f04ce62a449db2b45ad60329d0341bb9ba421c783c28a9200b41da8ab6328d826293134a7d0c9a5775dd2735e7767efda4ad183566e0847d6d978abd1a8ab13b16b8323acef05ced3b571631e1e24ad44d65e6ffa64e03c9970e94bacb9f721aba06cda6a08806a3be63dddd8029301d":"6336077bb83eff1c9ea715de99b372cd":"":112:"0466bb2957281f64b59eafed3509":"":"5f395958f2f7acafb1bca6d3a6ec48b717f2ceeac1b77e1b0edc09a09e4a299d2ec722cc7daf34c8f4121a93c80b2adb20a2fc95afd09320f91085c93c8b082dd703814c9777501d23bf9b328f07f04652592dc5a3f4321626a695b8db8e65c8617c809eb2978d8c9a882ffa82a4bb707c1a8f9a965bdacce5c041bafc94a1c6":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd1ad1de0521d41645d13c97a18f4a20":"588c2617517329f3e1e7ba6206a183dc9232e6a4fa8c8b89532d46235af1e542acaa7eae4d034f139b00449076ba2ef9a692cae422998878dabdac60993dce9880d280bec1419803ba937366e5285c4a7f31a5f232f8d3ef73efe7267b3ef82a02f97d320ebc9db6219fbdf1c7f611e8e5164e9ecf25b32f9c07dfa12aa705af":"413873a0b063ad039da5513896233286":"":112:"d4dbe9cae116553b0cbe1984d176":"":"bd519b7e6921e6026784cd7b836c89bc1fa98e4013b41d2bf091ef0d602e44a70df89816c068d37f0c6377af46c8bfa73ec0d5bc0b61966f23e55a15a83cea49f37cc02213b4996f9353ee2b73a798b626e524b9c15937ecf98a4eded83fb62e6deea1de31e0a7f1d210f6d964bc3e69b269da834720fd33487874489b8932a8":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cb120e9cd718b5119b4a58af0644eff":"4c8e8fb8c87ff6b994ae71bfbf0fa4529f03bad86edf9d27cf899ea93a32972640697e00546136c1dbc7e63662200951b6479c58ae26b1bd8c3b4f507c0d945d615183196868ec4f4865d1d00bb919a00184e9663f6cb9a7a0ddfc73ee2901f7a56ef2074d554f48cef254be558fca35651be405f91c39e0367762b4715d05fa":"5a7087989bfe2f6eddcb56fde4d72529":"":104:"95d8bd12af8a5ab677309df0fb":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"315b206778c28ed0bfdd6e66088a5c39":"6186f57a85b65f54efbf9974a193012b1396fc0ca887227e1865f1c915ac2af9bbd55969f7de57ce9fb87604cf11c7bc822b542f745be8a101877a810ed72bf4544d0acb91f0f9d3c30b6a18c48b82557433d0db930e03bcecc6fb53530bfd99ee89f9e154aa1a3e2a2c2a7a9e08c9aed1deab7fae8ea5a31158b50bca2f5e79":"7ec6f47ec56dda5b52bbdaa6ad2eb6da":"":104:"930750c53effc7b84aa10b2276":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e886de1c907c97e7db8ec80a79df90f8":"c64cc9596d7c738746ab800f688eec190a4c802c55b2528931d74d294496892b81f53d3073d48f9bef1d58ce3be26547474cdda2868abeab71aff566fff613b4e5bfed1be1d2fff35d8ffa33302d3da1c82e421aa3a23848f31e26d90c0cb2ac2ae136ada73404ed3e0e1d3e7cb355a11cd2a4f9393b4d5eac988104fe1cf959":"612cacbf33266353d0a29a24532f3c0c":"":104:"76634e58d8f3a48f15875ac1d6":"":"7001d7395efb432e2804cc65c0ba5d4719ce84177ce46292c4fd62a5596bd2bab1d5c44217ac43235bd94489c43d01618a11f047d2e247062c3b88d6e59adaa1f46514fb33b7843483920bee60a41f3cb312322c305d25251b4704fb66da58637c95a9d539731434f60ef44fe3cd6d37e2c8e7089880a563938dcc98b43f08fd":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3b936e09a6477f3bd52030a29df5001d":"65cf11d1afad19b34f282f98f140315992392f5d4eed4265085b29e1e5553f4783fec681ba2d368486ba6a54c00e71c82c08ca3d097904f021ce4b0acba2d2a7005e28e5f8750ea3d18a4f78363c37583e85104234498942c639a0564b0d80055c21cb7735dd44348298291ab602f345b1d74d624750c0177fbd5cca6f99223b":"f93105be83fa5e315d73acfdcf578de7":"":96:"91b55bb5e3f3f1abcf335db5":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dc9e2095de7b1b48481b56bf6a3604cd":"ed61ff94a3f84c72147faefa615e2df00324fb01790cf9764c72c1b8ba47f17866a1fd64ee5c2f53865d1bc24ec93165a6774466a59603199ee476c1f2da7d932c8943d126aa172d532d8475a484d42bb45fcf92766feafd7f3e2e3d42d22f6f84a90e7e688232f799d80cd2cc152ddd21ecfb137701ecafcb2b65abe2e4e6f4":"9e5268db19a1b51c0496a160ca76f8f7":"":96:"0fa9588536fca71bb44260f7":"":"ef562e301fcf923ff1a1acd3aff9b1c963058228655fe8a66cab01396547dbd2aa1f79a22eefc62944b86d1a31ebe2d17130175b8c003d6755b0eb8b79895b0f7f8046c5ae888a067ba17bc8e11a8f6e5023a9cd42f6461966c28e505b371c0f72a2606bff430a58016e99713d25ce11f10391fb4a922e27989422c6a64f9107":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3f93901fd7cc88db3ba76a158d658c7b":"16402fded879fcbfe9405902aa63ca2a520889e0045f687455469b7bb867829a01208b8dc5dcc852d8ee478993c30e6d9ec6408773b367821310a0ae171d38d71e06981ff6e845acffbc794142b87c748e12484c0636419d79be3d798cde59e9dae0a4a4a4346596427e6b235ad52e6a1b02d6f4df0c7de35fc390cae36aef14":"7e98de461e6d96c0ce6c8d8b3854cf49":"":96:"86c9a70e4bab304ae46e6542":"":"1b4c09569b42c469b3ab6b39312c214502ec09f5fe2fed1d1933d13cdc6a7b77a5d135123fa69d9207d6844b0357b26b7a2f53b33a5cd218dacda87b78b09cf259e48e74076812c432e2d0833fb269721f9347c96e158500f9b2283342a35c8de0a022edce711118d72d8fbaa354bfb0ffee465844ef2d37e24ec2cea8556648":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"42289f3d3cd5838e250ef54b128e60d1":"3edae1d554b67d2036f5fdbdb2945cc112f100adc1b47009c2e23f6a2eaee78d1f39ce8a98f715853cc29fc793fb6981ec3036834188dea7d668185ccc8642071b15de1332f6a59c8a9b4399733eb4b3d8f224af57ba6b4a8e64494bb6630b9d28e7ec3349064350febcef6a3ad1d6cca1b1da74f3d2921c2b28a2dd399c3416":"e557389a216ad724aafdab0180e1892e":"":64:"6f78bc809f31393e":"":"25c476659cc7b343a69088baf868a811ba37daca85c4093105bf98235a90aeca015ab034da008af0982f9b2e80df804c186a9b2e97f74cffd70ebb7771d874fcaf12f6d01c44a8b0ec2898cf4493cf09a16a88a65cd77909bbf0430c9603869bd5f20d56cb51d8a3f0a032fc30d925c96599d296b1ec41c2912bda426adea4fb":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d772eabb7f19475665ca2a7e693bcfc":"e9fc4d86f5b857fa6057b73f967351e06f87288c40a95b9e378c84f1a4c0f4b80ed0a0b44ff90a8973be4199c0c4006fc4f5ea19d5f1fe8b9c8c01f4675ab85afab0592bb3daba36bb4fc7ed9eea867e9d8cc50c19fb62a5a57956e9efacebac5e9f849649d35a329bd68de97bb6e5ff7bef477a86765c2c9ec15e24cbba5c6e":"0747cbb486a013453fde1ca6abb11dbe":"":64:"8e761ffaea68f967":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fb7fd753ee6eaaf283a42a121dab4e43":"fd5cecb2c0287cb8229e97d9cc4b9885f428710528884ce663ed1728cd44cb2df93e56ef17ace0678d1e341366c652f4ba7ee45797d39be4a05c1151e5cde499e13e5d45549b5d95a174d03616d06ef96e9d7b2b6bb0d79a726b253dd64223a5f09611671b234ccf9b383952f8888814b2c167e774cfbf54e9c6b99a753f4fa9":"8164929fb54485377ecccc9b9621af5e":"":64:"40a2fa7f4370afb2":"":"6208d068be60f7b04b80fc611062e6caaef9a5cf59f850d174b7446c78c039ea9aefe4885e19c2b33911d32ce1fe3c48ddffa4b03e450fd35da03f40c4e7c5bb3b1c3f3049dbfad3ac81ca1b79cafbaa172f4900e3829d38edea3b64000f93924a801259bc4b2523445c64bc23bfee190b952468507fa4baf6dc2bec66fcf0d8":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30d757fd73a0fd5fa49159ad0653296d":"17d485b258f80d8924e35291118cfdcffd86c47851b65f0b06a7c1f5202de82f3f460fc61b1aa38fdba7c8ded375c92cf005afe63e59d362c0960044af39241b81ca24e85c5faa43903229355b7313fee21b992ef3931d9d2407b32b3cf72dd7acbc7948395eb513cb2fd428b215ba2bd1e29c62f45d0ce231884f62480c6d8f":"b35b8df0aebd0608517f2830e0e70cd0":"":32:"954c0e99":"":"022618d2598f79104e918a09c937a82b3db59243b5e13de731fcb912e4366105797ce47f6dce7f08073f2f41e5c15fd6b1ec4b5861469a4880c3b0bd769b78c696ff29c28c9349d5a46a6e5ad9211bd4b708a8c0b6928ebbb0dac1c0a5f5ce6b05de6a50073128566a23f09cc1b826aa5803f9f750aa4debf59f24ae9f98c9b5":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d9d3cfd5900de5d5e2109e7721cfeef6":"e4243cc37cc32dfcedf9bb76890e706af6ab1e06b290b8ccfe2a55e5dabe68cb390f7636dc9676b431d4dc8ad3f6d989e510194294ab7ab0556789046743cf374d8b6462f5f95a17f3f44337d6c69ee47b0e1ad7e5ce6f9b224c54099a104e70d2d06af869b921ea47febe08f90c591ed49c1f12003afceabd2c7bba458a0111":"b4b9dfb013de6f7c44779e5a9daaf5e5":"":32:"2b81e8ce":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"68dc138f19354d73eaa1cf0e79231d74":"ce345567a76bc30d8b4fd2239788221cfa75e1a310aeeeb8c355f8eea57d80967f3047fbd4e6173fac5caeb22151fa607065953c4c35e0537b9e3788cc80de9eedf2a340698bde99a6a1bdc81265319da3e52f7a53883b7f21749237fcfd3cd4f149bb2be7a4ddd9ef0544cfe0789040d1dc951b6447304942f03ab0beae8866":"e7147749560f491420a2d893c075bb76":"":32:"70a83f6f":"":"64b021612c78b3e192e8349d48b77d02927e7fd70c7160d37cb8ef472f6bcd9df9d93431627c1c80875e208724ae05f94fdd2e005e9707b78a1bf3bbca7beec4b03ddd4d9de6235ffd6d84a8b9a1842e104c1e22df4566f6c4d3d4e3d96a56b9b8a5cdce9da70aa236109b289266036f285564060b204dfd7ac915eea0dd0b1e":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7362c86344e0aefb0cf0d04768f9c05d":"8baffc7836004deb87c0111d47c182512bf861874021ddfcd559acf2c4a51cf5bc4bfdee2d039b9c005b6af95a2607643dcf4d9cd9d62412f709334556db22fc91d7b40438505d6806ccb2f2c21ae731bc1f1c825d28a71ab27095a39985e96ccd07cfb2e75243ccafd474494a2338c324ef533ca5f17d2ac1b1883140342ced":"7e8d12c2f0dcf4f792247134234ac94b":"86d2b5debc3b10495da353d6821f6cad380776d805bd8660b08dcdb1acd87026e4f344b547a4db47b5f44cded314bec4ce9a417ce40a2acd5a21460c42dfcd27483abf3f38dd8cc5fa523b6768a26513df5896435baa97781cff1966e2e3d6ec6d0a9cdc013de5a50e4d46831667055bad04f784024a82f9cd087ae4cd37dd64":128:"9594da428fd8c1b13ecb23afa2c1af2e":"":"e2c424f42aedd56f0e17a39d43ad19c8e2731efc7a25f077aef51d55280b10e667e338bd981b82a975ef62bf53bc52496b6995d33c90c7ae14767c126826e3f32bd23f444ddcfd7a0dd323b0ae2c22defad04ce63892b45c176bd0b86f5fa057a3dc371359744cb80bbfb4a195755136a0ea90b4044a45bc1b069f3cb3695c04":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"58748bb204ccb7bdafdbf739b6c19a3e":"b72902c9ebb72a86be539b19a52fd9af00aa4de081d90c0d8ad580ebb5900177a036f40a1e9b43e3a07d715466526d6d7544e5a5551805b62463f956cd519fc99182c2d54bd62fc7ffc6e5ebf1503859b706da11a1b6c707a67a70789dbfc10ef726bd360f9f2347326e068e757c8443ddc9308a171e682359ae1bfe87194ab5":"93ac298c73c88e127a4d9dd81bf24e3d":"8f168fc4d1da13bdbefae3f9d6ac1d8cb19fcec1f43f727951af0a466d8826649a46c3cb50c045ea83849fce0eedbc042a1a435e6d9d59017997a2d5459b940078b8a7f3b6b0ff279ff8c560248296a17240ff1b0643d1f436b6e3f2079363fc49fb45f410debbdde083b92057916368cb807d603cb82e2c0dc01658bff7f1ab":128:"efba4589d4a03555766bbc3b421dd60f":"":"d5c97a659f016904ff76286f810e8e92da6f8db2c63d8a42e617760780637e32105503440cdf04d1fe67813312f1479fda8d746c8b0b080591eba83850382f600e9d8680516c6579669f0b3d0a30323510f9de1c92512790b8347751994d022156cae64da0808a649d163a0e99e869fdf224b7c1a6a8fbc613d5917eca8ee08c":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6cc13cbd62428bb8658dd3954fe9181f":"2c9ec982d1cfb644ddbc53c0759b10493206d5186affc6882fbb2ba3aa430f9bae1209db2d78dcc125f3c909a54dd84fdff96c71e678216a58390ef4308bdd90f94f7109c4edefa76a74fda64b201b7a435bbabc27298f3eaa4c2d1393bd584f811fff52638f6ad2f6d86a8c3c9c030d9d4264c8c079592a36178d25991cff09":"86740da7ce4efbed70af55e1d6c10fdf":"be561ac15e3cfda624b422af97c26719c140bb50e4a993d636efe9c7f1963fb9047a0762169b571a698ff310bc417e34d4039b7562a95af710ccc1b197964a376c986fd2ed8ac4b0c7b4e843c37a41366f2f483c821a1823f317416c7e4f32eed9b9dc2ae1a2f3ed32c4b3187358a2329aa42191b7c2fe87b6e27ff20303cb29":128:"76b990a1e010e5f088f6ae90bec40b32":"":"0b9a5f5d2e6852b75b9cf26c1b310b2200e56dafcf3c941478862cdf9737ac8e2cb9b38d41bd4a1872ea1b4cfd51a1a0b9b743aca439eefa10de8459a0a7a221c5429b3dee393f17031ca6c399df8e05657c3db55be9c9dd29e690042a4ed8db732efce7c58d6b20a2a0f7c79e42e5ada43b87ab00f481c20cac1b35514dcdc9":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"286d3f5080cfe88538571188fbeb2dd5":"55135928997711360622eda1820c815aa22115204b1e9bb567e231ac6ea2594b4d652627b6816bdc6c40a4411fd6b12fab9a1f169d81c476dbf77151bff13f98ca0d1dc0a68ea681652be089fadbc66c604284eebfc8ce4cf10f4ca6bda0e0f6634023db6e3f0f1de626c3249a28a642ecc9ec5ff401e941fa8a3c691566c0ae":"da6140bd4dc6456ddab19069e86efb35":"5d350a04562a605e9082ebd8faec6c27e561425849e7f0f05f5049859c2c1bd2c4682ebf9773fab6177d2601fd5a086cefc3adef5a2f8f6b5dc9e649e98dd0a3d1a2524419f01305bd0fcfff52d84a20d1b14dea2138dcc54eea2bf263c6fe27c3e7255f1f359d0d00fb1b350d7a04965af30027632520197e85eb41de6bb286":120:"d90d34094d740214dd3de685010ce3":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"726ae113a096769b657f973ea6d2d5dd":"90636012ba8c51d16f8f6df3d3bcabc3f09aeffbe2a762f62e677913188045b861b2e7d9a7bd93dcee46e9e4832e497a6f79db52b4e45c8dab20fa568ff9c4ace55be3216f514a3284768a25d86b1c7da5377622f3e90ed4c7bd4571715af4d0a2ab5181d0475f699202e4406bb9cfdbd4fa7f22d0dd744d36b3223134658496":"2f9900226c97585d200dd20a279c154a":"761663c3fcbf1db12bc25546b2425b8229b3153e75f79fa63958819caee3febff74603d99264b5a82ef5980439bef89301ae3206a1d01a3bbd7a6c99d27d1e934cc725daeb483f826c2c9d788fd1f67a627864cf8b5f94df777bb59ef90cb6781a2000e6f0baa4f1ea4754b47bb7cbd2699f83634e4d8ab16b325b2c49f13499":120:"d095bfb8990d4fd64752ee24f3de1e":"":"9f7759c6d24fd9aa0df02a7c0cc5f17e61622c63195f85dfafa5d820d3ad218c7288ec017821100f1fade10f9bb447a4a01e3698b045548c7619a08f2304e2818a9bf55e70b40f8b994b7dcf0cb243848cf3f6fdfec3ebbb147d01df84a3ec62cd8fa5d78ad9f2f28cd288a35eb49a5172339e9872e8e7e3350b0d69f59acd07":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"73a9eeda721c6f292e6b399e2647f8a6":"215fc7e52abe4c751ca2f7f9a5cbde9ab8b44b8d4054bb62dcea6df5b936145ca6ec83a2b78b070638fd6e5ea3bad5d0caf1b8f755f391c3e0962a92337e3eba575585eb83680075fc818860388c587746af78d5fc75ccd0a63f1612abb1ba0f04a2228ca27fbddba4878f9b2683683f516b6d6fe4f6622e603bd3c5ad45e332":"c1e80eb723960049cc4448b66433f1cf":"fb2a0b1f817404e74aee0a6ec8f2cd86f0c9114ed367b2690c44ad80f9d3377d7fd5066beaf1daa739d27ed3fba98379188016b1fe901204a174f9ffca370c181aece5e5d40939a0d460913b40b895e78a3b80ddf3d613c05e4e27bfd161ea2ef42271a2679f2cdca5b728ffb2319781c946a4f3ecacf486b754b30bb04ea60b":120:"e08161262234d0d5be22f09e5646bf":"":"b5e286183f16dd9403bec6786bd4836cc6add47947ef111fb1d5503c18c333c8fe60959502f58390d0e0f69fbe5fee13c72aed65fe6e32f6ea45877fe44f8a556aa5157b112e572197c1c350b7943c6cf2e9146018599524d27599f09c86027f2c5927e4a20c63833870e8369baa36ecc07cdb3ced520b5ae46869ff357ca089":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90dbda7397d8fc46215a1218a6ffd0d8":"4f82a1eca6c9184240f50f7e0cfec07ec772cad5276d93043c462d8364addd9a652eed385ccc6b0faa6ca679ab3a4c3d0be6a759425fd38316ee6a1b1b0c52c1bb3b57a9bd7c8a3be95c82f37800c2e3b42dde031851937398811f8f8dc2a15bfd2d6be99a572d56f536e62bc5b041d3944da666081cd755ec347f464214bf33":"7be477d14df5dc15877ae537b62e1a56":"7358ddf1310a58871a2f76705f1cf64223c015c4d1574104d2e38783bb866205042f05c86e76c47a2516ce284911f1d2cbee079982dd77167e328b8324eec47c9244cc5668cf908c679bb586d4dd32c6c99ed99a6b571cf18b00689463e7a88cea6ea32d288301a10a9139ed6092ffe298e25b8cfb6b4be8217f16076dcd0a90":112:"776d871944159c51b2f5ec1980a6":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0c85174d428fc1c7c89ca5d1b8aaba25":"3735cbfb8000260021d1938d2a18e7737f378ecddb11a46ce387bf04e20bbfcc902457637fd152ab87017185601f32a7f906057123b6c2da31a1069c93e3cacc59a359aebd3e31b302e1a1f7d5d8f1b2917a8fe79181fa633b925ce03a1198dac48f4c959076b55bc6b3d50188af2c6aa33d83698aa8db22649f39825ba54775":"b3c9dfa4c55388a128fbf62aa5927361":"3f552d45b61cf05ae2aa92668e89f3338a15ec7c5b7113b6571cfcd9e4c4a962043ccd9323f828dd645e8a91b007ce2112b7f978ad22ee9821698a4f2559d987ae4421452ad2e8d180953297156426d4540aff2104d8637b56b034a3a1823cf962bffbc465fe6148097975a8821ca7487e6e6c7ff4ee4de899fe67345676bb1c":112:"1e7dec83830183d56f443a16471d":"":"3d98cabca4afb7c1f6b8eeed521f4666ae252ac12d17ebf4a710b9a22d839b69458387ba4bbec2f6400e0cff80fbe4682c24efcd3b8c594d9b515ca7842c9d5988c42b59b6526c29a99256451e2927f5b956ef262f97c733dfa8bff73644473b9a8562bdfca748f4733ddce94a60024dfbfcde62fb3cbd7c3d955012d5338b91":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d89f06eb07744d43d44734faf9751d07":"36cc3b2f563305208a03378f7dc036119f7de3fee77cefac06515853d36609a622382ed026c59783fbc0d9910767874c516e10c7bf3e3d104f73b3463c8d93a63418c76cb0d05e62e9c8642cb4f32caced2620912cb6c79e5110a27d5fba1ef3b4d0578077858526c5e4254365f2b2ab47a45df4af08980b3b7a9b66dff5b38c":"185f8d033713ee629e93561cf8d5acb8":"743bcb671d0aa1c547b5448d64d7c6b290777625ba28f25ca0fbf1fc66495a2fde0648a8db51039b0e7340d993aef8afb48269e660cb599837d1e46f72727762d887ee84c073d6136d1b0bc7d4c78f5673a4a6b73375937e8d54a47304845f38ca6b4f51cf14136a0826016535dc5ed003e38c3ac362b9d58ba8b555a05a1412":112:"fcad48076eb03ebe85c6d64f6357":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6150f14dc53f391e815acfabed9f9e20":"fd8f337017e1b60d6618e6e4ad37c1f230cdeb78891579c2c63d4e6a4f7d2cb7252e99de333c73db45958808c08e91359c885a7385ab6f9ed98a27927a5b83c3a456ce2e01869712675e527155ba1e339ac14a3ccd7a4b87360902f2b8381308fe5a4eac5c90d0b84da4bf5b907de6ff3139cffd23b49a78750006100183032a":"7e92dd558bd2662c3a539dfe21a352cf":"9b4624e9118e6aa5dc65b69856638f77fd3f9f562046f50ba92a64e988258637932af7979f000505b84a71ff5dd7b60bad62586b1a8837a61c15a1a1ba7f06668272c28169915d7f06297b6c2a96c8c44203a422bfd25500c82e11274ffe07706365bfd3da34af4c4dd8ad7b620de7284a5af729bea9c4ed2631bdcba2ebdb7d":104:"922a7b48ad5bf61e6d70751cfe":"":"f272a3ee9b981f97785cc6fad350e516d72d402dae0d8a531c064ec64598b2a5760f9b279c10aa1ff71bec07300ab0373187138e7a103fc4130105afa6b6346f3d368b40d6f542375de97878ad4d976d64c5c4968a17be2b1757a17c03100231c34721250cd37cc596678764083ade89ae3b1a2151ff9151edcd7ba0eb8a4649":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e8216072ed6fcde0fe0f636b27ed718":"3b50f2a8dca9f70178503d861d9e37f5edfafc80ee023bfed390a477372986e4794175ec22ac038c3461aba50c9b2379cab48512946efdfe2cb9c12a858b373a5309324f410e6a05e88ba892759dbee6e486dc9665f66cb5950ea7e71317fa94abbebd67a3948746a998173fbbb4f14f9effbdf66d3b6e346053496a4b1934ce":"23a122cf363c3117b8c663388c760ee4":"28ce0b4a44fa83323e060f3ff6436b8829d4f842090296bdc952b6d4a6b1b1a66be06168c63c4643e6ac186f7ffd8d144f603b2d4bc0d65be48121676f9fa1f359029c512bebfd75075ff357bc55f20fc76d9f2477c9930f16408f9f09c5ae86efa2529d2f1449ceeb635b83ca13662860ef9ac04a3d8ab4605eccd2d9ae5a71":104:"531a65cc5dfeca671cc64078d1":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1af434b73a1210b08595ffa686079832":"13f6c1c2d4edcf1438a7b4e85bcd1c84a989831a64d205e7854fce8817ddfceab67d10506ccf6ed9ce50080ef809e28e46cba7b0c96be6a811f59cd09cb3b7b3fe5073ee6763f40aee61e3e65356093f97deef5a8721d995e71db27a51f60a50e34ac3348852c445188cfc64337455f317f87535d465c6f96006f4079396eba3":"ae318f3cb881d1680f6afbf6713a9a2f":"3763c9241be0d9d9a9e46e64b12e107d16cca267ff87844c2325af910cc9a485c7015d95bbe62398864d079fb2b577ba0cfad923c24fa30691ad7d767d651eed4a33d0be8f06fed43f58b2e0bb04959f10b9e8e73bd80d3a6a8c8ce637bfbdb9d02c2b0a3dd8317c4997822031a35d34b3b61819b425c10c64e839b29874ddfb":104:"2ae7350dd3d1909a73f8d64255":"":"3cd2a770300ce4c85740666640936a0fe48888788702fc37e7a8296adb40b862ec799f257a16821adaa7315bd31e8dec60e4a8faeb8ba2ee606340f0219a6440e9c1d3168425e58fac02e8a88865f30649913d988353ab81f42a5ad43f960055f0877acda20f493208c2c40754fbf4ccee040975aa358ea3fe62cbd028c1611a":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"04036d2f5273c6ff5b8364aa595359c9":"acf79b6099490af938fb5fd8913255b3daa22786b03356cdf3e0ffaf570f9f866047b8e15c9953f893d97e7098265297396868ebc383be8547e8ec9d974b6a65b5dc5147cdadef2e2ad96696e84e44f364c2ba18c8aabe21f99489957b2b5484bf3fb4fecaf5ddaa1d373e910059c978918a3d01b955de2adb475914bf2c2067":"edc433c381140dff929d9df9f62f4cb6":"404acfeeea342aeea8c8b7449af9e20ddf5b85dc7770d2144a4dd05959613d04d0cfece5a21cbb1a9175ddc9443ffacd2085332eb4c337a12a7bb294c95960e7c0bde4b8ab30a91e50267bbd0b8d2a4ed381409ea2e4c84f9a2070a793ce3c90ea8a4b140651b452674f85d5b76d0055df115608bf3a3c60996108023ebabe65":96:"71f818f1a2b789fabbda8ec1":"":"4729cb642304de928b9dca32bb3d7b7836dd3973bbccf3f013c8ff4b59eca56f5d34d1b8f030a7b581b2f8fdc1e22b76a4cbc10095559876736d318d6c96c5c64cbd9fbd1d8eb4df38a2d56640d67d490d03acc1cd32d3f377eb1907bbd600f21d740b578080ba9c6ddc7dc6c50cdcee41fec51499cb944713c0961fc64f5a70":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"59fe44c6e28d025b2ad05e6e867051ab":"20e66bae1215de9a87a0b878d39015d17e0d4542a1aaba2000cefbd5f892c26a410f55f0d7dc2f6b66690f2997032985e5516e068bfc6ec8a3669f566e280b0cefded519023b735ee3bcbfc5b6ce8203b727933a750f9bd515ec448c1f3a030aa0f40e607727a3239ebbe655d46b38a3d867e481ccf0fadbf0d59b665d2ed6b5":"eb0c30320029433f66d29b3fd5c6563b":"49b7418b87374b462d25309b1c06e3132a3c8f4a4fcf29fed58e0902509426be712639db21c076df7b83dcfcc2c2c8fcc88576f4622a4366eb42f84ebf760e3eb22b14f8b5ff83f06a6f04a924eaab05b912e126e80da22461abf7f1925fd72ebdf2aea335a044726e7c2ebbb2b8aeebab4f7de5e186b50f275b700794d895d8":96:"296c4cdaeb94beb2847dc53d":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c314264cee0e6db30ebe9b2f6d4991b2":"d436ff9abfb044a332c4e009b591719a67b12a5366da0a66edf19605c34daa37588e15dd3da0d1a097215e469439de79cca74e04cd4904e5b4a6cb4e0ea54e6ba4e624ed6bd48be32d1ef68ffea1639a14e91a5914c2346ea526df95cbd4ad1b8ee842da210b35b6315c3075ecc267d51643c4b39202d0ad793cbb0045ebdc19":"4cd4431bb6dea8eb18ae74e4c35a6698":"0eeafbfd04f9a0ea18e5bdc688c7df27183f346187e9574b61222006f2b3e12e8d9d9bf1f0f15949ee1a7ee8e5c80ee903b8ba2860e15ccb999929f280200b159c2adca481748d0632a7b40601c45055f8cb5126148e6cbab2c76f543537ab54eb276188343cea3c4ab0d7b65b8754e55cfe3f6a5c41b6ea3c08b81fcecc968a":96:"fda18d2f795d900f057fe872":"":"cb9e0fb0ac13ca730b79e34745584b362d0716c344e4de90d8352b21117471ba12c97f193150b33774baee5e4a0f11b10428eaf0106c958e16aa46c5f6f3d99eed93d1b9ba3957bed05a8b9cc8c5511cf813a66dc7d773cb735b0523d8d6b0b80639b031ddc375f714c6dd50055320cd7ed44a471c8d5645c938a9005d0b5050":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"26072018bd0bda524b5beb66a622c63e":"91c524b359dae3bc49117eebfa610672af1e7754054607317d4c417e7b1a68453f72d355468f825aeb7fde044b20049aed196ec6646cce1eeeccf06cb394286272b573220cdb846613ebc4683442dccc7a19ec86ef1ec971c115726584ae1f4008f94e47d1290d8b6b7a932cfe07165fd2b94e8f96d15f73bf72939c73f4bd11":"c783d6d3b8392160e3b68038b43cf1f4":"8ae7c809a9dc40a6732a7384e3c64abb359c1b09dcb752e5a6b584873e3890230c6fc572b9ad24d849766f849c73f060fc48f664c1af9e6707e223691b77e170966ed164e0cc25ede3fbc3541c480f75b71e7be88fe730d8b361ea2733c6f37e6a59621de6004e020894b51dfb525973d641efe8d5fd9077a0bbc9dc7933a5de":64:"edffe55c60235556":"FAIL":"":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"201751d3da98bd39ff4e5990a56cfea7":"2965af0bde3565a00e61cebbfe0b51b5b5ee98dbbfff7b1b5bf61da5ba537e6f4cf5fa07d2b20e518232c4961e6bc3ae247b797429da5d7eee2fc675b07066ac2e670261c6e9a91d920c7076101d86d5ef422b58e74bdc1e0b1d58298d3ee0f510ee3a3f63a3bbc24a55be556e465c20525dd100e33815c2a128ac89574884c1":"6172468634bf4e5dda96f67d433062d7":"ae2d770f40706e1eaa36e087b0093ec11ed58afbde4695794745e7523be0a1e4e54daade393f68ba770956d1cfb267b083431851d713249ffe4b61227f1784769ce8c9127f54271526d54181513aca69dc013b2dfb4a5277f4798b1ff674bca79b3dec4a7a27fcf2905ae0ce03f727c315662cd906e57aa557d1023cce2acd84":64:"66c247e5ad4e1d6a":"":"efd064d4b4ef4c37b48ddf2fa6f5facc5e9cc4c3255b23a1e3765fabb5a339fa0eda754a5381b72989fc1323ff9a6bbaecd904eb4835e5a511b922927574673061ed8de23299ea1456054e7ebb62869878c34fb95e48c8385b5ebceecb962654cf1586b3f54e7887ce31850363e9a22be9e6fbc22e694db81aa055490495dbf2":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bc0dcb5261a641a08e6cb00d23e4deb":"d533ad89a1a578db330c01b4e04d08238b020e36aebe87cf2b0bf0b01f1ce4197be8b0596e475a95946918152e8b334ba89f60486c31f0bd8773ca4ff1319fe92197088b131e728d64405441c4fb5466641f0b8682e6cb371f8a8936140b16677f6def8b3dd9cbf47a73f553f1dca4320ad76f387e92f910f9434543f0df0626":"16fa19f69fceed9e97173207158755a5":"92ddd3b98f08fc8538f6106f6434a1efa0a7441cc7f6fd0841103c2e4dd181ea0c9a4811b3cb1bad1986a44d8addabc02dd6980daf7d60405b38dadc836bb1d0620ceab84e0134aca7c30f9f9490436b27acfd7052f9d7f0379b8e7116571017add46b9976f4b41431d47bae6f5f34dc42410793bc26c84bfe84fb53ae138c85":64:"f5289e1204ace3b2":"":"be0c30deeffbe51706247928132002b24d29272eee6b9d618483868e67280236632fa1ae06f3ef793f67bd01b1b01f70a827367c1cd28f778910457c7cbd977dfefff1f84a522247e19b2fd01fa22ce67cef9503d45c80a5084741f04108f2462b7cdd06a8f1f044fea2b05e920bcc061fbc6910175d732f45102a63c76ae48c":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"239c15492d6deec979e79236baca4635":"d64886ce5f5b4adb7fe8f95904bc1461749c931655b02819ffdd0ae31bad4175125aa68962f8e36ec834a7d53a191a74c937e81ec93ad9ce0d3b286d3c11ff1733c0b7780130768c120b1833933561cf07399ca49b912370ae34f0e49b9c8cb9920eddc6816ab2ae261c6d7f70058a9b83a494026f249e58c4c613eefafe6974":"916b8b5417578fa83d2e9e9b8e2e7f6b":"b39eb732bc296c555cc9f00cf4caaf37d012329f344a6b74a873baf0d8dde9631f5e57b45b957d6aec0f7978e573dd78b43d459b77756037cd64d10d49966eb3a2a08d0f4d5e4f5dcb8713f4e4756acdf9925c5fc6120c477f6dffc59b0b47a3d5efd32b8c9052b321bb9b5129e5c6a095d8de563601b34608456f58d7221f2d":32:"fc08cbbe":"":"95c169721ea007c3f292e4ec7562a426d9baa7d374fd82e1e48d1eaca93d891d5ffa9acf5e3bd82e713ac627141e26a8b654920baffab948401cc3c390d6eea9d7b78c4fcb080b0aa9222e4d51bf201ccfd9328995831435e065d92ad37ee41c7c4366cc1efe15c07fc0470608866aeea96997772ecf926934c5d02efe05f250":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"db68a96e216b0dd9945f14b878487e03":"5634196a32d4cbfa7a2f874a1e0f86287d2942090e0cc6a82bd5caf40136a27ddf524a17713ce4af04ca6cb640a7205cce4ac9cb2d0ab380d533e1e968089ea5740c0fcbfa51f2424008e0b89dc7b3396b224cfaed53b3ac0604879983d3e6e6d36053de4866f52976890f72b8f4b9505e4ebdd04c0497048c3ce19336133ea4":"8a1a72e7bb740ec37ea4619c3007f8ae":"1b4f37190a59a4fff41d348798d1829031204fd7ac2a1be7b5ea385567e95e2ace25bf9e324488dd3ab8ce7f29d4c9a4f4b1a8a97f774871ee825e2c17700128d3c55908d3b684a1f550fdb8b38149ff759c21debdd54e49d64d3e8aac803dfd81600464ed484749bb993f89d4224b3d7d55c756b454466ff9fd609019ed5e83":32:"9251d3e3":"":"0c6bb3ee5de5cbb4b39d85d509bcacb3dda63fa50897936531339882962e8dc54c285c8944768d12096d4a3c2b42ffa92603cee2da9b435ec52908fca6d38ed74f898fe0ffa761f96038ff7dfeccc65bb841c3457b8de1e97d9bee82e2911602ee2dc555b33a227424dea86d610d37c447776295b412b412903ad2cede5170b6":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":"":0 AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 128 bytes, ciphertext updates: 0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"63c3f81500746eaf383fe3975d84f849":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":"c53d01e53ee4a6ea106ea4a66538265e":0 AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 128 bytes, ciphertext updates: 1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"63c3f81500746eaf383fe3975d84f849":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":"c53d01e53ee4a6ea106ea4a66538265e":1 AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 128 bytes, ciphertext updates: 2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"63c3f81500746eaf383fe3975d84f849":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":"c53d01e53ee4a6ea106ea4a66538265e":2 AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 90 bytes, ciphertext updates: 0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"42c6e06f7f07c793864f6033f9022a41":"bd1258f14570dc663f81c31916bcb45490a7df15c95d827fd9e36aaf12f8fc51b8c0bc823faf1cccf9e6d6d3b132e874993325a1a2b1b61f9dacbb4a458de8d25dbf0ba4282d64a06686ddd0f099300b98e91362ffbeb44ebd22ad3c92ee06b230e234f85363642f57d0154aee09ff08d0e560b5728a5db8a18b26438177c45f":"ef675d5e33198af58e72d7f379dd35bd7234aa7a52ae28531ee2e77d6bf30f05c507b8cc72361f11e70017b30c0e374dd283d29c324c67d43d92868485b0ac2cc4e0dfef362df74c927f935d630611fa26c5be9bea49291d3875":"6640b62190bb4a11d4c7b37039bba6fb":0 AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 90 bytes, ciphertext updates: 1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"42c6e06f7f07c793864f6033f9022a41":"bd1258f14570dc663f81c31916bcb45490a7df15c95d827fd9e36aaf12f8fc51b8c0bc823faf1cccf9e6d6d3b132e874993325a1a2b1b61f9dacbb4a458de8d25dbf0ba4282d64a06686ddd0f099300b98e91362ffbeb44ebd22ad3c92ee06b230e234f85363642f57d0154aee09ff08d0e560b5728a5db8a18b26438177c45f":"ef675d5e33198af58e72d7f379dd35bd7234aa7a52ae28531ee2e77d6bf30f05c507b8cc72361f11e70017b30c0e374dd283d29c324c67d43d92868485b0ac2cc4e0dfef362df74c927f935d630611fa26c5be9bea49291d3875":"6640b62190bb4a11d4c7b37039bba6fb":1 AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 90 bytes, ciphertext updates: 2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"42c6e06f7f07c793864f6033f9022a41":"bd1258f14570dc663f81c31916bcb45490a7df15c95d827fd9e36aaf12f8fc51b8c0bc823faf1cccf9e6d6d3b132e874993325a1a2b1b61f9dacbb4a458de8d25dbf0ba4282d64a06686ddd0f099300b98e91362ffbeb44ebd22ad3c92ee06b230e234f85363642f57d0154aee09ff08d0e560b5728a5db8a18b26438177c45f":"ef675d5e33198af58e72d7f379dd35bd7234aa7a52ae28531ee2e77d6bf30f05c507b8cc72361f11e70017b30c0e374dd283d29c324c67d43d92868485b0ac2cc4e0dfef362df74c927f935d630611fa26c5be9bea49291d3875":"6640b62190bb4a11d4c7b37039bba6fb":2 AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 128 bytes, AD updates: 0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"c58583f6479d9bc9f1bffddefee66e59":"cee448b48d3506ff3ecc227a87987846":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"361fc2896d7ee986ecef7cbe665bc60c":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":0 AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 128 bytes, AD updates: 1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"c58583f6479d9bc9f1bffddefee66e59":"cee448b48d3506ff3ecc227a87987846":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"361fc2896d7ee986ecef7cbe665bc60c":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":1 AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 128 bytes, AD updates: 2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"c58583f6479d9bc9f1bffddefee66e59":"cee448b48d3506ff3ecc227a87987846":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"361fc2896d7ee986ecef7cbe665bc60c":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":2 AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 51 bytes, AD updates: 0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"24168b48b45759c8d4f9b061f0cbc16a":"b8e5ede75254cc4542191c7e7b0319ad81651451b639caf81c81c98301a4a0af70e291a4e35b448917be1e400fc64a22edf32913162558c2591ee3e80f397d73dfbc68b82da49bda9bcbb6aaf26919e21c1773cf51f6c5b71784f47978cc0d593b4be0259ab22b0b48de733a884c50a8c148c495973a8f5f84f2e93755666bf5":"be19c7e3d3e63f73d833c967d8d62f388ab9617a2adebe5abd99b5ec64599c46bc28bc62770e08995b0bbf27089e3e17b80424":"4aec633d4daed9ce76d697c11f66f34e":"cb7f10bda7da8a2569ed1f3b667127a1e0fb197283aa16ab8cddd43186bd126b118e671cab3e325877fe0e79f1863f89122c8f":0 AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 51 bytes, AD updates: 1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"24168b48b45759c8d4f9b061f0cbc16a":"b8e5ede75254cc4542191c7e7b0319ad81651451b639caf81c81c98301a4a0af70e291a4e35b448917be1e400fc64a22edf32913162558c2591ee3e80f397d73dfbc68b82da49bda9bcbb6aaf26919e21c1773cf51f6c5b71784f47978cc0d593b4be0259ab22b0b48de733a884c50a8c148c495973a8f5f84f2e93755666bf5":"be19c7e3d3e63f73d833c967d8d62f388ab9617a2adebe5abd99b5ec64599c46bc28bc62770e08995b0bbf27089e3e17b80424":"4aec633d4daed9ce76d697c11f66f34e":"cb7f10bda7da8a2569ed1f3b667127a1e0fb197283aa16ab8cddd43186bd126b118e671cab3e325877fe0e79f1863f89122c8f":1 AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 51 bytes, AD updates: 2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"24168b48b45759c8d4f9b061f0cbc16a":"b8e5ede75254cc4542191c7e7b0319ad81651451b639caf81c81c98301a4a0af70e291a4e35b448917be1e400fc64a22edf32913162558c2591ee3e80f397d73dfbc68b82da49bda9bcbb6aaf26919e21c1773cf51f6c5b71784f47978cc0d593b4be0259ab22b0b48de733a884c50a8c148c495973a8f5f84f2e93755666bf5":"be19c7e3d3e63f73d833c967d8d62f388ab9617a2adebe5abd99b5ec64599c46bc28bc62770e08995b0bbf27089e3e17b80424":"4aec633d4daed9ce76d697c11f66f34e":"cb7f10bda7da8a2569ed1f3b667127a1e0fb197283aa16ab8cddd43186bd126b118e671cab3e325877fe0e79f1863f89122c8f":2 AES-GCM NIST - empty AD, empty ciphertext -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_decrypt_and_verify_no_ad_no_cipher:MBEDTLS_CIPHER_ID_AES:"cf063a34d4a9a76c2c86787d3f96db71":"113b9785971864c83b01c787":"72ac8493e3a5228b5d130a69d2510e42" AES-GCM Bad IV (AES-128,128,0,0,32) #0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT AES-GCM, output buffer too small, NIST Validation (AES-128,128,1024,0,128) #0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_update_output_buffer_too_small:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"0dd358bc3f992f26e81e3a2f3aa2d517":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"d8c750bb443ee1a169dfe97cfe4d855b" AES-GCM Selftest -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data index a87fb180e0..be3b067b39 100644 --- a/tests/suites/test_suite_gcm.aes128_en.data +++ b/tests/suites/test_suite_gcm.aes128_en.data @@ -1,735 +1,735 @@ AES-GCM NIST Validation (AES-128,128,0,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1014f74310d1718d1cc8f65f033aaf83":"":"6bb54c9fd83c12f5ba76cc83f7650d2c":"":"":128:"0b6b57db309eff920c8133b8691e0cac":0 AES-GCM NIST Validation (AES-128,128,0,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d874a25f2269e352ccdd83cc2d4e45b7":"":"9717abb9ed114f2760a067279c3821e3":"":"":128:"0e09e53e5fe8d818c5397c51173eda97":0 AES-GCM NIST Validation (AES-128,128,0,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7dab77e23b901c926454f29677eb62d4":"":"8aaec11c4a0f053d7f40badd31a63e27":"":"":128:"cec2e3230d8b762acee527e184e4c0db":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2397f163a0cb50b0e8c85f909b96adc1":"":"97a631f5f6fc928ffce32ee2c92f5e50":"":"":120:"3b74cca7bcdc07c8f8d4818de714f2":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a7adc0d3aacef42397bbca79dd65dbdf":"":"c6d3114c1429e37314683081d484c87c":"":"":120:"d88141d27fe1748919845cfa5934bc":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"10171805d7f7a6d87b64bda57474d7fc":"":"fad65b50c1007c4b0c83c7a6720cacb8":"":"":120:"c3d3f240d3f3da317eae42a238bcc1":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8aaa0c85d214c6c9e9e260e62f695827":"":"84e25c916f38dd6fdb732c0d6d8f86bb":"":"":112:"a774815a2a8432ca891ef4003125":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"def8b6a58b8e582e57700bab4f2a4109":"":"3615439e9fb777439eb814256c894fb2":"":"":112:"537be9c88d3a46845e6cf5f91e11":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5894231d743f79638687c070b60beee1":"":"e34cd13b897d1c9b8011a0e63950c099":"":"":112:"d582c4bc083a8cf1af4d5c2c9b11":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6b25f9cbdc3bcd27fd245a1c411594bc":"":"a6526f8c803b69dd5f59feca1cff78e2":"":"":104:"c7e19e08a09a9c1fa698202890":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b3235422897b6459798a97ddd709db3d":"":"96679e9362f919217d5e64068969d958":"":"":104:"44ed41bda0eb0958d407b7b787":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f65bc795434efba3c5399ed3c99ff045":"":"2e727c19a89cba6f9c04d990245fceed":"":"":104:"64830ed7f772e898800fc9ae2a":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c6c66d50f2f76c4e911b3b17fcdcba1d":"":"77b42158a4ef5dc33039d33631bb0161":"":"":96:"1bce3ba33f73e750ab284d78":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"13558db9b7441c585d381ffc16b32517":"":"addf5dbe0975c5ad321e14dd4bdc2ad2":"":"":96:"f413c3bf125ce5317cd1c6bd":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"74638628b1361c2954ce0ac5456a1155":"":"c5861507c879e6864d7cb1f77cc55cc6":"":"":96:"8a514fdc7835711e4f458199":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7815d22c5c081df9ac2114aaa2c0cbf9":"":"822f83cd9f249dfc204b5957f0b0deab":"":"":64:"aa1f69f5d3bb79e5":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1a847a47823cb9c298e4107c6aaff95c":"":"39348f80c6bc489f9315be7a6fcbb96f":"":"":64:"c3b3f31e56cf4895":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"16e67ea248ea6db08af1d810cb10574e":"":"50386e2075eb15ca3f3e6db6bff01969":"":"":64:"3d4f3b8526a376ae":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"26a8301636ba93e7f56309143f184241":"":"c7e32b1d312971bdc344aefaf45461bc":"":"":32:"25f1b41c":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"130a07c467067148da2790f90d73ff32":"":"800b81c9d2ff3a8e15690ffb4117e211":"":"":32:"abcc8d71":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ccfaae59c3196b8c403716424ea601f5":"":"f9b059de0efa4e3f364763d63d098410":"":"":32:"8933444f":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b5beefbdd23360f2dd1e6e3c1ddbfebf":"":"81a8494f85be635d71e5663789162494":"f9ebf242b616a42e2057ede3b56b4c27349fed148817a710654de75d1cfc5f6304709b46ef1e2ccb42f877c50f484f8a8c6b0a25cff61d9537c3fd0c69bbc6ef21cbec8986cbc9b6e87963b8d9db91b7134afe69d3d9dec3a76b6c645f9c5528968f27396cc9e989d589369c90bbfefb249e3fa416451bc3d6592cc5feefbd76":"":128:"159a642185e0756d46f1db57af975fa3":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c465aa8fe5d534c912e654f5aaed5857":"":"5c155f7194b0d0a17b9a0c234d609443":"a3f8d705b233b574399f72350b256cb4893e130688913ce3def8e44687688c0352ff987aea35dc53bc95cdb9cdcc6e6eb280265d9a1af38d526392ab63c9b043c1b1b43e18321e84eb7e08884f2463c32b55eb5859fb10918595a724a61cfdf935e4f96d0721612720d46a946487b525779f6ce0abf04fc5608351119b7427d2":"":128:"9595a6d879cd7a949fa08e95d2b76c69":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"744b9e1692d8974d7dec349ebd7fe1e8":"":"62ad4b09fd554e0d6b3937839e693e5b":"6f9978f7078f0030c45caf49128ff72943a208a2398d08d132239f3ab5c184708e4222ec9ccde69dc86d1700c2fe0af939454bbb3962327158557860b6fa492ab8201df262a6209705c7e3129419bce8b827320893c1579ca05b32c81b3963b849428f71fe7528e710557a272117199163a35ebfbaba78f7676f7e566b16311a":"":128:"634f6fe9625be8b1af9f46bcc0fa3162":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"097c059535037c6b358dbb5a68b5f2b1":"":"00caedfa078c27e3d9551e3fb8d98d77":"6c4bde11129a959fcd6a482cb19f5f1c582c042b314f7997b0450242f9e669dc1cbb0a3b7a185bf8b035267e6f03206268008e2b97864d44d6a9c6b1b4b067d623c4b4e9c608042ea9120aed3bee80886352683891496d8980e40b8480c98c2fe08f945aa1ef6007c65220319dd8678184ab54e81083b746ec6441e87a568e0c":"":120:"5075ef45c6326726264703f72badde":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d25db5eca46c16490294423ca0c35660":"":"6f37f15d6c7ea816278ab977c29fa45e":"bd76fd431cea72a288e5d7289c651c93b5f429a54f85249021d6b595eb9ce26e18914a381a6b0299acc3725431b352670f206b731be718a598ec123dce0a2c5ac0aa4641b092e704da9f967b909ca55c2722298365a50dcb5b5ec03a1d0cbb67b8de1e8b06e724af91137e0d98e7dc1e8253887da453cdcbd2eca03deacaabb8":"":120:"00510851e9682213d4124d5517ebaf":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b3c6258a726aff94a7bcc41646c68157":"":"7f5b3315afe5167a7e9061ab8b005588":"0ef3384862c7e00c2912e7fde91345dc3134b5448e6838f41135ba9199c03a7f208887e467563b39a6c1316540c1401e8ff148386c50fcf15724a65d3210b17832d63cdce76bd2b458348332b0b542122a57e381475a59440f280db6e1f4b8d0babfd47e3db11a9ef89cba5f334f0e8e72be30afb2b1ef2df8eb7f8d3da033c4":"":120:"180489039ccf4a86c5f6349fc2235b":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"73cd0a1e2b6e12fbaa7cbace77d5119c":"":"d897681764bcc3b62c26b4aaf407cefa":"8c773e14a906c7deae362d1bf3d7e54c6be4c74c691b7f2d248693b2619219fba6eb5bc45f77af1cf7c05d3dd463158f884fe82290d145135889fd851b86ee282aa20bbdf6af78c7f9db6128b8b99e7f9b270fd222efa18f7aca6932a1024efb72113e812b3f9d2d4ccc7c85f5898ddacccbf1b441cd74097740dd922b57bade":"":112:"d8811a8990191f1e5bd15be84995":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c1dfddafe076d0ceebb0f37bb25bc0b1":"":"29c56db10cea802c19fb6230227ab2bf":"287b73cdc62ce058cdceff8e9af7afc321716f69da9eef60c2de93630ba7d0ed0a9d303cd15521a2647159b8478593f3dd3f5b7c52081e5154e55ccbff371d7e5dfc2d05e14d666a01ec2cc6028aacadfd78dfc73bf639fc4dfa0a0c46415902bbda2443620fa5e0ce4fccf1b8591e3a548f95755102a8438300753ea5f61b9f":"":112:"309fedad1f3b81e51d69e4162e6f":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2c4087ccd28ceda147d2fcfc18579b1e":"":"9cbdd67c79ab46bcbcfa96fa2c3d7e87":"35088d18dff0a9d3929ce087668aae1d364b37a97102f3f43e11950e6ec8296d0c99b00cd1c5dff53d3a38475e7da7b9ee4ce0c6388a95d3f8b036414e4b79cd02b5468cbb277f930e7c92432a609db1effe65f60f1174b58f713e199491f9e0c29ba1f2e43306775d18c1136274af61488a2f932e95eceadfe3fe4b854fe899":"":112:"b7e83207eb313b3ceb2360bc8d4f":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"bb66584c8b18f44c11f3bd7180b9b11d":"":"39c82aee03ce0862ff99f8812cdbdcf0":"45ec858e0a5c6d81144ba893e0002818a70e9a19002a5471993077241b3fcfb4fd984f2450803293882d1c7ecb654e611578fe7d258f9a2ca3b5f0c0f0d0ec4828bdeb9299914ff2ac4cc997cf54fa908afdb3eae9f91d67c4637e1f9eb1eae2b3f482ddd5467668bc368b96bbbfc33b9ae2658e4ca43fcf4b66ba2a079d65f1":"":104:"24332fd35a83b1dfb75969819b":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7b2a230c8978d4e38fa5096ddc19d6f5":"":"cd25e744a78af858e825e1fd070324ee":"628baac336862573cee158cd3935c34df3055dadc9c1695e9ea18724f6457f0d1833aab30b85a99e0793e56000de5d6d5cb2327a4cc8bec40cd198459e7b93617713e63bbd15381a066bc44a69c9ad3dfb1984f8b33a9429eda3068d3ac5fbbaaee2b952a486e58d674ffca641d9ec1d102600af11641fd5fff725204e6c34a8":"":104:"68d49d495ff092ca8e5a2c16cb":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"73aa576e1dfad2c993afcc088bd8d62b":"":"712e665a0a83e8ecad97e92afeb35706":"314e5fee776e9d5d2a1fb64ceb78e2c9a560a34724e30da860b5588fe63d50838cb480ff8ac61d7958b470b1bfd4c84799af6cb74c4a331b198204a251e731f7d785b966da595b745d01769623492c18b9dd8bd3c75249effd2032658c715906a71dbbed847027ea75d647f9803296a41906e0915250854597a163035a8d3f45":"":104:"a41f5c9c7de2694c75856460d4":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"83f7631c4d4c466c9246cbc48e2dde6f":"":"f5d6c8c252cb687a931c38f58f74943c":"1f35e94a35d0f424bf690a15038126a41502593612efe6333cf94ea0565ca6acdefae8d74dae62df95e9261c6596c3397220e044c5b08cf39cccb27315d9b795da321204910274a93436bc0573fdba04ae6bb14c6ca955cf8b9e193a12e05796d7f4b397507614dabc457f1cd3ce19e439b6e62703f2189372938b29b7a542b9":"":96:"bb85dbd858ab7b752da7e53c":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"784e023b2d4c978151d05ee71533c56c":"":"f16d041b9f0f454db9985c8558ef8a61":"91f6e108c294640c7bc65d102d3d25a7bfbbe114acec9b495636689afd65fff794837946602ef04de7d4304a81809e0f7ddc45c476c29fd5286fcf4dd1ba76ed3ce88abdb51cd21e7aaeecb13238ac031da87ab96b2a13157278bf669d0efae28852ec3585d520d54502881322f7977d03954e17e7c0c0d8f762e34f59ca141e":"":96:"59699c639d67be6a6d7c9789":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d3a2ec66e4a72cb3540e87f4e67c7e58":"":"07a9cf9f44b07e3067d60e276322e9fb":"d7e722b82e8607a64fbfeefc7887009298f06a637fe937277e3a76e8addaeeb460ba0743912c07b500b4b51e9fec2b7eddf691d155baf689f75968160c19a8330e254220142ae843bf0687aabeb74ab607227b0a7539ec3cfea72a5c35f236623af78beffaee6e7b1adc2895732ffedb3f8520710f04eb9c2ce9b2cae215ed5c":"":96:"f29aec72368bfcfa9ae815fd":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"83f382a90146544ef4871bde891aed22":"":"c6f664f5ccfd1aaefb60f7fa3b642302":"656a2f221a1339d8f5c26393a08fa31859f626eec9a68afb6ee30e5b6859d1cbb5ed7dea6cbc4a5d537d70227d0608185df71a0252fa313be4d804567c162b743814f8b8306155931fdecf13822a524868b99a27fd2ff8f98c16edccd64520e2dce1ad645fd5255c7c436d9b876f592ef468397b00857ba948edf21215d63d99":"":64:"09df79dd8b476f69":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"64334f10a62c26fef79d9024d4ba7c5f":"":"7b85251554d4f0ff89980cf3568c5caa":"dab2892262a1832a473cd3481acbd3d1820f14361c275514ec693b40f2170ea5ff82c4f7e95a7c783ea52c43a0a399c37b31319a122fd1a722e6631efa33f8bfb6dc193986580f0344d28842a3a4a5ca6880552557f3915a65501f6ee0c1b68a4c9040f0fac381cbccb6a6e9bca23b99f2ef1abbca71c69aa27af2db176bf37d":"":64:"3e8406900a4c28bc":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1c98ca4971c3a6333c18b88addf13368":"":"7f617f08e826a3c61882c3e00c203d4b":"ab1531fce0f279d21091c3334bd20afa55c7155bfc275330ed45f91cfc953771cbde2582f4be279918ac8b9ae07cb3b2efd14292e094891d4841be329678ad58d714fc8ce4bffe51f539f4240c14ba883b95cdc32cf4a9fd6ba4ffeafa0d6718989c46483c96cfca3fe91000f9f923d7f96725e966de068b5da65546fe38f70e":"":64:"58cc756d3bf9b6f9":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"247d3abeb807bde959e68b40a3750045":"":"3f5390cd7921fcb42c59f0db05a8a62f":"81abf375da7157a1a56068d0918037fecb7296d9b1771c54ae6030abda4b9d76feff818de81747980b2c1b005e36b3be36afbf1092edef6fd875d2903d73612addf206a6ae65886421059c70990a6ee33197f92bed649901fed62fdd20c30d81baf6090f50d9f59290528e58a0b7412ace0a293369f2b4c8d72c2fb0e1c432f5":"":32:"37bb4857":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"622be8cd3c757de00fbb7ab4563ce14f":"":"16c53a843b1549716d7c06b141861862":"a15d101580d549f2401bf0f36be0f83724875205c9109d2d69d2609cbf67504b918f0859303192b4075f952454f3e7152f898f997b36afc0356712fc08db3343054b20e88ad1274e019bf8fcc3c921d3bc8f9c1d1d24adc61f6033a83ef46a84762304f1903553748b13b1647c96eb8702ebb41ccea4d9cfebcb177c453277f2":"":32:"35778596":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8a660aa0191f9816261387d5aeb262f6":"":"c720cb31e841480da5ba656e9b93f066":"d979affe395bd048db26d26908a1c2a435905299086cc55bb65ef782f5aed99c41743c3ae252ea087f5453bdc605abd784b337b60960946358da2218b076826659a1fafa59124a00a3424fce0d00c38eea85cfb3d1e01bcb09d9870d5b3fe728f394e0e512f5aa849d0550d45a7cc384f1e4c6b2e138efbc8f586b5b5ed09212":"":32:"cf7944b1":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ce0f8cfe9d64c4f4c045d11b97c2d918":"dfff250d380f363880963b42d6913c1ba11e8edf7c4ab8b76d79ccbaac628f548ee542f48728a9a2620a0d69339c8291e8d398440d740e310908cdee7c273cc91275ce7271ba12f69237998b07b789b3993aaac8dc4ec1914432a30f5172f79ea0539bd1f70b36d437e5170bc63039a5280816c05e1e41760b58e35696cebd55":"ad4c3627a494fc628316dc03faf81db8":"":"0de73d9702d9357c9e8619b7944e40732ac2f4dd3f1b42d8d7f36acb1f1497990d0ec3d626082cdb1384ec72a4c1d98955ba2a3aae6d81b24e9ce533eb5ede7210ae4a06d43f750138b8914d754d43bce416fee799cc4dd03949acedc34def7d6bde6ba41a4cf03d209689a3ad181f1b6dcf76ca25c87eb1c7459cc9f95ddc57":128:"5f6a3620e59fe8977286f502d0da7517":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"81371acd5553fdadc6af96fdeee4c64d":"940806fd5ddcab9937b4ba875e46bb4b7e9688d616d17fd24646f1ef1457819f55887f53bd70039bb83b4d346aabe805288ab7a5756874bdc2b3d4894217d3a036da5e9e162fa2d9819ceb561ecf817efc9493b9a60796f6dc5e717ac99bc4ba298eee4f3cd56bbc07dde970d4f07bbfa1f5fe18c29a3927abe11369091df28f":"3262501ed230bc4f5a190ab050e1bcee":"":"ffeb1907bdbfea877890a6e972a533ae661a903a257b3b912c7c768cc988e05afd71a9e6117d90d1e1b54f55de9b10cbce7a109452567483cc8d6a68b9e56da10802630591fdd8d55f9e172f0f58a7e0c56a73a1ae3c3062f0997b364eb0885d48e039b2ba1bd14dbb9c74a41cbd4b52564e470d1a8038d15207a7650bd3f1d6":128:"227d422f8797b58aa6a189658b770da9":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ef5295e9ae74729e222df6dab251158d":"59372848432f86f5740500391d2e5d5fbe1f80ea876a0ecb9a5b298d9ea7cdc28620aeb2fda015345ae476f265351b2c6b6fcd66bc8aae4dc8a95c1350cda204da3d2d2fc5e6e142dc448296d5df0cc349d1eba2fa98d2f468662616274a147fbe07927440afa3967ac09a03a8de0b03f3036bde5e272e3c4c5ff169dd730238":"194d08fcc3c08ab96fa724c381274d3f":"":"fdceeffdc8390bde6b910544db61db2f345eba0664f78f65d94b90e3e2a5251be374b3c5d881460cfff3549a01f84eb9d54087306a20f5156cd555e46bd2173386c90ea47983320fcbf24e09a05f2ec4b2577287d05e050b55b3002b753de49abef895ee97015810c06d09212b0c09e4910c64ac3981795a1e360197740360fd":128:"e94603dbd8af99ab1e14c602a38a0328":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"26db035f2ddd9f5672c6f6af156838d7":"92c315936847649756b0b1bb4a3453e6e6da866f8088d96da44412d9f47a22dda0cd817287ba42163be59a69f73963059139fb3ba44bc5ebfd95b6742546dfb4fe95608dca71911d1347be68179d99c9ebf7ee1d56b17195f8794f3a658d7cad2317ed1d4bc246cd4530e17147e9ecdf41091a411a98bb6047eee8b4f1e4a9ef":"3686d49bb8c7bd15546d453fdf30e1f3":"":"1ac98e9ccfe63a2f12a011e514f446c4c0e22dd93613b1b9b8f56d148be8a24e3682dfc1cde2b69e72d200b516a99e7466dae8cc678c6117dc14b2364cd2b952aed59722056d7dae4cfdb7d9c4f716aef2aa91a4f161d01c98d92d974247bb972de0557e175177ce34361be40c30ab9ac46240016e5ad350c3b7232c5920e051":120:"b744316880b0df3d4f90c3ffa44144":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d5c63757197a132cbb33351fd2d81a46":"e970b62ce5f06b15f8448aa2a095c2b3c8adf535e110e7f374411ed51fa19f9c4926045f796b7cd8a942b6a19811b7aae59fce37e50d6ca5a4a57bfb041a5b51c1ee82b54d03be22d9dc2bb9a2e708503b85e2479b0425a033ae825b4f232ca373e280e3cc97cf0d79397a81fb30d3b41cdaa3e788470cde86734e10a58b1e3a":"a669a4d2f841f9a0b9ede1fb61fee911":"":"522ba7220d0d4bea7ab9ca74ad8fa96ba337f7aa749cd26186499081ba325df6d6b90a81bd1c7adda0cd1ca065894f14a074ec13eff117b2a00042038aea55850056a63adf04f58fcd7269085f5ad1ef17ce7b6c40804127f14747a2ad93ec31fada83663af025a3b90c20a4ae415b1c960094e5fd57db0d93a81edcce64f72d":120:"7bfce3c8e513a89a5ee1480db9441f":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f380d3bf0d55a1cd56b7e78359eb6c66":"c0e977e91c1c50ee78d4a56c527b2d31a1a14f261aa77e52d910f8f230de4908b5cc6943e28b8c6e7ac61eebe270dcfde48d140ec13792371932e545b6ef4b52d1dfdf54c60ff892b74095a3f4a2b9000acd2cac04666a2305343b8c09f89dcc0c25bbe2a39b14624118df025962edec3dfc58d36fcac531b291ec45b5159e22":"ba3300f3a01e07dde1708343f01304d4":"":"752f09b518616a91a802cf181532c7ec65b54c59c1bab3860f0ad19971a9e5bc8843524c5ffac827067b462ebb328e2eff4dd931728de882055129997204e78717becd66e1f6c9e8a273c4251896343604ac289eb1880207a8ea012626e18e69ad7573ef73071b8e2fb22c75c7fc7bf22382d55a5d709c15e4e8ff14e2bf81e4":120:"fbf8818aee5c71ebfd19b0bcd96a7a":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"47c807cd1cf181040a4e3b1d94659db8":"c4a52c1f1f0d32c21fb85fba21d1b358b332efa066c7893c566b2e859efdde99fc67bb6167cdb0485a8ed53dd1068d90bc990f360b044039791be6048ba0ee4ce1090c9fce602af59d69069f5bff8b6219aaaed5a9b1bfc8c5b7250c5a6cfe86586fa8064124d551da38d429a17696eb1a7a0341c363f010eafd26683eecdf82":"9963a3fb156beacd6dd88c15e83929df":"":"e784ab006de8a52de1d04bc2c680d847c5decdd777cb2475ad4ab1dc529882d9e51cff5451b14ea5ff9a9bab5c5474e8a331d79564acdb2ac8159e0f46e9019bf80650c481fdaf1680cadcb8c5de9f924760b376ce5736cc4970cb8715b5999f577436283a4c21469306840af36d1e069616157d1b9ce75de3adb13d201cdf1b":112:"51e8ce23f415a39be5991a7a925b":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a0b033d14fe902aa0892b0e87f966c41":"1cc751d890cd102486d81c618c23fa335067ac324ef11f7eddc937853db6e16d0f73727725a5a5bd580705416ecd97e368464ed0aea923ffb71c23c37f9cf9c8bd81cdbdc3d0ac34a875db3167ec1d519004d4fa4bba041af67af1ed3d4e09c32b3e8e10abd91f46836cec74b1f9c5b06c05f3b18caa78e7ff185db212b52ce0":"ad4dee18e6c19433ad52021164f8afb7":"":"a30044582dacf57332b04402e993831df0a4c1364a83c9bce7353979fb444cd1b3fe747e2c933457ff21f39e943a38a85457bfe99dc09af886734d6e4218fc65138055ad8eb5d3044f4eed658e312b6165199e682ffa226558dc4b516f8d519f149bb5a40d2bb7d59ece9e5fd05358c89e635792ad20c73c174719f9b28c7358":112:"6a18a4f880ce9e6796e1086ed05b":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c4030ca84f132bfabaf660e036f56377":"a8fe98e2b4880d12c99c9d5193b3537b3fbc5165cc1327395174d989be5741f867332271cdc52ddb295ddbeba33698073054c6d2416fafaeb0a76aad870a6fb6097a29fba99f858d49418572c8e4dc0d074ca8af7727c773c8617495b1195d6b2687a2e37fad116dd721b60bcb5471d548c6dafe3ecdcf0c962e4659a61f4df3":"975df9c932a46d54d677af8a6c9c9cc3":"":"86b20fecebc4cf88a6a382d693117cd2a3c9eab747bf5df5f1d35e341d204d8fea6694b92552e347da676bc8d3353984e96472a509f5208ce100a2a9232478417947f85f10993c9d6939c8138bd6151aef8e2038536e8ba1ba84442e27586c1b642f9505455c738e9fd2c1b2527d1ecd3a2f6ed6e3869000ef68417ec99ff7a2":112:"3516909124c0c1f9c30453c90052":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6e210de363f170a7ccb1b9cec8d34737":"89853fa002985a45651f2a7db2b45b7e7a7d33ce6c438ec4533c7fa257e1a384130369a68184a807fd0d92a70d91d7ddc56e5c5172c872257230d7aeb9293d785b1b8835dcde753798caff4abcd8bbc5378cd505dcf904aa69902e4f38699be972099adffc8778bd844a9a03e6b58a721a73324d956f20f2ffd00d3491f72f42":"39fe20b051ba21319a745349d908c4bf":"":"ac9d74f8f405fd482287a4a7fa359caca095c0f1b46744f19c3c11e13b0c605b9857c8cc5a1754b95bcc658416f463bf8764f373205941885948259916eaabd964f2d6c2d784f928dc5eefe331f6c04b4862d4c8e966530de6bf533a10818de852de3af7f521b167cb4eb7141ba8ae8a17be1eb714fd26a474bbbbe870a659dc":104:"7a2dfc88ad34d889f5e344ee0e":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6bbfeda23ea644fb37666b05dc47f590":"a85ec4c2c160deda7e3de0ae449eea6ed1d24e2c8f3d5151f2ac0fd869f5a763981733b68f46c5197d76c26cce7ddc8afc6cdf4536d771cf3e9cef0098e270c5e1ff72cb0ad7f84abf44b726e0eae052d0c1553afc67c7289a43851a4d04c2856cc46b4039380436465a3b19deb56e41b859aecaf22b90578a23288d5f7d9b0e":"9d154f3cc2c5b0bdd77e86e351220960":"":"dbe575ea04b58429e68c733d99d7fb3a57e5604d6fc3baf17e0c6f981d78c070144702861316f892023515f20b697a8f3a40d821162dc9255d4775e7578285acf2cca67e902c060f80eaae29b9c011b6c110371409d914782e1e4115dc59439a2823507330852f10436b121538f22a3b619075610f1da87b6035138d78c75a79":104:"8698763c121bf3c2262ba87a40":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ce1407f666f2aa142ed4ef50eb2a4f64":"585fc1e86809247826f87424741f6ce2ce7c7228fb960803be643acd28332b2036715e2b639fe3f8de7e43e88bd8e65a6e2259391360aaf534ae7566cbd2b3961c874d08636fca117d4123b3063931d7a161d00220014339ae9f447f31b8a2d7d5466fb1ff2508397b5fa71f9b4cd278c541442a052ae4367889deaed4095127":"1225a2662d6652e3d4e9c5556bc54af4":"":"8bc13cc1cb52fbd15390cb5663ce3111c3fb943f8ed3c4f07b7aeb723649fccb90895999ec5dbdb69712d8e34ae3f325fefa49ecc7c074de8bb2ea01fa0554d7adbf49498f2f6e78aa0cd24620bab0f11bf9b2c73ad0eff780eb6c03ee9c4538952af754c566aba7c717d1ee6ac2f5ffe21dab9afd649cd65313ee686596fef0":104:"9a1f1137f9ed217815551657bf":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5ecea1da76d6df90fd0d4077ef631b17":"d87e9a0c6a9796d60ed78924f7a8c408d5b9fab03fc76790e74029f13358fcae0035bd971a400845f508c2c2cdc3949be498193afcca6d75f8d21521ac673bd41a936a133fb5ed61098f3cb89df5234c5ca5ad3dbbe488243d282412844df0d816c430de3280ab0680a2a5629dce53f94e8eb60b790f438a70fafb8a3ed78a1b":"7d7ae2ed1cfc972f60122dec79ff06fc":"":"1eb19da71857854420c0b171f1f0714972fe7090db125d509aff6d92e5192353187f0906e3e8187f73709d1a60e074af01e83d1306d582a82edbdbebc797a733d72e2d4208675ef98ea4eaaddae2292e336fcd3fa85cdc577f4b8d3f324f0c5cf3919701208d6978f83466a02ae6cc368f57e18b9ee16e04cf6024b0c7fbad33":96:"f74b3635ec3d755dc6defbd2":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6d6de51c30692d7863482cbbaa5ccbc3":"9f242c230ae44ad91cb0f4fe259684883968f3ca4f57a3e0cc4b03ab063a4eacdf63f9e7900a98073e345d1b497b985887e1ffb5fe7d88cefa57dd41076f2da55ce7ab0899bdc5799b23773f8f7a4dfbf1861cf4de377281fae9763dd4ea8dc7c0d632b874c86ac8e4c90339ec3f14cc51bf9241660ab828605cc602984a0f10":"c6c0fa3da95255af5f15706274fa54ee":"":"55e75daa3df3b13a33f784d5adacb2ff6861cacb297d5eaa61693985b6a0f82e9e0b3a28d10648191c6e62d6260d8a8bb471e6b37aca00dafdb2fb17454660f90c2849a9ad1733d7bc227d962b3cd86ab32d5b031eb2e717e4551cb23d448e06bac7b2a4cadb0886fde472d45de39eca2df474ba79eb58504318207325c81813":96:"8eb9086a53c41c6a67bad490":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"76b7f2307e9cf9221c8f3ff7105327f9":"bc076bfd1ff7a9fb043a371e5af7112bb0c9c442be44ca648567937bcc091c127f02ab70b81ce51b2f7a38954dca3d94b3716c6114f0ba349d6f87f5efd84506ed289dfe8a1277a5d1821c56f9f297cb647cdf36d308e6ad41c55d68a5baaa520d11d18f5ddea061c4b1b1ec162b2d5bcf7c7716235dd31eda3dc3094cb15b26":"3cdaf7932a953999a6ce5c3cbd0df7e8":"":"88c70d3cf5817f9fa669aadf731c0eb03c3d8e552f2dc763001ac94837353ab75b0c6553bb8ba2f83ef0556f73dae78f76bc22de9a9167d7be8e31da6e68b0f0bdf5566059901726b6f2890ac8745ed14f8898a937e7d3e4454246185124f65cebd278f8c11fb0de22da7248f33ef6bb82cb1c08259970714de39ea4114f85af":96:"6006fe48f74f30bc467c7c50":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"bac83044f9d8fefcd24766644317c533":"a72daba9de96bc03b5cd7449c2e97c858385475127b9614e37c197225d5789535b69f9123993c89a4815c1b4393bfe23754ddc6c01fc44cd2009b5f886988dc70a8cebb12664fa4a692db89acb91de6a9eda48542b04459149f59537e703e3e89f6d683ebb797fce3874c819d08676d926bf2da2f83a22449b89e204b5ece58a":"1307cd0e6f9ba5570e9781fca9a4f577":"":"479cdb5f65b9baff52a96c75790e3b7e239125f94525068cd1d73a1b8475080f33451ec83789d7189f5ad6a9130e7aa4df10d71ecabb5ccd980d84d0fbfb342506edcf7298ccb310c0e297dd443ded77cf1d96fc49055534439f1af583217a5de36e4df036a3b640d0212658399b629193080d38aff0d4e8aecd6c8d8f48b44f":64:"ca192f8153aa5fb7":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"627776b20ce9bb070a88f1a13d484550":"1da4a24fb12538a724f62b277410d50e918bd6224d4a61df6fb7734300643198debea71686e018bcd8455c2041265d11f7f5dcec08c31fc94784404423bcf1dc8e615227d2b0840be123a1efb8201aaa15254a14a2d76a6ddf536701cb3379d3c6b1b0d689e5896186c88d4a2c53a70bb422ecc8e0a5c3b9f3d89ce40676e4f9":"57f3f9388ea1e2c1c73f60b7d711f6ea":"":"f8a06eea528dad12b11ead51763aa68ca062f9f6c1c1f740fb910974f7ad9d2ac87c16fb74d07c3bd3b45f2e26af417e00416bdfee7ed0b69274ead70a52201c1fc05937438855f5564ec3e824daa0c59da1aa6f6cb8a44ab5f73d661b219766b80656cd3ff1e2d6909c6ce91fb14931af8580e859e9d7642678c1c35d9435d4":64:"05b432826dd9b044":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8954e2c0a7ea80fe3c8e75246f75bdbd":"d77e11a837eff95c77dd56e9cd97f0ffcee0adcca4a2203d23ce74c804a75cef1bdd69b16228472a2395118dfce636b8916372d6a24106f9a168055c6d4b44264674ce3905b3b30f5108ebf939f3fa8f55c12e001b457b73669acd23c1dcabea05aaba34e2d0f66a4d1c9162764228ebc4d3974fdb38b1a61a207788c5deb878":"2b5f9420b3c583403d92d76a2dd681c3":"":"35b8a04d6557426def9915eb798312a7572e040a65990ce15a8a6e5acd6b419c3fa26828b6efd2f1f50f91f672fed0feaa09a6ca6b4844fac5d3db571db8bbce250086b8c89aa6fa07bdca8dd0e1fe76e0f5a821145bafa11f3a9b0b003ad09de73ad71849ac58f7fd50851aa0fbbed17d222a0a5607f9f75dd3b0d3fa45a135":64:"96511adc097838e6":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7d0f9109dd846c47527a429b98d53301":"506efc29c0f02910cc9f5b2e677bb811e366b9e4910c00b36e48e5d5b42718f3b6d1a08a2de9c6d4ce44fce00fb7e10cf89396a88bdb38dcb0dba69449195e19b72ff989666b366f03166dd47cf4c7bf72dba3048fa34329ba86bbbf32934a0992d72c463fffee94653379d23b8bb4dff03fd86cfc971a2f7cdb90589bbbcb28":"f58a5bb77f4488ee60dd85ca66fad59a":"":"2e2760c649f17c1b4ba92b1fc9b78d149a9fc831f0d0fe4125cbfc70d52047f32a7f25c716533d199af77ed05e259cc31d551187dbc2e7d9e853d5f65ab8a48840f22391072cbe29e8529cd11740f27d11513c68ad41f4acc6fb363428930fe3d7c0e698387594156e6cc789d432817c788480f3b31326fa5f034e51d2af8c44":32:"6ced7aac":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"034c805b5e83b59ad9d6a65ade3940a9":"efbec09f8189404f3dbe569d3bab9b8bfabde419fc80abb3b21a07a5fe42326d23d022406981abd558e94f4debf38f2c34c3c315cb1ae1d5f2d48eae1335b50af9dd05b60aee724edb7d4e12703d5ec8873c55e3a3d6d8d5e4daddd5240fa3ec2d1f32442ce32cde66dfac77ed213207dc4838ca9782beb9a98d6dc52838831b":"b0c19448b9f2a818fd21ba6489c34fb0":"":"a45ba5836011fc65882ba8b1d6bf7b08b17f26b9cd971eece86fbb6aac5cdfd42790a7c7390099b10dee98cb8e4bd8b3ccb3ca5d0b9d02f759431de640ad7f5dffb919a8aaa74695f94df8eff4c7cb242d643c55d6f9c8323006f3be595aa8cdbfb0d9260ad2473b244ca65a5df53d2edd69f47df608e22a68b05623150b5665":32:"43e20e94":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f3bad89e79691ae72f53964b928a09f3":"01913e4ef10226d80c5026ba9243fa41edaf5f5c232d17c034db4c0c8369f48d89a1d58b3b2dda496506c30457365bdd76710173a97022d647276a4a8ac73f0e9e211cfd7d64849409ef61cce618675eaffe88b3f14496e5eb013c0f8a122dbf16f2c675edf7f813abe9c56101e570e208e651fd956e710dc09f13ebd22b81ab":"aabf77116a75046e7ecc51a468aa21fe":"":"f7453670604ff6287ebdaa35705cf7553410452fdb1129a7fcae92565a4217b0d2927da21f3d1b2bd5ae9b7d4dcc1698fb97fc8b6622ddc04299fdebaba7f7090917776b86b2af4031fe04fa1b62987fa9ec78fbbc2badc3a31449be3a858ac7f277d331b77c0e9b12240bd98488a131dbd275b6a0ce9830ff7301d51921ba85":32:"15852690":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"839664bb6c352e64714254e4d590fb28":"752c7e877663d10f90e5c96cce2686f4aa846a12272a0aba399e860f2838827c7c718365e704084fbe1e68adb27ad18e993c800da2e05bcaf44b651944bde766e7b3ac22f068b525dd0b80b490b3498d7b7199f60faf69fee338087f7a752fb52147034de8922a3ed73b512d9c741f7bac1206e9b0871a970271f50688038ab7":"5482db71d85039076a541aaba287e7f7":"4d75a10ff29414c74d945da046ed45dc02783da28c1ee58b59cbc6f953dd09788b6d513f7366be523e6c2d877c36795942690ce9543050f7ab6f6f647d262360994f7f892e9f59941a8d440619fda8aa20350be14c13d7924c0451c1489da9a0cafd759c3798776245170ad88dbceb3cacde6ba122b656601ccb726e99d54115":"c7ee1c32f8bc0181b53ce57f116e863481db6f21666ba3fa19bd99ce83eee2d573388a0459dfede92e701982a9cc93d697f313062dbea9866526f1d720a128ab97452a35f458637116f7d9294ffc76079539061dfeff9642a049db53d89f2480a6d74a05ff25d46d7048cc16d43f7888b5aff9957b5dc828973afccff63bd42a":128:"63c8aa731a60076725cd5f9973eeadb5":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5f2af1b14ca9598c341785189ac6e085":"790bc975865f44e3a1534e978e90b064530321a2280a9172dc7f3451773b01d4a56c1857ad0474350b945e4f34cd677c22ca89445a564b47a8526d31d18160c35d2be1e89428c3593b53877cea0d88d85b2a7ed0552e39a0e96e35ae0384a5d7868243045dcbfc245a3eb3ff99f4dd86c0a314f68d1971e773caf9c168b0aa0b":"bbf23307ad2718398b2791c16f69cc45":"26b160695de2ba40afca6bd93f1c2895f92ca9108847a8ab71ad35cac9f9c9f537ef196c5d41b10e3777c9a02ad3c73cd299a85f60e5d02794c3be2643c3e63f105b94d32cb4e3eb131d3f487fa5d1de1a4ad80cad742704ed5c19a7cf4e55531fa0f4e40a4e3808fb4875b4b5feaf576c46a03013625f04331806149e0f6057":"52c373a15e1bf86edfb4242049f186029b458e156da500ce7a8fc7a5fd8a526191ac33e6b4b79b36fda160570e2b67d0402a09b03f46c9b17317a04a4b9fbe2ddcfc128bd0e01b0be3fe23e51b69c28bcf8725b8e4208aefb1cf34fe91a2bb6d5bef7b936bec624a8f38c9cd4ac51a0187635138d55da1fb1791adfbf8459d3f":128:"db3bbdf556c9c1be9b750a208fe55c37":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"02980dff205bfa5b18037486618e1fbd":"f037ae281e45c50c9fa875f0ec9eb43251d3ae1b6acde27cb5edda7a4e384f50301a68bb6f4caf426adb31457c5eeaa789edc84fd902cb82e00dccbebe272d90cf690ca82ee748885f02daf377970e985d55994fa668fc5e3e06763e6829059fe0c3eb67033b3f5223cd4bb654484c57370d2b856d7117e32ead3d179064315b":"27354e68a004b255a380d8480dc9b19e":"37eed8620136842938ee3c3c08311d1298d3fd3f0456c056e0851a75d844fe6c61aeb2191c024ffce38686c09ab456f0ec26bd76f935d747002af9b47648502713301d5632c2e0d599b95d5543ac1206170ee6c7b365729c4d04ea042f04363857f9b8ea34e54df89e98fef0df3e67eaf241ed7ebbc7d02931934c14bb7a71ad":"f8090d0a96fc99acb8f82bbbe58343fe227d3f43fceece5492036b51ac2fa6db4bf8c98bf28b40132b1ab46517d488b147e12ceb5e6b269bb476a648d8a1133d5e97d4f4fbdfa3866a04948851cfb664f3432de223f3333248a1affa671096708ce6e2c9b4f8e79d44c504ff3cd74e8dffd4ddff490bcba3abffbade0a4e209d":128:"b5762b41241cbee4557f4be6d14d55d4":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1fc9bcc5aee350f1ef160346b642cc20":"e0fb08cf7dc901bf698385a38e1a81acd4118f083e52aa52e1ded16ab1e840cc49fa1ead3292ce21096cc75c89dc3701102b0982fd3a6bfa55a7799e579aa7336edf365574a904bad924ec080b093a604994db4dcd8323d7d39c3c35750b0741b170481539d22551871d6a0e2ea17e4bebe8ce19ec3bc3bf4f6edae9cd7ab123":"910a81a5211ce0f542f1183c08ba96a7":"2dcf7492c4539d6abc3d259ba5970033ebc2e7ddfa1af8be11f81b459d7477f310be2171290bec2f2ae2cc51266f46e98c878dd2444afefdbdb73a417518f5fd4c116547bf442fa9a8cb2300c5ff563117b2641dcd65018081e62a7ce5c4d822563824e5eafea90cbceee788ed44e6c4f23fe8926603a15adfdb556f11a0be9a":"514d27f8413d7ed59d96c14e7e74b9f3d4518486876c469b369f8c5734145f4aa52506c8f832d4811e5f981caadedcf09875033c5b28a00f35605d773c7f9e1af7f0c795e3df1fa9b5a524f1f753836c1e2dc9edf1602d37ac120f3d8a5c093a5285dbe93957643a65f22995a2782bb455d23318f01bd18ae0d0813b01d233e5":120:"feb7a25a68b5f68000cf6245056a1f":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9cf329dc10bcebb484424c77eb785aa2":"92728a696b07704fb1deb648c5036a1c8602b4006fb2fd2d401c4b6692e252c7f66918078542cc0b1a97486964276d6e6c77bbb88a9fff0285aef70783d9f2be3b7b22f8a8c02771492150122fe022722bf64263f5d2406884108d8d608273bc02a9127fe4dbcb321ac44a7d2090cff7017d59d73ecf927b8b05968675a63ca0":"a430b979168f5df5ba21962d1bd6dd15":"4d94b7650297c66b43210c84e6e7b09385117ed8fb91adf643b2339f39a5d8dd0b0d75a793e2a669e42c5ddb0873714e01cb65da9eb73fd976a49ae9a4762bcbc06be5052f750d110a407764280b510da5fd0fdce969f86ea6bf52ad4fd9e2d81ec5cb84af0a1d406504a34c51c751daebb4421fe1994bf6db642e64bd471d9a":"c13dbfc60b34d75f8a84db1f6aa946dbfc19479d63900450389756cd1ada8f6d2d0776607f7053db6bfa6752c4b8456f0ace314ff3fd4890d6093a4a5d47dd8fbf902e3e3000f5e02ba93a00985f29ad651cb697cc061d8f3cc74e6d8d0743a1988947c9dc2305e2b7c5a78b29400d736acc238131700af38e72d8c98ba007eb":120:"82f1dd58425eb9821fcf67a6b35206":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cf43ff6a1ef35c37862ae3b87171a173":"a1e670b3fd62039cf29edb61b26555bcd0f9184be4593bf6b20ceab263bdc76cdef34992fe0ce4d43bd93bd979b78bb252c120fbaafe4947fc0ec05cce4358a5089a841c7476b0ebfca6476e690cb9ee0b73c6700aa82aa8f4050f2c98500052a2d3274b30b0be67549d756efd163c4369b6df0236d608bfbecd784467db2488":"6c56540b3a9595f3c43f5595ace926bc":"5c0bc6e44362299642f3756acf09878bb05549eb6cd6c4942d39fe586ceac228d2aa9c92f8393e5017e73ee41002e60aa8b993c48a7638ce2ae0ae0eaa536bd749b07a8672fc620a5110af61232b6a3d527b36c86637cc1fa92c84008465fd861920884d8a784e194ec52fcbb767a68ca6fabb64ab0a0d680963140d5cfd9421":"8ad36522e4ad47d4a54c5eae0a8b9ff4911aa5b9b13b88b00488a7b678f63cf85945b8d4998d1007e27529b56f50b9e3b373bb6fd861a990514743b9707d535b40d1bdbc3f58a63b8ca30dd7934ee98ec3325d80afaa37e38b4e82d8851166589027d91347727b314e02ed08a7846e29fcd0c764834d12429d9f568b312081f3":120:"f5bf21d5eadeebdef3104d39362b85":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a0ec7b0052541d9e9c091fb7fc481409":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":112:"4365847fe0b7b7fbed325953df34":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f9ba053776afb01d15915e7f82a04f21":"fb59858421ffbf43d09415a77320cc9250df861e4414817e7b78cab918fa890ea0400d4237f7ebf522d97318ea79f9979a73970296827a1a9690a039e6c605a0a3efc0077156e1b15f14d88685833e09f6cd6f783d0f50579de7a30907b9d8efc4c650ec57dbf7b425ffaf9a900ec91087d470409da4d67cae7328c15a5db1fb":"df26b109244f5a808f3ea7137f2f49fa":"b21c8101ac96c41bad2925b9b6c863f54888f36e4995820ebd51f53e323e46f528d91f4318183be0282312ccde8da075fc2e82041cb41a79e9933012a4cb6e9f89717444bc734da3b7e40e903e58dd0f38bcb115684227ec533c09a93c89c2c2584bbac83a4648f82b4c9207f43b61e5ec470602076ed4731756c87d4e0e24af":"2c306fc60bff58308f2b9f08d52369e87119d7f6de2279fcdea0c46c901c8dc5b4f83578b17a00786014a17d3e380e1af4b9f32fa58b9ac763bdf86ff0c6084afe413a5dcb7617f94d76e59e370eae4829e69bcb70f10545b04ed5fd137e1159f3961b2c01089ebbe2f16a91c782d4f383fbd4d61b66138319b63d79ce9fdec3":112:"d6db5aa539a6e2e70885508d637d":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fbbc406a669b94374c7970f2ac10c91c":"a9f334d1ae7d2960f39da4f1df85830d27c0f13fa0bd23d607ace4cf58b359584120e7c90d3062b1b23b1a9e85a740c9063ff80423b5846257e4426c174e8cd77a3dbcfe12970ebddaaa00a8ffb554b2a80decc81f9917f5a1369e8bf7288ed868457993f480d8aff0b92b3db2fda233e32fabec1a4514715364d4f70f98d62c":"46152f5a68c03dbe2f28e69f5b52e2fc":"1052f8b2d3e11da53ba9efe02ce985098d171dff9b98cbc2f6755fd88214ddb8660225a63a1c8bcaf43ff3930e239824ae8e122068b89d7fe73c658ce030cb51dae9836aafb68fad77b1cb5bff8d7d9c920ec449181e10ea643cc73abb9620dbdfa32e06c29cfbd8c7cb8b1103763616ae6f9b19c4a6e1eed88c3971c4778c2b":"7b16424c508da3fed14bb53462d1805f0f9d09f803d4e166fdadbac76f9fc566665554317431642f6e527123ea6c1c0ddcf45005213b0f2747321fa112d7b893cdcf4c1a59e8bd1c48b7d77881c6d79de3d850bce449969305797196d187196d0d81dc3423295f552d3c27d6d70e42c9a1a744a039181e733450c9985c94ae94":112:"b51dca8e00988af0987860a663ad":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe96eab10ff48c7942025422583d0377":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f":104:"6bac793bdc2190a195122c9854":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f2956384a65f9627dccf5126141c7bca":"89dfd185bc33adbea0c69b55d37087de3fa7fd69a9fa76aa1568ac363c5f212ae92d202b9338ef397266dd8bd1ef36cab6d1368feafec69a4e3e11e1bf1beba35d96e040d91e9d3a838966bae62a15b18d621f33efd9ec511de4bd287c722cd39b4ba43e7a6f8c8ab672d69eac6b21a8d3544ab1d64f9de31956b93b1104431e":"2f61f76bcf074a3d02f51816c0411052":"bde1508823be7984d5921db4cab1ed3017c0d73cb9bff9874f39a6f5bc449719c1c43d8fb4e76f6813b0985d4b124517f9e4e2d3c552b2f75876563c93a44c18fb6523ee732ea5b6d13417db45120653df3820a32ebdb42d544768461b1d0b55b46b09f688e47240880930fca7097ddfae35f854891e21891dbad13f661a2534":"023a9c3ab3ed0181ec8926e4bfbc0fa63e38ec8980eabd2ed75e29b681b3ec04cc8b27fad3a7ce6dc1efd680479a78f02de7ba92f45dc03de02852a2e67b35bb1dd154568df7acf59081dfc05aca02c0aa9f3f7b4fd4dbdb671b1b973a48af0c325a23467ba5cb59183540f6edf4c00376be39a3a672feb9e795d1bda96f0017":104:"613eeca3decbe09e977e0beeda":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2e9bb30ea25f50b3e7711fac05f9d44a":"17a52f4faa608dc9853d4511feb3dd9d2fb92d7a3deb3f8a7a6df3fa2a909b7db30babef12d9da71aadfad16bfd2bcb5706ef2addc58eeb8d8d13f31326f7ab1d0aabfe5525014f05cd8fb80e1ecb0654e62078440157df66f618f078cdf2b322b0f8878bcd924609c33e42059aa69fe0ddca659aea42ab907b483aa55aacc63":"9668e8b1ce9623ad52468431dfbed632":"f776c6e892e373ec86ccf706704d47cd89fa45c2abdeb0f9f6f32cde88c22f001150cc66f0fd83e9b75b97bceb98913cf143cd8a68bf06e1125031e3e7f09dfefbcaef4f04d7bf28aca1992a7e4228fd4017a5b32fc48101c8f5a609eaee9489d02200e8a13efeda60b57df53ccf2fe26309a1c1e1d40db6eb8431dbfe8d43ea":"407171db1dfb7ff20d5c97407375574220534ef75ba18dc616400e5e967e72db23783a6eb9506b611d0c67a83f5c423380ceae66d5dcdffc31e31239357b91794018e9c4c36c286f7b17ee911136d9cacf564baf5f9b9831779375e63aaade8734a91bd4000e53e5e412b3f92f8b68e0b7ad3bf6f274744e2c5a635894bf918e":104:"2741ebc33a4d4c156c21385a23":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"aa705ee70297e9212f70585d92f42aa4":"5e4b47d986d55f49708cb3e4d27072a7e850936b27b24723856acec7b2e03caccd98c2a002a2dd1d3f4dad8827a5910b42986cb00be7bff47eb401be5f324cd2cd3ea2fa41f4ef61f9771a4c0184d85d6023f37f3f54bb9d7cd621fe36ce11a82678a0754a33049106be597c53f287692ac5a42e59f09a2a117fad6c034a91b9":"89822c9db69229d1e4880afd19965908":"fdd655584a92e29a14a368f28a73f9dc608e5c2ffd308d4aeff7326bbef5ea58f84620c9ad43c0b598c271527ae60dae6db4ffd3f590e503ae7057d8c48e9b1bd8f8a8832629bbfc1391b954a4fcee77d40096eb5dcec5e0439375ed455378d716ee8f8b04ccde3291e580068dd7dbef4ba3685b51940471f24859f8e93b659b":"0f34bb4e2a4016ba41eb23e7688edd455f2d46a5097236d9a124ae0bd47349876319976aa4c3aa41680a63cea85f433e3a1b4376f79d004710d486a3fb5afbb7db2c41aca400e04f75ba91660bb68354029defeaae1853447f8fa0d470b25371da73c9e8ee841ba95fc273f88c2e4604ff29a131a7d73e60a00340e886df5359":96:"a247e88acbd4e354d7c8a80d":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ddeec78a0c23e8c5c32d3d4f9830f927":"134fd6be1a934053a539398aeaf5d3aceda3ef722a6b3568af6958a4b1207f7e9b9e835cfd46a7f3d4faed829ad23554fc7c0d1a9b32bad9477d9dd397a259cfb0bea30268aba7b8cf4a35dbf99a6b2ca968649847f717749bc5f41374e1574ad6c357f7b60b0cffcb822bd3924208d0472a973ae97550b921338792ca88fde6":"ae428ebb974ccfbbdbcf6203105724f1":"e3d5ce768c688e881e72f036341b2d91947e02b7327eb53240c85b0b93a40eb0f3346817e2c9e126209b31b57633c4384f7af46846d9bbe6fd0d6babc57b84d0f5be2a8a7b146b38914a4cea70273d5461126cfd7527ab397510176e790300a06066655907d499bded79f5bb39f6fdb03f85a415c2cc2ad1f25078f0da7df215":"865d6148c9820b67c08c17c9214de612ada6e24ed67933d13c3b3ec43637fa305673d8d52d15a195b27a6b2563682a9f98912908668e3335192b1daabf26e1e73d7d34764af006b0c14a0ffad3b6a0def59964b11eb52e829ad790069997931d09be88b8d60aef90e39dfcb0df4fd54b71597b8ac64670e703e7cb83efa3f2cb":96:"64b2458a6eaa6f12937a8643":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"829008339e983918b8d142091f84ee28":"6f30604d8c2fae216b1ed3d67485631eaada68fe89a7020d6e29f42b937e7640fc1f23c00ba48bf239740f6468289ed211ba81e809cda55fe067bdfa198bf0461daf86d4a7969de9a629513809b358630ce7eb50a783b8c98ec1bd5e56cb47032ee8fc64a939dfc4a870ea9419b16178109f1966ab964da34debcf00cc49f57e":"dc62cf12b6d0439578b457e516d8205e":"e700cd917923b16c968712b2fdbf08be1b5c3b5d9e42cc45465549898daa07c44b4cd321ba16a38aeb6720e217a58428e3a4cc125920cb3fc92f039b66716543bab71b64ebedbb1e5e3e8fbbecff3385ab0ab16b7f6554b7fbb3b4c92307c654361f984d5a6cb69b8708684d90bb1fdfabc0cb59f42c2b3707b3755a8c7abf34":"adf60c4affb2ac76cce20cf9f302b909bfda1bedc60be21b53f65d0b81bff08f7e90ecaaf12ee1f9d921926b75e244b7e8357c1cfc26013a6d1c874ed2e5cd0cce012bbfff0dff85b372d92c18dce887c1651b6467f173a67ac8cea194a6c41e77842675f60cacfbc9c81597a08959d19af632d3c191bf69505620e4290bb040":96:"6209c09dd1b7ea85d02eb9fb":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4aec55c7e4bb36c32cb543b57cfba3fc":"4cf1443a5448fd09e09e91b7cc5f8e00f53f0b75a6b17db5ab9a721167de5f7bc5de1fb711accdafb7f3f1bf6b98393e5f09e9091e26d1340122edc91f7e60f62caa218f1927c8f0032be0752520aa650f6f1ddf40412c96d49dcc2287ee17834504f1dda3f4a723e2fce064f0b8dae0789ec455922a14488623e3ac10b6e312":"6669c3022e0820634a95efa2b5578e93":"f6ae9b1aaba18acb741c9fc64cfba3841f5127b1cda5cbcd48af5987428daa5782d2676bc3e2ef23936ec29a80d6b5310282b39b77181dc680799ac9c8125fc48afd185cba2ca8900bd9a0039787b4f3a6846f3edf5f7b921dec2608fd3df67600ae0aba9378da0015bd57d66d2999bf751806d1b89214332bac50f721ca9474":"720c32b0d454f086af36a32cc7274e2f2fe08db9cf1cefecc14b42b3e5c573aefa7e9e1ee0042eee21104dc3e4d19b012099280c5a53e40a0bf662d8295dde743143a28be7305729767a37cbdf08fb3c87667939a8ffe44c96ad272e30b75aafada2963bb9636f189c37d976ed1c458295fe85ed19662c463d7c8155e9f04115":64:"4b3343b627095f60":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8629e8064b3ba2b95bc20dd075f8e931":"85896de4b6454acf8568ccf95ab68a632330ce71ca8b4e7bfe26ad8d7e2e6b63f2032e2cd365999ffd24ece0df16904d749d06e829a291f3d07fccee27d9c6f3ff3a139d9e33f0660803de8fe79dc6ad291fad47c93543522a1c38e40697426a9855255e3e0abcb84d474ead15341c6b235ccd755e58fe6e87898d216d65abac":"dc4bcefe284cfc606f39b057b7df411b":"abfd0cb6fee8588aa68606b7e487bb9c0d2bd11205611a6f30a78d9ccf28e827cef4e966fa245e4b7b39533a4bd00176ce3c97858b0c8abdff4c548c835bf1962a6115c4ce7c05b1ce5aa29b412e816abc925b8cb998eb4b69c43a7dda1b3cf0d728072d42cb5a489db521698c5daffc3013537bbf622ef76a2e96089b7d4b96":"b295ca0d7707892fb08537f42d28a844f5877177f136b4620f69b05c83f43bf2e61323e80076c88660f5385060228bdb91d866686e691cc7e96fdaff41f2ca5f5b5d93ecec7bba82515a6e0bd604c99ef93d3ea013d899464558bc822bd765eb1ca2b8b8a7d961a6a316bf135c22d2ee552e62d8bbc5b60ca31bb53cde82fb5f":64:"d26cba11f68a5e1a":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4d901e59a491c86bf538f7b38247bb21":"4c370a9f316d25702195409d8e73bbfa40aa15c2b0ea55db9257a9ae4e8dccad14589718741a78e5a74c26a801857e388c9f141ef7df08bc01384b2b2338c38abce51d547056f4bbaf7484f9edc96df122e71f132b7bcb6484228c3ae2f741a2c8b9b208b6f49b07081334b93c501938808cdbd2e40cf95ae4f27a29e1121480":"39e2788c9697e82cae0e222a9e413d8f":"48d7d20e424df3c3efced29e860771647ae01312a96e68d33f982c540e74160a7fbdb623d4b19abb1871d74c6dadc56038954b154389b752bebc40cf4ee1505ec8d844e1a04dcae430befdb081cc84252e0840f5f5146ffe5b9594f856afc2edb33b3c6f9041c9631c5e3d812959c5504938635f72c6fe29a25bbf66a4ecd211":"262718671dd0e2c9a40b9d7297c7f6a26cd5fe4f301999a32059812719896d3a2f5350f6ec20d999fc80b8d7af5a421545b325de9180f14505f0c72250658a5014768fed63ab553de0fb01ab1368356043f6d1a6c9950c80e3d9d4637bbeea44c9d58a4148bb10974d507c62b67cc4e37eaebd7eb8e67077856cc5d1702f8e2d":64:"bd814b4584941681":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2f54229167862034ef6c5ff4a1246697":"af2c89d3600329779abfbcf5be8bb83c357d4d2435fc8f4c413b956b898d22a8a889db9e2ff5e7229d7495576989695a0b52d796f9a23e9570b7caec6b46059749c29a293d31a6224baaf73711bc0e4a587abe9d0379adec6de04ce444676dfd8672e6660cfc79d7ee2e7625ce57dd4681bad66aa29bea2baf936122c3db17e7":"8168ef8ef278c832fc0ec846bc9f62e9":"abb9ed24137915265bddbd4b63f1d02efa2a99c8c373f19077c7e1c389feae36a7af42c661b0adc5dc8e4b5520d334e8e0e112d42c2977fa23485c0a85aef83f1e52d6749bd29cbebe14aea6ee1c1098aa96c6360b0192894bb2001c7c0fed7f00bb84953c23bfdda00818d1568fb94c1bd971982d6c01c12a35ef7af34f947f":"cd6dede25433fd3da6137001219b57aa54bdf6039a5a8d66138171b006194fe3e13d484e5cf57a1acdaa8e76f001df7bf41cbed2c5561a37a32113fa116d0918167c29dd9e7d46f7c18d9db33d7f1bc33ac21d159ddec57a2e158f0c0993c16dbf50582371100a8d7c55cd47c03473c5770ad562240f754c99d95ec593dca284":32:"4ab63349":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b7b52fe74c5c3266edf731578d28a72e":"01a4b7da57c0f7d9aea51283004b23f899669dccd6dbaec9cd6e747c7adb52432c7c29d1411ec1df4e5e33311ad84218075dabe17f73c95511ce7950f08b618feff56bd452b33455a1a03caa8371dc7fb9aebedb3cb652d94e06bd00a98bb06d30b506d41cb516c759f6d7f793472e6d6dc9ae50cf3dc8b1ad3d0517c4f555a3":"a005750e9f8c68ae238668f0a8f015ba":"805cf3635f9d84c7608c242ee23a4837dd3f260de9afd6166b08164a0256200be9b52e5259a4a54186ec067ddfad90f5c4f92afd1c7e4f2d8443312ba3c4818b664439a02644e55467045071aa2cc7939a940e89cc52c8a53623bc6473bf843a4e0f00149b2ce1543a6540aa0d9c2c5b68ba2bd5791078deed1de3b5f48257c5":"d6124da0896d99fc7f2c3688fbca164f8fecd75b6260162c4dc2d2773ce75cf41a8c7a57998e0a7e49cc71e5ad6a04c7415f8d4fd11f1035d3a02ed744345d74ebc9c4f202f65bfa88d55c747fe777225e218f2149da22b53e6584823dbda42cc2dda56fc72b753f3923c443eb5c656515dd824d8c08cc78152226ed8c1808db":32:"60d86287":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7a3501d9fbb86ab80f5faeaf8876b7c1":"4f0dfbd2aeab70c80814a1f261a1fe442eacff5d267fd0c0f93757919810f6610113f1b442270afcc47f2fa01ab01797683ec9267691a0dec45033c57f5cbdfcafdf154fc99e6140176eea92503b3f6fee5dfa5aad05f802e08a08f10e49a8b32a50c028f2bc7aa451be3747d10b96b3a1105c67c5167eccdc18b4a9b0612d03":"6d59be1833e75ce7f54ddc91ad6f5187":"3e556b1b33c42f1ad6cca67dabc6ff79d6cb667527335858e26cb4f6a3d8503ec415968ba97d2d79a3f80c1a10d75174eb5294cce8b89224eba7dfb258fb17cb5c5db7a914ace06e94cd2f2cafe3febc8adc4c2264afa2db2c6356e4c3e8667393a77a0afc36be678d5c0a4b63ae82d9922bbbc60559f331ece9947b67469469":"615ea4535f1e579d7aa45c011018f272c2e234c3ea9e2d102cfaa4a437c41e64bdef7a211ea4d858bdb656215e600911435ef9c8da68e8239e4782ced7e7add063f33f5bc62b85d9ae44ed1b139580118c5fc054ead08257b0a97632e8c503c6219294af423f0deb36758e05857ebb05c6835972488306ebfedd2ca4ce3b2c48":32:"74c6bf0e":0 AES-GCM NIST Validation (AES-128,128,0,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"195ddad2b0da195ea54a9dad0f86c161":"":"265ab1995fac4fca7c2b26c84e4a2dbc":"":"":128:"930f719034b76c232619ef2792fe6e65":0 AES-GCM NIST Validation (AES-128,128,0,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"12be48e90c849063637b1c2ab0f2b467":"":"0020c3dff2f6f3acaaae982ce38f63c3":"":"":128:"c8891f32b8015024ca42536d633b1863":0 AES-GCM NIST Validation (AES-128,128,0,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8e792fc91675d5efd4d80d5a06378d24":"":"15ad63b969f8e313eac3c717ff9a994d":"":"":128:"de9a04b030954b0141dd78ffc67323d6":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a668cfd45b6ef8b766a4bb187d0824d1":"":"a111e94a6426ad9b4362132052eadf4a":"":"":120:"3a3331e6a41cada2cca8e856135549":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f36e07f2689832b914e0b817010c528c":"":"654104f9d16348231e6ba6fd30c1f02c":"":"":120:"be897583bae073f42138d64e622c35":0 AES-GCM NIST Validation (AES-128,128,0,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"25d839a709d98ef9c0c9e78ece961eba":"":"b64537609040790ff648d51406710b9a":"":"":120:"4d5854c69cc973be8de41d5584407c":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"957dd619f9f19445c374ceda9e9ac082":"":"34887be03b4d4ca8ea2261b600ab0b0e":"":"":112:"60e2d50adff707d8b279bdedb277":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a5c9a2dcaf576e67828e806082d8e780":"":"f93732aac9448c4a427e634089d7edcc":"":"":112:"f67ed1c98bd2c5f3a738e75f15ac":0 AES-GCM NIST Validation (AES-128,128,0,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0a30a816e8d4d85d40c8e4d7c93b777e":"":"bf1f332aa19682d05cf95f2b03d26af9":"":"":112:"acfb2f7884bc496f3089e50dbf42":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b45a16bba5fba362704149dc56ba8a13":"":"64cca850412091bf4e120ccd612df353":"":"":104:"7b1adc23af9be185e5ae0b0f0e":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0cbcbc1c72aa90e3ea7e2fe328d79723":"":"2fc5fd964b45082546636ae1e208a937":"":"":104:"fe091a768c731e54e2237bfdc4":0 AES-GCM NIST Validation (AES-128,128,0,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"94297a1ad3f0c333cd9b087b1efd43c0":"":"52ec9dc82131d7b1c69c01fed6aada10":"":"":104:"5c927dda855b76ab8fc077203b":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1e8cf32008bdf867f0ff76e7d7ec21bd":"":"3854b7412de72fefcc4b0c2155f6910e":"":"":96:"cc8e7eccc056b06cffc307e0":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2ce1a9bd93fdde2adfd8c2c16a395b95":"":"64072313ed36eef8209f079fa622d7f0":"":"":96:"cd9e8ffc1423270015bf8e8b":0 AES-GCM NIST Validation (AES-128,128,0,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b15354ad3d874fe472719ebccd45f123":"":"1b2013153290edef60a6a438bd7517de":"":"":96:"f65a841ed510becf52b1eae7":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"14ef129784776647eb3fb8897915ab9e":"":"f7bbe9f699156549935f2b92c1dda163":"":"":64:"dd10fa64fd51231d":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5d4470053c46a577bba7000075e9bf2c":"":"854b768fdd7492c21618ca716bc8790d":"":"":64:"1f3c73722006023a":0 AES-GCM NIST Validation (AES-128,128,0,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ea87d675a0d406c57f78a2531bfc0c9a":"":"0907503fcb06ee384526f7206180a080":"":"":64:"65d5466392b63bf6":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d3e8e27568e6e17ff807cc207e5d4eea":"":"18e51cdfb4a3a5ebc7b0d7b17727aa95":"":"":32:"a7e3f637":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"596a602164b1a0bb50ef91bce3a98796":"":"2025e72bd6a511980a8ddce34565d16a":"":"":32:"f84f92de":0 AES-GCM NIST Validation (AES-128,128,0,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"32ea8970a8cb70d6ffb3972a146c6984":"":"":32:"eef4b97a":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"869ce65e5e5e12c620076365f149784f":"":"317bf07e83c2e9717880b7d080957fe1":"ee185d738260de67f1792a7d548ea73267fbbb6543bc081fac43e00e6cca92d7d646f27054894664ffdcbe635e34cfa800912b59fdaa624b36c44c9ff4f193d3be2f97a7820a6d4ceabe967091ef672098baf82dd3b671cac4fd4f4b14e4ee388fbdaafb4dab2385df4fca23a78d31f11bca15eedd7cac778484258778106a07":"":128:"add6c89153c4c0eead03df44487742a0":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0a05baee927bf23dd2f4b57b90fb6434":"":"8147e99dc9e462efea9c1d7f30bdf45c":"6424ca7fbf24c6c3b0b5eb9d769b26a9792c96a8585dc596208ae6cfc0b265bd8d26af31027f278bb92a9e3b365beae8d964ec7a4096513f84fa73f8739fa7e11d54d678bed19546d2b71b3d0166b25b47ad7cfa69d74057d889258a796a65f2bf8d3bb151f4e721d398e74594a186e6182c16fe4c8813dfec67215b3c4a94c0":"":128:"05fac5520a99ad7fb407c48995a2c331":0 AES-GCM NIST Validation (AES-128,128,0,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e28c435211743a7872e4a0bd7602336a":"":"2ddbee94fcbfacea080ded468f67180c":"63190ef542656cc2b69a9b0daf8dbd2d38cd75f17b92d6d891c17b0337ad4fe4539d9154722fa430782a1d79620e974661918166e39c453c5a98759a13d2766138c7750e6cbdc7b6d7cbe44f3f4de7bb562d9bce6e6e2e815444842b89ba8b73454218c483e574ca886a84e8c9aa6f56dd1541a7e35a4a5b8f6a05ad5bb013e9":"":128:"2ce6d74cda466354a736636bf18acfc0":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2b2bec16c7d326a35a8e4c0b8c2e3674":"":"4573eb54491ed91bfa2185b762115bc8":"7a4a6b3114dabc50b201472c5cb13a79430f78eedb2ba8492c01ce10a74d08565b9bf9874bb8fb72f694a23babdd08684cb68d7e09e65813728aaa5c41f9c2b10d921f8271e200e0c519c7c46f572bc9fe3f27e13d1e6d7bda4bd66c1c4b0fec8c68a1b0ed7b0659009dc894ad55e0712ddd0837315734f2bc3b757241af35ba":"":120:"5f5d4695795b8580b0bc414a81b002":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"886fb12554b075dd9663efd076acbe56":"":"7e7a73542868fc27a01865c3aa635ad5":"cb25c2f029c7a877a0aa565c7f7347b317ad534821edeeea838996dfc42b13787e5bb237525ac926ca8a6c5078210f4a27863e8114c728d09653fa93ae990e99f0c856bc8097c2cd33cdca1a407897e2f495d2e75356aabd891702f25ff20e6b6c8a785d74b78a734e311fd236f9e970202674004ee4151879d59340b20aa23b":"":120:"8255116ee1e3cf936633017c4dec3a":0 AES-GCM NIST Validation (AES-128,128,0,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"920fdf4b39c63947d57a07eabbf3f2f5":"":"77431ebaad53e42ca7eead0d45e5bd18":"11f82f9ef7c2161ba73cf7da82c5397da5e8278da180a976f43222402e983b057171f793641a8343d6366d6cc9260dfe8becb8396b5bcfa0f46908bd809bdab61126cbb8d63f601965fb9e4b3afd66c594dfd394d4cf06f79f361771a85dcead6f45dc7df10fa434736eb109a76fe6cda32c5773d4db6449494f2a3f6c884bfe":"":120:"1291cbea1a9f8b166c7306ff9eb281":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"114060534f526895f30dfb4007356ea7":"":"5ed7fb59618ec3d081e60d8259a3f184":"a56566a98d9d4fdcebc932adc405e0b8190d537f931983168283d0431e7589333d42f2a3d6e41f268e7b566cf48694cdcfe01fbb9198804ad39e7d387039575c5de787610a23ec265505a448c3a64ddac1b0d8c567eefe5c3c2dc1bb15af45b4bd8fc2e1506ddeb2e39e04f72fd24a64cbbbc929800e0687b53eb89b3049f271":"":112:"62f770b3985388ac37e14e8d4696":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"697ca4e9de580b525d7149e8b69e8093":"":"e844153734eaebd86983aa3bf50068df":"cedcd5ffeb7988837c38a0be4234ab1b03f14367a1a3854b6dc9f33eb9a87c411326e5cb7d12dc730cb6f363da2ba68affdfb651fe497942e0dd59668f56c23dae80b7bbf905d36b501ff037fcdffa472efa4bcc1c975b67e5d7f348db73e0ce648b44ecc5b5bbbdf3101bf32ea99e3c8e8991c94fa609c93d4b375a4389023b":"":112:"95becb04cd39c868c9dbd1d4e59b":0 AES-GCM NIST Validation (AES-128,128,0,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2fa92cc97ef469efeb2c25838193435a":"":"07e6492f2377c04a85045d24940fbe8f":"0f021fb787c6de2be054bdb2741aef82ce35d951de2986c86c3dac77ee0804dfbd010d33a5dcc109769d4b8ff1471eb98fe917c7b0b374e80539f2f4432f92aa55d8398a71510c2acf85c54975fb09ff5638b936283efa3c1d3b054865f97685d6bfa0dfcffde3a20525b5324573b69dde230ea87c685e4f6b5c3c4c55828a86":"":112:"397b2b0dad7f1926bfc25a3ba0ca":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a61f8a5777ec3da0c3e257d421286696":"":"14894cc4ff71e249f0053bbc1680331f":"9df46dde257054160854248e70625183bf957ecec36fa4f5a79a1650e04b500f7f2fab4bb873f0e813f0d6b17610bde0de95427a8e2d1293dcdde053f5b1a5a81af25d553289e89e77e4ad7d0a1190151724730149050bd021ec61a08ce2271390161c752df8b5f61c33ee39366de4c1db41d085ab9dd88e170e8c41c571e2cf":"":104:"e062ab7984221ed226be353731":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"aa2d04f4f5258c6363b1210c91aff7d1":"":"6b24c03273dcfd508cead2df0c65ef2d":"81a1b326f8f22bfecdf1f386bf8fe678a427e3886801b823a37860b9a832356724b1d352d6250cf8e8f89d0bf2314fd11464c3b4871478f0bc290ee1096c8f6cb5484176d70762289b44309d6a88e4750185abf30901bcf8d952da9abaaf9807c0c0ee8be2b247dbbfd182b83f9bfa67ca3bf448c3f5a3de3c31b058c3f944a9":"":104:"80dee09fed5183d6405beeb268":0 AES-GCM NIST Validation (AES-128,128,0,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cf221e6cade9f6cf509afa6979cc1fb9":"":"d35433be41a259dfaf58aac1d82af462":"b31c477490e5624c4aac8e590725bfa8b3efca618e2369e9b980d6a463a014d55aa8317a9e70ce6de7c574cd15242cf4eb3eb078cd2f49fd82d1a56c6c4241342e62a2e9d94f0aaa024055cb441d650f0a6ecabfe9ef563d6bd87d4cb1bed348aee42487c13b73e52fb70f0ca6ed81924fd519806e04babfd08df1a00191caa1":"":104:"f1776b1ee7a3c49f99f34f582d":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c98eb634c7caf52d3f3d9f344e141988":"":"a0e58176826910a69c2d68ae1c6a05c0":"6e559278bc469cc670c4d9105c3c2f8fa308e11b4a60f75664a9bfaff4f0176175ddd3c6c17ff91a208dbbc7c49efff099fa873f60849ffaa3a3003419cadaa06b92a678b80bf6c952bbbe596dd0a2eed35507c55c48a9e6131bcbda0621cff87e02be5d082944f2c8e27211527717272839601b0e26cb5aa2301afd05ae1b35":"":96:"3d8617b2db536ba7d367013c":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c5018f4a8e2a850979b006d0498dd0fe":"":"75e4bebdd170159cff59f895ebdeb118":"25ed2831fef205690381c73e925ef7ba20d5f2e3a4b5d7beabd749fafa08a6941acb1385aed977ea824322d378649f646a812e6c87ded6ae437c68ffdd4fae937a8498ae825d7523746730af84d56380be8f575c60e7f836a862343916e98cc2aa5a27cd63cd92df63b8bb47c81fa6a53740a125bb9cbb247c916363e60f5f65":"":96:"0aa5aced93e0237bea9a0015":0 AES-GCM NIST Validation (AES-128,128,0,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cefd40aeac28fbea6e3343a125fe1c9a":"":"324b9722166edc3831bd19c1db5bfbf2":"72b7a4289bf7f5a752665839adde8f79644424839db059ce40de326414c09691d5c7071e43722104a94e430e263bc974b98f167c50b97490bcd4286b502f607ddcec5387695463154bd9598ce8ffb6104d1f7010bc196ea2dcbfbf452d6257b1da00271fe1e6fb56c43656d5570b965e0369502443536cc46d4c05b1e863ed8f":"":96:"0c6b28de22e02fe6a4595d5f":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"58cb7cb58518ff3fecea4b44ad9fdef1":"":"fe619efb1c9502c03cb8a70792f9e046":"1a7c444a84267f52c36f3c09f8c4a88b6ffe3309b8edaad93a08d3961af28b7c2baba5165f0a9efe13fa6a0ac595da156741dc7f728c11edbd8ab02f03e45716be504778a75374ee882af488bfbc6cdd58fd81d3ac5f369f85ba42c6fd7f9df4b25fdd2fd32607ea800047e06058388c4f71a5eb4d825e8578106041c84c25a1":"":64:"8243f32002d33cdd":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"15cc4cb979a343f4adfb821d6f6e9c66":"":"68464e7eb64360c7c0a8540ac3473513":"d69f4a9595a48a50ec33ac1848df3d994eff838b28ea7c8b2c42876dadd60a3f9769bd4f61d8007c9dd4fde55edcec8f5ac3bf23b1a958fa714dd88cd5261edb69b7b086ef0f442179943f0871a6253aae99d31fdca448bc3efef353b5cc55cfc576e4a7fb73a5ab6b5af58dbd381bf7f9d69a5c2bfc902901fd485967b23bd9":"":64:"c0f4302d8276c3d3":0 AES-GCM NIST Validation (AES-128,128,0,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6398de910ff8f3acdc2217811a1da2a1":"":"fc69b21ec18195901ffa62260fa20454":"021f225240cc9a68c4886824d373f3a70fa32b3a926c78164642450287d269d39dbd49c8c71ce7b914f83e8b53bc61c6773f98318557b45f0cc2ef2539939df7a1e6765117f75631dc5640291d20e6402d22cd2e231f9c2c67cb24ab5d8a69933c49b89c9fb2ea57136a6bf1bffe8e04d8d6c813040215f051c654d93224edfc":"":64:"314d1a332d3c590b":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"382d86868ccd08d417d94f3b73729e09":"":"069069c377958235171437b34e0fce76":"049af372e34ef7a92d0d49cf2dd03052dabacf2982eae6a817e6146ad799971be239ef5810ec3f6cc6990e9641a7b696392ad3faee38bb50746c1e93913c02dbbcbc6bf54f0d062f176779b7c0dd5d7ec7752601c9812fa80508a78bbd26922bed4f64b1ff2a8340ce1c01e317e3526cd8218ac24af87b07f8792849f6479b8e":"":32:"ffa59fa2":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"21052b2fc7bc7a662aa9dc4b6a04f25d":"":"d7e5432def6a24d486a608e5c5c919a8":"1970ed40003bccabf7f3c57bbe5ba27e4254c1511413ed421cef3a6ffb9f0192987de83ae965478c3e9979637f8b3fa5d10d69b916f03fdc92ace7736f171660156d880114aefdcc164adb6f8c03940d9b43ce8881441b41cafee3351a56fcb632aa4b09ea81adea26fb0d8c6e1ae380df922a429ae1f5b82b38d9bda4323c51":"":32:"ff342f4b":0 AES-GCM NIST Validation (AES-128,128,0,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b6c53aa91a115db64653016375bd747e":"":"8163a4fd9c2c7010bc85c86177b194ab":"93cddd318b999262c7cde2838cb5c4d78f3eb1e78d305e5f808fa5613526d724e84a0188ff42a2c34bdf3b5fff70e82b3c30346e179fb3faf378bc4e207e335a44da53a5ae33770104b95397fb5acb746e6418d0dfc7368b035af53b470fc66bd0c210b68ce1b276820b621e919f044e5cff5ced7e07dbb8825bca6b4ddd8ee2":"":32:"50b8acce":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2251815f5bdfe1111c7f9ca246662f93":"2247e781763edb1349db2cda53e5853b726c697b34497761373c3b6a1c44939207e570e14ea94bd5f9bf9b79de9cafedeabc9241e9147453648071f2240e10488c6e3d7077750a6f7ede235d44c5a96392778ec51f8aeb1a17fabe9b6c95fbc479fff954a676813ad3d2f71c76b9d096a0527f2e1b151aa8972147582c0fd2bf":"58973280c2a7122ddfcb25eb33e7270c":"":"b202eb243338849600e2feba7f25a05fe98323bd7cb721ac49d5a8136422564391462439fd92caad95fc8cdcaa9a797e1df3ef6ba7af6c761ceaf8922436dd5c8b1b257f801c40914c1331deb274c58eed102fd5fa63161c697e63dc9dfe60bd83cea885d241983a7e5f0d6a8fd02762084d52bf88ec35f156934e53dffc0395":128:"c3701ce3284d08145ad8c6d48e4ced8c":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3199b70e7115c74e3aa3745c18fce8d1":"4fa0b090652d5a8dcd9b5f2ceaaa2dc87a40b30e2d59bdff09e1f204d1b90371de70935c385cf5b4d7e0c4e88661f418705370b901b97bf199b366e669bc727882d4aedf8171a8c39431f11af830358cd0d9e110da1a0cc6ef70efb255efdac1dc61e722a2d8b7fb4cd752c6350d558ae1ccd1c89f8ba44ab697df96681ee301":"808a019f7fb761e9701c0c4f1a1690e4":"":"8d5ed4146fb491db9456e92f753aa4f688a9bc276e6aebb782a0cdf7fe578d74ca3946fa7b7893eff6345e64251cb1b146442acb64041324e2847481fd4388b17f83206948e67c1e66b894d5d40ecac0bbe4db0c6f58b65a1f19f29429a9e76f78ef5dba0c94d88dfc06e6222a506f004d24cdb3fe26d6eb6e08e4fdf6289651":128:"908806d668451d849ba0268523eb0e4a":0 AES-GCM NIST Validation (AES-128,128,1024,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"63805cef84ca7fcf281b226c3ae37230":"543fd64d1454ef6c007ee96b3ff5d2e4b7f5d15c23e7548dfd1dfad4da7774b8795e817fab3be7fbf8e4d0d351a743ea793d9d01385a552f78ede054be079aebd1511013de2096456e9fc1b83457fa1240cd39c17440d4b55c4e390119a759055ac851a02ea481eb83e294922d35f687a56d801eed638d289350e141116ffba8":"1aa9e75d7854509a85d995ee482b8eca":"":"98db9e8e3ff23f09e585e5326f525e4f8350a1f233a0aebd60d5951583eaf5220f1690ee3607ba98cf8cc99a90efb7197835957f2bda918a32e528f55d548e3c83d65910b956634224cd5415ff0332c165d1241f7a93976649ebed2cc7e62addb76231bb738ee8a291b62365965392aeb72acc5f0fbd2f88f5613fcf44a1b074":128:"9b1baa0b318e1f6e953a9f90b21cd914":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2ec9245e8f567e1cc8795bbf72f2999b":"f266d0060d290339def5f6d8dbf7d120a4c645aa90470e168b4f35342a00b8c7b7230003657d377d8568d252765df142e97a9dbfb9711d9ccf396f3d51bd91673f129d58efd80ab83a0678303e29a0dbeb1fa9fdb7fbde586a17ace65e894374ec8da1ccd3e21851ab998534de46cb43b38e241edc04b5c571dfc0aa0074d4fa":"413628d9ff3e4067d840b0abc2cda0eb":"":"145d83092a269c8afea604e9192b8bb550b9bea85f842fcc4997c2b00c6f3ca46100e814e82389f27a69a12d29340c5827e607657a00fc72c4de30079e23760769e800ee4ce46957f82d61935d07d1c70dca836c19969dfd0fe0ea740a52e2d09b1c9aa137b5e8527756fb2c2298f8400949ba24a8351c1093626723a68a79f5":120:"ad174d1edc713c187a5859a390fff8":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b08df4acd253f9dd4abc52c4be488015":"82f665910d853fd2b775bf66a1707935443574c90483fc33ba02d6479fafd99c5f816bc58a1393a44fb32711fbeb0d6936efeb3580f147c3019e9f2e2ef48b202bdd369c277791bce524f3b22ceb74c664143c4b1da819b229a5b480aa954be110ca006615d9cff5a158342a47cb6d04fbb817ae4ddff6d4f86b74205799c9c0":"e1c27d35520ea527f9a2cd9b0f717841":"":"f5b0fcd812061be999901595b3547e70f7144cc9e0b0098262be4c440e8637af782f536f571534a658ad1fb44360d9c454d1000d6957f261401e09c0f19f5146ee5433e378423f9c94a90af2185d38cbe2940a459d8409d987d04a1f3e686c2b91d4fae1f3e3bdc5a30569838201b7d30c7320d7cbd787bfd6cd40e7e2d071a1":120:"fa31e58fa32d1208dd8a67fed44033":0 AES-GCM NIST Validation (AES-128,128,1024,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9c08d6efb167beb035f71554f64c12cd":"704f59d5202108b949170532ac1e78edb0e06fa323c1c69202d7d22dea4d7342199cebe949e980a21ff0fac282b868cc31ff4f6674c393c0f2cae2374664314afaf7791974b6bd6af26ade7fc266a6cd2de4f3c1f479f895ff597998cc8b929c1f05db13d9b9a4d98c9bc606eee32915bbdaeec6576e1fa6e8b22e0bb1098074":"608d56f6dea2fdf175eae189d42a85fb":"":"2c7d2618808adcf8edf5a54119471b930e07488d5fac3dcb53f4ade43674d162881bee1f27dea6d158b254d4b432e17f211515bf595a9874d89f8cf748ddaf2324078029c6463312ad32eb0aa5ebefc31c7fbfd04b37ba6b766375952c211d160b943e9d3c5e144b581157bff9071d31cfc082b55c4a0fced386ef2fc75e1a7b":120:"7a1ae03e2838294e286dca4fbbd9f1":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"192dbfdf86e48bf18710e706dc90e356":"1d7c45c8ef6f9f073c7f186e4c876c2b8fbf22feeecdc111a19071f276e838ab0572c9a68e9ad464fa88ba8d8a162e9f5ee1c4983395a890990357673467988c057eb8a0342c41867baab41456edc3932531d1c4aa0b42ce2b388d2be579dfe332f40a9b864c5e33e2b3cfd73b68d65c4db9ec46d3ba1587a56cb7887dcb3c5e":"1a511f85e0e138f4241882c20689f881":"":"3e50e821fbf83433155de7b4eb3c9a2c148b08d9d3998a3486f517fb5d0a1338faabbf95e85fa9186385bcb9e26aaa5e473d3cc7af869872e4fb36ad16c5468d994e9c71a09dd2868977f3f9064664f6ffcbac1bd313a7803c304273d69ad20369bad36adeb38480563bc6db9aa0d11a0e03d09731171c1229a756037b2c285c":112:"9393edf0934796eb97a8c513bbfc":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"daf9455bad8bee905c6cd464677b803f":"af04226cc6eb84f8167a68c2cfde33a1521dcbe781e7b97a3fae732bcd8c0616a588200328902faa5a65a27e769a720d7ea23333cc1c66c4d4e4c53facca5d6af06aea7fb49b12b04cd6ae38fe28d71cd66f769d640beeb07f508a0e3f856902cbfde6919077de378cf0486cf177f897cd0a56b69db3a31b448ebbf8fdf63736":"6cfe8490e892f5ddba8bbd1cd522ba0b":"":"e5622ca7360272a33e30f7fbeaa00956e8af0d871c433c070c8854d818eab9717293e845106770ec07da372c75266239a225ad74465e255520218c6736e51070477d70976aa7d449c32a5c85bbd6931c76e9e4355f9697bad2ea3bcc0be005da15c62db219b074b71fe4a5512157143df2c1f70bb17c6d3740d8d20eef88535f":112:"25fe6c9b2303b40ed31d1beea39a":0 AES-GCM NIST Validation (AES-128,128,1024,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"82d166dddcbf4f7f66aa5ac6b12516bc":"7883f4f96c0ef7f6d9fd7c2eaad25995943078559eb24a3e6650126ddaa32301b04f737dc27b648d6115ce08feac862cb888073b22aa648c752934bb7f9c566209a97499236f782758d6f6f9a012a2fb6885ca91858f9779cc93950baa731f1874629351e6186935475a20593f66cddefff89be0fc0f9b57695b147d9acd8157":"540c2a07689bf314bc8ede71df3f4358":"":"44806e76a40bbbc2de860cd36e93d64c9f4c11994f754db6a279d6eaecfdf19966512de5223d8332a407381114d50fadb03e33e347a5f4d87c3fbf35f2d5967ba295003a2c6c12fba8394aa5b7a31365791c630734a6b2ef84eed0738cb4bc229e93c4e8529aaeadecff7ab93887b9fad5f05a88a5ba9fb449053ce4c6375d1f":112:"756d65c1b8a04485c3944e2a3cbc":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"81c1fca371968513a68ac09a7459042d":"182cb89c94171b685016bad76c445cc4561aff8e3170dd251f62efbd44910ddf8eba8a67dd1a237f2f7336f436edcfbdf9928e94c3488189110d672488c6c4e0dc4a1fb6e67dee9a1bfc3f49d2f934f305f139e98f0ba9c1ab56b5ce9ddce4ab54b6970bf6499e5e825abbb23f9e320ee05aaf0d712c09b0134839c5609e178a":"7c962a92b8daa294b4962cc3020dcd0b":"":"f91e36c79db6789a3acec9e82ec777efc1958e7e5634d30a60239eb7cae1b48f40557965e8a6f6993db3f4ae443ba167753c89f52f610ab69159ff60233310c1bb2baccb936433270f8839758bc85c53604e771e3ab0df6d6bb02e860d0eb27f425c7d30fb7566aff982d289228da5ce5a45842e10ffbe9016c9e926d7f69863":104:"0114c2de8f733fc18f203150a0":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"09ce73e733e880c6d7be92be3144db40":"a283e20adb6efedc5530f4efd71840d5fe61c902a7511cdaa939f5030880f3675959ee96e39abe082a66eba2a5a93214b22c249d7167b7a0fda360d02df855d508c7ebae7016137e54290904909b2d41a59942abec76612b17ea76ffd1ee715aa2b05b1314c0ab28631f3934d0e9efe2aef0c711e75a5c62701b3358a414958d":"f72a2fc910fdeeefe8743f57290e80af":"":"fe9a7f59abc3720706c33fa40e106663d26c0f8da0d25deb90ada8130b6f95aaec07f4a7db342b678d102b2c81464e4ca9458732783cdc3a9d504232f44e2878b0aaeec0f88efa5d7e5fb146911dcdb4569de7f114e1854ad7a95894561bd0fc4d9a5b58b5164872833283ed88fdb4900b2a596db4e8379eed4e3a5c08d5fadf":104:"9de97bfec1325936bd171c996a":0 AES-GCM NIST Validation (AES-128,128,1024,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e61d415db78d9f2695344350e0a8291e":"730c3fa9e07eea73a734b17fcbc5a969dc2c04f448f44c7f6276e32ae3504e9b15fb664908f530e83a74e25a4525f74d315ab85d7b85005401370dc50fdb86e97baf3e7acb403e476193527a1a5d642ffad6cf2555d16d28cf4c4127189056389368b76aea806906b0a38b808cb02378eea48edc005cf2c21e6547502e31d2cb":"e09dee93466a3f35605b647d16b48452":"":"ae87e754c1af1175b474b0718e3560240f55194d946d101e7c0bc7af18d90a50fa41d68516e45dc2a4dba48d457ebff18a657a873e15620ed7cf6ed3a26195b9d354ea279b24ec7802e4e95d3f3765188a64d7b8d4b7c215e7d67385efc6288724a33a1a7994f21e0dc2970076af7cf31e9ad1098537543052a2b0f62e4e8a87":104:"5de3c5716735d7d1b859debb6e":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"19bf00b228ddb6e8f1fa4ba85f866475":"10742aeda590024bac2696af8402580d2ec6ba3f51cc6f79b6cfbb3057634ced6033fa43dbaec9af8ce7e9706ca699ede88d89caed89ea023d14761bec49da724538b4f9672163a5bb5dbf92f5278fc0014eafce402cb408a1eaad6bc17ec0e835d6b80f4701f946661757b9b2d54d1b137841519dd38d72835893ea6d52a27f":"760c5b929ac3d33bee4dae0088a894f9":"":"b03d27bc7f4c9d48d555a38091347f371d0522ad4c347b4a23194c234c7877cd3621ce5a7c2fc26b38c7e6f1c2bf228ccec491f5bc352556c08e4e19ddc4e4b2c036f45a42aa425a5ff9a2e9c9e5580b538ee56fa804a86d9b1b59b6fb0d00216a96936755462979dc14990935919026fb51cdfef05b8dad03320a8112b7ada5":96:"2f1cc79408c85a9867214061":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"65bd9e7d9009dd6110dca657ccfe603e":"c1b539324a001901c2461b9747f605a2f4043b9b0f54d1357049fd1819de06df6e29880d62ef7d91f9cdd1108f3cce323f6c32cec16f7bd434e539fd00ada476ef41efe7c6907ad1cb726717ab56d6e2d32042ee2df3f90d15e1515f0a15a5f06703e06e14229d18328116148b3cc39683918e42927f62aec49ee9bcc19be38d":"3fddf7e943326e431be540c49bb917c6":"":"2813d6eef070cbdee9d5d71caa8a88c631f0b71c41813c6219a765e4fb3e6eff9afe8f8f4394fbd5646fe80bab78806eddf7549d6ca3d0d16d47ef63db93cb5620e3814efd86be151b338ee6e2c681bd37be4039b2ea4a190feccd7d65cbd56ebda81f4b66ce12cc3e2cece731c37d4237a9dd0a2c1a7697bae42176a673d62a":96:"96200bd3e64d5eea746693ba":0 AES-GCM NIST Validation (AES-128,128,1024,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b9b8ac9215289aa003cecd53a90e0407":"8a6fbd067144b6d50ea73a2a7abba3ee9677bbf00312c70d808fd124541ab936229d59842c8846569a063fecb8bd1945882abd987a936991d5cdbec087937f91c4f5513feffa1984a6b8d04a7b69eb4e93e90b6825778cd2ce9a0ce54d4a468c93884619f851d2294be0bbbeef5fc0c05d2384126289283d5ddaaccd89711d73":"27d367f3f0c60acf921f8d8b228a0b2f":"":"42d98ecfb4f707ec233c7f990b0cad8f39546b861b11d8cb9d939b29ff5ab315229d946ff55927dbde82c03aa73fd7857b2ad38fa55a827dda54d2726bcee66347ce42c9cfd13ba1507d209ff2388c0ea2474e17e31d8056593b722d3c2a302a716a288592b0a36547c7fd47f7595fee9d30f5bc09a9555d7f3169e26a924db1":96:"d66974c95917ae1bf79b6685":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ccbcc39512425bc32350587f0fc3e8fd":"57d6ccda317b7ea150b18d9558b39fd78d9cb52509aa5c095c5b46da89b79918c85d469ffac7226caddd670ac8f5add47fc382df1f32b4de9cc1b2ca7c2acfbdcaa08429b97e77eedea55c8ddc7814fe4c3cc1e21f95d94301ab77b4df7572d0b8778cb2befc0f4c4a5e93429ad52d6c2a75481f38d92edb1dac563154bf90b2":"0862ebfeb40ff24bfc65d3cc600f2897":"":"e6a77e90750cf0e4c276c50c3880b3f6fa357179cbd84e22f5b43cd10abcbe04b43f191ed3fabf83eaca886f4a7f48490fb1fd92ebdacb68c5158e9f81243f7cadc7a8ba39721df68dbf2406fcb5dab823202ceea7112e5d25952de1b922beda271e7677421fde25f8cde450c40667387e5abf8da42dfe891c52bdd9f5060dba":64:"927d13cb90ee5f44":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"396b53a694b28b717c104111c4752074":"bbc3b818f4ff10b6822ea41f63ca53c27578a8126f5163a5014c60e1bc8c1a9bba67a3808c8aeee09ba9e584a3584e9b86895a3f0db2e64e71bb18b843b12f4ebbfaa1dff3734196f70c5a6d970277ab5337e8b940ae7c957646f8e96c6b5d84e9e97b620a926e655850d09bc2d94678704aa45d1788e7c23ecf37e2904a0786":"0981a151c6f6867d3830c1f9ef99c433":"":"72a5587076a1050b2b514f047ccdf7176c118db9236c0f72091513da39d7416734ac50e0a35b2905420214be8426a36e86863c9957693292bfc5bfc2e93d234a09e80f517edb7cf8e5d21d5ae6c2362b779a9b62b4c66202894d369d219ef0e4b52a342b71f248c18ffc345dc7eb0b47b3bc83ffdef921eb42b6d51abd889ef4":64:"af99f8797495dd16":0 AES-GCM NIST Validation (AES-128,128,1024,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"af090618cb454324a82a75a91944dd6f":"3ebca6ff138c527b851b27b9e3917bb9a07282197868351dd599b74b332610bd634422911393171305caa4fe3f6e89ab6c033ca759e118c2d8684b903966999125c748e04312ecd2c1ac3135c3be2df9c8c67be4d8303ac7aa6c21ca7b7c20b1108f5622d8e6079f41e4be4abda99f782ad35a085b7db83482dc71b8e5d8e71c":"3380a6f20875b7d561c4a137519cccd3":"":"6be8eebe7af78c062812513785e9803f302c771e8215e4c606fc5eddc3efd8b12c96e029b4287da55d8626583e58ce0e50c4ac5a39a1b0f309d5803386738397376c0ae155087f36fd86fdda4b5c8dd079011fa9a134ca8a76de570ef165b20d7d803544cd2f3a0ffede9b35ca1c982978bf95ac100af755553fdac38d988fe9":64:"3e869dcac087aa6c":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"041cae51d9e631ef70115be58f8818ef":"f6748f4a261d876e37fe44a419cfe965888aa5ee195ae12237322f6e7ac4bfaaf16e8e29be507e2978339a1855ab918485011fd52f834bf0876ba8d89dfc01927e0930d03c0ac7dc7ba1554a879a2051011bcb34a5e4c7cea4d4fb5ed53b41ec8d17bd52b2e1b9dd417a84ac5913ce3f9fb04daf4d14be65f49d0767b9431b47":"c32f227659e0566faa09eb72d99f89c2":"":"f30fe6c8765c8c0af579c95bc2d182ccc346e587a57aa226eafb692675377a85e9ee08339a047b9cb674dabf5a25301d2c8c264bc06573e36e55ceaee39239e367b8f1a3d781a2020e548001f9f98850994c3aa79b13dfc93c1d7291befd91e044b2f5d2583d1a9f868fab4afecd46fec7d315b0cbf8a7331ef8f588d75f97e2":32:"5629e1a4":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f0577d9a7dbf7b4ada5b9758eec4c847":"5b559738634825921b5cb620b5b9f637f8b7ce33998cce1ed1a23ff01f84e58255d852a02e59e4394752405ecc15248f7616a33e64936f726de6fc6d10c3fce9ac0b3fcffbd755f16bff8462b3be24f7cf342c8d0bf1ca79b1cb4ea88d690644998a8ac3cafc8c18c8cb737e38a681026d46966b89c7d6c7a4ce7a1e1faecdd5":"b432473ae67205bc7a99f5ab2a2721e6":"":"ddfe664e28c5face3761deda1ab2dac6e36cfed538e3faf9d79c54e3c85b4baea9eedcef7f8f28c2feedec72ab2cc6aaae101b99512ef18e759b7828364e4daf9a572f8c6ad88eb82f7304989345aa4985e498dfebc58cbc45aa31c18c0dda5b1991fd998901c65807c8cff6058b1d5dfd583297da8451cef13f246547ad11df":32:"ce55ac00":0 AES-GCM NIST Validation (AES-128,128,1024,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6ca1d6ae9b5ddd6e3d68656c508df318":"d160740aed955e30c1f946088b5bc5bbaf5c84f282c32f65d099509993628ba5a51b411c6ebf57d58e9176b490ab90fa8db8a3cdc67a5f8322d06d719d91f00ca07aa2a3977dd0838487f2e9d4dd285067a1f72bb8a6c9dfca107acf1f404995bb68ed9d7e12423efe570f144e0533fa34b8d0b7156112b85c94a8fa33d7a6d9":"68a494c9002dadf4f0303dd0ebd600c0":"":"276e362cb73b405b10a98731333f6accf0d19cb96c21419d6d56b30dcf73f7208906b0e3eb103b721cdbb7eb1d4ff29ec3b7e9d433205bd9ec48c59d0075a1507ddf09275426c0ce9a58b973e06d6fceee7054ba92b1df771011ac73e39e451d9ac3375c595631090a2296d423e3ef806ac20770abf78ad04114f65661804fae":32:"8ff9a26e":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5a3e577743b4581519b84b7538fb32e7":"172a0a14820448e5ffd017c18ee02219906f721c915c4f0ff13b7b7889812c0edb89f28be0c22deff76bc975d1ef8ef3fc40b10cce0d78933aa22e6adf2d4b7ee4ed6ef487eaddb666afd8671427f7525eb99af54a55d98159fc5d651266c65ccd915cbba60fb6e2c408ef177d682253c0b5410d77d08be1d8f175ca360becd0":"1e155ada52e250cee145d69b4a307bc0":"b9be2145b842d2f5c3d15ac032010400bffe31856441cb484d5c93e6710194b13e14077e132cfe03985d4b936bda9383c22c392968c748f7265213a8eac584aaa11eea35589e3536e39b3e4418248927fa9fcc027c5516e402445068ef793d349eb778b77fb0b37f51bfcc3c21df9999ca9985cc5bec6502445b068c2d061f41":"b5bd224140d6b826062e55754299a43a87cbe861360334897e82b7a6023ab0041736479c9aaca7c73f27e239a63e7433e048a8d2c2d26f0b18476aca7ac20837affacdffb57c618ce5982ba61fe1792c8a3a856970c095b0c4695dce961a354135075e0a786192d5875d16793a3ad0e3572a81efa24099f5ed9c92df55c15dd1":128:"74df58fd4a2a68657ce35a3ef11a9c0b":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"deb0ab6e8b0f392af6b89d253e923f1a":"14a86c431bde5c0861e6bd2cb748a13b9bfb2a4a67a0bcf067960b3a9c7a75fc7ea321863c83693c70076462ec3179f4d82ed4a1155a4b5004842fb47482bd6a83804a05af2504f6f535eb9bdc95a9a2eb80c7dcd7dff54e3c00437e4da9c433c88f6d248e4754656acdf8ea7d68106b04ebb2f1cdb247fddb0bca1f8e9ed6a5":"c1bc587c3440f1f5dea5b0a4b5ee8dfd":"602cfb09e8bf250c3a2c248c4e91234629a4fe9a18c5f8b59df215e97dd873a7c1204bd0695796908daa28b77353e0e5b37877a7441d35633119c0aee9aa82c3c18a7f577d09293fafce1895dafea42f97222a33b001907b978f11471cc0adc46243e8f7fce94803d4d0595bc9fccb9b9396b52deb943280eac2c4eda54841bc":"a72d27136d0b4efc0aa2126a246ae4946e2c62cf5055f7bde263e7516ace2b7e12179980f8dcff18dc4fcd662f38d3b9dc7f8a057827ebf27e5dab85264d9325e0eea3b12f8e9e39ad686263df75b0758cc8af0be89882bb159c95b8de392b3e295c039a520d2e56b50a6370afa57adc967f7e4ff670dab471a57fb6c81401eb":128:"eb26cdf879e0cb1320d786a642c4dfc0":0 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"adf6006fb1cfea0f9641a4c35b864101":"d21777e1fab632bffd82a58cb732794f112cd88bdda5a7a8d19c68ace343fd786e5e512013887105c21299f2d6ae23cae4f03047c68f019d98e76d2aa1b3a204f13f4cba13f5a8957b9aa3ebb44b8024b26cb6139a3bca3ada0520a68b8571ae89501b212a1f8ede5753d557ad2f38d9465dbb09b555300b13194bf7817321f7":"a349d97fc677d8ba6f72e8cc7191ab78":"5717bee8b31640f3999efda463d4b604c1cef62fc0dcc856efb4c50a8c6b902019c663279e1bf66fb52d82f8570b9a314647f4b1ed86eb89f4be8981225f94d4285f5ca9167434a1569b520b071ee4448d08cb8623b4cda6d1f7ad28e51a2df980b5a999025e9ba646707075a6cb2464c2a0d5fc804c98a79946fae0b4fa61fd":"345af0d804490586c9ffbada0404176f4cb1331fc77705175619f27d107512d3e6068323b276743284feb938c5718a5b013305fb42282a89e270d24585236fa18265dc7e8ddd2b3efe93a2ea05ab359323c75211f2133aa97022c9a937a467af37c92a795c682a30f2ba1c4ab2dc45e63c56cd3b29b0efac2caa3150e6a72aa3":128:"ae7d2827c4f1422b728a9fd31d8d1918":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"97c83d4628b65d94341984bbc266dc7a":"e998cc0b7677fa2e504994e99cf7bbd84ba7e356d7da178f8ff40dddc046c70554ddec1d28aa23f9c4e6fcb9effeb8e28a883ad05bd0a6041b8a24d0fceff200a4e33996e279cbf029b11d58185adeb5e5e797a74d0d8b17adcf06dfbe3ee11d8e6bc3b6a8434de6e0ddfa0fd08c913f9fb911cefca72bc3f616b4ac9821f53c":"671dcc5001c2146bf8a4e522ad702bd8":"9eb12a42d2ca06a7da37fbc23d213f5e3f5e15580f01b0ea80eb4b6bd283e307dec965745ea3b3509d3269cf25808fc6a923e97d87d0c1a30b447a5a27a06d0c88a96cd90d990bf208f1abc4934f6a0ae34a694750a74ffb27f4bb66bc799d43570b01897b98b00e6a01b95b356b11d33e852b2010da5785a691246d0be2bcfb":"5a6d8930e473e292e67425748e8618569b7a478f1e183ba4e4a64385ac4b75d3d42b1afc34cc6daff341f10c1ad8f03d77179f52a7239ab3261f5fcd5a0b4282d26fa4d08bf0c8a5c96782c073ad63ad233dfe3aa0290a03d73de14d445b9ce4ea0e3b10a4aef71c5919969b7086353c942c479a1c052a749afde2325ef46f7f":120:"b81cb7bfd0aaf22b7233bcfe363b95":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2dcd5c974c5d78cde0d3a677d0b1acdc":"21b61035ca3c149d66608d77edd9770411e0ef73a97d4be9dcde95ed7997ba97117ae6c1979195a5d916ff7a1d43ddced5287004fb60a2c81c82b5f7c8a336a603c3eb7cb160bbf21b454f810681450d65deb64e7cd229333fc5e85dc29040d7da48511b6b2524f02eaeab422b5ca817796c47b9f2d7d498abc619b2ce2912bf":"7455fea1bbbfe9479830d403e33c9d1c":"d684d38f2b12111197ca512c54c8e29ef1c3b9b089a6923cdb327c763f0ac8c2ec0900c716e211e7cba1d7c13a60fe87f5d78e5d5215d92e57a0645d9b2eab4b11870b5f7bfa9f2c9e4b9fcf7596e7719b7d0c0e6cc16efe71d8bc92e16a83d4782f08e9b97dc85a18c435b51c940189a3c2608379a21a8c46633020b9b6cd10":"eb039d8cf0bf217e3f2aa529ba872c385f2770ede6ca4ed32fd22cd3fcbfddfb92d681f00df6fbf170a5dad71c9988d556cd74bc99e18a68683e0ea7b6ef90b21ff42cef8c4627e4051bff0da00054390e10036f430dbe217e5bd939295d9c9f64c2614d42ba62efe78763cc427027edbd0b7f72eceaa8b4776ba633f2c3d500":120:"18e7b50fcec11c98fe5438a40a4164":0 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e5b132bb7aca3e01105848f9b37ff516":"3b6d1a432b7fdb4022fc35d6b79ea03b6aa14d4ddf60a160e976909ca069242fb2e7d414d4e34ffdf9416823c4b3f4e018ac8ca689446647eda6a12029f886bcc9d18be150b451d78fa72b9c4dc13314077a5b04cffeb167005c7e8379940e6b998316bef9bf8b5a742e337663c0ed91d88d09d0c3ebec37aecaeb8277b13661":"24c1ba77d37f99253576f4963779fd59":"dedf78f05957bde906639bd35eacd8fba8582d288c9f14a25eb851a0a34c82fd91f2b78614ff46ca17fe7781d155cc30f3a62764b0614d57c89fddfdd46af4fa5fc540b9ee9076805d4d121aa0dad2449d228f1fc3c07d466c051c06db6846b9012e8d268c6e1e336121d272ca70d965389a5382fbfec0a439e979f16fab0283":"9976d2f3e16485b6b3699a541b6df386562b5ea4f6f9ff41d265b16e2d7d3c5f131bb5874cdffa87e704ae3cc24f1dccb62bababdcdedf8bac277a7277ca53a4d38fd31f9fc83f86a105663f045b70dabd553137b6d6222abb334b7be7689a4afa28103619f11b8b61aa92a63136ad5639f11bae64b25f09f1e2db701938fa5e":120:"29d1b8a68472f2da27aa84be714108":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"63628519a0f010620cbae37f8ad34570":"6db2919208b09a8abe5e95dcfe0f957dce1ae0e5b29f06bf321dc815ceca094f38c5c812f591aedbc9fc28cc0317bd1d89d4a3ba14f7b3e5fb2e03778990a6006e0ec2ceb47c923f3b17473f99521491a4cb2f9bd435e3133dc90e129ded9d15d78e75bfb3492458ce0964d5614508ef2a38ea02ec8664ba901891a7cc86a62b":"ce0ad75b94ab2d3918abf255c854ecf6":"c29384bd7cd013fa02487867595d739d99886a3bbed7fd5acd689f3a74f240f14c8fffd0bdea1f83bfef7b58ce512849e3a986f37afa54ddc11719169a49bd7e7138a745053417ff80cab1a32ae9be476ccb61ae055b319fdee5dcab629bb237aeb7d998ce36dd9c6908451c3bca9d3582f7fd60e69f6298d43a3b958341b611":"6205d37d720cbb628dbd5069f38ded8e566030eadb7fbdf2ed827d5f5a0117a21c75ade89782b3dc4e7307d9a7ae406ead0145aea1b6cce286103a55ce195999214b84bc25281bd7fe511868a69944d483e05ea6b39b11558ab46a33d227734eb3a386e30d58c3029ef0cb4046c0856078d57a6df194aa8c0e10f9b6ed8fb40b":112:"423fd542498825cc54501cb42b2c":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7c0e1c6bde79315f79f22ebc77107228":"9cd56b16aa4e130c3dbf30e701e8784ff39f866031e778e9ab72b858c3e333e9589b4b6cd89d6546e52a478d92bd59d0e4756d6b5037ab1873d88242ef31be643745d26395385b71034f6f0c0c84816f0c6755965fc8a7718f891d618f226684bcc77f87fe168e178b330d4b4c0eb4791028017fe6c42e68b0e195654a5d65e5":"9011dee57c3b8e112efa4d2b816cf189":"57bfcccc6f00c0abbc5f30589dbb47597838fdd50dd622eeedee33824e63ba78753c05d2543687f60dde501757b6fb74c17fe34b3e9c455eb38cf078c8c77eff68d3e3b8c244cde70ddf61703664d34159a11785cc6626eb1cad70ab94405616fff52c0f781ee6b43ef2a449924a76b762035ff479cd6006c21a62a56a14650f":"2c1ef998747163104e5a7d2a440a1a1cc2c20446a9d0cf5f138f85c1f5afd90fdc3fa4932845c150518f40bfd56569a5479126c49061ef350b4fae895170b4eb94dad7b456890a822e1bcb57f9bde5bea747d17be3d18ea201cd99bc46fee21132c6918ffb0117744f6ba3f25bc8a50f9719854314b934c3a3230f4757a49113":112:"4ef9aebb721dabe2d09101037a63":0 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"93f3fa85dbdb2784fb078a34b1116eb1":"e7a0fafda0b90cada671f5e2adfd2e2a5f14e4613ea76aad57e79e2cb532f655210614e2036d7ac005ed5e516814d8667ed71e0f29b9c7b470f4722327407cd6ce6dbd298cee37bff33c35e34cdfebbbf33934673469d6b98becd6d26868977e69e06deee99c118fd4da3530d367d20d15107c03efe0d7e7b38710231e0dcdf0":"f5a7b0b26d1e86f4fc69f81c9eeff2cd":"3d2a1dadccc597b5e7b6ce48760150dee01c8550b525c587abcce8c2c7fb6291683a58c2e42e7b7ba6a3c2a117ddb7e67ea058a78989d67946fd9551e30fcb52618dcb9fae079ca56b74572d7b6a7b6a5c60e906e9639eac5ee1a5a2db864721119da2c4c5110c2b8d487e792cf6929600f1587cb2d48efe6864019afc32af6e":"60da3f4b3a263bc0178379646bce391bf552f60d2833261962375d2960c629dedac681d86f7915ea3cffdad0f37e409668f923d7c860525b994b325396531994a2fbb2d4e909d0b1dce322e078b4b8cd99820a39ffd7b468bd3e73b418b9a2cd5757b7d45f0363574c925bc22d66645abd95a6b29ea6366d8c2252d1c5710d45":112:"833d2c55f5ee493060540d6b5349":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"163c05f69cdc4e518ff6445911d1ede0":"84d8a1855423293de37ebfd9715a9b46b175bc6d44e94ac8a3e7d409e8a227a57a6b85144a8ee23564fadc28742b69e89c0d4aadf0a786f9a5d5f9198923643ffc0bfd0f96e43b08f1435d4afc0e49c0e2241d938780975bc7a31cdf38f30380753bdd66be72b4dff260a35dc10b9ba35059ba61b0beab16e35068721bd950e3":"4b16188249096682b88aa5e4a13f62c1":"a238d1111efb7811f6838c3cb6f3bf3e0ecee6d8efb26845391f8adb51e497e840ea40318bf8e3cf0681c3b69951c4f03d5a4b5edf7119a150eafe6dc16b68f3d2b91e1454637135148f4fec132bfd96ca088169a35961d4c663535b9852f12a00ec4c08082553a09ea046379ce747c717036154d063d876a2b95cd7bdb42daa":"3bf751cf63bc1b433be6075303986ac1d0592dee400774d0bb7a9e72224417639e1e83e69f34226b873365f41fdac925628f32ed4b572b374310edfd892c5e0c3197e59efbc22ee11f0d4a66bd73a6f5b0de7c1cbb0612a63a262af51d418577a9bae0a8577e547382878f13047a92f51a867f8b7d283d2099c34c236918f718":104:"0d778299c4dc0415ca789dd5b2":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a2ff7cb9fe33b04a087d9ee6db58ec0e":"ed7c22218009ceb5b322045fecc1fd748f27655397a09c2c29813eba9a5cbeebe88d4a35dfd741ef0ac1d11c4adbc6bfae824af88e3ce09f68d8ca7671de91ec9e2bd5f790d1cb1748e34b3560c9b10726ea4b85b127731d8a7fdfd0ddbed11aaf181799f71a68e542b43ed9889237d2fffe370f41064b810c2e14d1ab661517":"6c58eb8f1f561b180f07ede0d3ae3358":"00cb63fa0cf526c6db37e33cf092f3f421fd258d28446c9a7c687b941c7eb5e1c5be267db992d0d93ede0b09030f979d451ecbdbbbb386cf1d74b23d55b74f5f4d520c000c9a41922f54567ca7dfcd84c68883a23c7acc3db3cd8d340217ee7c5ea39b41cf2c0e58c270a19ee9e146d2dbfdaf8ba3e24fda7f2c5e4ba6563ef4":"f0f119bddf5ddf147fe06da9d4510d97369d8e345519df2188b8d2dbaf8b7d3e01f3c26475141aae224e5ce1b131c8096f0e2a17c4c2df62f76f009cfc8aa20ddcd75a6a4281cfa2225485ca22aabcb60ff11265acb92a19ed66797fc2b418ae4b8c70fbecf0fd63f6c22ad62bfd6f40d8d0e2abeb620b7b4f5d8b3e041a53e6":104:"7885ca22c4afd7dc6cb440ea35":0 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2e739a485b6293b43535379e3b309fe8":"699b9a5668042c48c63ffb323c0fab18446546417b2f33a69addce6178f9d5b7dfa891ff2004eb57a98ca012c2668e0614276d89b21b7bfa436b2aa1582daaa81a6a7722186e99dd16a5786fd0e8b09b194746232fd413984484524793a379112e297d733dce063408fe59367f5929c5086bc2191a8fdd60a346052c0d109d57":"c4deca3eeea80352624c93523f35e0ae":"704aa36a82d02c56f4992469bb7e8a3f7dda1326068bf6017e4a0c810352b476aea129c1ba1d4974bc0d0503dcf816b89c0dc8e6d066774ce97cea65b5fb5c7b5a7f93e5e2c7126dd3b241b958e47d8150b422bb91c4afc47d53cfc2d20176c2ea0c85b376dc46a86bbaa53c584aa561f6662d11de4e39e50f1a095b8555137b":"30b8fa2e52577a7e5cdc12a7c619615b134ad4b41893ba9120651cd35c6f2d48ec6b8b9fa99366c4d60e643a8ccb2cbb3568f7647f4ad1a12d14deb8aac00dc4ef780133ee8df8f494675deb7f678fed54e70d6bf43476854eb0286a49cd322cc18daa238d4580ee665fbc759295a3e12567beff3e823811093cf0f02d00820b":104:"ff89ee52fa4eaeb748c8676490":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6bbb12361c95953a8d757bcbb92568eb":"c3fccc5693abe53a13e5209f80611fad1e81e7ce19a4612666d954b4b6d2062bee764181716d5fe0fe1de485bb739d6e8625d5b6cedcaaf6e4e5ec350bc2168c24d7764e75b0cf079d7ad1b5fc24dbed14c5ae4714734f424b3611de0f70a0a8d752fb143e1b7e51ebc965a06021de3718af30b067dde270d804fb5b87ffb29f":"48ca821e5e43fd58668380491d58cdfb":"e97280fd78eb8bd695227fc79420971081de8f24bc95d9a1794ed2bebf5b68d8b43ae8288eb5ce72db0740334ff9bc9b4e660418d3cff8c344e50c7962c367c26247806d0b5c2ae0420a724203dcf4fdefd6513f8263d995afa4780a9c4e92c25496106fec370d0450d907225190ecccfae634f11f8f74f6422a652b2b9af9e5":"61cfc5a6ab6847bf0127b35ce0712cbfa9cd28dfb3f0b4cac2624c52cf55f311e55e9abff2d4514c6feff801ea8739f874ded2efce4a440f2acd95eba6c75e09bcd91b898c98563a26b3df415658c4d04a6aaf547a90b03d1789bdf7ab8f09f6d9f222f567461380372a976240b7b180c3fa7b4507e53815af3f6b4a46973806":96:"f86d5374d1ad269cc3f36756":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1a0a9b2dd1ae31b3e47b6df979dd2fbf":"353786f96620ae7dfa7aee163c7bb30384bb324b516cad13872f48e7251f6f4c5906748bf2a2f6167bc14453b2b2f513804308ba92d69639beac2f25274bd5477744281b7ef7d0661b3672cd45abd5bd30d98deac4ad0a565308c0224dff59e3190c86df6a5c52055f8e0f73fa024f99162219837c999a9c0a12c806f01227af":"b39c8615fa062412fd9b6ac3a7e626f6":"dea75b17cd13dd33b5016de549c44fa9c88baf424ac80c4835e868acb58082ffc4255c655878a1c627a44160d5e5054a0a04f65fdfb542cd342be2aa2e000117bf8cd67b02f3a3700755508f9af8379c226aded404117a5ca3fa70968495eab287064ee584b4ce596612f2c465d997518c6995518e3bb881967ab6b99d7f62d7":"8430b8735f0b002e098d513eec7b3a8431a3fdac2b7faf256a7bcf08f3dcd6fa549f029240acae4dbd4ad54752ba358c14893aaa67a003261c252020d14b521906b23c37dd80af703c2964ce13773dd72fa56c389768c6efbd485953900b56f6bbaa837f1668f478677621a297d4b5a2c1a86f689d8644caec51435b0dd66c77":96:"f000f2d398df18534428f382":0 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4da736fba2b7202ea2ba60793da3344d":"4f004852edd5dcde13507252ed8c2b20a093ac9081ce2a8133c48d2807e5f968c04a20dd52c070d6c43c704b8650da7f94e5450e0d34cfc2b2d2ba7cb5343e6b4281633c6c065dae27fab18ca71bea018eba94d20e78c5e3223c70f50cb77399c1a89436f1e7213673ae825d4fc5523645031696df10f9b5238c03f733b4dfcf":"8572af442c9af9652a192d893c18b8c3":"429915c3309fba2a42b8e89f42a9376a2f329805a4d6daae11e9a20c2f982671ef8a7539a9657777d03cbf755ef93be0d8e426ed00899a59e8b963fd44269d64692ed07b231cde93e85397cf125a75032ca3726ea1ff1b05d79f2040c1135012b90597186c1db2e16cd128d45a7b9d934ec01341d9030e9721c62f62003059b8":"ff4e46c4236304b8d52ba2d6db269f95d2cd5fe4318ce930d407051469c7e36e44bbcc909c4966276f5a2ec70021982fecbeae34df235a3e9e0370afa5a269ca8847a84b8477f7ddd6055d0f800ff4d413f63db517c96d15dbe78655748edd820f2ee79df5eca31711870022f1f5394b84f05bfef97f99cbd6205f8e522b3d5e":96:"624b0b5b6374c5153835b8e5":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5bcc874114b9d78c3eb748a783d1448c":"7d57418bcea007247f5e18c17a2e4601c3eb8c89f61ed365d5aebee7593cdd63871d964a25fc9d723f291d39e0c4f75012471faf8e06db60c4ad8a26cf434bd82a29a8b653fdda1b86a7e4800c1d70cb5d8b8a1d1af52894082bb282ffdde8f0128a4abb68aedcfcb59160f6b5aaf452812f4d00472d2862a8b22480e71231b3":"5f4fde440faa9537d62e62994ab20fb5":"b5dfe0d971f2920ba4c029d4c346a49788b499faacdb18b8f905f1457a8b9fa48709893516a7b48bc601710bfd73c12da094c29df5776d491c9978f8ab237f605785b0304488f1c20bf5a767ba6d5e1e2961957aa107bdba2358b81ef1e06576db985b3ef8194725b75d49de1de3a57f161dede508e37ad3356134fa0a1aa48e":"6bc0dec98bece6c4e245fe978f6db113deca75e1b475bc31f1da0c7457a85ee7aac8be5f2121c0610b99a2c64519fc2514b643c379b4f53c5432b9729aea9fcecb88a2e2d0a6e74be04859a66f55fb2af1598bcb039108ef7fcfd99d94e79287ec1f62bd1bf5ff9dd51ab12fae4f6e21b95ca50032f9a65bd85f9a1aa0524950":64:"354fb8bcd38f2a26":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"427c89146eb7d76578dc173bd9e15cda":"1d39249130404d60ed40241cf3354458e06f1474b3723569d88235f03098053fc99010f39435620acc710a4e386b2ecbf9b327a8dcfbeddc084353fff029d24787ce81e74a5e1ac1ef096e0a2ae882a669ca168275806bb7f462e66c941fffc6ed44b9628450e03a5032676c1ee4aedfcb1767150d56c7d73a8a47f6d19854fa":"0092e76cd8882e5f77f4c8514491705d":"0ac4631358bb9375e07756692bde59d27012e921f054fdfea0ddb242c43421f4c7241cb210cb5c172d053de2763efd565f1138fbe7f9cd998d825ab800df900843474ebf857b3371c555b89670e86354fe430f715ebbd0ecad974fea34e3bbae43d3ca3ca178f3361f0a11fd75f60e9140f44364b02a073dcce8339fa28cb5ad":"2b385e9df4ed41cdca53a4ac8cb3e0af75eddd518b6727380712950d96c34bc6a0a6ac02184c1987548932b116ec9ae7abf01157a50e422b3e6aa62deb0cb2d81bf7fe0c25041a355ccaaeb049abb0393acfe90d869e9edfdfb646971bbb1ba9e5983cd0e2739158fab31be26cfdf9286d347b58b00f75d9f48ece1353308a91":64:"905cdf228a68bebb":0 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2e09660909a9aa0a50958016c3e07895":"d7b2ceb182d4a8ed57572c4237ba99bbdd589093db0f71732f9e67559d3054fa1af195aa4864fde413549d27468ffe7c5c23e242cab4ae4bb9e2657422dc3fc78fbdcde892ed202be1e47f095b09cfc53cfe86cb16e2e95444492ad5d0eef053178d6b0485731be7a5193563bf56f63cc0687fc01679254d74e9ed788645004c":"c4f865be8b5062e488b1725749a87945":"26f50acdefde4d585fc6de6c6234c9ead40684349a2bfd022df93d9774c9f5b8f50474032a417bdcc21a74da72c0297437a0cef8f527c9205797f77b4227c272e08ad0b120a2a31ef13e372cad2387ccc1bcefc88dd58899821d68f3be6a4b2cd08697d1897efcd6ed3a0d7849f6cbb50e46800627cfd26964e2cfe9f36624d9":"321f6d79a6658c7c2b67fe3c932237593a6ec7e6fd8198abc6b0b6ba5d4dac9e0695f0c64dde1c94c0383839ee37f8bbfcc516f24871fd79a9b9135ceef841e4c8ddf6b57962c0e8ad7aaf210e97a43489097270756404fddde637de461b8644fef244142820e1af12b90f16748b0915a6b773dfbbdf6b16f1beaccb4cd5edba":64:"b294db7ed69912dc":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5e45d57981f65a6b170efa758cf4553d":"bc8d4c418442743f2fdbaf95b8f87b7c15a3176085e34addf4cf0fb3c2df15587526691b07e6407ba16999b72382635a2aebb62d05c1547a7d074c857a23107c7577864e7f7bcdb5b6d1fb50136391f89c42d3f02754b0e4ed0fcb0c03576b986af5c12cf9bf5e0c585d6aaf49d0c6fb2ec30eae97b2b850a35474bfb9a2c069":"b43403b627fe9e0135192d1a048c6faa":"7a27ea26c7607e4e7e627f3161bdf15f21f3d62dc33df14951971712f960d3b2082d75395c5008e5ea00d282d350f86dac8c61f5c0f90e7797a5b61ee96f7e332ec5de51cb1377e47c641f326d1e58817c8c95feb5b2923758e33b279191d0a9ffd09b7619b0318a70775e36abf5f7ab59422ff68914e7b478c448a7b141c4bf":"90d8a6218da063c38e0f06d548a3d5685fd3e0fbaf609c77bdd573bb9c63f30590eaf8b181a2feb81c8b3f5f34a94dc94b905036a6c69b97263302b8674d9e09325065588e97c0b5b33116981f1f362a7c5bb1e996c126c31fbd63791772f4d594632f408fdf011b3f2cc750b060452c181e8e09697c8662c00c8d4f29d875a7":32:"611abef7":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"00d4bf20509a61bc76430ffa5f013589":"036a191a388cf3c57c9e6f0e2f5c8bc3d5c25ee8e2fedfadb7b7433155c7e79304f0905ab2a17e1f04f2f2dacd4a41521d6ce213961df9dc9101d41df4e44246488fbedb75a01256fbc7784769eb8f99d44d5eabf93cf667ebae2437ccedc79efa58c075183d46a5c20bf4c81e0f9754ad35af65f7c8aafe7daa3460c6892b1a":"25b1026a009470a5ca8caeeb67200792":"fd75acfd5aa25fb8bccb53672e5d6a8080081506cf03df2bab0746a353510996e0237d6354ee0210a41f20f88ec6569f2b200b28c6a31464a0533a6bc45afef3ae381425a3606de2866dba694124d96da9d0a2b061b787524ee6e5d3b1ef5c4bcf168810aa177660b7e1379ac8a480ce43d73dfcc696873cea2df419f372651e":"cab80615b666c47fcabf0d9805842ab2805150abad4de0ae8b12306bed504d4a7f91f52379df65cb9587577e59dafcd4203d2ed2743d35472285e9522db0ce3dd027a01c79ac64caee29ef3752a077254b0dca269f6f206f6cc575e8fedb0ba525dcf6252fa6f7b688556933f1dee84b2ad36a266695ce8672229cedd82f20a1":32:"3287478c":0 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe481476fce76efcfc78ed144b0756f1":"246e1f2babab8da98b17cc928bd49504d7d87ea2cc174f9ffb7dbafe5969ff824a0bcb52f35441d22f3edcd10fab0ec04c0bde5abd3624ca25cbb4541b5d62a3deb52c00b75d68aaf0504d51f95b8dcbebdd8433f4966c584ac7f8c19407ca927a79fa4ead2688c4a7baafb4c31ef83c05e8848ec2b4f657aab84c109c91c277":"1a2c18c6bf13b3b2785610c71ccd98ca":"b0ab3cb5256575774b8242b89badfbe0dfdfd04f5dd75a8e5f218b28d3f6bc085a013defa5f5b15dfb46132db58ed7a9ddb812d28ee2f962796ad988561a381c02d1cf37dca5fd33e081d61cc7b3ab0b477947524a4ca4cb48c36f48b302c440be6f5777518a60585a8a16cea510dbfc5580b0daac49a2b1242ff55e91a8eae8":"5587620bbb77f70afdf3cdb7ae390edd0473286d86d3f862ad70902d90ff1d315947c959f016257a8fe1f52cc22a54f21de8cb60b74808ac7b22ea7a15945371e18b77c9571aad631aa080c60c1e472019fa85625fc80ed32a51d05e397a8987c8fece197a566689d24d05361b6f3a75616c89db6123bf5902960b21a18bc03a":32:"bd4265a8":0 AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 128 bytes, ciphertext updates: 0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"e28c435211743a7872e4a0bd7602336a":"2ddbee94fcbfacea080ded468f67180c":"63190ef542656cc2b69a9b0daf8dbd2d38cd75f17b92d6d891c17b0337ad4fe4539d9154722fa430782a1d79620e974661918166e39c453c5a98759a13d2766138c7750e6cbdc7b6d7cbe44f3f4de7bb562d9bce6e6e2e815444842b89ba8b73454218c483e574ca886a84e8c9aa6f56dd1541a7e35a4a5b8f6a05ad5bb013e9":"2ce6d74cda466354a736636bf18acfc0":0 AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 128 bytes, ciphertext updates: 1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"e28c435211743a7872e4a0bd7602336a":"2ddbee94fcbfacea080ded468f67180c":"63190ef542656cc2b69a9b0daf8dbd2d38cd75f17b92d6d891c17b0337ad4fe4539d9154722fa430782a1d79620e974661918166e39c453c5a98759a13d2766138c7750e6cbdc7b6d7cbe44f3f4de7bb562d9bce6e6e2e815444842b89ba8b73454218c483e574ca886a84e8c9aa6f56dd1541a7e35a4a5b8f6a05ad5bb013e9":"2ce6d74cda466354a736636bf18acfc0":1 AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 128 bytes, ciphertext updates: 2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"e28c435211743a7872e4a0bd7602336a":"2ddbee94fcbfacea080ded468f67180c":"63190ef542656cc2b69a9b0daf8dbd2d38cd75f17b92d6d891c17b0337ad4fe4539d9154722fa430782a1d79620e974661918166e39c453c5a98759a13d2766138c7750e6cbdc7b6d7cbe44f3f4de7bb562d9bce6e6e2e815444842b89ba8b73454218c483e574ca886a84e8c9aa6f56dd1541a7e35a4a5b8f6a05ad5bb013e9":"2ce6d74cda466354a736636bf18acfc0":2 AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 90 bytes, ciphertext updates: 0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"20b5b6b854e187b058a84d57bc1538b6":"94c1935afc061cbf254b936f":"ca418e71dbf810038174eaa3719b3fcb80531c7110ad9192d105eeaafa15b819ac005668752b344ed1b22faf77048baf03dbddb3b47d6b00e95c4f005e0cc9b7627ccafd3f21b3312aa8d91d3fa0893fe5bff7d44ca46f23afe0":"b37286ebaf4a54e0ffc2a1deafc9f6db":0 AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 90 bytes, ciphertext updates: 1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"20b5b6b854e187b058a84d57bc1538b6":"94c1935afc061cbf254b936f":"ca418e71dbf810038174eaa3719b3fcb80531c7110ad9192d105eeaafa15b819ac005668752b344ed1b22faf77048baf03dbddb3b47d6b00e95c4f005e0cc9b7627ccafd3f21b3312aa8d91d3fa0893fe5bff7d44ca46f23afe0":"b37286ebaf4a54e0ffc2a1deafc9f6db":1 AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 90 bytes, ciphertext updates: 2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"20b5b6b854e187b058a84d57bc1538b6":"94c1935afc061cbf254b936f":"ca418e71dbf810038174eaa3719b3fcb80531c7110ad9192d105eeaafa15b819ac005668752b344ed1b22faf77048baf03dbddb3b47d6b00e95c4f005e0cc9b7627ccafd3f21b3312aa8d91d3fa0893fe5bff7d44ca46f23afe0":"b37286ebaf4a54e0ffc2a1deafc9f6db":2 AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 128 bytes, AD updates: 0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"ce0f8cfe9d64c4f4c045d11b97c2d918":"ad4c3627a494fc628316dc03faf81db8":"dfff250d380f363880963b42d6913c1ba11e8edf7c4ab8b76d79ccbaac628f548ee542f48728a9a2620a0d69339c8291e8d398440d740e310908cdee7c273cc91275ce7271ba12f69237998b07b789b3993aaac8dc4ec1914432a30f5172f79ea0539bd1f70b36d437e5170bc63039a5280816c05e1e41760b58e35696cebd55":"0de73d9702d9357c9e8619b7944e40732ac2f4dd3f1b42d8d7f36acb1f1497990d0ec3d626082cdb1384ec72a4c1d98955ba2a3aae6d81b24e9ce533eb5ede7210ae4a06d43f750138b8914d754d43bce416fee799cc4dd03949acedc34def7d6bde6ba41a4cf03d209689a3ad181f1b6dcf76ca25c87eb1c7459cc9f95ddc57":"5f6a3620e59fe8977286f502d0da7517":0 AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 128 bytes, AD updates: 1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"ce0f8cfe9d64c4f4c045d11b97c2d918":"ad4c3627a494fc628316dc03faf81db8":"dfff250d380f363880963b42d6913c1ba11e8edf7c4ab8b76d79ccbaac628f548ee542f48728a9a2620a0d69339c8291e8d398440d740e310908cdee7c273cc91275ce7271ba12f69237998b07b789b3993aaac8dc4ec1914432a30f5172f79ea0539bd1f70b36d437e5170bc63039a5280816c05e1e41760b58e35696cebd55":"0de73d9702d9357c9e8619b7944e40732ac2f4dd3f1b42d8d7f36acb1f1497990d0ec3d626082cdb1384ec72a4c1d98955ba2a3aae6d81b24e9ce533eb5ede7210ae4a06d43f750138b8914d754d43bce416fee799cc4dd03949acedc34def7d6bde6ba41a4cf03d209689a3ad181f1b6dcf76ca25c87eb1c7459cc9f95ddc57":"5f6a3620e59fe8977286f502d0da7517":1 AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 128 bytes, AD updates: 2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"ce0f8cfe9d64c4f4c045d11b97c2d918":"ad4c3627a494fc628316dc03faf81db8":"dfff250d380f363880963b42d6913c1ba11e8edf7c4ab8b76d79ccbaac628f548ee542f48728a9a2620a0d69339c8291e8d398440d740e310908cdee7c273cc91275ce7271ba12f69237998b07b789b3993aaac8dc4ec1914432a30f5172f79ea0539bd1f70b36d437e5170bc63039a5280816c05e1e41760b58e35696cebd55":"0de73d9702d9357c9e8619b7944e40732ac2f4dd3f1b42d8d7f36acb1f1497990d0ec3d626082cdb1384ec72a4c1d98955ba2a3aae6d81b24e9ce533eb5ede7210ae4a06d43f750138b8914d754d43bce416fee799cc4dd03949acedc34def7d6bde6ba41a4cf03d209689a3ad181f1b6dcf76ca25c87eb1c7459cc9f95ddc57":"5f6a3620e59fe8977286f502d0da7517":2 AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 51 bytes, AD updates: 0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"594157ec4693202b030f33798b07176d":"49b12054082660803a1df3df":"3feef98a976a1bd634f364ac428bb59cd51fb159ec1789946918dbd50ea6c9d594a3a31a5269b0da6936c29d063a5fa2cc8a1c":"c1b7a46a335f23d65b8db4008a49796906e225474f4fe7d39e55bf2efd97fd82d4167de082ae30fa01e465a601235d8d68bc69":"ba92d3661ce8b04687e8788d55417dc2":0 AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 51 bytes, AD updates: 1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"594157ec4693202b030f33798b07176d":"49b12054082660803a1df3df":"3feef98a976a1bd634f364ac428bb59cd51fb159ec1789946918dbd50ea6c9d594a3a31a5269b0da6936c29d063a5fa2cc8a1c":"c1b7a46a335f23d65b8db4008a49796906e225474f4fe7d39e55bf2efd97fd82d4167de082ae30fa01e465a601235d8d68bc69":"ba92d3661ce8b04687e8788d55417dc2":1 AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 51 bytes, AD updates: 2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"594157ec4693202b030f33798b07176d":"49b12054082660803a1df3df":"3feef98a976a1bd634f364ac428bb59cd51fb159ec1789946918dbd50ea6c9d594a3a31a5269b0da6936c29d063a5fa2cc8a1c":"c1b7a46a335f23d65b8db4008a49796906e225474f4fe7d39e55bf2efd97fd82d4167de082ae30fa01e465a601235d8d68bc69":"ba92d3661ce8b04687e8788d55417dc2":2 AES-GCM NIST - empty AD, empty plaintext -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_encrypt_and_verify_no_ad_no_cipher:MBEDTLS_CIPHER_ID_AES:"11754cd72aec309bf52f7687212e8957":"3c819d9a9bed087615030b65":"250327c674aaf477aef2675748cf6971" AES-GCM Bad IV (AES-128,128,0,0,32) #0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT AES-GCM, output buffer too small, NIST Validation (AES-128,128,1024,0,128) #0 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_update_output_buffer_too_small:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"ce0f8cfe9d64c4f4c045d11b97c2d918":"dfff250d380f363880963b42d6913c1ba11e8edf7c4ab8b76d79ccbaac628f548ee542f48728a9a2620a0d69339c8291e8d398440d740e310908cdee7c273cc91275ce7271ba12f69237998b07b789b3993aaac8dc4ec1914432a30f5172f79ea0539bd1f70b36d437e5170bc63039a5280816c05e1e41760b58e35696cebd55":"ad4c3627a494fc628316dc03faf81db8" AES-GCM Selftest -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_de.data b/tests/suites/test_suite_gcm.aes192_de.data index 5cf4e3b9de..90f665ff11 100644 --- a/tests/suites/test_suite_gcm.aes192_de.data +++ b/tests/suites/test_suite_gcm.aes192_de.data @@ -1,679 +1,679 @@ AES-GCM NIST Validation (AES-192,128,0,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"806766a4d2b6507cc4113bc0e46eebe120eacd948c24dc7f":"":"4f801c772395c4519ec830980c8ca5a4":"":128:"8fa16452b132bebc6aa521e92cb3b0ea":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0c2abdcd2e4ae4137509761a38e6ca436b99c21b141f28f5":"":"335ca01a07081fea4e605eb5f23a778e":"":128:"d7f475dfcb92a75bc8521c12bb2e8b86":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"eef490a0c2ecb32472e1654184340cc7433c34da981c062d":"":"d9172c3344d37ff93d2dcb2170ea5d01":"":128:"017fef05260a496654896d4703db3888":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe0c3490f1f0dba23cf5c64e6e1740d06f85e0afec6772f3":"":"f47e915163fa3df7f6c15b9d69f53907":"":120:"14e1a057a2e7ffbd2208e9c25dbba1":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4356b3b1f308df3573509945afe5268984f9d953f01096de":"":"a35b397b34a14a8e24d05a37be4d1822":"":120:"e045ecba220d22c80826b77a21b013":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e2898937cc575c8bb7444413884deafe8eaf326be8849e42":"":"169a449ccb3eb29805b15304d603b132":"":120:"3a807251f3d6242849a69972b14f6d":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"75683c7df0442e10b5368fcd6bb481f0bff8d95aae90487e":"":"538641f7d1cc5c68715971cee607da73":"":112:"07d68fffe417adc3397706d73b95":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0724ee1f317997ce77bb659446fcb5a557490f40597341c7":"":"0d8eb78032d83c676820b2ef5ccc2cc8":"":112:"7da181563b26c7aefeb29e71cc69":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"be2f0f4ae4ab851b258ec5602628df261b6a69e309ff9043":"":"646a91d83ae72b9b9e9fce64135cbf73":"":112:"169e717e2bae42e3eb61d0a1a29b":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"583c328daecd18c2ac5c83a0c263de194a4c73aa4700fe76":"":"55e10d5e9b438b02505d30f211b16fea":"":104:"95c0a4ea9e80f91a4acce500f7":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b40857e7e6f26050f1e9a6cbe05e15a0ba07c2055634ad47":"":"e25ef162a4295d7d24de75a673172346":"":104:"89ea4d1f34edb716b322ea7f6f":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"627008956e31fea497fb120b438a2a043c23b1b38dc6bc10":"":"08ea464baac54469b0498419d83820e6":"":104:"ab064a8d380fe2cda38e61f9e1":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8c386d67d7c2bfd46b8571d8685b35741e87a3ed4a46c9db":"":"766996fb67ace9e6a22d7f802455d4ef":"":96:"9a641be173dc3557ea015372":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"711bc5aa6b94fa3287fad0167ac1a9ef5e8e01c16a79e95a":"":"75cdb8b83017f3dc5ac8733016ab47c7":"":96:"81e3a5580234d8e0b2204bc3":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c74620828402e0bdf3f7a5353668505dc1550a31debce59a":"":"cfbefe265583ab3a2285e8080141ba48":"":96:"355a43bcebbe7f72b6cd27ea":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1eb53aa548b41bfdc85c657ebdebdae0c7e525a6432bc012":"":"37ffc64d4b2d9c82dd17d1ad3076d82b":"":64:"34b8e037084b3f2d":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"50d077575f6db91024a8e564db83324539e9b7add7bb98e4":"":"118d0283294d4084127cce4b0cd5b5fa":"":64:"507a361d8ac59882":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d9ddca0807305025d61919ed7893d7d5c5a3c9f012f4842f":"":"b78d518b6c41a9e031a00b10fb178327":"":64:"f401d546c8b739ff":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6ed8d8afde4dc3872cbc274d7c47b719205518496dd7951d":"":"14eb280288740d464e3b8f296c642daa":"":32:"39e64d7a":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"80aace5ab74f261bc09ac6f66898f69e7f348f805d52404d":"":"f54bf4aac8fb631c8b6ff5e96465fae6":"":32:"1ec1c1a1":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"23b76efd0dbc8d501885ab7d43a7dacde91edd9cde1e1048":"":"75532d15e582e6c477b411e727d4171e":"":32:"76a0e017":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94c50453dd3ef7f7ea763ae13fa34debb9c1198abbf32326":"":"1afe962bc46e36099165552ddb329ac6":"b2920dd9b0325a87e8edda8db560bfe287e44df79cf61edba3b2c95e34629638ecb86584f05a303603065e63323523f6ccc5b605679d1722cde5561f89d268d5f8db8e6bdffda4839c4a04982e8314da78e89f8f8ad9c0fee86332906bf78d2f20afcaabdc282008c6d09df2bfe9be2c9027bb49268b8be8936be39fa8b1ae03":128:"51e1f19a7dea5cfe9b9ca9d09096c3e7":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c6a98102af3d875bcdebe594661d3a6b376970c02b11d019":"":"bea8cd85a28a2c05bf7406b8eef1efcc":"f2f80e2c042092cc7240b598ab30fad055bce85408aa0f8cefaf8a7204f0e2acb87c78f46a5867b1f1c19461cbf5ed5d2ca21c96a63fb1f42f10f394952e63520795c56df77d6a04cb5ad006ee865a47dc2349a814a630b3d4c4e0fd149f51e8fa846656ea569fd29a1ebafc061446eb80ec182f833f1f6d9083545abf52fa4c":128:"04b80f25ae9d07f5fd8220263ac3f2f7":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec3cc45a22fdc7cc79ed658d9e9dbc138dcc7d6e795cba1a":"":"b10d9c70205e142704f9d1f74caee0f6":"714994017c169c574aaff2f8bad15f8fa6a385117f5405f74846eca873ca4a8f4876adf704f2fcaff2dfa75c17afefd08a4707292debc6d9fafda6244ca509bc52b0c6b70f09b14c0d7c667583c091d4064e241ba1f82dd43dc3ea4b8922be65faf5583f6b21ff5b22d3632eb4a426675648250e4b3e37c688d6129b954ef6a8":128:"d22407fd3ae1921d1b380461d2e60210":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a32ebc7a2338038ced36d2b85cbc6c45cca9845a7c5aa99":"":"9afe0882e418c9af205eeb90e131d212":"61ff8a8bc22803f17e8e9f01aff865bc7d3083ff413ce392a989e46ebed5114894de906f7d36439024d8f2e69cc815ac043fff2f75169f6c9aa9761ff32d10a1353213ac756cb84bd3613f8261ef390e1d00c3a8fb82764b0cda4e0049219e87d2e92c38f78ffac242391f838a248f608bb2b56b31bbb453d1098e99d079ea1b":120:"fcbb932ddb0128df78a71971c52838":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bf22885e7f13bcc63bb0a2ca90c20e5c86001f05edf85d8":"":"99dec21f4781284722b5074ea567c171":"9f4176dacf26e27aa0e669cd4d44bca41f83468c70b54c745a601408a214bf876941ae2ae4d26929113f5de2e7d15a7bb656541292137bf2129fdc31f06f070e3cfaf0a7b30d93d8d3c76a981d75cd0ffa0bcacb34597d5be1a055c35eefeddc07ee098603e48ad88eb7a2ec19c1aefc5c7be9a237797397aa27590d5261f67a":120:"18fd1feec5e3bbf0985312dd6100d1":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cfd75a9d3788d965895553ab5fb7a8ff0aa383b7594850a6":"":"a6df69e5f77f4d99d5318c45c87451b2":"041aeb2fa0f7df027cd7709a992e041179d499f5dbccd389035bf7e514a38b5f8368379d2d7b5015d4fa6fadfd7c75abd2d855f5ea4220315fad2c2d435d910253bf76f252a21c57fe74f7247dac32f4276d793d30d48dd61d0e14a4b7f07a56c94d3799d04324dfb2b27a22a5077e280422d4f014f253d138e74c9ac3428a7b":120:"fd78b9956e4e4522605db410f97e84":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0b21ae138485591c6bef7b3d5a0aa0e9762c30a50e4bba2":"":"56dc980e1cba1bc2e3b4a0733d7897ca":"a38458e5cc71f22f6f5880dc018c5777c0e6c8a1301e7d0300c02c976423c2b65f522db4a90401035346d855c892cbf27092c81b969e99cb2b6198e450a95c547bb0145652c9720aaf72a975e4cb5124b483a42f84b5cd022367802c5f167a7dfc885c1f983bb4525a88c8257df3067b6d36d2dbf6323df80c3eaeffc2d176a5":112:"b11f5c0e8cb6fea1a170c9342437":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8775665aba345b1c3e626128b5afa3d0da8f4d36b8cf1ca6":"":"cd17f761670e1f104f8ea4fb0cec7166":"2ee08a51ceaca1dbbb3ee09b72f57427fd34bd95da5b4c0933cbb0fc2f7270cffd3476aa05deeb892a7e6a8a3407e61f8631d1a00e47d46efb918393ee5099df7d65c12ab8c9640bfcb3a6cce00c3243d0b3f316f0822cfeae05ee67b419393cc81846b60c42aeb5c53f0ede1280dc36aa8ef59addd10668dd61557ce760c544":112:"6cdf60e62c91a6a944fa80da1854":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cc9922299b47725952f06272168b728218d2443028d81597":"":"9b2f1a40717afcdbb6a95d6e335c9e4d":"bcfca8420bc7b9df0290d8c1bcf4e3e66d3a4be1c947af82dd541336e44e2c4fa7c6b456980b174948de30b694232b03f8eb990f849b5f57762886b449671e4f0b5e7a173f12910393bdf5c162163584c774ad3bba39794767a4cc45f4a582d307503960454631cdf551e528a863f2e014b1fca4955a78bd545dec831e4d71c7":112:"dd515e5a8b41ecc441443a749b31":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a27d718f21c5cbdc52a745b931bc77bd1afa8b1231f8815":"":"59661051912fba45023aef4e6f9380a5":"2b7ce5cea81300ed23501493310f1316581ef8a50e37eaadd4bb5f527add6deb09e7dcc67652e44ac889b48726d8c0ae80e2b3a89dd34232eb1da32f7f4fcd5bf8e920d286db8604f23ab06eab3e6f99beb55fe3725107e9d67a491cdada1580717bbf64c28799c9ab67922da9194747f32fd84197070a86838d1c9ebae379b7":104:"f33e8f42b58f45a0456f83a13e":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b83e933cf54ac58f8c7e5ed18e4ed2213059158ed9cb2c30":"":"8710af55dd79da45a4b24f6e972bc60a":"b7a428bc68696cee06f2f8b43f63b47914e29f04a4a40c0eec6193a9a24bbe012d68bea5573382dd579beeb0565b0e0334cce6724997138b198fce8325f07069d6890ac4c052e127aa6e70a6248e6536d1d3c6ac60d8cd14d9a45200f6540305f882df5fca2cac48278f94fe502b5abe2992fa2719b0ce98b7ef1b5582e0151c":104:"380128ad7f35be87a17c9590fa":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d2f85f92092385f15da43a086cff64c7448b4ee5a83ed72e":"":"9026dfd09e4553cd51c4c13ce70830de":"3c8de64c14df73c1b470a9d8aa693af96e487d548d03a92ce59c0baec8576129945c722586a66f03deb5029cbda029fb22d355952c3dadfdede20b63f4221f27c8e5d710e2b335c2d9a9b7ca899597a03c41ee6508e40a6d74814441ac3acb64a20f48a61e8a18f4bbcbd3e7e59bb3cd2be405afd6ac80d47ce6496c4b9b294c":104:"e9e5beea7d39c9250347a2a33d":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"de7df44ce007c99f7baad6a6955195f14e60999ed9818707":"":"4d209e414965fe99636c1c6493bba3a3":"da3bc6bdd414a1e07e00981cf9199371192a1fb2eaae20f7091e5fe5368e26d61b981f7f1d29f1a9085ad2789d101155a980de98d961c093941502268adb70537ad9783e6c7d5157c939f59b8ad474c3d7fc1fcc91165cdf8dd9d6ec70d6400086d564b68ebead0d03ebd3aa66ded555692b8de0baf43bc0ddef42e3a9eb34ab":96:"24483a57c20826a709b7d10a":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1dfa5ff20046c775b5e768c2bd9775066ae766345b7befc3":"":"2d49409b869b8b9fc5b67767979ca8cd":"e35d34478b228bc903ea2423697e603cc077967d7cfb062e95bc11d89fbe0a1f1d4569f89b2a7047300c1f5131d91564ec9bce014d18ba605a1c1e4e15e3e5c18413b8b59cbb25ab8f088885225de1235c16c7d9a8d06a23cb0b38fd1d5c6c19617fe08fd6bf01c965ed593149a1c6295435e98463e4f03a511d1a7e82c11f01":96:"23012503febbf26dc2d872dc":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2df3ee3a6484c48fdd0d37bab443228c7d873c984529dfb4":"":"dc6aeb41415c115d66443fbd7acdfc8f":"eafc6007fafb461d3b151bdff459e56dd09b7b48b93ea730c85e5424f762b4a9080de44497a7c56dd7855628ffc61c7b4faeb7d6f413d464fe5ec6401f3028427ae3e62db3ff39cd0f5333a664d3505ff42caa8899b96a92ec01934d4b59556feb9055e8dfb81f55e60135345bfce3e4199bfcdb3ce42523e7d24be2a04cdb67":96:"e8e80bf6e5c4a55e7964f455":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce0787f65e6c24a1c444c35dcd38195197530aa20f1f6f3b":"":"55300431b1eaac0375681d7821e1eb7a":"84a699a34a1e597061ef95e8ec3c21b592e9236ddb98c68d7e05f1e709937b48ec34a4b88d99708d133a2cc33f5cf6819d5e7b82888e49faa5d54147d36c9e486630aa68fef88d55537119db1d57df0402f56e219f7ece7b4bb5f996dbe1c664a75174c880a00b0f2a56e35d17b69c550921961505afabf4bfd66cf04dc596d1":64:"74264163131d16ac":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a15541b5857a668dc9899b2e198d2416e83bac13282ca46":"":"89bf8ab0cea6f59616eeb9b314d7c333":"4d2843f34f9ea13a1ac521479457005178bcf8b2ebeaeb09097ea4471da9f6cc60a532bcda1c18cab822af541de3b87de606999e994ace3951f58a02de0d6620c9ae04549326da449a3e90364a17b90b6b17debc0f454bb0e7e98aef56a1caccf8c91614d1616db30fc8223dbcd8e77bf55d8253efe034fd66f7191e0303c52f":64:"8f4877806daff10e":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b61cdfd19c136ee2acbe09b7993a4683a713427518f8e559":"":"4066118061c904ed1e866d4f31d11234":"153c075ecdd184fd8a0fca25cae8f720201361ef84f3c638b148ca32c51d091a0e394236d0b51c1d2ee601914120c56dfea1289af470dbc9ef462ec5f974e455e6a83e215a2c8e27c0c5b5b45b662b7f58635a29866e8f76ab41ee628c12a24ab4d5f7954665c3e4a3a346739f20393fc5700ec79d2e3c2722c3fb3c77305337":64:"4eff7227b42f9a7d":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce175a7df7e429fcc233540e6b8524323e91f40f592ba144":"":"c34484b4857b93e309df8e1a0e1ec9a3":"ce8d8775f047b543a6cc0d9ef9bc0db5ac5d610dc3ff6e12e0ad7cd3a399ebb762331e3c1101a189b3433a7ff4cd880a0639d2581b71e398dd982f55a11bf0f4e6ee95bacd897e8ec34649e1c256ee6ccecb33e36c76927cc5124bc2962713ad44cbd435ae3c1143796d3037fa1d659e5dad7ebf3c8cbdb5b619113d7ce8c483":32:"ff355f10":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5f659ed236ba60494e9bf1ee2cb40edcf3f25a2bac2e5bc5":"":"ad49f12f202320255406c2f40e55b034":"6da62892f436dfe9790e72d26f4858ca156d1d655c9cc4336fcf282b0f3f0b201e47f799c3019109af89ef5fd48a4811980930e82cd95f86b1995d977c847bbb06ecdcc98b1aae100b23c9c2f0dcf317a1fb36f14e90e396e6c0c594bcc0dc5f3ebf86ce7ecd4b06d1c43202734d53f55751a6e6bbda982104102af240def4eb":32:"cb4d8c1d":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a73f318b1e298ba4ac0ab2aed74f73543b1017cccbd1b240":"":"abe33b7e8d88bd30deb96d1e90c4e951":"6de616b000047b14b6759015183dd753c61499c0e665d06a89e4fb0cd0dd3064ff8651582e901ef5d0cdf3344c29c70c3aabc2aaf83cb3f284c6fe4104906d389b027e7d9ca60d010f06ef8cd9e55db2483d06552ddbe3fc43b24c55085cd998eae3edec36673445bf626e933c15b6af08ea21cbace4720b0b68fe1a374877d5":32:"4a28ec97":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"73d5be74615bc5b627eedfb95746fb5f17cbf25b500a597f":"fc40993eb8559e6b127315c03103ce31b70fc0e07a766d9eecf2e4e8d973faa4afd3053c9ebef0282c9e3d2289d21b6c339748273fa1edf6d6ef5c8f1e1e9301b250297092d9ac4f4843125ea7299d5370f7f49c258eac2a58cc9df14c162604ba0801728994dc82cb625981130c3ca8cdb3391658d4e034691e62ece0a6e407":"eb16ed8de81efde2915a901f557fba95":"":128:"804056dca9f102c4a13a930c81d77eca":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a249135c9f2f5a8b1af66442a4d4e101771a918ef8acee05":"c62b39b937edbdc9b644321d5d284e62eaa4154010c7a3208c1ef4706fba90223da04b2f686a28b975eff17386598ba77e212855692f384782c1f3c00be011e466e145f6f8b65c458e41409e01a019b290773992e19334ffaca544e28fc9044a5e86bcd2fa5ad2e76f2be3f014d8c387456a8fcfded3ae4d1194d0e3e53a2031":"80b6e48fe4a3b08d40c1636b25dfd2c4":"":128:"951c1c89b6d95661630d739dd9120a73":"":"b865f8dd64a6f51a500bcfc8cadbc9e9f5d54d2d27d815ecfe3d5731e1b230c587b46958c6187e41b52ff187a14d26aa41c5f9909a3b77859429232e5bd6c6dc22cf5590402476d033a32682e8ab8dc7ed0b089c5ab20ab9a8c5d6a3be9ea7aa56c9d3ab08de4a4a019abb447db448062f16a533d416951a8ff6f13ed5608f77":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa832a4b37dcb3c0879a771bb8ae734f0d88b9be497797a8":"0f1105f9ec24121232b60b6ef3c3e8ca9eec1a3d7625004b857d1d77f292b6ec065d92f5bb97e0dc2fdfdf823a5db275109a9472690caea04730e4bd732c33548718e9f7658bbf3e30b8d07790cd540c5754486ed8e4d6920cefaeb1c182c4d67ebed0d205ba0bd9441a599d55e45094b380f3478bcfca9646a0d7aa18d08e52":"70835abab9f945c84ef4e97cdcf2a694":"":128:"a459be0b349f6e8392c2a86edd8a9da5":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dda216287910d1f5c0a312f63c243612388bc510cb76c5ba":"d6617d583344d4fe472099d2a688297857215a3e31b47d1bf355ccfe9cf2398a3eba362c670c88f8c7162903275dfd4761d095900bd97eba72200d4045d72bd239bda156829c36b38b1ff5e4230125e5695f623e129829721e889da235bb7d4b9da07cce8c3ceb96964fd2f9dd1ff0997e1a3e253a688ceb1bfec76a7c567266":"7f770140df5b8678bc9c4b962b8c9034":"":120:"9823e3242b3f890c6a456f1837e039":"":"b4910277224025f58a5d0f37385b03fcd488dfef7580eb5c270c10bd7a6f6d9c7ddc2d1368d68d4e04f90e3df029ed028432a09f710be1610b2a75bd05f31bae83920573929573affd0eb03c63e0cec7a027deab792f43ee6307fd3c5078d43d5b1407ac023824d41c9437d66eeec172488f28d700aa4b54931aad7cd458456f":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c5afa1e61d4594b1c2fa637f64f18dd557e4df3255b47f24":"5c772cdf19571cd51d71fc166d33a0b892fbca4eae36ab0ac94e6164d51acb2d4e60d4f3a19c3757a93960e7fd90b9a6cdf98bdf259b370ed6c7ef8cb96dba7e3a875e6e7fe6abc76aabad30c8743b3e47c8de5d604c748eeb16806c2e75180a96af7741904eca61769d39e943eb4c4c25f2afd68e9472043de2bb03e9edae20":"151fd3ba32f5bde72adce6291bcf63ea":"":120:"f0626cc07f2ed1a7570386a4110fc1":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"febd4ff0fedd9f16bccb62380d59cd41b8eff1834347d8fa":"dc971c8f65ece2ea4130afd4db38fc657c085ea19c76fef50f5bd0f8dd364cc22471c2fa36be8cde78529f58a78888e9de10961760a01af005e42fc5b03e6f64962e6b18eaedea979d33d1b06e2038b1aad8993e5b20cae6cc93f3f7cf2ad658fbba633d74f21a2003dded5f5dda3b46ed7424845c11bab439fbb987f0be09f8":"743699d3759781e82a3d21c7cd7991c8":"":120:"1da347f9b6341049e63140395ad445":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d280d079110c1c826cc77f490d807dd8d508eb579a160c49":"a286d19610a990d64f3accd329fc005d468465a98cfa2f3606c6d0fbeb9732879bad3ca8094322a334a43155baed02d8e13a2fbf259d80066c6f418a1a74b23e0f6238f505b2b3dc906ffcb4910ce6c878b595bb4e5f8f3e2ede912b38dbafdf4659a93b056a1a67cb0ec1dbf00d93223f3b20b3f64a157105c5445b61628abf":"85b241d516b94759c9ef975f557bccea":"":112:"bbf289df539f78c3a912b141da3a":"":"b9286ab91645c20de040a805020fed53c612d493a8ce9c71649ae16bd50eab6fb7f3a9180e1651d5413aa542608d7ecbf9fc7378c0bef4d439bc35434b6cf803976b8783aecc83a91e95cea72c2a26a883b710252e0c2a6baa115739a0692c85f6d34ff06234fbdc79b8c4a8ea0a7056fb48c18f73aaf5084868abb0dfaa287d":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5e80f87fa2156c62df7be2ad16c4890de5ee5868a684fcf9":"c829073efd5c5150d2b7e2cdaeff979830d1aa983c747724ade6472c647a6e8e5033046e0359ea62fc26b4c95bccb3ac416fdf54e95815c35bf86d3fdd7856abbb618fe8fcd35a9295114926a0c9df92317d44ba1885a0c67c10b9ba24b8b2f3a464308c5578932247bf9c79d939aa3576376d2d6b4f14a378ab775531fe8abf":"9769f71c76b5b6c60462a845d2c123ad":"":112:"394b6c631a69be3ed8c90770f3d4":"":"f886bd92ca9d73a52e626b0c63a3daa138faaacf7809086d04f5c0c899362aa22e25d8659653b59c3103668461d9785bb425c6c1026ad9c924271cec9f27a9b341f708ca86f1d82a77aae88b25da9061b78b97276f3216720352629bd1a27ebf890da6f42d8c63d68342a93c382442d49dd4b62219504785cee89dffdc36f868":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d8a7b99e53f5e5b197364d4516cace4b928de50e571315e3":"d0db0ac5e14bf03729125f3137d4854b4d8ce2d264f8646da17402bdad7034c0d84d7a80f107eb202aeadbfdf063904ae9793c6ae91ee8bcc0fc0674d8111f6aea6607633f92e4be3cfbb64418101db8b0a9225c83e60ffcf7a7f71f77149a13f8c5227cd92855241e11ee363062a893a76ac282fb47b523b306cd8235cd81c2":"4b12c6701534098e23e1b4659f684d6f":"":112:"729b31c65d8699c93d741caac8e3":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c874b427b7181b0c90b887147c36f242827149324fd5c945":"bdd90190d587a564af022f06c8bd1a68735b6f18f04113fdcec24c6027aaf0271b183336fb713d247a173d9e095dae6e9badb0ab069712302875406f14320151fd43b90a3d6f35cc856636b1a6f98afc797cb5259567e2e9b7ce62d7b3370b5ee852722faf740edf815b3af460cdd7de90ca6ab6cd173844216c064b16ea3696":"4b8dda046a5b7c46abeeca2f2f9bcaf8":"":104:"fe1e427bcb15ce026413a0da87":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"56543cd6e2ebb1e3dc136a826bfc37eddb12f7a26430a1b4":"d541dd3acec2da042e6ea26fb90ff9a3861191926423b6dc99c5110b3bf150b362017159d0b85ffea397106a0d8299ec22791cb06103cd44036eed0d6d9f953724fb003068b3c3d97da129c28d97f09e6300cbea06ba66f410ca61c3311ce334c55f077c37acb3b7129c481748f79c958bc3bbeb2d3ff445ad361ed4bbc79f0a":"927ce8a596ed28c85d9cb8e688a829e6":"":104:"3a98f471112a8a646460e8efd0":"":"a602d61e7a35cbe0e463119bb66fd4bb6c75d1fe0b211b9d6a0a6e9e84b0794282318f0d33ec053f2cfba1623e865681affeaf29f3da3113995e87d51a5ab4872bb05b5be8ef2b14dfc3df5a48cbc9b10853a708ee4886a7390e8e4d286740a0dd41c025c8d72eda3f73f3cec5c33d5e50b643afd7691213cccccc2c41b9bd7a":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"caaf81cd380f3af7885ef0d6196a1688c9372c5850dc5b0b":"6f269929b92c6281e00672eaec183f187b2ddecc11c9045319521d245b595ab154dd50f045a660c4d53ae07d1b7a7fd6b21da10976eb5ffcddda08c1e9075a3b4d785faa003b4dd243f379e0654740b466704d9173bc43292ae0e279a903a955ce33b299bf2842b3461f7c9a2bd311f3e87254b5413d372ec543d6efa237b95a":"508c55f1726896f5b9f0a7024fe2fad0":"":104:"3b8026268caf599ee677ecfd70":"":"c4a96fb08d7c2eebd17046172b98569bc2441929fc0d6876aa1f389b80c05e2ede74dc6f8c3896a2ccf518e1b375ee75e4967f7cca21fa81ee176f8fb8753381ce03b2df873897131adc62a0cbebf718c8e0bb8eeed3104535f17a9c706d178d95a1b232e9dac31f2d1bdb3a1b098f3056f0e3d18be36bd746675779c0f80a10":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2fc9d9ac8469cfc718add2b03a4d8c8dcc2eeca08e5ff7bc":"bc84d8a962a9cfd179d242788473d980d177abd0af9edccb14c6dc41535439a1768978158eeed99466574ea820dbedea68c819ffd9f9915ca8392c2e03049d7198baeca1d3491fe2345e64c1012aff03985b86c831ad516d4f5eb538109fff25383c7b0fa6b940ae19b0987d8c3e4a37ccbbd2034633c1eb0df1e9ddf3a8239e":"b2a7c0d52fc60bacc3d1a94f33087095":"":96:"0a7a36ec128d0deb60869893":"":"fc3cd6486dfe944f7cb035787573a554f4fe010c15bd08d6b09f73066f6f272ff84474f3845337b6e429c947d419c511c2945ffb181492c5465940cef85077e8a6a272a07e310a2f3808f11be03d96162913c613d9c3f25c3893c2bd2a58a619a9757fd16cc20c1308f2140557330379f07dbfd8979b26b075977805f1885acc":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81ff729efa4a9aa2eccc37c5f846235b53d3b93c79c709c8":"3992ad29eeb97d17bd5c0f04d8589903ee23ccb2b1adc2992a48a2eb62c2644c0df53b4afe4ace60dc5ec249c0c083473ebac3323539a575c14fa74c8381d1ac90cb501240f96d1779b287f7d8ba8775281d453aae37c803185f2711d21f5c00eb45cad37587ed196d1633f1eb0b33abef337447d03ec09c0e3f7fd32e8c69f0":"1bd17f04d1dc2e447b41665952ad9031":"":96:"01b0a815dc6da3e32851e1fb":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"068500e8d4f8d4af9035cdaa8e005a648352e8f28bdafc8a":"98e32428d9d21c4b60e690a2ce1cf70bee90df31302d1819b7d27fd577dd990f7ffe6ba5ef117caac718cc1880b4ca98f72db281c9609e189307302dc2866f20be3a545a565521368a6881e2642cba63b3cf4c8b5e5a8eabeb3e8b004618b8f77667c111e5402c5d7c66afd297c575ce5092e898d5831031d225cee668c186a1":"5ea9198b860679759357befdbb106b62":"":96:"d58752f66b2cb9bb2bc388eb":"":"2ef3a17fcdb154f60d5e80263b7301a8526d2de451ea49adb441aa2541986b868dab24027178f48759dbe874ae7aa7b27fb19461c6678a0ba84bbcd8567ba2412a55179e15e7c1a1392730ac392b59c51d48f8366d45b933880095800e1f36ff1ac00753f6363b0e854f494552f1f2efe028d969e6b1a8080149dd853aa6751e":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7474d9b07739001b25baf6867254994e06e54c578508232f":"1cbab2b6e4274caa80987072914f667b887198f7aaf4574608b91b5274f5afc3eb05a457554ff5d346d460f92c068bc626fd301d0bb15cb3726504b3d88ecd46a15077728ddc2b698a2e8c5ea5885fc534ac227b8f103d193f1977badf4f853a0931398da01f8019a9b1ff271b3a783ff0fae6f54db425af6e3a345ba7512cbf":"3ade6c92fe2dc575c136e3fbbba5c484":"":64:"67c25240b8e39b63":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d50d4c7d442d8a92d0489a96e897d50dda6fbe47ca7713ee":"b36b4caf1d47b0d10652824bd57b603ec1c16f4720ce7d43edde8af1b9737f61b68b882566e04da50136f27d9af4c4c57fff4c8465c8a85f0aeadc17e02709cc9ba818d9a272709e5fb65dd5612a5c5d700da399b3668a00041a51c23de616ea3f72093d85ecbfd9dd0b5d02b541fb605dcffe81e9f45a5c0c191cc0b92ac56d":"41b37c04ab8a80f5a8d9d82a3a444772":"":64:"4ee54d280829e6ef":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"38f3ec3ec775dac76ae484d5b6ca61c695c7beafba4606ca":"49726b8cefc842a02f2d7bef099871f38257cc8ea096c9ac50baced6d940acb4e8baf932bec379a973a2c3a3bc49f60f7e9eef45eafdd15bda1dd1557f068e81226af503934eb96564d14c03f0f351974c8a54fb104fb07417fe79272e4b0c0072b9f89b770326562e4e1b14cad784a2cd1b4ae1dc43623ec451a1cae55f6f84":"9af53cf6891a749ab286f5c34238088a":"":64:"6f6f344dd43b0d20":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6db4ef061513ef6690d57aef50d8011e0dd7eb4432d82374":"b7f9206995bc97311855ee832e2b40c41ab2d1a40d9263683c95b14dcc51c74d2de7b6198f9d4766c659e7619fe2693a5b188fac464ccbd5e632c5fd248cedba4028a92de12ed91415077e94cfe7a60f117052dea8916dfe0a51d92c1c03927e93012dbacd29bbbc50ce537a8173348ca904ac86df55940e9394c2895a9fe563":"623df5a0922d1e8c883debb2e0e5e0b1":"":32:"14f690d7":"":"a6414daa9be693e7ebb32480a783c54292e57feef4abbb3636bebbc3074bfc608ad55896fe9bd5ab875e52a43f715b98f52c07fc9fa6194ea0cd8ed78404f251639069c5a313ccfc6b94fb1657153ff48f16f6e22b3c4a0b7f88e188c90176447fe27fa7ddc2bac3d2b7edecad5f7605093ac4280b38ae6a4c040d2d4d491b42":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8901bec4d3c64071d8c30c720c093221e05efed71da280bf":"7c447e700db7367260dffa42050e612eff062eb0c8a6b4fe34858800bcb8ec2f622cb5213767b5771433783e9b0fa617c9ffb7fde09845dafc16dfc0df61215c0ca1191eabf43293db6603d5285859de7ef3329f5e71201586fb0188f0840ed5b877043ca06039768c77ff8687c5cfc2fd013a0b8da48344c568fce6b39e2b19":"9265abe966cb83838d7fd9302938f49d":"":32:"6f6c38bc":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c57eb763f886154d3846cc333fc8ae8b3c7c9c3705f9872":"9fe7d210221773ba4a163850bab290ba9b7bf5e825760ac940c290a1b40cd6dd5b9fb6385ae1a79d35ee7b355b34275857d5b847bef4ac7a58f6f0e9de68687807009f5dc26244935d7bcafc7aed18316ce6c375192d2a7bf0bee8a632fe4f412440292e39339b94b28281622842f88048be4640486f2b21a119658c294ce32e":"9b3781165e7ff113ecd1d83d1df2366d":"":32:"62f32d4e":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"307d31a594e54f673bea2f977835670aca4f3d45c9c376cc":"d7385a7bd0cb76e1e242fa547c474370bcc7cc7cf3e3fa37b00fe08a56383ca31d023d8c493f6d42e482b0f32e4f244dd100ea08eee6535e5bb8d27f76dbb7eead6ba8e031ccd0eaeb649edee92aeaf0f027d59efd4e39b1f34b15ceb8b592ee0f171b1773b308c0e747790b0e6ace90fc661caa5f942bdc197067f28fbe87d1":"0bdaa353c4904d32432926f27534c73c":"aa39f04559ccc2cae3d563dda831fb238b2582cb2c2bb28cff20cc20200724c8771b9805ef7464b8fc06c7b8060c6920fd2779fbc807c2292c8c1f88f8088755609a1732ff8c0b06606452b970c79997b985889404fd907c4668a0bcc11ba617175f4525523494a244da60b238468c863055f04db20ea489adf545d56c0a71d8":128:"2ddda790aae2ca427f5fb032c29673e6":"":"0b92262759897f4bd5624a891187eba6040d79322a2a5a60fb75c6c6a5badd117abe40c6d963931bbc72dca1a1bf1f5388030fe323b3b24bd408334b95908177fb59af57c5cc6b31825bc7097eec7fec19f9cdb41c0264fd22f71893bcf881c1510feb8057e64880f1ea2df8dc60bb300fd06b0a582f7be534e522caadc4a2c7":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"23c201968def551817f20e49b09dbb5aae0033305bef68a0":"77bc8af42d1b64ee39012df5fc33c554af32bfef6d9182804dcfe370dfc4b9d059bdbc55f6ba4eacb8e3a491d96a65360d790864ba60acf1a605f6b28a6591513ea3cfd768ff47aee242a8e9bdfac399b452231bfd59d81c9b91f8dc589ad751d8f9fdad01dd00631f0cb51cb0248332f24194b577e5571ceb5c037a6d0bcfe8":"bd2952d215aed5e915d863e7f7696b3e":"23f35fac583897519b94998084ad6d77666e13595109e874625bc6ccc6d0c7816a62d64b02e670fa664e3bb52c276b1bafbeb44e5f9cc3ae028daf1d787344482f31fce5d2800020732b381a8b11c6837f428204b7ed2f4c4810067f2d4da99987b66e6525fc6b9217a8f6933f1681b7cfa857e102f616a7c84adc2f676e3a8f":128:"bb9ba3a9ac7d63e67bd78d71dc3133b3":"":"17d93c921009c6b0b3ecf243d08b701422983f2dcaec9c8d7604a2d5565ed96ce5cddcb183cd5882f8d61d3202c9015d207fed16a4c1195ba712428c727601135315fc504e80c253c3a2e4a5593fc6c4a206edce1fd7104e8a888385bbb396d3cdf1eb2b2aa4d0c9e45451e99550d9cfa05aafe6e7b5319c73c33fd6f98db3c5":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6baec0669add30acb8f678ce477a2b171f89d1f41935c491":"5712b84c4c97d75f84edd50561bc1d3f1ba451cc3b358b2403b5e528290954348cf7a235b4dc11a72ddbc503191204e98a9744d85419508c8ca76438c13305f716f1e239a6d9f6423c27217a0057aa75f6d7e2fb356e7194f271459ab5482589ea311b33e3d3845952ff4067dd2b9bcc2e8f83630b0a219e904040abd643d839":"b1472f92f552ca0d62496b8fa622c569":"5ae64edf11b4dbc7294d3d01bc9faf310dc08a92b28e664e0a7525f938d32ef033033f1de8931f39a58df0eabc8784423f0a6355efcff008cae62c1d8e5b7baefd360a5a2aa1b7068522faf8e437e6419be305ada05715bf21d73bd227531fea4bc31a6ce1662aec49f1961ee28e33ae00eb20013fd84b51cfe0d5adbdaff592":128:"29a2d607b2d2d9c96d093000b401a94f":"":"beb687f062ae7f5159d07609dd58d7b81c478d180bc0b4c07ae799626ff1da2be2e0d78b2a2a1f563257f161491a5ac500cd719da6379e30d0f6d0a7a33203381e058f487fc60989923afbee76e703c03abc73bb01bd262ff6f0ac931f771e9b4f2980e7d8c0a9e939fa6e1094796894f2c78f453e4abe64cb285016435ef0e8":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b882a2df81fdb9275fb05d120f32417e8ffedd07457e938":"0aae7213da279b34d6dcf2a691b2d0333112ea22de0c3c68d47cf9f9f4ed8ad4e03d4a60ec18c3a04ac9c2abb73e1023051029b5e8705bb69c4c50afc84deb0379db5077be1f663652f8bd8958271af2c1ac4a87e08cb526bab8a030652f2a29af8055d0f31e35475caee27f84c156ef8642e5bfef89192f5bde3c54279ffe06":"5c064d3418b89388fb21c61d8c74d2c5":"5bfa7113d34e00f34713cf07c386d055e889bb42d7f6c8631ffce5668e98cb19bed8820b90ecb2b35df7134f975700347e5514287cfef7ffa2b0ff48b1de0769b03dca6610995d67cb80052cb2e5914eb4ed43ef5861f4b9364314fde6ad2b82fbba7fd849dfa6e46ecc12edc8cabfff28d9bd23c2bcc8ab3661c9ba4d5fee06":120:"0943abb85adee47741540900cc833f":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51d94d21482c00bb5bc7e7e03aa017ba58f5a23494b72c2a":"3a9c69c1ed2340bfde1495658dbf4f54731a19b3922a1d535df8d0b2582f5e803b5891e8ad1aa256c923956dcda2430d0c0696bce63295fb61183e040566e459338f908d23ae51f64020c1ef3d192428f23312b285fc4111d50d1add58f4a49008a22c90d3365230e9158cd56f9d84f079bdd673555d4dc76c74b02fa9920e7d":"fb21cd763e6f25540f8ad455deaccdf0":"019d1db5569eeff83306f65d653b01064854c1be8446cd2516336667c6557e7844fc349adea64a12dc19ac7e8e40b0520a48fac64571a93d669045607085ac9fa78fed99bbf644908d7763fe5f7f503947a9fe8661b7c6aef8da101acca0aed758ca1580eeb2f26ae3bf2de06ce8827a91a694179991a993cdf814efbcc61ca5":120:"a93bd682b57e1d1bf4af97e93b8927":"":"7093f44703f2cbb3d12d9872b07a8cd44deb62dae48bc573b11a1ee1c9f3105223423fac3181c312a8a61757a432d92719f486c21e311b840aa63cf530710c873df27fecda0956075923f1ecc39bffb862706f48bde2de15612930fc8630d2036e9e4cfc1c69779171bd23d9e1d5de50a9e0a0de4bd82ed3efc45299980bb4cc":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6756470937f5d9af76f2abe6df2d0bc15ff8e39b5154071":"afae92bd56c426c095d76633701aa9bea5ce05490482c6c64ac24468c3e1af6e6030a6bb6649745b011c6729bde985b9242e22105322fbb8853dcabbd00165d0b07d7b499e0238b6513bf6351eb40635a798f7e6e2d31125dda45ffe8964596fdbff55df22d4e9025bd4f39e7c9b90e74b3ee58d6901f113900ee47a4df5afd7":"4500193711a5d817a9f48deafda39772":"92fa22dba0eee6b1de1ddd24713b1be44c7105df90e6e7a54dcbf19025e560eb4986ee080cf613898a1a69d5ab460a3b8aa2723a95ac4a4af48224b011b55fb7582ae18f6746591eab2bd33d82a8dbbae3f7877e28afef9857a623530b31d8198b2df43f903d6e48ddae0848741f9eaae7b5504c67ad13791818f3c55c9b3d1e":120:"7d9f97c97c3424c79966f5b45af090":"":"62258d60f0138c0405df4b2ec1e308b374603a9eace45932fdc2999e9e2261de8b1099473d1fc741c46c334023aa5d9359f7ef966240aaf7e310d874b5956fd180fb1124cbeb91cf86020c78a1a0335f5f029bd34677dd2d5076482f3b3e85808f54998f4bac8b8fa968febceec3458fb882fc0530271f144fb3e2ab8c1a6289":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30db73d46b518669c45b81bc67b93bed3d0864f7e9e8e789":"750bc1d2f91d786bb1e621192a376f552538ba8c07d50d9e10b9345f31b3e5f9d8ad7c719c03d8548a3b184b741cd06c49d7fb6fe80258d60c01c2987c337c823211cee7c1cf82077266889bc7767475e0eeabb2ef6b5a1de2089aaef77565d40a1c2c470a880c911e77a186eacca173b25970574f05c0bdcd5428b39b52af7f":"5069e2d2f82b36de8c2eb171f301135d":"ef781dce556b84188adee2b6e1d64dac2751dd8592abc6c72af7b998dfae40cbe692a4cae0b4aa2c95910e270600550fca1e83640c64efb1eb0e0a90a6fc475ae1db863a64ce9cc272f00abac8a63d48dd9f1c0a5f4586224befed05be4afae5bd92249833d565cc6b65fd8955cb8a7d7bd9f4b6a229e3881212871a52c15d1c":112:"a5100c5e9a16aedf0e1bd8604335":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"209f0478f1a62cb54c551181cbd4d24b796e95f3a06b6cb9":"66db7cc97b4a8266c0a2228e8028e38d8986e79fcbcc3caff3050fdd2de87b7ff7a6895b988b0bdb7fcc4d6e2d538dcfaad43ce2f98b6d32500f5a6e6183d84cb19157a699cdde1266d6d75a251ee1a2eb97bfe6405d50be2b17a58ba6eafaee0a023a28d568fd1c914f06041a49c79b9df9efe63d56883cbbbeaba809273d2e":"7be1768f6ffb31599eb6def7d1daa41c":"9cb49357536ebe087e1475a5387907a9e51ad1550697f13c6cc04384ec8a67dea13376bdd5e26b815c84a78f921b506b9e2086de50f849185f05ba7c3041e49e42c0673df856da109a78b8e0ce918c25836f7e781e6b16168e4e5976d27ebc83f20b7bf4beadecb9b4f17a7a0d3a3db27fc65288a754b5031a2f5a1394801e6e":112:"4d2ac05bfd4b59b15a6f70ea7cd0":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1bfa30b315e7b908263330140fa2d66ed57104784a43cc70":"8eeee9865e23fa51dbbf197fa41776b7edbdb9381a22c935299cd959a46190788ae82f4e645b0362df89bfc00241964784bc7ef70f6f97e81687d52e552a33af20ae34a3005e0a7b85d094368d707c3c4cd3ef31c0daf3ccaa1676609ed199327f4139d0c120977e6babceed28896d2cb3129630f3ee135572dc39433057e26a":"b7081a3010b524218390ba6dd460a1ec":"8c1f42b5931d69ae351fcde7d2b4136d4898a4fa8ba62d55cef721dadf19beaabf9d1900bdf2e58ee568b808684eecbf7aa3c890f65c54b967b94484be082193b2d8393007389abaa9debbb49d727a2ac16b4dab2c8f276840e9c65a47974d9b04f2e63adf38b6aad763f0d7cdb2c3d58691adde6e51e0a85093a4c4944f5bf2":112:"4da85b8ec861dd8be54787bb83f1":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fc47156a693e59a1dea0618c41441fe669fc65dcfb7d0726":"3e4f0a586bad532a08c8863ebba01fd25014baa907e6032ee43d4a7dfc7c3171916dcdf9faee0531f27527872ae4e127b6b9aaee93f5e74d0ab23f3874aa0e291564bc97f17085dd7d5eb9a85d9f44574e5952929eda08863b64c85dd395c91b01fe5bef66e3fa8f9ee5bf62c25d80dc84fbe002ecfd218430b26f3549f734a1":"ea1935ed014883cc427983d7962d9992":"0d85b8513becfe8c91d0f6ffb65ec31f2cf406c51c0da88893c43d1327fd8ad1f4bab2d7b5e27438d643397034a72f8666bf641b6781bc90f764db387eae6720b5723d510194570ccd773e1b3bebfc333cc099d078583e8dac60d174d332925a24a45110c8d2abe8924ea677ac74db66ea789e2838efc96c78bceaa6236c0a67":104:"8781b045a509c4239b9f44624e":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5fcd780a03ba80341081ef96b440c0e4348afde4d60c1d5":"6316f3beb32f6f3bf8f2ff6a2c160b432bafd3036d3eefa1e4ec204f24892e37dc4d75c7ce9a24b5c49fb4df901f35ef9d5955f7dc289c56cb74753f4d6b2982267d5269d12237e21202a65061849c65e90e6702dda03a35ace3a3a098d16b4bfbb85b7232404baee37776a9b51af6b3059a5f170f4ebe4ecf11061ca3c1f1f3":"ad20cce056e74ec5d0a76d6280998f15":"28f8fcf23b9c1ba40c19ffc1092632e35f234c1e8b82bcd5309d37bf849a2ce401413d1f242cf255ed597f9a93a1d6e50676997f95aa612e580d88234a86ddc404292746f0b2f5cf15abebcea6659f998ec6a1cb5a9914fee5aa1aa5d04b3c20914e45095e4141ce9c173653dd91c3ebe4ed4a9a28f3915d7b2edba34c2a58d8":104:"2ad4520ddc3b907414d934cc1d":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4382507dddccf1385fc831da8924147563416d0656e168ec":"e5c5430b960aa35dc8540215c2772d66811270859e33dd4477904759e7e5eb2986a52a4ccc9f592e614147b5ea2ead6636a15c6426336b2995d9a31ab36d76578c3540bc6693842a4bc0491c7963ee9cda2317951cf93244bd30bcdfec69a4767004636fe7d1be7300c35e80627bab9236a075a803e9e1080b9159060c643a78":"a37687c9cd4bdc1ead4e6b8f78bee7f5":"fa9ae30509cbb6fe104c21480ae7b8ec9f12f1afb17320d77b77cdf32ce8c5a3f7f927e501118c7ccd6975b79225059cef530a4fcb0a9719f5e2d3bebe7bb6ec0855e495a31e5075eb50aa6c1227e48b03e3fdf780084ac4912eb3a5674cca9dd6ac037366b230ae631a8580d2d117942dee5d5ddbbb2233afeca53289cc4f68":104:"4221818d4be45306e205813789":"":"b5b36719bc4d13a5fbf37188ea814cdf3c97a430784330540325c899570e15482300bc82c5b8163074e0544c5132e3ce93bba68bd7a8d2db81d1431b424b697c1158c4d70625666d5ff99145ca34856815c905b5a0fd95806df56b9cd5b384bda3e394b409048eb1037144cc071539c02397e931da28a43cc354d584643afd4f":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7a66db3450dac9a1e63d2639f34c5c6a3fbfb3c8e8230199":"6463a7eb2496379bc8a5635541525926a6f9fa718e338221952118ae4cf03a85f2074b4ebaf108b9c725809be1e6309c3a444b66f12286f6ea9d80c3413706b234b26372e8f00783819314a994c9e3ecf6abdd255cbfe01b3865e1390a35dcd2853a3d99ed992e82ec67ba245f088cb090adade74bdbc8a1bad0f06cbea766a6":"21f8341529b210ade7f2c6055e13007a":"1699bc8c198ab03e22d9bc4f3682aad335c6e35f3f616bb69769a9d5a202511797e770ae0d8d8528ef7b2bb25b4294d47427b43f0580fa71d93fdef667f4f4196f84e41c0b1978796d0de74a94420fb8571bff39137fa231c572b31be9ae72338288bef5f8c992121dc918538551f346e279a9047df14ec9fc0fd399cd3bd8d8":96:"4af02b81b26104d1d31e295a":"":"53fe6a34d280f2c96d1ae2b2e8baf6abd67cedf7d214312f75dd4a1bec28a641dda3e71aa398726b2b0b1f515e1f4259ee97acaf17f122db9ec7814c2de6a88d36c3ac106396ad03d337c2cd2d2b9b4b7170e23a5848ca7ea129838f967dfdfe83b45ff2a9be699bfb2346115465d59f074f09e24d8fcbd9ece0018c92776c43":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1f5c818f24d201f9fb23fcca211b0545eee5c5c9b440810d":"9a7566817a06f792e96a6a2ba8e0a01f8837e2de06796e68b0782cc54ed0b04fc5e24a1ad37d5ffb035548b882d88150e89915b89f57cde2bf3c43ab9dae356927daef6bd61cc9edd5e1b7a4abea2f71313677f1b2fdf3d8d4a7e9814ea820fbc3e5c83947db961839a985a57ced7f5e4a1efffcfd17a2c806d4cdc1e79162da":"3a163067bdd90fce0406d1c198a88771":"a5e94e233d04fe0c4b6c4684b386902fe05096702237dfbe76f73befa69b6f30394cf9fe3358997942df65842748fb4f075a3dc06e147bd8d67fc4371113a4d75c70219257c650a6f38a136659e20a1cf3a119397835c304e0fb2a33aa3c3019175c86463043d5edc6992874f61e81cd0d26af8b62cf8c8626901d4f16d84236":96:"b124eea927e2a62a875494a1":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a301f7edf83da63bcf37216a3a33d7613331c3210281dd7":"e09cc8543db7804870004706a26e94b457c125bd648b581a196f962f2ae8fa55d9bc66530ba5020e22d282080b4720dc9a2096a11c0fcc3d9a67cd1cf95cd7cd2417ba308c761e64be24347a14c9423447094a5c72a0043c288b35e753ba0aa748f208381249fb1c8d195a472192404b6c8172663ee4b4d4ecfa426e1fb003f2":"d73a546b0fa307633ac89506fa86138b":"f57fe548cf4a551a216ffb24a1dcf1b79c95f9abf06443fd58af042d287c2165db373c82a94172db517840f22e45e966e3ead91ce1ddad132bcb844e406e84b76a0b5b0ee23064b66a229f32a2d3b9c71103f020c4ba57fc0f0608b7114914cf2ada0c5a9bc4afbfa9ce5da320f34beb2211d569a142f53bfd262f6d149c4350":96:"f536a3b8c333b1aa520d6440":"":"124a327a8c22b7652886dac2c84b8997ca8a6f61c9ba9c094b5aea41eaa050a6df6cbf280259e5466071bcfa53b4ebc76c3cc4afc8c0385189a5382933aa57c89aab78dca84331e0fe8f0aab3a7857d3e13f08dcd90ec5f0684f82088ef8eb7fd67e75de43b67afc3a0beb458f5ebd61b2c779e6c539d795c667bb7dcc2b762e":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fd40e8226fd13cb95ba50b7cdf0f07f7ab7037cf8705ca50":"75aa7df5c3c443d48ee998064b6fd112c20d2d90c98e00d025ef08d1ad3595385be99de47fa627549b827c48bc79eb1dcaf2f1be95a45f7e55755b952aee5ae0748e68bee1b014a628f3f7dc88e0ebac1d1d00e268355f5101838ce125c57003aebc02a1c9d6ae2cd6e2592f52c0be38cef21a680ae35c909cab99dce9837aef":"3406e70cbe16b047fedaa537eb892279":"390b18d22d5ecc0b5a524ae9afac6fd948ac72d1360775a88b385aa862cce8a27f3e4b420e539bec6e8958f8c1b5416c313fa0a16f921149a2bfeae29ad2348949b29a73970e5be925ec0c35218b82a020cf21bb68c6931f86b29e01b85500a73f3ee7eb78da60078f42550da83b2e301d151d69b273a050f89e57dfc4787cbf":64:"69e06c72ead69501":"":"6e8d661cd320b1b39f8494836fcf738b0ab82873d3903c9ee34d74f618aea36099926b54c1589225ec9a9d48ca53657f10d9289c31f199c37c48fb9cbe1cda1e790aaeedf73871f66a3761625cca3c4f642bc4f254868f6b903e80ceeeb015569ace23376567d3712ad16d1289dc504f15d9b2751b23e7722b9e6d8e0827859f":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a85ab87563b809b01725764d64ba4cc6a143e2e0362f0c52":"ef43629721b50bd3656b7ae31b6e4b4ba1cf2c72ed0460ee7d9fb416631ddc597e5f9aebbcf4442b95cc46e28476a464dd87caf9c1c1d6c99d3e3e059dc23f8d2fe155ff5e59c50d640bc052c62adee3aa1295b38732e3458f379e98a8dbdfed04c22a5761792e87fa67ecbcbf3b90eb1bcd1d3f49e60132452f28afece83e90":"9f991ff16a3e3eb164a4f819c9f1821a":"df289511f78d8fa2505afc4c71ab1d7c31a8d15d1e5fcbb29d70f0e56f89c4d7b30f1b3b4745b5d2cc7af34fb4c95461372bf516ec192b400dc8fdb0ca9fe1f30f5320d0fadf20155cfcddcf09233c6f591c1c89917e38a003f56b94a1e2429d1f2b6297db790d7dce84d9fa13d2d86a0e4d100e154050b07178bee4cdf18126":64:"dc4c97fe8cc53350":"":"ff0e531c7344f0425d62d5fbedf4bc8d3d5cc80647e67b852c1a58ad1516d376d954cb8dda739f6a4df3cf1507e59696610bcb6b34340d6313028e00d7197845d392e73331aaf168b474a67364d8f9dab740509fabf92af75045f0afabc1b5829264d138820952bbc484d1100d058a4de32b4ece82746b2b4a85fb2993d4add8":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f4f1e03abb927ffd0b081b9dce83a56a6dd419a6313ac34f":"0e70421499bc4bcb3851afa34cdf5be374722815abdd9bcee5f332dbe890bdc1c0210ab10667e5bb924bf3c1120e25a0c074da620076f143940989e222086d1b34a1200d09aea1f810ef6de7d8520c65eef9539fde5a6422606c588fce6264e5f91f934ede6397c4b307d2d7e07a518fce577a427fa92923cbba637ae495afad":"d1e29bb51a3c4e871d15bb0cd86257e2":"ae2911cdaaad1194c5d7868b6d8f30287105df132eb0cecca14b6e23ec7ac39cc01da1c567a0219cca7b902cc2e825e30f9524a473eb6e1d4d1beff5ab4f29103b2c7522a33dd33182fa955c4f09a75196b1072a6f0340fc55a802d29c7067f05219c21857ebff89ada11f648c1f28dfbfdaab56028f05509de17e2381457ebc":64:"44f760787f7bc3c0":"":"2199fa5051461b67581429ab19de2ccb50b8b02e12c0e1d81a8a14929f84e09d9715b7d198e77e632de4af1c08c5041276204a7ed76646385e288e96e1a4b0b0f2b1a9df7f0892beaea3cb58d9632720158f6daa4cbbfc0ebdc56ff6a5175768ff2abd24cb7669bc3fe40f8aba7869d2dd7dac86b6ebc4e4ce261edbec88db17":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"33efe20433c6a1ad261a1fed494961749e5bf9d35809b59d":"cfbeb61be50def25f513346498f75984bfe797a8ad56be34f2461e2d673f6ce14e7479a59777267b75dadc6b9522599ebe5d7b079495a58ca187ec47796f6ee8c322278ad7451b038c938928adcff6105a8ea3780aedc45b6a3323d3ae6fbce5da4fb59ca5ec0a16a70494c3c4859672348532505e44f915e0b9b8a296ef5225":"dc94673b0c49c6d3b4611e278212c748":"919f7397a6d03836423b7cac53177fcfbe457d4aa4348646f646aae1bc5a15568cdb8c96fabef278ace248aca531110a4f4f9e8ab0c32525ad816ae3facf03175232dc84addcd6065f9cc1f513966b63fd27e91a09f1921b95d6bd8f08f1dbce073bcf827847f774514b478b9d7fb5426847dd4dee6f39b5768c1fb729b32d03":32:"c5098340":"":"c5e47d8c60b04df1974b68a14095d9bc8429a413d21960b15bae4fd7356bf7872e0da0a1a385ca2982d3aa3182e63ea4bb8ca01410cd4e71ddad34aa1f12c1387902b3d56634f89c619a2e6756648ab3bf90e9bc945afc9140eb935b633bae96bb067e9ee421697bcf80b14b1b88dbf13e010b472a7ca5411db36848b9c7a37f":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ed5dadefa0f6d14fedd1a3cdbab109f6660896a952ac5ab":"aef617f69724e020309ec39d9587520efda68a8e303686c3a41ef700cba05b7c6e43e95aadb1a566f61650c87845835e789eb2366941e3bfef6d9846af0e0dbc43249117ad6f299bbc40669ac383cdf79289ada6ccd8ccfe329a0dc6a38eea1a99550457102d10f641cda50c21f533b1f981663f74a0a7c657c04d9fc6696ff4":"553a14f1e1619f9d7bd07cd823961f25":"eb8ea81d3e328a1113942cd5efd0f2b5e7f088791c8fc05690a34584101c4d493628ee7d0099a2865ac194b9124c3fb924de0c4428d0a1c26ea3ad9a0bc89187a16673e3b6f7e370dfb2dc26e8a56a9cf91f9c2088c020a766efe0d0c91689743a603f2cd1e300a6a84828b3b515a4b9a06e6bb20457bf124cd6ce4ac8b83d51":32:"dc413c4c":"":"bc1f34991a48aabb0fea513f790f0d223e9feac4c99fa1e8427f01ab8b4b2827cfaf239342de36051a846af0306a3f82e7aed98dd0416fb078bc7f3b617b00ceb2cea4ddafc22dd022efa8303e9804510e0e888065d8427345156d823f796f74130c06db9f9934435552b4fefd051953e20ecba3a4514ac121d7d2097d597439":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6d97e8bff3923a778504fb917dbc1428a1328587047697d9":"dc1a81efd51e967767f5bdd7e2e425732c1d28451f2bf5bdf3f5a6492279330594d360dd8a193e5dbde1be49bf143a35c38bcd059f762ada65c5119e097f0976891347f4d829b087bd72daa3494b344cbd3370c4459ca243bd57aeda4cb86cdd0bf274f07830cdbf5e5be4eb9b742ddffef8aa35626d2b9ea0a29d3c3d058b28":"0c28dc4cd53725091c2fb68a476c2e40":"f3932f5e82d75a1e3eba1591c17769e1a45819ccf057c31e76fa810b93678766d25905e859775c244e96bcafbc75c4a2d95e7d02868ccb2f65e49276f0b645ac8cf6e3758402304a3c25ce2de0a49f401b1acadaff8b57589b45cc79130ddc8387f41cc383e33ef38eec019152051c756198d6f782ccf56297b9fe944269a65a":32:"e6d6df7a":"":"39327836e9d8cfb59397adcf045a85644c52c3563290795811f26350c8bce8f55ca779cbcd15479efd8144b8a39ef611153955c70bf3a7da9d4d944c2407a0d735784fcb68de1083eebf6940ebc9cf92f9f139c01404b503ff64e61126a94e881351473507884357040fd32714b872c254349071069644e2bd642905521b944e":0 AES-GCM NIST Validation (AES-192,128,0,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c78e29971e90a01bb65973f81260b9344fa835751f5f142":"":"f1a23ce6e2bc9088a62c887abecd30ae":"":128:"d4d5c22f993c8c610145fcbe4e021687":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8c582d5b6a40ef0e4048ec20f0263572d7cc82704e380851":"":"ef221a1c66fda17906190b7c99ab60b8":"":128:"6327dcb46ffb3d0fd8fbf3d2848a8f01":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a58abadd29e946e23ca9eb09af059913d5394971bda6a4f":"":"7c29b3196d44df78fa514a1967fcd3a6":"":128:"fc123944bbea6c5075a5f987aed9cf99":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"04bdde4c35c385783715d8a883640851b860ce0e8436ec19":"":"783f9a3c36b6d0c9fd57c15105316535":"":120:"23e21a803cac5237777014686564f2":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4ba5fba0c22fbe10c2d1690c5d99938522de9c5186721bac":"":"2acc2073089a34d4651eee39a262e8ae":"":120:"7ac742c859a02a543b50464c66dcf5":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f12890b0a8819faa5a8e0e487f7f064af42fa6d5519d009f":"":"c937615675738f4b3227c799833d1e61":"":120:"88300bd65b12dcb341f1f6d8a15584":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51878f3630298a81297f4a21514fea637faa3815d4f26fae":"":"1f939226feab012dabfc2193637d15b1":"":112:"eed5fcb7607c038b354746d91c5b":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ae596e74840a600556a06f97b13b89e38f67c152f1a1b930":"":"e2076e1050070d468659885ea77e88d0":"":112:"b4586bdbd4b6b899648f2333eee0":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fd33b7a0efae34339ca987b5eb8075385fd1276e63cc8530":"":"2d07bb8616fc0bbb71755a1bd256e7fb":"":112:"6b60d645220cfde42d88296ac193":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5685b12a6617d554c36b62af5b8ff2239cb3ffb1d2c40e14":"":"6c31194df99d08881fa5b1dd33b45a92":"":104:"69431593c376c9f8052bf10747":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"036ae037410dae9f0741608516d03b855c9c1851df8c54a4":"":"73599275f8237f14c4a52b283c07275d":"":104:"6f7249d25c9f273434c4720275":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ac144f39ebd6124bad85c9c7fb4f75bff389ece2e8085d83":"":"d0871bfc3693245be478e6a257c79efb":"":104:"5a99d59631d0e12f58b7b95ccd":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a8a541ff11a1b8548e832d9e015edeccc94b87dadc156065":"":"c72bb300b624c27cded863eba56e7587":"":96:"ea2528e7439be2ed0a0d6b2a":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30dd8f400335e9c688e13cc0b1007bd21736a6d395d152e2":"":"28899601fa95f532b030f11bbeb87011":"":96:"35625638589bb7f6ccdb0222":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cb8f672b04d706d7d4125d6830fff5d2ec069569bea050ce":"":"375d4134e8649367f4db9bdb07aa8594":"":96:"70610bf329683e15ecf8c79f":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bf71e5b1cd6eb363ecd89a4958675a1166c10749e1ff1f44":"":"9f502fb5ac90ff5f5616dd1fa837387d":"":64:"a4b5138122e1209d":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5b9d1dfb2303b66848e363793bdca0e5ada8599cb2c09e24":"":"2ee96384dd29f8a4c4a6102549a026ab":"":64:"3b33a10189338c3b":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a35ae271f70ebacb28173b37b921f5abcad1712a1cf5d5db":"":"8d97f354564d8185b57f7727626850a0":"":64:"813d2f98a760130c":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bdd0cb826d5d28c2ab9777d5a0c1558e7c8227c53ed4c4f":"":"daf13501a47ee73c0197d8b774eec399":"":32:"a6d108c0":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81b4d5ee4e1cbee1d8966fb3946409e6e64319a4b83231f5":"":"bc2f9320d6b62eea29ebc9cf7fc9f04a":"":32:"a47cdadd":"":"":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5813627d26d568dfe5a0f8184cf561fe455eb98b98841fe0":"":"817199254a912880405c9729d75ed391":"":32:"d81d9b41":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94f160e2325da2330fbe4e15910d33c2014f01ace58e5b24":"":"80a1b99750980bf2be84a17032fc2721":"066fdd980cf043a732403ee5f65c82ca81e3fc858ad3cfa343014a8426fd3806770f127e2041efb42e31506ce83390ac5d76de2fe1806df24ce6e4bb894972a107ef99e51e4acfb0e325ab053f9824514b5941ab1ec598fbb57a5d18ed34d72992a19215d914e34ad1a22326e493d1ff2da7bc271c96ad3ab66d0c32bd711293":128:"dd153cfd7aa946280660c445f586fa28":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4785846f7c0524e78f3eb137fd433e1808af64549af69183":"":"5334476a5fa3fa50dcc4b12f8ac00b51":"e70f82d1e3361ac5a5c9a087e47984d5533ba296f9b7e4a192a4ab28a833cdbbd5cece3415cf6fbb2f8055560b5c31c98d83d139954e1c03a464739f1eb5ad982c4371cf20b8984bbd97d5f40b336f5e96df3d272b95f7547be15c3bc05b3caac7d08c5eb5de8bdd246e74f6caa6bff76ea0417730ce72b911867f88fdcf73a0":128:"c59231ddaae98e0e8db6b3fe8f4d3427":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"49b085fe1a8e1ae769ed09fc585d29eb24d589689992e6c5":"":"899878b0684fb865d30190821817b88c":"f789eafe3d02826b619ca4fbca7bb1919e5c6f7c33824a2f7f815dc50e329979705f7ef61e9adf7899d34f1b8840384ff62ef6d29eea38c45d12be9249aca69a02222cd744d81958c6816304ff0d81d6714a2023b3dd9d940db5c50afd89c52774d28d6afde2b6c68425b6acbe34682531a2e57e2b9a7729b3e8d96a729b15cc":128:"2c84bf7a8947ab93b10ae408243b4993":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"75847588760ecb6ca548747b743914c89fea367a5ccb81b6":"":"7d8a9fd254e2061c01e39eb574951924":"b03c57dfd49152401a225357f1d6e533f3a423e5cfce07b8ae7ca9daf68645e5bd67b3ca2421eac447530b27c6dc6bd9c7f1b22441b8cc8c4ac26cec2c9c0d665a35b66d779a3772d714f802d6b6272984808d0740344b6abdb63e626ef4e1ab0469da521c7908b2c95a0fd07437c0e9d4d2451ae189ad61ff19f4efb405127c":120:"e8aac14b53cdbc2028d330fc8d92a7":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e3a18a96d2e45d2f60780dc39cee7160e28cb810bf09858c":"":"26a4d659665ded39b7a1583de756d0ad":"83f8d9c58169b4c68032321197077ff5c8ee4ebb732b040748e1b55dcf53375ae86fb9646a672b5c5bc805a92c475cbb6d0ed689a58abdf2230250a7d3fbd8cfab07835fa85e738a7f74bc3e93616d844b1ec61b79f23dfea62e1815f295d43f61d7b5956103b31ca88afb0b3d37eb42cf77232dbf2258065232971c397dcbcb":120:"dc034564d4be7de243ff059b5f9160":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7be3909170ea7a2ff76f9f28241d8cc48ddeafa8517c6f8c":"":"8dee7e29350c60c5bcfec89da6617d2e":"f6e9e7a7f9716760eb43060d5c80236a0f118b0f750ebd5df01fd2dba95c556ecd2e54a3f337767321abf569c8137a8e48c5b44037ba62951e9f9f709e6e4540a36d769f3945d01a20a2ed1891c415a16d95cab7ddf9bcebf18842c830067509a2a5d49a9684324c433d53824d2f8fd326b149af17f40e5bf5e49185738fba60":120:"942b52277e9dc0a30d737d00f5e597":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1fe413bafc4753e1511b580c830449bee56e0e5b9acb852c":"":"e30829f64f3eda13bfb2ac572aceb3de":"6c772d08b4d7507e35804572fa697c646c77301954cc5c160941e49e230697ed8c23338b9f30c3ead69b1c1a2329ff025dcd3c0d0a9cc83fee4979448aa71ddb9d569bedc8c497a2a4ac3b60d087d7872f0a110bf90493ae7da03b0953734223156cd2d6c562e4a978a6dd5cdb229dd58dd4d0f50ac015f2f5e89dac4aa29a19":112:"87737873b82586bb29b406946cae":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b4bc4378d423931f9b320bb57df584c641406c1daa7448ad":"":"eca70e10c0358838a3f4a45c4b016ccd":"68d1c045c1604e3c3dd4f7c7543240aca8dbc5266dc18c5a8071e8b09e3700b7cf819044b2722d8db92021f42a0afb295d7b16ecf4e4704a50a527a2e72d7f53617c358e3b7be3d7fecda612ce6842fcfaa68f2d1b8a59d8b8391779f2fab99f820862c94029f444abe62367c5de0a4becc359660e4a5366f7d482bdc362b866":112:"06f95ca69c222a8985887925b15e":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cd4414ffd24e830e2dc49727efa592e430a6a75391cf111":"":"a08e32ad7d63f975de314ad2c0fa13fc":"20a271f1f4c6bea8f1584ab39a7179ec448650e2ff67a7338d1bc9fab7f73b2ce5222cd07ded947d135d9d0670dc368f0a4b50ece85cbf641877f9fe0ac6a7e6afb32fdb1b3cd35360bb80cfffc34cfb94dbcbee9ca5be98a0ca846394a135860fba57c6f0125dcb9fb8b61be681ada31a997638ee172525c03dd13171534a91":112:"c68842cafc50070799f7c8acd62a":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9e0ef9ed5e6f00a721a9893e1f0d9079c5aa667a4cdd2a52":"":"5f015fd556e87ff0d0df586fb452306d":"b82986135e49e03f6f8f3ce4048ded2e63ee0c31ddc84929e022ee8561159179b3bb4403ebdafdf6beae51ac5bf4abed4dbc251433417ece3228b260eca5134e5390cba49a0b6fcbbbabb085378374e4e671d9ba265298e9864bfce256884247c36f9bddceb79b6a3e700cb3dd40088ba7bb6ab6aa11b6be261a7e5348f4a7d1":104:"ec9a79a88a164e1a6253d8312e":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bc8f15d98e089d60d4db00808700053f78b33c31652c3e4":"":"5cc0ff9bb7d5b9b2aa06f6ecf669d5bb":"24ac95a6ed2f78853f9ab20f53de47e7f662f72aea454141e2131aace7ed2daeb395bbccdbf004e23ce04ad85909f30151b6526c1ce7934726f99997bbab27055b379e5e43b80ad546e2d1655d1adad4cbe51282643bb4df086deb1b48c1bd3ac3b53c4a406be2687174028ecf7e7976e5c7a11c9a3827813ade32baef9f15ec":104:"9779b7c3ece6c23d5813e243ec":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"19afc43a4481f796d77561f80b5b2e1514c96c5d1d86e64c":"":"d4c06595fefd4a81bbbd4b40c2e1989d":"98fcca51352998d0126b5539e3fb9a238ac31c05954fc206d381909aee70983b6ab99d3f3efe8530a1c3cfe3b62756321b1d0771a5940055eba1e71fa64f29291aa5e5b0af0fcc8e6f5a02688d9e93417225eded791a35217822ffb346d3fa2809b65abe729448316be30cf661137d3c0e49846cb0df598d90eda545afb64a5e":104:"ca82448429106009094c21d70b":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b4fc31dcfef6203fdb296cc928c13b7df56bfe6f32583057":"":"6308a78dc8f3c90442dc52196649c38e":"2567d80c253b080c0158102558551445d8ce4d5ddee2014a2be5cbad62e1717a0fd4d2059447c3151192951eb11a4a7b19a952f6ba261c87f10f4c9032028de3cc5a2a573a4e993a690fc8954daa3ec92743e7343e75b646c4fa9cbc3fceb4f5d59bb439c23754c4d9666fbc16c90c0cac91679b6ad1bfe5dcf6bd1a8a67c6b5":96:"9d1603799e2485a03e7b05a0":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c2d9412486c381440213e1588b6bb58b0da53300b9d3089":"":"727ed8846daab874d5a9918b47d016f4":"656430f0c1423018b5e2efbb1e32a5385c1a9a1779c4dbd585dea91edc39ea8752ebfc2d8064251a8a5ae71e1845f24a7e42c6371c2ecb31e2229d5f4923bffc21d4804575a84836f3cf90ec6047bb360b558a41a975ece111b5284dfa2441705a6df54fc66ca6cc1af9163ecc46902fac337d5f67f563fde8e8e7e64b8588b7":96:"05ee6ce13711535864674a5b":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"abf7a97569427225a4bd5143c716a22e62f84c145bb51511":"":"e255088cdfe8ae5c9fea86d74d2f1b7d":"b850993300f54d078f83ceb9aef7345bbf758f92365b6625c210f61dad4f2a2319f51d883a383a706392d3dfca1706eba585a6fac8bd4294c0bb2cb3f6b454d5c97819e8e5c926754840261b07ec4ef1f87cf281d75c187839689944230306e1903047915e086043990745864819ad713d34a244aa4e9d755fdb137105d7eed8":96:"0c9c17388d0610f99d0a093f":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"45a6df655e88bc880acff41520aafd0cc8aa8aeb8952fd06":"":"1125e1de94970c9e7be70e58e7626ef4":"fe9838a445b8edef19b3e9f33c8c0c265b3a12c97b8ec57ceb94f65ae5227177de38f1e338dccb2b24e5bd0f0eb8127f83eba0f1ddfa55198789df0cdd1d977fcb985ad9c7d51b96e749d2cf3cc7a1ec4dfcbc641a1a022d55def328e081af890a7e699f2dbafdf506389e045aa1219239d5868ba675a3925602b6fb6f6e6d37":64:"1c3bd1e0d4918e36":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"279f4f2ab4b70778fdb9ca7800cd20e323601d7aa2c75366":"":"0f7b402560735cf03d5da58de5b6c685":"7dd9a8c848bbcf5127161c8a419a436a0dad559f7c1613cdf41594e177016acb1ccf44be852185c42e7120902a42efe83855995ab52cf5c190d499fcfd698c671fd72949dc3ea7ddb874e586a3aa455a021cec7b5f8608462ca66f926aba76e60a5846d4eb204155cd3c1328da51ba35c3007b8bb394f34e3a8b81ddd2ea1115":64:"dab612351f75e2cb":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6716ab937755684af7403e6fba5452c1b11568a9047bb50f":"":"2fd5a446dd564619ef75b6e00905ffe0":"20d261d3192996c21da69e979c26f5f937e6ea4cb7b05c6ef556ce4d86ca0fe85ec2425d274c43b5212fe9d27bb48b04e887461a9f45f524059b87eaea2e287a8d4537f338b0212012a9d4b6610e8c97dd554e0b3c3133e05c14d0ddab3524c93fd527e223b1996b4cff0a4a7438f1d54890bf573cd803941b69e5fc6212c5d2":64:"f1d743b7e1b73af5":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7dc94b5bbd6315ad8d2b67f0c683d10cf456f822a3ebb024":"":"6f3eedeb57dcf12bfb3cd80849893c90":"ee1ff367f4b23c156e3dccff84ae4bf2b8ecec1fb5ffd25ccaa93b6c6834389bd79655bd4bac75238eb0f65d3603ecc57c8774798309e85b6677e78ed2077b712cf28795d0dc8fee994f97373a82338ef67c62378136a79a990ecbcd6367445e805efa98f9168826e57cb8dd7e7b1d5c89ad98358646fa56dd2a71c40e0275a1":32:"4dc74971":"":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bbe223e253bf272599e28af6861013ecd0c88710947ed41":"":"4fbf09ffaffb600f0de38fb12315cab5":"5388146f6479f7b3b280f45655a95b847ee27c734fb2fd91f6c009b1ab1810c772c7435d3221069f9490d251b76e740147906ac1db1c209c175b21aa10881c44fb307d4d2900aa3b1d56fb0edb9f2a58505653a17fee350e12755b9656bc65c78c1593d5cb7178e29f82209caf53e60fddf725f6957cc9718bf410c4a0229ed4":32:"fb845ab7":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"461877813acfe6e9979eab729b52e3d192b3236758bb6563":"":"6985cf77b75a47a3978dd6412d59200b":"385551854a89ab37063ba0ed911501b3d632153c5c2992e154c0a334bc36620476f11495437b842409e0954f7352cbf288d158bdbbaf72621ea2ce75b708bc276f796c5aa7fd0071e522c5f175a9e7787deef79f6362101aa3607b4588f2e1df7127f617c6073593a1c792b959e201e4a7a43ea8b1c3af026376439ef629266c":32:"c840d994":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"09770f9114120a2c1c3cc416fe0eb8699e07141158a5bdff":"875e2e5b5c02e0a33e71b678aa29c15ce18ec259cf4b41874893ed3112daa56ff2a7475681b8b3d9028ef184d30658e881c908f3588f69899962074db4ddfc0597f8debb66c8388a1bccf0ffe2cf9f078dc1c93f8191f920754442ad4a325985c62de1a57a25de4e9ed5c2fd0f2c8af33f3b140bac12bf60fdb33e0ec557955b":"cff291d2364fc06a3a89e867b0e67e56":"":128:"81f1eb568d0af29680518df7378ba3e8":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4fbf1c785c087ad06b43d4163cf9b9396deffd3712856379":"96a690e5319c94d94923988025307e543f16fd970aec24524cf9808dc62b093359287251503f4231bf52cd1a16a80bfa82d8f585d96855dc1932f4919a92da2618d6448fc18a234f9acb386ab4ab4a9e38ea341e7c54faceff38c162d74e7fabbca13aadb71e9c8ae6072e7bef4073cf08aa7faaa6d639f98d15bad4ed183ced":"1c8f41424acaf009996ceaa815b24ad4":"":128:"9f3c0349c5a4a740a82d6d63bf00fb17":"":"6100b091e52366fb422251d9b68974b6c666a62a8bb77a1ffd7c7d1ae586a6ee763b84dc11aace02a25af91d194b70b3265ec46872fded54275b7ddb26ee1f20c857328f46a694fb1dce68bcaecbd587ece5b505d658d57d50333e30b639eea1f6537b37c175f62497c6c84e3cfddae214285d2d68d90dd5cd8ce2273d25c8ca":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e0ce4fb4fe4bb2fdf97b23084ff5671b9b899624184acef":"df89974b1534f0ba262bbea5efe39d8b72820cc8a720cc99520fedbf667515c3f6d8c3e25c72c48c1cff042171df58421741aacb2a49f23167257be7d7004d56b14901b2075eaca85946e9fbf1bbf4ae98227efc62bf255a25dd0402d37c67ba553531c699dd89ff797e7a5b5b9a9aa51e73ca2dacfda0f814152aa8ed8c79f9":"a950ab0dd84115e3829ab0ad3bbb1193":"":128:"25cfde73e7a29115828dfe1617f8b53e":"":"847b54e176ccc83081cb966efc4b4a3bf7809ce0b4885009f620f61fafcaa78feee91a835ae6c1a942571811108b1e81b4c4ddac46aaff599c14988c9a1fb9f387ab7f1357b581568b7b34e167ac2c8c2b2b8a4df3fd7ad8947a363c1c0cb782ec54b1901e928821cf319669dd77eb37b15c67f13ad787ff74312812731ca3e6":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6be3c66b20e5e66ababbfba1b38e5a716eafce23a1767b69":"de1cd978354a499415176f260021abe0a8c5bc34d166f53d20e02e413e1377ce4ef5d7f58337c62251a3b4ddea0dea23c40e5de037fd5dd8a558eb53bffa4e8ce94899afa8284afab503c1a485999a154d23777f9d8a031b7ad5c6d23d6abbe3b775c77876ad50f6bed14ac0b2b88fb19c438e4b7eb03f7d4d3fcca90dd01260":"3a2acf69bba19f5d1d1947af2cfda781":"":120:"f826d212f7c1212fb8a8bf23996826":"":"fd1f7b56e5664cf4c91e58f7c50f6c5e98e42ca2e4adcc00348cee6f662b382ad4022da54a47d8faeb9b76a24dfc4f493c27fc0bc421a4648fad7b14b0df95d8752013feb033b1fd971daa2c9a5df898bece6a3b8fa078dd130071df20a68cd0f394be25dcbb3e85bdfa0df4797fa6f01f5f0da7a6e86320207ddb5b3be53ae0":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d16abb9f5b38d7f5abba9dc36995ce6ce928ed822a07b7c4":"e72f29b1fc1dbfc2d93a0f3b79ea4b9806ce9b2c4d490ac5c0c3c793df9dc7df5471e834b84d18afa5a7516f9a6a813a9b65ae2f083a854730547e28a1f60fe97d8dba1d2d433e11847b9bffd8873ec634e64365530c905dd6f274e45c9795ac127a6f356f63cc6c116c5dd8c628e7e17e1fadc58f8452bf21f53c4133198118":"3cd95429c6de1d327b9eb3c45424a87c":"":120:"13521236f190f78e75c0897c5fb237":"":"cd8bb97c28df092b6783ef653fd26f2bdc27c442bab0a4c7bee2789f389dcd1b280c0231672721bfbbc939a0449557678ec61ba0afb2e5817e6f7d94387f84ecafbfa1216d65e7f5025f47b0d2905cff7c99adf8306a3d9850c5908be05f87cb1d36a4837dba428aac97d7fbc18e3778f8d81a319259504c87fc94bd0766ed93":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0bc344b1a4078807e5f53a6e7e1e36fa83108473ae2fb4c2":"8bd73f94c71e3765bc7d17fdc90a9ba6aff9648b46300e4048985fbbd7c60c39c3766f7c524780bfc2296dc11e1132134921760a373104edc376eab6e91e9a60a5c4a5972935df12eadae074722bdc0147c3caf6a62fd449ef37d76b65f6d210283c94ac524cf13186e444d80a70b01e4373cc0462546f1caee6b49e738a742c":"bd505fcba464e6e2c58fdf29f5695fb9":"":120:"8510fff71bb879f56ea2fe43f6ff50":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c8097398fc21f93eea6a95aa93a3231096817b65520bc549":"80b0abbaebbd537a0810ed75cd172d29d50f5982e4d01f8664ddb2dfda8f57fa0ed87e64a779a1d7f5e568b6acfdc739572a7176752307b430fb1fa1c3c2c346477cebe7d01b16745ca6c8929a7f446c03ad9a9e8a5a935de78ca6c701e8c1c5e6d2550c42949cf5342fb5ef4c6ab9bb02ace8388b16edf72a1237e5d1d0e820":"776248381941e16908f52d19207881f5":"":112:"7fc4388b2f8eab0f0c2d6a08527e":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"76d4bb5694faaf344db83bc6d6c47d56bb6ab52700826f2d":"9e31fda6a171f0d4a5f2af2c4f827b1312d9dda5d78fa329b8f1b6373b9b29be358601e5bb0d0c615aef4b9e441c811219f1f2ff2d0ab23e0cd829a88b5b615ee72e5e3ea604fa26cc6438ec4c30e90f7348e9116adf8e8efb7498320d2da16679fa546b1aa9afc7720b074c4e48e06862d41428c9e71a4772c2e195a6f36978":"603977845d82faccb401817ecce6e2fe":"":112:"c955a3bc316841be07e406d289c8":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a3e5020695587984074d78d9c98b8e1a5719e5f88372740e":"c0bfe3b2dc4dad17ec5a7662d86847fb67e582cc0baf469bc9baa7a075d48a8b97521a1072c2798bfbdae5ca3752eda1cb96fe5cf24af989eb77a2948aae3d8b70d83d93f84c49347f788480f34051621c358c03cf8159a70fc72cb8bc02876234ffe76b181da8b22b8796c87b0904da1af46de519c20d8d1b1dc7cc24e39ba5":"4cd56de54e5140a587be7dfd02d3a39e":"":112:"1a29527a41330259f918d99d7509":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"afe986ead799727063958e2ce13ca846f76c51605439f839":"7c1b354a5bb214bd95147e32d81e658705089c38035d0ea423eb1a5c82f97443c6903d2cf1ba7a007eec7c8ff98b8f82b073d9636a79bd47c7f2f639a8eb4e92076f9ed615766f43ac3a4f1687301ed7d507766605e0e332880ae740ab72e861a2cb6dce1df1ff8be1873d25845ee7c665e712c5bbe029a1788634bce122836c":"f85a95ed10b69623162ab68d1098de94":"":104:"3cf1cdb4a4fdc48da78a8b4e81":"":"a7f252ad7983e7083260598051bffd83f40f4d4a8b580cc2388d720a0979dde71549ddcb86b0a62c4964fca591d0982f3a203f2f8884ff4991f17e20f759ea7125ba2bb4d993722f23938994eb2709c850f33ed9889e5a3966f9d7b76add46aedf230e8f417425f9db79ccd46b5660361de7c5d87f71a9d82c491c0c3daaf56c":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2cfaa215841826a977ae6adfdd993346210c49dd04d5d493":"e8eb3b6edd0ca4201b49a6a83036445aba1a1db040f3e74511363bce769760a9914e05a067f555ca15a57c6e02e66fbe4e04dd8c8db8d6d14ebc01cc7d84a20ff0aacb69bb3679d6b7d9d2e07deda7c2d4fe4c584fe1166e78d21dc56b9cdad93709c03b9145b887f87b4f605f24f989d5e0534fc71a58e8a8619ee99f69e5f5":"537a4ee307af3072e745570aaaadce34":"":104:"df01cffbd3978850e07328e6b8":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"128ddc83d2170c403a517615056dceec0d19d6fd7632e738":"cfe9f7797ee37bfc4f564419bf2268c964479efa7435970874154432930f3b2736438da4dc9c76200009651340e23044bc9d200a32acfd4df2e1b98b0bae3e9ff9d6e8181d926d2d03f89768edc35b963d341931ac57d2739b270ce254f042b64ceac4b75223b233602c9a4bdc925967b051440c28805d816abe76fc9d593f5a":"5124b410c43d875eca6ce298c45994a7":"":104:"56ad9c1653f11a41fd649cccd8":"":"cf91f087fd7faf362caacf4a68cff51ec57b3075563e4ad0955df20b366e92bd75c3762cf4a6f0eb859872667a5c55aa5d94f5ac9479b1b9c9345b50f82379d551506a2ab02b0441b14b28b78a12b38500d703a8c19888fe612d4710eec7cd18c16d6a4b55d3c69760e2bed99efc8b551dbe2ac9b9b64715f87180b8e14d1795":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"98581c28983c4da321ce0c419cc0d476d539e77da513c894":"bdef5b65b5111b29e781a6b71a0160179c52b5bccb1ac5c0377b26cf3f61432f3ccd67633a836357c24b5099db0510a7f8110f59e8227cacd11f17ea1798b5d4d68902ca6c6eccd319fef14545edd135078b38d43b61c9af269fc72f7a209ba7897e4c6dbd21bb71d7e93d2d2426ffa1557cae28e74059d3baf06ba419a47b39":"ff10234524433b871202c2cca6acb194":"":96:"984943355a7aef15c4fb8033":"":"808e28bfd441cb8890416a757d252c986daa8d607ac9cadd2f4fd29eddbcf3b859ba298e14a4ccefe2c2752b123f87b98d6708fde48faca4bc7dd818a7ea76cfa4357932e59cb6be0e9283bdfb49454b86b9fd04aa8cdef503c65d13fcff42e9cd8f142f8c06cf7daa6d8ef8b9c9d69c39e8afd980048fecf731fd674b2a814b":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"167b8b6df8014c8f3de912b77f5a0c113580aa42d785298f":"4f787de12ba907a589edf74c8e7a6cdaaabebddd465a86e170e1efc289240298b516fddc43c7fd9bb1c51720a4455db4dd630b59aebaa82bd578eb3cb19f8b23ee6897c1fefaef820430efa6eb7d6ff04de4d8b079605fb520b0d33e96c28f0cd71983c4ce76c0ea62fd7209d21ec7b416881d545824a73d1f9f8d3323fdb90c":"49da91e926091a448d57d521cc90f3c0":"":96:"99198f55f9fa763651bba58e":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"71f5f8505fba62f08fa0557dd5407fc83a852c6007ccecc8":"3e19ec02365e450e946123a3362f9859352eb52902a6bcb8a782285dfac9d2b282f56302b60d6e9f53fddd16bbf04976cf4eb84ef3b6583e9dc2f805276a7b7340dec7abde4916fb94b0ed9c9af6d4917b27e44d25f3952d0444cd32a4a574e165a23fa8c93229ceb48345171a4f20d610b5be7d9e40dcf7209128f029fed6bf":"b5efb9feae3de41b5ce9aa75583b8d21":"":96:"9604d031fa43dcd0853e641c":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4cdb38f8185a4186fc983e58a776a6454b92ecf0bffefe98":"1ca72c50a093076e9a9dfa09888b9c89eb36a942072fc536a81713f05a2669b39fdb2871b82ca47dcaf18393ca81dcb499aafcc4ed57ea79f8d4f9bd63540610215b2c65481b294638cec41264a7fdca4230df5fe1e7e3d8d26dcd0c435fec8e9bf778f9e6f13482157a9722761601e08425f6160d3bb626ae39ee1117b0353c":"aef257dd44d14d0bc75f9311ef24e85a":"":64:"d951becb0d55f9fb":"":"2eaa7e922dbd8963e2078aae216636276f3f7cb5d7f35fa759e91bddb6e247a93c388241ba1d0d37040c0b9e447c67d35b4991c1acce97914f3bc22ee50171bc5922299983ee70af79303265bc1ae1e7334202460618b4a8891d1a7eaaac5cac1e4dce024ce662d14849993f89e771fb873644b552120fd346250df39aaaa403":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ee8d3aced3aa3cb2166aa66c4a252c12dc0978830d0bc75b":"ee69b2421d43a9f383d99f9802ba4d6cf1c537b42041c86cce681049bb475e5098d4181f1902b0a49c202bf34ef70ea7b787fa685ab8f824fcc27282146d8158925bfef47ccba89aa81c0565eacb087b46b8706c9f886b7edf863701003051d6fb57e45e61d33412591ec818d016eec7dee4254636615a43dacb4f1e6ec35702":"c15c9c0b0b70c7321df044bfde2b15fb":"":64:"c5c9851a6bf686d0":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4a8538d609444e3197ab740cd33b66db1cf53600096b94e0":"8c2b8fb775d1b21c41a3dcf48ad6d68ab05be3879f9b94b305a6ce4d799e3a992c1c3a65a3e4eab563edb57424927c90c76e49386e29dd5e7de2800fcc0eefbc8b4f977f71be3754c006ee93dc09b1cfa59c424b6b3987aeb56feefc21004c63e8284b6845e395bc8843cca0917267fb4a8f2db1f7daafe7a9da95083a44de70":"0bd64d222532dae8ab63dc299355bf2a":"":64:"3477cad1fd4098b2":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"447f0f065771b6129952e52206a64fe0844658ed685e39cd":"fea5d227869e527882c63a68a6623f4a699df82b3dc715c7260a5554336df8376744c05ae89ec27d40da02d9f1c5e9e29405579fd4132143cb21cdbe3edfaaab62128ecc28018725c8dd309d2376223d2e2edfea9765699b2630ff5d9fe9bec416c0ca6418b938d195d31a08e4034c49d79e3a249edd65f985230b33c444dd02":"37e3a300542d9caf3975c6429cb8a2e8":"":32:"06bfca29":"":"e1bdd1c212b159b87e41a5f64dcba6b27aa0f5c8871fabfb588df0e06bd7730ec1beb0e3388f96c992a573ff69b34870f83c53fb65b420c1c6f92e2aa6f03917e8203d77c7f5ee08baf9fab12f9d38fc0ffb83807ba781c3dd7b62edca2121f68ef230b42b8adbd4cea072209d02713789ed559b83739a54cfde69e68bdc4128":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f465e95f6fc19fe6968b98319b547104d0c01c17105f8fc0":"2426f108368a00d2a49670a3b64b4f0569c6da9660163e7b209ec3f8d058ee11f7818a8c5030c5f4ce6e1e5a93faa3e5ae3d0bd5d712fbc891cfeb20845707edcf5e29719a5246a3b024fb12d37bd1b81df3812fd50b1dfb3e948ce546dd165cc77f903c07fe32bc7da7fbc25036679017317ce94cd8a00c1bce7379774f1714":"6cba4efc8d4840aa044a92d03d6b4d69":"":32:"92750ac9":"":"2e59b104c1a6f6d651000396adbfa009bf4cf8cbf714da8e4d3b4a62bd7f522d614decf090c7552a4b9e8d7ee457ba642d5100c0c81c14cbba8c8ff49b12827f6ebd41504ccb6dfc97cdf8532d1f7f7e603c609efa72d2ae0dce036ec4ab36849a0c06f8737d9710075a1daaed3867ca0a7e22111c0e7afae91f553b6fd66c6e":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f08e3e9f7b3a20ccdc4d98b56f2b567399a28a6b3908deab":"a986e816f1eafb532c716a555cca1839a1b0523410134ea0426ab309520b339fc1fdeb40478ae76823cee4e03b8d3450e6be92d5ff17b2f78400f0176e6d6a3930bd076a7a3c87c3397dcc0520c6b7b4ff9059ea21e71c91912a74aac2ca70eec422b507cc5c60860bb8baca01eec2a3003970ba84011efe576804b2820e306c":"4f4636d1b283bfa72c82809eb4f12519":"":32:"16c80a62":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"87b5372571fb244648053c99405999130f87a7c178052297":"ae078d1554fc6a14447a28c3dd753e790f7ef9b53e35c3e0fe63a7b1b326bc56034847f8a31c2d6358049aae990bfe7575b439db370aa515e225e0ec730488c700a7b0a96a7b8e4e8e4c6afec20decd16fe3c0f3f8d7a6cf7a8711d170829d14c706cceb00e133b8c65c8e08cd984b884662eddd2258ce629abf6b9dd28688c9":"a1cc81b87bd36affe3af50546e361c9e":"684ce23f59632308d7db14f7f6eddaf4d83271fb0c27401b09518a775b36252540f14305f0dae13ff6c0dc565c9e570759e070c8ac73dfb97abd3285689a7cdcfc941f6271be3b418740b42ba4a114421065a785be3dfa944c86af56da8209779e8736e62529c418b507c6d8ae002cbc0431747722afd64521734f99273de455":128:"98177b3428e64bc98631375905c0100f":"":"8be7df33a86b1162464af738de582a357d0ce8e213bba1b7913c0d13ad759d62c3bf4366f5130b3af2b255b7ad530b4977627f9e76b07e360c079d0f763dabbd22e976b98cd5495c6182f95bc963aad4b719446f49d3a448d11cac5bfcba4b675b8e4d88a389e2580e8f383f95bf85c72e698680d2a2bc993c9ee1ce0d1f1ac3":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a2d069b826455d5e79e65db4f1d2b6a29ae9f401bc623917":"acd6225dc5b9109d56ea565ab38dd4db432a7ec08f0db04f1c6b691c96d2eaaa6be62da7cc7fd75f931716c7f39705ea7cf828f1a5a325955e9b2c77e7fb2d562be6a89b3351b1b3d1355b43b73ed425049430314c16bf0836ed580e9390a3b8e2a652fddbfa939ca4c3c99765b09db7f30bf2ef88e1aa030e68958722cb0da3":"6d40a0c7813bc0410ff73f19bb5d89c9":"9960376b1898618d98c327c1761959d045488cc6198238bbe72662f276d47b41e8aebc06dbce63da5adcb302a61ade140c72b9cf9f6dfad6ecedd7401c9509fae349d3c7debe35117776227ba167f2b75921d7321d79f4ebca13d20af1638a1567043365f179f4162795fe4fd80b5d832e4ca70e7bf9830bc272b82182f70d2e":128:"010195091d4e1684029e58439039d91e":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f3252351fe8e7c628c418c1a49709bf1f8e20add82539948":"7e8d2816d280c91d232bad43b6610e2d0532a9f670f221a3a975fb16472c2e83b168115e87a487bcd14b37f075e1faa59c42515c353cdefc728ac617b7d273fa96778e3fb5f7a1132f8e2add4a57015b15d1984338b7862356243d1c5aa628406f4a507498eda12d2f652c55e8e58113ed828783b82505790654f036b610f89a":"eacd2b1c3cf01bf4ea7582d8ee2675d5":"141cb39a2fb8e735e0c97207f1b618a4b98f6b9bf8c44a1c8e9ea575a7759cc2a02301274553e7744408b2c577b4c8c2a00e18f8717fd8a6d2f46a44eeb05d685fbef7edeb4229e7ea9b8e419ffcb504d33583b3ae421c84caeca9f9789047dd7b1810318d3765307233567bc40e003401c9f4e1b07a2a7162889e1a092aedc1":128:"63a310b4f43b421a863fb00fafd7eac4":"":"699c146927ae29025e5b20088b20af27bc75449e4725ee6b7d5dc60b44ba8a06f7d265330c16060fbd6def244630d056c82676be2dc85d891c63d005804085c93ce88f3f57c2d2c0371c31027d0a4a0031e3f473cb373db63d4ff8f65be9ebe74045de813a4e6c688110d000f6b12406881c08085c9348e1f0315038907e33f7":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e462957f2c500bf2d6bfa9af97938fdd8930e360ea4175e7":"82a7a6dd82a5ea3d9a8e9541d854978487eda298b483df02b45c76b8b38bac98ffd969dd160a2765595b19d4ea3e64351ce95764a903f595dd673d13facf5a5594e01be1d60a0c6d28b866a1f93a63a74fecb6d73ac6fb26b20c008b93db53e9dc1d3e3902359fd47734fe22a5c6958f97e9001cc4e8b6484d9542dbbdfcfcdc":"b380584a3f4e0e59add4753c282f2cf7":"682b0af6592eef173e559407e7f56574c069251b92092570cbb7f5a2f05e88bed0af48dcda45b2930b1ee7d5da78dc43ec3598a38593df7c548058eda3c9275c1304489aff95f33a6cd79e724e8d12ca0ae92b20273eb3736efcd50dc49e803ad631dcbf64376a45a687eb4e417aef08a3f5f8230d3f0b266ea732c21ed2eed7":120:"28a43253d8b37795433140641e9ffd":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4a62ddd87f41c6df756e8da0985dcd8c91e73ba395b3d79b":"37a83ee6dbdece212446739ea353cb957b9aa409c88bee042bbc3a6e5199aeb28f2b4b00ff433c0c68d6db5a197566019db8a4c7a792e2839a19a302ee02bee046adce04c1fbbd5b0c457d7cbe277992ce2c153d132269e2d1f12b084cf3026a202b4664bc9d11832e9b99c7cc5035dcfde5991dd41aeb4fbf8bec5126a9f524":"1d1843e2118772d76a0244a2c33c60bd":"028b92727b75b14cb8dfeb7a86a7fec50cd5de46aa4a34645754918b8606819d4bf8a2e7531a05ae5505492ca6cbc8c0e6d6ab2dea23bff1fdf581bb780b4a3312aa39639383fd10bcf92489801954733f16b021c2e84809345216f8f28a99773341e40c4a64305a2098eaa39f26a93bd556c97f02090e1a6c181a4e13e17d3a":120:"ab738073228bdf1e8fd4430b5c7d79":"":"e702f1bb9a1f395c74fca0ce9cdf29e7332c14acaca45200cd432a5767be38929ef8de43d0e1a5e7300c1eb669ac1ab997b31cb1403af8451e77e63505920af0f8c3abf5a9450ea47371039ba1cf2d65a14fa5f013b7ce1d175859404dcf6461a36e8bc260e7abf739d8951ddf1a3754e2d65e0aa31320a5ffca822023bc0906":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fc46976d38a581a7042a94ea4b5bfe3587ddc65d1162d71e":"4b9e858fc8f01903e426112192d4ae4686b1ae4d683b75afb2b8c63590275943d0d6d6a23b6d35796a2f101203acba107474ca6f4ff6dd87d6b77785ad1d160ef2755d84092dc70c86db5e639b689943b15efa646aff44b3f51f5d3f4cf6c8f7fc5adfe7bf2d72f75b93b8ee94ef3fa69ea0fc0bb77b3983901fdcd30bcd36f5":"b5e92563dd0339df00b7ffa2239d21bc":"7b6f6e104acbcd7188161477d8e425ff99add22df4d22de7f28d0a0075ca4ef848f68d07ed22d3165c08e40890ce04d1bd05b1a6ccb2fec8193d5f7dffc93d97a0c036b3748f708b011b68247a0249b9e1a60b652164e5c2fd7210377de804ac010c8aa08a11f40af97e8370a59f936cd14c22ea7a236d904145adc04a241fc0":120:"d4356cb417953b01f7b1110c8aa3eb":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"403e49feadd4db763652ed5c4b1e12680cfe0abc30f4696d":"221c61d769febce3913bfead9a201a805f11005ddcac185cbae00ce749de9c4362889b1b0d9546e91598e0ddedb88b673a90acca65d7e71a85636be052f361839a646dc8b834c02f3e2261d370e6bac9636b7536225b5ea77881200c8a3450d21bfd1e11afb3a470e178ecfe944a25a7cd0254e04a42b67723aac8afffd56fee":"1a60258a56e15f92814b4d372255a80d":"a4ffa9e3c612103224c86515dad4343cbca7a7daf277f5828670834f4d9af67b9a935c71b2130dfbc929c4409bffb7974ffa87523b58890770439c33342880b33319c626bf776c1c0aeb9c2a348a7681572f4ff711d94c192f3450e8b1275f9d02c742a2c9f1da316e9918bf787f22699172986cb9b10fc56d5f6b8392ff92b8":112:"62646fc8bfe38b3ba6d62f9011e3":"":"5c76c90dea7d659804ad873960906259fbdda3614277ec575d9eec730e747a2e7b9df6716b4c38d3451e319eeecee74d1f4918266fc9239de87080f1ad437b47c6904ed2d5514161ad25e3e237655e00e53fe18d452576580e89b2f1f0f6aa7e40a337fd8c48d690fe013a67264a80e9b5dfd009a9152d559aa02a68f401a09b":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3471259512d1f03ce44c1ddac186e9a56c1434a6ac567c6":"dd5b98b3b3cf03fb92be579068a885afd984630692eb5f155fa6b49f2b1690b803d34b90e8de3cc39c2e61650ffffb51e7ef36d35ad17dc4d91f336363b0734996b162b509c9954cab3dd959bde7e437e9100d84c44104c61e29dbe12492a0272ce6eea2906d390de7808d337e8c650b3301af04a9ed52ab9ea208f3c7439d6c":"50164c63d466148ab371376d5c2b6b72":"11d1f523888bea1fbc680d34bc9b66957d651efa59e788db3d3f6f50e72184b9d14e9ff9bc05fb687520cf423d681812e007025eedf0e78e7e8191e6b62404e8eb400cf837d762a31aa248553367263d6de091fcf7abedc3e69fc118b7efb0594c89b96c387b7c28ed9a7b75db60b6b5133949b891ff81eca5790a265f12a58c":112:"6c5f38232e8a43871ab72a3419ad":"":"50438ee712720abf2089331e4c058b30c30c3d17834c507c0010ac3f974a256d01b14a45e9ce5193c5cede41330cf31e1a07a1f5e3ceca515cc971bfda0fbe0b823450efc30563e8ed941b0350f146ec75cd31a2c7e1e469c2dd860c0fd5b286219018d4fbacda164a40d2980aa3a27aa95f8b8e2cd8e2f5f20d79a22c3ff028":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec326a1e0fe6a99421398df4fc7d8fea67b67e5f5fcd50ad":"6d5016c434a0f4b4a5d9e0b6b8e2d848a94f132f055d2d847e54601a4c9cfc5966a654d696f8a3529a48a90b491ea0d31c08eae8ef364f71f8ec7ae7f7e39bb9c331137b2578362ff165628099944ba8deb0d99ac660d5ed2215b9a7626ff1fa6173cd8dd676c988d16c9cf750a0d793f584c3c8f5fd5d167bc278f4d77a629c":"c94aa4baa840a044dbd5942787a0c951":"f8401c578f20d9c250ea86eb945184e007a0190462c7abddf238ce1ceddcc230756aa222386d8ba66ebbba13de008ced140896ac55bc47c231cc81370ca9feadc225e017d59890e6291cc4cca27db3078c0cd6cbb51afb62210226a76837c5454728cb5ce3afe7352e7fe75421f94986e6b7b26321bbca15c75ac7c13dc15f50":112:"3269922affb9d767f5abe041cc8e":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a7ef81652f604e88a72416924c53979dc73cadd3575eda1c":"9ecd19a8eba9fba843486e1bbfb8d9053c5e04b24e30174d4aa89d8307439d653f8630edddafd51719c744bcb4bce3e444847567bd2cdde2995870d0634cc0ba2bde4b6bc2bc583062fb83874a1c25b50aeb945bd109a151772c077438c4d1caaeb5b0c56390ac23c6d117f3a00fd616306fc2ffc4c1e76f934b30fbbc52eec2":"0cc9ae54c9a85f3e9325c5f3658ab3b2":"d0195b744351aa25a57a99df9573dfa3cebe9850139149b64f7e4af37756a430dda8af98e4ed480e913aa82821c01c1f75b187e105a8f39621757d522c083a8d81d7d8bfe6cf15c439d0692b6affd655a11bcd2457046fae996a1075c66029867b88cd23c503ae04037dd41f27bafd5000d1f516002f9fcc0f2500e8c1b27de0":104:"22c2efeddfd5d9cb528861c4eb":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"605271a41e263c92dc14fe9df5203e79d58cc2d1289dc361":"2bda3448a283ecba31e0299c0a9e44628cb2b41fa7b1a41107e107cabc381083bdbe048f2804568fdd5fe016f4d607f694042a459ba03a2deda4cccc8cbe4612d8ed0d4575e48bc9f59843369dbe2af6d048e65ff4250e1eef61d7b1b378fe2f3305b133ddc7e37d95ca6de89a971730fc80da943a767ff137707a8d8a24329c":"7f128092a777fc503adc7f6b85eb2006":"aef9f984fb645e08d5f0aa07a31c114d2f8e9eca047e4a8d5471378cfc2ced1159dc093d174788e58447a854be58942ed9a3fd45f3f4a1af7351e087369a267797c525f134e79709097e733b9003b9be0c569fc70ee3462b815b6410e19954ce2efac121300c06fd9e00542a9c6a5a682fe1010c145acbbb8b82333bdb5ddfd9":104:"673afea592b2ce16bd058469f1":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa076f36cb678e2275561e9553ebdf397360e5a5e44791c4":"513305e86c0cb046c5d3720b25a406392766bd1fb7de2758de370ff2e68281e211922890c61f3659460f22c45a57895b424441262a3ba0606df4e2701f38281fd3436a4d0e0f8efecd231808a9ea063dfb725015a91f27cadfe7909a0ee109eac391ac807afed1767ae0515b9c1b51ae9a48b38fe7fec7fe0ddee562c945e5ae":"1ecd53d94fe287047ff184e8b9b71a26":"5ff25f7bac5f76f533f9edffdfd2b2991d7fc4cd5a0452a1031da6094cd498297fb2a05ae8db71cb3451e4ac33a01172619035a9621d2d54f812ef5343e14b9dedc93838e4cf30e223d215b4d2476ea961a17ac7295069f25b2a12d6e2efe76d91f45632c6d4e61ff19a95d5ae36af960d95050ce98b5791df0b7e322411c884":104:"079e8db9c3e6eddb0335b1cf64":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce9dafa0e7e53a8766fc0bc38fba807d04e14e5ed61bc234":"b585b8bf634757dac015f2f69f2ae674372a664f2115ad2d03bd3e0c335306b02d0947d3cda5991f5c0c25f12ead2c3cc2d65d575fd67091c70bc93ddb4b1e21f7b0fc6e6ae652dea93a6564ff13489f927942e64dd94bf8f821c7ffdef16df58bd8306a957821ac256da6f19c9d96e48eee87f88acb83bae05d693b70b9337b":"fd0751af49814ee98b2b0cdf730adaa6":"1cba488a0fc8a012f9a336cc7b01cbcc504178eeb08237dbedbc6c7ac68fdf3a6742751a207e43d43068abf6ef4e12a5e3c17e5a2f9398fc04ced67377cbb858fd6020fad675a880adb249e4aba94b96efa515d1cdf5c0c3071a27a3245968867ea94b2bfc2028a67be34c84c3f475944497aa8ca1ab009f8e4b11c8308c1996":96:"e5dc92f4ad4000e9b62fb637":"":"95f4324b0656bef19eca5570548fc6a7a9923f4e2a7e42066891bc132fd73bc1c9089755d996756de0072824e69c43f2db8ba2bf6f90d3c4eafc0721ceaccce1af896f9fb15fb19c4746979b6d945f593fad61d550f81d12b5945ed728c02931d7f8d917285c22a3af748d75a6bf163fddd84b941d8564c1a63192c816ad6d6d":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8a328554fed68dc4838fbc89fd162c99ec105b36651abbc9":"75986f56972c045c850ed68aeb229f203b228fdfc36cad6b16d9bd12037c48700d20d8062a983ffeca76b8d36a67ef51bc8853706e83a34e4e23ff4f4a4eb943f19dbe85e454043d7906be6587a85079f9ccd27962d2905117d2dbeaf725d6ffe87bef52b2138da153ef29b18065b3342b3f9d07837d57b8bc5f2597de06c54f":"e4f7c69a1d026eeebfc45e77bd7b3538":"e349dcedb0bfcc771c820f0d510b80cef32ae3326484e25aa183015941e7844bc46f617d5e61fd64fa71759e90fcb72ae220bcd507f0fb389b689dd3fa29b3b937eded85f26ada9e0f3f5109f82fef47c7eba7313049750ad17969e7550c0d4093ed18ee27843d082bcee8bf3fc7833d569b7723998595a5a1d871089fd238da":96:"8e8320912fff628f47e92430":"":"a1ed65cfc7e1aeccd0531bce1dc749c7aa84451ec0f29856f12f22c4105888c7d62e2e2fc8ad7a62748610b16e57490f061ad063c88800037d7244ee59e109d445205280473390336d7b6089f3a78218447b1b2398c4d0b3aac8b57a35891ad60dc1b69ad75e2e86248ceac7bb4cf3caade4a896e5ee8c76893ef990f6f65266":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6e7f6feb4022312de5c804ed1d7a37580d74499107f8cc8b":"4f5bbdf575ab8f778549f749f2265e17dc7225713e73ee6d7be163ff7071557dcc2240b0705c079008605f81396414ac64f06b1b637876e04c3fca8d0fa576cef4dd3dc553fd6808eaf120f837f9bb1d9dbbd5cf67ed497167fc7db89d3a84151b81aeab0e921057f121583df5ed7f976b206ece17a913f23485385f64c462a8":"6ce13485ffbc80567b02dd542344d7ef":"c6804a2bd8c34de14fe485c8b7caa2564adaf9fcbb754bd2cc1d88ba9183f13d110c762a3c5d2afc0fbc80aedcb91e45efe43d9320075420ee85ab22505f20e77fa4624b0387346c1bd944e9cd54055b5135c7fc92e85390ecf45a7091136b47e3d68d9076594cfad36c36047538e652178c375a2fe59a246a79784577860189":96:"974bd0c4a8cac1563a0e0ce0":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"46d6e982feff0e7d04a84384c56739b69626dde500e4b7fb":"a5160fb2d397b55a7eba02df33a042404188f02f4492d46f4edc03fc67723d64f5f7fed3a60728438703c60454a30f473ac918ffc8f98be5c5e9779ee984415e415ce3c71f9acc3f808d215be58535d3144cebe7982b9b527edbe41446161094d6fc74dec2e0a1c644bbc2cf5779a22bd4117a7edb11d13e35e95feeb418d3f0":"71a6d1e022a6bdff6460c674fb0cf048":"67a8455c7d3fbfdba3c5ec5f40e0be935fbb9417e805771832ffad06ba38a61b8377997af1f586dc0fa1e3da0b39facd520db1f0ec2bdf1904a3a897f0b507c901fab30a85de51effa9f7d4703ceeb2ca72abe0bd146ba0bd3ffdee11628310db7d65ea1343b018084ea2414995f86fefb45ba91a9dc2236d92078b4305671b5":64:"84f1efd34ff84e83":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"991dcaa2e8fdad2b4e6e462a3c06c96067ef5e9fb133496a":"9cd0c27f0c2011c1ab947400d28516c7f46d22a409a18fd35c1babf693b8030dfd7822d9ba03bb8fd56a00f9c7149c056640dde690889d2f23978eeeb28ccc26e2fc251220a3682c963f5580c654c1a6736cccb1b8ed104ec7390021d244bd9f92abde89e39a4b83eff8211c8a6259bd6ac2af1da7dfb8cf1355238056c60381":"978913d2c822ba7cc758041d5ee46759":"5a94dc81af011a8af263318b60215b9752292b194b89f6fc013b0fe8e29133de631d981862f2c131ee34905bd93caffc3b8f91aeb0264b27a509e5c6a41ae781209f8c5895d0d35b3c5e1ae34a1a92a2b979e0e62132051394940ea4d9bfffb8d89ba1e8331b15bdf05c41db83a57745a4a651a757cc8648acdcf850a2f25367":64:"15d456da7645abf2":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f29cff00781f5916930f125489c87d21f6593324d1506f65":"a3e8595747b7147d471ac4fe38014bf4a409931e3f419ff88ae249ba7a7f51bd0ede371bf153bab4b28020b7a82a8ca30b75f1e3bcfee3c13db813cbc85138ef05874dedb14a6e5b6d06d7589a83bd5e052dc64433a8e24c1188b9470ddb2536d13b4b7bff0c5afcfaa9aa0157c3aae3b1774df2df14f965d6dee4332edba67e":"50db7ee25a9f815c784236f908bfd7f2":"ec1482e18692bcd6894a364c4a6abb9c3b9818bb17e5e1fc9ec0b41702c423f3a60907e94c888fad8e78f51e1f724b39969ba7b11d31b503504b304d5c4b4cbd42634f4ec5080a9fe51c82e121ae191270dd2c307af84c82d892d982413a50ccce33698054f761a3fa93da9a1fca321296b378a50d458ba78e57a70da4676150":64:"a1e19ef2f0d4b9f1":"":"eea18261a4de31d8619e77005ebbb3998c5dcfac2bc120ae465e29d6b4c46de7e6c044c8b148ffe4eda7629c243df8af4e7ceb512d5751a3ee58defb0690b6f26b51086dedfde38748f6f0bbe6b495f4304373188e5d2dc93461bd51bf720149a7d3aa543623b122b9af0123b2cdc9020136b041a49498ec4aa696c2d3c46d06":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2087e14092dad6df8996715cb1cfca90094f030328080ffd":"6d039513061980fb195bdf2f7c7079ca4b7e0fdd50d948cbfab5ba10b99e3aea27f08abd000c428851de82cacb0d64c146cd9567e9d55b89819876d6a635bd68bcaf47ffa41e02d9ee97f5a2363bfe6131ae7a21ea5130ae953a64d57d6cbfd45260c5f1946388d445ce97d23ab7ba31a5069a4896bc940a71de32bde02bc18d":"d30504afb6f8b6ac444b4a76115d79d1":"d95845d268c8d8f9135d310c39e30f55f83ef7ffee69e6ba1f80d08e92ed473b5ac12cc8f7a872bfc8b325e6b8e374609c90beaf52d975f71caeef5ee4c13de08dce80d358ee1cd091faea209a24e3392adcfe01aeb2b2e1738bc75d4a9b7cd31df7f878141cf278d150f6faa83fb3a2fd1225542a39c900606c602f15c06a4f":32:"5412f25c":"":"1e81a4c10a3440d0002ddc1bfa42ebb08e504fcc8f0497915c51b6f5f75fee3f0cd3e9c5a81ff6528e0fecd68a36192114f17fa1a4cfe21918dac46e3ba1383c2678c7a6889a980024ee2a21bcf737f7723b5735e1ebe78996f7c7eace2802ebb8284216867d73b53a370a57d5b587d070a96db34b5b4f5afe7f39830498c112":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3fc76d627c775de2f789279dc7b67979a9f1cc23c8dcabc9":"92a60d38fc687b92d44635aafee416a142d11a025680e5aa42e9ba5aa010462991ad3dd7328ca4a693673410f9bba37f05a551b949ab0d43fc61ef3b8996dd3fc1b325e66eec6cc61ea667500f82a83e699756a139d14be6ca9747ed38cd9b1d9da032ece311331bdcd698666ddc970b8be2b746ec55fe60e65d7ae47c6f853c":"8f6fd53eb97e12dcd4d40f2843e25365":"e56995df73e52606a11de9df6c7bfb0ef93b86bf6766e319aea59372060294b0e1b13c6288c2310a4bef725a2dddb174f3e1228649861757903c4497a0eec9c141454fc75f101439a2150e368857c4f0f6e5161c42c77f632bf1c229a52595cbf16e9018de9a8f6a1e6b8b18bd244f93f001eb2eb315405d223c0d27ece9d4d9":32:"613ba486":"FAIL":"":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0 AES-GCM Bad IV (AES-192,128,0,0,32) #0 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT AES-GCM Selftest -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_en.data b/tests/suites/test_suite_gcm.aes192_en.data index a3ebd1fd89..87bb6119ef 100644 --- a/tests/suites/test_suite_gcm.aes192_en.data +++ b/tests/suites/test_suite_gcm.aes192_en.data @@ -1,679 +1,679 @@ AES-GCM NIST Validation (AES-192,128,0,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f8022b8988383d5cfd7d9e0e208146e7868d3d714fe85744":"":"5fccd8cb551cfc9c20998da4cb981d49":"":"":128:"1b5c6c9a28f5edfa4cf99176b0f14077":0 AES-GCM NIST Validation (AES-192,128,0,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a7d4456b8e16b82283b677bd8c4b1f56dc7f153b5cfa746f":"":"081de4a3f71f5d6fdf7801ff6c667f7d":"":"":128:"90c2729c5ba04f8f5c73726c910640aa":0 AES-GCM NIST Validation (AES-192,128,0,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5779b60b536b096c9348cd8dafb3451280791e319b7198c2":"":"62f8e195bc79957ca8ce99a88ded1a02":"":"":128:"699d71bb63c668b533c357662f861513":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"966cfb078f695c8ad84ede2fb96fb89488fa271dd3b50346":"":"4a7b709d45745d94c5433b01fc9d57fb":"":"":120:"4a9bd213420629a5f6e471650060e0":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cc69ed684af2c2bd2b3e2d2f9faf98acf8071a686c31e8e3":"":"0bd4197e5ab294ab7ab1e6ec75db2ac0":"":"":120:"6632b618b4cab963dd671fd53d2075":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"99deafc5ec6155043b53a86d466c2b652d59b7274bb844ef":"":"09d18e85e5ed38f51e04a724faf33a0e":"":"":120:"90bfade2f07f38b2192e24689b61cb":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5c0c706a1fd48005e0fd0ed91b4d9f0028c500dccb28ca73":"":"595716e15498454577d3581e94f5c77e":"":"":112:"8b10eacb1f127f4c58cbb8c3516c":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ae8e125507ea16d5282fe8bac42d3cb4908b717f345e6a38":"":"0a7f64edb8cd8052fcd5b92e20c0bc2d":"":"":112:"467a2c0ba1d24c414f758200b8a4":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"02176a5a5d8cb8f5ccee3f66a22181765ce730751c135198":"":"c19ed1f52f5ebbcf89ab1907b9ebc7f7":"":"":112:"6525beb5856d6f29105777e31457":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4434d6bce3a33551733d7afe8cd477a79be8eeac19bc0a05":"":"b0eafdf326886eaacb750dcf2c104abe":"":"":104:"ab9f7923a3b9228cb9ecd7f907":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"39994c2520a6196cc3f3e8c6e4833286ce37399e0379563b":"":"dbf9c40266d95191d70739e932cd8572":"":"":104:"b29acaf5addd6b379315535375":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1f27d054114a264b37ee1821a077773750cc79d28594f506":"":"6739d43092620f44b57e65035ce14565":"":"":104:"25e0434a3660704eee4bb82962":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0e97d15f4992a6354e43944fd346da65ac1f0f1229189442":"":"32a64e826b500d7e85f4c42a784f7c19":"":"":96:"da8f3e0a6f156ec260aa34fd":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"27504fc47a9e9a85eaded3782cb5b088359ea1c0abbf2730":"":"c55c8dc3d6d2970c81659f2f87bf849d":"":"":96:"113e637538de291e2463abcf":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d5fc67f73de736768e5c64c37459c5eec3d27f7e337c346c":"":"2691432d3935d4ea8cb8f7c17bef3558":"":"":96:"c0af76d6f62430106ca54928":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f28292ee2c54119511a67db0d2317433abaeccabfdd5d1f1":"":"cf9331a1bb3851b2fc3aeed2d1a33eb8":"":"":64:"8e14b869a95eb12e":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2042f9244079736291ba7fe1f030cba99672a97ce361dc14":"":"aadfa619bafb21b5c738b65d632bb8b2":"":"":64:"ad6f52f25aea1c55":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d9b4eb00ac03fabb5304ac38414f7782cb0186436a4b9036":"":"809939260117b759d8dac1a69c27c12a":"":"":64:"1f7d0b3104aae50b":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b5128f4cf91d53b3a50e9b76b0b27da33cbd4b9349d89413":"":"644909f5fbcd61d850e43fbef1fb454f":"":"":32:"2ddbf709":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3ac7ab2ade7a8e397d66be6dc7671f19cd39ad65490f1712":"":"d152359d765f41dd9cabf5c8f37cfd8a":"":"":32:"a6e4e30d":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f9c2de7e3c74b7e318413a32892d4fd070de9882158bbc82":"":"63410c83fa363a63fa78303b9994b6c6":"":"":32:"49c514ac":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"66ebdc2332276784a69b6bb137161210bac9f1d6a36d6a4c":"":"647f41b60c6a579086ba8854d043495c":"da26eebd04c27bbe7fa7b54b87d3b7227f056dd9c085fabfcb59ec665a257c6de68fd2c1c51aad5e6188e02a56f70aac49ba489802247ca327de57ea3cfa87e72cae7dd82b50341a2133b03cd0027216fcd94cf43ec8a48e1c04145b597924b37f7977db3ff23b8edc913357037d0fe02afe2bba6b91e27554edbfb77f51cc41":"":128:"420b320c2d616a0b11a7605a84f88e26":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"26b04d8427582b04318fefebac2a2298ec3ce61146f39a35":"":"99f3449c8538414e7ab595b92a7e6e10":"edfc2aa8ed91cfc0e117fc9e2d1bfe843c7cf365a2b6cabd4259686cd7aede9c7453623967a30ffbd52b30fc205208bb346ffc70584478f5f39a79d4971ed71cc3dd0200a89aef6aecda0a1f3a4bf2929b7b9e141be0ddd3671f727e5e793ef085f52ecb77a266b9a02a2c700b63d8c43da0b569510285e98b530abcdbf7739d":"":128:"091cfc38b248460eafb181ab58634a39":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"82c8197e6641d0832639e2b1d7691fbac79618b2f5db45bf":"":"69e1a3e5eed54bedc941646e3ad25a6c":"d0fcb4f4d764efc0fb52c8108e61b67a1386f1a13c1761941cc9a28c6ad15e78474cd2a65ae9475d70d9c845f14bf4d2bd2bc46c29e507a347391829e0f24495b026f681c387b3e6aec8acfa5ecaf4c3cfe796c22469478ee6744cf04a22e6aec82489f53109551f58cc6602933d1780b8b45b933f76a94ef652a8ce8bac2cc6":"":128:"8e74343ae8cf1cdda4969c1a94aab5cc":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1a349ba960b2c8f49b7e5314911ba8de358f2e74ceddf126":"":"f5998a62ec507c5fe5b280f9c57ac626":"78445eceecf2e6d2ecf2589fd24e854bed3aecc63aef934aec9aea93dca95d58629002a4ba91e9bf6d12e13f0a844977b3c2700645281db5de381adbccd34a84346a99f34889bd46c75b1956e21aa9f87684af55d7fd0de6da07e856d9b791c0a45e9e37881092f6040a9ae9d87757142d3c9c7fc6f25db0e5b5d377865ec4da":"":120:"4d7eab0a3719fa53e552b9e5a85bdd":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"019af03d23342f7916e329b6843161e566aa859402cb07ff":"":"c5fd96765fcf6d51e23ac6d206744af0":"f9808af3403051a52b6652df03b6b37d90a471bc242c436cab6ba699139eaad16847665093798731b9969709287199233c5e77351c5e42b15453b4171237a6d16aee63773c8c0d736b3a8bf38ccf922e561c456682fbc2c7161da3b89526d9de222351bbd04ecd4e8680f26d70fe57d577ea287b199be1bbb8b76328ddee3d33":"":120:"fd36fafe4f5571fafb6ece59b77381":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fab39ad2946b2a343d76b1ccc1939cce7ae3cd7b6ea187bc":"":"247bc71446489dd3495c4dee8a071c76":"cb2c06fa5aa54ad079741afc56dbed79061a02045b6c099d0ae2d7883b78c5fe09636cc8a5dbba0c0c76ebfdb81217526afbbe04fa4b2b78f3357025930b0f9488369bf3aa088a2107bfb6c4ba714f1c26d0380d647ada5852d2c539300a4779295412b202c3cb977a7b94c24c4dd2a891a2035f388257b84e5b31bdc895f062":"":120:"65e1aad214f49881a067d8b372ab6d":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"57b52697f72ae2df6354410a69dc3c5f28b31e6617bd78c1":"":"0d96720526491d196eca66457e3c9e71":"cbdfdb3cc73aed4297ff9aba76dd8ca4d8efe11b0f521fd7170f07461c7885252874b2ff8fd05a3943ecdc824ffcef0396980ebbddc0a53c6c99086c14fc806d90d35347d45e556e9a55ecc3a9fd74c8e5dbd19ed8b452eaeb673818ddc0695f56ddf3b139a3df378fcfe5b6ccfa358f5a5bcd1550f1d9d5f325f15f9dcd007f":"":112:"f0c49960e60fb63edbb50bfebd98":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7bf69ed06271107e11fdf016edc4aafb0e2d2ac05bdbc46f":"":"50e65aa338cfe856c80cbe1331b46abd":"a7cab4e1e56f4b9fccca08d3791560e4b6c7ceb40a10adec0536861c5c46fc3fd06c0a8eb32c9f18c40463b0f06cd0053e615dfd7caeb2b353b08ad6da1f8a23ebddf16524d2eaed70d4d7e565412dcc9598df7e107beb464b103cd8de9301cafe8b0420f0c156025d72b73d6e015ed2312535d35899aed73aa54374674d7f02":"":112:"d7fb9d78fede77981948eb013ea1":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"caa781bbed41d7a1c56d47673f74d4310a3bf8b1275031d6":"":"7795dc04261d9433367f51c3b87bf18d":"f44d77bd541e02a737c693ff3ea0adc091fff1966a593524e68954a2d7d66a48199366a5a600331cf392965b5ebedbf949203975fa9db53b72586615975e8a7b84e0633c6cf69caf482dd72b26b0a5687ec71667e7f6e5abea89c3d69d2dc42a242ef959e4039ba5b2d22a3e48424a431a77e816604769d13b7f892e2b33fcd2":"":112:"386930ced9a46097c0d1f6e65c62":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1b268de4ff644cfa4361f8014656d5d4decbcf9cede8605c":"":"4009bb00afad026cbad117c6047f4ed8":"140c5a93293598fab85b3948b53e0ba15438a0b948e91041a13104f0ad263c8a10613e20e87ef261999a54d469ba6f1abe56ec3979623df8520a0476801987c15410ec24f5a9be72acfca71e8c5904e2ea5f8b22b8cf404b9fd533aa37e33b3d4cf91599cbb3b85ecda4aebaa27ac0365df8312c399ba1767c47fe0923f2c53e":"":104:"af36bcee7561cd7d0861085d55":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c2843bd689ccbba60ce961b7dd50619a59234dad97567e39":"":"55a68cbaa5755d8c67bf26f03c5863c6":"d7980ab86ceb9b66ab265b68e078deddf7ba084b8967c3227839e8f31cdcfbbffa004953f3582ea9274dcf46e3ad7e7744a576dec37e0cb36fced2b2c2fcf4328f506302f5741e696ce25c49492e33c6a0c8aed5af03cdc1a266352623c6a52a555ce906f684bfd597b5e37f60b5175a981088b9d8b8b5493e4fc1bfeca64f95":"":104:"66cccb7d28d3fa70bce2900a84":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f451c5edf9849a390486dfecad437cb809c33d31f6898ba0":"":"9e2dd52c04651ceea88caf4adfb2e8ee":"87b804d4a81dc203d67a92b4fdeab959c2056dcedb28d29f216f9172817bcfb3d2256bc1c8aac23feb22b71f1fd02ea28cdf91785931750ba4865d672345b5001b1aade4f6acc7edb03758d2540e6472aff50ab3ea61a0b9ff37ff7a87b91013b14867c3e43cb097a923e6d8ddb1f52e4bd940b60d500a4e35bfa91935065f26":"":104:"e192a49f5f2b22fa39dcfa54c8":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"bd02ff8cb540ba572af3431597bdf3f23e61665f96a19b4f":"":"7198af3f594a4f0597f45fb592edef50":"ef06de48bd34f362fdb425c6e35e37d0dfa1ea874df7d201b6a1c25b736c96e3cc8ed0915807fb7ed759482ca701d28c08cbf955be244bf887df37394d1ca4d2e7eace0dc61c807b714f3161f9d7f554c9f87ad674849c136108cfd8f777997656489d3e993aad4a51b68616083876832b3085a5f8f154b83ea44702c70f2980":"":96:"43298281cd27a36e5cbac4b9":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9ecab4a4a9dda43477c993d6388387443c66ac253071c504":"":"9523b2722b927dc3afcc5f7dab2bf033":"fb84e38a84225c8ebb307df88325d020a5853bb05ac7a75ee38552c40c302d263181081b05918775cf9cd6905b9982b2ae9ef7993f28fd8714e878c9a4a8101c08e9f13581dcf4f16dabfcb9d3c471c0056805f51e67e9b75572639c3d6ce62d2f8abd64e1e66ffb292360c20155e4d528374a5a22d845340d6f1ac68d33040e":"":96:"696bb674e43cdc7d69346555":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"733df8c42cc2e70ac195615d4911ffbecbe2712230c5c292":"":"f76135eab5d42e82aedff3090a1ba606":"0c8aea747cacf2f0fdfaf368cf32b12dc49f5da9a29bee380d2d64035b73efb56fef13aa20c0b612d9615cefb94f26978fa0b371a47dd20051a1605b9f5e133b52dc514577c53319c9e2bd4ac7cdf37d56a9e715e27860a09d86cc21d0b9f0f302f6acf06f2ff00cc6c878dacb8bde51082f701314de7efd36a246f80f8a8fb6":"":96:"82e6d0c076c7d8ac0839fe18":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ba33c24c41bf9836607b6dd05e66a3d16298c897dd1d70ae":"":"4b30423df6de76dd684274afbea089d8":"71f5f6ee7bbd774fa691a3d7e0f694a6c8dfe8aaf9cd720e163ef6d5cd949c798f9e9c993adb6d64e7220aa0f17331bfa9a43b659be101726a80e5529e827c3e4b05cfb4d78db9952e58eebe64dfbc0d1baf20e7e48902215277a49ee953108526a70ee150eda85e6a0e49955f8c6323766ae10e13ecfdbe4815f4bb4ba43786":"":64:"73e80018235ded70":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1711553980e3fc5c14c98611ddbdf426463f82c66df83a70":"":"3396bd96b83ba611ed22e12e8a5ec911":"9506f34c90611acd6ecea385a782a5739f88b4fd13b77570c4d7e0617283e7b21568e32c42ada1cf6aca1a2e2ba184d4101306ff21c9d03e0ffda4854773c26a88a5173d52960286c18753df17361bb7046d2884ee600f58775304f49cf4e782ac70cb00b3d9c345cfcb38e3880743034640bbcae83112543cd1622ebaedb221":"":64:"5d51a0868a2161a5":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5d69dbec7ebe80f2b5b8f61fdff1f4413f5f6624010fb795":"":"a2eb3ba50dd93fa375cf682db7b2bc7b":"a0f9c0de86b54d3c176ece3305463237e1f70be3c52e2ab1c773a9d27d6fc5dadf61ce7a3d10dba8730d12c306fca8952403983bf242fc1b6efaaa153ca446a07d16a70af4cb1aa4d4c0c93d646dc3a5630f5a610aa9e6eeb873f9a06d3234642bc86b03c596235ec03019e762458abe17d37409a18ca5b7e0e0088391dd3acb":"":64:"1a827855ee98d679":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7aa732879f290aa442217212156920c69457b8ec41eab153":"":"cb593221c59846dc82fc0d0cd04af3f0":"15d7ebf94985c34b72b6675d7346f0b05bdb8fd3a278555939d2999028e4179e69352d398a5dd0e5b370bdd9cbd24d576b89709c98b6142f71f5b1ba224222afb67599fc58fe043d1a91d7ea95b56dbd086db8e3a061b1bfc6e82dc9ac728174fd3669d65db62a06380a5f72c3d091b7a1b6998041d5501e9fba8bf91a7d278c":"":32:"55b86d22":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"961a3e78f6a75944455f9d9d0345e08f4669972f3d5c202c":"":"ce43a19ac648e62ddc49d243fb34e29f":"393736558133078a0367b8248bc18c8352f92a9212e90318a5b63ad3c422ccda7c181c565629acf4fc73b2de85bc9cf38310fe703a877b3e7d3b2d416aeb962f1027077232cfa39c5e5284a1b323264175546ddfb250ce693e2dc78a0479bd89a7ab44b63e504866d2ec6b5153cfd51f29a91cd4fa2b8e09878747ae53981875":"":32:"ac701373":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c4d492904becde4e46c2557ac833265c715bb57f18cd040d":"":"df41b22b92d43a96a7504514b92e644f":"c4dd46ce3e486d89903482de247c1e7df05809a247302db3ca8457b93d6886c0a3d1be40a90f6502ec58d0ddd715896cee37322d48ec3f0c3ad716f1bb679afdcc0e4c79e5e2e346702d349ec7b391ef7eafde618bbadce5d14d22123de611c065780a4d05e928e87d12b749888d6004224c3e457aca0190bf1a7fba2453680b":"":32:"7a259bda":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"316660f013ced78a16701b35479ffb1f7c8c4e964c1b52b8":"d262c15d08aea46f614c7f8f6a54631289e54ca97d698777388e137f431bb783601e7999e7af98775d7b87ce061d9ba56570ed8c58b6bbac5f12f751fc376ab0f14b36b40b2b5533727be3bbc9a51183405d5fd0121201ff592817d06613b504a3440b0e1a57e9ed1771766a9a5b789054f7032d20b23c5c37d77f293c677fd8":"919ceb172d2cb460bdb3b3e58debe889":"":"5f5128f7f948f0cc9fb248a24b07c54247e40080a992acddb2615d90ef9328a17bd5e9a698b00103855738aea55c4944cde4a9148bfa8db12233231861c455e52c9889119ca402eabc8f41b27000156dd29b901024336cb2b7088eb5fd534ba58f23caf140a8b2549486074e4edbfc262ed9c7c7ccaae24be8de873ad43cd13e":128:"ae22ec4c19e7616a5b877f168febd202":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1bdb707c328304809bf0608874c9db373df3c7104a5a7049":"ca243caa145124997f5e2e6bb25d021a38d58d0ab1bbf06d086c2416c08e3512aa887cc215fdb34d0f2d78f6a45885767f15fc00b68a4df1130587de777efb9cfd59cafa077477e97edabf2bf04c9a6ce029c230385ca5f9928bca7fe5503b18774849199d2a39a378a2d3144aef4416c1718319ff1bed8021dd77a07f61eaa6":"b7e7fc0d5adaed1632c5f7d1f56458f1":"":"91c7954bdd6a49360fdce11c1bc710512bf5a57bcef241fb63e5ceabcdc9699d0c0ddb025c75195ec25e631507f13e18799e6be9798e5639ad8401f6244c5b0ace3905ae0de08e2d0fcd19d193de83943fe449af4b503a454c248e677d2f51100fd9b8b7e5388d5091089369a7c2ff38bd353e9757ef873a87f15f30232bafb4":128:"72337bdb2bfdd1f1ebe0dba6f9b7b649":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a6dd0d7e9d6ad1ad7c7394d53e9e081c436d34c8158bbc95":"2d95d64ed3be857a5c79c7af20aee00f142557e10d780383fef2d45f16c7e2823ffee495b220c87971610e5650f7c3e8d296b3f03fc883c00351df48d97717427101aa0c08a23c408b24511621b640c210b316cf17e3dfd714f0c9aa9ddd974692d1c2ae27b9bb0fbb428e7a9da3b3cf9bd869e730ccaa3aa4bd08f01f84039a":"60b4b9c77d01232c5d3d4af81becb0dc":"":"4494460ee73d3513814e1f779bfe3a229b49348d7641e9ed4dd959b582960097ef08b91292bb9db87b4e728d01b92683f4cdc81151a69bed2096bf6fb2e45d0148404420ea16b631b421e6f4c6665fe33c2d11e7b22b6aa82b610b83214ae4d17e681972e3a1f77306d3c54d96c47d8be1fb2c8cae8300ac9db99013f25a65a1":128:"d40a246c18518ea9f8d733b42181123c":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e9ed78cb5c10df05ad00c6f1fb35b4d28e6ddfcc16456807":"e465e57cbac0dcd1e8ccda22042abecd9d89c4ac91b0e82a41fd51107a792099e63f7cf23a889d8c04edae2c2b3a9e51dbee6c3b71ace3de08ab354a295888bb99ae0fe428dd69bc013d49a70511ef60524282347787a542fe9501b6452b5faad2f129a9795c2c4cc0881ec4af8f0e0d2d4a7a628cb051055fe831b51e250608":"3a8ad989c621ae1e82b8d255a3c95028":"":"6855e4702f1ea593bfe30ee65b3fab832778d6b11a0ad902dd37361b8d85ab76d1f2ccf7927d695eb3129286c26737b9573e26bf64b31de26f97525f84345f73bda2888a1f53c9b405ad627bbe5dea123c9fb0a4b7f193cd8fbc8fa4a5e5f64e9c083f5c048d61fd1d347b49afdc69e0ca6a82e3b064c49d5bffa2800b5cfcdf":120:"9661f5c3b0d99d4f762bdcabd48df2":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"76a5bc9a8d7c6e2822456156cea7d493702d61e7d504e3c3":"0a7fbca875fd620c3d8de788e5c27534160f68d60d70fa4167adf0c18ea25fa1f2cc551fdf447aa16678d3f82193cf421a6fa953532a3765bcb54183bf0e96527ae5e695ed3bba5d9911f36c1aa73132cd43b2698996eb43ff84420e315a06d7db02aee815461892c7ab9026953c4bc25f47153d5cb7b966b71b24dad69fa565":"09b681de6683751300c2ada84a214d02":"":"dd66e08fc500426feb497c39c5853b26376272dfabb82ab5978167faa91adb025a6ca0e8fe3d04a0d97062eee8ca6530c3788bebe4436ecdd3d9eab96d38a0cf9b8cc6a584a0facaea33ec2f4a6e61f780c3dad524df902f421e3204cec7c9a4bb3f0860e017eddeb939cdfbe6f924e1eebfbbf8ec63c55b62137d9f8845f38f":120:"4acc40a4882d7733d8f526365f2560":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f5cb564cdd6974219e87f93a030fdcad35313d4adf9d7a97":"210a799d480b4933e16fcbed632579beb6b00aec74c205dbaf64e2cb152c12f9b6969122f296efcfe328f54202446514066594848f42a3031425020b56d065d6eaf2caf507d5f51df493c11514400b889f33d0b996e721eb613569396df0528aa14eaed117dbb7c01d9c3ac39507e42a158413dab80aa687772475105eabcbbf":"90f91da5239640a70eec60d849d9ae70":"":"69a3dcf5b94a507a53fa5e62cfca269453623ccd3a537d971130a21bee884cf271b9833dec19862ab0dfe7052e7dc07b20f34aac42bc39bf1d495360c1d701ea53a9bba64b02962b4ef64fb1c90a1a2f3a6f81a6ba781d5f28b786efc365ec6a35c826544aab94b53b96613fddb65660dd336acc34a217960f6c22b9fe60dde1":120:"b67495a863fffcc773021dc7865304":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"dc2c5a020d3ea731362c29d559cb14aa4f8e3f6a554a5fee":"8cf098cb6ad79e0f0eb4ca888da004dfe6431b5982bf1490c5f2d1486c288b5d50ea0a5a63cf9d097a71348632391b4bf962bf464419c2c971e76c03eedd09d069a070c86837e16a2c39a2cb8de3e2d3f274e03998a874fa98de0933b0856e076e7f575f351d7ecd024753781f51ef600405b304e37f326846b84692448d3f2f":"bd4d45d970085e0b2bfc9477f5cd0244":"":"d44a4fd303e657670632da8dddb6a117f3e35d8afce245e7e6576711c663f36806b813ba6421ef9788681d9717a36d3eff4ae1789c242f686d8cf4ae81165191220e338bf204744c9fc70560683ec07c212846d257d924d5fc43a3d4297ac54428a32c8bb9d5137e0f4aaa42df8dec37793f3965ca658f22c866e259c80bcc59":112:"9c1d6c70e1457a8d67f81cb3dc8e":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"167cb184ab6ad15be36536f505ea5447fd996b1d9a092ef3":"0b6ec08685b5a9d32346a5fa25d208136433204f3b86182bd1d9578f0634dcbb5b59937fb87df0679334d7f41eb8bec60ae1b87994ed2cfddcb56e95a6fb4e3ab7845b0294e4afa5ad46eb5a431cbd7ad0eb0473c42c06f3f62de03d10ddda449d41137c8010af5c7c0eac7a5fde5a39b5437a2382639fe3388ce029a7d4465c":"b5cc89a1c10329bb417e6b519091cee4":"":"7ebe4a9547fb115b39b09880d6f36f8cd402bb798c6d9db036b1ebd8b87a8e9d56fc23b7ae4e8cac3500bf2f73952c37a068f1e472369b62319a8b1bc085a51fbe47e1c321dd1ba2a40692ecd68762a63467d5ecad66a3d720a8a81e02dac0ebe8df867e2f7afa367aa2688ca73565e55cf2b0072fa3681750d61e8e60275aad":112:"30454dae78f14b9616b57fdc81ba":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9bc7aad4f4bd73acf756311ff1b72b41631344b9b57cf447":"7cdf07e17f667227edc986827d55bb803c6e51f93e72d98a1cbd161b58155a1c14ca54d52254e5f88f2a08614df68cc37f6e9fac88895b53090f69544b18aee4cc03763d35e7dd94ed82d1435316e7e02367b1c43506b3ccd31e248dce81fe62fdaea3a0bfba03477d5c151b0f76f09799048d8b23699d000a9da11281efffc1":"ffa8e719f29139d12f741f0228e11dfe":"":"6ab304cb9d1ed675383ff95f7f61ffc2aa73ab1b9a691bb84777b14c7014e986ffb91da6847d3abc0349a7aa09ed1d86f2dabc09e0e25a05800bd5d616c1a665bdb119ef71bae065ed019aed20ad3b13262a902f24ccb4819dc71419994a8b4774a3b9f4f672d31aaec997cfe340d2abdc3958c41373d0315076d22189eb5065":112:"260cce7d5ed6a8666c9feaad7058":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5bd47bea08eab8694defc2b66e60da1be40fc1e398224f9b":"083ad3fe9273b8063e144a03f88fb179b18327aba37259d7f8532303306ac9d18cfcb746cab3f9385b5bb685fbc4a252dda268044642f5dbe33ea6e1634445311e440c5507fa6beaed343c83aeb0ffc4f1cba21b39f0ff6edfff961aed3ae1796f8bfeebcd3392d92e26dd26a19a7b7c2e5910f22557fad600f8cca8aba988d4":"e45a52c5e5ecc87b4320864b38683777":"":"8fa3cd91fb93a346e1f9595088c5503a840c7d7c33aa1be147e484e2aef2a8bda77275348ca59810abef6e179888f6781862990ba8e6d96af70febd2f671a3a8d6dce9be46c1cc6dbfaae35c35a7073205411cc8ab4ddd266b31b64edab4ffea076b29803149850cca41c857b05c10148182f8e7252e67069e7517da5fc08ee1":104:"9fa3372199a2484f82c330093f":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"850a811ca18044dee4487729e619cca71f05a5b164dd1250":"6ee76712d0b1fc00e43c2312743a881ed95a0b06276c5a4d93e3d56732af6b12c7c0d1aa6ffaec562229b6443e576caecffeadd9a65b91efa1bfe48ab1ecc63c381d00fe8dc7f11365f2b28945e844e7c6ca60972f733a96f29cc12e259c7cf29e2c7bbf8f572e158782a46093c5754656d0f2e1e1ea2a0b315b5fa02dadf408":"6f79e0f62236790c89156c14bd9540a9":"":"eb1ebd78d7ac88e6f927e09fecf7feb1aa64d7435aae76cc917edd9e0624a96e945df67648c187e397954da7b0888005f7a0d05d09de424c1a0648b56707b90da4021d5a36175500337e7341d1a474fbaa94e56d7ea52155829eb6bb9d95457c138875f0738034924d59681e7c2dfffb7dc0959697468ea2b65a884c897208ab":104:"91c74a30e5bff5b2585ac7699e":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"91469828dafd30de415067236d5f49ea14e813637f1ee0c3":"e3aac00bd05ce3c9b87720db82104364c8ef6ef25d6f3c8bcf5f73f1a26f8619e831bf7bb28c4dcbac7013dc6282d07cc225bd969c582a26accd7cfffe878a3159a5ad3cb6c8b89131aada61e2960cc5431f4ef94394634e4c8b2938409bcd2e7668986c7c5cd2ed5f2c525fa0212996960ab842a43869ed430d3291799a2a1e":"cb5409aad9d227a3cf0e2c5f1031873e":"":"4aa82b1c81a911cbe84231ce7afb95188f2177b539fb77de68f3d4801a2bd09f5ee2f7e59b5d9e79be5f7a23f0612ae39d59259dabc8b1bf7dbd4adc0db520bf7e71b988fa96d6b4dfc76afdc22ea31f64c64388dd93b27518b3263b0a19007405fc08645350a69e863a97dd952c8d886b5e0f444a6e77a9ef7c7de54f405a04":104:"2a6b14c78bcb6e2718d8a28e42":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7b6907853b7d4c4a19468111d96c5de048200b5441b9411d":"3622ba252c067ce7d6cae1d1f5068e457a0cf93be01fdce6dc8652a53135d5ed445388679e3f388ee6a81220b19356b275878fbcc2a6751bee7e2a50adb7c430e4c8cae03e88465f97bcaeb151d4f0007bee6bb9864b33020717adc42d6f8a283a20f6b62ec79fb8060e3e5ecc1e91a2eaef57e9dabd3b3634236f12d4bff475":"a66ee64c15094be079084c89cb1739c1":"":"2b8c1490e13881ab3bac875cbdb86baabe7fa30445bcb39315d057171e80d02aa8471355e80ba891b26d80b375508ba2756162cc688578be313a50096d7cd6253a8094970898fb99cd2967e78a57d12b8b3e3c10502634bead5bfe2c9dad332fcbda0c1bca16fd5cac78ebcbc7f15aad8b28abf3ed74a245a8e7a85cfaa712ab":96:"e52af33988855d1a31158c78":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe63e247e8de838a197a9e937e34c0f5a0b282533d445015":"17c5d748b8596901e97df660ca94fc970f7ebb769aff88f60acc425f50ebfb6744c6d8778c226c5d63653d9388d3fa0d4d630f94d668f3478c89e2708501edb12307a9b2189576cbc79388d291354cb9a5d1eace4ca1d9f734fc78e55ecbf86338a31ebe583cace752e8bafd0a820384136963eb2d2f4eea7b2f69597737a1ca":"8e018305675c287f802f28fe56ae5c4b":"":"c3d34e2cf1c3ad629490d70a0fec1a63c88d025ffed46ff8f5d8c0879c166ad716b702682cd0a437bdaa03a9b2e69a32fb7259b0fa930ca7a344aea37886cc9850e44de0aa049b8bc300caee82e26b2a1e5ab45c4c7cc6a15f5f595199999a0cacaa59da1b2be2a204fe13005b92ce722a000228545ae8a61b2c667a386f431b":96:"d7a6a917a286d8edf1289183":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c739dae83a5e64bd98ffaf68b5bcbcd0155d8109e9ff2518":"56dafc06b354e84ce3ce31b7f88193124ca7e7049272beb93fbedcb3ede8e017bdb9ee5d314ec5168443fe01258d9abc4c4c27580f6299b20082b4ca87eb2589bedc459f132dfaefafffdd13f82e153a2165dcab9a9b6c10f1d0d13b127312a6f5f3d65a73b8fd057f1d88038c5137254111f7aedf21af07a35e34cf4d2166d9":"d80ac4dacb0f1441839e2068013dde3f":"":"9ae5107f4394c9050f8ca8ae6d1eb66099ccd0166f38e45c1cbc17b30e218fcf6015ac92dd7ab48bbb095a0523904c72710a86e50518d6aade269c82bc5ecdfa729802441e09aeb939abb43f5960542ad87961e2141f967d12f7190b07de99811b264dc62cb8f067872f84d21b661558ceeae4922900ffd76084e450650de79b":96:"6a180ed4f3a9d5739e559d00":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4c23ed64375d42c3a402fdadd143336d2f6babf4d4ebc176":"5541a219108ce3ce593cca8c6aa6504c84983a98851bf8610d71f79a38bdc21d5219266ad56e10ccba4898ea969815ed0d6df75312d657631e1e22e46f727a499696399a0955d94942a641383cadebc5328da2ac75bf0db709000ba3277581e1318cb5825ba112df3ea9c453ad04d03eb29d1715412cc03dbce6c8e380b36167":"daa6f68b3ce298310bcc2a7e0b2f9fec":"":"2a4e04101d4c822eba024dcea27d67eca7ba7f0ea6d5290ced9376049ae085ccae3ecb624c03eb5b2808982c88f0a5c4363a7271610b674317bbdf1538776f1fa2454c249a1b0d6c3e64bd4a356ac2aa2fd601a83d4fa76291f3ef1a9bfc858cc0aea10cff34ab9eb55411efec2a82a90af3fc80f3d8e2b56181630230890acc":64:"d408209fabf82a35":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"695dfde34f0af192faa50244ab95a6059e2e637e237eb60d":"33ca2c61a04467ad2bbd2ba8144573f0c2504a4e9945fbae250385406ed1757adb70534bd6ed854f227d93eee57c73a314f5955208e1ba5af8cc1e8b5bb07cb63030e3ae5f0ad287536f49b576418bb1d2dec40562f6bdda59c373d6668aaa9b791285716325fccbda2180e33955c8be19d05e389820ed69258c9b93e3c82e96":"a6a57792b5a738286fb575b84eea2aaa":"":"b2ce449fc806dfb93cd7c97c018c2ba7d702216ae29a530a8f22d07279c7570c6288fc01fa9915b42a6be7a7d9569f71b8fc2411dd9747b5c9c7b5c0a592bcd7e8f4530ebaee37e9c7d48d7a56be7e2df1d91cecfd11bec09bbca7ce7106942989594e791e00e23557c843acf5164f3863d90f606ad8328696f4ca51fd29346c":64:"050bd720de1b1350":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1a89a516204837bc780ad9b26717e51ccf42591bf58c75c1":"c72a1b8707522442b992cb21a7526dfd341e27a11e761f594abbfacc2ac26ea48523d0113e38adbfc06d4af8809cb606454467fd253ca442241e8921b906d6c007dd09e139e568194666d5da0b33c7ca67876856cf504e8dfab4a5b0a77cfb1883d532ef7c70b35b0838882f144991c25a2331863eaaaa2059401f61378750e5":"a9b1ef7744075cd6cc024f8c7b3b0b6e":"":"0ec50150590bb419df0d6c410edfc2f8805a602ff247e3b50881ad3efb598ed053d8dd1deff86460db0081c0eb3effe9ea94564f74000166f08db24da6cfcba91a9ee1e98b8671db99edbe8fde11d0e898bb130e1b27358fc42be03fb3348af7de9376af495c0ec71aed56d680632195539b2d1d5bf804328d0928a44c9731ce":64:"6c9f55e67533828c":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4107d51f7d6e24aa605959d5d46b4c7e1743b7d5e3ae07b6":"e5074ffbaf5e771e12f9e7cc8e7701b970aa7897928681383ea0f91bce8200ec6782dc9618e065e142c4ef2f7019791e74edfe2040b08bdf328d7d9658e7473beab65359d35ed168a2bb39f3c3f59890353405a82f48e16d388eb8f2145ed9bff016e725791cabca913813e7485f387223711c1ad098ffa0f72f74a048ec17ea":"94a88f6872995b26da39efb5e3f93334":"":"bf32a717c945e1e2fe91fd38f3c7084210a7966cb83235d28f701ebcae6b2042226e932e4601eb3ed4728ca32bf7065fcdc98017dabcac23f0f80c65e92518db6c78bf4cd91f817b69f3c3a8891786d433f6c3c1a025c1d37bd1c587ba6004085571245591d615906f5c18994f09a03f3eef180d7af34f00ecfe153d5ab73933":32:"8d43426d":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0fa6270a44c8d14937cc3ff4cc2d2c997254a42ca8a09eaf":"2252d1c4706cc46ad3e4f8c49a92cdc7d1af24deaf7b08ab7304ef804cfe261acc3a202bec0d8df42cc36a5a3ace9ed7a9465cdec3513d31de9ae7821f9444226439c8f98a9a7d99b36b91b1b00eac71080d7eb550209af5fb7b3f28d09f5060070da73a40456d60c0470773af95d16c0b33d0b5327d44188619b950590ea862":"b5f3fde841156bc408ec3de9ef3438fc":"":"4fcfc56fa722af32e804dee0f4b67f5fea542b381bc47c41451844c82e5427f6cd90c37e088dbaff722d8700a11d5dfb4282e565f32e055324e5069931c86b62feb2cdf82ca1f62aee02a70e4e274b2b957650a5cc772be86c1b1cfc41b01d20d9be8b05b9e3ff65413520789ca0f198fe00d83483a1d85aeb13094c9a827e7d":32:"1ae8f9c3":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"104c18bd2a0641fd46c2d7590d60d6d8eea74a2758ed0f4d":"4434cf5d12d07614227cfc12716a8adfc651ffe5c6476cf4489afaa698d9d19947016bdbcb5b625773252745dfeaf9b10021a5b38f742ea8a0fc5f926c80cef6568ab8639cddcf8fee9678d45ad4937d6e6b054b65512f929e897ed5f965cd14cad939732c53a847bb2758d818d5d131977649db5b59a0c5ebac37db961f9d69":"2902faec60f754f0fbb1981aeba277ff":"":"1789524845a1e36322c44dd1e938ee5d0fe6df244b751f3023d5d64d40a72598d352d9d2faba68be4e035c258b68782273925a94527fcdb977a41c1e0a96f53119b5909b23b0327c820e8f6da049a5d144a98019c4953aafd481190117573869109c265012a42f76bb4c3353f6613ccbc40a4af2f9e148bf0a0324bb43337fb7":32:"d36d2d06":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"263451f187b6dcab9d8dc4364217a483dd80c1d75f24fcea":"5e236c282eb4646fbd16a95eff2b27873f625a7e919237d75989a8a112ea80ce8db0b4aeaf5da59c3b22649dabb584284ab9673ba7edef59043eb8e99763643941a4788e7cf11bad63e13c9ef08644044b76beef68928dac22975481da4afc723b3ab3b498189542cbdffbc3f467d190cd02e9b36b6981122aa80cfa3aa3561f":"6c4552b3a03152aa464e88fd5b14356d":"435453a304fcd3c4bd6ab90d6ed8c54e6d21f75b9e56c9d48030499b04f6754cff628c4c9216f7d8a0abed5b8b7ca128c099a7deab74ecfe2c4a494b30d74833f837d254aa00d75aa963ce9c041f1916eb63d673a4af3f88817c65d4c86f5a3c28a67de2aaf75f08d1b628af333e518a7e99d980571db608407d3f447563f2df":"12dea5ea9b54957c689c7c9c6a711e2880645109a4057fafe3b32727a60ee1e24f8450310d6b8402c26b307bb0bf3cb7c6407270d95590efb938e6d77359666b11a7a3833a7122697e959645d8e9d835e0bd39bdc30397115b4c348ea825c850c1e54a60a2522a6321e4b99fa2ad9215205628c595b07c6ffed939c779d23ab2":128:"585677e0f37ae13d886c38202c3860b7":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"dbcf735d7c8701f537090d3dcf914c741ed783c24bd8265b":"18eb70dff73341298ce33ff4049fa631f2c72c158fcdea55d1231c46c95ba4013012b713bc95ba25a2114d0380c297acd05c323696db466874083e18bf544dabffbc70be4649cfe7e8bf449aeb9789d6fa412a1adf57ce732702ab962561f9e1fa850733c97b8a4158786e8ccf32af0fc2b04907124e731ffaf3fa7eacaa64b2":"09ecced8460af635e46bc82450352be5":"cc5b8f82fce3797009fbd38dfad7055a5e2ac241363f6773191d0e534e2b4592a6805c191daad377245c414df8edc4d3d9ecd191a50cf9747dde65187484802e15797d7c7e1db49ea4e423e94d9ad3b99aea6bf2928ce6addfc00848550b4d2e466e85a282cc022c7c4469d2cb16151e81bf63df378e0c676036197d9470f42a":"8298f796428faffa6085e458f149675d6c6e2cdfbc7994ee6f19af40fe8926c28904fd5ac0b9bdbd2de3f1614500a3eab1f980f82ac23cae80f3e6ba71539d1723e9f3412df345536f7517d847aae79a83ee9ad5fe38d60c6618d870cb1f203a3e1847d14d8de5295209c0e05aa196fec0eab8389e4eb66bdf3dd49d0800ffad":128:"e53ca266dd93def5bee5daf70c953dd2":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5f8d84908a8b7f5e118482bb867102a244bcbf48b7229115":"9cd2a4e2acbeea6a73b5bffc1191d8045f63f3a14aa762eb776f35518f72bde4f9c8decd61a9319e3dfca82e682910a43de2719451e1a32839b29b27c3eb1c8f6118512d6a19cf189e2d04cf4e22459397936d60f7551244387294a7994320546f070e54f166cd7c243d13f3017b786f7df6a7fa4ece05a2fe49fc39e2225b92":"5ba986f5115d40c2cfe404007a1e2403":"06f98d4807efecfc863309f3bc64b0f04e4c16c32675ff97a3295d5657d4443f6c8b0a394d3f942705bdc19c22b8ff58e9b7c209b528b745fa0424d5898ef0e42e0909aa5ad0b01f8549e3674102ddaf4784f0ff8908cf9f9a25e7e4dd9af4da7bd13ae0cd87b6aaa6b132dc518f4a95af403e612edce63e1424dacf8e349372":"2f168fd1c819b159739a7cc783ecdb0ef9639b7965918e343e2a55f196daf584f7f14bb6e42d37b504bfc2cc08c218c5b841b2d2abce05bbf15315f471e56f04f7d54d6f1dc7b7a68b8bc7026a1441105015bcee2c39d83be35d25f0d514bd1ffe75411b32867ebf2d532a766f9bfce9e55ea3e0240d2a3713ddc2ba790bad21":128:"7f121ea36b36449e1db85e8a91ab16f3":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f6c3037a59e98a9a81094d65ca52752ad92f93bcfa671821":"26647f8f4092f80fc19f81f029c354c582b582516e8e27e97d50866e8ff755f50a8ae6422f4e996f0cf50826a68c007a5b16fd59002d368ed3285bbd04f8f9a5a524243cb8d5b3ffa184ba7384771bfc508f2e93abd2a1e7170d694d35cc0ff7f247e84ca8889efc820c3f6d9cd40afd56c5799972d7556c91cde50ac808652c":"43b4f15bbe525913a31a9adf23d1971e":"60826c97f0a99b88e7aeab774a3f2278f9d35b6c1a5fce49d9389a421543c99f68797224535dca4d7040313340da73982220040a063b045843a14f5d38763f95bdd26ef818f6e5171c8d5b47f183589afd6acd36e59b9946c1edf038ae285f500171e9850603cda36043c29860e75bfe03c21e0ef11a9aecc5d5c51bb2201d29":"e58df99cce5b2548cf39684df6a26b8f9b7969168ff21c410bc40b763842ab3b30cbb3c82e0b420c8100da61c9037a9f112db9563a3d069cdf2997e7f4dbb0b5d79b56f0e985cd8cb70355366f7afd211bd9909c48b142c6556326062d27f7f82d76b83c433f00f1716ebc95038cb57c550b5810b77788c8bf1e686a8a14b610":120:"ba6aa6d68a560642c266bf4469eaac":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8fd9b08232a1d3fbe319d0897c74098f75b3e801d10e183a":"a677a13ae26b7a05cecfd153aaaea02ccb50db601221a3df545164bb5fe638f6ed276d4bd172b9e740a82a690aec4f18f4f3a0afb80c9a32188958e1cb3651064f55ca1211647903f63013e46b46c7f4f95589012eb4ccd2451d8e8dacc3cd066281f1f0c71f69f1c49f3f94136a522fff0d02427e4bccab056e615ff6fde1d6":"304c759800b8e275dfcfd3e5e3c61a7e":"5d2dffb00a25788548ff1b2c94745e5bfcc05eeb11e63501007335d4bd06bfb3223d4682e7e83eca0e163d1a8f2a76096ab2839ad14b45eb59ea9b29feb76f40b0d8dac55247c65e5dbe6bb2d5155ddcf2b2f924c48e1c16c990b69ac48ef2350873c1ed524ce1b8ef6c92a11c8e461303f7c32b5d65b57154197e45f1c6b792":"0779e5050dd17837d40fe3427322e717f074312f160c1951e5560797c13e4fbe47f320dc8053a39d2def4d3cc20e215978647d917ddf93fdf9eee5e54a974060dbac2a478afe5f5acbf65af4dccbd3942d130dddfd90cfc969da0c7f4b4050e34ce2e049c3bb004782abf4744c9a3ca2713ebfc5dfa16d011bc0b33d0368c108":120:"54c8a1dddfaa1cafbcc1883587b4cd":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"19d38467c1024611433a0b2780980538d88f3e8907a86e42":"2623cd0eb46a7366877149ce0204d7dc08a5e64a1adb3b6759178c4eab26ca1806fc25fc0fc99dfc77d1811e61ac1e04ee82eb69ef7527962df1707734e4aca970b8a499eb70c2b0386942906945abcd9234b92e7bec33009e70786c39bd241da3905d961473e50367cb7726df8da2662fb32101d13b75032838f01ad7946670":"8d56a9e4bed67a7eb0f7b8c5e6bbf04e":"1c7d2744a56f5185b9cdf14eb9776ffd315214540daffc69c217dd64c7d0fb4a9f7b1ccc4c1e325fc046eec4feb8df35d32f492a28d35858ad1e9bfaf95211f111473c2ff799a124b308fba996b08f185103607605922bad319c6b7fd211f97c861565bea34948bfd751e4ce2591ae777ab1df8dc9e820cdad13066ed74303c6":"edfdfa35b41c5642e5b4dd1769b635811a48ecf21915cbef3c9e2f8230953f2ed4fda8903ec7634f10d55aa58c975a6c6133a173c2aeb83d6d7fc6534ea1781dfc62408e7a17d255a983bd1c33d2f423c364893db8128a599cd037b2db318f86f1fbd895a64a9fb209490b7e9a30db8cdf42e348cfcfa7984e15c17db810ec19":120:"17dff78f61d21de4c0744e57174f70":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d69bdc9d35589e33ea9c2b956780cd9618e0df79d1083e69":"d8a75de22fd3e2d50127c6fdeabc09fab1178875998319e1ea83c9745a1d5833c6ba9df08177c349dfa412e13e1927bbd4cdfb54a21c86c149be1feb4d9de99ffd590850875a3d9c8d9306971a9802ad4ca48f73d0517322525ac8463e3d59ae9895c9b363b6f0728d7585de78cbb49757bd1919ba2f2d6ba042d0781e7a79d7":"abd4b94362501b8f307fca076fccc60d":"1ad9aa99a4c8158ec08d21ebfb62604a043fc0c248fe08daa15a89f4a7855916af8aeb681ac6600c0268ade231f918fe508f48c9cfa998effc350fa117e2772f04839f8fa1a53bca00693ecd28db27c6507750404bd89af07451d66fb7dfa47065e9d3fe24a910eb27911591e4f4e4746b35359afada4356676b3c7331c610ab":"52e88b54b410dbfb4d88092df52688ba9502b906752b4802aca5428437d795de0d3539945bebdf2bab070df4a7e630469b92fe2dde0998d44094cae7f21f84ea7806637fa5c73b138e87d04005ef1206ddf30a21f46c0aa718665e809ffc0b42b5250143604b20225ec460defaf554a8bfb5f69ef4244e02e9563c374a44f0a9":112:"1024f8e9997f5fa4684930d17431":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6960be8fe82061e9cd783cd1c03f63a00d60ce9fc47ea496":"e0f574ddbb04831b5a86f40182f5f10d8667fe13c7065b471df157f67230c41b8c069c0218ceab93d63964be8ee853c567add2c3eab1670b03a51f9175e8e763be778ec43833cd716e1c8fe5cfb1d663149b21e06df772a3973fe1297d65188201cdb0c3533f5e9d40bb0664a97db60fc99d7e48eedebf264024006ca36361ac":"672f4378862c82738055273c72555b39":"e3a4dbce87edac519ce86349eed2dba0d371cef0d8f20b4dda3e1cd9f5799c9fd0b7494daec5bc995a6936c501212eb957ccc9ddd4c9b8a205cac122ba87b5c5a0eeba6b2af2cbc2326d953d61d089b6334ce03257203072f8e06b8c6f37692748a13e681082900fd32f0df6a3072f3a8b9bbeb3ea558e97a43d6656093d7c75":"2a3c4b79bbcfa4af04baa8413f6f1d18c9c579060ecd0cc359fcdcfc0566697ff834f7dffec84b2292e8583ecb59c9e5e5d87913a6ccaacebf371f1fff67f0be749d4ea5f5c6f4c959e9d932414a54a8e25bf2f485ecce9e70990bbc4e621ce2c8fcc3caa66b0730c6639de1bfa0124afe351912279bc3ca363f4e6013496cf1":112:"dbdd6af194f2578a0d0832d0cba1":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2b7d0115612c56a1f28c6b3cb3d51c2b4bbd4cd36ccf3dda":"3a88efa524a90b31873cba177a7e6e050dc59f42c934923db1e75fec924908370ad0c9c3b0b3c05adf12c6ef2627d8d16f832071c055aef5f581a39a8e7d9bed2629e26d5e3ecaed24048d744fba08d8d12132def62059f1a549044c1db121f47f10b3dc4a02849150aef53bd259d6814162761cbc9e1a8731d82101696e32d4":"317a60c3c29440b8ba04daf980994c46":"80d816bf4008ae51b9dd9a25c30cd7482f2289f5616c41d99881aa8f78b5efff84efe307a822174f3a5c08b381bc99b169b92057627f21dddc367723eaca2545ce3a4fba2b4633fd99459fb03e85d6d11ed041b63185f3b94f6004bdce556e2a0aaf811faf0153b3974d0bae3eabadccfc95474c940ecad5b4d5ea88f88b8c4a":"f193303bb781164e42b3d4d25569a446c86646bc0fbc93059603c0b46ec737ddfcd55df8c90e6d806bd9fef90f2b122a1758bef5c75fcdff95ce44217d9b6b0e75e77656cc7f8a8cc47729c74faf43cbf08202e9ad16c7ef8c832ce5f97f51153e178ccc3c168928f3c328cd5b4c341bb0482f6a292cfa2fa85e03d95bcd4cb1":112:"42308ffc76cb6ab3c770e06f78ba":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"75737e01a95c2ad9c860e72a57da646e01c2286a14dfec75":"fa749799afcf2242a6000c4fe1e0628db53933dde99d672e3c7b24b0cd6533b8002bb7aa8633322f4ee2e343db3a0067ad44edaa398cd90ebdb50c732e8bf95aceb4aaa4dfd1eaca617c30c30c1a18761a6d24c2de0790f54f73e0802eb82ffc0124517ddafe8336f4ec6197219346deef4ce930e8ae20117e6ebe49a2582346":"1060d78543be384e7a9dc32a06bcd524":"528a6c34c3cb3aba402b856dd7c9677d0d88821686edd86287e7484b72248f949bbdfb640df27e3d1d6b6dc1293ea6c84be72c85e5ff497f5da74d796a21f2513385a177f29f2154b2362d5ac83c3897f368d06513333f2995b701fb3e5aabac559f6018fffd02cd6b65eba9cdc629067f15d1ae431d6a22811508cd913009f8":"7e8774cb73468ad9647f6946aea30e9468fac3850b5ff173c7b346891ecda32a78b58df8d835328615f36a12c18370f3abcf021ed723830b08627767272f769a2105e4786451db0512027ce0e3f770fbb0ee0e1850a5fc479df4ad5ceff4fa3b2b9124c330c2e79d770e6f5e89acdc8d0ca9c758980dfefaaac41aaf6d472f8a":104:"6bc6632bb5b3296ede9e1c5fcd":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a326226b24222b3389d793b61b723e9ac7059495a1b597f5":"1cc26e453a54c94c1cf902fe12307cce2fba4d5f0fc3bb63cdbac0dd0b5ba31d08dae2b4f054c86f3a3ee920d8b9f7ad8ae8b4eca090c8783cf35db5de3b95889a84f09ff3f70263c61681f00a454b0813813f0fe3ec38a6d30cc3c6a93c91a422743e7a72340cb012718b8a4a3b66a75f13e0165aa51ee4b00046cba12e966d":"327972d0c2ebc20ed5bdedc8a3a7aee5":"2edb1455bf4573a54ab921d31b7fc9e534bce0870eb6e973afccc3b1f93dd2c1a476dd88e705919caeb5d4f4a8516a718cff8858eb443ca7785579036cc7273570e7bf2489ce71a52ad623bf7223ce31232d8c9b18e52a2dd4519bb08d87301f3ae69dcc36c6dcb3b03d8fc39b6621f6b4471092e941ef090c9821a05df8575a":"5a219a0d997e879ffeb548d43de8e4f32a9ad196dc425c83f766134735ad2c9ff5d9665bd54ac3efdc50bb4a7a04ba59825f31a0f3e530aef45bba00cd6479efaa19c85edb4734f91fdad6686e50f9cc531fcabce9e8397381b4d691da4a27b7c487e93de3e3a9e769e831c69b07697e4bab470ebff628e710efa17e4c184e0f":104:"2b9ac273c059865fab46f05ae3":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cf5f2d843042ab94fc4519d57d9229ea7e8172acf515fab7":"0e20f5a2afffa4a5f9219320716c8a26e35a19c525dddd528e5f5f06f0da082f43272361f07cfdf57423f67ad3cfdda9cf1747c602a93747cc571adfabcc9d1ec1a8128908df45fe0ede0e14ff40169dd1ecbff7f4062ee7be0a1afb370c9d5103132c1fbee9262309cb05ea150fa862d6303af71677d2de9cafdb4ecdab8d5b":"95b06c3ce1a3de73cf51e781b941097a":"765c3fae74b6fa4b6ed4ca7ab9b829d76a7759c50874a38d2ecfddaca2365f7a143c9584e255608be829950393e5f94131caf4caa04aeeeb9d595e39ef3f9830246d6066995b2d40438f7eb0944bd452ab493b422e93a3e0dc3c0fc2a4b83711ac6693f07f035fd9d031242b6ea45beb259dc0203f497a77106392e4da93c285":"f43628a227dc852e0ad931e23548fedfd57020a26638ceb95dc5601827a0691c44209d14113da56e6a1e44c72845e42ebbc7ffbbc1cf18c1d33ca459bf94b1393a4725682f911f933e3fb21f2f8cd1ac48bc5afb6cb853a09e109dadcb740a98e5e7ec875cea90be16bcdfec5f7de176eeeb07a3768b84b091c661f65e2b905e":104:"77964b5ce53209ee5307065d49":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"11cf18bbbc1d8778faf40391c30ca417739ff8e2a521926c":"a2e11ac093ab648118759183cd52ca7d5728ca87fe2f31eca28cfb13325e3e6e95974456857866dda78359023e2c998d2c93c6dfe8f72c6d4ac39ca0585a53fc074bf1124c3ada92e78462a445da23e650bf52e26b782ff50312ee2beb7410e93c8435f7b88dfb0ed63d9a3823992d796bf3ab147c33593c5e6193ef32f7a620":"bdd9a2b70e4ee0cc501feca2a5209c3b":"051c68fe0cd81b52fede137d0105e69c74771b770ea9b573ad92ecae86f420953f459755597f68c29f6fca39a27239faa940ce6c949ccd44c9f12a0160cf74a575753310f52ec5c5bb9c4474b85266494e63b6810ddf7a6abd1cf8244cebbf69d3198c4a09e8dccbc9429f81791f5c02628e9477b988e2bd10f9bd5d6731ad01":"ca899a00654730d68219ca2ed9b23058a5f40150c237143b24245de1e440329e513690f00c0c52bbd0de8074fe5d7a50fe420470249227f967340efeeb64c424881c7f3a20c405d58ea81f2309c7f74ae572b30313e2d4b419fbf5f2cf90c6706a1ae1a800a883e8b00fbbc9dc28bf5aa4a329246bbe94df5c2d4524f57370d9":96:"dd45503cc20493ec61f54f01":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"812481f8982b42b2fb86297c4b7c739652908dc498171c69":"32b27127582ceac21f968f5418e24ec8b84617f4daab0eb007f02d45812e81d486dc50909d79221c438def535b8a55946f50297963139a6b21e139e810d19bc1566b374d080a387a646bb582dc738c44156eb6c8dad613586662418edcbb18fe688d271108318de71734cb571d442e4d9537b0fcb2f5c763b3fbcac010f5c4e1":"0dad658c73c9c88dd927a502d7b14e8b":"af44f747d77a83ef0944f3bac8e835d752bb55772a7fbd3c6af27ca0eaadd122c9af1e2a9f37c2ba42779ed8cde2199125378fc88c7d6d58edc01c65491c5efc6bee58e7e8bf72f1a69d3dba47b38a50077130cbd71accd3dd4f193a53c6f2d1df694476767f79f8b71fd42745ee5bd41e90a7dd50a1597445251b32de303169":"003ae4798f6a0b97990d41373623e528618f9299cebdb0d23e3799f62bb063e5530eef7fc40c06af16965ff6895f675ffb81c004d826cbd36b5eec9bd3d90d785af03b64d12d311b6f90bcd75a40497d0fad5e54f829a097b25f7a9604f6fad475c9239a0f8d5589b8a76c6f7bc852a3b820734b426f59ee845ec3f09dd7d3d1":96:"b80bbc002cbebfb4ec5d48c0":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a6657a7a9ddc6b4595df94d7c6bee9d13ad231cdc46ae5b4":"36857eccb5b3c220265a40980e8949135e840ef270602940d3394f3f679aed55217c1de175f6b48a16f7b394ad7d288bc425762f971b752d1372b369fb1c3a64970c8d18ad6de2e1a9a561a749e3cf9a8524e239f3121e8643bebee471e55fb5d54a3453c51b1747defac98ead8b25854ed1cae7ac44fd28cf4b1ed8988875c1":"68621ea7c6aaf1e86a3b841df9c43aa8":"bc25c38d3a200fc17f620444e404f3b3999f51ed5b860c04186750f55cc53c6423c44d0eee02a83af27d16b9652a7cb3d34a5cb19694e5399a272dacd56c4b17872fd23fdca129a4299b9c87baf209dd1cd1f355088e3f938e6d5053a847b5913f0b9135d6f290e365508bed73c61160a11a2c23aaed7551b32882c79a807230":"de8bb8e69f9ff1322f0a6c30cba5a6fccd7d17a2173a86cff5478ac8ea4ad6f4e99ddd4149e6a9b24865cc8fd6394066e24a556f3f6d48c599592c56f06a946c6b3414e2fb47e14d1f128ef26b385912367f35082099c1f3d4ea86687f19f059c56dac21923e9a151567299416eb311f5bbf9a28968b080b0b200044668f0919":96:"065f6c2b86891c719ea76984":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"20cf8c2c47cd583286157b45b575d4d69c793b4250274fe4":"a64c2131c94fa827c3a510b23b20fb6d04579bc292d2ec33efc9eb31459115da143f73fba9bd8b03b67e591497d108f900a7279542b480bd3a13ea588a29efe66688b52c3fd58598c66d8595888e87b27734e6c5b2796cc60ab2aa3dd06a29c577de5bdbf0b6c69c7034f0181050f286b9300d214f549165a0b5b56ba8e40641":"ab58d2e18eb83c20df94cd6b569c65fe":"93ff6057eaaa9559d87e3276d4d900888cb1f56434ce2677ee1486a0aa8f4e8d02c47d06e6841f3fbe5bd72dd37fa9d81bbef807dca6961910844eb9611419936310d717e1843e7b278f48ae44a57c1f227a75fa8cbc7fd57c8cc3b101e036c8ef3043642c81f381561b61da7c9d79b6da9ec46f7cf093c29c1930b27c14f991":"a3f621261af17ec4756245414280017fd36133f2f9ff89eb8979d4417b8f93892bbf7b08bab785341bf0c7b5e3643f0e33f036633e5ebeae7a750ffdfcfbab690291731e92238ba6b45859b309629224fa7efc72298d3cf1ae3b6a9e94797552afc4e3a46205f9bab7eb64e4a41aee0e45289704a97221b7118d209e0b267a68":64:"ae53564271d5de5d":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8a311bf356cb1d1f58eab411b45b8d78b88052f3c8ab821d":"3e915e92f186fde05ad55a2597ceab81495abbaa0be107dbf6a375525d1157a322b1f65460dce0c3aa2bc08fa89f777dac4d2fc3e5f7f20a0d5e33373c7f1c3551369737124c702928726bd9db96a33bacb56f1d645fa02ca1d88629c547c0eaf9585ee23b530ea971bf439c67e3b752af882668ebe0c739b26c837887b9d2be":"0569d05f3825d16aaa89e86812f80628":"28494a12026eb89b46b6139573dcda0836a617e00e25e2daa92f9372d86c3c162cfec34d634ea48294c784825615f41e06e555cf916983931e3d6a7ccbb4448670139616e3bbf7109387a852703b0b9d12c1fbd966f72bf49a7e1461ca714872ccdc59dc775c24a85e9864461123710fd8dcc26815894ee8cf2ca48a4ec73b3b":"9ba776653e8d9d240d9c1ec355027a18731c500928925e7c50ef83c6f36957073a8386ecbfaf430634cd557b1da1bf122f37456fea3e9b58a6e99413d9d16a2f1b40dff843fe16a2fa0219ad5dd8ae4611de53d7aabbef7a87ce402e62276addc7f44e09ae9e62c5cce4ddce5695db987084385ae9a98884ec97e67b549ad440":64:"c669ca821b6ef584":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"82fc47638cfb361ecf7924c03925d6006cb99459ef5691e8":"d14a550d419b8e03762429a7abda3b17ad7a1305e5fc639e71538285cd70d78fa30e0c048e2c32d2a7fd7f82c874d63ae922db5a77111b46caefbfe4feef4df19786e5fec6a4df84f76df412b1f06bea149f1996b41b117d00d422bba5566d3af5289ca9377f325ca1e72f7d6a32df6607bde194cf4ac52c28e8aa1e8f1c9a67":"2a8e1cadd2f264f2ad7be9e7bdfa24a2":"8088358d7c3ca8951d7e8cd6cae15844edabccc8d0fcf8f169a48cf434d4814f1d7d9ae410e5581d414f952f52b852eb10fcf0f2a67bea826ea2e28331f0597152e624e148462d5952f10fa363666d57ebfe036695e1e68f79161b991e20c8ae6095232e63fde073c79603135849c62f8d98a1d80608fc081171114db41883f6":"e54cc95e845f4d1b28885e9b90d1d9d3cc51fd9d8fec9bce57de8781a28b4e5b7ab446074e84471d7a9a23748b689c354e402be77f9890a9c52a2eb9022a6a415e01285db1c6eb66d5e15f4216a4f3f45782677b6ccbf20ac7b35bd153f52a599712d09712ef1454ccf72ee48cca967f4917f1aeaeaa6eaaf8493ec7ff2dc1d4":64:"093343e49b70c938":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d3180703e1ec93b20d1ac4d64e85d5461d75f783bcd2f4fa":"b7b350db6fc0796e9fd0cb239f561bf7e27b2aa26b8e3e76d8b737caa1c1c5ad624a32f5709e4b751f8c21172d4d0f4ba38ca4d1d0e2570c084cabdd0e8880b35140c84f775c3c301a9b260825e1fd75f9835777d6c0e23d359af1a5f7caef934b91bee521531582b639be2cca87c2991f5525f4a2f64c30a1453013d73c16cf":"916d72d515d3247ba48828d4113bda3b":"1002513035cb1d7e8b2710ff8c93cec55e2e2c2b56000d4c1182b5286736acd2d6f2fc9b82f71156dba6f77463805627e4bc38c96e091ecd945df7e996e7fc3bbfdae3d85ef1337fbce960fd1d60d06962a1669e9e8d20be151f6323cb38ef68ab5e838f02a0f379567f518f15d81b192cb25a42356807c1b9c02bef8309ff44":"d590f2afcd64c574ece12c675f509efdffc01e1404cbafbc923c4b44390eff66dd839e6d800df67bc06f49f76911df3cec36a3a1521762d6d4a8ee602ebefde0178863443f918668fcde8a531f3b5ee0e4c379ecf3e75e7c59f753e41f4e39811bd3e7dd3d6bbaa1e81fdbf8bd976384a6c4505f7e4270321c7329bba7f15506":32:"22e50ed0":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"02bc0a8ab5468123009b2c69aaffd0a20a1fb082b55a7ecb":"8bf32af1632a7903f00e801ee6e5c690147c021be6886cf2462b2172786ab296e0feb96648e4a602ae6dc45e2aa60e6610356cde26b1dde3aa114c5449216a467fcde18332a6d482d24a1ee952379340d036a48b63efa092db4c30a95f402d57b9c837183e900b47805f170cfe9e69baea2b939799e983f7470bb1297f937bbf":"bcfc15308e891f32506a50c4ed41bff6":"01bff5e606a536e951213b23672db9074fa8bbf947e815d32cbfe30adc1e736517f86139840a4aa0a671b4e9bbd6a59d292db34cc87742c0dfd2d658ef157734c5fdebb3e5772d4990ad1b2675c23ddf1472e892dafe7bf140d614c50cf937923491662299ab957606f4ca5eed2facdc5c657784bac871fab04d6cd3ccb18332":"b8dff03141832970c925e7ff0038394a0df7f35add3046cc56f73e3eff59e18932aac697456107b6da7da3249049c3be5c098dd730cd4bf68cdf798c3a932b2c51f18d29e4386cbf1b7998a81b603372337784307b0beb59235eba4d3e4810899f6d71a994ba9742aea1875878ccef1bf674ee655a0720bd37e44b33cafe5742":32:"bd0be868":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7c07d5ccaadb9e3ba5b5ddf380a7a2a175522b98e31e1d34":"04d3e6bcd5ebf696fe84a702ffd5f76dcbe9679c909b36d41ce6362f229304aeb19896c6376cb3c25081f709af57d36f39f421ecdb70bed9f829558bec6e78823275fc11f9a2d5f773d27136d903ff08e5926338dfdcbc182825794e5f739efc1f0ecda8e53751edbe0d08963471fb5099f2ff31f76b479677bd6d186a409525":"e4db5c6403a03daa703516763052bce0":"b747d97f263d0ff6119df1b5332640d2e4568813adc12ed76175fdfffafd087456748abb267195688d2db41caef301117979dfd2db9714b352398594005bebb449ea20415fcfb2671253f69bf6467ce7f5bce350a834c4586eb03e766c1930e7e6ccf01283ea31b8c73d7967cde0f2a53cc46b1b50c48649044d6f753f1d54b5":"f5faf7bdd99c62ec87f93da2ca3ce31e694df0a0fd04d61914f9a7a4235de20e0a406e297ba1099fff8c14e8fd37a9d6cbe2c5c572c988cb1ff87ffe7825e1947ea3da73b8b3633721fb4e08deb3f8fcae2407d73bd4c07f32b4f9ad0b1364003b11f84037a28239e96c3996874ba8e4ec7270bf0441d648f52f3730d30e3536":32:"e0820c4d":0 AES-GCM NIST Validation (AES-192,128,0,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"dd01d48789ef7f07f80a7385e4d1b1734903bc6ec768c9f2":"":"944ed7743be9ce370cba7b7c9b7dece2":"":"":128:"dfa0ab389c3a780f598af80200c84da8":0 AES-GCM NIST Validation (AES-192,128,0,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0383849ed0db3e52743aa82fe8cd9173b457755be8bbd46c":"":"c6b8518346ec52c001697b7bd38dc795":"":"":128:"48a1992549b627c8621e8fbaadacb16c":0 AES-GCM NIST Validation (AES-192,128,0,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"936388053ee0116b3f783ae34f000d5fe2c5d712842d46f9":"":"c5426b20c014e472c7b85be2ed0f64c8":"":"":128:"4cf0f6a45f3544e3d391375c8fe176b1":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"40dfcb3151a8dab1cb79a6a1e6a24fb55024d0e256bd4b07":"":"b8495cc54653e7ad74206153ea64c3cb":"":"":120:"1d3786412e0ceb383de3898ef2cffe":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"83ca41d8b33c6134a14d8b30b0c36d5b799574dd925f3b8b":"":"fb9aca5b4932035c65b571d170fdf524":"":"":120:"9787f7d68d2648963cb49fd7459121":0 AES-GCM NIST Validation (AES-192,128,0,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"886e646688d573c2dcc8ca229a11b394b3400408dd801503":"":"c0744685722cb87717c76fd09a721dac":"":"":120:"794fe4df0084c21ffeaf959e5b0382":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0b845dc2c4e9e5a94bd3e8969300b16b45d3ad5eadb2e80a":"":"0900b3fa3cc9833d702655d285f904ed":"":"":112:"dc670518e150d326921bd5f43e80":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ac9fac2e32ab44a0774949d53a62c1cda04b132a3b07a211":"":"8cf6a81bfa21633ad95ffc690c737511":"":"":112:"4cd7a6e4f3ec3d41d086e6abf14c":0 AES-GCM NIST Validation (AES-192,128,0,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9f9721ef784980d03140490f760313cc8a56424affb01672":"":"c104bd8482e3fe7359c85e0e94fd4070":"":"":112:"3f682fc71989804ba74bdad04a97":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f7c935f56970678ab89f6d97315a33efae76148263e95f1e":"":"1a91965c5458f4a1fde309cd42a3f277":"":"":104:"ce266c6f0447623a3ef1f6f57c":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"30ecea6cac70a9de4f4f7f441d6b9b5608cca39d07c0ded5":"":"361e5cd21c670de39b5f0b2b89437f99":"":"":104:"48a9621522a98bc6c0acf03429":0 AES-GCM NIST Validation (AES-192,128,0,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4fb80c4fd026c3f68ab8fcb8e28e144fdb3ba00d70295ebf":"":"ee552fb94a527d18d285d6c195ca7b2f":"":"":104:"5ec97630ce593e9d560136774c":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c0261023ee9f682789ce9ae970fb7601f07551259ef91945":"":"bffe4af76db75bc4a3d42b57c73c51b6":"":"":96:"bf827b4526da77ab2e21908c":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4fb4ab2071bff4ec239ac05c04800806df2c256a4845b13a":"":"3ee0e2e72eea437e46a873bd659b1c4a":"":"":96:"572d3ec2650ad57eec84fe00":0 AES-GCM NIST Validation (AES-192,128,0,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"193d5ebeb466d3fe68754bba413c65112ae29c5ca5e450c4":"":"04e9d31b3b1205cae37c435d5a5579df":"":"":96:"71004356f266688374437aef":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9a455ea1d9a78425a41d43e293e88de40dd6ad9ab2a63ef0":"":"c108c56a1b3261042adc89046ad1ecf8":"":"":64:"213d77ed0534cc20":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d6fff8797db2f1884b7d71e3ef3e5983234a837dbd0c2cd6":"":"6be4417d7c00fe9c731e0932a7037a71":"":"":64:"68b6c28786a017e7":0 AES-GCM NIST Validation (AES-192,128,0,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"86e6c451ea0ecaec9e365bc4831e7a6c092b65ee9bcf1b86":"":"6258168da407ce43cc18d6931497c1f3":"":"":64:"cbf20172e75a6316":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9295cc6458d907da5e7c356a7de51eb8e8d3031f72a05fb7":"":"c7eaad3389fc24a4ef96a711ffbfff9e":"":"":32:"12508e37":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"308b6ee958f81a7fbf3bc386e167459206df9c1cb999d904":"":"2c61b991ce478d9aac818d7aa75ada36":"":"":32:"32ead170":0 AES-GCM NIST Validation (AES-192,128,0,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"873d033773218387690c2871448578d8440ef36553583928":"":"02072ec745c856c6e86873a0523d603a":"":"":32:"e6a5726b":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cfd9c1375dfd19e64b5e4b75022fabaa049627d5238cba3a":"":"0a745c6910b23c78b1b44c02f1ce11b2":"0cc6724b9f3675619fbc70117bfcfb5871e903b0f01382e404793c1dfaff5a5b4131a7fc3041014941dc2c53871bee3ff18c08e9abbb13a8ea220cb89cf65bea1581eb8ac43d148203532dad8854616210ed7f1f9467e6b22071ccc8bb7e3bd89a0ed02a7058401aa4f2b5d0ce050092b650591282e66ee789bbf032dc105503":"":128:"8ec41e9c76e96c031c18621b00c33a13":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6c9f16c5dff4bd8d1855995dcad1c4253759b6e2a833995b":"":"3f25e3210d6d9caa8725eb55c6813cef":"7c6a66d930c95ce1028310cfa3670b77ffeb5e9b627a667859665c1dee8e69930c287fb1f1a3706ed1a0d35eb6d1becb236352a226a5b686bc27e1e1dce4ac6d5974d88b9812b39ba289b2490821319b5fd677da23fab3adbae4fb3630e2571ac887ed951a49051b0cc551e7ebe924c0cbb1c516f71db60e24773430dc34f47b":"":128:"5e000478b55ecb080c1b685f24f255a9":0 AES-GCM NIST Validation (AES-192,128,0,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a8e393e00714cd94de0347351b924ebd555003f3a297493f":"":"9c7eaf730fa8074acd372fdc53b726c0":"ce4cb46e67d85c5e68afe61ddecb1a36da4de42774d45250d0d52b328834385ce1ceba96f703daab81d7a981cd80c469855e14d834df41e4c0c98873f3dbb777fc0562f284c466b701a530f27fc4e6838cecbd162db34b8e8a23131d60d1f9dac6c14d32a2141173f59f057f38af51a89a9c783afd3410de3f2bbd07b90a4eb2":"":128:"66bb46adf7b981f7c7e39cfffc53390f":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"bd356a8acd12b06de9f63825e93664cab1beae7f4112cc70":"":"72eaf459b8af0f787e91d117931e3cdd":"9295b227be3e1faf4e969be6c7f20d507431cf5da9e2a577c9b31538058472683bd52f0ad3f2fa9f68159c1df88e7dde40d6612f8abb0f11a0078419b34b558d9144ea6596a09e5d5548b275620e5a3096dceb2768d2f77a0b79e0b963387d3016ecc2f155d9182e3209d97c76329b830bb62df195cb2be11223565f496e751a":"":120:"2ff4aecc90e2de9a7d3d15eb314cc8":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"80ecc9587bc2cec1ba87ab431c7ed03926169c01eba19729":"":"5a65f279f453572e169db33807d9b52d":"29520d9020efa1ecf514e39a286f398c7225b945608d4b57ec873ae8bfbdd40e4cbd75b9b535c9f171cd7913ed4b21e09d6bb030eaa27ca58b08131817113c852b6cbdf550d94dddfde8595e689470cf92f9c20960b936ac0692171158e54041155482f29e4acae41565d87f5641d1aac96b8cb763b7f1267ccdbce234d067d4":"":120:"83dec0fb36463b86270656681455a0":0 AES-GCM NIST Validation (AES-192,128,0,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"94345293fb7733fea9c8b94be2f4fc26f8c3655f583e2b0e":"":"8bad4f3f289b9f4063ba39622ba2b7ee":"7e2b6520d7a554e612d01f462606c0e6d0181bafece1daf54f4316d707483a5dcd4275a08caecc1c20f3e32872fe3e57fa62d598949f5e49ef0efd53e918617e0a140338c007025493f2e0f8dbe5fca4a57d1db6333551bbca79243a73ae8a68dafb3089998359159df916ee6ba4f928a6a173390f15f2ee6045d578dd757bb1":"":120:"da305181a12517420c6f0d71fd3ee1":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a3915523031c3caa58ce02c2b1e6ee2eb42cdaf31332432c":"":"d5416986beb3131afd6b7967836d243b":"ba4e883147c8f07afc08735e6e439798bec60e00ed3f5982f66d6b82a9af7580934112a9858f83abbd71193190298f0683453d3f8388c475fbbc8f9b6a3d2c77046b73986a54cc4559c57cbb86330267e04bcf5fd583c6d2968a7971da64c99d98623676154b0ee413ba531ebf12fce5e06b4ee0617e43bdaeb408b54d1b4445":"":112:"f273fe664e5190a506da28ea8307":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"799d3ff266644128f330ceb8c028297991b2a5593e4afa3b":"":"9d27061dd9d50817b3086f453f1f401a":"d3b5c420ac597daaac7503cd17f580e94ad779fae0d4199ada2c7da7c4a611228752375647a03241f29f810d3a6a74a140ef9651e4a6099259f7d41ec4e51a02917e8cc35edf7f60ffc473805f56f0ad51fcc767670157c050c3214d36f831a54bfeb7ab2039cb10f7919b89b0f623a572aaed313983b105fdff495d979b8a84":"":112:"e690c9afdecea2494b6cf5a576bd":0 AES-GCM NIST Validation (AES-192,128,0,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7480905cee8be7f42b9490936041a19b060331712882da55":"":"27500a09506e0133c88f65e77721b547":"52832d4118fddf182b21513db25d54a19220335f8676ea35c0941d2a38a3aa536b8c9cbf093de83c6b24da3372baba2826289bb3cac415795b9bd3ea62bb9b48450978e79b936cd70cd551e580a6de3418a2be0f4c1f062954aed6adc94d805e59ff703d239fc2318b80cee45c57f916977b319a9ce884d7e02726fdb71c3287":"":112:"52a5721e98ba1a553d8e550f137c":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"042db3f8af95ad68966bce9ca0297ed41b608683a37457f5":"":"32d3e97edd3f393da5abc3827cae1e67":"4d7c2ee6e024e95a6e684ded9898f5c7fae7da8658bdb40560dac6495e46a691e97c047e66046b55e8cf9b02d31d3caeebe3a9f8aeed756d6b0da1ac5d4ba2c5e7b54add22f681ab1d5a2ac1463e8447e08592e0c2f32605bd02f2f03c925a2159e5bdd880323f4ce18a826a00962ce418dbbd5c276e3ff30f1cbaa4795d1ce5":"":104:"e2afbb95a4944353ed21851f10":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7f5ea90f99fc76594f0f06448321bd4bb5e494a5e351e41b":"":"002a5da3c543ca56dd7e5b013b094f70":"b8150b50e36de85158a96d2096678f31f179c8765ae6ba5723ca655e890528eae96d438f9d9365575dadea3cebb4d7df3a9d5323f93696c40781a6661dd4849531e672f5cee7cdfc529416c9c3faa889d0f66ee4049c949c3c8459680f490bbb0a25e50af54de57d9e3241e0dff72604af55827b9c4d61b7d1a89f551cea2956":"":104:"db9fd90a0be35a29f805989410":0 AES-GCM NIST Validation (AES-192,128,0,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"da287d34379d56f542edb02ea673bac097150f87648a57b9":"":"6696034b1b362927b89ae1b7ab5297d7":"45818b7b69b05a121fe5c573c9903cb11477873b24a544ba919baec78d1565f4ad0766da58bfabfaa17ac3c628238a4d38b5c0b14b52e397bcac991408dd7b322ff614bd697ce2b5b94ca155a4442ddd9e502c4a5f81210c32dff33481f4211897db38f619b308f3708d554bdb6c7b8a4d2a80ccdfd5f70501c83502a312ca8a":"":104:"8e65d86edc071446454a1bef34":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1782ac334cbffc92769a170c3cd43915f735b4423ebb4dc3":"":"736f2f24cd04e26d38e69c55b38cca7a":"5827d391efec2f8f102e5f053ac496e2910248a0eb72e8a0b3bf377c6349df02ab0410a3d28bc27abc7cbe582a03000db57843565e4fb06c4078de75c3f1a21130d55befb7ecb919ad789a4de2816c3a42d4e9b32e38d980c06045987d03739cbe7710d839c42f04f5088072c1a1044c3b89809b780e74e54ec135fbe4129ee0":"":96:"c6dc3c4ae52f3948503d84a4":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"20529c374f21c97b0a8f96f7bd5bdeb3fcd2b12db30b3ee4":"":"e6e45b7c28f7fbcae658acb533614e48":"b41290031906709ec8048f450a940eff0422a6ebc7b44666c05f17aec9debc1bfecce62d896d5df4618517fb57ce7b04ef1579ebb2636da0eead063bc74ec184b0a69ca3eba675fc7107bb52a49f93783608677565205ada7bf5a731441e44cede781120a026cc93cfe06a06fb3104a521c6987f1070823e5a880cbb3a8ecc88":"":96:"e9ec5ad57892ce18babfde73":0 AES-GCM NIST Validation (AES-192,128,0,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5634789b29e373760ecb9952f4b94ca76f40dda57ba363dd":"":"7cd1d2d6beef44a6d6155181dfca3dc6":"0130a67935e2df082a95d0bc6dab17093fb08746a809cc82da7893c97c5efc0065388bb85c9c2986a481cc4bbdeb6e0f62d6cd22b7785a1662c70ca92a796341e90a538fe6e072976d41f2f59787d5a23c24d95a4ca73ce92a1048f0b1c79e454fb446d16587737f7cc335124b0a8fb32205e66b93bc135ad310b35eea0f670e":"":96:"4006685e2d317a1c74ef5024":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f0072110572321ad9804efb5bcbc2ae7b271b1cbb0f4897b":"":"604ed8056666b17fd27b111afd419375":"97f68c00513b2247bc88a331a3ffa1208038736d6761b3b080884a8dd46e0596f2c00c1a93bceeeee814210e57d7f1cbdb4e0c2ea6a0834baf716945af9aa98e2826ae0eb5717b241ede2b9e873f94c1db9eb5e1b25f75827c25849a2c7b92098b54845ed81f52871a2b0d12d317846cec34defaaafc3bd3cc53a6ab812bd250":"":64:"64881eaf78aeaa7d":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e91e8c2d6928bbaf870e141ee34d3a56d00dacc8c7e50514":"":"6f3d661a3e321844d1fc12d5ec2becf6":"fc8e5b45ad1647f9dbdbb6b437abecf0a8ac66065d0e250aa2ae75525455ee13adce8c59d643b96de9002d780db64f1eb9d823c6b9a4238171db26bf5d05153d1e3c839b93495084363b845fed75671ace0c009800454596674217b19832751252f051f3995776a89209c1636b4f4b28a364bccdedb78ad36876745c1a438406":"":64:"1f4f495adfed6c1e":0 AES-GCM NIST Validation (AES-192,128,0,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"138ff9c8c556ffe7637f7602cae428d7e20dff882d44ddc3":"":"38d7005fadee55b5a0434d924d971491":"3facceb047e486998c945839ee5eddd67054bbb28308365b2909dabaed29fd5b7b34644043fa443165e07b20214710cd652fecd816d9273c700d6828d216db8f3ceaa9eed0e251585f4ee5ba4beb3c0582b8128a3ecc01f4b29cab099ba2a8931e56120802fdf6004a6c02e6dd00257a83adc95b3acb270e8000fd2126b8eb83":"":64:"fa8aed1987868388":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1187a34ccb75fc06dafeca0235186c64ba929adac6cf6e49":"":"9dd515d3481f21efbe43198f623b34f7":"8a1b00ea5d1f4e451cea71b3d2fc9bb03b9790a8ae8ae262b3e97ebf34911f9d865c8810b9fe779fff701c72f3639654e60898d1f57eb93381749f0e2cecb4ee342f5f34473215d5c46818338ff688637217fdfa8b7ee552db01973fdb6084c3c20b530863eeb1ce798046890994f5625df2a56042d62742097cc10d512a543a":"":32:"83f45529":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4c1052610d05fb77543b6b517eb64b487ed902f9969a420f":"":"90f4c93301371158271a8f46df1c86c9":"83d009a1238f8aa40e36cbddf08a5f3d96403a03f7d079359cd6d3d0c719bf79c908654882919dbc6c27db34007b6732cb344a0f4babd26b1209ce6b134a8d2318f9a38af034b265562097b63794d7efee306e97c6ac0a991b3764ecd936c87000fa58e6689e302f12c2851b1ffc950dad7a553c8c67e01a2270e1e5e9caf30a":"":32:"30b3fd85":0 AES-GCM NIST Validation (AES-192,128,0,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3dc62e54957bdd1968be71b7d205fedaa291349d69f2854f":"":"b8bce0f9263688ca41c4cefb26e79453":"22b6d92d8908bbdbcd0ff35299eddaf0cfb039befa2d2d83c896f373b92091d145f1771c58d60f94d3548d0cbbeabeb796d7632b5da3c66ef75cb41a35e7d1b032ccfbddbb9423e0ee054bd56b6288bdf1b616492c85393e4134ff9c066b23f3f626eac63a5fe191ce61810379c698de62922d3bdbe30697a3e3e78190756c3d":"":32:"67887aeb":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f170a6a761090355592968d67fb3514b8bfdb41cbf121341":"a050f858c87d56dfcba3ac1ccf5ba60628b3ab1b89845682a95b7f291c80f6eb1cbced4fa21e3584e21528746231e7311ec319a0fcecc329e1a7aaed0a8548e613e51db78c86c8d0cefa15e30b745b952809f87d8a4a7bbefc76a8eb824827d4334201bda7743dc497ef5fffa2812e67f2a04e5c10bf464179c6178db932ecd3":"e02ef73aee414041b137dd3cae8f2765":"":"c08c9bccf298c8a352cd72e9174f57dc9bf64d65191a9e97b43ce70afacfe76feb5b2695d72ea4635fa94144de02a54333a77c7d4adcde17c166b303f1d664e6edb081a85433a7496f91ce640f113935cdd4e7ad14c95247506ddc6620913b5c67422f599ca00b95d62a9371e44c5af5295bf96743d0f1228c96e95af3b4d366":128:"d64d9ac91548dc1bad618509633e0c25":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2ce5a40618b8bb2d9fc1d87a3333a9cd4945cfa838c8e0c6":"4ad4d103da3fb2ef8adcd1e0e823f4a857f1d6fa6273bb66574033c18ba2f760951ee0fdbe06c5cd3a0a30bd11142450f2d7e71af2fa7b9556b663fc30766508aa24e1fb2219f30ec23a6cd48b58944541d1f3e3fbf596e2ef263bddf789e7a666a68638081f0ec1a6cb3cb7feb0fddbe323b307675324ebceb25cba6d9002d4":"0c4b6c940d091efee98bf27fad79b04e":"":"ad611dd6ebaeb5a634d4bfba9f965948ea79d16294b976b7c8bb57240c5d13e10a9fe7a5b5d39143000b4f24fc331cc4988685c8d6401593a420c12e6cbd7cded06504d6a1034f70153f7b5019084a66ce818761841cab52d5bcb2a579a4acd9df50caf582bc6da2b94d4b3b78922850993ccec560795417016e55cfab651473":128:"317596eefdc011081f1dda6dae748a53":0 AES-GCM NIST Validation (AES-192,128,1024,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f71d789a63213bbe17aa14f2956e9da2496a1efd1a63f6a5":"f5bf20dc6a11ce5142ff34d6c4771dbee4e74790c4ccd3cb5af408a5c7bd706bac550d7ed56805f550efc7648ab501fbbc63a1070402626c5788f076ae40e6bef2b9aab9a4bd8550fe38f7cdb0fcca2657ca26f1f729074326f45ae932182905d849b1534d3effe20dbfc3fc26dc6453d6544d481e58891405dbf876d0f254e8":"17327996f18c7096fc5b8e375ed86f47":"":"fed961a497502b2e49043ff29b9426a1e864a7fe0a88281a1572fbe62203f071710ea1d77873906369b195919a7bd5b44cbabab6eee23c3692cb8b9e4db7ee595b8d4b063d209b11d64150c45545b7eda984144e1d336a3bd3f187834bbc6950b3e7cd84895a3a5e27f8394a9aa9b657fba77181c9040b741c12fc40e849ba4b":128:"9dba8faf9d12905970ba0e29bc7e9dc4":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"83182ba753ac16554e873281599113b7620bdb042704bce8":"6915d46189fcb0f9ab9b838da2124ce06398d638fec9c1c53f07a43fa0ea09feb2bf868fd1dd521f301f9f38e2e76716038f34cc0d18ab9bf27ac282dc349002427ca774e211027baacb9f6bfad6fd7885a665e508f654bb018f0323215153cd3a5b3e7b83482c08cf07ee5ef91d64a671b3ef22801ff21cfae95d6843ccdc16":"805c6b736d62f69a4c2cd4aa3745a615":"":"76dcefca6305ded697be4488513cc3fd3d9f08f06a7c1a9133b9b3fb0f44badf5c7544881b5babcb873cab912cc8a00337fc36100e6a5ad998eac5d8568795b41166377c5114757044b9b73206d19fc34b6378a06d55b5d5e9498c7693e818dd962af9b9da2345f4ebf152f33fe85f3398a65ad7dec823a1b1155c38cf67df84":120:"746c9972aa8481253d0d54db77398a":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b176e7a68da4c74aeb91760448c0257b1e17101299e1405c":"691c436811f82e747468571f80fa8502ef5f25936fca58a8fb6b619a7a95f4938da558a3b26a2f09c8fc1f5bd347c7724d9fa377d0a52094bfaac88f3fa9b3dacc2f56d880e825809533da5980a63e01d6199fbea07f3d070e29c5d50e1013224f0ea86e7c008e3a2e63df394ef6ad93ea97d73fd4429feee495b144ef3a0d6c":"42e2e70b0096ebd489bfcf4d6ac0f2a4":"":"81f9c34c5b0668fd58ec8822c6ba75bd7eb0d1741260fad6ad5e637903aa29d5f5facaccb4b885f62e10b7371f9b6b43e3aeb69bc5093bcccd49f3ee744e49f87cd2a2c36c808c47e4687194cbfd4faec4da66b99e3d4ced9cb8ac6ffb94d7fef3ae2b92b9f613f2bda3ca6c8efa9c6df8bec998e455f6eb48519e8f8ce4e526":120:"26d0921dbb7987ef4eb428c04a583d":0 AES-GCM NIST Validation (AES-192,128,1024,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8bab5bf1cd8f259129ce358cc56ace2bbbbaefa79727f66e":"57385955b9909a0856bf54ad25d00779cd7d3dea78e1ae8965c4b7a568934d15ba1a7b2ab899f69fb1b864bd4d529319b51bf85a9b63de9cd51997ee4b2f015307cc42be9257e1b0a84e1c9e55a370476bff0a5325b21850f5b686a3bd4f1599f36d0772c406047b8ef29245c42ade862cb9d25b1e108db4f33a42dccf45c985":"ca5beea7dac2d9d24d548463977d5956":"":"67deff1accc4f279ec2eb4c2a515c17886371bc4847bdaff4aa70e170775b64855a6fb0d347baf39bb53d7239b7a63ce451effc69e8d8c3e544b77c75170a68cbc45dc96ad238aabeb5ebec159f38089b08dfbbe94e1d3934a95bd70f0b799fd84a8f563d629a5bfbb4eb3d4886b04e7dba5137d9255268dac36cbb5b5c8d35a":120:"f212eaad0e2616a02c1ec475c039e0":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"bd0e0d0c7907bdb4b4e60510f73d8ab2a30700349206ce22":"e6835a650047033a4940f72029857fae6fff2773f2aa0e4f7cb0a4abe86b6e8cb0c3e468637057f7eb20d1d30723e3c3107d0f579e31a4c3e6fa8133e1b1b51fd21a8aa80ec657c4f674c032bc4a2d3e1389cb877883317c4451ab90692337bd8aa6e9312388a0acddb508fa477cc30eb33a886e8fbced97492c9d3733cf3fc2":"1f183eea676c7ed2ead9a31928f4df5c":"":"9f1a3017d16024dbfea4ba9df5154a6a2c794f00da070043c17f0204f06f637c8fffc760424187dce4fef044faccadefa1b1bd818522915e389d307caa481af0f1f767c38216fa048f621d46880afca5c8fc582853dec95d19d19cc943e9a1861597c99041c59e8bf8e7245f9e30b1f6607843a978d0ae7a4e0f716dabc9d9f6":112:"4ceea20bf9616eb73cac15fe7e2f":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d59c476dcef60a45be253d5cfbb24742de9e3879bdfe6949":"144696d85126c682f8446fcc2724fabe4b8840d46f3de6ae2ceacb2f06a1a80fed430e3a0242f4f7c308611c802c8b8e9c992b78a5cf401fe7a4671bf081f97520919f02b66e8bffd4fe3f4a69cf3d16667e7724890cc4b66c6ae487d2d987bfacec424fdc9865af4474b04cce03fffc828b2df66d99087e63f35eca52abe864":"9bca808f02295477f2aa7f6ac1a7bfe5":"":"9d23989edd8dd9911a3f5a80de051ec7812c6ce018e683751380ff990a079f3502ec0fabfcdacf6c1fb2503094124c39ec531b5d29ee8e4e46c324fc10dbe0f31e9aa56522bcc7085ccf768425227cbab6db4127671a4cab7bc65dc1d3d9d81469493329e29a9a1cb7e5e088e84eb243493cdf1a49b16fc8d4ea2f142aa9ad23":112:"d8b20d72d95a44dfb899bc6aea25":0 AES-GCM NIST Validation (AES-192,128,1024,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2f1594e840375405a682dbc1836344be8c6b3f3199ee7fd6":"9bc6b715c65347a383f77000b3efb33b16019d01605159e09c116ded52d20721bcdde3796b6f4dc33cb29ce1c48438e95d4db6102465440cecaa50ca33ebce470d8986663652e069079f9d92ff167b3f7ae568218fc62ff5a7be50b3b987dab4fc7979e5967bb0574de4bc51e774ba05f9780a49ac7b3ea46fdf35804e740812":"7f1f4a80210bcc243877fccd3e7cd42e":"":"773d6901ea64d6840ded9a05a7351c0c74737ad27e7c3dbd38dedcdede94722ae67e88851ee471aefc1f80b29a7312fa2a6f178ef2c9dde729717977e85783e2e49a1fa2e847d830fac181e95fe30077b338b9ac5d2cfa22ff9348a0771054322bc717343b9a686dafda02d6354cf9b53c932da1712b9bb352b2380de3208530":112:"fc3e0ca7de8fb79eb6851b7bca16":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"88a6d441c1b7472aecf92c294f56f3c1da1702d174eff431":"eecc12fbd00c636a7ff897c244593239d2dbca9d1f370660c9bf9759cc41dc6e95075516f8d7fc06fa91ff68701777725171c2dc0767a1953fac13008d77065cce8ee329283d3f64adb8a298aa100c42e75d62e47fbf5134a21b826fcc89ebb18707c0f4d54f6e93220484706a23a737341c601b56f6a28cc8659da56b6b51b1":"058a37eaee052daf7d1cd0e618f69a6c":"":"0f5e889deff370810ed2911f349481dfb34e8a9623abd657a9a2dc14df43dc8917451ddeee5f967af832296b148d6a5d267be4443e54cef2e21c06da74f9a614cf29ead3ca4f267068716a9fd208aefa6a9f4a8a40deee8c9fa7da76a70fcb4e6db8abc566ccdf97688aaad1a889ac505792b5ede95c57422dfec785c5e471b0":104:"5fa75148886e255a4833850d7f":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"abb4c4f8d3c44f07d5a57acba6ccf7852030daa84d09e13a":"24d82903e5074beb9a769f24a99b18c7b53c160a3c3ae4065335bec1c4170aa4c656bd7c87a8a13c0ffc6653c045445bf8a135d25a13b2d44a32c219adc6ea2695fb9e8c65f3c454dc0e2772f4a4ce51ff62ad34064b31b0f664f635de0c46530c966b54e8a081042309afb8cf1f337625fa27c0cc9e628c4ae402cbf57b813a":"c9489a51152eec2f8f1699f733dc98f5":"":"3e5528ab16aed5be8d016fe07f2ff7ac4d393439c4fe0d55437a68967d685815e359fdb8f77d68241940ce7b1947c5a98f515216254ac29977cc2a591fc8e580241442d08facbdbee9a9ff7cfbde7004346772b4607dafb91c8f66f712abee557d3da675bb3130e978a1e692fa75236676b9205341ead5277cc306f05e4eaea0":104:"fecca951ba45f5a7829be8421e":0 AES-GCM NIST Validation (AES-192,128,1024,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cbce5e6d0fdcd3ab08ccd86115149b5569584dfadf40256d":"3974339a1b90b19fd3857d812a0e59dcf43f9b0f360839940b99834ddedead79785396ab8fd0fc0e523c06f0555371fd5bc857a95c3ead26536e6deb1faabdc776ac7cfec4b60d9c24b0856ecf381efd98f941d5b2a38108922d9cf1113d1e484354b55f9c0f09d95a77fd30ec9cc04d19199931e187c56fd231f96fce5e1eb4":"ae3a25be73876b6e9dc88573d617653a":"":"4f57be0de00ca2c7c52c54b931c235fecb4ee1e5a30e29bf68f57248bafad87e484cc68465d9f64bbf502cefd2c84e5596c3c8e58a9fb51a8c8b132579a94bc32e92f7c7247dc5f69fda98727c423de5430f01b37d77e3ae6bcd06eaf5625e5c7c9c228b9dca5aad8f571369fe0964731bf1f143f2f709c7ed51641ecfc88ebc":104:"33375e21fd8df9f0196198b4b1":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"96779eaa8699469e2a3bfae8a03fd4bff7abc62d427ff985":"a343fd32fc513e0e9772acbf99feafe9de4b54e404807999b02e921e0914b2d64d0d402ef06f31e1db852899fb6db231ad4465af015b0c16407fa3666ef5c2a6d52d5b4f60b0f7fbcb13574b2aa5183393f3a91b455a85b3ed99d619bc9c5c2dbcc4f0a61a7b03e5ab98a99cee086be408ce394203f02d6d23a1e75df44a4a20":"cd7dca2969872581d51b24af40f22c6f":"":"74422abbde6e4ab674025735874d95d9fe3015620a8f748dbed63ef0e2271063b6c0d65e00d41bcf4ea86ac8b922b4d475f904c0724f0adebc2eef4a3abd0f9efd75408cc054cbd400436e0545e09e6b0bc83a9c7d1c1717589d180c7b1d4fe4ca18bde4d9b6bc98481b7971c7eb81c391ac4dd79cdefeabb5bbc210d914d30c":96:"b0e425435fd2c8a911808ba5":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"39bfb4cf533d71c02932e1cd7b800dca9ce9bca843886962":"de76f63ecf9c8d4643599f4dc3f9ed837924915ce4216759013cdb46daa0a508e06bcdb77437b0a58c40a0bd30a05ca41433218c6869f1ecd26318aff27999a2ebbb651de8e03061b8ffe3e14060720eb35a8e4dfd8c870aa4562291e3758cc1ea6c4b0fafcf210e10b31f8521bb0f6b29e8450b0cd6f8c8196ca2f7acb807a3":"d2b937bb5d2ea7d54d2b96826433f297":"":"0b0b4c92f06b17103ed581fb32d46e874fea2a2171d32aac331daa4d6c863f844fbbad72e455cd5a3ef941d8cf667fed5855da6df0ccd0c61d99b2e40a0d697368138be510a2bf2e08a7648850d2410e4a179a6d0193e49a135524092ab1f842ed4057611daaeb93e7aa46e5618b354a1091a9e77fb92a8c3c0e8e017f72deb3":96:"a188107e506c91484e632229":0 AES-GCM NIST Validation (AES-192,128,1024,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"41b7d80ae487ac35aa498e5939a0f27baeedf48a494c8e91":"c26d4b918a0c967141fb5712a28698d16640d200b2934187b81ec58486b706ea1caaeb654e5fbbc0d078215aceed7d66939e0fb54d6131d8948cf58ec9571646ca75a051c2b5c98fe16f7733d42e5897b0263272015042f3134143ea3b08bc65292d8d31f30f2ed9830ccbfca2d33d290c28f4dad07c7137a4ca05f432a457c2":"626e1d936b38cf9c4c3a44ee669936ed":"":"8998e799985890d0f7e8b0fc12a8a9c63171e456ef5cb211f836a2dc7c9e3f4d1cd6280f9b0c469b703c55876b57cd1d8cef70dc745e3af8438d878cb2fe9fb1c5b2d9a2d90edf3bc5702ef3630d316574c07b5629f0db1510460af8e537dcf28d9c5b5cec6996eaa3dcde3354e39f60d5d896d8bb92718a758adb5cb9cc17d5":96:"69901cbafe637de5963e7331":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2ecce8fb50a28a085af744b44bc0ea59d6bc2c8ff1f2ff8e":"54300bfd55b227b4758cf64d8a3f56cb49b436adb4b927afa8c4b70d2584a6cba425af4fbc3840dd6f2e313f793cbc7aca8219f171c809cf1eb9b4ae8a9d0cf1a7aa203d38d67cf7719ce2248d751e8605548118e5bb9ce364349944a2205e1b77137270b83555d5d804edba2f74400f26d2d0d28eb29d7beb91e80ad66b60be":"b7e43d859697efe6681e8d0c66096d50":"":"45dac078c05e6a2c480543d406c23f3dda63f2b616007d08fbfb075a90eefab8dfbc26d334266f5d72fbc52800cf457f2bbc8062a895f75e86df7b8d87112386c9bad85573431ccfcef6a5e96d717fc37b08673bf4a5eecedf1a8215a8538e1ddb11d31a24cb1497c7b5ba380576acb9d641d71412a675f29d7abd750d84dfd1":64:"2dfe162c577dc410":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6773e627f6c49a1687a3a75d2ee6754ebfc2628bdfceba28":"eb0a64ad510968c68a816550d9fe2eccab3bd8409ab5a685a8638f81b4b50a9a96318bff4e86f7f6e9076960be8eef60e72cee4ea81f3ba269d8ab4c9581a54638421520a6411a83e9dc83b6981a9dcdd9e4a367d57f156d131cf385c01a736b327218e6b6468d317ff78a01f1588c359a3a9b188bbe5d3ffad6b57483a976d0":"ad85becb03a05caa4533b88940ca141a":"":"959658fdff5fd802fca5c5a79d59536ba8ef1359ac7bfff81264c7827bd31b8f02ecb54f309b442a54a5a57c588ace4b49463f030b325880e7e334b43ab6a2fce469907055e548caffa2fe4679edbe291377c16c7096a48aef5659ad37702aed774188cb4426c3b727878755d683ed8c163a98a05f069a0a3c22085600759170":64:"4c0f4621b04b5667":0 AES-GCM NIST Validation (AES-192,128,1024,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1c086f7404c14160f33d6efde231eda610f92fa55ac147b4":"fc8e5cd81755e489de7e3ddd2b587149ee013bffa2ce198c514641b0e1659261edd60bdbfd873e30e399869748bfe56ba543ceb9bf5fd0e7ba2b4dc175c52f28a8a02b4816f2056648e90faf654368c64f54fd50b41ea7ca199d766728980e2ebd11246c28cfc9a0a1e11cf0df7765819af23c70f920c3efb5e2663949aaa301":"71f154f1dc19bae34b58f3d160bb432a":"":"6d60da2fd060d2aec35faf989d8df33f2413ba14842b0406e38a6a847e191eac9f4570cea647c3988faaa5505ea20f99132df2a8799cf0543e204962da1fd4f60523d7149e0dee77c16590d7e114ac5d8f88fa371dcdd254eccaa8316ee922ba23a0a07b289739413ddffc2c709c391afee9289252ddf3ddb62a4532a5515e35":64:"f47bae6488f038fe":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"bae1b3eef91ba79032117c60fb847d46f18175565d0ed10c":"9b71eeccdc91cb5f7a567a9189774f4c30d96477b88ac553df66b78a56e5c9e0986a17d80c811116d31985acfbf9d7a9bed291aa2fb6329457a836b3f8f11c16416f0a3b86dd9c717c8a050c6ceb5c27d8e2ee0dbe63f3e1e4f0aff4809e1f6f6ed64d31d494b7399cfa0dd9446321bd4256a49d0793a10a670e3f086408428e":"cec8b66a657e4bdf693f48ac52e60770":"":"015a318acb6198189ce908ab1af28578a37a48beeed772c6ed4dceb0a3bcb092df85f653234c56a25c075c8e028d4a8d90d974fb0477834ae2de8d5df53d0d03a979450b6e7a66fdc9b11f879ea9072699837f2de7192156f8e5d9411fd83d97d31fe63ece4e4326ff50a24fc75004a5ba2bd4845b29e0794696943dff1e5d6e":32:"9cf6f90a":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7c1582240ad301f831902c66334546dd681c12308add0870":"d4b716b49858a23aad478581cbb6dfd015ae550d76497229b5b1776e83f2ded8542675c63ca6a007a204b497ed2ef71ca125d91f386be9b4213cd352a797a5d78a1373f00916bb993de14e1a0af67524acfcc9fd71daa32e5def9a3f2dab5b3bba4d2f9f2cfc5f52768b41157fe79d95229d0611944e8308ec76425a966b21ec":"b6f4f3959914df413b849d559dd43055":"":"79964f8775c78009bca1b218c03056b659e5382e25e43759c8adfa78aec48d70b32ffd56b230fc1ce8c21636a80a8c150e5dbb2bd3f51607d97ed097617963dc6e7653126fe40cb36a7f71051d77e4f3b768a85ee707c45d33cc67473f94c31da3e8b4c21859002331b5f7350e3e8f9806209255ceac7089176e9d6b70abd484":32:"79e5a00b":0 AES-GCM NIST Validation (AES-192,128,1024,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fd55a356943824d20630b1539627ad1a9dcd8ee2cb4dbf49":"b8d8d6dd0631f9183ca858033a31dd583d3ee3b9510fcc69d8cd412016bf854b9edcf65c2831e63d72f4cb61a99f6f4e6dab0c2ce9c5a8cdbc179ae93aaca2c8a5b848a15309be9b34e5226aa9a5908f543fdda983fec02e4073edcc3985da5222b53f8c84b9c54c78dd8b2712b59209463595c7552e28f2a45f51cb882c0354":"aa89a122c68e997d0326984fa5bef805":"":"107a9ed561e6c45c375d31dea321c7b4a4b7641024d2c9eef6a103a750ba15e1acacbcae121510b4f56f19d29e6fb3e6fc06950b1daa521528f42284130a40e5a6c1b58b3b28003673511abcf59a4b9df1548a00f769d8681978b632f75e5da2cf21b499a24fbdd4f7efe053d4a1b20b240856d3ae27948e35098aa617def5bd":32:"7f9c886a":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4cddc8f525640fc0a0875c65b788ea75c673f84f4aacaed4":"55e3ccb855c1fd6d33e28d308485fd85abbd8ade1299936996851d44dde063ddc37962f9f67e95df02eaf3d877516240771c469be2abf2ef6c8dcbb79eb1976f825b109f752079957a7c981faa2fcea599cc52e262b84f4c2031821619f0be6fa3c38d660e9eb3e0d5de2da6b83de9866eb3efbc6a2dff27e52587c6f79e1c26":"1b883a89413f62dd6d507cd70c048855":"eeaf21bc317660b0e2afb9cd5bd450ff0bfa6cfa7e49edad600f71b971347e93b9712a6e895540c665a1d8338f61b51da9e0a4a9122409824287ba4bc06bdbba10290a40b31b5eae9dfeb6471f4a0a0c15c52a2c677c4d472630d4078ecf36dc6008faa0235a688ebbe2662e46a49b1dd58cbee82f285f3cdebda1dc54673195":"18d11513661296035f6f42d264e0b4cc7ec47f43b758c6dac95e5e3b3834362eb64447d923e107a60cd66ac359cf3a203f9070eab9fe61ae64a86606c9b50a97a19e12f731de28719fe178c9713edbb4525b221f656a340c867405c41bed3bbcb9c6da5cc6a4d37acd7a55f251a50fa15ea8f9b8955606eaa645c759ef2481e8":128:"dec3edc19fd39f29e67c9e78211c71ce":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3b8c31830b1139a60425f6a34387f5ca2be6f5a5074adf13":"95f4ea90729de0f0b890fdf697948053f656bddf57e3d461e7ee1770161904bb2cbc8c2f801481bb54145af760e91c8b30cb22faa87efcc6f01e3f798af0bd460475754726514d53f419af2f2c373c76f05bf57d3fc1b763f72ba0fd2682d9d1d76f6ce8d55b56fc7ba883fad94f59d502244804bb87bd06f1217a4a6c5055b5":"ab5bf317ad1d6bec9cac8bc520a37b1d":"5a47d7474be6c48fa4bdbb090f4b6da494f153a4c9c8561cae4fe883000b81769b46cd65f4ce34abc3e5c6880a21d12c186974b0c933a16ba33d511e79b5f994c38e383b93eea1259d38f9fb955480792206461dd29d6d3b8ff239ea6788c8e09c15be99f094d2d5980c6c1a8efe0f97f58f7725a972111daeb87d862a90a7d0":"1d0211d7d7bc891e4fba1ba7d47ac5a4f3b7ba49df69fcfde64bf8689b0eab379d2f5567fcff691836601b96c0a3b0ec14c03bc00e9682ef0043071507988cf1453603d2aa3dc9fa490cdb0dd263b12733adb4d68a098e1ccd27c92fe1bb82fa4a94f8a1cc045a975ac368e3224ba8f57800455cc4047901bba6bf67d6e41f94":128:"23681228c722295c480397fc04c848a1":0 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9c2386b948f59ce651888451021772287f14a92d807d88a8":"44f00c8a7c84e8207ec15a7be0b79c88fa347e2c3d5e8d07234536d86513bc39bebfff02efb9ff27280eb37f7e8a60a426538bc1e3830bca0e76faa33b30719fab51578d15df77893bce8740f50c491b8b9f1739a695c78406b5ee4d56f80d8d564b586b0f22ffa86eca46a9d8134a9507c5b9ad82757ec51b18741abc61f23b":"7a1f7d0be4c7f8869432cb8b13527670":"f76ea9d6e976616689709700a9638204e616f4c1c3a54a27fb0dc852990d81dfd6787aa5a83b9be5087d3f7dfcd522044911fa4186511de1957b80338025c6c4aa72058aa3160047cf42166aa0089e2ec1ac8ea6d9f5f2c057f9f838a72319dbd7bb4948da3bc87fc2036a0e7b5e8cee7f045463152ff80a1711ef1096e75463":"666c4d6d3f1bec49ba936eea90d864e8ecbe0ccc7b23872a4ad7596afaec628a8165a70397289a10c67d62942e1c158f1489a9de44443ac4181e74ebf2562995c9182b57bc960f4b5d3e33fb7cf7a0c32a59c716de23639de9bc430712524d74a087647e27ff1af87a2aa0cf0b58978ad8ed616b566225d3aef2ef460be7393d":128:"53d926af7bbf7fba9798f895d182b09e":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5852b4bbfa623e5e2f83b888f5eb6cbe06b57299e29a518c":"8cc85e520b45a85c69cd80072642ef1500b1e0a409c435d685544a6b96d3224cc40e5fe8a21c4959b2891d4a53bbff03db9939c655e6e92222c6b44c95204827bd800c74666db64907894bc4e3043fab318aa55a011ab9397592ced73f07a06282c22d9a57dd7a37eadb02f59b879b030d0a5005226c461281ce3061bf26de56":"b96f4bda25857c28fdfa42bfe598f11a":"0bfdc1b16eeae85d550a97a20211216a66b496c8c19030a263f896958e4d1decc310b955523e314647edcbe3f69970cda8e07f8b81f9074434fd86b8ec5b3fa8b155377ad28050b50523d3d185e5869bc9651d97c56ec6b8047c20d671f6dc657f4cdf73fd7d3caf4b872f3fb6376eda11b80d99cf0e85c4957607a767642da6":"b148312074ecfc8f118e3800dbd17226d55fc2c91bcbceeae2a7ca3b376f6d568dd7fcb5c0d09ce424868f1544097a0f966d354455e129096ec803a9435bbbf8f16432d30991384b88d14bcad1191b82273157d646f7a98507dc0c95c33d22e0b721c046f1c13545f4ed2df631fd2b8fc4940e10e3e66c0a4af089941a8ad94a":120:"e3f548e24a189dbbfd6ae6b9ee44c2":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2bd897e969ccee405ba9becf24787a1e1be17a571442c6da":"50b8ade5e6547c350c3f43a35a3cb641459c5ef902afc706ce2fb980b275fda62e8974d1577ef65ce9fd854d88caa10295d1045ed7563e9391d60700b5d2a4a7ba5f3de7a7d1541780b95a08eb3f0996d96aac7ee838b67ee869447617684c08566647a4991e31829907ebe4b32cfa46c0433a64f864b8b9316cb0ec2578ccee":"fef6a08d92b5b9bdae4c368fcd0cf9e8":"fb3144ec6d93704d625aa9e95be96351c6e25bccf1eaaaf9a1d405e679efe0f2da07510ab07533295a52cdc1f5a15ef5bec9e72b199625730e1baf5c1482f362f485d74233fbf764d0b6363075cebd676920a0b315d680e899733d6da05d78765db159c4f942a31d115d53f1d89cd948bc99c03adad1eee8adcef7543f9dea39":"e65ed5b6d0f51f8876f483f3d8ab8fed78ab6c2e1cf50693c8511e1cc9823e1030740ac33f05a5aa0d88205bb3071a087655f28eee7d0a07945d25e3dc00221a1dade4170cab9084c47b82376d5d439bed99150811843b176543f7944b1dd9684fa9a52117c2335dda750d9de0d9b3ef718123b6534cb012080f6ef8eda8d4d6":120:"468546d4199b9d923a607a78fa4b40":0 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"12141d5834b8ca48b57e0892b6027c997669dac12fe60411":"cf475b50672fd8cc4ba84d17ab1b733fee2073a584d5427155f144ddd945d4901d5a9d76e3d6ae55ab3f9514861c83bca7d53868f35bdc8606a167ac83591be30ddb954ee173ee172e8d7742a71c0fee04ccd16fb5d54a45820640405209e20f8494f08d791a2a15f5cb848df689296a04e4b01e2c19bd8d9ca8b4525853549a":"b6dcb39939a31df176dcec87eb8db90f":"daf4e0cd0b29343defb65562594b2b6fd3f005e6255500330f77a0550c1cfbade5f5973e836ce7046bc2b2ab8bb7983830ce6ce148d0998116183d1aed320d28adef9ffab48e0f6d6451c98eb83fafc75fb054991d123965dbddcf74a2c01c746bbbc8276b77f6732cf364d8a4a5dbf5aedbbe16793e8c406ba609c90f0e7669":"4c2d979b9c2dc9cbbd6d4ed04094285a44df92e7ebcdee7feccf04c66c45137a7df12110b8af805f5cae9b4a225c3f8dcfd8f401e05c6ce937cbfc5620acdf3a4917c5b857bff76f3d728cf6a82a5b356fb95d144125d53e568b313cef11c11585d310ca0f7f1234090b1b62536885e9e39b969060ad3893e476e88941fe2cdd":120:"99cec94a68d3e2d21e30cb25d03cd2":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"14b9197b7980d95b71ce1a1de6577ce769d6af4cb45f7c8f":"03b37942f12435f1c19dbcff496738207dc92edf1ab6935b564e693da1865da67fb51e8a838559ae1640da441f22ee79787f1e909cf3c32187b41a48fbc595df1c097fb37881b329fd7b30dd1e05d6052fe81edf2e10786acc8aeeb4fac636aac9432c3be3dafb55c76ec85cc13881735609773350b95eedbdb695b2de071a03":"cad0cfa7924e1e5cff90d749cfadf9f8":"283c8a38c7fc9dce071d4ff9ed79002a6862f9718678b435534e43657a94178353b9ec7e5bb877db5e4f62a2ca6bd557562989363c6fdedbd7f0f3eeec5445c41a2a8bc98117a1443ad4d5dd63a07806622cca8ea6f9f6019bd511634db28651b916e2399bbd84b03f8ec696ed5846f30320adef22ae6d164aed09edcfa25027":"83940097301e9867623c107d4447b250bf6db7d06f9e07b8d8bc6b72b079b725ea1f4b5f79bb80c518bc69a2bd73cf3aa7b88162773ac5b27a2dcccecce66e158ec0875937910e0b6f396cc7d7cac5d53b0fddf3cd70b570a647245a5264927be1b2d9c46fbc6a630b21fead46c4f35af1d163268e49a16083590893e6df4671":112:"3e3f677e68208208e5315b681b73":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"80e2eaa70362203b7561b135db581cf32e9cd816464f0b2e":"62cc2db32584a8d90f348be32224bfdcefd1fd25c5cb05c7e74becb4b40ea09d6495f73adc1fd23d148c11849bd825efdf15e144587f785770d2aef2788b748c338373a0ea43882141bc9f7c693a291c512cdcdea6d5defb2efa2324736df7fc4b434d7f4d423fb1b8853ec3fdf2c1c2881610a8d81da5de5e761f814ed38e35":"3d7e99ddea0baa45e2f9f2289d2182a3":"71663fab717ec4d9da34d4851437f4504dbd71b65b0d04eccc513282c351925c23892958b4c9dc023c5a34944ef507e0b40857d8b508ab7104d13c2fbfce2d086d466291aaa449ad36977837216a496ff375959afe4dd50dc2620a062c926b939ffdb144a656bc04bcca8d1d4fa0a9cb0a5d713721accef2d2c9688a77bb42bc":"1c56b492f50fc362c5bf70622f817e1814ae0b69db7e3055fc9e690d2adb940f9a78cfd7e08044671913baec663d9f9af6dede42fe16d200e8421d22066009535704b05b3775ac41359d7c2697e2f4bec40df69b242392eb30e2d8a664d84cf95ec21797f1ccddb72926cfdff22848d14e373f5e6c3dd349196464c98dc38365":112:"e0c1b140cd7bc4ded916aab8780e":0 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4b7aa649cb1488a658b4387451bf59852e845ec7d2273c69":"245251595d10d719d8d00610d391735fad377b60d7430c7db488488c1ec25c12ee0dee3aac3d7dc19aa602924a1f27a2cfa8f6354315db93b5e4d2b6e8402c4254921e683ca681dfb3c7f433a97f119e01f2acb20988dced8494e086395351f2af356b11832472cbcb109c13ff92f10a4c8fe69bd264c8933cded19a980bdbd2":"07b50b1aacdadeb03e7488458db03aaf":"2a7970ee97d612b63d2a0c29e5045ddfc6621c237bc270b3147fc0191de199b6923947e3bd3750de5155e1df29caf96ac702f948c38619e218138945595156cc5f1dcfde0d1d6a5aec48ff37c9ff2b2209a904c59593779820ea68ad95898c7ca0d0d81583c44feb0fec30665cc56620a8c9408e4275e60f5284ed7c0e58285d":"6bd53e4415765f387239c6664f837371b39f6d7ff22453211e91de5dd14272784fffb4f6b2c0bb8c6b7d1cafc55133aa0d54d410ae383008fdd87645655062322fbaa06df0a2d7ccf4cc170d1f98ec6a7ad524a3e5b07761f8ae53c9c8297faa5b5621c3854643e0085410daf5bf6c7e1f92bbbfc3691eeff1c5241d2307bbc2":112:"78d37215234f9a32571d0d8b1e51":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"512bbb490d062fe5ecc8e5ad95920a9e9b78bec6a7694dc2":"862f2724ad82a53e0574c0a2a0515bd86c5ed0b5ae92278a78ea1a90c03059d08a91d1a46678aef862b56d0320e970b7f941b784841b4d8a38d056f2bd352d48c0028086a36426bbc1436da9e021dcac705b6e03649b426cebd7a235f6d060ab6302d777fc9316db4a85e8c1387648a8f5ce2398a247413cb9374124449e498d":"2d14fb3e058f97b7c9e9edd1d97cac7e":"290078e63c81abfe99010b8344ff1a03dac095e2473d7a31888102e838768892e8216439dc3355aedd073892f4449d9d4d3ea6c25a9152c329d24cc73eaa0004832691740e60f17581201c8f7f4023d8e55faa3942ad725d21dade4c03c790b5370d4cad3923527c20ca925a2ce534a652ed7e032cb1c7906aebbdc24e6b39a4":"44e78cf3a2ce4a5e498315cb8d5e841f926408921f3665d533caebe0a7fa6c164b3d2c0b21ff3a608a7194e3194fda165ada8d5fc2e924316aa4ce201531b857877c5519f875eb49e5908d8d81b69472d03d08c785ee374c5fe91b16aee173761af7ff244571fd40aadabb360f38d301463e9da8cf8dc44d20848688ab3be47b":104:"6037cb18f8478630bc9d8090e2":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d3964ee03ec5e500f2f8c05313b78615420183fe2950be32":"b9424e4a79a08a7937da1da15061c1eb9a873748691ec9c1fc76aaa164bd34873d07437d203c92c0e89c0c5befedfbb17f721f576473253617547206fb2b340945536cd7a049864d099419cf3f7a9154c0ac8d676b0e9ec02947caa4057560af347ddb46002703f3531f27b2197790ba135e3d3c0709c86f4781890deb50f3ba":"d3d4e5fdf6e36ac75b4d51c47ce5b8f9":"6146a97a2a1c709458bef5049088fdf339e4fe29cbdf519c93d525b71c9fb501c4b58bef49d43cc7699b18fc89cee1a4a45834f517214a77fb3b91d741977308e1585c474245802118d0e2c7003057c4a19752a143195ec2a57102cb2a127d2dbefe1168492e072e74c5f6ee102a0c371b1fe2ddfd8ecbc04c6f42befecd7d46":"a2ae334bac969072e754c0e37765ca6253744941a35587bb4feda54233a7a59f037e971d254c67948b16e4c35f306c0984f00465399405ce701ba554419a736cdff5a1b4ae5ab05e625c91651f74aa64c96ab628243d31021ad56f535eae33a885b45730268f900b6df0aff18a433e2823ddb0628a7026b86b3835160e5121b0":104:"817be7dcf7adef064161b6c42d":0 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7a8049f521fe9a00f7bf566369e540a48ab59d83305e2829":"67243a336a10b82a0a8638b35dc147c14ac63b20977922a13de459ae2cfbdb262a79004c3a656dfbc073ec8878595e24998dc44b9435439af117c9635c479676f6edb8f522cf01571be5aa5b5bc7d1cc3264436566f8d3c684973d1e88d46282b53836a1ab5a698560e5bf7629ec12cb141867f684b369546a1d8bf48315b6c7":"e4d81f71e1de8cf4689bfe66a4647f15":"4cf6733482c218af832e99970d0717ac942ebace0fed4ce4dfa1f710b9e131a21cc03dd3ced25b78bccd1991a30bb53b463c1440b6543b19af91e31c18866c2acebb78c2a340b930518e61a63ff8d6a6e8e7960523de40a178614dad4ce5ab253e1090a097f8ec00dfeecb46aa0e8f772f01c4e706de7e824386a13944600542":"cfa8ba247ada9e6b3e5ab7dd0a7108574cc811c2986cad951168559ff697b77684880ec266f0b7d87a2ff559e368a85846becee312bb2991692d928a7c191cfdb7f1468f8b84be4bb592ea640743443bd4941a8b856c57be21eb22fcb3f6c0a80728ddc9dc5fab1c77dfceb91699009054c5a4eb0714a10b74cf0e09fa630299":104:"1dcee251cda10b2ea8f2bfe6a0":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"657567a56e585c84e4033268f08f712aa280015b77cd657f":"96d889651c4f3f5120bee233f6395fa0bbba1f6548b109be568ff96f11d24e34d67beb6c20268feba89240674b0b4552d0a6455d43e8edf943da3d8d785a5221df8ddb3a98d2fc611ac7362aef71f8f004eb455a16d1dcac488ee83d4f11c4a00c29d9990c5a2a97b897d67e51faa40999b1e510ac62fa4859123cdb37d202ae":"94dc757b6bdbfe925b762923cd0a08ed":"a2c54e8da7dca49c73550bd1f5e68449295f062d5dfe5aa4201bdf353a2a1ac9c3c61f2b5482184cef481fa378a1ea990ce203c2c7d76993c62b415ece06b9b7caacec0c4147c0cbf292e528d97c1a176fcb1ca6147cfa4bcce92cbdfe617738a92273282c7a65fcb997bceb867ce01ec74541582d3961dddf3a2af21cad3ce6":"55a5d07a77fc37090c4206f19483aa3cc03815194ded71c2b2806ad9563edfebfcf962806ba829373947e3e93f4f39794514ad7b6dbc626e29fbc35f90f573da33ab6afb5c94383fd0fdd1ee074d650d192f6d08fbd1e24a6966a81a2ffd83fab644ee914952de77e9427262314ac47c11a44bf7d2890f9b9980499bb6a1f692":96:"41c72043f6116ee6f7c11986":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"61159242d48c2ca0c30377ec2ad701135adb62d113c9f9ba":"8ae40603f6cdae4b63ac7b18b4bcbb83c65867c2ae270102efb6f00aa8af5d0400dc95085910a50a16cbcf71f06c3f3eab71345d59c6054aaac02971111c7146add8c072158e0b374d481bb540036a136ccb91523f96f24ea237940ab011ad38f2a3095c0785df91604be1fe7734cc4119b27aa784875d0a251c678900334a0b":"4fda7236bd6ebe0b316feeea31cb5ebc":"ed28e9954634ec2c9e2df493062abf3ea3e199299053a15ce8d6fe051d1076287e4e7c0b2bab0a599b763a29d0aab680626f280c4f5ad94b7792d9af532681f6e4eb2672781f2342304daff902d03b396853eaf585af4d3bf5078d064e9eea6e94e667722f15c004f4cf52253a5c65b75319b07ba539558d8a2b552390a21577":"dba251e35422f60f902f594bb58dce37131e8ae06b5f40ad23c4a70a5e25fe24c76982c9bc11a7f4e3cc62d8c1326170432633eba1634972a9bcd093b08e1c63ece07c4be79cadc888b0408e40c09636e1cf1e5e9a6f2ea44eea5409a2ffe9c3ac9a18ad7aa9041f08eb109c01ed90732a8afe0694319ef98a0269685b4d16b1":96:"b0feebfc8324fd1e9e40f7f0":0 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5b4c37150f8bf0e14e0bfd37ac14e606dd273577007f24b4":"48c6486b2691b86f5f107e8fe0122a821248206d2dd3ce898a2bb3772202ffe97292852bc61513529ad95faf6383b5f6c5a7c16c4cbe33cb02e5e50f32db95ee2962aae1c9c0f5470b3baa216cc19be5ab86b53316beef14397effb8afba5b5159074e26bf5dd3b700f4ea5abd43e93ca18494e1779b8c48fcd51f46664dd262":"664f553a14dcd4dcba42f06e10b186aa":"4386e28ebd16d8276c6e84e1d7a3d9f1283e12cb177478ab46acb256b71df5a2da868134ed72ef43f73e8226df1f34e350b7f936bd43caff84a317b1e5b2e9a2b92ccab1e3e817f93222dd1e2cf870d45a8458e57948a649360c6e2439bbcc682383b50bcd3d8b000592c3ca599e598a03b9953af485f1ecc22501dcacb7110e":"05fdbb5ad403d64011e15d27cd6f5a2247e018e479e58ad3fee1e0e8ddd9e114c0e82f2c947ff9af525ce752f4aea959463899542b85c9b413d065ea175103c3b3c35f56eea52af2c54ec08a1d5b7cd5ee4f59de8be86512b770e42ab176b6b70ccbcd264d6d5cfdd2e52e618dc24251ac339ea38cdc446c778d2db3c7c3e93d":96:"77f32401db21adb775e7f1d0":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"531a380b109098eafd997bd25bfde4868d2a1ca781795e9a":"466237db78d4c770a658b9693420a2e087c978fcc434c9ac82f3e2447b2fa08be32d2ce6da25846555ffe5764234b07b35dd1d1bcb710e8a49f918f2c873681f32765b092a836e9418faba61dc59a254c923159be16f585e526616fedd3acfe2748ce19ee03868ea9836bee2c6acb1b821e231eb2d30d300387c93390d51e3a5":"ad079d0b958f09732aaa2158f6215573":"09e002c2c48beaf1122411e8624522a9e90cc3f2a040c52ffcb91136519277c39fd6a79292b8835e0fbcaef2279218106aaf75036590f8a46f6b6912053a3b391849f7e204f096288d6141d5f80c7f91dd2f2b6ebc1ced6af8216e0a594814b56bd592df800299b29e26ed7461ba3f6f3cf151b9c10ad634a01d9c5e578aa372":"d1f49f94e6fbef7e21abad23e16c06fcdfa75a8c342be67baea8e0e57dbcd2971276e993faa124ac81e6be18f68af303518efd926513cee9dbcc5ef6cf5e9c068a1210e53fdd56776148d51597e359dbaa0570b4fe15476ccc9aa79f7c765755b6f694af4269b9e18fc62a0d47708bca67dcf080e200718c22bac256f641e7a2":64:"01ec395c99a17db6":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fbd7a92120ff973ec69b6a8189c6ea827ca20743a8781518":"1583c1578a8c8d272a970f05d875f199e497c55f03f10f7bc934fee21c30379dad3c580b3f99304a5747b61fd43428506439ede2c57f5229e13da9cb7cd6174cccbb397e98fb90455ccf3ea3b1304f432a070a2eb5205ed863326b3b86d4eb7f54ee2ffcd50ed6ef01b3ee216c53f4f2659a88fb6343396b2ded0b389c6266c5":"57658c71b2c45f6ae2d1b6775a9731cf":"45ca8a168ecca7a42847b779ef152766b902192db621d2770b56c7d592207afaf52d19a6059feb76e96b90628995bd6517af3f114e97af8d602a493b77405e93095fee6761877dc292fab696a4303102dece60951cca20cacb171abdcfd0ef6da6c90b44edba63b9b6087d876b3fff24dea909899ebd0d0371c424f51a9a84b8":"58a290cf0e774293d1b55f5ef8a305f68605c0c81668b8a1ba95fceeaa65229404e18fa54dd811a6af085c98b8854d0f956adc2aaad742cafa9ed53d7cb445451ee7a4dc1e8399ec7e5b4d004ecd22496565bf444b2e3d82ddf6a6d5e6256c5095a699d7ff3f8cf2addec73e21013ee6f3dfc0a3abf316ea5ee1d6943bc394e1":64:"af737ec3512da2b4":0 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"54bfc8379e0a8180b931c5188c95ab3ed3461d6e9004d182":"93327664eb576bbb64e4ff061874346b4e80a779cdeb1fbe630bf5e4307d4f2c5d5ecc94aa8bdea755c1af165fc8925bfcdf128c1ee6571e9f8344b22dfc90ed893316031661a9438b305396f3a80452c9b11924163b7fc4422b00dc58ee0e674710239975a2cf3253bf2601cd155e09547a5f3be1adda84a4b29631a8e13161":"9d15df8de4150f44d342f2031de3611c":"63331936d2972abd44c1c9f62e42bfa932dff8cc75d9f555f5a7847d08558e76f5393e08909760edbef8d2922a7ca8e1c0c505ca627c02af73253791bb35ff080b4db7dddf4c8b304999ff645227cd79f13ac87f9c963b93a79a0e946e5781cdbf1b4b1967a75314f19c7219e3b69dc2c24ba09fbbdf7184278f82818bdd0958":"18ff87dccbc24c396190c7b37c4a77f86e609db7fb2b326802714d0f196b00b84af887f1b3bd30ee0b0b192d0801ac4e59ac40e5c652b3da32aa024da3acf648da0253674c391d260c0674853c7821861059772c9a7f2775a7ef77d1d31a6ec1c51c5f3089bb516f8cf52d5a15724281086abd92a74d255b7cc84b5051be4e5b":64:"bf0f7f8084e79da5":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"21b775ef8c40a5387d6c8eda4e90d0a00c795681a2887dfc":"6346f84301d6d83e1c5bad44fa7e0821f35723713ee8d4a9e2bf15abf953425b09bd77b2360f4e62e82bf9e14e2b56be51d032aa8a96e894f19f3e84630f9eae831b329f7638b09de7210cd29778059ef1d0bc039c1e10405f3ae5e4ca33216adcfc21869d9f825344d62b50bab03f7aa7b92fdb94951a68acd01f1dee75e428":"9763e6187d4b96b1801d1f6efe7e80a5":"3bd523c16a0022b780ae8318a28f001502120bb26e2f65f4fe94019686f9d1df330e70cef1b2ba4b6ce1f7ef37750f47e602843cbc5f13ff2ceadc5091eb3601604b70bd4acad3d61950b9dd2cbfd83a391223c8e09fddd4020c0f8a8a7057139fd92f3bbe034f03cc48afdde064c8b13ea942ec0d621db959ec9d5fa95afe45":"f25408848bc27ab087b3ea053762837a534c3702dd8be01d79f075f61d76ac1d6557d392e1fab475cc7d13a5f6be6f0718bad71c3c85b5996bd3c0159e264930988e3ed506bcc94fabecfb58caaf56e2e4315bb50817cba765636d1faa91147b3880815eeb90d0934180e49132833abfa6279247d9dd4048dff851e9a551ee1c":32:"d1fb9aed":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8a7d8197d9ceebd8e3f6b3bfb74877ccf649ac91d7057af5":"37b01df357561f5aa43b5b4b0081148213f7b74babc80f4b3c6dd78ad17687f11443cd4a57f8d7a74ca3080e2a229f78d8e6db276c1142d5f4ee764eaf09cfd70c596d7a2cad5360c2de20d5e17ec6e06a9b049bb10f8742a30a94270cc6d7709b2f09f3cb8347e41117b7ddb99e4a939f3094c016330a8f170ccccb9d3651fb":"db5144951a9f1721397b7321713a723e":"ad72fa5a05adc40fb38245da019cbf50958ccfe26abf67dfdd49f4c4af6bda8bfc99d557913b2634c5c65d33ca909360adf598b703db1dbcc29481b17ca42fce3315ea1454693b5843e751fafd78158fc040c1cbe607063ba9c0ac02ae4b88989e3cc63adda8427032c70560349e1a8ec847906a9a7b0422a694a1f9eb2b3b72":"6985ec525cfe869e1709751eb6f1ff0aabcb39ae3aa708adc452ce1a8cad8ab4f1739f660b2841566f1f5c9e15e846de7f86ca1dc085188fcaa4a3f839ab2a5f0cfd36e36965ae519fe14f98899ccb07a3ca15ec705e3160df6dbc37ab89c882012eefe51e4da8d6d6b84b3144ca87a90864ff5390abfb92992e44c46807b3c8":32:"c51604f5":0 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"713358e746dd84ab27b8adb3b17ea59cd75fa6cb0c13d1a8":"35b8b655efdf2d09f5ed0233c9eeb0b6f85e513834848cd594dba3c6e64f78e7af4a7a6d53bba7b43764334d6373360ae3b73b1e765978dffa7dbd805fda7825b8e317e8d3f1314aa97f877be815439c5da845028d1686283735aefac79cdb9e02ec3590091cb507089b9174cd9a6111f446feead91f19b80fd222fc6299fd1c":"26ed909f5851961dd57fa950b437e17c":"c9469ad408764cb7d417f800d3d84f03080cee9bbd53f652763accde5fba13a53a12d990094d587345da2cdc99357b9afd63945ca07b760a2c2d4948dbadb1312670ccde87655a6a68edb5982d2fcf733bb4101d38cdb1a4942a5d410f4c45f5ddf00889bc1fe5ec69b40ae8aaee60ee97bea096eeef0ea71736efdb0d8a5ec9":"cc3f9983e1d673ec2c86ae4c1e1b04e30f9f395f67c36838e15ce825b05d37e9cd40041470224da345aa2da5dfb3e0c561dd05ba7984a1332541d58e8f9160e7e8457e717bab203de3161a72b7aedfa53616b16ca77fd28d566fbf7431be559caa1a129b2f29b9c5bbf3eaba594d6650c62907eb28e176f27c3be7a3aa24cef6":32:"5be7611b":0 AES-GCM Bad IV (AES-192,128,0,0,32) #0 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT AES-GCM Selftest -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_de.data b/tests/suites/test_suite_gcm.aes256_de.data index 2777a2708b..8361c6008b 100644 --- a/tests/suites/test_suite_gcm.aes256_de.data +++ b/tests/suites/test_suite_gcm.aes256_de.data @@ -1,679 +1,679 @@ AES-GCM NIST Validation (AES-256,128,0,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c186654406b2b92c9639a7189d4ab5ab0b9bb87c43005027f3fa832fd3507b1":"":"3a0324d63a70400490c92e7604a3ba97":"":128:"4c61cd2e28a13d78a4e87ea7374dd01a":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"747d01d82d7382b4263e7cbf25bd198a8a92faabf8d7367584c7e2fa506e9c5f":"":"7156358b203a44ef173706fdc81900f8":"":128:"9687fb231c4742a74d6bf78c62b8ac53":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cbe30216136b7eaf223e6a7b46c06625176d9a08182fa806a63d8b143aa768b":"":"4fe6ace582c4e26ce71ee7f756fb7a88":"":128:"d5bdf8ec2896acafb7022708d74646c7":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f31194c83bb8da979a1eabb3337ceb3d38a663790da74380d8f94142ab8b8797":"":"404efd26b665c97ea75437892cf676b6":"":120:"e491075851eec28c723159cc1b2c76":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"daeed52ae4bf5cbe1ad58ae4ccb3da81fb9c0b6f7619ca21979313ad9d3e83c1":"":"4037eadb11249884b6b38b5525ba2df4":"":120:"360c6ef41cbd9cd4a4e649712d2930":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ad81c34389406a965c60edb3214663ac4a6bd5cfd154ae8d9dc86dae93def64":"":"cebbce06a88852d3bb2978dbe2b5995a":"":120:"bd7ca9f6bd1099cde87c0f0d7cc887":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4c152ba30aefa5b2a08b0b4d9bf3f16fc208bb0bc4c4eca9411dc262d9276bad":"":"008d040fbd7342464209f330cf56722c":"":112:"c87107585751e666bedae2b1b7e8":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9aed4ae6b1d857fdcbe5aec6db38440613dcc49f24aa31fba1f300b2585723f1":"":"947c5f0432723f2d7b560eca90842df1":"":112:"7d331fedcea0fd1e9e6a84385467":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cc80bc031676eff5f34dd076388a5130e985f9e06df4b4bf8490ff9ff20aae73":"":"51f639467083377795111d44f7d16592":"":112:"02d31f29e15f60ae3bee1ad7ea65":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"db7a40213b5b4b07e9900dc28f599403b0579cbce13fcd44dff090062f952686":"":"aea6f8690f865bca9f77a5ff843d2365":"":104:"7f2280776d6cd6802b3c85083c":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"299b874eaa8b7baf769f81f4988a41e2708ae928e69a5ba7b893e8e6b2db5c3b":"":"2aa04d85d2c0dc6f5294cb71c0d89ac1":"":104:"ea01723a22838ed65ceb80b1cf":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a6c7b4c8175db4cf23d0593ed8ea949043880fc02e2725f0ab90ae638f9dcfce":"":"ae07f8c7ac82c4f4c086e04a20db12bc":"":104:"1132e4fff06db51ff135ed9ced":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b98e1bf76828b65a81005449971fdc8b11be546d31de6616cd73c5813050c326":"":"929b006eb30d69b49a7f52392d7d3f11":"":96:"33940d330f7c019a57b74f2d":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"09ccef64ae761a70fe16772cba462b058a69477c91595de26a5f1bd637c3816f":"":"e34b19381f05693f7606ce043626664d":"":96:"2adc2c45947bfa7faa5c464a":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"654cf46598e5ad3e243472a459bcd80f1e026a65429352dbd56e73fcc5895d1c":"":"a56f27709e670b85e5917d5c1d5b0cc2":"":96:"177b9a5e6d9731419dd33c5c":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84bca1b2768b9202bf194f2d5e5a0a5f51fd8bb725f2bab8a3fccbdb64a4ea70":"":"c45b2708c5bdf65ec6cc66b6dfb3623b":"":64:"fe82300adffd8c17":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c8ae011795c9a60ad7660a31fe354fa6f7e9c2724d7a126436291680cd95c007":"":"1bd9ea6186450f9cd253ccfed2812b1c":"":64:"35214bbc510430e3":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"df2f0a8a3849f497d12bda44e12ce30a6957f3febcd5ec9bc134171326ca66d3":"":"728cb9608b67a489a382aa677b1f4f5b":"":64:"e2ef5d9cc5791c01":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78e8a8ad1ecd17446cf9cd9c56facfd4e10faf5762da0fd0da177f6a9b9c3a71":"":"f169ce6f3ccc58f6434ae2b8ad1a63a1":"":32:"0fe57572":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"02ca6d8a862e25db9d68e4404abc107e700135df4157cfb135ce98eaa33151c9":"":"7b722fdd43cff20832812f9baf2d6791":"":32:"72dea6cc":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a2b709dbcc3a4fb15b3ad541fb008c381b7e985b57df52f07ca7cd26ab1ecc4":"":"729baa4c0ef75ed8aae746376b39fe3c":"":32:"2a0d607c":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"449d39f863e4909984b37f2e5c09ea4d4b3e9fac67bd57c299e4e1d1f084aaa3":"":"d8e9118f331bb5a359f0aa8882861b72":"4ddcae0bc24d622e12bdeaac73e8d1ab7957af051d27dfaafce53aeed4cdd3f989ea25989a2f41cfb3c38dbd841c5560b0b5ab1861b1fbcd236865d13da55b50219462e021f8a21848a64a85326031fcec8fe47a6ef4a435dd2b2fff637644ffcf3914ef2dfa5dd556421bfd297be150b31db039f0f2cc422b282e659e70cceb":128:"c595b9d99414891228c9fa5edb5fcce3":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e70e66813fc48f984dcda4d1c9c24f1d5d1b71ecfc8bb9581782e7cca5a5cc6":"":"d804f1051e72c9b7117002b862eb45ff":"0b1ab2b7a87cebac668c7a532fa8fa56a22cabf0c41fc1e6744ffe07c857c6865d623f508351f98f3f0c577d1eb94300a30a445472218c8ac626b0bee7d4c122d33f8130436a89add341e8ef7e00694afb4ad80d314d87ad3f921c7105eed05431b8151df7cff2c8e3790efd4acd3f60332dc7f34fdd90beef70f9093361d65b":128:"c09c2e3fdfefa222f7345ae4efb978fc":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8e534041090b45b80f287dc5fa20ebda017ad81b0530e680f62c6280fd8881af":"":"ead675b019ef5c6bbf4985f2a382d6c1":"b1db220052c4bebcef27eed6db0dc91be481179d71160c5a2ddb2fe497a05484840b04cce48980057d770fbbd0d5f3d5c633b55470617ad2cab5767188283310337825c4b0eafe13b5b11293dec230dad43b220885105767938c7ec4600fe063f98aa14bc6afb886fc874c10546749da295f571e696305bd9165486e29f43f52":128:"9aa0cdad5686ca515cd58aed94938ef4":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2de18874470c09db683cf45cd752bdfa8bf33e7967220b1a69f41f2a02da1d80":"":"af30eb2d0a0c2a50ea413f3285aa88d4":"22889b868d8ccc9f488406813caed199b23091ddd796c8632f564e7cf5a39dfb725266a931fec958659b6fc5b6b9343b8217edb0acb010afc9416601155262b57bd398d62f555953f0e15958e19ae004fbc9cb25e0269a9eaa38a4635a27bfa719fb249fa49337796bcf5f416bba87fbf3b19f0d8c11290c25ca50bbdc822f01":120:"646bbc9b14681af65b0d1c4c9f1d0d":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1a1bb9122e762ecd7ff861a1d65e52607d98e7ae5bd1c3a944e443710f3b0599":"":"32f99ea4cbf52c2701c2252e5e6c863d":"91b7a70c3a06c1f7f2ea584acb5dd76177ba07323c94f2e8f7cbe93fc0bb7c389c3c88e16aa53174f0fc373bc778a6ccf91bf61b6e92c2969d3441eb17a0a835d30dcf882472a6d3cb036533b04d79f05ebfaadf221ae1c14af3f02fa41867acfdfa35f81e8a9d11d42b9a63288c759063c0c3040c3e6ee69cf7c75f9c33fea1":120:"a8e29e08623a3efdbbe8b111de30a4":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bfad1e8f9850577f9ba3f290e9a5e91b494c2d99534220362e171a7543177ac":"":"8410886b70c57d7ded8596443bd1b157":"ca801c83596795515ea931edba00e06e332bf84246b7036e10b317e2d09a51b2981fcb664ee3bf4180bb0b12ed1cda221abc6790b27c26914f5ef9cea9536e2453cd5b247cb054e295c2687b725a97cbc484b8eb86c6ceee03bd07a54a9301a3ac0ddb23aecb825a238252e7575329058b40e75575a7f16439edf5be163ce5f5":120:"e3645db0c600dba52044efcecfc331":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"65debdf2f2191a6cd8de8ad4d5d4d0d8f731f67744e2545df6b2a7cba89c1ee0":"":"fdab2ee547dd8b6f5a4ea2dd19697b3e":"d2b0a0438ee0f145aec9a7ca452b788ecb473152b78fb75f6ace721afc7b0ae1942049b790f3a5b6221a8760295659756d35347cc04029be03459f3e23a71209b4e0bbe13a253a888c83db23376d3a6d9a539f7c9fa4a12dc64297e7c93dfa0ab53ef76b6e1d95bf6f3d5e6ee8f08662fc03ec9d40eff0a43f23ac313671bfd9":112:"c25fc157c3f2474885e2eea48aea":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"496ae810380460d40cd2fdae8c0739f16b87205cc7f57db0a71a473eb361d570":"":"77233de96f5e1744337778212b411bd5":"85f5b54b4c4af5c808120bd28d98e44e96f4126623e57684957e9fc4fd1a2d0583940b8fc8314a249325476e8d05247831b04709580ae714e8187cd38f9559419e14c9fc4f8c454ec191b8ef2a3610988fe3339d0dc6b72f5978f9eff9d596dfabf27056e3a908c6497267461386e860f6b9d65526294bcb92908b5661b06b5a":112:"4ed91af6340e70b0c2b94ab6f82e":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aca188183b46139cc7cffc82a6aaaeb2fd73cecad14e75c663bd62daf1ec711d":"":"7bbf7fb55eb70cce94cc6a2b67de55ba":"015cfba90f069545fed60f31992ff3d3c3592eb91e7a53df5978ded64291954cb99a57de82d5398ce782b68d14ac04a8b425395bd076ead59eb445721bdb2f45e19fa089117800cbbac7b8313fb165ccb1122acb654e1242dc7fe6885ea1cbb7281b1270cfa1549cdfe9b47caf47b4ac3807e562e48c066566f5e606b5023b47":112:"3bcb5c2a4261d75bfa106fb25ee1":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8cd6815f6ec15f03b7a53f159e877a5981e0ab7f6e6c261ddde4b47cbb2f2366":"":"c431c07d9adf5f61204a017259cddd75":"4e1a835402bde4f5227e64b46a1f8d0f23a9434e189377fcdf1b9621ba1987eb86a7f3b97ed0babfd674e74c5604a03dd016d71000a72bbbd00a7f7fe56ad0fcb36a3e24dd0fdb63bd66d4db415f35012416ed599796ca3f678df7eb5a1b17f75abb348ddd3b366369a7b362c9488aedab836b61f9a158f0b129c8ca0a53a81e":104:"0e463806ff34e206f703dd96b3":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8f0a72abcda104aa7fae501f9a3b686d00d3f6fe984731db8a2865bfec587073":"":"ab8acd063775d1b1314f14e90fddd1be":"02c6d426e7f20b725d8cde0a6382e49b029b52126889013ef45251f27b2fadb95ca4a9a3b16ad06999eeca4a473e813045db4942e9b9ff2e5a5e429d9bac298372344d1b781d5facabf6d779643f31ada6124eb50aad599044b54279ec9b25714ac8a3b9ad2487cec7f4b1ee245d7be3d496d6af1d4cbee1c8201312541f3064":104:"3f0ccc134091e0c0425887b1b9":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"417135cad74280e6f8597dc791431c95cb8fa63bbf7197e3ab37c4b1d6d9438a":"":"0fe22d9ba1d0e32656e3a9f07a517a27":"a0b2712e81d329d5b076a4be2ad6823cee6dbd17d9a592d065bdebb92b1ff37a56bf2f5e5341f39c574246ccda19e5f35fede49c9ba958f3920cc5440fb404fab7846884ca0c2a3af5b51f4fe97a1395571319cc5b40f8aac986d77de280db82343983982638326ef003e0c013af19c34672975dc99ccc0853a1acf7c617d965":104:"888b836c9111073924a9b43069":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"304824914e32ea0efd61be6972586093349bd2cc2cf0cff44be943682b2dbff5":"":"b6d927a71929029f6766be42746f7cb1":"7281c81c7514f4b17cb125c4649006ef8959a400a1e4d609d277e363e433725fa32346a10bcbd826b6afc8222158920d0a2db1e6fc915e81231c34c3941ecf3c6f94ffe2136190cae3dc39a4277acbc247f36291b5614a8433b1a0780434a6c50521b72ec25145bbd3b192647155d5dd9df9e66762d39592602ea99bf9bfff49":96:"b6044c4d7f59491f68b2c61e":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8a10e9abe9389738e12a4bb6f553ae81e8bd320e0dfbc05fbae2128c1fde7a23":"":"6da44354e198e3beb54792718becbcc1":"199d754630135b669bf2ec581d3027a569412ab39a78dd9d482e87b778ec65c6473656260c27827e00e566f1e3728fd7bc1853a39d00e43752c6f62c6f9b542a302eea4fd314473674f6926a878ec1e4b475d889126ce6317115aea7660b86ab7f7595695787f6954903f72361c917523615a86d6ce724bd4a20c9257984c0c6":96:"5c5683e587baf2bd32de3df5":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d164ffde5dd684becaf73e9667e3e6acb316682c41aea247899e104a54dd7a7f":"":"1d388e19e9d7a9750e2fc1187d4b075a":"f166a5b6f91261cda56f1a537f42ffb8aed10af5e0248f8910034b92dbc58d25953f1497f571d31fbf5ec30d92234b440161703851f0e43530418147ce6270fbcb5db33ab819ba8973051908704b6bea8aaca0718947e6aa82498a6e26a813981783ed9bf9d02eb1ea60927530c4700ff21f00179002b27903dd4103bbc5c645":96:"52e10495105799ead991547b":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2854188c28b15af4b8e528ab25c0950fc1384976f242716c91bddeec06f2fdea":"":"075af9c31f5252b8920092cbd999e7a0":"e9452f71093843a025bb5f655eb6a4e8316ab5946484b11818f22b62f4df75d5891fa3397537093a261dc9a7648b7477ea1f5fc761716e302763364bcab7992595edd0fc1c7f7ac719c879e6616e2007948eb8530065a6cccf73d0fe4a0598819b471b0856e6d90ea0fc0e5d36a30ee925b6b8e5dbf40e77f01efe782c0bb4f7":64:"6ff8fd87e5a31eb6":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2bfc445ac0365ae6c3c3815fd18bbd0c60ea224f6620d9b6ac442a500221f104":"":"43c5f3367a9955aaee1a0c4d4a330059":"db0bae8ce7c66a8ba2fedec22f236212e9a7ad72b371de285c7dc6d2f6c22df0ce4920e0f03f91eb1653c4490050b9f18a2a047115796f0adc41707d1ffcbf148aed5c82013f557e6c28f49434fc4eb20112f43566f212c48cec9894ac40772fcd9b611ee9444df7b73e35b8a38428ccb064c9c50491d2535e0b539f424db83e":64:"49aaa806cb2eeadd":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b828f99aaf751bf22d993ed682e488595617a607ed74aaacbb6b60457453080":"":"d48dac1d8d77e245420feb2598812418":"f50f785f4e7c848a55a616ecf4b6b1e1ca85e16de7100c7e4273d411bd95c1380ee157ba501ba9616980195f34e39f43e335f33253342feb8ed64443483c721b85241a0320b3cac83104de2db47188c61a373fba592ea16feeefdee1f2bb43927396f58151418672ebb74afff5c029503a0d0be81430e81ed443e08b74c03183":64:"a5b71ecf845b25d0":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b6da11d69fca3e4c907628d3eb63d95c7e502fc901372fd097e064e70831432":"":"6fe2148f250ea178d4c8ca8423ead87d":"a8097bb74ded776f578eb7588f5ef8915db9bfa7262af700c8e76ee114e07557b6786dd5a60a66b2703e7c9de5d6b42aca92568aec5d1ecc298dbd0edb150b8cc13c9a78698f7674caa94da6cacd1f3ef4ca4238c59830ea725ab3a6284e28966c8c32d9bccfb0cfd6583a5ca309debe86549a6f317d15c5f928cbc7f473310c":32:"e9cdbc52":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c5ae9328be49e761064080fc213e53e373fd86359a09d0355e2d438d9b8e68f1":"":"a7e3f8660ff925d5c88c5aceffbd7026":"2ddddba7a56cc808aec4602f09ae9bd78887827bf0315d8dbe16821606ef9d117746dd138bf1f23565d1ab8f4cee36d53fe3730632c5df9f12109b16edbeae285bb49dfdd155f5dc97b319a85362d53cc86817b7c1c31e5e87c9f37422f133d00dd0776bd92ab05ce6860573cd911645cfe3fbe515e85f744899a447fe443653":32:"e35dbac8":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e4f8ca13ba86c658cc7f42d4f029422209efbd101bc10a1df81a42cfb3a0f79f":"":"1a362fa0e4054ba11e4b06d59c8bc9cf":"e7ad5c75aa13659f8ce4b1650c46382645ec67418199b84ea445b8ceef619ef3fbde59ed3d313c459e36fcf87d26ef2b453409b32f1086934c3072c1ef0aac83762d28b1193b9afff2c083ce4300b768b0ae23ff9d3dcf65bc1693f1350da65180620aab205aceacfc683c8be53a332e2d0337a7518d2a5204f9c8d7325a4799":32:"e7a37f15":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"00050a21ca1e72cd0924be31b943c60854be6744577de3dd9d1f4fada4a19ea6":"693ffd3d92294857a99c702a0799eeca28ab066dd90917b9ea5ef8f6547f1d90b106cbec8ef2c22af9f8efa6c652f2f97c2baf33af14fe9def230d49524bd65909c3df1490f637f99e788dcc042b40e00bd524c91e2427ef991bf77e7b2f770cda6e90076c5dac4cac7ee3958b53ff8ce846c3a96281f53c2c52f5f3e523536f":"2fc1afc1395d8409919248709f468496":"":128:"e39b6a7fd5ac67a2a1cc24d5eb9d9c74":"":"cfcd6b9ff7641829cbadeaa2e56f1f150a099eccf3e378fa4da59794dcc4490aa4f9c5db0ab245bec36a7d4557a572008e42f03bc1baff3c946f23f54a4dc9828f106cf4264e4ab40165839d1085e7795b1ae0950f0ee4a08e46ada501b6b51dee0e518129c9426e5bd44c66674a9f99cfe676f002cfd344c5bbd22d3d91e600":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f10965a66255f0c3515af497ccbb257a09f22ec2d57c5edae322a3e6d2d188ef":"91598690edf2de8b27f9bc7461a84e80811cee544f0542923898328cf157590251f0342cb81d359b5dccc5391a12320d1444c26f24178977dd6705c2b365dc1ece0152c42e2f0ee3162cf886ef5529f4f16a77f3bdd2aeccd405b59addf098521d0d38cc25f1991e11be7ecf24caedb48a2a286d2e560a38fa9001c5a228c4d1":"c571ce0e911de5d883dc4a0787483235":"":128:"6d9d3a5dbc8dce385f092fff14bfffda":"":"2867996e389e09ec0da94d42e77b1e436b50065b09ca4adf1cd03240444ee699dbb7b3fc081a1869ca607d77d5ff9754fc3c997ff0a4ee17543a2ba77886b88a7128bcc51d3450df58ff3a26671b02c1d213df6adb6f7e853080eb46b504517cbaea162710a9bbc2da8b552eb6b0e0cb98e44fcab0a157312be67974678d143e":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4437ee7d16d8c3ca1aa01e20b66749efa901614d4bb4bee786ad5a5f1bfde2e6":"ff80727a3485cdbc7fab4ee9fadfdc621c538e2055706629046078f1aa3fb687fc728d3a7ffa52ae457b7b5649613eab7bafa464bb435314c49e5900750f7ad39ca9b75df6b2eaa755439e101f67b7ae4cd80dc4a9dea0027048253f2d0a6014056ca69b8c85605b00cf75fa7634a0ddf464270a8c79ce1a1324c4a4c513b24b":"275393276745bc43bae4af1e5d43a31e":"":128:"a82ff1e87d26e4d6e417b60fb2d3ce23":"":"88f994d276ed20be3932d16f551c4b7e2ed80411f2e72ce098fa0b70c22157a59edab30649fec447dd63f0c87dceca7238ef0d9561b58489ba7bd86f2892743099f40af63c432f78ac0ad0b5c2be47b9e3045e7237b096ee400f430af63a6f309de785caf190f3f4aabbe79f727a741590de542bd343df68d13db55a5f8bab41":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe4ec037ce563dadee435cfcb2bf090f1f7ccc7d1b5b4fab2f1b738348f8ed2f":"64eb8a4bda9804c09b04cfcd89094928c21480908b81ee19d6c29c2a3631b1a5bdc8e7f8ea56f7b8b8e14a5208296026785cac3a6afa54be8af4d5faedcd12b6621bde0f8ec5a2635fe72a89468ca7704c73aa40cd2ba97aef08886b27a694d339b00e7d12a31308672f87c06a7388a1432f869eb4cc1da864140b1b33931925":"47f5264f7a5b65b671892a05fa556f63":"":120:"660462b4088f6628a630f2e4170b21":"":"4a310e035361f98b8c54fb4cef70b1a9c910552ece056ca8fdab54c52308ec0ad7fe9dd1dae92badab5010577de522088768fa6466fbccce22e14c51ca7986c4063d0f06bf578dab16a91856713198a7138395c49c78b6314b57ab72fd079028c8dc351952d90b04a7cd2b245df0c0522447cdb7d3329fd9425fe5cb40a8e7c9":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6e1ada628ca76eb9832cc6b5efc5c9d2686bb587366a6de2d734233fa95279e":"a0ac738e0fb35246b84a6fbe319f827039515df25d0c0fc6de7c048253ae63d3c561e44a12672ffeae1cb925610b482aa422bbee0e1784fc69baac3a97d69f51e6d2a17957b44b318624ea7ec680a559f4d3f2761d09bee66efb3a312ae6b3ecb673e756b2a0f654671e82500e7ace91f2be2a74bc3bc1ec1a4b6877a53c27c8":"5a100b451e3a63a3e6d4b8a9e59c6bce":"":120:"88df9a1ea54e5bd2ef24da6880b79d":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd5c1e90d78213155c51767c52c290b3d657db8414ee0a7604a2ec7b48105667":"8e987693da0fb77b6d1282eebd3a03e05d9955ff81929b1a2c721574862a067ddee392c7ece52ca1451f3e6e321d7208882d97b4149af6d78d65c054e1bfcdfa62bd2202de32dea8363f8d7f041891ce281840f3cd906ab46ca748e5b3b11890b4014bf0271c9427c874097782d1c13dbb40e78fc8276fc134f3c29923a43a01":"4e022d8d86efbd347e8cbab7e979771f":"":120:"e7df79af0aef011299c3b882e3a45b":"":"3b20473d9b5018d089e7f74d3fef22ec2805948a9e07689831973c704a6d8db4d090af88d696ab8c3aae9740a2bbd7f03e0b18b2b591e59c335c1043a2578a89b1a9f20fd0dd53f12e00e9bfdb27de8caac772bbfc4de9e4a255a5d1b04e59625a87b8279babe613def58d890d5502abf2f709aab625dcc20c58772832c7bbab":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6e3dfc07003bb6a2d82bd5263b2832f47db4e73279266c7a9ea21f4f18eddf83":"a960da222af9d4da5797e6957d59b00f6d3893599c70e95c0984b56eb3329b191703c2532f3288b15ebf655b9b5ee4617484e5ac9c39bb06731d03ebe4fef9495d003b0ed694cf540b4dc759d32629e55512680badd81234bd71ffd55fcb5e6a85031c1dc31ee1ed198939582d8336c905717cc87101dcfcf9d833fac815c8ea":"7c0f49fb54f5e68c84e81add009284e6":"":112:"b2ec0f3da02a9eb3132fb4ebe3b8":"":"a40b6f70f0572fe0bc70d83368e7c154f7dbd501f52501630a2e523d18e216e07368521f6040d806299397722b99bcf7f85d36b8bed934b49aa1fa76d38783e6a2e392d6d0786d467f7bc894a739ecf94f0fe884a9c391154f8326bf31ea5242a18aa263d04da4b63b11de23b42d3e10a2d5460cb32700cdf50a0d89165ba22a":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4103b1ddff87a508a219c808a04ad4750668688f4c2ee75b92d28d70b98a2c94":"a00a196193ff07006b7df524824bd0971d63f447a3a7bb1b75c1e2d11789482c115cff677b54948d36dc4de34200bce97be0101d88cee39b177857dd5da3cb0d2f9d6e1150f72a3bd655e0bace1d25a657ba9a7f8dff082b4460432075afb20173da22b49beeb6a030d72ba07869ff4389fc1c28d87018d7c1a9829c21932197":"5cea906737518c2cb901016e30206276":"":112:"3a3a771dd5f31c977e154ef5c73a":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd8c2f0c330d5db316dae7a16b57d681ca058864f7bd60f3d0de174442283f77":"e2a5ad295d35031535bf13c2993bd0b292e8a9465b9dab738e59ba03670248a1ecc92b38a55bae34729162271cc1572c35fcccb27417b48dfcbff852a7a8845cc829a4461061b558ac8b5930a5c6491ffba04a9d0dff220b3cd5e4fc2e0f3db3b2ddd90328f2cad819573a7856299620b02f5ee0267f3b56981afbf1b7d9e3e1":"387ee8c1e7f047e94d06d0322eec02fc":"":112:"62356850d12b54e39872357cfa03":"":"17b7f6bdfc1993c56dd9bd674cc276a55a46fdd9fd5fe435b9e4b7ebc7052a9dc76a99e4e43aba7d486603189c90d10a21ad3722c86bf5bc856a0f930ff5bca65be708b76bb8a29105da67f31eebcec81f28aaf526d2f8f0feac393a24959dcd612e2b93b4463f61957d2b3046bcdf855e346601e4c7760c0ca618ee7bf55381":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7e19e400872eed721d560202cd757d3eb99729496b6e3a6d38dd8afe1066045a":"3fb9abc7aba654dfb174e8899c17db222ffbb387b7260fc6f015b54f1cd74284c516e21aae3b72338e5e8dc643cfafca0678f5bda3a7539f1612dddb04366031b5a3eda55f3232c1b176cc9be7cc07e0ebca674a272224929c401a2530efc6d4eed0087b544b12d172a01bc8340d9c2a2ebcb5af8b07d96073a879fda140c196":"d2b277f78e98f1fa16f977ce72ee22a7":"":104:"4c81c044101f458fdfac9ca3b9":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d0653934a16fd36c27d54488a1829302b931bed6e26ca26047242b85b50bfb61":"c02347e1add9178d830d8baaad9aeee37e958bedf2cc846e2561fe8c83481d0a8a85911e7f1f6e444b28f30bd96c13c390e80f616feb6844ee6fa486543a2e3f38c138f45b4405e3fb331b64648219aaf1d574be948ccfca6afc18d12488db19c35b05601e47c0af5d49a93a5dd4420f38585c1eb033e173376fa390d3f948df":"94886a1845aebba5ed6b86f580be47f9":"":104:"4be34ff42085ef4443c8b6042d":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d0f0ccb88c7cec9496f26a59ddc67dc59ebe49ae3dd89ef3be008598727e214c":"7845e155f4f28021291e7c814a1ace8f42b239990831aa82758fc1e376cace0b6f668f7f2f224dede1ef5b1df7ae74b2c01483701044acbbb72a9216eec6b7ef0190f114b3c73c6985c4653f11601c774d10b7f9df1f1e1f3ff4fafa20d6525edb37d9e5acfafe6d3468ee068d407fdb56dc718c98425926831253978d727854":"e5ca84b907ac761a5e68a9080da0a88a":"":104:"c8f78e4139dd3eaf2baef8aafb":"":"0cc3ede50b0d3fb9ada11300a3239a383c98f968ad65266d57a195bb18d3e568fe6cabba258da4bee9e923c7c838e06dc887a6c49cc1453ea6a227c6a83e651a8742e0316cad5efc93739393e3603446b5c920a206db1434adbb8ebde4d1a7a8699c7f6c61b2d57c9709b564338423b4f526d6c157647a6c45da9dd521061f05":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e35dcea17cbf391491ae5ba6056d0dd13b348183474dd4b614742751bdebfc32":"5213542beb044910d7fdeec8bb89de93f350760e493286eaef1140485380d429f74a4279c1842a5c64f3ca3381cb5dbb0621de48821bded650cb59703e0ca88f4e9c3d15875f9dc87d85ba7e4bae9986ef8c203fce6f0ce52c28e3a93befb4cc4ba3d963d2283cd30f9bf6ab99d92f2f4f3aff0b022f1751b89d43ea10bbb28a":"fa549b33b5a43d85f012929a4816297a":"":96:"afa61e843cee615c97de42a7":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"844c50ddc0ac1d9364b21003287d6ae6360d12bbb17a85351362420ee4ca588e":"3a3bf4ccaf05f7c02f5e158dd2c5cb08c6aed4b1ba404a6d8ef9a0737fe2f350b3e22188fc330ea63e35df82f996e3cf94d331c4246cdb25bb2c409762e05ddc21f337edee51b64f1766ad18f520b3f34735b24278d9d647c533a743e0c1e9c81e9dee975cdc47e8582113fd250ef59353605b64acb7c025a97854c1a5c03237":"2f8512bb7e214db774a217a4615139e1":"":96:"f1da1cebe00d80eb4e025feb":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2aae1aa047a20ed2d6d8336d923864cee9404f924031ae327fbfe2d293e1d93c":"8e5b6b9e4e7d01de9a919dd33c0c1eb94dcfebf28847c754c62c1c00642d9e96f15b5d28ad103ff6969be750aadfd02fc146935562c83ec459a932a2fd5fda32eb851e6cff33335abd5c2434ae4f5524d6bc74a38094ced360f4606a1a17096ff06604952c8ca94a9a6dc4a251e13b0e0c54bd8a6dff5f397a1eb1cf186fa518":"3da9af3567d70553ca3a9636f0b26470":"":96:"e1026b3d15d261b2fb47632e":"":"58c52ea9f3b162511160eed1a68b6f52b3c4f5834af728de97a3d9e4ba337b29aad12636003cf5be9ffbeae0f383f7cf32f645a8f6fc5cdc1cde91c625c69a92bc434ed671e52a0044a48f3fce55cae49a7d065c2a72603a7efe58b5a7b18ac500d1a51420e820357e7a439b1c02198ebe3d4e62d5573a3aa5f40900a21e3b41":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f3d69208cb0d27474e9a231cd46eac7c1574fff950c48bbd1ba03fad16f563df":"0d1f06eef5e8f2c81d1a73bb1dca93c22cfb6e40e9948bc75b0d84830fb9216330424f580b89050c3fb3f620eca8f9fd09fb86d2e8b3a0869c6022d8a705fc280d66fd16d3aba7395d6be4bed44145d51d42d56285f3675726d62d94c081364a6d440511de83a613c598b03078e2ec7648c6302defbbea66aafd33e1a4b1686c":"b957f05921d21f2192f587768dc12b4f":"":64:"322374fbb192abbc":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cb2cdeb17fa6bcb006c7fc60858a12a411804464458db351957e8caf42f1ee6c":"296504131354b2c1928982f12d408ba2377f2d4bbe87e4c69f92a15bf6003910a43bda6c8929df66b3ab1d202a5258cad199f32f36cc30d2dc06199c2a52f7ccadad1fce50123c5f8434dec57cc60cc780263d7aace8f59cc8a6c54bddbaded3adb12ae2ee0bacf6a8da635ff85b51a4e8a1b3dc404863b90059de4ad0f158dd":"31bd7c971a6d330b566567ab19590545":"":64:"efc5a1acf433aaa3":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f94170790fadab3240df568197f9d6f6855afaed8d07eceeaa2380121872529f":"ed231b78db082f652bc6310c396993b52de804a82464fa3fac602a1286535f59c67fc2b1b420c7321eb42b971edde24cd4cb9e75c843f2ac6fb8ecdad612d2e5049cf39327aa7a8d43ec821161c385f3fdc92284a764a5d1cbae886f07f93017f83a105bb7c3cc4fc51e2781516a2471b65c940ddae6b550ad37b35f53d7cc64":"2f9c0647a4af7f61ced45f28d45c43f1":"":64:"ab74877a0b223e1c":"":"1cb5ed0c10cee98ff8ecfa5a1b6592391bbd9f9b1dc1ff351e0af23920d546b5e27d62b94daabd32f7f96a2632dc9fd7c19bf55f3b9b7cd492e76f4d6b0f5b437c155c14a75e65bfc4120bef186da05e06a2fd3696f210292ee422ddbce6e63d99ee766b68363139438733c5e567177f72e52ef2df6a7dd33fc0376d12ec3005":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"797c0091ff8787fe7cd0427c02922620e7f6fb71c52ddcc03a9f25c89ba33490":"2d3efc8900315c3691a8e3c9de3319d4deaf538fcf41aa0e295b861d0ac85baf56d149a6437747dd6976f44016e012b88de542fb8e5b9e4ad10c19deec4b7c0b69bc1b2e33d44a981ded66127dea354b072010b8dc24b85ed2ffeea3b9c0e931619dbbf22677691f0d54fc03eaa162e0ab0d760ad41021f67057c0d6ac19ca8f":"69d81c73008a6827a692fa636fbab8bb":"":32:"be2dda5c":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90ce1afb5500489b9edbad987f4009509c847b3e55cdf0c764ef2fb085e3d033":"98482b54edce2bac1cd64d44917dcf117ebfbfe26ad17a9b263447028304f1cf5a69559c05b5d833420f4fddb6e308277d01eb4b3235f1c4b47d33d3899325b55e7be19d43187a5b1b1354ce02a529b3df1c13b4883902ae9fc565079dee825e705f3e580371e4fd86c3b0d31bae98adb529901f346ca07127314152b4370edd":"e119e166471ecf44bc3a070639619931":"":32:"b2f54b3a":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"29264a90f114a800c0fc3247b3bda00981a12a8f85cf3a19ea4c7ffdd005f4bb":"587c8e53ab5ae8c31e16160b4a41d88798e27f4ad61c573c023c62d4dbb3952eef5026ad7b453fa9e0694347ab8fe50a6cf20da566202b81e325cee9c07ab2d4d53ed45b3ec2d2135936515f8a24f2a8116807dce9df3c44edf64c32647145152ff241d9e018e4101e400af070192dc3b498b5a213d265b4cfc8c8d4d7deccb5":"cf296aa43cb7b328e09c8975e067404e":"":32:"56015c1e":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84ff9a8772815b929d55f6052c0354cf3e02bcc8336fcfe5794952b4c45d5d96":"a87de56d49725a1625baf12fd15931fe1a6783dce5d1e744eba108f45e0c105d8141dc027d0e33ad7efb6752b43729715e2f3e2c42ebdab4d5f72f886bd821c4372244699ddded99a63dbe7763a5a3bc21cbfc253cdc2514eba2a4f54e24dca7c207cb3f6ae80153d77fe0641f357d5a073dcd425c38deb77c45f27427345516":"5c044a66e488b853baf479f7dee2aadb":"00304e3d40cbc6d2bee0778462884f4ec047a8c74bb3dd7e100f2b9d0e529fd24730063986117b56ca876b208a3691425ac63afc3d504ccb499c76622eade09717023fcb7d956b01ce24a3e53cb5da472be3fcf5b278b5d9e377de22fab75bc74afa9670f5fe9691aa0ed77e43f6abc67a61ec409ec39fd66ac0307bf195f36f":128:"72ddd9966ede9b684bc981cbb2113313":"":"aadb8537309940422f67ca393aa6182d67fe7c52092538a15e98a4254f0a9087c7f10903d5e78078c2e55de914dec8b6b35cb720e3e55963c0ac9901e44b83a0e7c5b2d3f002aec0a4a08354febe47b2abb955f2a21107626ef0b8e1e099650812a6fecf36908fce2d078c2735cf7c2b970a309e5c6d6ff29c26a05720c57105":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5ca3991d0160b1729ae1a622dcf4b03b1f4ba86150bd66bf35cbbee9258af10":"62aad5854a238f096bdde0711ac6f5763e7fea29db068ea8c911f17ba91e6d7807883e6fc5ba7db17af33da2b00973008a3425e65cc786ce1b97360019ee2cef74563d54752be436b905705b507c3d62689df4edf0356d26b693eb43d8a2a927a9f3866b7e0e19e84a90447bd6f47e31070fa7c2a71e3f78229ee19fa47e848f":"f8402184d1cc36df07b68ecb1ab42047":"d378cfd29758bcbd21e26a324239c42c992941b3ad68d9f2b3d2def3a051fd172ee882562970ef59798ff8d9eb5f724ff17626156f4cf5d93e41ffef6e525919af6194ea9bbb58c67563d3ffd90e5a6e2a3a33bd1fa3d55eff5dba7cd439d571f7e08014c4780e3d10904ef22b660897e78258da20b2600e88d71c35ecb6329a":128:"9e8b59b4971130557aa84ec3ac7e4133":"":"556dd32edc0af3c64186fe8c000ddad1516cd14721c93c228e379d4f87e32c79e734539cec930322048f34a2b34931c585d44f09966caf187ec4b9244c991a8a5f263e9da1d08d6086e52535afdb36c7662307521cbceb9ecb470a76970243723fbc1613b6ebbcae261ac2f1936e66ce29ec7350b2e6b2f73a910ade645154f7":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"df867d1dd8a287821a54479cab6f88636d2aca30e1bf01a5dffc735e17590356":"6517272cac85d7f38902bcb4b96a0c59c4bdc46bfefa6ebacd7f2fb1629b87ca91de2ffefc42ce3cfd34dcbf01b3f7cadcea3f99e6addf35d36c51f2ceb1f85c1f56a04ec9c9fff60cd7fc238674992183ea3de72ef778561b906202b7b83fe6562a0bca9c1e0a18638e8685b998b4192f5120435809ad6e93a0422d00725262":"35019826c51dd1ef07ff915d9ac4ea96":"0375ed93f287eefe414ab2968844bd10148860c528dbf571a77aa74f98cc669a7fc317adc9f7cf2d80dda29b19db635b30a044399f3665b6176ed669146d28f5ada03b3d32d53fe46575a8afcd37f20386d9e36f7e090b4fefadfab7f008e02f1b5022c0eeb81d03443a276eae48c038ed173631687d2450b913b02c97243edb":128:"e49beb083a9b008ae97a17e3825692f0":"":"723be39bc13adbc48c861b07753f64fac1ae28fc8933acba888b6538721df0a8b91c040a26522fe0dbb7335d8f63d209e89f7cde23afa9ca3c584b336d63a91e07fdd8808b14c3214c96a202e665bbaaa34248ff30348f3d79c9f16e66ad6c5903305acd887a89b6244eb7c2d96e18b13a686de935bf3821444ee20f48678be5":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0e8e9ce6294b7fbc534a96bdd060120976a6e08315d2ea73ac61d085cd462a44":"9855f186b51358f0e2111c06bfaaeaec9bf95c55e246375c614fad9883d86c82a20c86538dc5f42a0ea69677d59a20c5112d15d2a8396f12096242ad5d7b838d16ee0679fc4017af75bc15e8ad2f77b0e802c864031cbfb0bacd95c828d1db4b7bab0713619e9e5e8fe6902aac7a9e6c42eb05f5b156f7e663ee43e6fdb62480":"4edc6be20f904b4789e5bee0a80a3fc8":"db28ce076b360816cd1e04b7729f8ab080e0a07f35204350f3bd056945aab8638c0e8311ab056f3e5debdbfbb03fae700770264faf73e0f3a05a5812aee84ab613c82f4a76da276250675f6a663f85e2c26d4f4a8666a7f4cedaffc1a7218dec11ca4e72b8b5d5b620d1efbd3d3b94a5ae0d118b9860dfd543b04c78d13a94c3":120:"03cfe6c36c3f54b3188a6ef3866b84":"":"e10142f852a0d680c983aad2b4609ccbd35ff61bb3eb66442aee6e01d4cc1cd70f45210acbd506395d6ca0cfebc195a196c94b94fc2afb9ffa3b1714653e07e048804746955e2070e1e96bff58f9bc56f3862aaa5fe23a6a57b5e764666ddec9e3e5a6af063f2c150889268619d0128b3b5562d27070e58e41aadd471d92d07e":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"886c77b80f5f3a21c01932685a540b23629f6d41d5574fc527227ed0bdf2e21b":"53a17d7b69f607f08676d6f6dd4e8db08e01333a8355d8c87616e84cdf10ef5b041fc6ddc3f6a245c0f534c2b167064af82f45e4702a5e8dede59579fdecf6713353392433950c9b97c38d9ee515ac97d0970ccf03981954540088567a30941bb2cca08cbed680500f8342faa7aebbc6c143e2ea57ba6b4ac1fd975dcc5d0871":"5ec506edb1890a5a63b464490450d419":"05b8d820c9f439d7aeae5c7da0ee25fb0dad47cc3e6f3a47e8b984e856201546975f8214531fc3c2e504d2ac10fa49cb948596b9a8fab01b95c49d6f04d1589f93b77b899e803dd20e1f00a51c0b5953e85be639109b14b100e35ca26d84ea629964b0db8260dfa5a150a66261bf37e79de2ec49e9f1b082a7c58ecd3d39b6c9":120:"ffdf56e1c1a7252b88422787536484":"":"79ee27adfa9698a97d217c5010ec807806feda37db811e398c3b82abf698aece08561fffc6c601d2691738e279eeb57e5804e1405a9913830e3ba0d7b979213ef40d733a19497d4bb1b8b2c609a8f904e29771fa230c39a48ebb8c3376f07c8013fff6e34f10fe53988a6ec87a9296c0a7cfba769adefe599ec6671012965973":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5231ca6d772edd9ea2d251e22d7d455928c22474b4b44130dad57e6511fed6ee":"2767c808410ee132291585ea74a48ad3102f883f07d060c91c5f10abd37fe0996d2210dc490260238ae15f5d74c7be2a1e15d80db09079c520047f88488a7802857a3fc3b81d85a96949997430a880177880a31d4d0c9c9045247804f057a4f2756d6e40375a4a3187c4376d6bf573ce334cda1ed88d8a50db499e7cdb89d8db":"048698a4a0feabc1f336112e2794795a":"3a81b6b0b722899ff931cb73c39222d555b83ae3f8880b982593cbc1ab8be90d1ee32fd7dfe697cf24c95b7309d82c3fed3aa6b3d5740cc86a28174ac8f17d860ebb251ac0d71751c2ff47b48bfb0b3beb4f51494464cda34feaecddb1dbbe5fa36c681ada0787d6ed728afc4008b95929a1905787917adc95f1034fedcd817a":120:"ba61edeb7b8966188854fc7926aad2":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a3f516a7898e04e5da4efd6c7c5989b77552d195464620c2b35b9a4fda29cce":"5cc28b61ae97557774bdcd7ff653f4aa349df68d53c7e5a65263883ef1fe224ad40e86bffc2d38f28a2ed9ae1fc08563e2a1e46246106546eb8e6064c06baa0046fa137421734b7f0f94656a4f459d9d981717557d843700d116b6e5e2dd3af5f67c34edf31b40b71fd3c6f2475f9310feb70bcb973be52d41e86792c49d54c0":"9310af6974890c0a0364231f9cc8103d":"2103af8356bcb9dfc2a4f1d4ed09cbcd8e1990d23865605e19f87feb50bf8d10d0257740e5557a9297f0499c01e29a1a513ca18e6f43f7406c865cbe3951a7771128f3110c8da3bd696368901944549552842a1f6fd96cc681b45da098f3c1acb3d237d2363285f520d0b6714b698790b7660c52ac84a42c9721ac7e9d38a2ef":112:"993fc8e7176557ee9eb8dd944691":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"59c9258554363d8a885fc0f5d112fee08eadfc7ce52a0e7e73e3d0d41d9a0290":"79c491411402ea7878e480519fd984dde44bce6459303bb76d4eaf97d4e345d1aafaa68ceb0590b41cfed0f411b675d9344c7e888cccfc9eb6fe6b229d198f94ba516ee850ee7f078a4f5f32a23f92f72264e3a76a31ebd042564315ac4f2ec0bb49ba6d08cfd2d3a6308688e39f28e3ecd669c588368cee8210edf5dbefb925":"77e51e89dc47bbcac79cca21e81a61de":"25a6f8800a9b914c0ebf9a45d72355c03ee72a138eb81b2980f332645ce1d7aa4659805821866aee2b276e2c032776b4eaf36f93b5f9a72b791be24e31eff105ca6d0700e3069ee327983dd7fe1c7465d6c6d77837aff69055149988e7199847fad98605c377d997dbd40f3e2ff1a4f978a493684e401249e69540fbde96323c":112:"ee6d85d3f3703b45adb4f9b2f155":"":"44ca68deed5478074adfddc97f06f44c08bf7bca4dee8707d621fc7396fe2efcdad0a167d1708a9ff59ce4cddb86920bf1dbdf41b2109a1815ffc4e596787319114cad8adab46cf7f080c9ef20bcf67a8441ba55eac449f979280319524c74cf247818a8c5478ea6f6770996026a43781285dd89c36212050afc88faa56135fb":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5e9eae594cb54c8089330e4404ff79abb1c0841b0be5347a14633ad1e1ff44fa":"32abc1eb6077555a85a0a6fd1c78cccca6c8b375842e2eb8eee45ee6c38dc0837443d16c647252e8124639dd01c808ac5e857a25d927c2a75e2fa8955cad5beb5c206fc050cd933fc4621f5718936f01f39dd700ae1aee7537cc595df8789c5d1a6e1e87b1c7a60e3ce5d57c80dd65dee3801798e1481b1963bcc78cc69f8c50":"0917b486da754f48bb43ecc8766a7ce3":"2aa1ef2f91aeba5da10b48a882dbd4574df4e9157a18abf8cecd03e4176712ba171b6ecb0e745841ff84e35063e47b08101afc44cfd9cededb913a82f00b9d4bac922f23a22f200642270399896405d00fa5271718eefb4cd5fe7e5f32097766ebff36ff1898a1c8a1a01cc18e6121e470805c37ff298fc65ef2fb1b336d09fd":112:"92282b022e393924ab9c65b258c2":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aaf03c3055a35362212b9b059931e7a24fc71e32bc9a533428c9dc31077f2ebc":"c0e12cdd8233878505e025d52427536be7b6bf1887d2dd20eac7092db80b22417a3a4ca83cdf5bc5e36161be1ff9b73f7ceb297c6d07c9cb2a75035a5dc079e48283daea60596f4b356ca28c243e628cbe459f069709fe193394c9b1a31d8ccc5a3a4eba30056c415e68571a2c34bb5c32efff12e9aa483c4a68be5e76aba4cd":"7dfccd077b29e6ed5720244bb76bde9f":"21edd1c6056f51fd5f314e5c26728182edcd9df92877f30498949098dcde8089eed84e76d774ef8874d77125669a302d268b99dcd66b349d0271dde6f8cc94dc4f2df3787887b1173cad94d067e346846befb108005387102854d9387d2c0fbc9636cdf73a10d145f4b612c201b46e1ff4465f6a7654ce3da5792daf9a27fb35":104:"6154c6799ad7cdc2d89801943a":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"60c775971a9eac7950ed2bdd85bd60fe948ba04c419f6743fb67f37557e46c6e":"8abb2e66a4d08074916056bb8e925551372f737f0e1b597c5d08ee102989743a273b29d7281013f8b3aee2934399cb427370d70370ee86eb41584b653660c633506a53cae747826bb7d93909f069d5aacf058b7f2bbdc58ea08653db857bda83a979fc22a4f126dfef7aac45177f4cdb802fab0c812fb35d12a8176ec21336d7":"9b92ad7079b0de09c94091386577338b":"1f6a84b0df75bd99a2a64849e9686957c6a60932ebe898d033128be9b757e9890225925d856bfdc33ff514c63145f357730bb0435c65342bc5e025267b410af6fd388a5eca01b7efc87fd3b1b791df791bd47dfab736350d7b7f368b4100e04c939d5af957bab95ed502dac904e969876674602a0f0790da2d7351b686e46590":104:"1d6cd4ab3914e109f22668867f":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3b426e449337a14bc0663246ab61b671b523c9a3130c21ed59c93fa6a5aa5ae3":"291bd5a00d71eb7d547b7c94e7030ba4a947418eaeb378a3bacd304b08c6f92f6958eaba968ac6aa23e0512a2a8ad7c1ca2f8fcf623bfc1281f5b7b598c08d2aebcd447668b23238c5e338b4c2ac7f8fd381714c596ea3e0c17aca4317a08563e58f0f52a8af08e078dc242ae54ee0fe3869f8c9687b004a4ded0aa27d8f4c5d":"e6efc96acd105fe4a48d1ac931eea096":"0902cf7a0685444126369712ac47962bc2f7a3a5837f1b6190d9ab1adb4cd35e7f0892eee628b8e07fcf2b598cebe1ec07d8c4823172ae66a135bb51cc71590707b691a66b56af1ffe38772911d11685da355728eaddd83752d21c119d7b59f4c17c2403629fa55cd70cd331aed7b0de673c85f25c2e9e0267f53f0b7480c8ca":104:"ca4bfeedcd19d301d3f08cb729":"":"bcef3f2fd101b828d36cb38530cf9a0a7a285ac1c55ee1069cc78466327e85887534c98a8891d579effd832c0f7d6e7e822fb1eea85a39317a547591def4aeed6660872859fc9d1df9725d3c40e9ccaa900e0f1426a55d20ac4f2e8e07bd3bbc687f8e059ab93e7604c97e75ac94be1c8c24f4c4da0080a4d77953fb090cbb62":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ceaf204ff504ea8e7fade1a2097f2b527a44766860447322fa5ad346cd810217":"1c8e4cf6018211518494d46c2e0607fa42e236abc28d58f8175c530f84b1f030572f5f6a74cb5517e1fb999a637d352afcbeadea9121e695675859b66b499a3a351ecba5226e58ebbb59fe12e359e4c89cd51c8703d4643c49921ae495801c73627df404b91e828e1d0e03ae09a39defb5aa5f2c8106953772ba0713d3261329":"cfdb8183251f4b61c64e73243594fdc6":"a60f3969fd1b14793dd1425aa0b1f742a4861e0b50eaffd1525cd209ba6d1252176763bb5bee59aaa55f92341cdc0705899aba44cf0ec05cbf80274ebef65cd9507fd4224b25cac19610968d6a37e2daf9ddf046ef158ef512401f8fd0e4f95662eebdee09dd4a7894cc8c409be086d41280bd78d6bc04c35a4e8cd3a2e83be3":96:"9e45029f4f13a4767ee05cec":"":"5cdc66b587ed5eebb04f42b83a6ab7017093514881c598cce332d74fa3fab927493ac15bff26835296e080b5b45ef907c0529fc2f4ed2fc09db179ef598e5d193ea60c301d3f8d823404814e3e74de0e1d2417c963e9246c353201c7a42659d447376e7d05c579dd4c3ae51c2436407b8eff16ec31f592f04b8013efcfd0f367":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"15652abe38cd09777bba21d0db04637f5737d3cb3922181b9f2d07bfdafd327a":"1d6c153dec3b4738a09c9fbdfe31a093eb7ea79b8fa49f83e5e1f46893590f074fb171fb66e30ef887767014e3a10a3aa05da2bd50dd7b7936e1d7f6f31af9030e31e76bdf147f4396464db0f6a72511c4885c6c2305d339906e3c761a3249d7ebea3bf463e8b79c3706e684575550e964b8047979f7aed6ea05056c4b5840b1":"3a5e0d223ae981efb405566264e3e776":"cd755437cb61b539908e0cfaaa36c0123f8f17d1e6539783cb61d4b56cac3bc1e971c1ea558b12669b025cb6b9ad55991c6e2f8ee8b0b7901790193e226a0fbbfff7ff0bee6a554660b9f32e061b6c04bf048484ff9ebd492f7e50e744edd72d02c8fd32f87f9421bf18a5a20ebb4d9dbe39a13c34b7296232470e8be587ba09":96:"01a573d8e99c884563310954":"":"162430c23f7adcf98575a2d9249b4b5cec42efae33776360ebfa6a19c8eee4bd6b07cbd274deadc3292b7cdbb7803e99d9f67ccc5077f3ad5808f339a05b3213dbfd11377673d4f9b486a67a72a9ac8ea9ba699861dce0de7e2fd83d3ba2a2ec7fabf18b95a2bbe2184ff7bddd63111b560b3afe7f2c76807614ba36c1b011fb":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a43f6d07042a15cd49f6f52a2a3a67c6c2ff420d95bb94b9fe03b287c3abcaf8":"b67e58c8b608724fd20aa097ee483bc4c804490cc79de635170944af75c87ae0ad8261365c1dc80d852553bcba18da9fbc3fbe61d27550a03003ef0c60202054626655509a9e1ab54677e537a4e761df011d6c6dd041c795446b384161ae9eab441afd24d19b58eb4fe5116cd7b11b751ebbd0a2adba7afc380d9d775177099a":"3b6fad21f0034bba8b1f7a344edf7a3c":"2e01c0523c8293fc51388281dccdb8d0a2d215d729289deb327b8142d716c2bb849e9476545b82f3882ba7961b70c5da2a925ba18b6b121e9215d52ac479c9129c9cd28f81584ff84509d5f9dcb7eaae66911b303cc388efa5020ac26a9cd9ea953f61992a306eb4b35bcd8447eea63cef37bb0c95c1e37811115cf26c53e8c5":96:"43470bc3d7c573cb3a5230f5":"":"e1720d451fa7ab9db4988567187244b15b6fe795dd4fef579fb72e41b21aaa436d2e5d8735a4abd232a3fb9188c75c247f6034cdebb07fd7f260f8e54efefa4f2981cafa510dd5c482a27753a7c015b3cae1c18c7c99a6d6daa4781b80f18bbe6620bfc1518a32531017a1a52aadb96a7794887c11ad6bdd68187ba14f72a4b5":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1f0f0191e18db07c0501dbab4ed952c5603a4cd249d2d8d17e62e10b96ae713f":"aad40e7866c26e486b6f6e8eb14a130d5f88891bf0d09aa8fe32f447ab8dea7bee5d3eda4499c0103a010483f2b64fdf1155499d31decf528c77dd7627884f9995c213cf7402143dbb7561d69c86886734260ac94ffac7eb33598d25714228ef43f744ec1af2a87e789f1e5d6fff0fbd5082dcc49328f194e8f8a14a5bfc962d":"ab8be16b4db809c81be4684b726c05ab":"a5a6e828352a44bd438ad58de80011be0408d410f6e762e3145f8b264a70c593476b41bb87875746c97de7d5fab120bd2f716b37c343608ee48d197a46c7546fafcdbe3e7688b7e9d2f5b6319c91d3881d804546b5f3dbe480996968dd046f406c11f0dc671be0421cbc8b4ea6811dd504281518bb96148dddf9f0dc4e2e2436":64:"d8bd7d8773893519":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a6cf7d83137f57f2310ee6bf31e8883952bb07ccdc12f516233ed533ea967e5d":"83ab20698fd7573fd121976a72b45a7f03aad84702fc8ac73d6926eabd8a546895aeffe4ba81d117507e2cd37d58eeff71cc3afa8a4449be85f228ea52f6dc6395bb43c1c9f795343720841682d9b2f00602eafa4d4cbe297bfc62467e526b9d823cc8eeecd9e5f8dbc2f65610663c6f37b3d896651b254bd60215629ade3b2a":"f17e37e73a28c682366bfe619cc673bb":"0f4dd201b18e20230b6233e0d7add6f96537dd4e82d3d0704c047fab41af5faf6bd52bd14fa9a072f81d92a2ce04352f0b66f088c67102d2d127a9850b09ff6087f194a6e8ccaba24091feb303eebb65f1203b2d22af44e7be4de71f03e6f6cbadf28e15af58f58eb62e5bddfae06df773cc3f0942520de20078dda752e3270f":64:"74110471ccd75912":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0c85ac6b3887639838ddca94c5c69f38115aa00122322c8114642d12ea1b8fe":"0210fce418e7e2199cb8f899c81b9be74a630d00269755f882fc4db27632e99685cc12c426a7503473646df1288d0ede28408be9add5713628700f8e2b2e27d7522520ed00ac47239084651eb99e7d03e1520aae137b768f3144232c16b72158fd5da4a26a2525b9b27791bf06d1eb2e671c54daf64fddc1420bc2a30a324ba5":"14f68e533ecf02bceb9a504d452e78c7":"796a46236fd0ff6572b1d6257c874038f870aa71cbb06b39046d0fb6489d6ae8622b5154292ae5c4e1d5ff706daedb2e812533ae3a635d339a7fbe53780e3e8204924a5deb4b6856618f4c7465d125a3edffe1ab8f88b31d49537791c0f3171f08dbb5ed1d9ed863dafbae4ecb46824a4922862fe0954ee2caa09ab0e77ed8fc":64:"6fb0b5c83b5212bf":"":"5e6c362f7587936bcb306673713a6f1fb080783a20e9bbb906456973e529cfa0298206184509c30e1d3793eaaa5d564edd4488f04311821eb652e0a1f4adaf6971505ca014788c8ce085ceb3523d70284ed2bb0aebeba7af83d484df69c87f55a93b3d87baa43bd301c4e55eb8c45dcf3e4612535ea1bd5fdb4c3b9056d0cae9":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e61b1a6b40e2ab1245ff65dcfb9948318ac4fe55e9ed600cec301dae32ae0e93":"8d67fa9fcf078e421cb63abeb25dba739ab0e09a091dd06b0c616e1e888f350edb2d73a42f57f115266ea20c7f8fc143ac746649612df06a5e29b4a15934dc049be1ab49d018ab86c4f37d8c3d9c714f038029e74d8ee3dbe61d81adc63712ea413b37f7604da12107aa1695d9b0981e5a92cdfaa5fbda0e31b22c6fd6f3b499":"c356244b3034d288e4d4fe901b8e27c1":"bdcfeb09d5b97bab05a7acd9849e7de2c5beb7a4dc573c7e1c1d0c0409245a6584023114fdcc6413c800ca16847bde750b27c4d590248e2ce457c19b0f614f6aff4d78d4a19b3251531e5e852fbb05d09412cc1ff8988d1955ca6f5fe2d820f20a7642e3ae69e8122b06ba0918e806400b9b615e1abe6fdd4f56a7d02d649083":32:"86acc02f":"":"7c73182eca97d9617abb478a6ce62e3491a7e9951981c89c3071b161a4c80440614c3f24d0155073e28dcccee96bc8303dab4901ef77318df522d16d9da47770ef022395d6104cd623d93d67090a27507fc8ca04157e7939e639c62cd0e7d8a472314833c0eaa9ba2fd54a25b02854e3bff25cccd638885c082374ae520ed392":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4f5a02e9843d28c8c226ed70d44b8fced8fb757ab6ece4d4f06e3c3cec79e44f":"3ec13950d329f24074714c583bdc35686b811f775b76b0a8fcfa66fc56426c9d022f8ab0af38f8d2f71a068548330cdbe891670181ed7491bf40c739ef4dd93689fd35929b225089d2b151f83d9b3cd767300611144586767354c0491112c205409f3168092d27f9b9f433afb79820a2811984d48e70c1fb2a13bbb3ddbc53fb":"099e5d9aae89fb6391a18adf844a758e":"ad93e8662c3196e48cfdb5aa3bc923cd204151aa980cbec78f0d592b701f779c1c49f9e8686d7e2385a4146b21a643a59c18c8b82214f42560bcd686fad7c7c8e8c1944ce6b20ec9537dd14b6cf2592740ca112f4cd582250d69f240d3e957040e1f7e19c60b3c8f2bd00cb666604c38946eb9b2f17336d281b4794f71e538a2":32:"30298885":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cdb218e0bd0e02156e5b48182990f778889793ef6018a8928e61164ac047c8e":"4d039618a0eb640329f90fe97de18bc928fc3fc7a0db42c97774bec2e882e872fc1097c8319f7837a16516bf387b1bae321c565e8fc1cb8480f051158e4685f0adba310d2c6253bc1300403cbd3f7ddcb2796a69f8bf9e73d47aada9a02673c1a3d5ecdac838abf22b385906236529a1b7dd5b8af2611a04cf4f83b15ba41cfc":"d2ffbb176f86bee958e08e5c7c6357c7":"bc580c4223f34e4f867d97febf9b03629d1c00c73df94436852cafd1408c945c5474c554cb0faf2bae35d3160c823d339a64ebd607cf765fa91f416fc6db042bc2bd7445c129b4a0e04b6f92a7b7b669eb70be9f9b2569e774db7cb7ae83943e3a12d29221356e08e5bf1b09e65f193d00d9fe89f82b84b3b8b062e649163dc8":32:"1997daa9":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dc1a145c18bdbca760f35eea0d4a5992de04a0615964ec8b419c8288ab1470f0":"":"7f8368254955e1b6d55b5c64458f3e66":"":128:"8ddaa2c3ed09d53731834fa932d9d3af":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b4766d3a6615ee58b390daa228ae7a541c46ce80a1efe227cc43cb777df3232":"":"274367f31ec16601fe87a8e35b7a22dd":"":128:"5f3a757b596e06e9b246ed9bac9397f9":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d19b04055bf6e7ff82e89daef66c9d8319ab25f9197e559444c5729b92c4f338":"":"796efaff4f172bef78453d36a237cd36":"":128:"3b445f38bf4db94f1a9ec771173a29e8":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7ca68e300534a90a7a87ca9906e4ac614a6aa51f769b6e6129753a4f83d10317":"":"45e6b23f8b3feefd4b0ea06880b2c324":"":120:"6c0a1c9c2cf5a40407bfa1d5958612":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a2b7cd693239bbc93599d3d12c9876e7303b227b8ae718e2c62e689e1fd62903":"":"548c9c8fcc16416a9d2b35c29f0dacb3":"":120:"3aa21f221266e7773eeba4440d1d01":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"156b854beb0c276a5e724f5da72f0d1ca4ae7cbd5f93a2257d95c2e5bfd78ad4":"":"a5129e2530f47bcad42fc5774ee09fe7":"":120:"6bb09ed183527c5d5ed46f568af35f":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d824330c60141264e1f709d63227a9a731bcc42b4adec1d8f0161b10b4fdb2ab":"":"c5afaa45312c64ab3c3cf9d6c4e0cc47":"":112:"55952a01eee29d8a1734bbdf3f8f":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5517589948d8aea778df6fd66c17a170d327f69e504f0a4bd504c4286a9f578":"":"6404b111c6289eefa0d88ed6117bb730":"":112:"637f82e592831531a8e877adfc2c":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f6137b2bcbd327fbcc7f313efa10f6ffaed30e4782e222e1225c87103fcae905":"":"3b87b08337a82272b192bd067e3245ec":"":112:"1f2dda372f20ffddd9dd4810e05f":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5e70d1b78e931abf44bba3f937dbc344858516a8a8afe605818dc67d0c3e4c4":"":"58e70095c6f3a0cda2cdc7775e2f383d":"":104:"1763573f7dab8b46bc177e6147":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90de0c047d1dd01d521f2dedec7eb81bc0ace7a5a693a7869eaafbb6e725ad7b":"":"d565c9cdfb5d0a25c4083b51729626bd":"":104:"78738d3e9f5e00b49635ac9a2d":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c43e8dbeafb079692483a9fcbab964b76fccca6ca99e1388a1aa9bf78dfd2f02":"":"f2bd4fe0d30c0e8d429cac90c8a7b1c8":"":104:"ea7b52490943380ccc902ca5ae":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"13540919fdb95559e37b535a427efeee334309e34c4608459e204d931b8087e7":"":"c993c1802df0f075ce92963eb9bff9bd":"":96:"edfab013213591beb53e6419":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2a7b2e07c148ff0f627ae28c241a395876bbed0c20f3fd637330e986db025714":"":"8f7e1621c2227839da4ea60548290ffa":"":96:"f9da62f59c080160ec30b43d":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b3e7837a75b38ae6d4299a1ae4af3c2460dfca558708de0874d6b1a5689b8360":"":"05d363b2452beff4b47afb052ac3c973":"":96:"6b4a16d1ea1c21b22bdcb235":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9df3ccd95f7570f6ecf5e5329dcb79bcd46cbcf083fe03aa8f5bd0f645c6a607":"":"774f4e70a7577b5101c0c3d019655d3e":"":64:"98ff89a8e28c03fd":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c7123e2e8d3774c8f1bdbb2272f19129e04f29b4351ae19c3b9d24e6ea1fe87":"":"99f25cebd6cfa7f41390b42df6a65f48":"":64:"8e14a0a4853a156a":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"490090323e9257517e2453469caa3414045cacb4d05d5cebc6b9c06fa6d19291":"":"c1beff1ff6cdd62339aa21149c4da1e6":"":64:"f998d7c08d609b3a":"":"":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"360e48dd38d9e7f5bf29a2994ab5b3c9c70247102d94049ae791850807a4c845":"":"88126c350dfc079c569210ee44a0e31a":"":32:"f2ebe5e4":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1562b32e4dd843edaf4474b62cadd8f46d50461f5b22c9f1a8eae7367d35d71b":"":"af29fdb96f726c76f76c473c873b9e08":"":32:"13fd6dfd":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d5160d0c98ffcb1c26aad755f67589000e2bb25fa940e6b1d81d780f421353d9":"":"1552604763453b48a57cea1aed8113f4":"":32:"660c5175":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3a3ea3a097c0c2b3a4cb78462d87fd5a8f348687c4150e9d3354b388ab13d17":"":"f77945979241fb3a454d8e3da193e169":"a69bac31241a2c07d3f7e331b77f662b1e67ccb81c07f52578b01f5785de9437f02eb7627ca7b9af09c1cb428fe93d6deb31f4d6dd2f0729f87480bdeb92d985de1aaad4bcebc6fbad83bede9a5dd1ca6a15bf5d8a96d4edb5bee1f7d195e9b2e5fb2221a596d69f257c18a143eda870e22d3f2ed20c9b3b0d8c8a229c462fff":128:"6b4b1a84f49befe3897d59ce85598a9f":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e1626327d987342cba5c8c63b75b4ed65463a2b9c831f4f9f80325fa867d1d73":"":"4e25800deab7ecec2a2311f8fb44eb7d":"ebaffd558f24dae03117c69ac4b2b4aaeaffe7e0e7599eaba678bfce23a9914dc9f80b69f4a1c837a5544cba08064a8f924064cba4d783623600d8b61837a08b4e0d4eb9218c29bc3edb8dd0e78c1534ab52331f949b09b25fbf73bece7054179817bc15b4e869c5df1af569c2b19cb6d060855be9a15f2cf497c168c4e683f2":128:"8faa0ffb91311a1a2827b86fec01788d":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"938da64b837275b0c80c442bdf2301aa75e387fe65a775d10a8ec840f62ff429":"":"dec6adeb60216cbb8a6c3afba49fa201":"4ac144bd95f405649444f01ab67ef3e4c0a54fdbd933b6ba00518c79db45c22c90030c45aadcfdb53ec8199be0cbb22dbb9ab938a871f4b3b0c98ed32590a051abb946c42726b3e9701f183b2092985e3457943a6350fbcaece2e6b111b179ea3fd10ac080a577a1481785111d5f294bc28519c470ff94392a51a2c40a42d8b5":128:"2211ca91a809adb8cf55f001745c0563":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e2436484ea1f454d6451ad8dbd1574b208d7a3ab4fa34869299b85c24348b43d":"":"97040d2ec094fe1c64fa35b35b7451a7":"bc198677513ce0e66697dfe52b22315fa5d8f92042f34cc9f373a01f94607df1a599132f60af010ed9b5e52162dd7b162912b68b11700e08f5fdafd84d10f760fc05ec97c05b83e55155194f399594015b90a19c04fb992e228940fe1b54ba59c4bb8318b33cc0df1cb1d71c389473dfb3eefabfe269ca95db59a7bc0201c253":120:"2e080ba16011e22a779da1922345c2":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7fb3fc72eb8a3aa5b102f90039f852cc3fd64f46915f5e49f1d9e02fe9cc13b1":"":"f6120fea313362524917c53d90bafb4f":"60c2be7fbd15faf895fd19a9ce775fe2b183b45cffafe4fcbf50d421bea97347e41a9418cfa129b2dda63b889a70063010215dbe38c37feae18bc31b34f31b726f22177f2b4b9d648dd4aa80edfd12dafaee10baa83224354432d1cb62ccabe38bb8448d162cd0d30e988d2e1a2458ffdafaacbdff928756390f66dc60d7ea45":120:"83de3f521fcfdaff902386f359e683":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"697c96d80d0a3fa9af35b86f31fb71a17aed30ce841c79896bbc8863b3b3ee04":"":"3a5163ec7e007061838d755ac219855e":"de50c12da63232768d5eb9920d49683b5b7114cb77448fa10b9d63552ec5d9c2eac94b375d11f944959f903bb20c696639b6e7f108ec1e873870098c631ddacb2c25268cfc26d2a4cacfb7dda7383374c5456bcf4daa887a887f4293f8caa14419472a8bf7ffd214dfb2743091238b6d1142b116c2b9f4360c6fe0015cd7de81":120:"cd4542b26094a1c8e058648874f06f":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"66c1d9ce3feb0e966c33e3fd542ec11cc32f18c2514b953103d32abcdc72633a":"":"46fdb88fdde9b7d74e893802a0303256":"55d2f263d2e3cf0b390fce1dd1ebd5f666086f26e1ce2f08002bedbb810ada3922c6bfcf6a6adaa556e9e326c9766f02b3eb6e278da2fa3baa7dbdb6373be3c6ecfbe646b1a39e27c5a449db9b559e7ea3496366b8cdbca00ee7a3dea7fdfbea1665bbf58bd69bb961c33a0fd7d37b580b6a82804f394f9d5d4366772cee3115":112:"96ca402b16b0f2cd0cdff77935d3":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d7c949420dc9497232cd5810f316d11f9e85d36c430b5943ba79836d88c1eb92":"":"7ef9788ff09cbeedd9569d49083a4097":"ca1de5cc3fcde2638eb72210e551e9c0e0a3f5570d5be83a9a4406b545d854bf17e75b9cd0f4c45722fbd71319a317b72a8798485e9316a1c8102432b83bc95af42f6d50700ba68f6f2e19b6af609b73ad643dfa43da94be32cc09b024e087c120e4d2c20f96f8e9ddfe7eae186a540a22131cedfe556d1ebd9306684e345fd1":112:"8233588fca3ad1698d07b25fa3c4":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6fe7c70815aa12326cdcbb2d2d3e088bbaaef98b730f87fe8510b33d30e12afe":"":"e0253bd1f19e99a7f8848206fb8ac4a4":"397897eca4856f90d14c3cdfe1ad3cba47e23174ae2dab7d2a6320898584e03bffa3ffd526f416d7b3c579b0f3628744e36eebb5df519240c81d8bbbf5c5966519c5da083ab30a7aa42deae6180e517cdd764b7f77d19cc1a84141817758887a8d7265e7e62279b9d33cd2f1ba10fd54c6c96d4b8a5dbe2318fef629c8e2af0f":112:"477b0a884d788d1905646bd66084":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cbeefb3817cb02d617f385cf2371d52c8bcbc29e5e7a55cd2da131ca184c6e89":"":"f74156d6400ae46b612531848bffe18f":"1abe2ab05ceccf2391273126fe4a4426b94d2c3b97a7f1cd2ee6bb952bf4a546e972b5a1701d5ddb0e5bb7a248fcb47107a9fc77e4b9806b68a11850119aa239fa8be1370e3a2e1a8b168f7323afdfc4b8917d92570167848a56132d68876abc386c258a9233dc8a9eb73443b052e842c3d63e8b5369acdd038404e4e9a4b038":104:"0cb67cec1820339fa0552702dd":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6f5f65ce2fc8ec3f602f5df90eb7d506dd771337913680ac16bdcd15c56583d":"":"9212a548c597677d1747e98ce6fb18a4":"55ca486c0183d0134925880d2e21dde0af51c4c77c6038a5a9c0497884e0aa4715bdb5b4bb864acc708ac00b511a24fa08496df6a0ca83259110e97a011b876e748a1d0eae2951ce7c22661a3e2ecf50633c50e3d26fa33c2319c139b288825b7aa5efbd133a5ce7483feecb11167099565e3131d5f0cb360f2174f46cb6b37c":104:"08d7cc52d1637db2a43c399310":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0e9a0391435acb57eae2e6217e0941c79a3ff938ec6a19b8a7db2ea972e49f54":"":"27cd1d7af7e491e30c8110cc01392529":"79140d32bb32dace0779e2d37a0f744d6d973e99a279962b43a6c0af63772e8a0a21d5d9dd3c33d4b218cb2f6f24dd8d93bb4e1e6a788cb93135321ecfed455e747fa919b85b63b9e98b4980a8ccb3b19d50d735742cb5853720c2ad37fa5b0e655149583585830f8d799c0d2e67c0dc24fc9273d9730f3bb367c487a5f89a25":104:"fbb477dd4b9898a9abc5a45c63":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"55a12eeca637654252e3e40b371667e3f308b00f2fd2af696223e4cd89e3fd4e":"":"8a3793b6441258360f7f4801b03d0b26":"f5810dc5f25e49bd6d94bc63c2494aa7a579a4056a25f1dd9b2734d0b8731ee52523edd54ff475651d45c213e1bf254327fb0e2c41a7d85345b02bcc9d27b08915d332e1659671991a4bb74055967bebbba6ecceb182f57977130623d5a7b2175fa5a84b334868661c1f450b95562928b4791759796a177d59ed18bbf141e2ad":96:"99230019630647aedebbb24b":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d353f870a9c088de5674efd97646b9c5420b2bcdfcffefcadd81682847e5331":"":"f267fa982af5c85359b6447f9b7715ea":"7cf55630867af5dff747c8dd25bcc531d94a7730a20b6c03d46059ea93fcaa00d07ee17dad0e0dff814b02dfef0cbe00b37fd2f5f95ead7c72be60016f2934d7683fc1e47185c7211c49cb03e209b088edb14e533dbcb792ab7033728904f7ff12381a236dba97894ec1fafcf853ab15fff343f9265d0283acef10168ffd1271":96:"9553b583d4f9a1a8946fe053":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d227c9ff5d17a984983056fb96f3991932ae8132377529c29238cf7db94a359d":"":"b8f6536f376a7efe0e684acf350bae70":"1cc25da31f90de7fa47ebce92754d3faa99f88d4e25ccab45645c1acdf850d55d7f02f61a0bfdc3125f29259d7da8abef532fe0966c63d3486753c8a2cb63a39349a0641b2f2b9526a03b97d58ca60fbb054c6c164ff2836688b0cad54df2b165bc082eeae660e768dde5130e30f8edc863446661c74da69b9e56de8ae388da0":96:"44b95a37fab232c2efb11231":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b2a57ef85ffcf0548c3d087012b336c46f6574cf1d97ca087bfad042ee83eec2":"":"3d580402d2a8dc4d7466e5dcb456be7a":"c2b9e95c16e55028794a63ef82d11fb83a2a75dc34a81f238e472c33264534bdd54cd07d02a0ecf9019ad1a6d6c779f339dd479e37940486950f183bade24fca2f24f06d4037b3555b09fc80279ea311769473eb0630b694a29823324cdf780d7d1a50d89f7a23b05f7a8c3ad04b7949aa9e6a55978ba48d8078b5a2fd3c1bbb":64:"072d4118e70cd5ab":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"63889ed5bf2c27d518a696b71c0f85592e3337aae95b5bf07289e4c5dfdc088d":"":"1ad534280a0fac7dce31f2ae4fb73f5a":"be1b9dabea33bb9443e27f674b27931c0fba699a33dc86fab29e50b76a9441030444b465317bbf2949faf908bc1b501d11a5ea2042e4b460a85f3be5836729e523d99b56ef39231d5c6d8ae2c2ab36ef44e2aa02a1f2c559c6e333216c7f9ed5f9b880a88e920219204c99a3ae8f90afd1396563bc59a691a93e0070b0b5fd90":64:"1bcea0ac2c1a0c73":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94e3e2c17cfb6f52d4fdba3ba6d18bba891b6662e85df14d7e61f04adb69e0e5":"":"8a80efb3bfe220526997543409fddb4d":"05da1b0f7ac6eef488d3f087ecae7f35abe3ef36d339709dc3fcb5b471979268ee894c3b6c7f984300d70bc5ea5fba923bfb41d88652bdaecc710964c51f3e2ae2c280b7d6c8e3b9a8a8991d19d92d46c8a158123187f19397ad1ad9080b4ffd04b82b5d68d89dacd3e76439013728c1395263e722b28e45dabf1ef46b8e70b5":64:"faa5c13d899f17ea":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe5e479ad0d79dbf717a1f51f5250d467819e444b79cb3def1e0033c80ddadd8":"":"47ce838083fd070d8544c0ad5337cdc6":"98476bf05a18c4ff1b6024dd779c1ac06d838705a0a83fe42bee5fc6ebf3b2a1a5049b67f4aabc8239cd6ff56504bcbad1e2498c159bbec2a6635933945f6ea49e5bc763dcf94f4b3643d3888f16105abb0965e24f51cb4949406124145e9ae31cc76535b4178492f38b311099df2751f674363ae7a58f6f93019653b7e6a6f0":32:"a3958500":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"27d4dedb71a8f68ca5ce2b9e56da772bf5a09b7981d41cd29f485bd2d1adb8d4":"":"7e6f0343c54539717a97b6c8b9f7dec4":"d386db78043f719b7e137cbf79a7f53dda2fe3baccbebb57d499f6eb168e5151f10081d76b72ae0f30165efbdda469e826f9246e59dbcad5c0b27691c00d6c192c24073e99c19cf8c142087c0b83c4ce2fc7ba1e696394e5620ab2d117d5dcd2ac2298997407fd5de07d008de8f9941a4a5f8074736a59404118afac0700be6c":32:"50fd1798":"":"":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a7aa836a469d28542d0d24d3232fad266da8fc889c6b6038b726d3da25f7b20":"":"9faf7cd805803e143ec8f3f13475efd2":"1006c707f608728b2bf64734062b12a5625062bcdcb80a3ce2058352a2922d5e6fbe19681b4f0d79ad3c837f81e72f2fbf8df669894e802a39072b26c286f4b05188c708f7c6edd5f5bb90b87ffa95b86d84d6c1c4591b11d22c772a8ad7f2fe6bd8b46be0e93672df2e8bff8ba80629e1846cfd4603e75f2d98874665c1a089":32:"07764143":"":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a9444fd176acbe061d0221fde3ddfcc4ff74e995d981a831297c4cbda51c22a1":"c146ff5a988496cad7eced7a2ea471e0117d5d6bd2562c23ce9db4bf36d83ba3fc22e90486ec288a627d208e0b2fd3b65f8301cf7fc41d97959981a95cd1cf37effc46db99b94b21c941c3613c26a10b1a6b7793f467d58ff5134612230f1c49d7e1fcf664fe52fc6eca46273982f6fe729b009d90eb8d8e4a0b0dbe907b76da":"5714732145470da1c42452e10cd274b5":"":128:"db85b830a03357f408587410ebafd10d":"":"a3cad9a57fa28e6f6aaa37150a803bf8b77e765f0702e492c4e5ebb31ae6b12d791149153e469a92bb625784a699fd7ca517500ee3f2851840ba67063b28b481e24ba441314e8b7128f5aaccaf4c4e2c92258eb27310bf031422b7fc2f220f621d4c64837c9377222aced2411628018a409a744902c9e95c14b77d5bb7f5846b":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"686d3bd071e3f46f180611bc4ec8d7726fe72b6c617e7d42b3339f53918c9e36":"21983ad66449c557263aef299da6eef8f31d576fc17ed2dac3e836f7c2ceaff3094b2695452680e188df10c174810efd1fbaa6c832baedce0b92e4c7121447f6461ac909b4302cdf658095b1de532b536faa4fb38cfdf4192eb5c3fe090d979a343492f841b1edc6eb24b24bdcb90bbbe36d5f8409ce7d27194a7bb995ecc387":"a714e51e43aecfe2fda8f824ea1dc4b7":"":128:"cd30c3618c10d57e9a4477b4a44c5c36":"":"9610908a0eb2ee885981c9e512e1a55075a212d311073bbb2fb9248cce07af16ee4c58bdc8dbe806d28480f9065838146f3e1eb3ae97012cfe53863a13d487f061a49a6c78ca22a321fa25157dbe68c47d78f2359540cc9031ee42d78855ed90e6b8ea3d67725bfffcb6db3d438c982b5f88d9b660f7d82cb300c1fa1edebb6b":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6fe81f15a02e2ecf46e61199c057102d160e6b5d447d4a275972323fff908c3e":"0b4ee0385e6665da8fd2ae47f2d0cf1c5bd395a3bb447047ab5a3ae0b95355bf83d0381119a8d4c01acbe60cd7885da650502f73498a682fdc94f7b14f4c753226064fa15e3a90a6083e053f52f404b0d22394e243b187f913ee2c6bb16c3033f79d794852071970523a67467ce63c35390c163775de2be68b505a63f60245e8":"91d55cfdcdcd7d735d48100ff82227c3":"":128:"cd7da82e890b6d7480c7186b2ea7e6f1":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4c2095e1379389dc3810e8819314f5a2f87d1494213c5b1de1a402f7f4f746c4":"26ec8ebac0560538a948afbc18fb730e9a91f21392bde24b88b200f96114b229a5b57fa9d02cf10e6592d4dfb28bf0f00740c61157ce28784e9066ea3afd44ecf3a494723610cb593c0feffc6897e3435c6f448697ad3e241685c4e133eff53bdd0fe44dd8a033cfb1e1ea37a493934eb5303ae6ef47ce6478f767ef9e3301ab":"19788b2e0bd757947596676436e22df1":"":120:"f26a20bea561004267a0bfbf01674e":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"be5351efc0277afc9759ec2464a22cb4401f7a17efd1a205e7af023c7ed30ee1":"1eca91406f338fc09c2988b1d7dc8c409d719300c03840a497d7b680cdd5e09b144903477f7116a934e1d931cf368af1fc2a0a0e7caa95475a3cd7bf585a16fda31eb3f8201db0216b37a1635c1c030836b3dd05ca5b0194388fa198e717822131d5d4318690ef82d35ac80b27fff19aec8f020dc6c6ce28f0813bbbf8230ad9":"c6b26117d9dbd80c1c242ad41abe2acc":"":120:"61051d6c0801b4a6b6ca0124c019f3":"":"95447aded336d6c20d483a6f062d533efed0261ad321d37bf8b7321b98f55c0f0082ce7f3d341b18fea29a72fc909d30cd8c84a1640227227287674a9b2f16a81b191ecf3b6232d656c32d7b38bea82a1b27d5897694a2be56d7e39aa1e725f326b91bad20455f58a94a545170cb43d13d4b91e1cee82abb6a6e0d95d4de0567":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"814c2cdfdeecf39d43bb141fbfc62dac44f7552c5e5dac2d4913303fc860119b":"0d3013a1d7132f685d001420daa6c7b643bc36b887511acc4588237d3b412c79e4ebba29c08248ad46c7239e8daa232b7483c9c4e3d1c0bbebc696401efe21f7fd6fc0525a4ab81bd9a893d5f7ab23b70ed07c00f33649b8a996a006de6c94f7793f72848793f4d5b31311c68aae1e715b37409fbe506dac038a0950f05fe82b":"0db3ade15cb0dea98a47d1377e034d63":"":120:"e62f910b6046ba4e934d3cfc6e024c":"":"374d03cfe4dacf668df5e703902cc784f011f418b43887702972dcc3f021bcb9bdd61ed5425f2975b6da7052c4859501eb2f295eb95d10ba6b2d74e7decc1acacebf8568e93a70a7f40be41ac38db6f751518c2f44a69c01c44745c51ad9a333eda9c89d001aa644f1e4063a8eb2a3592e21c6abc515b5aacaec8c32bcf1d3c4":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1ae4541110f2bc4f83cd720b5c40c8315413d896e034b75007f172baa13d29ec":"5ea811e7fbfc0e00bf2a6abfac50cad9efd90041c5f7fb8f046a0fecbd193b70a2de8a774d01dd3cd54f848cb3e9f5152ee1b052ba698bebfba1fbbdae44a260447d6e6482640ae4d01c9cac3d37d4ffe9a0de0b6001de504a33ef7620efe3ce48ecd6f5b1b3a89185c86d4d662a843ff730e040e3668d6170be4cced8a18a1c":"83f98eec51ee4cae4cb7fe28b64d1355":"":112:"df47eef69ba2faab887aa8f48e4b":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"20c9b662ec4bd13bf58d64cb0a7159b0e7fee4703af66292bf75c8bd6e42e8dc":"45b64f2ed5ac707890c0c1726adf338770ce6a728fe86bb372c4c49409a32705f881bc4d31a27c455c7c7df9dd2c541743523e7d32f88930d988857847f011be5f5f31a31e8812745147cbff5c1294d0fd4a7285db4833f22bf1975250da99c4d0dd2c9688d7f8001bb6ef2bc898ce4d42c5b78e74645b56ce992338f49d4183":"2bc0847d46f3d1064bbf8fe8567f54a2":"":112:"5a1bf25aa8d5c3fe5cf1be8e54a1":"":"9079d6275db076625e8474c2914fe483d413d5339202f98f06c3b0ef063d8f3d31029deaf7f9349bfec57e5cf11f46f02d5a6520c7992efc951adbbea6d08e53faeb10dfe8b67ee4685da9ea4fe932551a65821147d06d4c462338e6ddda52017c2bc187fd6d02b7d5193f77da809d4e59a9061efad2f9cadbc4cd9b29728d32":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0a1554db37f2e275732a77e521cbd8170729d8677a85db73feacf3c66a89d689":"5421d93b7e6e0091978c673df4f3a406aef5f13eb5e6f95da19b0783308cbe26d4fd6c669cc4a9f069d7e62e4c6fad14b80e918fe91556a9a941a28b3dbf776a68ac7c42df7059b5ed713e78120aec84e7b68e96226c2b5e11a994864ed61b122e7e42ef6cfdae278fadbae1b3ea3362f4e6dc68eef6a70477b8a3ffcfba0df9":"b9194a4d42b139f04c29178467955f1d":"":112:"05949d591793ca52e679bfdf64f3":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ab1d9bb571c4bdc9f3ef340914bddcfe0c8e7718d4a2530334372cec86e5fcb":"80bcea307e009745724d5f15d21f3b61a5d5a8401530346b34a2adfa13e3e8c9c9327d6fad914b081e554fbe6c1c6fe070b566620e559555c702c0ab5becf61ea1d9de64351ce43b2276ef4e20b5af7ce43db6d21286af4e740ef00c6d790705afcf0ee4850fffc12c662f2bd8212feb21db31065ab8f717a7509c213352b869":"6a5335901284dd3b64dc4a7f810bab96":"":104:"04b8e5423aee8c06539f435edd":"":"36b9602eee20b8f18dce0783cd1e01a799f81ae0a1ce6d293a26c62f47e7dad85c8446697cc09c81d3d9ead6f9e55c4147211660c8aea9536cc5516e9883c7d6854be580af8cd47ba38fa8451f0dad9c904e0e7f9997eff7e29bf880cd7cedd79493a0e299efe644046e4a46bf6645dfb2397b3a482a346b215deb778c9b7636":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7dddbd5657e22750bfe6baa70a1f4ac46c1ef8bee573a57cfcef50b66f85e593":"2bf5aba83a8161b9d21ff29251fb0efa697b1ea9c1b3de8481d5fd4d6b57afda0b098decdc8278cc855f25da4116ed558fc4e665a49a8fff3aef11115757a99c10b5a73b1f794f9502186c13dc79442f9226bbf4df19a6440281f76184933aeae438a25f85dbd0781e020a9f7e29fb8e517f597719e639cbd6061ea3b4b67fb0":"fcb962c39e4850efc8ffd43d9cd960a6":"":104:"1d8cdadcf1872fb2b697e82ef6":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6916b93b2712421f1f4582de7ec4237c4e42e2b32c7dced2f8bb5bd2e0598312":"3739cca20279a36ddb857ac22beae901a49529b3182463ab81a7c46e437eb0b0571e8c16f7b626ecd9f2ca0cd83debe3f83e5d58ed3738899f4b616755eb57fb965208f261736bdf7648b1f8595c6b6a779768115e3077dfee7a42d44b555a51675fb1ce9961d0e21b2b9b477c0541184350e70decf7c14a4c24b8a6cd5fed8e":"b4d9248bb500e40de99ca2a13e743f1c":"":104:"090d03446d65adcc0a42387e8e":"":"0255be7ac7ac6feb3a21f572f6a593cc8a97f17af7064c80e478f4a6c469cf94d604bc014b003bf284d216161a9c8a493af43c6a0d8caf813a9e6f83c7ed56dd57543876b11f76aa2be80dcd79d19ac61f00fa423ac2f52fae7a8327cd91494ca4116feb735980ad0a4b1445cb7f38cc712b8aee72179e65b97fca38694e3670":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b751c8b724165009a8bd97a9d2a0e22cae5a95c4743c55eeeef0a6fe7d946bec":"e8546a5af1e38114822e60e75563a9399c88796f303c99c69d1f3c50379da81e1cd5b5a4a721e23c59da58ea4361b7ff58408e506a27fea24f9a235c6af7f7a5bd93fa31e90edfc322821c08d6324134830b7fe160b4a3e6d27866a10e6e60762a31618ef92f5c67ccb1deb1f1b188f0e687165e7c366c7418920df4f4fcdcae":"160c50c0621c03fd1572df6ba49f0d1e":"":96:"9fef9becf21901496772996f":"":"175fa6b7cd781ec057ff78ba410f2897a920739b5fc4f04bc9b998fbc7cc18e327ad44d59b167e4627256aaecd97dc3e4a7c9baaf51d177787a7f4a0a2d207a855753c4754d41348982d9418b6b24b590632d5115dc186b0ba3bec16b41fa47c0077c5d091ec705e554475024814c5167121dd224c544686398df3f33c210e82":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0faf32c22c2a4ee38fe4b5ce08f98fdf6f83b5038dcba5ec8332b3eeb5c710c7":"8a556cc30075753c6e94c2f669bca2058ff6abcbffffc82da7cfca0a45af82dfb4cf487ceb4ede72be87ee4c8b72db1e96459de1dc96721464c544c001d785f2188b9fccaec4b1a37970d38b326f30163d2fdfdf8a2ce74aec55abcd823772b54f8081d086a2e7b17b4086d6c4a5ea67828ef0b593ea1387b2c61f5dfe8f2bb0":"04885a5846f5f75a760193de7f07853c":"":96:"0c13506ed9f082dd08434342":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dddc3d2f82bdcdbc37648a6b9b416af28753740f8e998cd1a52a0b665369f1c":"07bf84b15b21951fd22049be6991a672503ae243b8d285fb1e515e1d2c36bfd5b0d0bcce85791f2cea8f616aed68a7d9cf4eaf76418e8b1ec27751de67cbfd9d9f7905b2667904f10d598503f04c04ea00a681ff89a9c446d5763898430bd7a9dfebfe544e3ed3e639b362683a651e087626ffa63c0c2b3e0dd088b81b07f75e":"0a93b883cbd42998ae2e39aab342cb28":"":96:"5c37918edb7aa65b246fd5a6":"":"ff7b7b2f88b8c6f9f9bad7152874e995eea0ff1ce1ecd9b8d563642a37a31499f14d70f0dd835b7adf80928497f845fd8c2786cd53af25f8c9fe1bba24e3c3860162635bbed58f06cf6c9966bb9b570987a48329279bb84afb9e464bb4ad19ae6600175086e28929569027c5285d2ed97615e5a7dada40ba03c440861f524475":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a0b1a62e46e7712277fc711e19d0c0c865ee77b42ac964b7202dbcaf428086c2":"7dd7c0787fdbea4aacf929341659dcf4b75cbca8f92001e8b62a4d7b40272c5755fa9c445857db05328dc11ce5221f044f4b3dafbf0e2d72a1ad0d3e4c804148db578218690ccc620d8b97b4450ff83400a6caaa959617611446a6627138a4067be9ea410d4b0581022ab621928205b4a4480560fc4c2c3b39a2805684006f35":"e20957a49a27e247d00379850f934d6c":"":64:"c99751516620bf89":"":"9307620479f076c39f53965c87d20c2aff11c736c040dba74cd690d275591a5defc57a02f6806de82eb7051548589484364f6c9b91f233a87258ede1ee276cb2c93b4fc76f4d7e60cbd29ba2c54cb479c178fa462c1c2fb6eeb3f1df0edfb894c9222b994c4931dedf7c6e8ddecbde385ddf4481807f52322a47bf5ff7272991":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ffcc1c88fba1723b3ab57b458d9bffb98b878c967fb43b9db2ae0753d32a3bb1":"19b6dec86d93c466307de3a36c0791ed1010b1b9cf8d30347ae46e0f9283c9fda43da8cb491dd17cc4298b1f0b876d6a0f4bcbc9667fe34564bc08f8f7b67045057d19f4bf027bc839e590822fa09a5cef1af18e64a0116aa2a01a3f246c2b5272c18c9aa23efe674ba53d533ae8f0695cb78c1155cdc7a9d7fae2c4567dc07c":"d533c2170c5dc203512c81c34eff4077":"":64:"167ec8675e7f9e12":"":"0539287ac546fe5342e4c3c0ec07127dcd22899abfe8cdd6e89d08f1374d76e877bec4844d06e0a9f32d181c8d945ba16a54ce3725fae21d8245c070a4da0c646203d6b91325b665ab98c30295851c59265b4ab567b968b6e98536b7850738d92e9627b4c9c6f5d9ae2520944783d8f788a1aa11f3f5245660d41f388e26e0a1":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"55e94b339c3bafe068ef9cc30787cc6705850114976843777c92b4b331801650":"147cc7bc4008dadf1956520b5998d961499bdf3d8b168591adbfd99411ad7b34eb4b2a5c1bb0522b810fec12dd7c775784d7ecdc741e6dec8191361e6abf473b219221801951b4d5ffe955ab50eef9cffdfee65ba29ddfa943fb52d722825338c307870a48a35f51db340aa946c71904d03174b1e4a498238b9d631a6982c68d":"2e2b31214d61276a54daf2ccb98baa36":"":64:"5266e9c67c252164":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"13c9572bdef62510d84f2d415cc481cd1e71b9c1132b43e63b21ba4e16de9b39":"7c78e634dec811173ff3c4a9a48ae3ae794fbd2aefd4b31701777ff6fcb670744c592a1d298d319717870dca364b2a3562a4ffa422bf7173c4f7ea9b0edf675e948f8370ffd0fd0d5703a9d33e8f9f375b8b641a1b1eecd1692ad1d461a68d97f91f9087f213aff23db1246ee16f403969c238f99eed894658277da23ced11ee":"a8339ba505a14786ad05edfe8cebb8d0":"":32:"df3cab08":"":"91f9780daefd2c1010c458054ac6e35baa885cdd2c95e28e13f84451064e31e0739f27bf259cb376ab951e1c7048e1252f0849ccb5453fc97b319666ebbfbc7ef3055212a61582d1b69158f3b1629950a41bc756bded20498492ebc49a1535d1bd915e59c49b87ffebea2f4ad4516ecdd63fa5afda9cce9dc730d6ab2757384a":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30a14ca53913acbb215b4e4159083106db3fff83cbedd1e5425f65af1e94f5dd":"8c5f73ee1544553b712ad7a14f31379c8d54a4e432fb6c5112436988d83c4e94954b0249b470538fb977b756fbee70b811d4dc047a869e207bb0b495f1e271d0034e912000e97594033e0dedde0591b297f8a84bafcc93a46268a5bba117b558f1c73513e971c80a7083e1718fc12d0cc0d996a8e09603d564f0b8e81eea28bc":"4f23f04904de76d6decd4bd380ff56b1":"":32:"18e92b96":"":"bb4b3f8061edd6fa418dd71fe22eb0528547050b3bfbaa1c74e82148470d557499ce856de3e988384c0a73671bf370e560d8fda96dabe4728b5f72a6f9efd5023b07a96a631cafdf2c878b2567104c466f82b89f429915cf3331845febcff008558f836b4c12d53e94d363eae43a50fc6cb36f4ca183be92ca5f299704e2c8cf":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e69f419140289ac25fb0e2ef9cc4f7e06777ac20f7d631918d1af0c8883b7d6a":"ff8dfa4e70490ea9c84cb894dc5d7e1b935ebcdea80a39c4161d4db42cbb269cc86abd381af15ec9a4a42ed18c1eed540decec19722df46f22aa06883297cb393fb23e4bb31a817e88357aa923c7ecbcf24c28a09f622dd21fa70c0a02193024fdcefeaa96cc1b50f81a65dfa9e1bb5126f0c9766a861eed096ec15fb07b0f81":"531248afdaaf1b86cf34d2394900afd9":"":32:"c6885cdd":"":"f75299e0ead3834fc7ebd4b2051541b598ad57cc908fdcd4324cf4ccf7dcf7b3f0737ad6c026399a8b1b6d3d50011b3c48ea2c89833b4b44c437677f230b75d36848781d4af14546894eecd873a2b1c3d2fcdd676b10bd55112038c0fdaa7b5598fe4db273a1b6744cba47189b7e2a973651bfc2aaa9e9abea4494047b957a80":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"404a5d1ac9e32f9caabffbfa485ce9c27edc9e5cde0f2aab4f32ce3121449b88":"b63ec4d28854b7fe2d4d13973f5bcb16f78494ce25cc2820de9d0dc1d8d91db1f19bc9e01cee8418c9e88a69b2f30cdbb0dbdbb50be71e1e666c111c126f2b7197c02f69a1b2ec5e1bf4062b2d0b22fb0fa1585b4e6286b29f6ac98d1b1319dd99851fa6921607077d2947140fdeeea145b56ea7b6af276c9f65393bc43ede33":"b6e6c078e6869df156faa9ac32f057c3":"6ebc75fc9304f2b139abc7d3f68b253228009c503a08b7be77852da9e1afbe72c9ab374740b0dc391fa4d7e17de6a0aa08c69e6f5c5f05411e71e70c69dfbcf693df84c30f7a8e6c7949ea1e734297c0ea3df9b7e905faa6bbdcaf1ff2625a39363308331d74892cf531cb3f6d7db31bbe9a039fca87100367747024f68c5b77":128:"94c1b9b70f9c48e7efd40ecab320c2d3":"":"56a0ac94f3ec7be2608154f779c434ee96db5ed4f5a6e1acfb32361ce04e16e1337be5978df06d7c4f6012385fb9d45bb397dc00f165883714b4a5b2f72f69c018ffa6d4420ad1b772e94575f035ad203be3d34b5b789a99389f295b43f004de3daaef7fa918712d3a23ca44329595e08da190e3678bc6ad9b500b9f885abe23":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b56f0c980acf7875cf7f27d53ad4a276adc126d0b93a5774ac4277eecad4309e":"2c94299e36b7c4a825ecbc5a7809061e0a6761764a5a655ffdb0c20e5c3fcb10f4e93c68aa0a38c2acc5d06f2b7c4ff4fcf814b551bfefa248dbe06a09a0f153213538a31fa7cf7d646b5b53908d8978f514c9c4d6d66f2b3738024b5f9c3fd86b6da0c818203183f4205f186ea44a54edb911b1a17c424c95852c8d271b2e93":"b004c049decfb43d6f3ec13c56f839ef":"b2045b97fbb52a5fc6ff03d74e59dd696f3f442c0b555add8e6d111f835df420f45e970c4b32a84f0c45ba3710b5cd574001862b073efa5c9c4bd50127b2ce72d2c736c5e2723956da5a0acb82041a609386d07b50551c1d1fa4678886bac54b0bd080cc5ef607dca2a0d6a1e71f0e3833678bf8560bc059dae370ec94d43af6":128:"fce7234f7f76b5d502fd2b96fc9b1ce7":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c5027c36e6caa1b3e5e45fead32b5e3126ac41f106c491b0b3a7c16502f4fe6":"58f0ceaa31c0025d2e6bb58720cce4b64f5f6c657c847ae42936eb1e343fea397c8a8cf2f5ef02ffaec25f431900dcb0910cf32cea9eca3b78aed1c451c7af51066489f87b2a5f8cf28d6fdb6ce49d898b6167b590a3907be7618be11fb0922a3cfd18e73efef19e5cdc250fa33f61e3940c6482ae35f339e8c0a85a17379a4e":"3ee660f03858669e557e3effdd7df6bd":"93e803c79de6ad652def62cf3cd34f9addc9dd1774967a0f69e1d28361eb2cacc177c63c07657389ce23bbe65d73e0460946d31be495424655c7724eac044cafafe1540fcbd4218921367054e43e3d21e0fa6a0da9f8b20c5cdbd019c944a2d2ee6aa6760ee1131e58fec9da30790f5a873e792098a82ddf18c3813611d9242a":128:"ac33f5ffca9df4efc09271ff7a4f58e2":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"34c3019810d72b5e584f0758f2f5888a42729a33610aafa9824badade4136bbd":"22deef66cbb7db240c399b6c83407f090d6999ba25e560b2087fed0467904bb5c40cbaa05b8bf0ff5a77c53fa229478d8e0736414daf9c420417c391c9a523fd85954533f1304d81359bdcc2c4ac90d9f5f8a67a517d7f05ba0409b718159baf11cd9154e815d5745179beb59954a45a8676a375d5af7fae4d0da05c4ea91a13":"f315ea36c17fc57dab3a2737d687cd4f":"f33c5a3a9e546ad5b35e4febf2ae557ca767b55d93bb3c1cf62d862d112dbd26f8fe2a3f54d347c1bc30029e55118bab2662b99b984b8b8e2d76831f94e48587de2709e32f16c26695f07e654b703eba6428f30070e23ed40b61d04dd1430e33c629117d945d9c0e4d36c79a8b8ab555d85083a898e7e7fbeb64a45cc3511d99":120:"0bae9403888efb4d8ec97df604cd5d":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"29397d98fc5a7f04b5c8b6aa3a1dd975b6e4678457ae7f0691eee40b5397503a":"0bbf1079cb5569c32257bc7e52371db46f3961b457402b816588243b4523543430d5ca56b52de6632724c51e6c3af310b28822c749a12bdd58dee58bbc3266631562a998ec3acdc8a2567a9f07f7f9759c3f50b1d1dcdd529256b80c0d227fc1fe8b58c62d1c643f1ac2996809fd061afcf4a9af184c14db9e63ec885c49de61":"885543a45fd1163e34ef9276145b0f8c":"d88beaa0664bcef178cbdbfab17ff526b5c0f8ad9543c6a312d93c336707fbf87c0448b07a550580953279f552f368225cc6971f1eecc718d6aad1729c8d8873081357752bd09d77075fa680cb2dc4139171e4a0aaa50b28c262c14fd10b8d799ca1c6641bb7dfdfdf3dea69aa2b9e4e4726dc18b0784afa4228e5ccb1eb2422":120:"7b334d7af54b916821f6136e977a1f":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7555dfcf354da07fd70f951d94ec1d86a635edfdb7929460207b2a39cc0cf4a3":"a1351cfffd1b0cbf80c3318cc432d3238cb647e996b7b53c527783594683f535950cd08788687c77226b2d3f095955884adc2e475ca1e1eab04e37d5e901ae8934a9d3a0cb37b80612ca25d989856dfa7607b03039b64d7dcd468204f03e0f2c55cb41c5367c56ca6c561425992b40e2d4f380b3d8419f681e88ebe2d4bdad36":"e1b30b6a47e8c21228e41a21b1a004f0":"bf986d3842378440f8924bb7f117d1a86888a666915a93ba65d486d14c580501e736d3418cebee572439318b21b6e4e504a7b075b8c2300c014e87e04fa842b6a2a3ebd9e6134b9ddd78e0a696223b1dc775f3288a6a9569c64b4d8fc5e04f2047c70115f692d2c2cefe7488de42ff862d7c0f542e58d69f0f8c9bf67ef48aea":120:"d8ef5438b7cf5dc11209a635ce1095":"":"95e8db7c8ecab8a60ceb49726153a7c5553cf571bc40515944d833485e19bf33cb954e2555943778040165a6cfffecef79eb7d82fef5a2f136f004bb5e7c35ae827fac3da292a185b5b8fc262012c05caeda5453ede3303cfeb0c890db1facadaa2895bdbb33265ada0bb46030607b6cf94f86961178e2e2deeb53c63900f1ec":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bbeafe86c72ab0354b733b69b09e4d3462feb1658fe404004d81503f3a6e132f":"a033c2051e425d01d97d563572e42c5113860e5dedcd24c76e3e357559ba3250f1fc5d4a931a9d0900ac025400f0158621f0b1215b2907467bfc874bcabbb28e28de81fe1ee5b79985261c512afec2327c8c5957df90c9eb77950de4a4860b57a9e6e145ea15eb52da63f217f94a5c8e5fcb5d361b86e0e67637a450cdbcb06f":"ee1caba93cb549054ca29715a536393e":"e44b0e0d275ae7c38a7dc2f768e899c1c11a4c4cb5b5bd25cd2132e3ecbaa5a63654312603e1c5b393c0ce6253c55986ee45bb1daac78a26749d88928f9b9908690fc148a656b78e3595319432763efbcf6957c9b2150ccabfd4833d0dcee01758c5efb47321a948b379a2ec0abcd6b6cbf41a8883f0f5d5bf7b240cb35f0777":112:"a4809e072f93deb7b77c52427095":"":"e62adf9bbd92dd03cc5250251691f724c6ece1cb89d8c4daf31cc732a5420f6bedab71aab0238ba23bd7165ed1f692561ef457fd1d47413949405b6fc8e17922b17026d89d5830b383546ea516a56f3a1c45ec1251583ae880fa8985bd3dcc1d6a57b746971937bf370e76482238cc08c2c3b13258151e0a6475cc017f8a3d0e":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6ad06c88dd4f3becf35eed95bb859be2406a1803a66e4332a74c5f75c09b9a01":"2219c11672884b93d0290b6a7140feafe416461f1cdaf0b3aa64693d7db2eb10feae46aac7af549fa1b0abc78c11f8df7ee803ef70310fc3e67769f8b4bc64f81143a6ebf8bee9d386a8ede5d2cc0ed17985a3b7bb95191ef55e684690ccdc5ca504bc6eb28442b353861a034a43532c025f666e80be967a6b05b9dd3a91ff58":"07d8b4a6e77aef9018828b61e0fdf2a4":"cca1fd0278045dda80b847f0975b6cbf31e1910d2c99b4eb78c360d89133a1c52e66c5c3801824afc1f079d2b2b1c827199e83f680e59b9a7de9b15fa7b6848b5bf4e16a12ac1af4cf2b4d7bb45673c5e1241e9996440860a9204fc27cae46a991607bc5e7120d6c115ddcbdd02c022b262602139081e61eee4aba7193f13992":112:"e3ede170386e76321a575c095966":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"87bbf7c15689e8c99a5a32a8ba0dfebcfe1989159807428cdd1f382c3ea95178":"b77d3bf3b30b3e6e5c86cbfb7e5455f6480f423cc76834b4663d28d9f1eb5c40212634e3347668427f7848352ab789886f96682a568260bdaeb7de0aae2af36f5ae04f06c332b158d923706c1c6255c673feeadb6d30bfc901e60b92acd9ddd83ef98686c4d492f4a60e97af2541d470a6a6b21903441020ea7619cf28a06986":"2f19aa1f3a82a7398706953f01739da7":"590dbd230854aa2b5ac19fc3dc9453e5bb9637e47d97b92486a599bdafdfb27c3852e3d06a91429bb820eb12a5318ed8861ffe87d659c462ef167be22604facfa3afb601b2167989b9e3b2e5b59e7d07fda27ffccd450869d528410b0aff468f70cc10ef6723a74af6eebc1572c123a9b5a9aab748a31fa764716d3293ff5de7":112:"5c43fc4dc959fabeebb188dbf3a5":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"24095a66b6eb0320ca75e2ab78e8496a45f4b000fc43436904c3e386fb852ed2":"4690edc843e23d9d9b9a4dab8fa8193f8bf03897d3d29759e9dc9e0f8a970c0f5d4399b9f60461fe5cf439f9b0d54bbc075695e4d76b76298cc2b75bb3e0b516ee9ada93f77c4c002ba9fd163a1e4b377befb76c1e5ab8b3901f214c0a4c48bd2aa2f33560d46e2721a060d4671dc97633ff9bcd703bb0fbed9a4a2c259b53f3":"0955c1f0e271edca279e016074886f60":"f5160c75c449e6bb971e73b7d04ab9b9a85879f6eb2d67354af94a4f0ca339c0a03a5b9ede87a4ff6823b698113a38ae5327e6878c3ccc0e36d74fe07aa51c027c3b334812862bc660178f5d0f3e764c0b828a5e3f2e7d7a1185b7e79828304a7ad3ddcd724305484177e66f4f81e66afdc5bbee0ec174bff5eb3719482bd2d8":104:"75a31347598f09fceeea6736fe":"":"0dd2dca260325967267667ff3ccdc6d6b35648821a42090abba46282869bac4bdc20a8bee024bea18a07396c38dbb45d9481fedcc423a3928cfa78a2f0ae8eedb062add810bdbee77ddc26c29e4f9fda1ab336d04ef42947b05fbdb9bc4df79e37af951d19d6bf5e5cb34eef898f23642a9c4a9111ed0b7a08abeeefbbd45c23":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"086b77b5731f971f0bf5b8227361b216746daf8b08c583ad38f114a64aa7877b":"629317212ff8bd8a7676e4c00b81a9577de6397c832f99ac974fa2bbbccb6e3b8aa776db6922eed0b014bf3923799da7d9d0854c8817470e1e2f7fc7a572f9d0316ee60cde7ef025d59b897d29a6fee721aeb2f7bb44f9afb471e8a7b0b43a39b5497a3b4d6beb4b511f0cefa12ce5e6d843609d3e06999acfbee50a22ca1eee":"164058e5e425f9da40d22c9098a16204":"6633eae08a1df85f2d36e162f2d7ddd92b0c56b7477f3c6cdb9919d0e4b1e54ea7635c202dcf52d1c688afbbb15552adda32b4cd30aa462b367f02ded02e0d64eeee2a6b95462b191784143c25607fd08a23a2fbc75cf6bee294daf2042587fdd8fe3d22c3a242c624cf0a51a7c14db4f0f766ec437de4c83b64f23706a24437":104:"2eb6eb6d516ed4cf1778b4e378":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0f9e806b0d937268561c0eafbbdd14ec715b7e9cef4118d6eb28abbb91266745":"2ae4baef22ace26f464a9b0c75802303f2d7c0f9a1ed1d0180135189765bdd347fea0cc2b73ee7fbbf95ea1fda22597b8aad826f63e744069a9c349488b2cc1cf9372f423cc650302082125724730ae5a4d878e07385ddc99034c6b6b46748f02c80b179fe6406b1d33581950cb9bcd1d1ea1ec7b5becfd6c1f5b279412c433a":"8657996634e74d4689f292645f103a2e":"2ca253355e893e58cb1a900fbb62d61595de5c4186dc8a9129da3657a92b4a631bbdc3d5f86395385a9aa8557b67f886e3bb807620e558c93aea8e65826eadeb21544418ee40f5420c2d2b8270491be6fc2dcbfd12847fa350910dd615e9a1881bc2ced3b0ac3bde445b735e43c0c84f9d120ca5edd655779fc13c6f88b484f7":104:"83155ebb1a42112dd1c474f37b":"":"87d69fc3cbc757b2b57b180c6ba34db4e20dde19976bfb3d274d32e7cea13f0c7d9e840d59ce857718c985763b7639e448516ddbbda559457cd8cb364fa99addd5ba44ef45c11060d9be82b4ebe1f0711ac95433074649b6c08eeab539fdfc99c77498b420427e4d70e316111845793de1f67fb0d04e3389a8862f46f4582dc8":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c24c17911f6db4b3e37c46bcc6fa35efc1a55f7754f0bb99f2eea93398116447":"0bd92cb106867e25ad427ff6e5f384d2d0f432fc389852187fcc7b0bf9f6d11a102a872b99ed1ad9a05dab0f79fa634745535efed804ff42b0af8dad20ba44709391fb263f245e5a2c52d9ce904179633282f57a1229b0a9c4557a5c0aeda29bbc5a7a871fa8b62d58100c3722c21e51e3b3e913185235526e7a5a91c559717d":"5098cc52a69ee044197e2c000c2d4ab8":"9ad4dee311d854925fc7f10eca4f5dd4e6990cb2d4325da2ef25a9a23690f5c5590be285d33aaeba76506c59edec64b8c3ff8e62716d1c385fbce2a42bc7bd5d8e8584de1944543ab6f340c20911f8b7b3be1a1db18a4bb94119333339de95815cae09365b016edc184e11f3c5b851f1fa92b1b63cfa3872a127109c1294b677":96:"f7930e3fab74a91cb6543e72":"":"6124ede608d416baa5e653a898ca76e9f47f08403c1984feec112e670ded2226e0073f8881ab2161cfda541dccae19691285f7391a729f07aba18f340bb452c1da39cbe83cf476cfc105b64187e0d2227dd283dcba8b6a350f9956b18861fa131d3f00c034443e8f60e0fdfcfaabbed93381ae374a8bf66523d33646183e1379":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d267a8379260036ff3d1ec07a7b086ff75706bad12d37d9656f04776f3d8b85c":"80c68a330ef50e3e516681f1e535868b03466e7edbb86cb385d01db487da3dd3edad940fdc98d918b7db9b59f8d61369eee2928c88557306c4a13e366af0708d94cb90a15f1c3bc45544bdb05ff964da5e06c5ae965f20adb504620aed7bce2e82f4e408d00219c15ef85fae1ff13fea53deb78afa5f2a50edbd622446e4a894":"674dc34e8c74c51fa42aacd625a1bd5b":"6a9a8af732ae96d0b5a9730ad792e296150d59770a20a3fdbbc2a3a035a88ac445d64f37d684e22003c214b771c1995719da72f3ed24a96618284dd414f0cac364640b23c680dc80492a435c8ec10add53b0d9e3374f1cf5bfc663e3528fa2f6209846421ea6f481b7ecf57714f7bc2527edc4e0466b13e750dd4d4c0cc0cdfc":96:"bea660e963b08fc657741bc8":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c86cb637753010f639fa3aa3bff7c28b74f012ad6090f2a31b0801d086f183ad":"6b7858557e0fd0f957842fb30e8d54dedbc127eb4bbf9de319f731fa28a606df2c046a0bce8ecda4e75d3596e4e988efd6bc279aa005bc52fad92ba07f5b1dfda4cc417029f9778c88d6fe5341a0fd48893dcb7c68d0df310a060f2a5235aee422d380f7209bc0909b2aa7e876044056f0b915dab0bc13cbea5a3b86d40ca802":"87ff6e0bb313502fedf3d2696bff99b5":"2816f1132724f42e40deabab25e325b282f8c615a79e0c98c00d488ee56237537240234966565e46bfb0c50f2b10366d1589620e6e78bd90ade24d38a272f3fff53c09466aa2d3ef793d7f814a064b713821850a6e6a058f5139a1088347a9fa0f54e38abd51ddfc7ef040bf41d188f3f86c973551ced019812c1fc668649621":96:"7859f047f32b51833333accf":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c31ca0cac3efe467168198f06beacf39565a6f57f82e1048a5c06a231315882":"65261d6e29b2369b1828a7cef2df9873d6e6057c499301afedd6cb65b5036ddb95f9e353fbf38e54c4f46f88164325b33620ce183beb2e411fbb89a0e0002e542fc161cad32a61ee6f1e1717e0b4dcd0340b116f795bc1009dbbc65bc31c9b549bf03c40bc204cd0d02ec884be907777ebeed8b527ec3af7cbb508193c0745de":"95cae6e85f33f3043182460589be3639":"67523751a9b1b643d00de4511b55e4268cb2d18e79e01a55fc7b677d529bd6400940fb25ea6ae135c1a816e61b69e90b966981aeda685934b107066e1467db78973492ad791e20aef430db3a047447141def8be6e6a9a15089607c3af9368cdb11b7b5fbf90691505d0c33664766945d387904e7089b915a3c28886ba1763bb5":64:"21309d0351cac45e":"":"1d5f2cb921f54aeb552b4304142facd49497837deb1f00d26fbeddbab922fd80b00dba782961f8fce84f1f7973e81eed6ee168b1760c575c891f40a1dae0fa1a08738025d13ef6e0b30be4f054d874f1b8a2427a19ebb071d98365c32316a88a68c2b40daf1ea831a64519ac3679acb4e04986ecc614ec673c498c6fee459e40":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca9fa36ca2159dff9723f6cfdb13280446eb6bc3688043c7e2e2504184791596":"ac04c4293554cd832aa400c811cb202d815d6178aa1343b4628592b7f3ae45dc5f12ea47be4b43e1865f40b06ab67b3a9fb3644248a9b3efe131a8addb7447978bb51ccf749e75574fea60e8781677200af023b2f8c415f4e6d8c575a9e374916d9ec3a612b16e37beb589444b588e0b770d9f8e818ad83f83aa4ecf386d17a7":"d13ca73365e57114fc698ee60ba0ad84":"2aa510b7f1620bfce90080e0e25f5468dbc5314b50914e793b5278369c51ac017eace9fd15127fca5a726ad9e67bdee5af298988d9a57ec4bbc43d4eb849535eb10521ac7cd7ed647479a42876af2ebc9e2108b539febdaa9127c49bda1bda800f6034050b8576e944311dfbca59d64d259571b6d2ed5b2fc07127239b03f4b7":64:"2111d55d96a4d84d":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2f802e838250064c15fdee28d7bd4872850355870847701ad9742b2d6eb4b0c0":"e2ca8c8d172ff90232879f510d1225af91bc323bdf636363c2903fcd1790692c8bcb03a1cccb18814678852c6b3a441552e541b843ee5e4f86a152fa73d05aea659fe08aa6428bb257eaa2a7b579fdc4022c1dec359a854253c1aefc983c5ede8c97517ea69fc4606e25f13ffb0f5f49160691454fbb74e704326738353525f7":"2dd550cfd97f8e1d8d31ba5537ae4710":"72b9630dda40306e785b961934c56e20948f8eac0e981f49787eb3dbd6e4607f7d08d10ca643746bf1efa7e5066993683d527a90f2d45ec9cf73113f1f17bb67958be669acd4e2927f1dacfde902cd3048056d7f6dfdd8630ff054efce4526db7c9321d6d2be2236f4d60e27b89d8ec94f65a06dc0953c8c4533a51b6a29bd2c":64:"bd6c8823c9005c85":"":"f6dd0b5f3d1a393a1837112962dba175a13c2d1e525ef95734caf34949d8b2d63b4fe5603226b5f632f2d7f927361ba639dc0e3c63414f45462342695916d5792133b4a24c7c4cbe2b97c712bf27ab62d3d68b3875d58ffe4b7c30a8171bff1a9e2f3995768faacda2ea9213ff35798b9e4513f6a87bd3f5a9d93e847e768359":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84dd53ce0146cb71c32776033bb243098d78a22ac17f52a62a122f5653fb4e33":"68222bffa782dcfe4f328fc20eb520e75a9a5fedbe13ec7fcf0e82fba08bb87a8a8e02902638e32fe0e2294344b380797f8028426ffcc0531c739c884892394c48ff0779c5f5edf0a36a3fb8aa91213347774ec4bf0fe1049bd53746b13beef3c637169826c367056cb1aa0a3868e23f886a9c7b8015c26af9e40794662f6b21":"f0c90a1bca52f30fab3670df0d3beab0":"a3ea8032f36a5ca3d7a1088fd08ac50ae6bdc06ad3a534b773ac3e3d4a3d524499e56274a0062c58c3b0685cc850f4725e5c221af8f51c6df2bbd5fbcff4a93ba4c1054f7f9c67fd9285511a08d328d76a642f067227d378f95a1e67587b90251f9103ed3cacdb6bf69e0794e366d8b92d8de37b4e028de0778841f356ac044d":32:"b1ece9fb":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bb36fe25e966a075ae2c3bb43b5877679ebc379d5123c8eda3fa0e30b95cae0":"fb3a4be643c10343251c6f0745aaa54349463f622ca04a792e9b4780866844b30aeef3269fc60cac0ea031c5f3780b535e15154f7c76eb4a371b8ae368550f3fa2ce693c34511ec96b839cac567f1b0de0e7e3116d729b45d1b16e453703a43db73f5d0c3e430f16b142420b5f0d26d72ac3dba543d7d813603b0bfdca3dd63e":"59869df4ef5754b406478a2fb608ee99":"ecd125682e8a8e26757c888b0c8b95dec5e7ed7ac991768f93e8af5bcf6f21ed4d4d38699ee7984ed13635fff72f938150157c9a27fcda121ffced7b492d2b18dad299cb6495ed5f68441aefc8219d2cf717d15d5cd2dbce4606fcf90fe45f3601127cf6acee210bd7df97309f773974a35bef1d33df984101c2fc9d4b55259e":32:"cb3f5338":"FAIL":"":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":"":0 AES-GCM Bad IV (AES-256,128,0,0,32) #0 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT AES-GCM Selftest -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_en.data b/tests/suites/test_suite_gcm.aes256_en.data index e2d34ab64d..c0f33cbe10 100644 --- a/tests/suites/test_suite_gcm.aes256_en.data +++ b/tests/suites/test_suite_gcm.aes256_en.data @@ -1,679 +1,679 @@ AES-GCM NIST Validation (AES-256,128,0,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fb8094dd2eddb3d8004bb79134023ca2be4de9b668a9e4608abdf2130e8becb8":"":"491a14e13b591cf2f39da96b6882b5e5":"":"":128:"80883f2c925434a5edfcefd5b123d520":0 AES-GCM NIST Validation (AES-256,128,0,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"725313f4cb3f6a0d29cefc174b7e4f43cef11b761ef75e1995cb64c1306795f1":"":"27d1ed08aba23d79fc49ad8d92a2a0ea":"":"":128:"d5d6637ba35ef2ad88e9725f938d3d2d":0 AES-GCM NIST Validation (AES-256,128,0,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4e766584ce0e885e1bba1327e5335796de0831a40f74a5cec178081dd15bfd10":"":"cece0dea024ff47851af0500d146cbfe":"":"":128:"1abe16eeab56bd0fb1ab909b8d528771":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ce7f2207f83a952451e714ba3807ddb3ed67c2739a628980411aa68366b1f2f5":"":"652fd951ace288db397020687135a5d1":"":"":120:"985227b14de16722987a3d34976442":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"855f8fa4ec6a1206173509d504d0b29dfbfbfa9aa528254b189cd72e6ebc1c1f":"":"1ad1507e6463e4e2e1a63155ac0e638f":"":"":120:"693146a8b833f324c1d4cbeeb8c146":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ef8dd1294a85dd39e366f65e1076d53e046188c06c96b2c9e84ebc81f5c9f550":"":"9698a07447552d1a4ecd2b4c47858f06":"":"":120:"b00590cac6e398eeb3dcb98abe1912":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"25896e587570ff1823639e1e51e9c89192d551b573dd747e7c0c1c10916ece4c":"":"f0516457c09c372c358064eb6b470146":"":"":112:"5a7cadec600a180e696d946425b0":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"02fc9cfffbe72e7954182993088e09d24ea8cad91a8ca9a336d9f1fe4156486d":"":"0e189e162e097eb2060b30c46d9afa70":"":"":112:"7d3d5cc55e6182ec5413ef622d4f":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f24e3d631d8961d3d4b9912d4fa7a317db837a7b81cd52f90c703a4835c632e2":"":"510740bfa2562ce99ca3839229145a46":"":"":112:"1402ddc1854e5adb33664be85ad1":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"720ab5aceb80ff1f864379add9b0d63607227f7c3f58425dd6ec3d4cea3fe2ea":"":"58f2317afb64d894243c192ef5191300":"":"":104:"e8e772402cc6bfd96a140b24c1":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f57dd16fa92a8f8c09d8f13cb5b6633a43b8762e90c670232f55949cdfdf700c":"":"3b7c14ee357b3c6b0dc09e3209ab69f2":"":"":104:"43e609664e48ad1f5478087f24":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"87c17ab919a4bc0d50343c0bb282a969283c2ada25f9a96d2858c7f89bc5139a":"":"02813d3faf30d3e186d119e89fe36574":"":"":104:"d1a1f82a8462c783b15c92b57e":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"dd8d5b6c5c938c905c17eab9f5ab7cd68d27f3f09d75177119010d070b91e646":"":"1df1c3ad363c973bffe29975574ffdf6":"":"":96:"749ac7ffda825fc973475b83":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4d60a14cb789099c77b8991e7b0b40f787d3458f448501e8108e4d76110f94ef":"":"ca6b3485eb5dcd9dbfa7cffcdb22daa5":"":"":96:"3f868b6510d64098adc1d640":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"405b690717de993ad945d80159c2800848060de0b7d2b277efd0350a99ba609a":"":"63730acb957869f0c091f22d964cc6a3":"":"":96:"739688362337d61dab2591f0":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ab5563a387e72d7d10468c99df590e1de25ec10363aa90d1448a9ffcd1de6867":"":"c511406701bad20a2fa29b1e76924d2f":"":"":64:"390291ed142ba760":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"abef7c24daaa21f308a5af03df936ba3f70aa525190af0d959d6e50d836f4624":"":"e9f15950130b9524e2b09f77be39109a":"":"":64:"db2fb2b004bc8dc4":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6ca630b0b6779a8de7a19e5279eac94bf29f76f8b0cf8ecf8f11c4f8eb04aa0d":"":"7373befc2c8007f42eef47be1086842f":"":"":64:"e2b8620bcc7472a8":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"acea7818a71df2c9840aef1c10ecbe2bac7e92216388416a2f36119a0745d883":"":"6d46aa39fb5a6117e9adf7ee72bc50ff":"":"":32:"fd5ff17b":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b301036d4b2b28b8a4502925986861eba2b67c24cb0c79c63fd62195d9b67506":"":"bb6f398e5aed51590e3df02f5419e44d":"":"":32:"47f3a906":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"89576d2aac554c8982c7df0053be9ab19f4bd80ba9f3dd433c1c054d68e68795":"":"aedbd482a401a7c12d4755077c8dd26e":"":"":32:"506fa18d":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"43c9e209da3c1971d986a45b92f2fa0d2d155183730d21d71ed8e2284ec308e3":"":"78bef655dfd8990b04d2a25678d7086d":"9d8c6734546797c581b9b1d0d4f05b27fe0539bd01655d2d1a8a1489cdf804228753d77272bf6ded19d47a6abd6281ea9591d4bcc1be222305fdf689c5faa4c11331cffbf42215469b81f61b40415d81cc37161e5c0258a67642b9b8ac627d6e39f43e485e1ff522ac742a07defa3569aeb59990cb44c4f3d952f8119ff1111d":"":128:"f15ddf938bbf52c2977adabaf4120de8":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fbe2d52b7f50bf23a16ff8cd864215034fdfbf4d1506ca3c1ffb015653efe33a":"":"b155f8ab1a8c0327789cfb8310051f19":"ed8d14adf1c362bbaf0d569c8083278e8225f883d75d237a4abcd775a49780603e50c00a1b5b5946c085e57a749b4946f6aca96eda04ac9944a7d3d47adc88326ed30a34d879dd02fb88182f9e2deefaeee1c306b897539fa9075bda03ba07b4ffff71ce732ef3c4befac0f18c85a0652d34524ccb1a4747ab8f72ed1c24d8fc":"":128:"c5fe27ca90e5c8b321cc391ee7f1f796":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8e888721514fd01fb67513cb56bfd29af67a9ce525e3e697af47450f02053161":"":"9f6bd4a93e4f3f2f5f4a7c2c5b4790bf":"867d50923967535ce6f00395930083523c22f373cfb6c8817764f5623cd60b555572404e54f2fe7083ef32b9a4593a1f70a736d6e8fe61b77def51f3b1d8f679d3a8d50d0aad49e51ec1eb4d4a25f13d14f3e5253555c73eac759e484c6131cc868b46c18b26acd040c3e1cb27afecba7b7fc3f5ff4883f4eafc26c7f3084751":"":128:"ea269094330b6926627889fcdb06aab4":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d8f82b07e7319ca607c9aa0352070ca883dd7b32af370a774f63b0270f44835a":"":"e89e4484497cb728f86585d8918b7fae":"42340d96e1852de3ed5e30eb4a05e1fb222480b450e2bf4e2cf0fb2a525eb6602ef43a896adc5c52ea5381c642b2175691c014e7a6dae91fa6ff5b95c18a2dd2e8838d3abd46ace0b305f3f22d30a0bd82a81bbf6753362b54b0624c76c0d753e30eb636365f0df7e1bf8bf130cf36062ec23f58a3f7ed0ae7bfbbd68460cd76":"":120:"b234b28917372374e7f304f1462b49":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b49b04a54a08d28b077ea54c18bfa53e916723e91453b47f88e399046b9b4dcc":"":"6276c577c530f91b434ce5719e1c59de":"6b73f996c49e368fc4d21816153aefb081509f9dc0916dbe4fdf77f39867a2bd617b8a75f39f515b1bc1454009d5247efcd90ba0d4a6743c6f12a929b666584f3b55254c32e2bab2321f94fa843dc5124c341dd509788a158191ee141eb0bc4e1b96f6987bafe664a0f9ac6d85c59cee9564a27bcc37dffae80c57fbf7e748ce":"":120:"69dd5bdeb15fdbc3a70c44b150f70e":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"398bb37bb991898c7dad7bf5930dbad20d121f68d5ec6c56ffe66f23c0c37f8e":"":"0c3bd55b54c1221b0cf25d88ea4dfe24":"4c48b929f31180e697ea6199cd96c47cecc95c9ed4c442d6a23ca3a23d4b4833601ac4bbcdbc333cd1b3a0cd90338e1c88ef8561fed7ad0f4f54120b76281958995c95e4c9daabff75d71e2d5770420211c341c6b062b6c8b31b8fe8990588fbad1e651a49b0badd9a8d8042206337a1f2aa980b3ba3b5ee8e3396a2b9150a34":"":120:"8528950bd5371681a78176ae1ea5dc":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8e8f7c317b22dea8eabe7eaa87413a98ff56570720985b6743a5f9af56387cca":"":"3a9a5a839045723afdfb2d5df968bfcb":"a87d95f8f47e45a1c7c5c58d16055b52b3256c52713fd092bcd6cbc44e2c84669f23ca2a19e34163ee297f592f6054dbc88863a896c2217e93a660d55a6cd9588a7275d05649940d96815c7ddfa5fc4394c75349f05f1bcaff804095783726c0eceb79833a48cefd346b223f4e5401789684e5caeda187a323962a1f32f63f02":"":112:"faad6a9731430e148ace27214e68":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"67c95e57197f0e0bbaaa866d337fcc37f3a10dc55a059f5ea498de204d2fff61":"":"5f171d203c653a316cac43df99f4033a":"84f281b388ca18bc97323657a723a56260731234720b02b6dde00ea134bd84a1893bec38af80214c4da01b93958ab00f3b648c975371e565d5b6bf2a8f63c0f3cfcd557c9f63574390b6ae533085aca51fa9d46cd2478b7648b6dcbbac7e61197a425778debe351ac2110ba510a17e2c351ba75d5a755ef547cf9acc54650222":"":112:"9ea9c716e06a274d15a3595a0c41":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9143f00e31c72bd9fced31585d047f67f1004e6244c3d9c10c8ae005feeabc84":"":"e49cd6af9a2f0da2a7198317da92ab2f":"ab9193a155140d265aabfe2dd5efca7d3fa6129498532bccd77f09fa1a480702620b3ab53df91b01262122f1a6fc387b5fc55dadfcdb99ada83d4a5b0666c8526de309f41eb54d69b52595c43550a6bf7b4b8f0e0c48311b521762eaa567744c4c4704dd977f84068b59db98a67e33cc65302ba59360d600a22138c5ad3317f3":"":112:"8293e361fe0308a067f89aea393f":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d0ba180075c373116bb037907b512add00ba9a4693a8ecc14ca0d79adada90e3":"":"5c1501b19cce5404dccc9217ac8253b7":"3a161605ec0055c479dd48cdaeed5981b8b60fb7b7781cc4e580218c7014c3060a9f706e6e16cf4021e4d38deb512534b484ff23b701975bdf901146ccaece9c3ffbbeeb172cfb64a915ae0dbe7a082b9077776a387b58559a881b9b79b90aa28ad1ac0f2bece314169a2f79ea4c08389f7f7dd10ee2d9a844fee79e7bf38bcf":"":104:"0541262fddfd5d01ff0f3c2fb4":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c975c7e59133c231d1b84c696761c413ba20aff7fb7d854c6947e65db3cc57b4":"":"d8fedda4cccaf6b0818edcfa7b1f03fa":"cb4cc9171367d6422abfaf2b4452da267eb9ccf1c4c97d21a0a125de486997832d16c7e412cb109eb9ac90c81dfe1a1dd9f79af7a14e91669b47f94e07d4e9bd645d9daa703b493179ca05ddd45433def98cf499ff11849cc88b58befbdd388728632469d8b28df4451fc671f4a3d69526a80c2e53e4fdee6300d27d97baf5f4":"":104:"77ac205d959ec10ae8cee13eed":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a86ec688222c50c07274ed2d2c8ae6f883e25f8f95d404a7538fd83224199327":"":"99c73fdb8f97f225f7a17cf79c011112":"cf5f707de0357262c0997fa3ebfe6e07192df8db5f029e418989e85e6b71e186b00c612ecedbfe3c847e58081847f39697337ae7c815d2cd0263986d06bf3a5d2db4e986dbe69071fd4b80a580f5a2cf734fc56c6d70202ea3494f67539797252d87cd7646296932959c99797a0446532f264d3089dd5f4bcceaaa7289a54380":"":104:"c2093ad4705e613b09eee74057":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d3981f0aa1ed8cb369d9b0d7b0e529ec6089ff2d226c542885b1bff55276e891":"":"7331f91bd1a67c21c9dd336a2a922839":"406d9cf45fc8618d564154241dc9c006ecdcd847406e5a6e7127ac96e7bb93f4c339ff612c514b6f66df95a0845035d7535212a2aaeeb0ee512d1f4375c9a527e4e499389c2d7f7f7439c913ea91580e7303767b989c4d619df7888baf789efd489b08eda223f27da5e177cd704c638f5fc8bf1fecfcd1cab4f4adfbc9d1d8ba":"":96:"dbb7ec852c692c9a0e1a5acd":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8436967f97c59ca73b760b73c6e088d1da4e76b712188ab4781d8d849505ae47":"":"9401dd0998914645668d06d518bfe7d7":"a5f40906177417097c19a0a21dbb457a694e173141837f695b09c8eb58ac2ce28aace4e59275b6266da9369a9905b389e968aefc64d78c7e1d2f034ef413d3458edcb955f5cd7971c28cd67dc9901ef3a2abc6121704bb5ecd87a6568d0506abbc87a2f10205dc8eb0cd1b5109158d0e743c2c3a342d60b8d55bbcb8d8507ed1":"":96:"dd6d988d352decc4e70375d8":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ce6b846bcedc6ae747e66e72cd9f7664e6cad9627ba5f1f1923f3d3a6ed590d1":"":"ac865ff8a6255e501b347a6650510d05":"1658b9f8469af1dfa60458cf8107db1edd1e4bba70a0bd23e13e1bba0d397abf51af8348f983fcdfcc8315ef1ffc9a26371377c62ddba08363bd2bf0ff7d0c3b603fad10be24ecee97b36d2255a8b2efc63f037123cef4bb4fe384aa0c58548b2f317c36ef3ef204b24769de6ba3e9d89e159e2bf1f9d79aeb3eb80c42eb255e":"":96:"7ee87acd138c558455fff063":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0038ecf1407bbf0d73afa5e010769b71e8649c4249345dcf923ef9da0254c6af":"":"74c6b98fc6ced3a59bd9c42d31d71095":"467f483c71c3404fe7f09d6f6b6b64c3b7613a0dd32470cf24bc590d3994a48f3e8cd5dc19ea8ca7d5366ad7c5ad31cc9612dafedaea109dde2aedfe5fc2a0db2c903dd1dc1a13949720a10babf37fba5a0ed7cb5f3dc9eb5a4d8331f218e98763e7794b3e63705d414ef332160b0b1799f1ff5cbe129a75e5c4e0a4ed35e382":"":64:"62fe088d9129450b":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"19fc4c22151ee8515036c38bc5926c0e0bbd93db5d0fc522b2a6bf6298fed391":"":"9547f056c6fb9ef72b908f527cb500c1":"511b15c25b2a324159e71c3b8e47f52d3e71e5bc35e774c39067250f4494c9c4eb184ecbe8638de9418672d9ae2c6a0e7f54c017879ffb2a371de1639693d654a43cb86e94a7350508490191790d1265b99e7b3253838b302aae33590949a8761a3bb2aeb1ba798cddeb00a53daad05a33389d4a19269d65116a84f12dba5830":"":64:"04623912bb70810e":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3b5d3b1920b5a105b148153ae1f1027c6d48bc99640ea853f5955fed4eb3d625":"":"9a4091c2eb7e88759bd9169fee303485":"aa680d07143ba49a9099d555105fc3cfcb898cec11ade96776dc9778cc50fe972e1e83c52c837b71e27f81d1577f9bd09afe2260dfd9a5d9dfbd3b8b09a346a2ab48647f5dd2ff43700aecce7fa6f4aeea6ea01b2463c4e82ec116e4d92b309c5879fb4e2ca820d0183a2057ae4ad96f38a7d50643a835511aedd0442b290be3":"":64:"033bfee6b228d59b":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f6c4ad8e27764157789252f4bc4a04145cb9721955330a2f6a2a3b65cacf22bc":"":"3de136cbd75061c888226efab136849d":"0f6951c127d6bc8970e2ad2799e26c7fb9ca31d223155f88374984b5660626c83276ffa6c160f75e0e1bcfa96616188f3945b15fc1b82a4e0ee44000a684b3c3840465aebe051208379ef3afe9f569ee94973d15f0a40c6f564fa4ba11d6e33cf8ae17854a9e12360a2b8495e2cceec463f5e3705c74069ba37ba6d725f458c0":"":32:"f658c689":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"30cd99fed9706c409e366d47fefc191f79bcc47a28be78f9890fd90d4864eb85":"":"8c7ce34691503bf14c776f8809f24e61":"4b6b10c2e2905ab356769b6453dd160a08e8623b0878fcc1c1d64822f0aea1f4f5b4698ded5d23ebafa11bc1e4ce9e5cd7d7c7b13de02d11a945ba8361b102ba49cdcfd6a416e3db774cd7bda024fccd1ad3087560dc15bbfe9b1a5c6c71fae17a329f104f6c2cba7eb6a7459535ca328146d0ccc0a9bd28a3d1c961947a3876":"":32:"7777c224":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9472f2452933dcfac4bb22831ce83c6a1ddf25ef8d2d3ba59d72b0d173a986e8":"":"18fb2c34b0955d712960009617d300ef":"d283dd75cd4689c266c8e0b4b6586278aa2583c7c41bf12bd1cfdef21d349acbbabc0a2204dc4130f922949206c4fbdce3786ab8614e32908838a13b6990453abf14b84f5812e6093644accdd35f7ad611ea15aefae28b3cf1fc5da410bcea4f0a50d377fdcceffe488805bc5a71fab019b12fa8725d6e7c91e6faf12fbaf493":"":32:"c53b16a1":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e06d5319210f4107ea7267fa2e8183fcbf74fd3b0579b856577177d9cb307d42":"2b9179d21cb884581b0e4f462455167f1f7899717245d4aed3d8db5983daccccebfc2130a20c284563bea5997cc0438c83d8fa7bb9e3588efed285a0fcc31456dc9a3122b97bb22f7edc36973475925828c323565e417ec95190db63b21881016b5332f2e400bb4724c86a8ee0247149370ee5412f743dc6bf7ca5bcc31afa0f":"f2b0564705430bc672964b049115e122":"":"3fa342a76cb5d501e6a6fade14aab54a76620e4ea2287147d4ca2b9d62d2a643591e5df570ef474ee88ad22401c1059e3130a904e9bf359c4a6151ff2f3e4f78ef27a67d527da8e448b0ef5cdcfec85f3525e35f8d024540387e4cdcb1018c281a1af7d4a3688a0fec4d9f473c816f7d4c4c369f70d7dfe8f1b7fa4f581098a1":128:"18f186ed1ee1f4f8b29db495587d0ab0":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0dfa834e98b6c51ee925dd9edc9be72c209ddcd9099ded57b533f2236895a229":"7f4e4f11091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719aab7dc2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e501440134e04e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c299c325c8a7cc1de9174f544bc60828c1eebad49287caa4108a0":"a101b13b238cfac6964fd6a43daea5a7":"":"bc60d2047fd8712144e95cb8de1ffd9f13de7fda995f845b1a4246a4403f61ca896bd635a1570d2eb5b8740d365225c3310bf8cea3f5597826c65876b0cbcfa0e2181575be8e4dd222d236d8a8064a10a56262056906c1ac3c4e7100a92f3f00dab5a9ba139c72519b136d387da71fefe2564d9f1aa85b206a205267b4cfa538":128:"c4cc1dbd1b7ff2e36f9f9f64e2385b9e":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ce59144b114ac5587a7a8079dc0e26f1b203338bb3e4b1d1d987bddc24150a82":"bc7aa1b735a5f465cffeccd8dd4b0a33a571e9f006dc63b2a6f4df272a673bb2cc00e603248ab6be5627eebc10934fe4d1dc5cd120a475936eefa2c7bddea9f36c6c794d2c6bd2594094e56cac12d8f03e38f222a7ee4fc6c2adffe71c9c13003e301c31ff3a0405dde89bb213044d41782c4bb4eb3c262595d1c0e00522047c":"fdc5a40677110737febae4465b1a76cc":"":"084c31c8aef8c089867f6e0ce6e0aadafa3016c33c00ca520f28d45aac8f4d02a519b8ebafd13b9606ab9db4f2572f396091bc5a1d9910119ca662d476c2d875a4ab62d31ff5f875678f25a4775fa7fc85b1a3d442fb2c5047a3d349d56d85f85f172965e6477439045849a0b58014d9d442e2cae74709ed8594f0ec119d1d39":128:"4c39e0d17030a5f06ecd5f4c26e79b31":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e7a6b459a5370ceec4d429bba9472a49db07697dc66dbc2f294d3e62ffc8aac1":"cb959e5611a636317feb5265d33b315c2f5af64159029f0032e338babbdb0a525ba6b92cb3be7db9f0077561e6cffe1247bad32dea8918f562dc3cd83225cdbcaed652b87c62fea8eff153638a3a14ef9f9a88bcc8c9a6b65fa9dcc53f63d1b14fb9bb0baf17e7bfb95690c25cca2c3097497e41f7e2299a8518d5d1c5f6264e":"92468d42ad377affa7e808d95d8c673a":"":"599dbc47e2f2e3b06b641c510b238417b01869f0e7d08619752f6d9f4b08585731deaeb439ff26e02d7e51b45ca5e3d4a779fe4cfc9572d1d6407f98de69a8fca60bf01d1a769130bb38a67933a2be3aa3ea1470d8f32a34dc863dc800feb7ef71588edd9489bd59a23685ff5358f9b562fc0bbad9e11db7a6fedbd79225539d":120:"e853262ed43e4d40fea6f3835d4381":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9818904a99e3d80c95dc71a16483ade1b9b8e7df638ce6a4c1d709a24416cbe9":"2c073cdc11a8d58fb55e1dadbbc0372dde86c387fa99c9249bd04cb2f2d239de01bec8c8771a9fb33664ee06ea81c37a824525664054173b63a2894d8d7ffc60b9e93052802478a189be5835d979a28ce7025b219add0622f97c9bcf3ecf629b56408ed002a141061320400409345e94a7a7e3906611305f96f2abc9d62cc435":"96a301ab6bc0309be9735bd21cc9e10d":"":"4876e449b0cac09a37bb7e4b8da238f4c699af9714ec4fcf21a07c5aee8783311a13149d837a949c594a472dda01e8b6c064755b6328e3ef8d6063f8d8f19cfda3147b563b0f5fb8556ace49cb0f872822a63b06f261b6970f7c18be19372a852beadf02288c0b4079587c0f8eab1858eeec11c6ba8d64448282068fddd8a63d":120:"e1e8b62ce427e5192348b1f09183c9":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9b34f137e3f37addad8a6573b8b6dac9a29e97db53c0a7610f37c72a0efaebfa":"c1e09c432c68a2c119aeb3b19c21180e3c8e428e12033f416a92862036f5e8a39a8893b10fe5476e388d079143ee0b79b183a3400db779cfbf1467d69887306b124a8578c173cd5308d4448eefcf1d57f117eb12bc28bd1d0ff5c3702139655197d7305bda70181c85376e1a90fb2c5b036d9ea5d318d3219132ea6c5edf7b7d":"50dddb2ebe4f8763509a63d07322277e":"":"793e1b06e1593b8c0ba13a38ff23afaa6007482262bc2d0de9fb910f349eff88d3dd05d56eb9a089eed801eae851676b7a401991b72bf45ac005c89e906a37ed7231df4aeeeb1fcf206ca1311117e7e7348faf1d58acc69c5702f802287083d3ed9e16cf87adcdfa1bb0c21c40c2102fd0def91985f92285e6ea1cdd550e7f50":120:"b3c6ae17274faaca657dcb172dc1fb":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"66b40e2e671bdf244b45644d1a5adc63011b32156ba9f5e03dffacc1a9165061":"985546ee12ba89d95988ad8a4153c4f9d3c91c0e3633a95b4f9b588bba0032006c93210514357c91d574b436da13dc9f68194a981e7b65eb79e56be9cf1dabfdf531407727c034a3c7743bb22aa02b26f159c2eff3c7ed52027de2e8b8b2fefb72c04fbf20a1ffe10d6dda790a9812cdbe9f2ed6706d7a2639e851a42870efb8":"4e090871e889b4be36db5e1df1ea283d":"":"f93eebffeddfd16b4618b893d57b459b704b894b38a5eaf6cce54026c80090be8328e12261e1b10e81c73ac8261c2982bb25603c12f5ffff5c70b2199515c17200db2d950a3f2064d7b362607adbf3686f27420ec15e18467e86faa1efa946a73c8888b8fdc825742b8fbec6e48cdabbb45f3cd2b6b6e536b6fbf3429aebe934":112:"ed88c856c41cac49f4767909ac79":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"18c5105a9651144ce965b4270398b982120b885850114571ef8e2cbc5d2f5e04":"00c5ea3d91248bfe30c5a6d26dbdf0609f977afcfa842b603c1061b2a473c9a79b421b2509550309e4be9c5015c51c6def9ee68c242f6e206b3027ce8e58b7ab96aaa50ced1d78c2dfcbc2589575bec2ce3b6a5066276fe7dca4f1118808d1e5cac062667053c15350289da03cd073377c2d66c01e3098ed01b75788c7e1f9e7":"a3a5f82748acc887e33328fd7f4ce1fd":"":"d91ed6886a269dc1eb0745dc4b97fc54cbea5e6857d10a303a3caf828b4e0e20bb742bca17021b7852d09a6d7d3a56ad82298c15a2082fed0e0e326bb16dd677ee262ead93a24147de3c07eb8a95b108abf17357155f1de79171689407b6545c9fdf8ab4486576490430c0e043e21e7c40ce88e752cb006cb3c59479a7e56cf7":112:"add4e086d612a119c6aae46ba9e5":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4667cabeb3a644e371cbbe9195413daab025cc6efc12298bfaea0dd9bc028f9f":"9772ec47f3cd26f091bf117e085f2394db258c2c460dc3b1402edcb60a8f70517f82aa669607b78c2ad79c662c3b376cee1b9f34c4ec5d15319c33de78a440e7f2a4108c3c9da51604adde2025ff1dc336c49279c13a7153931df675df0e78f17a4d72973311af74fe755c85c7869baf3896bb738925942dc67f1b6e690c9d48":"7e8927c69951d901494539ab95ac5906":"":"5d62fa69cfbfdec30193408dad15cf983ad707ee921068b817676eca9f70f9ca4623a8c113df5fba86131415f4ec546c7f1a94ff9d02cb8ddcf421c7cc85ed87ce712fcd8d5f45460749ced0d900fe0368c59b1c082bd5811c1a648a51768d5e4bfbc23cada3791f289d8b61fd494398be1ad9ee9ff471abb547000ac2c1a5d1":112:"0ae6bd5e8c25d1585e4d4c266048":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3d58cd514de36ca7848aad1bf4d314b3b3415cae1ce9a169021ae84a67d4ab69":"e1c2e79e3f64c5c64f853ac9ba1a853fbf1bfd3001d48f7e73e0e97aa1b8ed1f1a7066178e75df688c5edb1c42e270ea38ab0e246c6a47fde4c3141436fe4b34beb9033ba7eebfc53cf1f6c8ae1794e9bb536152d196e1b96803316a05f1dcb9016c8b35bf4da06cd18da6243acc3a3dc641d3a1332b1915932ca89937cb0327":"4a1c2e7a3f9788c3c2fdd0dcc0cfe84b":"":"50d63c660a2b4f8e87276c5f58556cdf15d0fbb2c8ea5e3266d28c515643109aa7fc950d6d48f504dad52457e16576b581d37574574cd8b7ac12b7d59b819992c941a27e23ef9f257ed0c4ea4eda6c1f3b28b44decb63a92fae84c3556dcb9d6458e729dad6a7db9f7411690fce971b3b240f8f9979ed992f87d76e227fd7384":104:"ac842579bdd1ac77c84dffac2d":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b7e4cd80f03a7ed092c776b243dfad7776d9caf3e679939038e33ac94d8931de":"102e2d2c0d01dbc69733d2451d1ac1817d60418685d4ae8aa44e1ede1c1e08d2f71f0aef41a72bd9f052ea4a9a057330c95d964f8c3679b80fc9c0952b46f38e2ef055cb33703d686757400210fa5a39bc7e3bb9b8b9cc20c95d5607e2f10bb5501507680ef3aaad96553333b1d27bf2f7ac102c983eede2262a5c6237c1d754":"af160a983d674b7d19294f89c3c9307d":"":"6bdfae299d796ef36850327b091ba7bb02e29b643ca4c8bc199eb91ecbaf88426412cfd5570e0042cab735cc46ec648b0877955b3f9a5707d56c478aa77ae5510749beb1e44dbbb37791f18477123436a985e5e9f79fda0a057504847e4ecae841f24e1b53076d3efc6bdea2ebb336ee0e4b5e6ea973e3e50a27b5c2e6fee3e2":104:"fdf21e2ac356e507745a07fc96":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3a0c46eacfe85cbc0c5f527b87cd075bdeb386d0ca6de816a87cfddcb8a87ae8":"6d1203dc8395e35a35e234203625ea9d37d1c009db2ac8b1d5b29021997b5421f1d172f4c9a7eb7dbb67f0002720fc412f5b1550c739a2d7ba4387a1f978bd548fe6169d9473893782b10fab99198cb8b4553dfe27583c017136fd8c95070d8d7f9a602d15248d38d728157a0b26404e662f9a5554d3e1582bc0e12f0054792f":"b1cde63ad2ad4b8a7bfb36ab78385c3d":"":"9de3a45c976d32ed2af5074ef13b1f86f35b1689b1c698b2e427d5dd62556eb14439f77cd8fcbe686a9a08a922e3f54a78e86fd284de493a740586360b63da09bc1d001777582969c679db54a0ddb8d7dfdb46750edc882804a1c00e417912b72b4cad54dffa1897eba6188b3e61ebf0c3dfab292c2686dcb9db3012e0788c7f":104:"641896daab917ea3c82524c194":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4d540e0ba27103667eb4511ce9d243592bccb8515ab59896c9922cb5f1b47a02":"d79f9b1c74e3141f188704c8d5bdaaf6083642be50d00f20c97b56646863895250d131e00db0ecf4f035d42f08cfe20f401c2d3062a38daa0b9e7c19fa7c5d344680aff48d506daa181451f6b34ed9099b9a5b39c0166e93ac4463c9ad51f48e3063b1c16793615336f55d516d079f6c510c2891b97aaa95e5f621e3b5202620":"a2ed37daa797522a39b01dd206d06514":"":"6a891bd289ec05990424a2775287f4725aecefe1ab21fa0ca643f37829cae9fcbbf805b883f807102ff12f1a85964df818057daedd41c7349ef32b24642186c45d2858c3260d5b90594969e26b691963ac7fbd2eb4eef466ae690ca274d9194dfc4df1c3baec02abc38fbfc0e2c7c4fcafed227d4f6607329f57ee439435c714":96:"9074ecf66bbd582318495158":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"151d7e4db9e21c87bef65c2ac6aab5b6b045b7dadaf6424644a91e04ba810585":"0984c5d3f68beba1db4e6ade429cb8954cccaba9fcf4d852897ef69f8483428932c8f18a891f54b68f7d49a03c57f7144d802eb996d233cec930d5eb19f43d0faf9c94a2d7aaca40c8066a2882481f521bb5f6ba15b213810da373817eab3d52b5dd143a1521239482fbf4a07fe68c3d35c90c6ce27b55e40abcf432a261dc58":"49e0e0d089e3574fa5a33c963b403ccd":"":"6938d8a7625d1291f249ef1e086bb030ccdc844a9271fee16db60e7acfe4aedd720de76345109d5e6849fd1576c0fe0c34e73dca4011f8565cffccef427198c927f19f63b821f43844d008ceee0566f0d8062d7860e92ebdf21dcde80039a04504cd8ee94874b2eeb038962a74ac9902d9d7ce09afdac7aa706bf3892de19531":96:"48d3a8116213f92bfbe86bfe":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3e9615515ca45109316cc02bbf3a23406eeeab2092dc6614db76e4e047a3b023":"46c4c6bad0f21172094ae07a47fd76477b69ca75cc08970e8dbf7b8644d4bcdce96f9d15dd3fba5fba3f851af145652ad004ee525d180d2f3e03bc0ec1c0e8ffebc1474c342732b7247f657ba87ffcef9333857123f29c4976b048c89c24107529dc5dd69004fd176eb0ca6ddae1df7be7d28b3b9da976413588f20c1fff488a":"c1facf73da64e16e4acee3fdc3cc6b10":"":"4415dc96d3daf703d392ba1318254143a58870e691570ca6b1be6074dd9c1feae12c72f9314fc3d19b6affb59b642ade6c4e64b7c99f850bff781de193cc0a321a29356addcb0918a282e53801541b5b01383fa7624c36d1f67423f02d2b54f58deca582b7031d192a4d32bc154ae1149cb3c5b48538c803a8d01fa7cfc1683f":96:"322d8d1b475a7fd3d0c45609":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"52c1a14b4ed57cbfa317fe0db87528f4c5551deb9ffc88932589e3255b1d3477":"eb9081e19b63c94b5f3a696c5fc2c0b7f434e1574394d0b41dd67dfac28a73d4ba26c86b3728b2802fb9d0930c89586b09602900d33eddc5a00a4e98881b5acd5597aae9b80b1569ede74042948f2cd66c3eeae227ae10241df001c85dfe8a5fda0aa21142ecade76290dfdd4a27b6ff3a932dacc0b5f461501239ae8d6d5f41":"36d02604b5b24f49b08bb01053a23425":"":"12fbea9e2830ba28551b681c3c0b04ac242dbbde318f79e1cb52dba6bdde58f28f75f2fb378b89f53cef2534a72870a1f526b41619c4b9f811333e8ee639be1250a5c7e47ecbee215b6927ecffaf7d714327b2c4e8b362b1a4f018ff96f67557ca25799adfac04dd980e8e33f993051f975f14e05be8b7342578d0c9d45b237a":64:"01e6af272386cf1a":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4d08a07b3e94025523a4a6415029c8f9e11fbbfd72564964c53b8f56f865af0d":"4ac7c27b07a4aebe5caf1de0538d13a56e8c11bc73713bf78c7abbad3b9f6d690e00487267da108e2f2ae67c24b4657e77bb83e2d5e4b244cf34e924cf7bdb443f87ac8cdb374147449f8d06eb517a25dc86f03a389f34190aed5a7faace03ebf646fec2b173b2c15fd5cbe7c5affb6c3ee6d1cace8b00dd8f668a2336da5bfc":"98b745c7f231ba3515eddf68f7dc80f4":"":"337693c5c746d8fcdf7cd44d8f76a4db899402b891176e85b4c549c366ad709322874e986d6b939a350d2a0e3b77924d6d15454d882d1d3c94469d749a20d8f0116504cb31888a1e81d3abf25dbb7a7f9e7def26b9151ee649c059da1955f1716423c734dcd26a548844abb6b64c44383ec698e59361b6582c6883b77c338342":64:"7a9266c4e5ae48f1":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b9d9fc42b58deafe9bc9734f4129dcad34a2e55ee5ad8abcc3f7bc42dd2c0e05":"11dbcd6cd53d2af766a1b6e4af2bc8bac2811ef818da2d1f81c140ab6e0298e958fef033736bc6e0dccd660b9a3e4222bdf3f89a95b206785d22852201e6dd00b44232ef3c03393893813dccf1960410b50cf50602ead8bd246fad88e66c88b50821578004779b6c45c13d8211df1cfc0fb2d7a342f58e4f2f3623fd31b12c30":"67931493096f4550633c322622bc1376":"":"66ab6e7a547705d8ae8ac3cb9bc5fbbc18cd220f89aec7dfbf4f72e7bc59b483c50c9471523c3772efc5deee3a9c34c96b098842cc42f9b7d7c0d2530f45900eeb9502e4dd15363b0543c91765121fd82fcc9db88fe6a531b718c1fe94b96a27856d07707fced3021cca9cf4740833d47091797cc87f57f5388b48e2296ff352":64:"0de60d4126733404":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"97e736a63870546ec9c2325a8e367c8ea17a7ffa71f6cadd6909a5bb9eb12814":"608280a9dcbd6dd66100a9fdd00e6dac2183e32c945b2b4d255c048243bfea15aad1a10ff3eec0ba79c531239b489a5dc155dc2775519f8d3d2ed82fa7ac653fb7c77e0dfad1c175b6c69963f5c12ff9840f18e0202502e9d1e3b170965cd86ae411af20e6d69a608c99ca8dae3cb3bcce666841132a99429bcde490d9f0b6b5":"d35192b4d233507b70c6d32f8e224577":"":"568a0d584fc66c876b7beb9ef8709954a2c426fb8c1936b9024181ca2cd3a7684c412715c11eab80a181be0238e32a2b689e9db36a2ac87db651058080531e7b1110938dcb09615e385d7b224b11222469145f6fb5f4c0e87b08bb3006bc5b6d2ce0a15be7fc29b27c10c645afd9d8253c094fc0f775086bdf2adac265b474d7":32:"af18c065":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6d05193cc0885f7b74057ead3a0738b74eb3118b1a7e74c5c941ce0011197122":"c58f51bad815a43a5705c311de4a846ea2a70cbdd2c30d709a2ae0ddf82b7c889dc599fb6e0328fad21555a99530be6deeeb5b1beb333322c2b747288e52fad008513f8040a4735cab3c8cf32c4e18bd57339c85cf5dd71e382067bee7e9ccaf68e767d77fb005a3b73a51acf942fc3b2c5c9eec6189d01a26c6ffb070165874":"5160b65bf7a2ccf77fa2e3e0b3866f26":"":"64dc5834a63be414c3714f1b34feddbacd568c6466cbd06f665aa269187a160db79306a53b629fedc1247bd892998fe3208b3105f6273676bbdbff6e254de332d02bc8842ef98d6b79994792eeb5be3a807452b14ae5b5027db81421cc22936ccaa7ae1b77a145462634e424ccf2dfaf001ed4477b804e204120a1416b449b8c":32:"364ef0b5":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6e8006983712ddfedfebf95e6cc3b0aadc23077055e500ae49fae7705787f2e3":"e3ba14c4e39ebad925997649872b8331f1700c8f98f80e58d92c85a84f2a427094d9d771b276a0d35b17c0c030734399070a57345d4dcf082b96c7eb580618f7af8bdf036296e20379e74e29f905b52a0c46fe7d46201a075e7de7e1a523a0492c1f228102fdb89f019bcd4571e041c5d37159dc487ec139fa37d33142fc8082":"e36e39d787394f1401fc4b173e247db0":"":"4d5db4b65a1ca31f3d980cc30037b5d79d28280a31cc5d0274be77dad70dcd37f652f2ca999c9aecf08fd2a02d382457a277002a1a286ab66f9e437adee00c3bab04f831dd52147005a989606171b6017d28970c8986899fb58900e23d1bc6a9ac0bd4d8b5d6e3fcaebc9903923e68adae7d61cf929388e0e357c7223523d1ff":32:"d21637c0":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cd8ec237009eab590dbd9b31e76513dfa3501701b1a706982944441d996e1839":"9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68c040f2328009fffe62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf41cce0d523016ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3da881481f46f21dda62e3e4c898bb9f819b22f816b7c4e2fb6729":"a3cae7aa59edb5f91ee21231002db8e2":"45fa52a0e8321d82caea95bd9506f7331923e2aa95e9238908f3ff30e17a96389dfea75e225e34e1605354eaaf999a950f469c6e2e8722da5ad9daded6722baca00e5d1b8e63266ad1b42cae161b9c089f4ffdfbbaa2f1fb0245d1a4c306d46e215e8c6c6ae37652a8f6016f92adb7695d40bde8c202ab9c2d70a96220b4b01b":"833d58f0bbd735c6164ecaa295e95ad1143c564d24817d5f6dded5d2d9b2bed2dc05da4a8a16e20fdf90f839370832f9ddc94e4e564db3ae647068537669b168cc418ea7d0e55b2bb8fd861f9f893a3fdba6aace498bc6afe400fea6b2a8c58924c71ce5db98cfce835161a5cf6187870aa32f522d406c52f91c30543ea6aa16":128:"c1df4ee60b10f79173032e9baaf04d3f":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5f0b24f054f7455f5821fdc6e9ca728d680e8004fe59b131bb9c7cddb0effa51":"d406138587fbcb498e8ec37f0f3d7f6b2faa02e6880424e74cdba67ae3468b6823d37fd917a7fede6b34a2f0fc47c520e4088766ba82a989f0d8051a3a80cc8b1e3e1e2b1c6620b90e99b27e65951aeb3936263fc2f76c1c8effa742f53987f8a38c731a411fa53b9f6c81340e0d7ce395c4190b364d9188dc5923f3126546c3":"f52f7a2051047f45ec6183b7c66e8b98":"756cf485b6a8e672d90d930a653c69fdbf260d3ea18cd3d0c02175d3966a88b70ab8235d998b745a0eb6a5c92899f41e8c0b7aa4ec132c8cbb1bac97a45766a03923c9b93c2a055abd0127a83f81e6df603a375ca8cc1a2ee0a8b7fd226226b0b19bd2e81f73c34dfafa4fcea08dd93dd4ab7e4b437408af91bff566068a5f34":"e58a03f664003d0ef5bdb28931afd16e7747cff62dcc85bf4eed6e573ea973cf615e4ebee40f35d44e18e391b391e98dca5669a5b0abbfa67834836b122d1909b53acd50e053d5ca836894414bb865b1fb811d8af68b88b4a302fdedf27fdd27456e9aaf34a8d53c9c8587e75843e09776392dbb0501ef41359c01e8980e5221":128:"258492b9f549d1b90555eafbe5292806":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6f50efb3946f6a6dfe63f12780f764bb6ebcf2127d3804610e11f0bd9b68ce0f":"bfc89d5049a5b4015c9eb64fdaf9fe9f4be7229e67c713a7b368f0550b3a5e12ba3a4399c64f60b7157e1b289b154a494deadecff0d0686ab44fae2a34ae4cb120a7f00268ab551f41c16a05f8999157be1103464127a8a9bccf736c32db045124178c90472e664d8e67a2ade0efe9a3b048c453d2fb5292dd8d29e62d52c5b5":"63c1192ab7fc75c17e7812fd960f296e":"335cc5c8fb5920b09e0263133eb481fd97f8d9f29db8689fb63034bc40959a176ccdca6725e1f94f822e4d871138fc39776fbe062f07bf80e5c8891c2e1007efeb77c158ced8d6c002b04442ed35c40a2187a59c02339c05762942208e3be964736a431017f472dfd5fdaf8fb8c645cdb684f9632057b9eb755253b4b75e3688":"ca974942ae0f4955ca0736218e4e356145c1ef42135b1142b55ccb3fc5caeec630eb50e69b5a6f97c11d4b604189b27496623bb0365ae69f4150e201e72bad8e7b883185588d0a31c44273bae87194b1610114a83ec47ba68a02e29891de43204977fcd0d551778335fc77fcfdf3fd63e9e5e0c02930a0321ffb093c521cd0ed":128:"2f11a01cb0ef8dcefad9233bec44d6f0":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ec566324ad9d4cd015821e2cd4ed4d3d507bdb3c65bd50acc85f690ef06740fa":"348d35768d7192415cbb92c5625f10edd79f24c56d4b821aaf80d7dc83e901ede6be94d1efe11a3acd16ac00aea8d0d4875c47522332fed11cdf0816b26978de431c89d2fe6d122b2d4980f1d53a97edc15e490a44e73cba9394ca4bbb871675c729c39de80d6678c71b1bd220e4647bfd20a7ddbefe2b7eec7276b87c92ba77":"95c8a544c4b94e9fbfd76e66f40bb975":"fa6f38f8e562a54bb2281dc9a7cbe0b981292fb00dc0053185550a300661852179d0f2beb4e7759b81316fbfead5c858e6fce73f3cd2c2462925dbb199a4e6c121d051b1b5ebf60e16d1e30f6973b19cf31830da30588fdfff6115a4a1f6d977a72583379a56055724581be5232b0d1b0ae88bab5d4a031b058bc8d03078dcd5":"8b4da79f3ae1ea35a80af2f52fc640055e6a3b92617ddfa79fe5d8a49f28ddf36a82a17ca0b3cdf1726700f7ffc09ae5b412d064fd52a90a76bacc74a0b89e38dc474e880a2b768ffa91fef34c47759a7b8fd7faa32a4fcb258349495e4438c7b2055a8f462729fa4e7223aa9b47087695e3aabf43afb32e272d536b257b748a":120:"b1faec277697add8f756391dd9c7f4":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"dd6aa4ff63efad53772e07e0fa7d6eda5e73be167620fd7c9f3997cf46cd25a9":"592b3a6f09841483770b767bed73498c286896d2ad3d8bd91f83f92f489b1e83b0456a54e067a79e1bf59eefc1d3bd35cecfba940811d06a06e9b8f774bfeff557bd7e3f0864cb6bd3f867efbe3f040d2384ae8e1a0e20ed38caa668159d3e33c4669478d00963a1152305aa2037a5e06cac52d84021234a7f5d46ab060bd03a":"6386e03bcb6ac98140ee0706b54c8492":"0ccdaa4f54cfea1026a4d26338b1e6d50a70b00c46147fe906c95f0a2fb5d92456ca3aa28a257c079eceb852b819e46646997df87b873bc567f69a2fae471df03b0e5b94511189eaeedd238a991b326963c46d53080f420ec9fd1a74145a0b155cbcc0b5e47fa69450c7eb447080e34868d640f923923b91a9e13a05c73550ca":"c1be540448f1e3f432a10b3cc1a913cc4046595f5a57bf57c9d856cdf381832e914088d3388199018ff26327e3001678ab363da9457ba2084f5aa81320f1a0343491e0b44424018765861c5db917ce14e91a77f7e805d7a97a17a288ee66567c5c01ee61dc46a9aa8b281438ed377b792e9539e311676f81c567339cf92b8e1e":120:"ce7e361713630ecaff81866c20fce6":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ad3990cd57ce4e95342cdca4f07d7e35d575eb19f224a7c821b1f5a8c54d4bc3":"732809c29b5eeda974039b122b875aec2823e082ef637294658cc54f9bca88eb7eea87a366234f89919975d0e7dd2f8ea83198d5a6e349149a016a4b177ba43df2f3ca28e27b8566591d225ac25dfd9ea431cf1fb3ea530d65dac93aad47764a6aef8ec6903b6d145ea9a2663034d2a320690b92afd8032084b754be97604382":"fd4ed75d861da2cc14fd1054976c8566":"ab44689839fdf47e887b70fc1b0422dbbe5c1b50f4e704f9a435967ba8b70cf1e144a025d37292f628f9f7dd9d05557b65340090503201e8cf2cea2d6a73ea4850bd0931b90fd4a4306ba84b8aec99fed47ca1b16daee6c95c97e4ba0dd1fb130cd13f5ef77c5af96f61fa05305a3aca3775e927f72f08fc34bc994e69abaad8":"f48721b08101b35cde1c4ce08a8ba0049185b9dd48b66ab9971fd67dee24f89b456e9ca19ac8a9b5b3b088cbd53898a8c2ac1129752fb7fc55a0c3e2e7266ff40f7a9d63ebc4ab65f47422fc17cbe07fcfda582fd1b8f50e840ae89837e84add8be17d4cac3d2be26bef4aa8438daec9d2b139e442f99c32f2789378c8029ad9":120:"da6da2af0fc14b591a86359b552e20":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"30823396ac90db573b6587676564d09fa680906bd6eaa6b8597e2e7549c9d848":"c55be5a0b8559e02de4667ba5656f7e46f5627af13fd34d327f6fbfc4f3a9273036fce2fb21232f8e2ed115b39b0ecb9a119c8fc17070bbe4e34d3544d7117ffda5e1ef05e063b5a8fceb23158d7824d6a1eb4d90a1d0360c6bd78fb24fdd4cfa35924beb4e090891d06f53fc52cdcaa6b8bba6772d549eb95b64ebf3756ae45":"496ac734afadcd54f1a4372ceb5645fc":"2d582131f7071e80cde1b11106b7d79bb208743de759d40b897efdab018f4eff1f91d2fe67e27af25a13f201bbe4446f20ac6b942ff7b32cf10ad1cea36945b67ac08b114fc616175a87437ee05f3a8b6566e9edfbc1beec0ed8696b5d5c41a25ac43bf3ce2920dd262233ab3405d46f523894dcbfb6c90b6e911ceb93bb7fa6":"c9da3df66111dcbabf731c6891eb698ac3283780f526e81383e201244efe4eca7a1c84a3bfa9ba5616afb15c1f1af0f3af2e071df6c1d34a343c3e3440f1a3e1b6620243d9e7d9a4dbda5981c3e876fd07f392d44bf3e0a4edbd884462ec2f71d36bde4a1b5792629da09a1fb01bfdbd532fbac71887a05a7077fc119a4638d4":112:"cec973a27c42e31b779a6a91aa34":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"815f2b2f0b1621aa198eef2761380f10ac9872a5adbdf6286bdf3386e56aae4e":"d16930c570414bb620e0eaa2e9b5d96e4424127e16461aaa5885c616a02ae974fb2890e73bade9ffa5066eb88a46ac7fcf258d55733d315951b1b71c5e3c13d78d60344ce921966297a0f6361cfeab03b346a7fa4f83a7a0eaf37576fa33a496102446f9f31b06ed91b51672c879cb18d4e38fa86e156d5b1dbff27925922470":"0843984bbaa565ca24f148e57a7d9c57":"1514b99c0ad3493c36fe1216d1a887a69ea0340101aebb03f60d7ed26893119e81e8b8c3f0bb4af5e10a3bf4edcf257473be9dcebb44a9d912f04d97a556ecf020c0bed7ccef2bfd5580f1fc74b706fea45f8c63d8de6f8deccc47a02dc86d3f0624e52f6f1dcd09de8000f2d98a4cc0896da6a564b92263673adf390ed909fa":"7506175acd64224b39f890e498ee5013bb46fc571dc2b125ed5891b8ce8bcf42342f015fd2df5f4b9cc220aab52386bf2247d4163951e86467633f96c28bdda166d778855a7f60465dd2983232c9e53d5f89432407807b0402a10f155f80055c339451a106ac54438ae4a945e60d5320eab0adad9a1e66d59b9d3cc53887811d":112:"28d9d780052b36dbe80a25d41d5b":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d1325ecedb8fc0fe449de558fbc11ddebef660e47aabb84edfe69837a6a9066c":"f9a4f7029feae5cf5bdb8385d6ad7d7da6a243c5026818e5a794c6cffb8dad3227964501c5a049b5a94a7ea2e24434e086800094118444c5a971bbe575324fb6b51c5939f81e78bb11d85d324742b462ce8d13584b3882617d0c94776f328a554f9d532b6515ade9fbbd2de1c12ab53671b7f7edaa7e20223f4c371c1f229568":"8aff702c40a8c974cf24bf3c645169a5":"9ec2e851dee3834d4843aafa740f3aac4cfb1e4d3a7e3e77349113f5200768c3e9dc37481d6292ebeebd2372db02ef8ac7180830c7187995c815d1d1520c3e2f8cf2a94993b18c828b53485073c8a845066772615b26d7a3d7d3e7d81ad1725797153f7ba5e313bdec582c5482adf76b31c871cd42a313018f40d7e23f1a7f33":"3a93663aab93c6cd236cba4db2c03942d9ebc669633936370c2834357e76f6555c34d40dfaab1e78a105da9092acdba8be89e2dbf72e89518d55e09eb2fa1ea7da505484ad4531dba3eb853d1ae1a477355ea9448067b0adbc782d64ec342c7cb781d9dd8dc2b14dc1c9ab5542b679782b8bb9b45ff6a4e36c513df169c8eddc":112:"7e682b0ddbe6c55091838616c352":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4b92242268e598ddcf3a5a0de26d74356693c4dbca354e44be401f3d6804ea1e":"72dc75bc4c8f5bbbd9c639fbdb34afbb84706404c9e67eaee1959aa4b51eac0db4f975cb3ed8d8ca27f72f61c8562ec953a7b8745826121a7016e60e877dcdb046f236af3826c1ddf5b929c5bd9a92b0d5c23cf8983bf2459ced6595882b3dd0cd25da7eba981bba122623dae22dbdce05cf4e5d82d2cc54eb4f68e9e8eff02b":"3c292bbcc16c94b0a263f4d22f328915":"167dfab08aac8350574693b31210138f6b99cfb61ba7ade2e2abffe2255837a913c9afe332e8fc4b2463310df46492e7d982dcb70fdda2a8b03911e6be9a5c5621d0ae8ecd1cb390910b6702aad33394c25d1160b86687e25bb6cdc4811e3158bb85ba75548329dacc19287d9c004a0473029b77ca290fc47c1f96d9583bcd67":"c2dd42ab9bf3fda78032f73cbf7d28dd8e32c582a3b7ee79795551f133234d62ea6571a466b8e1af0b3d354b71a6582c9c8013d5f8a2c34eb3e848360adac1d5005cede58eae7784f32a31c40eec5a3f03cc1e7263d8515b36225b3515ebcf8dca2a77172c797d347ed3921ca0bc73e8ae56347134a6a2a06ae084f1ebb7b0fe":104:"02fb002d8e4a1d11bb0f0b64d7":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c5c50059a61692a8f1ffae1c616158c67d276dcd4a029ce197ed48567e5ff889":"ab7e13923e66d0f600accd2462af74192c3de6c718a27052ef7c1302239c7fb2413df7c662657ca18228575ed138bc54f31663df548618e98d64402feab529d5bf6a678431c714df1fe24ea80017f455a8312bb5b710df8dd3571970404a806ec493dcb1f3f1ac980663f0b9c9823e0d0304ed90689f70d4a24da7d8504c5b0b":"920d82c6b97a7bea121f64f83b75dc65":"a9bd57db2bbe83177287e5f614dab977071abfe0b538067f7d0c5acd59bfba95dfb725b8e1af4573ff10ce135148a3bab044552348378d5ff0c4f8be1aef7ed60bb9a374a6c7b8097d7c1804fdf078f212e63e9f11d7404ad0d1a9cb28d5ba199aec3a6c41b9e523b541ad38cea763159836ede6371357ab1aeaedaaf4481c29":"8f7e87e3ff4f7ccd1cedc1df125199cfb588339119a5ea5f9bdb918f89ca35f9dc16c6465fb25ea250eaaa8e7f00aca2199f92a2c244642bd15cbc9b62caa58115ef01d0b4a9e02527e035744b20892f79b07aa47b6c6db1332f82434764c43124b27148f2f611766781df8e4cc0b5ba99b858c13c233646dcb2b8749a194f08":104:"65da88676d2ab3f9c6d590eb80":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4c7cc3588436ad9e877de72578d30026d32746817ca7a8fb7df9870650aa48d8":"00c2845fc495b89f870bce714f8604a7e7a96ede92c4b9bdcf044c9a176f66a28761089c083d5e2d613c746711238477c0efdf475e18af99e88cf76d04d4e40495ea16c462801443cd7f69c5d36ac9f337e828c308f1d1938b1fac732274459827cf9806c1661a247167948a93eb6e998a4cea76bb825baa27e4180e52633bb3":"5e82285a3b332c693e427f9410564489":"9971b8e234fc3e1e9644545e383eb065e1866e2faa6513278d3972add5ec0e71b1558329fe1ee038a27919e43bfdac8cf08141ab540528f74f9d5bc8c400bb6ee7867e4dbc2aa081d9126ac374dc62b10004d0e233dc93376b93c0da415e7d3e09851f2084a99feeb25939e21893056870cefe7cdfaf49f728a91ea0eef605af":"ab7bac4ddede796576e1fc265c3c598055827be74dc7ed8ef172d00a648da56727767d68fcbe6c44e7272dc8cb15f03a26dc439178849b0e9ad6c7410dd4cca3f9ef40ec7c280042bbc199155c7341e88d35e5e8d0b42856e618c6c30e43d49506ccc3518585c951a3898409315e8b3b4d0adccdb561ddcf1b9d3b2cf3de9750":104:"2474c830c6ebe9c6dcb393a32d":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9d73aec506e022c0692892f6dbc3b4d41e86b97fb377c1956ee27b9c9ab3b32a":"f02bf60f10ed876a803a96e75f3fe17b4e355246135a0cd5497baad2a40a523c27e27bf848f0cb5d0c6428d08bec9590b17fca5e697990d2a6f7d21080ab614f378a07461e7a6207229e0a087e285841ef2f119cac7d8a2d3abbb1e7272a0d7dd493c8c4f797e160c36e086227ceae4923658365b2d3a3fbea11aa2fab3499cb":"bbacc081a6107364dcdac83abceddbfb":"77e1da090e4d3a892baf1afbc12a56201a4362d8f09cda5e9bdb23411e6908915301d66403acb3524898c1c51d6970a71878accd0048cb6cfbd4bf941c174ee05eca2c4a29f1c24e936d3a63cb6cfa710617af1bbb41d755b2f79e135db914a7dd00c590cf741078eb72c3ab559787213202dcc0a4734bdd612b917e372f0e61":"d78fa4024b8d073899ac09b8151c29b10a37793b76f04921bdc7dd3d2ef530a831e53cf6a7ddeec0e033ceeabb525bf5ef57bf9b3661ffb57d3bd4024252fa11dd569102c787c2d8489a1ad1290dca2e8edf82fbe6b5f83bcc0e888045b895e20c8556ee80430cc8640fc070491d2bb81a1209428938cd8e7a27e0e858029421":96:"2235d00a47d57cfbd383b69d":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"73198dfd92d26283637e451af6e26ff56e3b7d355ed7ab8b2059c1022e0ea904":"2471b3c4cc1d6884d333d1c998c7c441808ca884cb88173a225569e1689ef39e266e9ad381926adeafc2daccbdd3c9457ea1bdc3bb05168ef1eead1504d1d44dde34f96e1a7f2a5d3fb33cf5292d52fa9412800419570db0eb24fb74d55de202f5df74073c5a2eb9eb726393996eaeb32072bebb00593de41b97ecbab2554186":"e36403ce1acc63bf50b47387250ef533":"cad023cfb73d08e5b082c3061f3a6502a1c1d53038cfb19074d0ec26c9b272db93094147ef0ab2bdce440a2b3233bb0429add47601f011df679698264c0f81444aba14576a1a565e5c169f967c7571bfb32a2a4d7fcae897863d78964c5b1a040cc845494c0ad8ff4353317b28ca3798e6252d5015b58e99354ce6dfbe8b7a95":"32afd6d6fdab2019ce40771b5298aaadf753d1c4cb221f01e4dfc8b1968f898188fa4d448d8364510a7e68c7393168efb4b4ead1db1c254c5cea568a84a997a76dbc925a6c19a9092002629f1d9c52737005232e5c7620b95ed64741598a65a9ec95f2c97b6b78bd85380811c11386074b1e1e63b9a7e99d1cb2807bfaa17f0e":96:"e22deb1276a73e05feb1c6a0":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1dcbd278480434135fb838ffcdc8e7716e95ea99a1cc36d544096dff9e9aeba0":"da3b8c9e4aa8443535b321c3e9bde3c6742cd9f228c971257430b27293ebeb635917d6cba976c81934c3077902911169e8c6197b2d56a046b7ff03b482c38172accac98aacc90076370df28bc8a2044c393c7541b7b69b0fb852746dcf3140ace4e76861975814d2b5966f7714fb6cfe3e4299d79182fc63a345067a0aa54d8b":"b737bcdee4ef83aa83f124cf7208a671":"49a544aae76b04e62211428a2cc3719e4451f3dbf9a23b6ac824fc472e95e38386d267415c1472a8b0707b0573b9eb2a39a5d5a13464947cc3a7a7dd3b7196f11e87ab5233944f7cea3f4d62b088febf8b82a44d4ca6148be1ba24905432b7ac2bb4ebaf22d3bce97ac2bd34158b6011fbac77ee1fa96ca0c9c9e0207044fbbd":"061b491b73f9250798a0fb1fdcd72a70eddc9cb48c1f10119387d45c50d5fbb8b85592a7977487e45342fddeb8d481eef3b99463972f66acb38fe04953c223c5f3e02611c8f33cb9ad7466860895fae585d40bc78ec14d1cf17b4c5b75e4d8c6341f1eaf80da4a78aaaa30d3bc8bff15f234aacbee4067a947e42275b12e0bdb":96:"b897da3061c77aab5eb54622":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2e00467f18536ea6b4d582b2480ebee883e4f56bd91af3ad7a47ceea3ece9acc":"d5334398318ade59e6bda5cfce8e11b25c9ccefa2f651eb16f66c03d84dcc900dc7c85e6d2b778b155ae4591af0698df7f3b8b9f64d4442ecc82035f7d8e71a5f61c515a963f2fba077f3cb8276e91b31b3f8aa193988a16a86ccaec4a688ad68b5146925ec21d55ded407709d34d140f37e1f87d955619453c3704e83918088":"aa6716e6b7107876a3321d807a810e11":"5606a0b77cc9020955c7efda33b7080e9c0e9fd374c4201b4324b3e6523b0407171141e8246d01292a34dc69331f7177d6b7238e16e0303e85741f9cea5698e42fc79217d9e141474068d6c192713c04b1ba3573e93480f69e4cbf72090d46d62d5b52e4a7613af8fcf0010d0024ea11c19cb04571c6d7045a1157cf81df18d1":"249119ace4e292ffdfebb433d5b57fa1518af3389eb832146c3adc2dc62fcc9121d7f6461a53ee107ce7edf362b365d8bc18e50cf9c328cb7c7aa7b4e8bfa07c34dc81c38fe0982bbc3b543485ea4b0ce5a76c988cdfcd241911cd66f5a5f9e0c97332bb0f3926117c0437470717c63957aeba1c55d96b1ff0f4d6045f908cd4":64:"70e986fced03ae67":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a18240f6135e7b6eac071546ee58bb52394bc34ad4e91ee678b72e4514fddcf7":"02f288eea5588e7a011f4d91eca232af70f60ae3d9302cae5a8a58798c1b4e973e3b1d07695934ae871201682554ef6a5b94976c6a1aa73d354f1d65e3f025bb2a3f1e93009e822a87590dbfd1965904223049c5ac0da8596955199ff767b92df10d1f9c05c40bd8204846c719c5594000cabd87342f0447e4e466c3788723f8":"149da8186ca73941582532ede16edf3d":"4d46e1e87322ca84d5bb92d58670f644083db06bdffd99fab0055a62b64a30b5a5673a108f0b9f114d379d3fe63a1f63407881c5b5cb03142109c158af42a00eb24d3b1873edd2284a94a06b79d672bc8f13358f324af2622e9aa0da2b11e33567927e81aea24f3605168e602b532fa2cf9bde5f8cc0b51329e0930cf22e3752":"36cddac99e2673588ba783d3c085b9935626687a2dbac9ad10deb4867c577d6f80453266b2400afd773e4edeb743c32562e85f7f8f43dfd87b10a2dd79eddf6e580aeb4cea92ac21cf49ca97398cc23c02b0ca59257643fb2bc6462b9cf04658352d53c2ee50d87cc5ca2ecb722d950f0daecfa0b7c33aaa2c91dd8b093916cb":64:"73cbe40df3927e80":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4b64bded6c658090a85b5d889679c6a00579498aa82be1e3a628a1cd001e52a6":"182cd59dc1934199d2d2a2712157438c347e286f66b5a2b8b5149aa41ff7ba82adc3751be379741124dfcf05c531416a64f25f0d28abb6f7bf98c80762f0fa363da679437621dcf61bce43ef4d63178779d1a3ebffb82044d427ef522cbd2643cf1f5617a0f23103cd2a164a59f182b151f47b303c4eb7387ee5cb97cabdf985":"99aa6f359534da409a18540d82fb3026":"f55fd6255d8a188ce9a4a2727699ce16c8bc5c6adba88d94106038b74deb79c9d43bfaa47375148d843a5ce248d70193c8017196941b2d9e2dfd4375a3390c19d2f833b0b265dab30f26adee07ab0aeeb930dc3a9fbcf719a707fac724deb28dee2a6788b17fa3505290c2797c6dbf930b41eca1f6d54d75b820e62ec7023e93":"5a1211218174e60690334856483a3066e2e8d996fe8ab86d0f8fef09aba9ef0acff9d3e1e5cc27efb5464bc23bea9c778fc74206ae3a16e5fdbf99694ab7096f23c4b395d7a7b8d6675e56b5505ff62f52bf183bcc4433298296e41662d6519d9c1f0a5fb3140376c8890547eae72afe75c338ba97fad9f0184dd311bbdaf3cc":64:"8dbdc0746074b486":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #0 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"cadef353122cec1fdbc236c0ab195fc4d732655cef444c00b6cba5c61e01c614":"a3d5e55fa3110a268cf1414a483adab6d58ec8762a6e6be81269c0369e8840333503bc3688c7be001cdb84d163fa1dfb05f3b01ffff31151f1af780c796822e3d564f785964a546bcc2a320d81a2bc61058652a8594ae9b9b0917400e08d4a99fa161376ac53cba54c92889fd3497e233aff4e12cd85d57375c7c89e92cdf5f5":"d765b5954e5b486885dc78ce6801516e":"ba0405745971eaec5d337fd22e0ad287551e7084f1c9c38231d675719e3980356e183a99a3c760ecf7a8ede5e0dac8d2bc13e135570ff6e91a854ea3b457263b0e77896fdf7bdf0b53c8276cfd1ea3e8e22450ff2665eacd24e5fb2be89373349fc9e2967763d43cbd7adc9a376b1b4ab956ddf8b1a56d9385fb7e861bc34df7":"9b99f984ae26f9cad5b3c8058757a0a5caef0fb86b8ecef0c1bca6b99bc72b0d5345a00ae75e37d4e651008bb733105d2172edaaf5bda4ad950a49de55a514e882a470dca7c7bbfddde40d38fef4e1f3864fd7e212bbc0383d0bc29ab2303c8935d49c35d7d73df2fba0daeb5f37f9ab0d541766da71b33da1018a3f287ba312":32:"c374cd77":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #1 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0cfc42773fe2d16a59da52234af5015271332344448c214a2b4a0bb53b07a0a0":"dfbf9eaa46c368b28ef50227db97f29b5d9ed599760bb83f5d52f92ef5522815d6952ebb0d9b4efe8844216d37510746caf8c775d2c862bad8d67effe109a0cbcdd14ba8e31fa420a475e55ac6b02908346ad1b064d5b6b869503e08d057ae65e9dc2a2a26345917b18d1b715a2372e8e114a071eced0c29cc9966d7205ae010":"45afb3ba2db9287f06cf48405764a955":"16d3ad553cc0fde3f32112bdb478450c65c854927b198914649a2820a9e3d01131b693765d40bd2bb74a50eb4cd7bc8dd8dbac9c6a61acaf5e4cf81570814b30a6a11877a8f9c5df342f70008cbf0576bd27a50bfaf6e22a40bd77435da16b666a06d172aa981bdcae0d25b8ab002c6c1994a356d3c3b7e4dd7b99892b0784f6":"e29db2c4bccef2dda828ce652791d424a86cd5790e6ece67bc029ba9520bd8f35a214a73d8b86564df0eccdb60eafee4170da2694eb563e5a854b25d7ba0a4c53465fdc15c6e267be2e54263f97aa3edbe2358f3d9b8d28997388a57aa427a239a74534393593196253de1c2946b7a437a00480ecb2eb08dbe55ca2b3641c36f":32:"39e01fa0":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 [#1] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2a840df4be22c70786c873058d2a6e16dd9895cbfb55b9c9e98f958cfe62e65d":"313eddc53f3986927a261f498283b6dc4a39d26f98c7428127237d79a11c5e626e2e9cdb68f72aa3168ab23dfa2f5e03bc65a68d781f23fb9e295909cd9f0f3e5648cf82f3f6b3b509b0a333cb7d9f2b6e444c351a318f8f200a921ccb409def21b87bc55ec211a76a518350e6ee21d7379edd004b3bfd1ce9086b9c66d80ec1":"ebf155f7cf55e6aabdc1171c95c45293":"8abb8843de1766cfb8d6474496acda2f7a14e78a5e4c787ac89e6bc06cfd42173c35b3a75ddff644f4a58aa7502fedada38a7156457365b4c3c07bc12a8f9061331139b9a2b8d840829b876beb84f27d5a64093c270fe6c310ca3afe987bbc5ec4dc06358d5bf77c7b4e4fe4078c6d3ec28e9a281318da88949c478094c0065b":"769869a55754eb5d6d42e22a2b5271b38533fc0c79642e250347d34566eeca732e0565f80672054bd10cbd3067730dbc567039c730d8bc32a2bdaad09885651533a4f03174d4e6510547c1e1dd51be6070ab0ca0cceeaccf64a46d0ef87c0311bd09973f3b588a4dfb39c85086ea5d67dc531c287b83c161dcb25e07b671343f":32:"c364c089":0 AES-GCM NIST Validation (AES-256,128,0,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"461566cac74f9220df97c1ab2f8bb74189a634bc752f7f04526923d30506949c":"":"546d821e437371061cf3207f3d866c15":"":"":128:"44193072791c435d6e8ea7756a0bd7bf":0 AES-GCM NIST Validation (AES-256,128,0,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7736dbb38f1fe351a7fa101d91da62124c22ac02ee06b9413f56691067572f73":"":"5f01779e5e4471cd95a591f08445eb5b":"":"":128:"1a1f08c8f40b93e7b5a63008dff54777":0 AES-GCM NIST Validation (AES-256,128,0,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"eedcae924105c86190032650e2d66cf6927dd314de96a339db48e2081d19ad4a":"":"a39d400ee763a22d2a97c1983a8a06a6":"":"":128:"3b4294d34352743c4b48c40794047bea":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"714df4b69dc00067c4ab550f37ff72358b0a905dea2c01f00be28cec130313c2":"":"c46d63d6fead2cee03bd033fbc2e6478":"":"":120:"2a0271b0666889d2d0b34e82bf17d8":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"454021ece9a87a9543a1626820d39edd1eff3dca38a287d8fb68bd315a7a2677":"":"51de54b633a7c9f3b7b2c1e4b47d26a4":"":"":120:"114708102a434e3a30088b5944c272":0 AES-GCM NIST Validation (AES-256,128,0,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d7e90b539c99e8c2187ed72823258c1149890a69a9c0081ff8c66e1cdea9f2f6":"":"6dba3273560f30f118a2e0251f7b7d76":"":"":120:"5f45e00181cd2d7feb4723e0cdca24":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2948233eec9bf8adf7250b20d62df9219d30e314c5932383203805ff9f3dc5cf":"":"d6b8e723272e26922b78756d66e03432":"":"":112:"14c9a9a217a33d4c0b8e627641fe":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c73fb5e732ebc1dc7c91ac25de0d01d427de12baf05ff251c04d3290d77c34d1":"":"c31220835b11d61920ae2c91e335907e":"":"":112:"9eb18097d3e6b6b7d5e161ae4e96":0 AES-GCM NIST Validation (AES-256,128,0,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a46aff2121825814c603b258f71d47bd9c9d3db4c6fe0f900e0e99d36c8f8d66":"":"7cb5550a20d958490739be8a5c72440f":"":"":112:"8c76eebda0f1fd57f05a62c5f93d":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"61a612c76de551f794a146962d913f60fbd4431365b711217aaa4beaa115f726":"":"2d25462c90ad9a21073729e5efc99957":"":"":104:"e4d3b277dc9a107c0392ca1e5b":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4b233480239fabd2035a7c9207a8e1ab2da45a90a472b30848fe4b4757c628db":"":"50d45096afd0571e171e1ab1ffb3720f":"":"":104:"5393bc06b8c5ecef1264fd6084":0 AES-GCM NIST Validation (AES-256,128,0,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"dc051ac63e6b051594158399291ed101a3efbb1701b98819c4835a4863734371":"":"1f304d4d7f84ab560366215649b0a064":"":"":104:"1081dda9e0a793916dc82f7848":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"75f76df772af8e3019a4c1588a7d59925f80ce0d5647030f29548374e7bcc9e8":"":"d407264e09fbc853b131c8a9f808f1de":"":"":96:"d515522db52bb872a4d3f9d1":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"608d7592c094322b31d4583a430986bdf6aa639cc4b4a0b3903e588b45c38d38":"":"6a631952e4990ae6bdd51052eb407168":"":"":96:"eb8851cfdd4fc841173c4985":0 AES-GCM NIST Validation (AES-256,128,0,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"86a90631e5341e67dfa55e68b07522507b437fbab7f3e2e26cfc6e89ef9d2410":"":"67763ee1890e4bb430ac3c0dbc2af997":"":"":96:"c6d11901b53cf6b13ac03cc5":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b8d12783ba2548b499ea56e77491d2794057e05fd7af7da597241d91d832b33a":"":"0365436099fe57b4c027c7e58182e0b9":"":"":64:"41fc42d8c9999d8c":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"eb17c1bbcd356070ca58fc3899bb3751eea5b9f3663c8e51d32c1fc3060b7ac2":"":"aca76b23575d4ec1a52a3d7214a4da2f":"":"":64:"fbcfd13a2126b2af":0 AES-GCM NIST Validation (AES-256,128,0,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"916aea7c3283aadb60908ec747bcf82364c1827ec29bedcbadacbb9b935221c1":"":"e4aefe6f81872729ff5a3acf164922aa":"":"":64:"2035a7ce818b1eb4":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"47b4b7feb91582a2f6121d12fd465967352e58d9f3d1bf27478da39514510055":"":"137bc31639a8a5d6b3c410151078c662":"":"":32:"822955ba":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8955cddce65978bd64ef5228308317a1ba6a9fbb5a80cf5905f3aed03058b797":"":"1370e72b56d97b9b9531ec02e2a5a937":"":"":32:"b2f779e8":0 AES-GCM NIST Validation (AES-256,128,0,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"7795d631f7e988bf53020d2b4607c04d1fab338a58b09484fe6659c500fd846b":"":"f3f5cc7c1ec0b7b113442269e478ed81":"":"":32:"e4e6dfcc":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f9aab5d2ea01b9dc35c728ae24e07c54e6d1452e49d9644776f65878199bc5e4":"":"96ec2252e51ebfb731b680729be73297":"983a102a67359f4eecac465b0d65908a487c98c593be89494a39b721728edc991726e1fba49607eed1f8ba75ae9ab82a1a95b65ebdf48d7ee3c4a2b56832f21a483d48c8400dea71537f4c459d1cfcf9d2cc97b32eb7c5146cbf44d7e5ac779e9be0ae758eafff2138d4c5370b8cb62d70ebb713dfd2fd7772fa250590609844":"":128:"766b6dcf491a5836ef90f47ac6ab91ec":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d713b33af57762f933d6abfecbac7fb0dc1e545dd7c01638b0e1510af719769a":"":"5da52833b6fc73c0e4b1403e1c3c10a2":"374dd4ebdfe74450abe26d9e53556092abe36f47bbb574e8184b4e0f64d16d99eaf0666fa3d9b0723c868cf6f77e641c47ac60f0ee13dd0c1046ef202e652b652f4b5de611989223b0acf1ead9b3537bba17ccf865a4a0fda1a20b00e3c828b9726bbd0b0e92fa8ed970eed50c885e6d69604278375af7b9ae47fbce4fed7d03":"":128:"6151956162348eb397e2b1077b61ee25":0 AES-GCM NIST Validation (AES-256,128,0,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"77a1e4ddfbe77a0ca3513fc654e7c41609cb974a306234add2fc77770a4a9e16":"":"30d6ec88433a6bdd7786dc4d3693bde8":"69beef4dbdcdf4e8eeb9bf8ae6caff8433949afc2ffef777e2b71a99fde974797dfed2254b959430ecc48db72cee16c7ef41fa4165ce4a0636ad4e40875d193a3c6c56a6bca5a55bce3a057a2d3ac223eba76e30e7415f00e6a7643fda9a1bf4d4b96ce597ffe30c3f780dd767cb5681bb7a3fd11668380e272bdd70e66f18b6":"":128:"d4a3c91e02a94fd183cb0c9de241c7d1":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"303930b8ba50f65a50c33eccd879990d5d87b569e46f1a59db54371fcbda7fd6":"":"2b2b28d8a5c94b6f7ee50e130268a078":"c2ff20441d96bae4d2d760dcbae636ca7e01d263c28db5faed201bdb39bcacc82ebdc943968aa0accd920d258709c270df65d46d3f09910d2ea701c018ec9a68af7fb3d76a9b360de266b2ac05e95c538417fec59cec1f07d47c03511751978baebd2e0e4f7483f7351b5e61c2a60138c97b751f6a8c8323970f6be05357aeb2":"":120:"b597491dfe599eaa414b71c54063ed":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1e3b94f5883239c45ed4df6930c453c9ffd70b1c6cee845bbcfe6f29a762713b":"":"61155f27c629dcb6cf49b192b0b505d6":"5b7482e9b638cb23dba327cc08309bdb40d38100a407c36091457971bad3ab263efa8f36d8d04fdc4dea38369efe7ae5e8b9c190dad2688bda857e48dfd400748a359cfe1b2a3f3d5be7ae0f64a3f44738a7c7cf840a2e6b90ec43f8c9322c60dd91e4f27fa12197fab7ed092990879e964ce014f6be2a1ef70bfefe880a75d5":"":120:"7003f04d6b6d9dc794be27b9c5d5e5":0 AES-GCM NIST Validation (AES-256,128,0,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9080effb27994ef831689da10600e7a219db93d690647457702c217b08057eb3":"":"f45514696ff5ee1e6e5797f7bcff05c0":"5251f800f7c7106c008c0122971f0070d6325b7343a82fc35f3853d25c878215e7a929bf63cc8996f0ffb817174a351b71d691f23021f58777f962fd1d45ff849e4612e3304ae3303ace7b8ca1a43f54e662071c183a1695873f5567397587283433d1e76cec1103ee76f8e0472814424b8981caea1f624131fb7353afcd2cd2":"":120:"cfb6d9bccf0378fabae08fd230edc1":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8c291f0ad78908377039f59591d0e305bdc915a3e5bfb0b4364e1af9946339c0":"":"a9830d5663418add5f3c0b1140967b06":"e43c04e1f7304c1d83235120e24429af8dc29dc94399474d06047fd09d61ddc682684776c81ef08d97f06db6e4cfb02daea728ec6ac637e1ecfdb5d48f0440d8d8ffee43146f58a396e5151701b0d61d5f713b2816d3f56d6ee19f038ccc36493d9ad1809a49aa5798e181679d82cba22b0b4e064f56af5ec05c012b132bda87":"":112:"275480889efe55c4b9a08cef720b":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"96c77c11a3336a41b61ffdc1724a80735bbe91dd4c741fdbcc36e21c53335852":"":"655502d70119326405d8cc0a2c7a572c":"c01034fc6b7708128fbf4d6ffa4b4b280a1493b9e1dd07079f509479b365f55ae9290689f1c4bdfa439344e3abb17f3fd3d5e2f8b317517747714a82f0a9ace04938591d3ade6d6095491a440322d347e8634008cc4fd8add7c1c4764afdb2b098b3f5604e449e8049a46b6192647d19cf88fa5ed1abab7f313b4285560cba44":"":112:"b4d581464c4bb23433699c418ddc":0 AES-GCM NIST Validation (AES-256,128,0,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"e2a3957393669278f052ff2df4e658e17f2fe32811e32b3f62a31a3938930764":"":"a6f5a1f1f1ac77a1cb010d2dd4325cbe":"ce9c268429ca9c35c958ca3e81935ec60166aea0be15975baf69103251efafd54cbcc0bed76a8b44a5b947199cd3c2dee6878dd14a5a491a4a3d45788405d0129354e59c047b5367f1158bcf4e066a276951d2586bafc3c11f8a982ca7c3ba4677a938498bd51171552ea032fe1bd85cfeaeb87e87168f7a28e979b08358f841":"":112:"cd5986df8e9761d52cb578e96b1b":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2b17652f7f04073afe9d9eb8b2615c7550968b9776b139fcc4f9b0300912cbdb":"":"9a8ac23ea74b292b7386138666a0fb60":"2732107241e6136f1dd28d233373079d75d6ac13828ae7afc751b6f9c57e77268c52ae91f4ab3016af2764597994573cd6b41f72e21b60ffbb3aafc9487ac19d0ffe8db2ae2c7505ae5963b032d1ee1bffb4c5bd88bb0c9a350ba26ee3eb8dc0a157955333e4f28c5ec7349c39229dff9f440da72909f2870aea873a76545ee8":"":104:"f7b94229439088142619a1a6bc":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"16fe502e20d6473ed9a27569b63a768ecd428738904cf0b337df510775804619":"":"431a8d78b91414737e7c6188328a6d37":"934bcacbac10ea4ff6ee94b17bd7379b88489fbf123bf496c78c9b6b02ee97dd62eedd05b8f44f4912764920129e711701628991a0009ebc7017a1a19b177ec9bc3b0f280eeefadfa310708dfe214428a184147b4523e66f2d62630d4a12fd3e366d27c3b7d1566553c9b434ed193db083160da1f241de190bcbd36f435e30f4":"":104:"1dd3e6d610f359cc4e98d36244":0 AES-GCM NIST Validation (AES-256,128,0,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ccc545fd330cf17e27d75582db28807ec972b897f812d6ed4726d2a18daac76a":"":"caf2f56584a59c42a51fdbfe4ad78f3c":"e85ae6b27778893f36f130694af0b40f62a05aa386b30fc415e292761cab36fdc39bf5687a513e25ed149414f059e706d8a719b7165044fcbd48c773eae546380b8e667b56824e23685173ad9015a9449bc1cd0b767981efe09da43a07bf1aeee08ba05d387b8a00199e18c874fb3a91f77ba448c3bff971593f94747fce9cbd":"":104:"5cf5c7ca6fbfee63854f3bcd15":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8340d604770c778ee83d0fdd5703b1fb304c3bffeb6f4c65e2dd0e12c19bddcc":"":"c0a580465b1b2e8344f795a6578a5151":"799f228962ef87865dfcfa0addde7366de2e4aa78029dbc8d57d7e50fa7c74343458df3465103556a3bfc5ce217fbbb5b2835c9f76b70240b40fd605bcfa6b790d5985a8ba54354e0625263c628e8746c451504fc58a179f90f77f2b293d8dbf5582b031082025c806e60143da9ebb6133ac8367376d0572b32569ee799540ae":"":96:"318f56bd0f3832d043ef700a":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"74de45262fe09e12c9ee7100030352112a6532d1874cc6792b4da6950677eb2a":"":"9f7fc7367f9afdb67fd1afffac058e2a":"289ac6f5beecbbcbde5cb3b0fdf4a27ba237fca33719f774ed33a5fd35d7e49f76d3e88c53fd35561655c35469f3eefb5b2f776ff2799aab346522d3f003154e53f4ef075f016aaa500c76870e6659a5f9af197c9a8f5b9e0416ed894e868463cc4386a7442bb0c089a9ab84981313c01fec4fc0ba35829b3cf49c6447f56a4b":"":96:"bc1b8b94ff478d9e197551cd":0 AES-GCM NIST Validation (AES-256,128,0,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"441ec8afce630805d0ce98b200e59f5656a5ce19e5ef58241e6ef16cac7646b9":"":"a1cbeffaf55708c375dcfeb496b21f4e":"5a6ba5d3f5a7a4b317c6c716564c648f0e6bc6b0f9a4c27affca6d5af04b7b13d989b7a2cb42ce8eedd710be70c04c0e40977ca1c2f536aa70677038e737064fb0e23d3dd48bc00ebdd7f988f57141e164e3c18db81e9565a62e28c73770666ff3bfd725eebd98946fed02f31d500b0b7ab4dafeb14e8cc85731a87f50d95fae":"":96:"aa4bb3d555dabaaeb4d81fcd":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"d643111c973ffb7f56bfbf394eedac54be2c556963b181cf661ba144f7893a62":"":"4575b00b9af2195a0cc75855d396e4e8":"b2c53efe59c84c651979bcc1bc76b0bbf5e52b5c3115849abdbc469a063e2b1699bd292e5fcb3476e849c9edbe6ea14c2ab948ed7d21a21f69406621d3d412b043eaf813be722d92739a33a361ed8081c0eb00400c3c7d4e329f5ba4f7b75d534500f42f178048cf2e95b768ffed79c350f2ff72cb355abdb30af0a1363c0b4a":"":64:"9d1d182630d7aeee":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"91301ee0ca694ae6971ee705f53c7ec467f4c88257d6466f6f8159a8970384b9":"":"345fb57e88124a414828730a85f57871":"c13623824a204385f352388098f5e2db23426f00a73c60c1bf1047ce2c7cdf7f7cc8475781fe7075d1226ad18871e12f0156f35e6ce7032efe3bade1c807f9eedc720fff7a27a2f4690f904be9c99b54a65509eab60e97c4283596eeefa2b2517e95de7620382e3f780efa1dbf5d3908373adfe784a4faf298681e171bade4b3":"":64:"325d08c5b96068c1":0 AES-GCM NIST Validation (AES-256,128,0,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b6ba5c11daed7f868da9bfd7754d555a147a1ffd98c940c1cd5d136680e05c10":"":"b0c92b79d78547496d770678e1ce1552":"5b1ac8ff687f6fd2429dc90a8913f5826d143a16a372cca787845cea86d9b4778708bc0aa538f98e1031850f7c1d97fb64fe29adce6e1d51ca7f5203fc0358fe0bc54347e777dddfe04e3d7a66a1d1e2bdb8b8929e2100daf073845db5dc0b243819754c4c08f4fc3631d1cbd79ac7604746d677ff035930fcd6bd652e7864db":"":64:"b1819b6f2d788616":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"5fcae1759209e784dae5a8278b267c414a03ce7c803df1db7815b2910d10ce19":"":"24c5c349b3effebfd076c88a591b8301":"ca2778e39fffce7fbe8f912e69d55931848dd5ab0d1bd32e7b94af453251a47f5408ebacd7b50ddd1103fab1c72acc0a02f404c5661d8450746d781e2c0861b6974ade9ee2515da88b470f16d5f06007f35ce97cfc17fd015e438af39ca6127db240babe9c42ed5717715f14e72f0ef6ff4ce512de95a179e60d6393e73f216a":"":32:"8e59f30b":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8d71a70fd58125b0da8dddf8d23ddbe0bc44743753bdf259448d58aae54775a6":"":"d15b02572dec98398ba9e68e1a463738":"81313be1eda9f27e01b30877ca90e825f55ef60b15548c45c786c44b024e7198f333be7ddd2c3f593a9b77b68e6a7ac4cfc015aeec66f4823d9be7152f02a533f375554309a4db0fea8e76255144458e488fd19106d9a9614e828ae306fe82af89e7981369b2259c49bae77f8ec2b1f169ef0449ad083d11907234b72ed2e464":"":32:"99df1b8d":0 AES-GCM NIST Validation (AES-256,128,0,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b52398c7c75e1b146cc9998eb203159925cf6fc0b1c993ba46528e2f8e8087f0":"":"afc9a60ab8448b77fb05e8410d0a26e8":"770b3782f0e3a19d7d6bb98fa3eb0b916928a2970701c0f4a372a0ecd63499444ae02fd269ddb7d92e11a9e11d0e0b8bc60096a4be79a1e063174b710c5d739d8d05ab5c8ba119ff40843cf8c5dc4e1bd6fcad8389de3b606284c902422108d85eb3589524776641b175946c9ade1465e0d1064c5ae073be90e3261878a9af98":"":32:"32d6b756":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"6793869513ac886ed66e5897bcfa263877d8465fc762b1ed929ba3d08615fdd5":"cda45e29f487f21b820e1af2c8e6d34a8bdf3f72d564a4625a6e06f9bae1c2eac3bbd5c5958fd75cf389a1a31391211745029dcd4cb2575f40ab04710a909b88c2d430cdee279f54cf7c0ff6638d1e0e631f526ee198cfd6e5cdf73d1a11b69de01d640f385fd829616cd2c0e78f09b5f64012e42dee9eb0245b72aba1404e0c":"a43de15dae25c606da1e7a4152f0df71":"":"385834c853772af70675b6be2d5087df84f88b6a303ea594a170e6dd0398ae270fcec61661ca373f4653d8dcc9e71767568c0fb03023b163bdc9ae8a08ea858cbb03b8182b4674147cb35ffda14a2f50ed9eb48d5351f00eb2fa433fdfed6f94833bcf656a7e350eb978a0aaf7a91674145f28f64693197a116b21328e273dca":128:"159ffdb05615941e11f0db46ac8f23de":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9f77c141b234907b38fb45f1b3602f3c29de1ed839bb7ba51f6192aa8baaa287":"96dcb74a78e99676a71673e3c9f94c34b34dad2748a6e42cc70ea50e41ef8b86b5992295d2cbc8d621fefce09e8948de7e696b9788377d598796afd002a82b628d9890db78359e1edc075cbc0d3f11d544bfdf5c8a838390cb856735942dff260189c00accfabf720e5fef1d9b7131a6b2b769f67374602d1a7ed9b899b2c398":"1b49005788148665cef20d8dcde41889":"":"b4ca59caaa94749317789b92257f2ef1dd3d9b1f4ee9540927a6ae7bf5bb0b348fcf25ba8ddda79a89d3174ac1713421291910c8926cfbb4ec1e59be7dd50e816ff586f165c605371ee6077ba4ac0ce10499f9a2a44866ce6319fce22652226164cc0a813c3147c4461dd0410e3701d4647d5a003090082e367cb9249cf1be47":128:"8048ae0c35a656fcaa2f4c1b6be250e2":0 AES-GCM NIST Validation (AES-256,128,1024,0,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2419fd9dbe58655122ac1022956a023446b7f4756163769fc1b99eaf8fba1474":"93bc33dc647c7321152b12303f38937bd191ab3ce3b3a43a29f6853b33e415667d97192fcab2d1baa017042b301d03bae2f657505cc58e3aa4bd849d1ce85ede0e192a373a3894c41c54edbae29a209e16c87c81445d43968595297b50b55659f8b92d7282a2b3ca85e4b5d4ac4ff5062635103f2c7806fcc7378d5c2013be72":"94ef13dbfe9f362da35209f6d62b38a4":"":"3db23c161cf352ba267dab6a55f611eb5fff78a75288779a167cd0e4db6e75d21f11f4ff2928abcb1b46d82c2a0b1f647c60da61f9a72565f629b06a7b3fe96e4141a6886436859f610724bbe43fb99fac9b78b1e0138e2d57ce5fcfac1599bdba5701cb424535fad9ac482ab381eadca074e7376101b4b436f9c43ed760a0a6":128:"ecd4a7370096dc781c3eb3f7e5985ef1":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"08e11a8b4b24e63060c5002713725bb5b4a412f1d76eac13989738ce94e19642":"d5598f4e37274f3b617aa4f9cf6b8547b4eb1e0eac79f6eedd6cd5364f8891f66b8d0cb09f54777d461bbf92d6fd74b3fac412b77f2c48e1024cf09b83c1e71bb86f0a20f82d296883ffee62a4a192b184bc6d7ba0448c1519310c83b18c00e71153137afad14f096b43d454f205ba6b6c2ec162aa992cebf50735dd9bb37c7c":"c6f1e6a39cabda1089048b536e39cf67":"":"1fdaf0156456b6b2a68d66091bf2260792748acf3e7bbb7906af8e0df3b569a7c03ee3a48bdfdff7ccd52433d0bbe8c5fe30d93633bb9d591dfad7d81bf8efd4d4a3c5c0bf2ac9832f0a8687f16be640fcf9b19169c251f46b97167d95115acdee3d4443df416275f5597a52c17a4b8c4b723d4b35a7fd0b380fdebd44df8bd5":120:"cb9f4d4610c67acfe612af5508bb8c":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"da2dae0107c284ec2aaf6e7306959df1e92d3932b88954f119ab677c6b9dcdb5":"277675044caf1713109d4d3abf50c6fb67dc67f7fa584fb1a41c833feead03177cf4b42edac139807ede16eb1d9bed27db741f9542d437781405608de18418c9f7269ab3fd88f6a922a31eab5a3b8b2aa75ee4315fcea80c4954ea6613b1360b1c7c6b6da815e3f6e50f72b7e69c3b6cb3d154855e3f83cbd1947eb54018155a":"2005f79d55b12e6dfbab7fedecc50e2d":"":"c2aaab524d1738b5244af642bbd16b32ba954e69ae51acc804a6b0f89f6cb77ba2db2b0e109cda6036786f9cec5587b01e306ee8b3d588748c61ad7fce1266165729d0153ee189746b107ce15ced667279a484294725e120dc1803d2c751784436ab8ff1d5a537628ee35742d1917dc51f8cb46c2d6b983bdec502e99b85e5b5":120:"52b4d7f2cc44f0725ee903551f681d":0 AES-GCM NIST Validation (AES-256,128,1024,0,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"637807b3e472e2287b09d5a3ee62f791a416419ba35e11c49b24dbadc209f0ba":"e91a0a7320329dabb0d0fd7f099a4d313724aeeebcffe6fcea5b00af27d258cf9774845d29aaf5dad634c6f087c3311b1c92775fda8df8820c91186da30dc79747be6ec6230f2c261063143f4fc89d94c7efc145e68bfdbd58fb14e856578ed57ee5b3cba2cc67dd6497f05d1570efa496b46f5bcbf82ff9c6a414f76fcf3f5c":"46909d8dba6c82b86c7a2aca3c9e71e0":"":"13b4ad9c51063a7f697f3fc68030144aee0aeef0b5a52c9d4920a7185b0452159cf13e64ca216ff16637d0946a75fb5da283fcd263dd7ef2c8f14cf75537742d1f0e48846fcdbf03bc343203f7c31cf61b36374033462a7b813f4dbe9386e57874591fde606fbc150d4916c339f1950b09b1911b1b9119c3ff4053e05910ffb2":120:"6a5c83f807401d1a9a3a2688289f61":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"33613dc6e029df0f3ab9ca66fa96cdeaa84c1261dd586723b1ce873545565f7a":"775862b39c2a509afd3470a56891fbb79bdb7dacfdb9ac72ba4730cb936d364e1aed3c92c01a018cfcd7953f751003934c15bdfdf2826e9947ea8e521f55fd2a04c75156e4910f38932c9732eb3e60423e849d34c55e3fd00b48d83028e3b4f35686016126ff16c942ec859d3c3aa2ee6d322a92dc9fa9b0247423416f5a4b47":"59484fbc27cdbd917bb55f815f9faab6":"":"069f80826dbee03e6a3437e7c6d16eb6022bd14827b8e45bd440d9b1a8ddae09999388ba0b1be0a6bafdb96f26dad523a3592fa610d5091f68380f4c1c3fa9ef7a0796ab183e8a82c2bf1f76300f98ce983eab7a93ddb18f1c10534fdb61ace83cae37e225930ab870a46285e733788e907255ca391945d409d2e53dd8a28390":112:"9f31f8f8459eb03dc3654caba5c2":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"75d8132f70ef3f2d8946d296c83014683eb2a4a58b555c0f48e4bfa5774d6672":"a5be88fd43dc761838f3a9c7d62923c38414fa61b3678313cbc8fa9c2e5effb6cad7d5be5f39a71a28ff327b68a69f7e6a6bcb90eccacaf3a8659aeb905dd3e38efe57f2bd0d19daacae238baa01a7051084da6598fc5a3783a18decefc8efc8d46c7b1887f87d6d70c909df49340bcc680832faac3dd23cab5bcd80553dd485":"5ff41f3e75c25cedda1b08a41b89c4b4":"":"959396b86913337f2b1fb19767b787c18f00661c5d601bc65e884e15ac8043081459e889453e906ee267cb5d04fbaf250144a56c820eca34469967c73daf50796184ecf74f3c054bfa63bdd0c32425a8e10546ac342bb8e38a186e42a403cb80110aefd5f2d0bcdd353daa4430b8e7ec2134925c454745e2f708cd0b90d9d672":112:"ca0889a0eb12995079cf9ba77019":0 AES-GCM NIST Validation (AES-256,128,1024,0,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"8d44344d2ff9a02b1c75785bc84f16e4d23614bf43b2b9a87798b418e905c532":"e5689cef9f8258a748a615070fcbf40ed0b24c077e2f9a362cb536737ffbc5383bcafed278d4c5e0f3c83fdd5cde79483c2c178f6fef05ab50f2b8db680027a175bc6d702d249efcd6cbc425b736f1905307c9303a4bd8aca620b57e3bb4b68f2a515259b06cf5365b675edff3457e2e915d7da1e0802f7300b3d56c4644f4ad":"256a983cd6d6eb4e80b5c1d1cd2a9f21":"":"13eeadbecc4c9991e2aa0b1ca819572ef28517528320db970739a16994f82cd8b5bb53d889f298f65c63dcc07089dbf7e9d00612d2cc8220b5630ca0262a698836d906256896eea446f6de4506e558b4f20950528c8c397b6b5b04890204b77a163e46c80c96b3e268fd2754e0380e7330782d606c771d6085b34200a80335f0":112:"b33ab1e4029998e2566583dd550d":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3999a6a394943be3d6e5732af5faf26caf483a3fd42c13b7f4f02132e93a990d":"8907e8832553264d7e92afa1595842ac661ddfec3f4294567faa0af61b3d0fdf76a922a2f3affb36b3b3b97f18d5172aec0b8f6f01239bb750c0fdd5da1e1244473cdfade83797037ca46d83123e6105c5c54071971f190da0c59821b0bf87242502bd19d19c7f463145bab0e687a18ffb2216c4a2ad2caf9488801c33c78c03":"76e2a5141d094b3a77765ba328f33576":"":"995189a396486b451db0167cf6990557287074def46eef872e6cfe1a297e256bdff2b71668ff0184eedf00ff1a3ec91358874718f0af88acf2bdb191e97332dc544d940412363840d4c03c7b2231852393c62d625093011ef314e4f755b1d0ee37690b4dfb55194a1465714cc3cbcdf93af39e666be0407508b8764f7ee95d3c":104:"87c8f61f459fd4a09d9ee8b331":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4359a62d54c43770c3a0d51da25cc32fd985d9b41c282887299d2e348aa25a36":"f020c9cafba399009bd920c3ffc165d4db47a9ee15ca8c1f51c65e306ccccd3f1d694071a3c765b5255eba6ef6a280f6095f8c195ebdfbee6968b57366e62e16d05b1768825ab7fe66300941270aa121b4fc02ab970ca6e32170cdbccb46fc548620fa1777049343b1600bfb1bdecec6682f0aa7244a0852adbc7aacedfba446":"5fefa85c958417b6bc8a61b5496fea93":"":"3b8f829aa1cc1532a434bfbbd25f42480311657215946b9216846704fd5da5e886ca9d130df466c3b58f5259102ea6b9ad756e9f484a38dd0ed289fea083ab99fefbc2747100071744f10e362351d4ffac6c7c1f5a49ef3c78e2dc667f6b3bfd0fec454c4e3139443da71e514540d7a228db193a4c35d639ec13c1198ee7f81e":104:"591db861b9060869edb228a324":0 AES-GCM NIST Validation (AES-256,128,1024,0,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"0d798a357de5a686d06c329e451d7384bfbd462063fb8ea7d77a13dfa1f2aac2":"d920785bd7d7b1a2c9c20139380a6ac5f27a11b614ae110da14203146c2615d81e97649e95edb0eda71a0fa1589244ed42fd9449962a92942e38001ac64b212c7e06c113129712a01556577ae02325a26eb92581c0a690a894225e83ff1e36776f22b600508d6d96a0d1c55316b518df8d09769df5e8340cbeabaa0bf7752870":"50a003c0cb50ae8a3183cd640ea4c6f6":"":"9af6a5341cde4b7e1b88346ec481024b40ad95a51533cdd8e09e4809a20684f18eaf243e1df56f02ace9667264cc1c6af6b0914f154b332234f6468cc471ecb2078a9f81c17f4ade83d326b670795458d110e4c4b4cd7fe7f9f5f4d4fb23a038969e4ff4f74839b1edc270fc81fcdc8a0b15b9c2f0561567c471b783b4322ebf":104:"6c2f01264f9dbf29962122daff":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"29b01b6d15f6e68fc2e7079429dde5363888a6410191d603941bed272daef7ed":"123b6da306978f745d1dd86d7df32d9421523a7f329dd29ad98d2c309145844010295ef443a18d37ffe093080682fb96ba9c2c92105d35d77897b589e2abc7269aba8752c2a48c843bebad2c0fa281015ba85f5f709f6aee9b1d49236d5695f7f7d01554b193c89adcd1a91749138952cb3f0ec8b5f046328b3113aaa0715ef4":"cb4ac8373bcbf1b14cf2a6a6a16a422a":"":"caf71e09395d596d5a7b091c9e87ba6d522e974451e41f33f3e7ded554f24daa9da719e87793424eca9a3eb3972983354041091ba4b16c5c8c14913e1f6cbda09779188e9b5512917a0adf4b4344f119736ba6328897726a317989cddc66f16bab64707564bb0064fe6ab7b2b5cce143e94d4b6d739f58c47b6d4850697f8101":96:"f635ff3d8bfbfb49694e05ec":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f96d8cdcc21884e050f762c049930d78360b56cef5b99ae232c9a8c6e8fa89f7":"9cf05e5065531d2539d92ae76a43da1fa3614ffa4b1c73ddc2358f8d71345c01260060239edf629efc3650e0d13174af4294b6da0f39cc7fbecfa324afff89dd7d203416bd144c5e03df60a287fd4a8d54ef9b4b44b3d6de1d9de07418b8a34ec5c28cec3c5b2fb861583178a68ea0af89f2dfbfbd86f7cf1e572e1c8d4b0675":"5a7eb964b6bc9e75450b721b4d1f8f92":"":"566abaa23b8d464d6f107699453740e9e189254145c5132fe46989a6654de297398913daacb4083b29f7b31832079616e9a43c9c2878df1df451e49f1e629c8b9de2fb0e4ae9df48e3e8880f3f1ff5ace8842d2695e702dd1b7bfa7c25b0539b8c80d31ac91856796beced082c213e8be56efd646dae932f5bf503af46f491d8":96:"c049cce29c401d3d198773b6":0 AES-GCM NIST Validation (AES-256,128,1024,0,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"253234c3dc9cb3d50a80598c5cde0e37b6b13bf834f3595a9458dee698a6d19b":"686ad2740bdad507ebe97aa5bdbef25b8b030c4cdcaccb0d3b675ca91279db3ea75aa222c0ae98f86c24b10038cbb4fe9f897e1145b2f58cd3e9120f9a5620f38aa1e1f63906f557ff4a4c3223f5bb13dca34f8a1c6419e24ea57d114c62fec6fb9eee58a16b9e6a6bd930aa6fedcfc591311250e7167d43cca5916d5beead27":"9d156414acb63d11cb34870b937c837d":"":"96abd56d2f8aefe6c687f035df46c3f952a9933b8a51698e47d973b7d47c65ca3ba2474cb419c84a4c3cefb49e78cee1443a8fbbdaaecf73e9059ef34ac5a0df3fc152ecde2286da8840ad4617fd6ebc1e126314204bdc0a17b958430eb9f727498ff1db17aabbdaf43acca0945342d2ba9346da5373b2372b3081605e895c99":96:"3d998e5be9df433da001a686":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1054d48d52693d2797c80d3f10509d1c808f36a4d65e8fd968e5d56239f856bc":"a708e9d2d27ed4228e5b23d358561a77d684d855db9827be2bc102f2278f1961d3f056fb76f76204b2c96b916eb5e407f98e58edfed06de2388521832d97211d851d3e29658df738e3a15593b9db016d9e46fe9df98ce972d59f7058d484886ffaec7b9fd973c55644831241c1ce85bb478e83ccefd26b9718bfe910ac311ecc":"87611b936873b63abeaea990d6637a22":"":"94473e84659bc18eddcebe3112f55426f48ca4d670291fdedd42cc15a7415aa6795fb75b39434884eb266677e1fa7f530c6f3aaa733c0d9c06291bd7dff4c4e5857b2ee9e9f1f61a85571ad32dc9a3259017abe9eb5111e56df2913535669f3b2d722bd35fcdbd6541918885d9677cccaa902b9d3599cd4f0df1f35f4d11b8cf":64:"9bd7cfe1023448ac":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"a95dc5127b9cb1c82d558d5b24ae049e24447fd676a49350089951afe01dc797":"45f81fa4780a256c40a0efec9547310406904d8991bcf964aa35ec9af457e2a642c1343827839f1f4b42f2b226da351731f416a4b4151f07927c278b371404f027bb2058e1765b367f5433a43fa4153883351041db3f066ef284a3eabd584d1d0b1d594b4ce7b5bca1708fbc661d95a9ac0d77dc29547f022eedc582fc7158c3":"0b177d01993ec726fff082ec88c64a31":"":"16c77b7f541d2dc4e8d31da23e04f18f4254aa283e8cee5b776f3d9a27584f459d0747955efff8945f807209ddaa6421846647d4198534b244498fe13a9073d372171d1b2fc38af66204f3de04000c093ebe659173b8d78dcfb8ca9003d2cd44ed168e6aaf55a06f29e83ceb32b98bafb59f109599f88b5c0f0557bd2b28f03f":64:"19eb5f808d65989d":0 AES-GCM NIST Validation (AES-256,128,1024,0,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"53d6393dd7ecc40f2d52460ecdb0607133ad843ef53f380cd3a2755bfa567abe":"72199c54dd5efb28c104e3b7210855506f6577d15c4eccdaa6a621a572e15f5845d648cf71b9fafef3411f6c1a664c7974fe71126a5cbab907e2caa342d8d7a05bc68a72c824896ec40e520e90b704dea441d22c5918f98803a88293384f64f92f11650c2cf4d3b062d30e14d149160742f59a473faf8fe00f4bdab9128c3281":"db7e93da21f0c9840c54c56e9c6ceba3":"":"5e83f559fa54926b731334f815783914530bbcc472d4bbd5e65908fb1c421442cb4c57329f2e4ba3d146a6499f34d8f1ec6d43e0cf98bdba923f404b914700edb235b08b0330097ea4162fd0baa1b7177ef0b29d5a6689bc56b8f975d6b6067ade4b8baf1d47a2eeb5b2ed28ebeded381d55d280cb2fb65ce4d82b69cce0594d":64:"4e65dde857a0f5c7":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"aa4a53c7764a254b06e1d8003810300b70f5729306effba9fb6210f97648a499":"19f3a8c298478d6868bf3b31785eb62e844c37200672e6ef1ecc05c616d981e02c333dbc3f86dbb7ab9ba40e9e57e133e6d1d595fcc6d8e9886a84517212669d5d7ce0f1383cb58681b92dc180c06caa1a7ac1ec974dcd7f2bca7ad2ab2789c9a3a487d64c484319bffa56d854a6d40c62b02d0c7898f641f106ff50d22a12e7":"c32288f97af9b6e31aa7e40d9ef8d016":"":"1fa6aec7a28767c8961363dc4264e6ab97014264f6fe1dda7e9db8646ce9a5463f69e91aad2fce696f9b641d75635bfb0f97ed2d7beaca944cf8bd9dbfffe77b5ae9fd032575e5333c7ce27538c609922843de87b960ebca7c2a2ef9702dd0c32f787b4d7df248fdf526d594a90bad0d6a8dffe212246c36db71e2d348326624":32:"1699444e":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f420b6ef96d9bfe46dcf18246ee230790a6fc854e730f1dd2d1ffd0e8b5c4776":"658a954d6c61d0d6f0e81a3c1cc65684483fdc95f280b6d4c964358596c25ca41c389932d74a1a3a17d041e89b7110ea315fadb3128c2c469c350bf9b4723aa9c8abd9065ebbd12c317bfb7090f09633f8c1184f0c4fbe10f5486dbfb847536c886f7d144ed07272a7e62fb523a04111e5ea9e1ab415fd17e72143006db14e9e":"4982f502a37eea8bcf316ced466c9fb1":"":"8630aa78aabe35d9360a44bb2094209b6f70d46d71e3949803cf54e33dafd54c6e49eda9e26dc5c0c1e34908f5281c8cb2a1aeee81186cf45d3eb22f486320c7ee0fb7bf3c211b232a8426e7e82f3e05881bf7d9454cddec7f28e5358cd0e9ea2e9cff938be044c1b21911d50b2ae23ab1aef377511ea657adcb560c34209f8b":32:"3aa91b73":0 AES-GCM NIST Validation (AES-256,128,1024,0,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"50f3b822dfc70382d8695811e6b0a2896ea2bcd4d5268778cd484053c8a19288":"15bfb3a562ced63c92561a78374af40c88a08ce02392419e03d7543365c5b6525951ef2dec5927474a0ef85f519e5ef795881db3eafa765ec38e6be7b565a878c13d90c02889dc50cbe87081d9225a515504c7be15bf97f5d72a4d81f218a148a46fbd42983ab002fce0a54719bfe301bb761753cb330dc25be517b87d0428d9":"980810c11abd3aff43408ec9a69abcb3":"":"12632296f27eb2439009f6032a3f648370303dcebaac311b684de2496f399b271347b19e045c1060802f3f742b6c780d20b9d589cc082d7d0d580dfb7231171cfb612227fcdee7feae4f8defd34c89fb0d68570e782192a7bdd9a5464f35dc6a4282cf9cc3fdfac988d129eddf8e0795ccc24a113f872ada88834c974df8bc69":32:"32c1c4c5":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"29072ab5bad2c1425ca8dd0ae56f27e93f8d26b320b08f77b8bd3fa9d03edc6c":"3c7afc5cfc5a1e141587e93fef8427d4f21d892b983b7c9b6e9de3ee168837a1533847c8a2e2ab0706ac1474e9aa54ab57e7860bca9ebb83bd6d3ae26ca5387abdb9a60c4a9928484742a91294b13ab8f51eb4f599a30e9cb1894aca32a62a4c2793ee6793df473f43234c9eafb44d585a7d92a50aebef80c73c86ef67f5b5a4":"0201edf80475d2f969a90848f639528c":"4c8ff3edeaa68e47bbc8724b37822216d42e2669ca127da14b7b488fde31a49c7d357fb9aecc1991b3c6f63a4ce43959a22de70545e6aee8674d812ecaaef93ad03b5d4c99bdef6d52f21fc7fdbeb1c5629a76df59620aaefda81a8e73cebe4c646beffd7f4a98a5283cc7bc5e78b2a70f43e0cab0b7772e03a5f048ec75081a":"f3755aae6813e4e4b84a089ca1496564676655ba3c94e59c5f682adbbfed21e76aed0db78390258cf5fbf15f06c6b6468414cb6493c8b9b953b4954ecaf07ecaf8586ae001710d4069da6d21810bcdcbb831f7041cdbb984b7c55878598a6658883178dcc0fa03394519b8b9c3bed0e5c073429f5dd071a9184b015cbbbc62e1":128:"0549dd9f2a123bd6d58e5cd16c0624a1":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"aa9999af53720d0c1288fd3fe307a471160635287eebf41dd77c82d1f9cc9d61":"6ce6f2dc202750219e15a24e1ff0678ffdde55b27cdcab6da188bd5235a3bdc677f72f106579d02c2970d4542e4e2372886e1a6d74c596ce735f51f2ee6aff4d62bd24112ec7cd1adc7c660561f163170cdf047c241c53b8a5b2e03fde48c249a319bb90c2693c468c9dd136e94e05f067cd1d68244ce50be318ae0464b79acd":"6299d651a032bdf3a7e6b25ace660e30":"afab0a3d1960ac973ee2f4461dacd10d189412b37e572cad7888bb4d2453f1eefbd6725aadd5f982393dfa59c3cf1ee342dd91e1fbfab10a802e3a0eda226fde2686e7db1015405a3d33c921e5aa857bfda53ca3aed3ff0e18c289406740a7c5d9f86ce43db40c9032e98ab126c7c0364e2efc008312b7641d36503d183fa5a5":"a8059fe6ff711616afb591b5e5de497b3b7813f9de658c7b47cc3e7b07d0805c1ba05856d98341869b8394f3b5df2876ae19837edb3931eebeb0f26eb6c4a2ea78003d82a98111305208ccaceaf77e5d71996cca4f9a5eb712dd916b71455f741ec2dde51f56828667b7a2da015e1886fba71e496a542d94a38efbcb5353fb89":128:"2ff4d8d00400ad63a6ae7842eefb16eb":0 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"31721e5e3a748a7f7369f3dffc1cbb570ceac868ef9d1f29b944b7e86a26d273":"6afc1d22233a60c3e6851447de89152a0dbadcd87e35fc947ca4bc886f1f87549ea106b097e2655136833d06dfb879a85732298860c149c5e5ff03bb2a95d9cd3deeb8ffdf951ea5f97e32c1ed75271d2ea58d158ae6d568bf197d69130977e330ebfef33f222bfd5b56bc6b0382dc99c4f0e42b0aa7a117b43f96d43f6e02dd":"523247d56cc67c752b20eab7a28f85fe":"11eb41aeae3611f0de77bfa1221ef5b7d254faf893dbdaead926a61605f8a86f20f1fb84e0c5acd195143bc5a4f297bf729129f898a2013175b3db7004115a6120134d8e354afe36699a6c6618d739c805b5b91739df67de7667729f1d6eae1a0609897999d474be4d8b826df901c6f39d522570d38d2d1aa828382932a177b1":"39e7f32bb3e8436d97a1d86a22750768001fe3a805516d3f800352323afd221991105d12da69ce7430402fa7923958ad5ed85506b968c4dd89516d6e3d02e722db3954ce098ec3299ef4f2ed4a89f383408dceca9dabc6f8eefe5a1f80093961c29a94b222d1a04d2c1e453d2e02977f3dd77a4659e2bde2fdbba8e2829db4f1":128:"506883db674fa0417e0832efc040227c":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"100bd2bf9c8b24cc2e8d57697cd131c846b55ad6ff0b214c0de14104b465b58b":"81c3370da989f774c1962f60c57299747481bea0e6b91df846e6ef93cada977bc742ee33ce085ae33eb9f7393a0943b647205a7e1ffb2a6a803a1ce7a88902456d66612362962b97c7152b57f1d54de94a39f07c1a8098da4ea5e498d426b7036c642fbeebefda50b8c421a7a33b1a8499dc35011d80a51d34285824d6f01722":"363e8af6f38307ec126e466e7056cc45":"471f7e9a0b505b12996747ec9e32731f11911ee95d70795bbd1bba34cf782d4100ce30a85b23f9f817f30e8f314e1a23e101201c920ce12ce732cc3fe01c74a9ee8d3e1599aa22f2398c3265d4dbda626a8ff4262889009e087fbef6babe33d7300e5cfc4c0056f3562a913d2594fee8e44959cf728599a9d3e7ee4a9ecd6694":"9494d01966ac887b8295bde61f0e7d006ea7b5c984a29cf5d849194f35d7b0f6ddb3bbd9646d7b9b961c515179901d2b04cb7cf7b6c8736d1d472ae8bb9a6dc9194b03b3f5373551a5ae0c0f023967669c873f0acfb02c0ae3a384e70f7a7ca05861f257f36a2ad5fbb591473dfc3ae1264dca0e889e0ddbf93dadf75db2059b":120:"5c78d914cac78c514e275a244d0ea4":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"614dd1762deb5c726eadf0e6587f9f38fa63d16bca1926955404f1b9f83e241a":"1ae828a1693d3c24651ab8ba59fb1185d08e6cc4a964f30dac59cd81ff4bdfce8023ab1b6dffb594a4250d25f611763efb4152cd35b937ca11373d237f1f8b3c0e21b942beb1f4ffe5014198c9ff59896ddfbb55e69963e3ef6b03d3fa134977870cd6f3ac10bbf59bdcc9f103cc2d58f294ef5f007a9f903c7bada08cb454e6":"10d079a86894b0c17bfcc8ffc4ecf7bc":"c4035f80b6d2ea288afd4ddaec1eb232b78be5a86583fa85f791d546102c97ace9716c2702483d762c8e4eda12f3dd10a9a49a2d72cd4694fa794477b54b4367be6b548675aee4c351e3f66c7e113aecfbcc57b8bbab4a039f28488237c75313e62612847b915ef9b582e146b2bfabbfce576a984f5ce4be0e6bff5480584fc3":"bf5fb0445aab46aba504801d5356455f28c98f300670a731bdd0c901a1d5564aa31f5d467e5f80dadbfeca61d2bf72b570f3935ba04c45a2ff7994bac6cabf84db2a42cd5db2a4f160c97c76817cc5cb62d4006d895fcdb218c1464b5caaadbd1f61779938e9a84440615eae050cd6f1713cfbd695d78818b2af78157339e9d9":120:"6d815ee12813875ce74e3aed3c7b73":0 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"12e97fafff7d397ea34efc0a8528afcd51c1b2ccda680ae9049edc8359b78ec0":"9fbf0141cd50bd1b3ccaf137b808b698570642ab20c32120901622b34173d7ad119abca3c61bbf1e6dd5cb182a079f3e01b0e5263d984c6186f01792125dd6c47c30033008ca2e0377f990285094f652c55a348242dfaa59f76989fcf86033c8d9c0b2a526bf46cca207e055e1dbc7cf3d0b7a840c8fb5f85784c9e4563f71de":"8eb11abfe350c0d5a6b02477b44867e9":"0a830029d450e20aaef484d4abee9dadeabbd6feaf800b3a693b4746db059efb7d110405b45e45a9e5acf90957c154674dfb2c1cd787af371e01bafc4e8475d0268b969d25756a1121a519afa61f3d6ecded4e0640f0ddd471f5b8e82029fd2887df4e65af9580390b6924022e39acfede7530e5f0e54f0285ba565ff49af542":"067cd6ff8461ac80217ef70a91dcf6edb2fbdd31856815cf356fffa63ba3f5cb293d7f1ed32ae40248693617f27839a34e871fdde635c04d1e66743f730a06e2be25cafe1d67d804879fe38e009268ec50a0294da445c795742ff1e924170e4c2e0e9ef3bdc26c251f5537218d295d93d57baccc4dee6185c235d7ec5c9926a6":120:"931f44f10993c836e534a59c1aeb98":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c732da000262de558bd3ea65e66e20e11605170c90b67708bda43f40abed74fe":"7d6c981c30ef87a46f53aecb4c97124fb94b45057635d5bf1d4f3a3bdb534e9ab62b4a425de9dc52537575ed9ff406cfbf75403d3d9cdbd9fcd520d62065f81483427fa27964642cc1a07822da0f6234a689eb30e8425d7709abfd18666c76c963eecef20503ee77c96802c120abea1428cc64a08fc20860527854fecc571a6c":"523dd34ea263c31c2215053986626d02":"f170556ac5d38f0661bae33e0826356c8488218903eba1bfa49b16882537ef78283fd9351f37f44a7687049a608c3ddcc82817d4ba96a40d05807a38ee3f2d5cb8b1121db61318fe22bfd3afb319e84c4e2f94570a92433db29bd2193485449c719a2c6030696f53ac729df90678eb018783b25740d806d1ef6980e10d396595":"3470d4544f7bfa3ac0627a56e66c56fa062188440834b9238bd20e89dfc701fe6cfe0bf4ea2387014bd83c63ab7c912e1c0dce7c2d92eaea155f886b574bc94a8f4f275dffe2d84173a05b99d8029c36dd3c35c12709d33f55c3bcd96e9a815f77a4fe8e50639d8f195a526486f1209d7bf7e86ac3dfc4a1d2cbddb6d330e5db":112:"5924f3ceff0207fc8ba8179a9925":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2684bccf2b845314a0c4b8b5a780f91aa7ed1177539122dc8717c14bb50e2dff":"1a4174d4e18ae0b6434f35dcd9c86cf158c42ce00ceb12f4356ec118d659820518c326a1b2ab92279d949f74c45219c660cb84fb6b10b14d56a501173fd3b129ac89db0de22874d92bec724e94751f91a817a42a28e8e15672172c0b0db4ead46b14d4bc21ad8f5ba1f9e7e0fcc867700681349b8102a208d76ae4ef7df5b56e":"8433b59b41fe0cdc5b30e4e87c5028ec":"280026eeebf05e26e84955e4a36352d4f97f3193dce0795d526d05645bf5d2eec4b92ee8dce54d78fd3fc3e36bc79d5bf9ee3b2699310a75dbc5007bdacb4dc88d06515995f8f5b1aa90cb8fc036b763a5e819db70c091802fb7f24b9c2a68ff194032fffc4ef798936aabccbb43f22a2bbd7e1ab9d0434d443dac4929b84193":"cc155e04472c0872d5ccf8910d34496f380954da7653a1e1d3c460fbbc791c9b82e35176e938b7e21eb4690ed9fca74ba45a03dac4abc4f625ffdfad02e1acccf18b5a1878f911fb6f6e09ce0d4c6a0bb87226e914879a1b3085c30e8328aa6e0d1c49c21b760b82e469981b40ea102f3998c81dd9799f484ab89b19396ab7e1":112:"5a80008e6da40c71b316b84ae284":0 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"484a33ba0b97c2887a86a1476f274e236eb37a72e05f9e74348248877ea99e98":"4d81cec14b398257a31ad1e3581c00d05e12b37b71260bdd95bc0b6981b614598ffbbb3ec4bb7deb5673a1020139877122f88504c9c53265706fe76623a9b488a3dfdd4cbc1b7b46c7fce9d7378e164964c0a377337a5c172e5e4de6206375164cd7beb0305d7a90f5c73e12f445326e1bc9ac5acd1bd4bcbe4662524891a2e9":"c3a5cc19aef6d64b656d66fad697b829":"30f276f96a50e17b452dcb5e1b4ab666dc7c4c72d0d9ab2abaf77eae2e3bab7dbe5ac005d7eac5480e1bae13646b59155528abdc148b3b71f06d017c4b12d64aa3990cc96941eaac14b60eb347e0be873de2b6fe2b86e2c2fc063b29511b70144ecd315b9491001b122701b9c8cc1d85427b6c60663ccd9d1fa84e1c2f609f36":"579fd8fb50d795b5b208c2d5b0a8b1804f754a30a1003025301655aebcda2d2ff30d29a16d0fb17a28401127750fc87c9e3aa08540817228b049c387253ea2359035b8063ab4bf54504ca5ad93b54b8ac5bd0c1ef3c6769fb1ed239bb76f3e0bc51d356aa91b494d22749c8e4cdb1629e93f7c6e46ff9145916c1275669ae5ba":112:"1c39aac1d5ffe7916a08ab2ce279":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"4a5f5321b515cfcde493148ee4c44c693b1979b3a3ba522a2a80e5d27c93fd1b":"962b8504feb57ae73e93c2e8962c9562f409c908e51f9904df1623eaa0c6b998db6ee8919d805b6ffcc37da51300c1ae16bca21f8f6f63af989a813ae8fe28c3fb012f003dab7e71b08d757799208806062d62b4ac937712409f9fafff3e3579a4d92d4437a6f0b263e1da7e4651e0a521be5f6f49ff5a0778f07bd5d3dac696":"c2cb0166046bad0cf0a107af83921d7a":"e48abfb657ab33f58eeda8c58a20e7e299bc3e7481f704c326529408580f9a5130cf6f7368502d20b03ba6c3b8f6f28c076a3ef7b8e987750dc972be953e712483e6f328da57e4b5c501fa7c720593eb89ff9644fbdc45478f80ee89f096694dcb44a9b3a6aca0904d4aa4e475b4b24771df9fd6ef9557f4f5c842ac241b212f":"11bd55d969603ff3d46355cb19c69557b99825a4c23eeafc8eed8422dab537c0fa9753191c49a6fd9e0d6760ed816a49e7f5704b5936a498544e2bbba7875c513c031f11527ca1b9b579960be6964fba9119dcece8205c174be07ebffada83375678de76fc012b0ee179787b4aa9fb6e2b459575260eb01f23786dc24d1d45ef":104:"36853a029b5163ca76c72d4fec":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"c8f7b7e6295fc8e33740bf2807caeaf4b90817cc3ef3d9f38f704d9f6164e41d":"4c26e489069b487ce9dc0e295d5e89760401185374041b0efca5bbf758e7d010ccbfe5999e2a817776aa8f49c1e5d43bcdade2989fe5be635dab54cb0e390a21b832b30f688857b9e09c346bcc5397e51cf71acbe1bfcaa1ecd7e87fe5dfde180d951922e60dd8203ff210c995eb54bb981f7e931f0b1f52dce0cf1b2eba503f":"903b2eeb9d0b3794acb7439d341cfe0d":"83e99497bfbe9393b065b0b18c13f99b67f1fdd724fd5d70cdccd2b8dd658499cb9f57e1a1fe39634ab0869182de085722a79eaabf057aac7b3f3230f51a2f9b48b49d592f02246dacbe915ff9d9a53f7e5332f7a9d89649050b075c07e5e74f281ca1a0dbe632c0aecf3b1911cd6ec4f8facc2777d0d14784bf5951a1c62c33":"63e2941bf4a13374627be66bdd4e57119149f81f4c1a8a321d27a4a79e7d61e2dcec9d7b13fcccf12f5b059cc209f8414ae81966462a266e92b4b3c25198ee240e0bc6f6197df1e24e8d4379fcae89e6240a7f9c7bab886e79990b846e98e4bacb8b3b17422249943e9973de42da5e38e4eb52830b1facce766b3389a5312476":104:"6e31c5db3146ae45ef5d50485e":0 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"dec062efc1bd2556b87a81143d025abbaa532c586d5ebb065859a2071f8f07e4":"02191bcb060e61827dbddac6c2961dbab8812cdc2ac77bf0275628e8e36bae18ad4deb77b2682ade0aef76afd4592173ba29dae4d0735963c803856eaa6f60a6c21785358e87f3c4a91e321c59e04c150297de873679194ba5ca857f7d91ffc358e73810d555ebd4dbd1fe4fbc4ffa4ff38e4b41db9af0a84fe9828708631469":"19abd0361443c3ac2a46f2606eeb1a69":"c3785e7c0095726fd1f3ca842057b0ea2baf9c3fe1119c2147609158a2039f26cedf8a44e046955ba7e7cad9f48cb49274fc53b109d7897e080af252e7dc64807c276bcf668d2cd505c9ce8e584609d293ebd2a4515bfbaf78c413d6e29dc90974db38b564ffe9a40d3955dba9f19b6f39bf942669cf80e4676d6c10df566ca1":"91a16c7fe029e3fddacf0809dde7d041c438977b89192e6fed7605d0133f3d9e810355d186432f6529bd2c4cb9dadb4fedf5128cb45e25a3a46bf74ed93f31349f64a69dbe86592d76e437947f1c1d7270d1cffe80afe10ae8523541961eacee1838c168a2ab76703ea4674a68a96b8a298a672ffc140e98e452d501fd57f000":104:"5b4071a4be0543aaa59b56de35":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9b7b700d978e33ae9311b206347f488e2832fad5ce7e6026ad5e24fb47104fcb":"37aef6e4200c6abc3d161daaf9dd6ede002ce8c63d9ed54e8ac56bdc8d36906bea663d2857d8d543166ba150827735ec78e37f92e682275e268d377b1880970df232162e55c9311882f889e7d183e5cf4972691c85f81c47e1224b9c97ee3963d75c6a032270ad6d713c999913f0b58a2d4f42b85a3b0b40541a31398cdfb4b0":"d0bbc284af767af9a31b863d66cb6138":"dfb87a65ab2d99d7d753042aa47448ad830e546d298d6ad52b85207bbb0cbe8cf3cdb12b3544f1fc228fdae04a241abf9e71de8ae14f2de2c261469c383c682e13582e07cddb1ed9bff1fd2aa0be7978096a914676dfbe7bec6edd927362f656ce1de86229bc511cfec4cda77a1e761e7ab8664e4df08cb820ebdb604c2cdbb0":"dcd5575d94fffc647d4c081e3ce03928651419a32ada2af02de2f58d68fa98eb1fd5ef671875719a9c65b9ecc69513408a79a0a5d57cabd04f8e651f5b8fc1ff42ce58d8a212ac2bcb83c5c53c542c282553a62b4e3d7d4f049ab13172739a0f46e0a2fd9aec54eb0c84141c6b341783754372df69d39e48cc24eb3d9ddb21a9":96:"4a7ac79db94b27469b92343a":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"ce15e61edd9320ceacbf3984d87c707159caa738e7e76285be00b5a95954b523":"8af4a7d92441ce931815fa4e24d69f66256fec7e62f79a029b684b5db304a46b2a3d3a7ee8d6b7ae38caa7de526d5c0f28dc65a0913a383b7ee1640cbe24997ba95b9b12fa1e9ce9f9100d883c16b6286dce17e381af15113f56197c97fe6b45be00a3df05045f476829d7b303211ac97cf989a18c16e27fbf23570d9d18f04b":"b1269c8495ea1469ff41d8154ae6765e":"0ad26a08a5cc2ec825347d7ffd5aac795eb68aa7e22970d991c863fa6d1fa720137aa5cde4e382625a0038e6ed72da3b5003c1b2a953c2b2138e0cf870cca4afb595c0451aa793fb0a2bc43834a0aca1e760590cca765ad672ead975993f82ae6765c5afbddc6062d7c4babebf650ab097db1a1d9a2a99e8fd2e0eb8a7b916f6":"ad0ab4e77257866e4a57cf44fa4049428e56a6e8b8fd47b4cd00bfce84fa8f5a43f1df2061b0a37311b4a1436bad0d61d52ced5e262ed41a7eb125d61cec2e3fbaa95e533b43f318048096ebc8466f0cd609bb5e7c3fc6e5701aace546618a170f88c0b7ed76b63759ca4e4b931a86ac379dd12ad2cba7d47a19a3ae7c242fb0":96:"fb1e988f9c97358a17e35e6f":0 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"aef24b8205d4085d978505f04724293c2819ef9f3f03a6c758078690fc4bf7c8":"db26453170db2f984312e0cf961d1a7df1154f0525c31f166be5c9f516736501f9f2dd8096a69b6441888ce27aaceacb0b365a38e4e01e2e34027c023206e814f22d46fd2fa69f87509ddced4b8852a76b2532b92f069b8c922ac13b2b7f19cb7c524657a4ee6e989cf2598bef674aa31576776853fb7f9a2704d6b3ee7fbcbb":"81456baa337c3dfd162d9c5f72a2e216":"484a5f4772643cf74ccdced0e5d80862f9300f26ae3139968649d3d7bb761b313f2ba63798b2040d397c3d1569285fee8498fd9254851c15b98af5bd351fa72e7d574c62ede0d728e1279e8b4e4784fd63ea7851e99d1d2356bcbf868528f8d0a90fc3b884ece631648d916ec97abadca1b0dd7670e6ad42245021570582ec7c":"da95c61cd2bb88fea78c059c254d2b949d4fc291c73ac178ace44c1e6a339f64931c857d3a7cb276a04993620adb6918dfd3f9083edad384a8e6c1d4799d526a1c969d8deb0e2667d6d06f559baf914b49fc463244528aa6522d19699065438d939521d7d7bb149835298f2054bcaae6d786f6dde133b640697a3d37c697579a":96:"bc1c1cbcad2e1a66ace079a2":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9685aea9aaebbd691e679779034729306d5887bee4c1f90f6ee3a397a0ff3ece":"ae3b2fa1e209f72c167eb16bc15b7669b87d4ab516e428157810b87a83e90d56e267bd4996522b5b22c2a349d3765ca27ea27057dd71f7c18ddd053033bd780b6cb689f48c383e9c717b9b265cb9e32c70c4a7d8fb933e986d996b5ad914cd645b74c47ac3a0de952ee3fc73ada83d896da7ca0b2a0b10e4f701fa13cba9ec50":"b1bc140531ae8c69e2ffc784e0988038":"294ff858fa6efc82ca3be4d05332bbb951a71a7ddfa4b78472e1582b445312eec11793d8d6e1e858d9cb078b5fc9083ac8a3e3bd82964cb07c08450567922299f68fd47663c7a77c29f2b5347f229301433d5a75263158a0d80095859e7e45476b99b23412046bfbe4eafff9f7820ba49919d2c987cf00c286c784e7669d8fe8":"6575128b576e68f7b3709e325b3d616783b42ff7f7631eb62b90cb0c8a86bd324756f43af53c33cbdaf9cf64ea94cf1b7fab5003f00c1d07f3fc8eb1931d759f9c43477ba22311a111488092c42b7786facf42b861a824cd1bcdc603a77d11253f15206a929a3e16e8737d080b8e5f0da8896226989a9964d72e491187250472":64:"f78c4dd37c06b197":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"3adf0da24394a98c7beae01d28f261a9cbd887aeeecc0c29e84540264d5a6bad":"8cf023d717b0f82f2b81750b53fb665c1c90f4740af4a3534b36b847df33ba5eec19eb24ead70a4b613a82572878216181d59b0c4c4df99be08d021cf182724d8ff5ec4e85884d0f69c16238fbbdbc5529ffcc4e418405e4e95139f79d3115a1ac56820cd39fc413ab72f7d447f947cb0541fc2be261f1246c0a786199013b22":"ad41288817577316df2d881ac93fcdef":"ad33ce922372fbe3531c0dece69f85f18eb1bbfb09a178403832308de0e54b1010db2636c4b7d9caa478138f61db5149c9fd7f3b45b7a1876729fe67622a37f0b322ef9cf6043b301a5d4c81e6f347d22bd3e40722059d3be945845c6b0629fbcfcaf885c7f393aa81f242c48c61a439574761ef6b671972cac664403250750e":"9d465e9c4228323946b1261892243d8455edb9eb8633d026d4033fa3965d20730979ba6952c0f6f2c5768f03c19256b64bc759d2e7b92424bbc668308504ba34384c2bb37baaf91a3a4f0952a050a3d69853141b49e86eda3bf0c4db4ebcd1c41e7f13eca20bf574a47ec45b8c98def17c0741805bf8f37923ba2b5221428578":64:"507618cec6d03964":0 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"9ef64b4132db54668568e2ae66ab61f62a820c7002a67a7e42006280a373feba":"4b96dce753273188c4cca3386a7415d5d9263757376e1f32797df47992e92e1bc0ab0833363b3acffde22602d4e47307bc8f252944414a15e1398693fd3b8bf4d8101cdcf70ce2c9de8cb7f5bb17cd83f09b1bc78ba07c34b9214e250c5940e9794199cb392309027d5ab4f32b51c533db6732024bd412f2cb0c5178d5296aa5":"07a86dbe2cce040eccdad79b3d211ecc":"af7a75748ee293015b600ca82ccc7718f4ecc20c3a2357ee02fb726330a0d79ca8bb97979bc0c89f4c60d7154f8bd29ba6ec5f2f4be286ea8a258cf6bd39b4f42d6db8e70c99ec3af26bb4d8003dc6fd0fdfbbc620d511d4d5f09ddf975a1663ac2979ae0978b0bc1e7bfcd660ae4ac7f1a8f6d8ee35752ed59a604f07dfda53":"e3e862146b6fb48b01ababc462dd560298eea7bfe5f3248e28a908d1de08c7e91fcf63922c394e7a51b64f4382225093e78598c050e588ff4ad38f3e83dc07b77ce569c6ab8f8a9cb0056b3155aa1503cebeb64c86d6d9cdbb178ea9a01a8ba33a1c48beb92ee4cf60e7dedf986019e19089cd186c98c229b0ff42c9e1aca571":64:"8614c216055c0660":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #0 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"f14ac79f35bc5a685433eea5bb7fd69fc959aabda24cbd8b7795fb2e41f90ab0":"8a20da14819079960b77ed5e548d0aa0bdcffb752817c1abe4195e612cfbb58c8e5a8af69f75bad10ee8afdf0b0d5c46c4dc11c32bff16d5e7e82e77fd80e475c6a5a0be36718af232697ab22314306b8ee32484b3461da657710c06170e80a6a8844f898c2be29366c8430f2392d100ffd419603cbce406dc7315577e6e9ee2":"353e1d08edce44c966430513cb7a0383":"cb1dde4ff5a6867038c170192fc2d292f5bb349d5b9a903cf3d88c09ce78fb1f4a776ff7588a25abb5e5f6a44791d7296afef3f32ed31db1def37dd25be0570a204955121f9c65b79a3ea88fc452dbcb82719243c11bc27e3408adf802b6e8b4e701ee4e9dfd140cb3277bf605bd5fb757d2325f7805fc6f0d1ea5a6207fac5f":"49b5e4ea0421034c074cde67dd39a0310c3f31e8138672ba2ecc0777be542f1c6529836d5206b79dac83d96aab56787a35c584b31228f007f11630328c3f40a57be37487689ee5babb576e7d14ff0f1f1ba6e4be11637352a4336327681058b99df2e44f9772de4e0e456d2e34dec5eeb335b238e862841d166e0612cc0f18f3":32:"88aed643":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #1 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"b55ac909e73989e310ae37d13c54bbd5a126f419a3b01a2ad8961d89bd247f81":"8a663e8b21a027c4a9545d145d42d9c67b4fcd5d0e39aa68822aedbd609e2c681f60e6315035321de739858b2b082bc05551fe9b8456c2e89c6151282c6068b915eae5762e4d6d765d667de58a315e061b3d60035ada50f59258eb6e2a1cd6b52eea7eb9d404fd96e71f19feff65b74a4b4f07061adf7c1b0e54e2ece7a2cd49":"9328abab0d3f63c75ddafd8559d96b4f":"cbae20aa1996abb62471aac91cd78080953fbe3b165d4c9435832ef1106e7e3424db8850f44a431c289ab4f2bbbea9e5c0c7aaf2e8de69c0ced176283662cadd280d8fda0c859551f0f90893ca57695c95803a1546826922ac78703d7ccae285b7ccd4bbab551756cccc6869dcf34b6af8d8b80c25c6fb1d2caa7f28161fb854":"457e13ff4eeaaae75d14bbf1bff91706c3168b9b146aed29dbe31b12ad90c1c158833be95701229ac6e4a13997e0a2d961d4a0021c4d8920ec54a9a935e5ea73b17e8fa60559df76bd07d966dfa7d86d1a77a313228b2ae7f66b5b696726c02af2c808bf75e0b9591a220e762f57c680ca68f20b2b5413b07731bbd49de039bf":32:"5de0434a":0 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 [#2] -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1477e189fb3546efac5cc144f25e132ffd0081be76e912e25cbce7ad63f1c2c4":"7bd3ea956f4b938ebe83ef9a75ddbda16717e924dd4e45202560bf5f0cffbffcdd23be3ae08ff30503d698ed08568ff6b3f6b9fdc9ea79c8e53a838cc8566a8b52ce7c21b2b067e778925a066c970a6c37b8a6cfc53145f24bf698c352078a7f0409b53196e00c619237454c190b970842bb6629c0def7f166d19565127cbce0":"c109f35893aff139db8ed51c85fee237":"8f7f9f71a4b2bb0aaf55fced4eb43c57415526162070919b5f8c08904942181820d5847dfd54d9ba707c5e893a888d5a38d0130f7f52c1f638b0119cf7bc5f2b68f51ff5168802e561dff2cf9c5310011c809eba002b2fa348718e8a5cb732056273cc7d01cce5f5837ab0b09b6c4c5321a7f30a3a3cd21f29da79fce3f3728b":"7841e3d78746f07e5614233df7175931e3c257e09ebd7b78545fae484d835ffe3db3825d3aa1e5cc1541fe6cac90769dc5aaeded0c148b5b4f397990eb34b39ee7881804e5a66ccc8d4afe907948780c4e646cc26479e1da874394cb3537a8f303e0aa13bd3cc36f6cc40438bcd41ef8b6a1cdee425175dcd17ee62611d09b02":32:"cb13ce59":0 AES-GCM Bad IV (AES-256,128,0,0,32) #0 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_CCM_GCM_CAN_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT AES-GCM Selftest -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_CCM_GCM_CAN_AES gcm_selftest: diff --git a/tests/suites/test_suite_gcm.camellia.data b/tests/suites/test_suite_gcm.camellia.data index 9b71d7c0bb..029780627a 100644 --- a/tests/suites/test_suite_gcm.camellia.data +++ b/tests/suites/test_suite_gcm.camellia.data @@ -1,215 +1,215 @@ Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #1 (128-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"":"000000000000000000000000":"":"":128:"f5574acc3148dfcb9015200631024df9":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #2 (128-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"00000000000000000000000000000000":"000000000000000000000000":"":"defe3e0b5c54c94b4f2a0f5a46f6210d":128:"f672b94d192266c7c8c8dbb427cc989a":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #3 (128-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":"cafebabefacedbaddecaf888":"":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815":128:"86e318012dd8329dc9dae6a170f61b24":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #4 (128-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606":128:"9f458869431576ea6a095456ec6b8101":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #5 (128-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":"28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd":128:"e86f8f2e730c49d536f00fb5225d28b1":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #6 (128-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":"2e582b8417c93f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647":128:"ceae5569b2af8641572622731aed3e53":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #7 (192-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":"":128:"ba9ae89fddce4b51131e17c4d65ce587":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #8 (192-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"000000000000000000000000":"":"8f9c0aa2549714c88bb2665e8af86d41":128:"783cff5c5aca7197320658a74279ab37":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #9 (192-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":"cafebabefacedbaddecaf888":"":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6a60bb2e9":128:"8d645a0b0e48d3c3b60a014157cb49b4":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #10 (192-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6":128:"01b15bb5ab6fac0c422014e91eacbf2b":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #11 (192-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":"678b3dcb270faa206dc5f6fbb5014996e86d6f3e35cdcdfeb03b37b9b06ff4ff2682248823bd3c84124dc76af7bde3dd440c228b5efbc795dd80dfb6":128:"f876143d933214a5035ff0bb96ff650b":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #12 (192-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":"9733ea567c3bad2259ccd63ef7012f5de709e50b1fdc31f1a16db02ede1b66f11dcc4d953f2d4d4671587b65882afbf9545fdb6deab22413d091b703":128:"4b72e520b2521e63d240ed5c903216fa":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #13 (256-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":"":128:"9cdb269b5d293bc5db9c55b057d9b591":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #14 (256-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"000000000000000000000000":"":"3d4b2cde666761ba5dfb305178e667fb":128:"284b63bb143c40ce100fb4dea6bb617b":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #15 (256-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":"cafebabefacedbaddecaf888":"":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092":128:"c912686270a2b9966415fca3be75c468":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #16 (256-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77":128:"4e4b178d8fe26fdc95e2e7246dd94bec":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #17 (256-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":128:"e6472b8ebd331bfcc7c0fa63ce094461":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #18 (256-en) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":"e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862":128:"5791883f822013f8bd136fc36fb9946b":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #1 (128-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"":"000000000000000000000000":"":128:"f5574acc3148dfcb9015200631024df9":"":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #2 (128-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"defe3e0b5c54c94b4f2a0f5a46f6210d":"000000000000000000000000":"":128:"f672b94d192266c7c8c8dbb427cc989a":"":"00000000000000000000000000000000":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #3 (128-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815":"cafebabefacedbaddecaf888":"":128:"86e318012dd8329dc9dae6a170f61b24":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #4 (128-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"9f458869431576ea6a095456ec6b8101":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #5 (128-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e86f8f2e730c49d536f00fb5225d28b1":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #6 (128-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"2e582b8417c93f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"ceae5569b2af8641572622731aed3e53":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #7 (192-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"ba9ae89fddce4b51131e17c4d65ce587":"":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #8 (192-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"8f9c0aa2549714c88bb2665e8af86d41":"000000000000000000000000":"":128:"783cff5c5aca7197320658a74279ab37":"":"00000000000000000000000000000000":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #9 (192-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6a60bb2e9":"cafebabefacedbaddecaf888":"":128:"8d645a0b0e48d3c3b60a014157cb49b4":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #10 (192-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"01b15bb5ab6fac0c422014e91eacbf2b":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #11 (192-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"678b3dcb270faa206dc5f6fbb5014996e86d6f3e35cdcdfeb03b37b9b06ff4ff2682248823bd3c84124dc76af7bde3dd440c228b5efbc795dd80dfb6":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"f876143d933214a5035ff0bb96ff650b":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #12 (192-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"9733ea567c3bad2259ccd63ef7012f5de709e50b1fdc31f1a16db02ede1b66f11dcc4d953f2d4d4671587b65882afbf9545fdb6deab22413d091b703":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4b72e520b2521e63d240ed5c903216fa":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #13 (256-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"9cdb269b5d293bc5db9c55b057d9b591":"":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #14 (256-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"3d4b2cde666761ba5dfb305178e667fb":"000000000000000000000000":"":128:"284b63bb143c40ce100fb4dea6bb617b":"":"00000000000000000000000000000000":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #15 (256-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092":"cafebabefacedbaddecaf888":"":128:"c912686270a2b9966415fca3be75c468":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #16 (256-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4e4b178d8fe26fdc95e2e7246dd94bec":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #17 (256-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e6472b8ebd331bfcc7c0fa63ce094461":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #18 (256-de) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"5791883f822013f8bd136fc36fb9946b":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #1 (128-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"":"000000000000000000000000":"":128:"f5574acc3148dfcb9015200631024df8":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #2 (128-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"defe3e0b5c54c94b4f2a0f5a46f7210d":"000000000000000000000000":"":128:"f672b94d192266c7c8c8dbb427cc989a":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #3 (128-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815":"cafebabefacedbaddecaf889":"":128:"86e318012dd8329dc9dae6a170f61b24":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #4 (128-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"9f458869431576ea6a095456ec6b8100":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #5 (128-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd":"cafebabefacedbad":"feedfadedeadbeeffeedfacedeadbeefabaddad2":128:"e86f8f2e730c49d536f00fb5225d28b1":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #6 (128-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"2e582b8417c83f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"ceae5569b2af8641572622731aed3e53":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #7 (192-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"ba9ae89fddce4b51131e17c4d65ce586":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #8 (192-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"8f9c0aa2549714c88bb2665e8af86d42":"000000000000000000000000":"":128:"783cff5c5aca7197320658a74279ab37":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #9 (192-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"ffffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6a60bb2e9":"cafebabefacedbaddecaf888":"":128:"8d645a0b0e48d3c3b60a014157cb49b4":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #10 (192-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"11b15bb5ab6fac0c422014e91eacbf2b":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #11 (192-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"678b3dcb270faa206dc5f6fbb5014996e86d6f3e35cdcdfeb03b37b9b06ff4ff2682248823bd3c84124dc76af7bde3dd440c228b5efbc795dd80dfb6":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad3":128:"f876143d933214a5035ff0bb96ff650b":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #12 (192-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"9733ea567c3bad2259ccd63ef7012f5de709e50b1fdc31f1a16db02ede1b66f11dcc4d953f2d4d4671587b65882afbf9545fdb6deab22413d091b703":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a328a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4b72e520b2521e63d240ed5c903216fa":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #13 (256-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000001":"":"000000000000000000000000":"":128:"9cdb269b5d293bc5db9c55b057d9b591":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #14 (256-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"3d4b2cde666761ba5dfb305178e667fb":"000000000000000000000001":"":128:"284b63bb143c40ce100fb4dea6bb617b":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #15 (256-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4949d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092":"cafebabefacedbaddecaf888":"":128:"c912686270a2b9966415fca3be75c468":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #16 (256-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77":"cafebabefacedbaddecaf888":"ffedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4e4b178d8fe26fdc95e2e7246dd94bec":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #17 (256-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e6472b8ebd331bfcc7c0fa63ce094462":"FAIL":"":0 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #18 (256-bad) -depends_on:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_CCM_GCM_CAN_CAMELLIA gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a9f9467308308feffe9928665731c6d6a8f9467308308":"e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"5791883f822013f8bd136fc36fb9946b":"FAIL":"":0 diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 097e42408c..599c9266e0 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -478,7 +478,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ +/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_CCM_GCM_CAN_AES */ void gcm_selftest() { BLOCK_CIPHER_PSA_INIT(); From 45c84feacceb0e56df99171a78045b2c432ffe1f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 09:54:39 +0100 Subject: [PATCH 379/653] test_suite_ccm: add missing BLOCK_CIPHER_PSA_[INIT/DONE]() Signed-off-by: Valerio Setti --- tests/suites/test_suite_ccm.function | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 9831666c3e..dbb313b939 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -82,6 +82,7 @@ void mbedtls_ccm_setkey(int cipher_id, int key_size, int result) unsigned char key[32]; int ret; + BLOCK_CIPHER_PSA_INIT(); mbedtls_ccm_init(&ctx); memset(key, 0x2A, sizeof(key)); @@ -92,6 +93,7 @@ void mbedtls_ccm_setkey(int cipher_id, int key_size, int result) exit: mbedtls_ccm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); } /* END_CASE */ @@ -139,7 +141,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ +/* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */ void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res) { From 9afa329b80e2436bb154cd0bda52aae57f45a029 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 09:55:28 +0100 Subject: [PATCH 380/653] analyze_outcomes: allow ignored test suites to have a dot in the name Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 085ba7a515..8db2ef7783 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -150,7 +150,7 @@ def analyze_driver_vs_reference(results: Results, outcomes: Outcomes, # but issue an error if they're not (means we have a bad entry). ignored = False if full_test_suite in ignored_tests: - for str_or_re in ignored_tests[test_suite]: + for str_or_re in ignored_tests[full_test_suite]: if name_matches_pattern(test_string, str_or_re): ignored = True From 5f665c3a0d9766638e8fe2ebbaddeff4e444d579 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 09:56:05 +0100 Subject: [PATCH 381/653] analyze_outcomes: add exceptions to disparities for block_cipher dispatch Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 8db2ef7783..7dc6afe3ca 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -542,8 +542,38 @@ KNOWN_TASKS = { 'ignored_suites': [ # Skipped in the accelerated component 'aes', 'aria', 'camellia', + # These require AES_C and CAMELLIA_C to be enabled in order for the cipher + # module (actually cipher_wrapper) to work properly. However these symbols + # are disabled in the accelerated component so we ignore them. + 'cipher.ccm', 'cipher.gcm', 'cmac', ], 'ignored_tests': { + 'test_suite_cipher.aes': [ + # CCM*-NO-TAG is disabled in the accelerated component but + # there is no way to get CCM without CCM*-NO-TAG with legacy symbols. + re.compile(r'AES-\d+[- ]CCM\*-NO-TAG .*'), + # Following test require AES_C to be enabled for CIPHER_C operations + re.compile(r'AES-\d+-ECB .* NIST KAT .*'), + # This test requires AES_C which is disabled in the accelerated component + 'Cipher Corner Case behaviours', + ], + 'test_suite_cipher.aria': [ + # Same as for test_suite_cipher.aes + re.compile(r'ARIA-\d+[- ]CCM\*-NO-TAG .*'), + ], + 'test_suite_cipher.camellia': [ + # Same as for test_suite_cipher.aes + re.compile(r'CAMELLIA-\d+[- ]CCM\*-NO-TAG .*'), + ], + 'test_suite_error': [ + # Following tests require AES_C which is disabled in the accelerated component + 'Single low error', + 'Low and high error', + ], + 'test_suite_version': [ + # Following tests require AES_C which is disabled in the accelerated component + 'Check for MBEDTLS_AES_C when already present', + ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component From 5eb8de12cb7a44a4e0e67487420972dafab6aa4b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 11:59:32 +0100 Subject: [PATCH 382/653] driver-only-build: remove paragraph about RSA/DH deterministic key generation This feature is not supported at all in MbedTLS, driver or not. Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index c2d8f69d10..373de23894 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -240,10 +240,6 @@ The same holds for the associated algorithm: `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and removing builtin support (i.e. `MBEDTLS_DHM_C`). -### Limitations -Support for deterministic derivation of a DH keypair -(i.e. `PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE`) is not supported. - Ciphers and AEADs ----------------- From a70b3c24f6e4cb44c049961ecd84196eed6491a4 Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> Date: Sun, 16 Jul 2023 12:06:13 +0300 Subject: [PATCH 383/653] rsa: minor comment/guard improvements This brings some improvements to comments/ function prototypes that relate to PKCS#1. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> --- include/mbedtls/mbedtls_config.h | 2 ++ include/mbedtls/rsa.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 758a514249..a3e3f83474 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2191,6 +2191,8 @@ * Enable parsing and verification of X.509 certificates, CRLs and CSRS * signed with RSASSA-PSS (aka PKCS#1 v2.1). * + * Requires: MBEDTLS_PKCS1_V21 + * * Comment this macro to disallow using RSASSA-PSS in certificates. */ #define MBEDTLS_X509_RSASSA_PSS_SUPPORT diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index df665240d1..e5e172f9c1 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -869,6 +869,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx, const unsigned char *hash, unsigned char *sig); +#if defined(MBEDTLS_PKCS1_V21) /** * \brief This function performs a PKCS#1 v2.1 PSS signature * operation (RSASSA-PSS-SIGN). @@ -969,6 +970,7 @@ int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, unsigned int hashlen, const unsigned char *hash, unsigned char *sig); +#endif /* MBEDTLS_PKCS1_V21 */ /** * \brief This function performs a public RSA operation and checks From 80ca4932847874c4ebe595e43cdcdb36fc4d5668 Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> Date: Sun, 16 Jul 2023 12:12:09 +0300 Subject: [PATCH 384/653] gitignore: add clangd index files https://clangd.llvm.org/design/indexing#backgroundindex Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> --- .gitignore | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 185bd7a1d7..4f29d5be50 100644 --- a/.gitignore +++ b/.gitignore @@ -63,5 +63,7 @@ massif-* /cscope*.out /tags -# Clangd compilation database +# clangd compilation database compile_commands.json +# clangd index files +/.cache/clangd/index/ From 8174662b648d03c5503dfea15a57106ca7dd5312 Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> Date: Sun, 16 Jul 2023 13:06:06 +0300 Subject: [PATCH 385/653] pk: implement non-PSA mbedtls_pk_sign_ext() This makes the function always available with its its implementation depending on MBEDTLS_USE_PSA_CRYPTO. Related dependencies and tests are updated as well. Fixes #7583. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> --- ChangeLog.d/non-psa-pk-implementation.txt | 4 + include/mbedtls/config_adjust_legacy_crypto.h | 6 +- include/mbedtls/pk.h | 4 +- library/pk.c | 41 ++++++--- library/pk_wrap.c | 4 +- library/pk_wrap.h | 16 ++-- tests/suites/test_suite_pk.data | 48 +++++------ tests/suites/test_suite_pk.function | 83 +++++++++++-------- 8 files changed, 120 insertions(+), 86 deletions(-) create mode 100644 ChangeLog.d/non-psa-pk-implementation.txt diff --git a/ChangeLog.d/non-psa-pk-implementation.txt b/ChangeLog.d/non-psa-pk-implementation.txt new file mode 100644 index 0000000000..88ed006544 --- /dev/null +++ b/ChangeLog.d/non-psa-pk-implementation.txt @@ -0,0 +1,4 @@ +Changes + * mbedtls_pk_sign_ext() is now available even without PSA + (MBEDTLS_PSA_CRYPTO_C). This improves uniformity in the PK module; + it now only depends on MBEDTLS_USE_PSA_CRYPTO for its use of PSA. diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index e66d67a1b7..74d037df43 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -235,9 +235,9 @@ #define MBEDTLS_PSA_CRYPTO_CLIENT #endif /* MBEDTLS_PSA_CRYPTO_C */ -/* The PK wrappers need pk_write functions to format RSA key objects - * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO, - * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */ +/* The PK wrappers need pk_write/pk_parse functions to format RSA key objects + * when they are dispatching to the PSA API. This happens under MBEDTLS_USE_PSA_CRYPTO, + * and even under just MBEDTLS_PSA_CRYPTO_C in psa_crypto_rsa.c. */ #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) #define MBEDTLS_PK_C #define MBEDTLS_PK_WRITE_C diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 24b11886b9..355bf10346 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -28,7 +28,7 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_C) #include "psa/crypto.h" #endif @@ -615,7 +615,6 @@ int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); -#if defined(MBEDTLS_PSA_CRYPTO_C) /** * \brief Make signature given a signature type. * @@ -652,7 +651,6 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); -#endif /* MBEDTLS_PSA_CRYPTO_C */ /** * \brief Restartable version of \c mbedtls_pk_sign() diff --git a/library/pk.c b/library/pk.c index 957f64ed1e..344d29fd53 100644 --- a/library/pk.c +++ b/library/pk.c @@ -579,7 +579,7 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, return PSA_PK_RSA_TO_MBEDTLS_ERR(status); } else -#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if (sig_len < mbedtls_pk_get_len(ctx)) { return MBEDTLS_ERR_RSA_VERIFY_FAILED; @@ -672,7 +672,6 @@ int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, f_rng, p_rng, NULL); } -#if defined(MBEDTLS_PSA_CRYPTO_C) /* * Make a signature given a signature type. */ @@ -684,11 +683,6 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { -#if defined(MBEDTLS_RSA_C) - psa_algorithm_t psa_md_alg; -#endif /* MBEDTLS_RSA_C */ - *sig_len = 0; - if (ctx->pk_info == NULL) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } @@ -702,8 +696,10 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, sig, sig_size, sig_len, f_rng, p_rng); } -#if defined(MBEDTLS_RSA_C) - psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + const psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); if (psa_md_alg == 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } @@ -720,12 +716,31 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PSS(psa_md_alg), ctx->pk_ctx, hash, hash_len, sig, sig_size, sig_len); -#else /* MBEDTLS_RSA_C */ - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; -#endif /* !MBEDTLS_RSA_C */ +#else /* MBEDTLS_USE_PSA_CRYPTO */ + if (sig_size < mbedtls_pk_get_len(ctx)) { + return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; + } + + if (pk_hashlen_helper(md_alg, &hash_len) != 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + mbedtls_rsa_context *const rsa_ctx = mbedtls_pk_rsa(*ctx); + + const int ret = mbedtls_rsa_rsassa_pss_sign(rsa_ctx, f_rng, p_rng, md_alg, + (unsigned int) hash_len, hash, sig); + if (ret == 0) { + *sig_len = rsa_ctx->len; + } + return ret; + +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#else + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ } -#endif /* MBEDTLS_PSA_CRYPTO_C */ /* * Decrypt message diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 0fb3c42176..b1fbd861d8 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -281,7 +281,7 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, mbedtls_rsa_context *rsa_ctx, const unsigned char *hash, size_t hash_len, @@ -344,7 +344,7 @@ cleanup: } return ret; } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, diff --git a/library/pk_wrap.h b/library/pk_wrap.h index 28c815a772..a6237bf638 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -131,6 +131,14 @@ int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_ecdsa(psa_status_t status); #endif #endif +#if defined(MBEDTLS_RSA_C) +int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md, + mbedtls_rsa_context *rsa_ctx, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, + size_t *sig_len); +#endif /* MBEDTLS_RSA_C */ + #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_C) @@ -143,14 +151,6 @@ int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_rsa(psa_status_t status); #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#if defined(MBEDTLS_RSA_C) -int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md, - mbedtls_rsa_context *rsa_ctx, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, - size_t *sig_len); -#endif /* MBEDTLS_RSA_C */ - #endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PK_WRAP_H */ diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index e69749140a..af1e20c46a 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -621,62 +621,62 @@ PSA wrapped sign: RSA PKCS1 v1.5 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024 -PK Sign ext:RSA2048,PK_RSA,MD_SHA256 +PK sign ext: RSA2048, PK_RSA, MD_SHA256 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 -pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 +pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 -PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256 +PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA256 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 -pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 +pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 -PK Sign ext:RSA2048,PK_RSA,MD_SHA384 +PK sign ext: RSA2048, PK_RSA, MD_SHA384 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 -pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 +pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 -PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384 +PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA384 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 -pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 +pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 -PK Sign ext:RSA2048,PK_RSA,MD_SHA512 +PK sign ext: RSA2048, PK_RSA, MD_SHA512 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 -pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 +pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 -PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512 +PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA512 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 -pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 +pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 -PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256 +PK sign ext: SECP256R1, PK_ECDSA, MD_SHA256 depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256 -pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256 +pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256 -PK Sign ext:SECP384R1,PK_ECDSA,MD_SHA384 +PK sign ext: SECP384R1, PK_ECDSA, MD_SHA384 depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA384 -pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384 +pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384 -PK Sign ext:SECP521R1,PK_ECDSA,MD_SHA512 +PK sign ext: SECP521R1, PK_ECDSA, MD_SHA512 depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1:MBEDTLS_MD_CAN_SHA512 -pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512 +pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512 -PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA256 +PSA wrapped sign ext: RSA2048, PK_RSA, MD_SHA256 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 -PK wrapped Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256 +PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA256 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 -PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA384 +PSA wrapped sign ext: RSA2048, PK_RSA, MD_SHA384 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 -PK wrapped Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384 +PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA384 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 -PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA512 +PSA wrapped sign ext: RSA2048, PK_RSA, MD_SHA512 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 -PK wrapped Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512 +PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA512 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index fa0b03b343..5255febb72 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -407,6 +407,16 @@ void pk_invalid_param() buf, buf_size, &buf_size, NULL, NULL, NULL)); + TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign_ext(pk_type, &ctx, MBEDTLS_MD_NONE, + NULL, buf_size, + buf, buf_size, &buf_size, + NULL, NULL)); + TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign_ext(pk_type, &ctx, MBEDTLS_MD_SHA256, + NULL, 0, + buf, buf_size, &buf_size, + NULL, NULL)); exit: mbedtls_pk_free(&ctx); USE_PSA_DONE(); @@ -435,14 +445,6 @@ void valid_parameters() TEST_ASSERT(mbedtls_pk_get_len(NULL) == 0); TEST_ASSERT(mbedtls_pk_can_do(NULL, MBEDTLS_PK_NONE) == 0); - TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, - MBEDTLS_MD_NONE, - NULL, 0, - buf, sizeof(buf), &len, - mbedtls_test_rnd_std_rand, NULL, - NULL) == - MBEDTLS_ERR_PK_BAD_INPUT_DATA); - TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_NONE, NULL, 0, @@ -458,6 +460,13 @@ void valid_parameters() mbedtls_test_rnd_std_rand, NULL) == MBEDTLS_ERR_PK_BAD_INPUT_DATA); + TEST_ASSERT(mbedtls_pk_sign_ext(MBEDTLS_PK_NONE, &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, sizeof(buf), &len, + mbedtls_test_rnd_std_rand, NULL) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA); + TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_NONE, NULL, 0, @@ -1175,22 +1184,31 @@ void pk_rsa_overflow() memset(hash, 0x2a, sizeof(hash)); memset(sig, 0, sizeof(sig)); - TEST_ASSERT(mbedtls_pk_setup(&pk, - mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); + TEST_EQUAL(mbedtls_pk_setup(&pk, + mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0); #if defined(MBEDTLS_PKCS1_V21) - TEST_ASSERT(mbedtls_pk_verify_ext(MBEDTLS_PK_RSASSA_PSS, NULL, &pk, - MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len) == - MBEDTLS_ERR_PK_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_pk_verify_ext(MBEDTLS_PK_RSASSA_PSS, NULL, &pk, + MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len), + MBEDTLS_ERR_PK_BAD_INPUT_DATA); #endif /* MBEDTLS_PKCS1_V21 */ - TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, hash, hash_len, - sig, sig_len) == MBEDTLS_ERR_PK_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, hash, hash_len, + sig, sig_len), + MBEDTLS_ERR_PK_BAD_INPUT_DATA); - TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, hash, hash_len, - sig, sizeof(sig), &sig_len, - mbedtls_test_rnd_std_rand, NULL) - == MBEDTLS_ERR_PK_BAD_INPUT_DATA); +#if defined(MBEDTLS_PKCS1_V21) + TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk, + MBEDTLS_MD_NONE, hash, hash_len, + sig, sizeof(sig), &sig_len, + mbedtls_test_rnd_std_rand, NULL), + MBEDTLS_ERR_PK_BAD_INPUT_DATA); +#endif /* MBEDTLS_PKCS1_V21 */ + + TEST_EQUAL(mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, hash, hash_len, + sig, sizeof(sig), &sig_len, + mbedtls_test_rnd_std_rand, NULL), + MBEDTLS_ERR_PK_BAD_INPUT_DATA); exit: mbedtls_pk_free(&pk); @@ -1440,14 +1458,14 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_GENPRIME */ -void pk_psa_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg) +/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ +void pk_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg) { /* See the description of pk_genkey() for the description of the `parameter` argument. */ mbedtls_pk_context pk; size_t sig_len; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - unsigned char hash[PSA_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; size_t hash_len = mbedtls_md_get_size_from_type(md_alg); void const *options = NULL; mbedtls_pk_rsassa_pss_options rsassa_pss_options; @@ -1455,16 +1473,15 @@ void pk_psa_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg) memset(sig, 0, sizeof(sig)); mbedtls_pk_init(&pk); - PSA_INIT(); + MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_pk_setup(&pk, - mbedtls_pk_info_from_type(pk_type)) == 0); + TEST_EQUAL(mbedtls_pk_setup(&pk, + mbedtls_pk_info_from_type(pk_type)), 0); + TEST_EQUAL(pk_genkey(&pk, parameter), 0); - TEST_ASSERT(pk_genkey(&pk, parameter) == 0); - - TEST_ASSERT(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, - sig, sizeof(sig), &sig_len, - mbedtls_test_rnd_std_rand, NULL) == 0); + TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, + sig, sizeof(sig), &sig_len, + mbedtls_test_rnd_std_rand, NULL), 0); if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { rsassa_pss_options.mgf1_hash_id = md_alg; @@ -1472,11 +1489,11 @@ void pk_psa_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg) rsassa_pss_options.expected_salt_len = hash_len; options = (const void *) &rsassa_pss_options; } - TEST_ASSERT(mbedtls_pk_verify_ext(key_pk_type, options, &pk, md_alg, - hash, hash_len, sig, sig_len) == 0); + TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, options, &pk, md_alg, + hash, hash_len, sig, sig_len), 0); exit: mbedtls_pk_free(&pk); - PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ From 573dc23141211980d43f9746e54c4f776b733f49 Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> Date: Sun, 10 Dec 2023 14:57:51 +0200 Subject: [PATCH 386/653] rsa: introduce rsa_internal_rsassa_pss_sign_no_mode_check() And use it in the non-PSA version of mbedtls_pk_sign_ext() to bypass checks that didn't succeed when used by TLS 1.3. That is because in the failing scenarios the padding of the RSA context is not set to PKCS_V21. See the discussion on PR #7930 for more details. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> --- library/pk.c | 7 +++-- library/rsa.c | 65 +++++++++++++++++++++++++++++---------- library/rsa_alt_helpers.h | 6 ++-- library/rsa_internal.h | 42 +++++++++++++++++++++++++ 4 files changed, 97 insertions(+), 23 deletions(-) create mode 100644 library/rsa_internal.h diff --git a/library/pk.c b/library/pk.c index 344d29fd53..929af3c653 100644 --- a/library/pk.c +++ b/library/pk.c @@ -18,6 +18,9 @@ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" +#if defined(MBEDTLS_PKCS1_V21) && !defined(MBEDTLS_USE_PSA_CRYPTO) +#include "rsa_internal.h" +#endif #endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "mbedtls/ecp.h" @@ -728,8 +731,8 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, mbedtls_rsa_context *const rsa_ctx = mbedtls_pk_rsa(*ctx); - const int ret = mbedtls_rsa_rsassa_pss_sign(rsa_ctx, f_rng, p_rng, md_alg, - (unsigned int) hash_len, hash, sig); + const int ret = mbedtls_rsa_rsassa_pss_sign_no_mode_check(rsa_ctx, f_rng, p_rng, md_alg, + (unsigned int) hash_len, hash, sig); if (ret == 0) { *sig_len = rsa_ctx->len; } diff --git a/library/rsa.c b/library/rsa.c index 1bf5d13ca6..2b9f85b739 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -29,6 +29,7 @@ #include "mbedtls/rsa.h" #include "rsa_alt_helpers.h" +#include "rsa_internal.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -1712,14 +1713,14 @@ int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx, } #if defined(MBEDTLS_PKCS1_V21) -static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - int saltlen, - unsigned char *sig) +static int rsa_rsassa_pss_sign_no_mode_check(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + int saltlen, + unsigned char *sig) { size_t olen; unsigned char *p = sig; @@ -1727,15 +1728,12 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, size_t slen, min_slen, hlen, offset = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t msb; + mbedtls_md_type_t hash_id; if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - if (ctx->padding != MBEDTLS_RSA_PKCS_V21) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - } - if (f_rng == NULL) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1754,7 +1752,11 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, } } - hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); + hash_id = (mbedtls_md_type_t) ctx->hash_id; + if (hash_id == MBEDTLS_MD_NONE) { + hash_id = md_alg; + } + hlen = mbedtls_md_get_size_from_type(hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1797,7 +1799,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, p += slen; /* Generate H = Hash( M' ) */ - ret = hash_mprime(hash, hashlen, salt, slen, p, (mbedtls_md_type_t) ctx->hash_id); + ret = hash_mprime(hash, hashlen, salt, slen, p, hash_id); if (ret != 0) { return ret; } @@ -1808,8 +1810,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, } /* maskedDB: Apply dbMask to DB */ - ret = mgf_mask(sig + offset, olen - hlen - 1 - offset, p, hlen, - (mbedtls_md_type_t) ctx->hash_id); + ret = mgf_mask(sig + offset, olen - hlen - 1 - offset, p, hlen, hash_id); if (ret != 0) { return ret; } @@ -1823,6 +1824,37 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, return mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig); } +static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + int saltlen, + unsigned char *sig) +{ + if (ctx->padding != MBEDTLS_RSA_PKCS_V21) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + if (ctx->hash_id == MBEDTLS_MD_NONE) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + return rsa_rsassa_pss_sign_no_mode_check(ctx, f_rng, p_rng, md_alg, hashlen, hash, saltlen, + sig); +} + +int mbedtls_rsa_rsassa_pss_sign_no_mode_check(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig) +{ + return rsa_rsassa_pss_sign_no_mode_check(ctx, f_rng, p_rng, md_alg, + hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig); +} + /* * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function with * the option to pass in the salt length. @@ -1840,7 +1872,6 @@ int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx, hashlen, hash, saltlen, sig); } - /* * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function */ diff --git a/library/rsa_alt_helpers.h b/library/rsa_alt_helpers.h index ca0840b2a9..052b02491e 100644 --- a/library/rsa_alt_helpers.h +++ b/library/rsa_alt_helpers.h @@ -37,11 +37,9 @@ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * */ - -#ifndef MBEDTLS_RSA_INTERNAL_H -#define MBEDTLS_RSA_INTERNAL_H +#ifndef MBEDTLS_RSA_ALT_HELPERS_H +#define MBEDTLS_RSA_ALT_HELPERS_H #include "mbedtls/build_info.h" diff --git a/library/rsa_internal.h b/library/rsa_internal.h new file mode 100644 index 0000000000..4081ac6398 --- /dev/null +++ b/library/rsa_internal.h @@ -0,0 +1,42 @@ +/** + * \file rsa_internal.h + * + * \brief Internal-only RSA public-key cryptosystem API. + * + * This file declares RSA-related functions that are to be used + * only from within the Mbed TLS library itself. + * + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ +#ifndef MBEDTLS_RSA_INTERNAL_H +#define MBEDTLS_RSA_INTERNAL_H + +#include "mbedtls/rsa.h" + +#if defined(MBEDTLS_PKCS1_V21) +/** + * \brief This function is analogue to \c mbedtls_rsa_rsassa_pss_sign(). + * The only difference between them is that this function is more flexible + * on the parameters of \p ctx that are set with \c mbedtls_rsa_set_padding(). + * + * \note Compared to its counterpart, this function: + * - does not check the padding setting of \p ctx. + * - allows the hash_id of \p ctx to be MBEDTLS_MD_NONE, + * in which case it uses \p md_alg as the hash_id. + * + * \note Refer to \c mbedtls_rsa_rsassa_pss_sign() for a description + * of the functioning and parameters of this function. + */ +int mbedtls_rsa_rsassa_pss_sign_no_mode_check(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig); +#endif /* MBEDTLS_PKCS1_V21 */ + +#endif /* rsa_internal.h */ From 9c69348c24a5770936069c3c18bd312a341c7845 Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> Date: Thu, 14 Dec 2023 21:40:54 +0200 Subject: [PATCH 387/653] pk test suite: rename the parameter named parameter Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> --- tests/suites/test_suite_pk.function | 73 ++++++++++++++--------------- 1 file changed, 34 insertions(+), 39 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5255febb72..226598c724 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -84,25 +84,25 @@ exit: /** Generate a key of the desired type. * - * \param pk The PK object to fill. It must have been initialized - * with mbedtls_pk_setup(). - * \param parameter - For RSA keys, the key size in bits. - * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). + * \param pk The PK object to fill. It must have been initialized + * with mbedtls_pk_setup(). + * \param curve_or_keybits - For RSA keys, the key size in bits. + * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). * - * \return The status from the underlying type-specific key - * generation function. - * \return -1 if the key type is not recognized. + * \return The status from the underlying type-specific key + * generation function. + * \return -1 if the key type is not recognized. */ -static int pk_genkey(mbedtls_pk_context *pk, int parameter) +static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) { - ((void) pk); - (void) parameter; + (void) pk; + (void) curve_or_keybits; #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { return mbedtls_rsa_gen_key(mbedtls_pk_rsa(*pk), mbedtls_test_rnd_std_rand, NULL, - parameter, 3); + curve_or_keybits, 3); } #endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) @@ -112,7 +112,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) int ret; #if defined(MBEDTLS_ECP_C) - ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, parameter); + ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits); if (ret != 0) { return ret; } @@ -123,7 +123,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - ret = pk_genkey_ec(pk, parameter); + ret = pk_genkey_ec(pk, curve_or_keybits); if (ret != 0) { return ret; } @@ -319,7 +319,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, - int key_alg2, int parameter, int alg_check, int usage_check, + int key_alg2, int curve_or_keybits, int alg_check, int usage_check, int result) { mbedtls_pk_context pk; @@ -336,7 +336,7 @@ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, psa_set_key_enrollment_algorithm(&attributes, key_alg2); } psa_set_key_type(&attributes, key_type); - psa_set_key_bits(&attributes, parameter); + psa_set_key_bits(&attributes, curve_or_keybits); PSA_ASSERT(psa_generate_key(&attributes, &key)); @@ -350,7 +350,7 @@ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, } else { TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(key_type)), 0); - TEST_EQUAL(pk_genkey(&pk, parameter), 0); + TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0); TEST_EQUAL(mbedtls_pk_get_type(&pk), key_type); } @@ -545,7 +545,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void pk_utils(int type, int parameter, int bitlen, int len, char *name) +void pk_utils(int type, int curve_or_keybits, int bitlen, int len, char *name) { mbedtls_pk_context pk; @@ -553,7 +553,7 @@ void pk_utils(int type, int parameter, int bitlen, int len, char *name) USE_PSA_INIT(); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); - TEST_ASSERT(pk_genkey(&pk, parameter) == 0); + TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0); TEST_ASSERT((int) mbedtls_pk_get_type(&pk) == type); TEST_ASSERT(mbedtls_pk_can_do(&pk, type)); @@ -857,7 +857,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256 */ -void pk_sign_verify(int type, int parameter, int sign_ret, int verify_ret) +void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret) { mbedtls_pk_context pk; size_t sig_len; @@ -883,7 +883,7 @@ void pk_sign_verify(int type, int parameter, int sign_ret, int verify_ret) memset(sig, 0, sizeof(sig)); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); - TEST_ASSERT(pk_genkey(&pk, parameter) == 0); + TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0); TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_SHA256, hash, hash_len, @@ -1304,8 +1304,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */ -void pk_psa_sign(int parameter_arg, - int psa_type_arg, int expected_bits_arg) +void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits) { mbedtls_pk_context pk; unsigned char hash[32]; @@ -1318,8 +1317,6 @@ void pk_psa_sign(int parameter_arg, int ret; mbedtls_svc_key_id_t key_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t expected_type = psa_type_arg; - size_t expected_bits = expected_bits_arg; /* * This tests making signatures with a wrapped PSA key: @@ -1333,19 +1330,19 @@ void pk_psa_sign(int parameter_arg, USE_PSA_INIT(); #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) - if (PSA_KEY_TYPE_IS_RSA(psa_type_arg)) { + if (PSA_KEY_TYPE_IS_RSA(psa_type)) { /* Create legacy RSA public/private key in PK context. */ TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); TEST_ASSERT(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk), mbedtls_test_rnd_std_rand, NULL, - parameter_arg, 3) == 0); + curve_or_keybits, 3) == 0); alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256); } else #endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) - if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type_arg)) { - mbedtls_ecp_group_id grpid = parameter_arg; + if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { + mbedtls_ecp_group_id grpid = curve_or_keybits; /* Create legacy EC public/private key in PK context. */ TEST_ASSERT(mbedtls_pk_setup(&pk, @@ -1356,7 +1353,7 @@ void pk_psa_sign(int parameter_arg, } else #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ { - (void) parameter_arg; + (void) curve_or_keybits; TEST_ASSUME(!"Opaque PK key not supported in this configuration"); } @@ -1384,8 +1381,8 @@ void pk_psa_sign(int parameter_arg, PSA_ALG_NONE) == 0); PSA_ASSERT(psa_get_key_attributes(key_id, &attributes)); - TEST_EQUAL(psa_get_key_type(&attributes), expected_type); - TEST_EQUAL(psa_get_key_bits(&attributes), expected_bits); + TEST_EQUAL(psa_get_key_type(&attributes), (psa_key_type_t) psa_type); + TEST_EQUAL(psa_get_key_bits(&attributes), (size_t) expected_bits); TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); @@ -1396,7 +1393,7 @@ void pk_psa_sign(int parameter_arg, hash, sizeof(hash), sig, sizeof(sig), &sig_len, NULL, NULL) == 0); /* Only opaque EC keys support verification. */ - if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type_arg)) { + if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, sizeof(hash), sig, sig_len) == 0); } @@ -1438,7 +1435,7 @@ void pk_psa_sign(int parameter_arg, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0); TEST_EQUAL(mbedtls_ecp_group_load( &(mbedtls_pk_ec_rw(pk)->grp), - (mbedtls_ecp_group_id) parameter_arg), 0); + (mbedtls_ecp_group_id) curve_or_keybits), 0); TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_ro(pk)->grp), &(mbedtls_pk_ec_rw(pk)->Q), pkey_legacy_start, klen_legacy), 0); @@ -1459,9 +1456,8 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ -void pk_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg) +void pk_sign_ext(int pk_type, int curve_or_keybits, int key_pk_type, int md_alg) { - /* See the description of pk_genkey() for the description of the `parameter` argument. */ mbedtls_pk_context pk; size_t sig_len; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; @@ -1477,7 +1473,7 @@ void pk_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg) TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(pk_type)), 0); - TEST_EQUAL(pk_genkey(&pk, parameter), 0); + TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0); TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, sig, sizeof(sig), &sig_len, @@ -1498,9 +1494,8 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_USE_PSA_CRYPTO */ -void pk_psa_wrap_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg) +void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg) { - /* See the description of mbedtls_rsa_gen_key() for the description of the `parameter` argument. */ mbedtls_pk_context pk; size_t sig_len, pkey_len; mbedtls_svc_key_id_t key_id; @@ -1524,7 +1519,7 @@ void pk_psa_wrap_sign_ext(int pk_type, int parameter, int key_pk_type, int md_al mbedtls_pk_info_from_type(pk_type)), 0); TEST_EQUAL(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk), mbedtls_test_rnd_std_rand, NULL, - parameter, 3), 0); + key_bits, 3), 0); /* Export underlying public key for re-importing in a legacy context. */ ret = mbedtls_pk_write_pubkey_der(&pk, pkey, sizeof(pkey)); From 1941af087c3ab4e1ea1f796af959fe926e3a4a4d Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> Date: Thu, 14 Dec 2023 21:48:52 +0200 Subject: [PATCH 388/653] pk_wrap: remove last references to MBEDTLS_PSA_CRYPTO_C Deprecated functions are removed and #ifdefs are updated accordingly. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> --- library/pk_wrap.c | 122 +--------------------------------------------- library/pk_wrap.h | 22 +-------- 2 files changed, 3 insertions(+), 141 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index b1fbd861d8..88572f815c 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -30,11 +30,8 @@ #include "pkwrite.h" #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) -#include "psa_util_internal.h" -#endif - #if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "psa_util_internal.h" #include "psa/crypto.h" #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) @@ -49,123 +46,6 @@ #include #include -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_PSA_CRYPTO_C) -int mbedtls_pk_error_from_psa(psa_status_t status) -{ - switch (status) { - case PSA_SUCCESS: - return 0; - case PSA_ERROR_INVALID_HANDLE: - return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; - case PSA_ERROR_NOT_PERMITTED: - return MBEDTLS_ERR_ERROR_GENERIC_ERROR; - case PSA_ERROR_BUFFER_TOO_SMALL: - return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - case PSA_ERROR_INVALID_ARGUMENT: - return MBEDTLS_ERR_PK_INVALID_ALG; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_PK_ALLOC_FAILED; - case PSA_ERROR_BAD_STATE: - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - case PSA_ERROR_COMMUNICATION_FAILURE: - case PSA_ERROR_HARDWARE_FAILURE: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - case PSA_ERROR_DATA_CORRUPT: - case PSA_ERROR_DATA_INVALID: - case PSA_ERROR_STORAGE_FAILURE: - return MBEDTLS_ERR_PK_FILE_IO_ERROR; - case PSA_ERROR_CORRUPTION_DETECTED: - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - default: - return MBEDTLS_ERR_ERROR_GENERIC_ERROR; - } -} - -#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) -int mbedtls_pk_error_from_psa_rsa(psa_status_t status) -{ - switch (status) { - case PSA_ERROR_NOT_PERMITTED: - case PSA_ERROR_INVALID_ARGUMENT: - case PSA_ERROR_INVALID_HANDLE: - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - case PSA_ERROR_BUFFER_TOO_SMALL: - return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; - case PSA_ERROR_INSUFFICIENT_ENTROPY: - return MBEDTLS_ERR_RSA_RNG_FAILED; - case PSA_ERROR_INVALID_SIGNATURE: - return MBEDTLS_ERR_RSA_VERIFY_FAILED; - case PSA_ERROR_INVALID_PADDING: - return MBEDTLS_ERR_RSA_INVALID_PADDING; - case PSA_SUCCESS: - return 0; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_PK_ALLOC_FAILED; - case PSA_ERROR_BAD_STATE: - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - case PSA_ERROR_COMMUNICATION_FAILURE: - case PSA_ERROR_HARDWARE_FAILURE: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - case PSA_ERROR_DATA_CORRUPT: - case PSA_ERROR_DATA_INVALID: - case PSA_ERROR_STORAGE_FAILURE: - return MBEDTLS_ERR_PK_FILE_IO_ERROR; - case PSA_ERROR_CORRUPTION_DETECTED: - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - default: - return MBEDTLS_ERR_ERROR_GENERIC_ERROR; - } -} -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ -#endif /* MBEDTLS_PSA_CRYPTO_C */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status) -{ - switch (status) { - case PSA_ERROR_NOT_PERMITTED: - case PSA_ERROR_INVALID_ARGUMENT: - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - case PSA_ERROR_INVALID_HANDLE: - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - case PSA_ERROR_BUFFER_TOO_SMALL: - return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - case PSA_ERROR_INSUFFICIENT_ENTROPY: - return MBEDTLS_ERR_ECP_RANDOM_FAILED; - case PSA_ERROR_INVALID_SIGNATURE: - return MBEDTLS_ERR_ECP_VERIFY_FAILED; - case PSA_SUCCESS: - return 0; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_PK_ALLOC_FAILED; - case PSA_ERROR_BAD_STATE: - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - case PSA_ERROR_COMMUNICATION_FAILURE: - case PSA_ERROR_HARDWARE_FAILURE: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - case PSA_ERROR_DATA_CORRUPT: - case PSA_ERROR_DATA_INVALID: - case PSA_ERROR_STORAGE_FAILURE: - return MBEDTLS_ERR_PK_FILE_IO_ERROR; - case PSA_ERROR_CORRUPTION_DETECTED: - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - default: - return MBEDTLS_ERR_ERROR_GENERIC_ERROR; - } -} -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - #if defined(MBEDTLS_RSA_C) static int rsa_can_do(mbedtls_pk_type_t type) { diff --git a/library/pk_wrap.h b/library/pk_wrap.h index a6237bf638..be096da53a 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -15,9 +15,9 @@ #include "mbedtls/pk.h" -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif struct mbedtls_pk_info_t { /** Public key type */ @@ -125,12 +125,6 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; extern const mbedtls_pk_info_t mbedtls_ecdsa_opaque_info; extern const mbedtls_pk_info_t mbedtls_rsa_opaque_info; -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_ecdsa(psa_status_t status); -#endif -#endif - #if defined(MBEDTLS_RSA_C) int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md, mbedtls_rsa_context *rsa_ctx, @@ -141,16 +135,4 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md, #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_PSA_CRYPTO_C) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa(psa_status_t status); - -#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) -int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_rsa(psa_status_t status); -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - -#endif /* MBEDTLS_PSA_CRYPTO_C */ - #endif /* MBEDTLS_PK_WRAP_H */ From bad170e159ad9505301b973a0e22c05e74af622a Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> Date: Thu, 14 Dec 2023 22:03:12 +0200 Subject: [PATCH 389/653] pk: remove last references to MBEDTLS_PSA_CRYPTO_C They are replaced by MBEDTLS_USE_PSA_CRYPTO. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> --- include/mbedtls/pk.h | 15 +++++---------- library/pk.c | 6 +++--- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 355bf10346..27768bd35a 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -28,7 +28,7 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #endif @@ -229,7 +229,7 @@ typedef struct mbedtls_pk_context { void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */ /* The following field is used to store the ID of a private key in the * following cases: - * - opaque key when MBEDTLS_PSA_CRYPTO_C is defined + * - opaque key when MBEDTLS_USE_PSA_CRYPTO is defined * - normal key when MBEDTLS_PK_USE_PSA_EC_DATA is defined. In this case: * - the pk_ctx above is not not used to store the private key anymore. * Actually that field not populated at all in this case because also @@ -239,15 +239,10 @@ typedef struct mbedtls_pk_context { * * Note: this private key storing solution only affects EC keys, not the * other ones. The latters still use the pk_ctx to store their own - * context. - * - * Note: this priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by - * MBEDTLS_PK_USE_PSA_EC_DATA (as the public counterpart below) because, - * when working with opaque keys, it can be used also in - * mbedtls_pk_sign_ext for RSA keys. */ -#if defined(MBEDTLS_PSA_CRYPTO_C) + * context. */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */ -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* The following fields are meant for storing the public key in raw format * which is handy for: * - easily importing it into the PSA context diff --git a/library/pk.c b/library/pk.c index 929af3c653..61ac0dfab0 100644 --- a/library/pk.c +++ b/library/pk.c @@ -29,7 +29,7 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa_util_internal.h" #include "md_psa.h" #endif @@ -44,9 +44,9 @@ void mbedtls_pk_init(mbedtls_pk_context *ctx) { ctx->pk_info = NULL; ctx->pk_ctx = NULL; -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) ctx->priv_id = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) memset(ctx->pub_raw, 0, sizeof(ctx->pub_raw)); ctx->pub_raw_len = 0; From 5297e43eec42f590718814ab6c9b364d5145bc1d Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> Date: Thu, 14 Dec 2023 22:12:07 +0200 Subject: [PATCH 390/653] non-psa-pk-implementation: rephrase the changelog entry And remove the comment on the uniformity in the PK module with regards to PSA_CRYPTO_C not being referenced anymore; end users are probably not interested in that. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> --- ChangeLog.d/non-psa-pk-implementation.txt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/non-psa-pk-implementation.txt b/ChangeLog.d/non-psa-pk-implementation.txt index 88ed006544..a7129a6da6 100644 --- a/ChangeLog.d/non-psa-pk-implementation.txt +++ b/ChangeLog.d/non-psa-pk-implementation.txt @@ -1,4 +1,3 @@ Changes - * mbedtls_pk_sign_ext() is now available even without PSA - (MBEDTLS_PSA_CRYPTO_C). This improves uniformity in the PK module; - it now only depends on MBEDTLS_USE_PSA_CRYPTO for its use of PSA. + * mbedtls_pk_sign_ext() is now always available, not just when + PSA (MBEDTLS_PSA_CRYPTO_C) is enabled. \ No newline at end of file From 9f41770313af84b63d82f6ca768eb66457b36374 Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> Date: Sat, 16 Dec 2023 15:28:51 +0200 Subject: [PATCH 391/653] pk_*: remove remaining references to MBEDTLS_PSA_CRYPTO_C For real this time. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com> --- library/pk_internal.h | 22 ++++++++++------------ library/pk_wrap.c | 8 ++++---- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index 81807f1338..d4b140aeff 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -19,7 +19,16 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" -#endif + +#include "psa_util_internal.h" +#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) +#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_pk_rsa_errors, \ + psa_pk_status_to_mbedtls) +#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_pk_ecdsa_errors, \ + psa_pk_status_to_mbedtls) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Headers/footers for PEM files */ #define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----" @@ -35,17 +44,6 @@ #define PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----BEGIN ENCRYPTED PRIVATE KEY-----" #define PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----END ENCRYPTED PRIVATE KEY-----" -#if defined(MBEDTLS_PSA_CRYPTO_C) -#include "psa_util_internal.h" -#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) -#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_pk_rsa_errors, \ - psa_pk_status_to_mbedtls) -#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_pk_ecdsa_errors, \ - psa_pk_status_to_mbedtls) -#endif - #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) /** * Public function mbedtls_pk_ec() can be used to get direct access to the diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 88572f815c..9247945230 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -26,14 +26,14 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PSA_CRYPTO_C) -#include "pkwrite.h" -#endif - #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa_util_internal.h" #include "psa/crypto.h" +#if defined(MBEDTLS_RSA_C) +#include "pkwrite.h" +#endif + #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) #include "mbedtls/asn1write.h" #include "mbedtls/asn1.h" From e6a664ed65a00478da7334f6bf3adf488205ec8c Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles Date: Mon, 18 Dec 2023 11:40:44 +0200 Subject: [PATCH 392/653] changelog: fix missing newline at end of file Signed-off-by: Tomi Fontanilles --- ChangeLog.d/non-psa-pk-implementation.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/non-psa-pk-implementation.txt b/ChangeLog.d/non-psa-pk-implementation.txt index a7129a6da6..535bbf55e6 100644 --- a/ChangeLog.d/non-psa-pk-implementation.txt +++ b/ChangeLog.d/non-psa-pk-implementation.txt @@ -1,3 +1,3 @@ Changes * mbedtls_pk_sign_ext() is now always available, not just when - PSA (MBEDTLS_PSA_CRYPTO_C) is enabled. \ No newline at end of file + PSA (MBEDTLS_PSA_CRYPTO_C) is enabled. From 851d8df58d2f1aa9e691e61321f29411bfaa843d Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles Date: Tue, 19 Dec 2023 15:44:52 +0200 Subject: [PATCH 393/653] fix/work around dependency issues when !MBEDTLS_ECP_C Signed-off-by: Tomi Fontanilles --- include/mbedtls/debug.h | 2 +- library/pk_internal.h | 4 ++-- library/pkparse.c | 4 +--- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 9a17488d2b..922e5bec52 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -230,7 +230,7 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_mpi *X); #endif -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_LIGHT) /** * \brief Print an ECP point to the debug output. This function is always * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the diff --git a/library/pk_internal.h b/library/pk_internal.h index d4b140aeff..025ee8b019 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -44,7 +44,7 @@ #define PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----BEGIN ENCRYPTED PRIVATE KEY-----" #define PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----END ENCRYPTED PRIVATE KEY-----" -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) /** * Public function mbedtls_pk_ec() can be used to get direct access to the * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not @@ -80,7 +80,7 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) return NULL; } } -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_context *pk) diff --git a/library/pkparse.c b/library/pkparse.c index c33b74203b..6ce7fcf1d1 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -15,6 +15,7 @@ #include "mbedtls/platform_util.h" #include "mbedtls/platform.h" #include "mbedtls/error.h" +#include "mbedtls/ecp.h" #include "pk_internal.h" #include @@ -28,9 +29,6 @@ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) -#include "mbedtls/ecp.h" -#endif /* Extended formats */ #if defined(MBEDTLS_PEM_PARSE_C) From 3fab8a4deb3c62ae05cde3279f6857a2679ba192 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 14:25:37 +0100 Subject: [PATCH 394/653] driver-only-builds: fix typos Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 373de23894..05bffa5747 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -296,7 +296,7 @@ It should be noticed that the matching between legacy (i.e. `MBEDTLS_xxx_C`) and PSA (i.e. `PSA_WANT_xxx`) symbols is not always 1:1. For example: - ECB mode is always enabled in legacy configuration for each key type that allows it (AES, ARIA, Camellia, DES), whereas it must be explicitly enabled - in PSA with `PSA_WANT_ALG_ECB`; + in PSA with `PSA_WANT_ALG_ECB_NO_PADDING`; - similarly for stream ciphers, it is automatically enabled for key types that support it (`CHACHA20_C` and `NULL_CIPHER`) whereas it must be explicitly enabled in PSA with `PSA_WANT_ALG_STREAM_CIPHER`; @@ -333,7 +333,7 @@ PSA acceleration when: This is possible when: -- all ciphers and AEADs are accelerated; +- all ciphers and AEADs are accelerated, or - no legacy module, either cipher or AEAD, is enabled. The only exception being CCM/GCM when key types are accelerated, as described in section [Partial acceleration for CCM/GCM](#partial-acceleration-for-CCM/GCM). From af53132e443420649daeaec40d5c614aea56007a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 15:56:09 +0100 Subject: [PATCH 395/653] driver-only-builds: enhancing section on removing CIPHER_C Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 05bffa5747..7b4b480d3d 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -331,12 +331,17 @@ PSA acceleration when: ### Disabling CIPHER_C -This is possible when: +This only depends on unauthenticated ciphers: they can be either completely +accelerated or disabled in order to remove the dependency on `MBEDTLS_CIPHER_C`. -- all ciphers and AEADs are accelerated, or -- no legacy module, either cipher or AEAD, is enabled. The only exception being - CCM/GCM when key types are accelerated, as described in section - [Partial acceleration for CCM/GCM](#partial-acceleration-for-CCM/GCM). +AEADs do not have such restriction. Of course they can be accelerated as well, +but they can also rely on the legacy modules (`MBEDTLS_[CCM|GCM|CHACHAPOLY]`) +with the following conditions on the underlying key types: +- CCM/GCM can either use legacy key type modules `MBEDTLS_[AES|ARIA|CAMELLIA]_C` + or their accelerated version, as described in section + ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-CCM/GCM). +- ChaChaPoly instead can only rely on legacy key type module `MBEDTLS_CHACHA20_C` + and algorithm `MBEDTLS_POLY1305_C`. It should be noticed that disabling `MBEDTLS_CIPHER_C` helps in reducing code's footprint, but unfortunately it makes the following modules unavailable: From d834896c8b423359dee2e95c18a8198e349d13a0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 16:00:44 +0100 Subject: [PATCH 396/653] changelog: enhancing descriptions Signed-off-by: Valerio Setti --- ChangeLog.d/8358.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ChangeLog.d/8358.txt b/ChangeLog.d/8358.txt index d4c847c827..2b66d8d229 100644 --- a/ChangeLog.d/8358.txt +++ b/ChangeLog.d/8358.txt @@ -1,9 +1,9 @@ Features * It is now possible to accelerate all ciphers and AEADs through a driver, while completely removing legacy support and MBEDTLS_CIPHER_C, and still - get full functionality. Only unsupported features that still depend on - MBEDTLS_CIPHER_C are: MBEDTLS_PKCS[5|12]_C and MBEDTLS_NIST_KW_C. - * CTR-DRBG module can now take advantage of PSA driver. Legacy - MBEDTLS_AES_C is still the preferred solution, but when it's not available - it can rely on PSA if PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING - are defined. + get most things working, including TLS - see + docs/driver-only-builds.md for full details and current limitations. + * The CTR-DRBG module no longer depends on MBEDTLS_AES_C and can also use + AES from a PSA driver. This requires MBEDTLS_PSA_CRYPTO_C, + PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING to be enabled, and + MBEDTLS_AES_C to be disabled. From f5e135670b5e86e38e20b62beac9942cb982ac58 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 20 Dec 2023 15:24:47 +0000 Subject: [PATCH 397/653] Clarify key generation and memory-management correctness Signed-off-by: Ryan Everett --- .../psa-thread-safety/psa-thread-safety.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/docs/architecture/psa-thread-safety/psa-thread-safety.md b/docs/architecture/psa-thread-safety/psa-thread-safety.md index 70b1341c23..075c8c4e37 100644 --- a/docs/architecture/psa-thread-safety/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety/psa-thread-safety.md @@ -29,7 +29,7 @@ Tempting platform requirements that we cannot add to the default `MBEDTLS_THREAD If you build with `MBEDTLS_PSA_CRYPTO_C` and `MBEDTLS_THREADING_C`, the code must be functionally correct: no race conditions, deadlocks or livelocks. -The [PSA Crypto API specification](https://armmbed.github.io/mbed-crypto/html/overview/conventions.html#concurrent-calls) defines minimum expectations for concurrent calls. They must work as if they had been executed one at a time, except that the following cases have undefined behavior: +The [PSA Crypto API specification](https://armmbed.github.io/mbed-crypto/html/overview/conventions.html#concurrent-calls) defines minimum expectations for concurrent calls. They must work as if they had been executed one at a time (excluding resource-management errors), except that the following cases have undefined behavior: * Destroying a key while it's in use. * Concurrent calls using the same operation object. (An operation object may not be used by more than one thread at a time. But it can move from one thread to another between calls.) @@ -290,7 +290,7 @@ For concurrency purposes, a slot can be in one of four states: To change `slot` to state `new_state`, a function must call `psa_slot_state_transition(slot, new_state)`. -A counter field within each slot keeps track of how many readers have registered. Library functions must call `psa_register_read` before reading the key data witin a slot, and `psa_unregister_read` after they have finished operating. +A counter field within each slot keeps track of how many readers have registered. Library functions must call `psa_register_read` before reading the key data within a slot, and `psa_unregister_read` after they have finished operating. Any call to `psa_slot_state_transition`, `psa_register_read` or `psa_unregister_read` must be performed by a thread which holds the global mutex. @@ -298,7 +298,9 @@ Any call to `psa_slot_state_transition`, `psa_register_read` or `psa_unregister_ To satisfy the requirements in [Correctness out of the box](#correctness-out-of-the-box), we require our functions to be "linearizable" (under certain constraints). This means that any (constraint satisfying) set of concurrent calls are performed as if they were executed in some sequential order. -The standard way of reasoning that this is the case is to identify a "linearization point" for each call, this is a single execution step where the function takes effect (this is usually a step in which the effects of the call become visible to other threads). If every call has a linearization point, the set of calls is equivalent to sequentially performing the calls in order of when their linearization point occured. +The standard way of reasoning that this is the case is to identify a "linearization point" for each call, this is a single execution step where the function takes effect (this is usually a step in which the effects of the call become visible to other threads). If every call has a linearization point, the set of calls is equivalent to sequentially performing the calls in order of when their linearization point occurred. + +We only require linearizability to hold in the case where a resource-management error is not returned. In a set of concurrent calls, it is permitted for a call c to fail with a PSA_ERROR_INSUFFICIENT_MEMORY return code even if there does not exist a sequential ordering of the calls in which c returns this error. We only access and modify a slot's state and reader count while we hold the global lock. This ensures the memory in which these fields are stored is correctly synchronized. It also ensures that the key data within the slot is synchronised where needed (the writer unlocks the mutex after filling the data, and any reader must lock the mutex before reading the data). @@ -306,8 +308,11 @@ To help justify that our system is linearizable, here is a list of key slot stat * `psa_wipe_key_slot, psa_register_read, psa_unregister_read, psa_slot_state_transition,` - These functions are all always performed under the global mutex, so they have no effects visible to other threads (this implies that they are linearizable). * `psa_get_empty_key_slot, psa_get_and_lock_key_slot_in_memory, psa_load_X_key_into_slot, psa_fail_key_creation` - These functions hold the mutex for all non-setup/finalizing code, their linearization points are the release of the mutex. * `psa_get_and_lock_key_slot` - If the key is already in a slot, the linearization point is the linearization point of the call to `psa_get_and_lock_key_slot_in_memory`. If the key is not in a slot and is loaded into one, the linearization point is the linearization point of the call to `psa_load_X_key_into_slot`. +* `psa_start_key_creation` - From the perspective of other threads, the only effect of a successful call to this function is that the amount of usable resources decreases (a key slot which was usable is now unusable). Since we do not consider resource management as linearizable behaviour, when arguing for linearizability of the system we consider this function to have no visible effect to other threads. * `psa_finish_key_creation` - On a successful load, we lock the mutex and set the state of the slot to FULL, the linearization point is then the following unlock. On an unsuccessful load, the linearization point is when we return - no action we have performed has been made visible to another thread as the slot is still in a FILLING state. * `psa_destroy_key, psa_close_key, psa_purge_key` - As per the requirements, we need only argue for the case where the key is not in use here. The linearization point is the unlock after wiping the data and setting the slot state to EMPTY. +* `psa_import_key, psa_copy_key, psa_generate_key, mbedtls_psa_register_se_key` - These functions call both `psa_start_key_creation` and `psa_finish_key_creation`, the linearization point of a successful call is the linearization point of the call to `psa_finish_key_creation`. The linearization point of an unsuccessful call is the linearization point of the call to `psa_fail_key_creation`. +* `psa_key_derivation_output_key` - Same as above. If the operation object is in use by multiple threads, the behaviour need not be linearizable. Library functions which operate on a slot will return `PSA_ERROR_BAD_STATE` if the slot is in an inappropriate state for the function at the linearization point. From 66134661cd82c29f12e3559dcf8661b610804e0b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 17:06:13 +0100 Subject: [PATCH 398/653] driver-only-builds: add Restrictions section Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 7b4b480d3d..0fb4378776 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -290,6 +290,15 @@ operations of that type requested through the PSA Crypto API are performed by the driver. Only functions belonging to legacy modules which are disabled won't be available in this configuration. +### Restrictions + +- If an algorithm other than GCM and CCM (see + ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-ccmgcm) below) + is enabled but not accelerated, then all key types than can be used with it + will need to be built-in; +- if a key type is enabled but not accelerated, then all algorithms than can be + used with it will need to be built-in. + ### Legacy <-> PSA matching It should be noticed that the matching between legacy (i.e. `MBEDTLS_xxx_C`) @@ -339,7 +348,7 @@ but they can also rely on the legacy modules (`MBEDTLS_[CCM|GCM|CHACHAPOLY]`) with the following conditions on the underlying key types: - CCM/GCM can either use legacy key type modules `MBEDTLS_[AES|ARIA|CAMELLIA]_C` or their accelerated version, as described in section - ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-CCM/GCM). + ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-ccmgcm). - ChaChaPoly instead can only rely on legacy key type module `MBEDTLS_CHACHA20_C` and algorithm `MBEDTLS_POLY1305_C`. From 3dd6cde0d819a9eb45f3be694fbf72e70d54cceb Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 20 Dec 2023 16:45:31 +0000 Subject: [PATCH 399/653] Mention functional correctness explicitly Signed-off-by: Ryan Everett --- docs/architecture/psa-thread-safety/psa-thread-safety.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/psa-thread-safety/psa-thread-safety.md b/docs/architecture/psa-thread-safety/psa-thread-safety.md index 075c8c4e37..dc5d7e1894 100644 --- a/docs/architecture/psa-thread-safety/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety/psa-thread-safety.md @@ -300,7 +300,7 @@ To satisfy the requirements in [Correctness out of the box](#correctness-out-of- The standard way of reasoning that this is the case is to identify a "linearization point" for each call, this is a single execution step where the function takes effect (this is usually a step in which the effects of the call become visible to other threads). If every call has a linearization point, the set of calls is equivalent to sequentially performing the calls in order of when their linearization point occurred. -We only require linearizability to hold in the case where a resource-management error is not returned. In a set of concurrent calls, it is permitted for a call c to fail with a PSA_ERROR_INSUFFICIENT_MEMORY return code even if there does not exist a sequential ordering of the calls in which c returns this error. +We only require linearizability to hold in the case where a resource-management error is not returned. In a set of concurrent calls, it is permitted for a call c to fail with a PSA_ERROR_INSUFFICIENT_MEMORY return code even if there does not exist a sequential ordering of the calls in which c returns this error. Even if such an error occurs, all calls are still required to be functionally correct. We only access and modify a slot's state and reader count while we hold the global lock. This ensures the memory in which these fields are stored is correctly synchronized. It also ensures that the key data within the slot is synchronised where needed (the writer unlocks the mutex after filling the data, and any reader must lock the mutex before reading the data). From 049cd302ed13a516eef412bffa9753f77edb763f Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Dec 2023 17:28:31 +0000 Subject: [PATCH 400/653] Refactor record size limit extension handling Signed-off-by: Waleed Elmelegy --- include/mbedtls/ssl.h | 2 +- library/ssl_tls.c | 45 ++++++++++++++++++++++++++-- library/ssl_tls13_client.c | 13 ++++++++ library/ssl_tls13_generic.c | 37 ----------------------- tests/src/test_helpers/ssl_helpers.c | 4 +++ tests/suites/test_suite_ssl.function | 4 +++ 6 files changed, 65 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 85ec7ab364..3192e2a826 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1188,7 +1188,7 @@ struct mbedtls_ssl_session { unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -/*!< RecordSizeLimit received by peer */ +/*!< RecordSizeLimit received from the peer */ #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) uint16_t MBEDTLS_PRIVATE(record_size_limit); #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7a8c759fa3..914eec3299 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2492,7 +2492,7 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, needed += 4; /* max_early_data_size */ #endif #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - needed += 2; /* record_size_limit */ + needed += 2; /* record_size_limit */ #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_HAVE_TIME) @@ -3420,6 +3420,31 @@ size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl) return max_len; } +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + +size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl) +{ + const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; + size_t record_size_limit = max_len; + + if (ssl->session != NULL && + ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && + ssl->session->record_size_limit < max_len) { + record_size_limit = ssl->session->record_size_limit; + } + + // TODO: this is currently untested + /* During a handshake, use the value being negotiated */ + if (ssl->session_negotiate != NULL && + ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && + ssl->session_negotiate->record_size_limit < max_len) { + record_size_limit = ssl->session_negotiate->record_size_limit; + } + + return record_size_limit; +} +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl) { size_t max_len; @@ -3491,6 +3516,21 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) if (max_len > record_size_limit) { max_len = record_size_limit; + if (ssl->transform_out != NULL && + ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { + /* RFC 8449, section 4: + * + * This value [record_size_limit] is the length of the plaintext + * of a protected record. + * The value includes the content type and padding added in TLS 1.3 + * (that is, the complete length of TLSInnerPlaintext). + * + * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY + * and subtract 1 (for the content type that will be added later) + */ + max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; + } } #endif @@ -3516,7 +3556,8 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ - !defined(MBEDTLS_SSL_PROTO_DTLS) + !defined(MBEDTLS_SSL_PROTO_DTLS) && \ + !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) ((void) ssl); #endif diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 1a246c4dfc..503db5862a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2131,6 +2131,19 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl, p += extension_data_len; } + if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) && + (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH))) { + mbedtls_debug_print_msg(ssl, + 3, + __FILE__, + __LINE__, + "Record size limit extension cannot be used with max fragment length extension"); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } + MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, handshake->received_extensions); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7c7aac80e4..326811a601 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1732,43 +1732,6 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, return 0; } -static inline size_t ssl_compute_internal_record_size_limit(size_t record_size_limit) -{ - /* RFC 8449, section 4: - * - * This value [record_size_limit] is the length of the plaintext of a protected record. - * The value includes the content type and padding added in TLS 1.3 (that is, the complete - * length of TLSInnerPlaintext). - * - * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY - * and subtract 1 (for the content type that will be added later) - */ - return ((record_size_limit / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; -} - -size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl) -{ - const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; - size_t record_size_limit = max_len; - - if (ssl->session != NULL && - ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && - ssl->session->record_size_limit < max_len) { - record_size_limit = ssl_compute_internal_record_size_limit(ssl->session->record_size_limit); - } - - // TODO: this is currently untested - /* During a handshake, use the value being negotiated */ - if (ssl->session_negotiate != NULL && - ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && - ssl->session_negotiate->record_size_limit < max_len) { - record_size_limit = ssl_compute_internal_record_size_limit( - ssl->session_negotiate->record_size_limit); - } - - return record_size_limit; -} #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index d02d305394..3d8937da6d 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1776,6 +1776,10 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, } #endif /* MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + session->record_size_limit = 2048; +#endif + return 0; } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 05571a1dc8..8a03d1b970 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2096,6 +2096,10 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + TEST_ASSERT(original.record_size_limit == restored.record_size_limit); +#endif + exit: mbedtls_ssl_session_free(&original); mbedtls_ssl_session_free(&restored); From 65e3046e183a8df70d7806180d3f0d8b3f970ac3 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Dec 2023 17:55:10 +0000 Subject: [PATCH 401/653] Fix code style in ssl_tls.c Signed-off-by: Waleed Elmelegy --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 914eec3299..452970ebe8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3530,7 +3530,7 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) */ max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; - } + } } #endif From 8c1e6bbcdc808d72967868df81ba215d7bc50546 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 15:02:48 +0100 Subject: [PATCH 402/653] driver-only-builds: fix typos Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 0fb4378776..09c09d5368 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -243,7 +243,7 @@ removing builtin support (i.e. `MBEDTLS_DHM_C`). Ciphers and AEADs ----------------- -It is possible to have all ciphers and AEADs operations provided only by a +It is possible to have all ciphers and AEAD operations provided only by a driver. More precisely, for each desired combination of key type and algorithm/mode you can: - enable desired PSA key type(s): @@ -251,7 +251,7 @@ algorithm/mode you can: - `PSA_WANT_KEY_TYPE_ARIA`, - `PSA_WANT_KEY_TYPE_CAMELLIA`, - `PSA_WANT_KEY_TYPE_CHACHA20`, - - `PSA_WANT_KEY_TYPE_DES`; + - `PSA_WANT_KEY_TYPE_DES`. - enable desired PSA algorithm(s): - unauthenticated ciphers modes: - `PSA_WANT_ALG_CBC_NO_PADDING`, @@ -261,13 +261,13 @@ algorithm/mode you can: - `PSA_WANT_ALG_CTR`, - `PSA_WANT_ALG_ECB_NO_PADDING`, - `PSA_WANT_ALG_OFB`, - - `PSA_WANT_ALG_STREAM_CIPHER`; + - `PSA_WANT_ALG_STREAM_CIPHER`. - AEADs: - `PSA_WANT_ALG_CCM`, - `PSA_WANT_ALG_GCM`, - - `PSA_WANT_ALG_CHACHA20_POLY1305`; + - `PSA_WANT_ALG_CHACHA20_POLY1305`. - enable `MBEDTLS_PSA_ACCEL_[KEY_TYPE_xxx|ALG_yyy]` symbol(s) which correspond - to the PSA_WANT_KEY_TYPE_xxx` and `PSA_WANT_ALG_yyy` of the previous steps; + to the PSA_WANT_KEY_TYPE_xxx` and `PSA_WANT_ALG_yyy` of the previous steps. - disable builtin support of key types: - `MBEDTLS_AES_C`, - `MBEDTLS_ARIA_C`, @@ -334,8 +334,8 @@ algorithm) in order to work with a driver. Legacy CTR-DRBG module (enabled by `MBEDTLS_CTR_DRBG_C`) can also benefit from PSA acceleration when: -- legacy AES module is not enabled (`MBEDTLS_AES_C`) and -- AES is supported on PSA side together with ECB mode, i.e. +- the legacy AES module is not enabled (`MBEDTLS_AES_C`) and +- AES is supported on the PSA side together with ECB mode, i.e. `PSA_WANT_KEY_TYPE_AES` + `PSA_WANT_ALG_ECB_NO_PADDING`. ### Disabling CIPHER_C @@ -343,17 +343,17 @@ PSA acceleration when: This only depends on unauthenticated ciphers: they can be either completely accelerated or disabled in order to remove the dependency on `MBEDTLS_CIPHER_C`. -AEADs do not have such restriction. Of course they can be accelerated as well, +AEADs do not have such a restriction. Of course they can be accelerated as well, but they can also rely on the legacy modules (`MBEDTLS_[CCM|GCM|CHACHAPOLY]`) with the following conditions on the underlying key types: - CCM/GCM can either use legacy key type modules `MBEDTLS_[AES|ARIA|CAMELLIA]_C` or their accelerated version, as described in section ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-ccmgcm). -- ChaChaPoly instead can only rely on legacy key type module `MBEDTLS_CHACHA20_C` - and algorithm `MBEDTLS_POLY1305_C`. +- ChaChaPoly instead can only rely on the legacy key type module + `MBEDTLS_CHACHA20_C` and algorithm `MBEDTLS_POLY1305_C`. -It should be noticed that disabling `MBEDTLS_CIPHER_C` helps in reducing code's -footprint, but unfortunately it makes the following modules unavailable: +It should be noticed that disabling `MBEDTLS_CIPHER_C` helps to reduce the +code's footprint, but unfortunately it makes the following modules unavailable: - `MBEDTLS_PKCS[5|12]_C`, - `MBEDTLS_NIST_KW_C`. From a69e872001f8bb8209b68918e3c27122400eb45f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 16:37:29 +0100 Subject: [PATCH 403/653] pkcs[5/12]: add CIPHER_C for [en/de]crypting functions This commit also updates corresponding test suites. Signed-off-by: Valerio Setti --- include/mbedtls/pkcs12.h | 4 ++-- include/mbedtls/pkcs5.h | 4 ++-- library/pkcs12.c | 6 ++++-- library/pkcs5.c | 6 ++++-- tests/suites/test_suite_pkcs12.function | 4 ++-- tests/suites/test_suite_pkcs5.function | 4 ++-- 6 files changed, 16 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index 09f89a23a4..87f7681f29 100644 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -38,7 +38,7 @@ extern "C" { #endif -#if defined(MBEDTLS_ASN1_PARSE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C) #if !defined(MBEDTLS_DEPRECATED_REMOVED) /** @@ -145,7 +145,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ -#endif /* MBEDTLS_ASN1_PARSE_C */ +#endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C */ /** * \brief The PKCS#12 derivation function uses a password and a salt diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index 6cfe96769b..9ba5689d4a 100644 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -38,7 +38,7 @@ extern "C" { #endif -#if defined(MBEDTLS_ASN1_PARSE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C) #if !defined(MBEDTLS_DEPRECATED_REMOVED) /** @@ -130,7 +130,7 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode, #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ -#endif /* MBEDTLS_ASN1_PARSE_C */ +#endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C*/ /** * \brief PKCS#5 PBKDF2 using HMAC without using the HMAC context diff --git a/library/pkcs12.c b/library/pkcs12.c index 160dc47684..a3467b9820 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -17,7 +17,9 @@ #include "mbedtls/pkcs12.h" #include "mbedtls/asn1.h" +#if defined(MBEDTLS_CIPHER_C) #include "mbedtls/cipher.h" +#endif /* MBEDTLS_CIPHER_C */ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -29,7 +31,7 @@ #include "psa_util_internal.h" -#if defined(MBEDTLS_ASN1_PARSE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C) static int pkcs12_parse_pbe_params(mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations) @@ -238,7 +240,7 @@ exit: return ret; } -#endif /* MBEDTLS_ASN1_PARSE_C */ +#endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C */ static void pkcs12_fill_buffer(unsigned char *data, size_t data_len, const unsigned char *filler, size_t fill_len) diff --git a/library/pkcs5.c b/library/pkcs5.c index d6209bd113..c6c53054b6 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -24,7 +24,9 @@ #if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" +#if defined(MBEDTLS_CIPHER_C) #include "mbedtls/cipher.h" +#endif /* MBEDTLS_CIPHER_C */ #include "mbedtls/oid.h" #endif /* MBEDTLS_ASN1_PARSE_C */ @@ -34,7 +36,7 @@ #include "psa_util_internal.h" -#if defined(MBEDTLS_ASN1_PARSE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C) static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations, int *keylen, mbedtls_md_type_t *md_type) @@ -261,7 +263,7 @@ exit: return ret; } -#endif /* MBEDTLS_ASN1_PARSE_C */ +#endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C */ static int pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx, const unsigned char *password, diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function index 1d0c287fd8..2a5a5bae88 100644 --- a/tests/suites/test_suite_pkcs12.function +++ b/tests/suites/test_suite_pkcs12.function @@ -69,7 +69,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C:MBEDTLS_CIPHER_C */ void pkcs12_pbe_encrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw, data_t *data, int outsize, int ref_ret, data_t *ref_out) { @@ -124,7 +124,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C:MBEDTLS_CIPHER_C */ void pkcs12_pbe_decrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw, data_t *data, int outsize, int ref_ret, data_t *ref_out) { diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index 2b0b0c1e00..afe9f38071 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -27,7 +27,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C:MBEDTLS_CIPHER_C */ void pbes2_encrypt(int params_tag, data_t *params_hex, data_t *pw, data_t *data, int outsize, int ref_ret, data_t *ref_out) @@ -75,7 +75,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C:MBEDTLS_CIPHER_C */ void pbes2_decrypt(int params_tag, data_t *params_hex, data_t *pw, data_t *data, int outsize, int ref_ret, data_t *ref_out) From 6d3a68162c5dbb16ba46926739e2deaa43a34d4d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 16:40:03 +0100 Subject: [PATCH 404/653] check_config: remove CIPHER_C requirement for PKCS[5/12] Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 9 --------- 1 file changed, 9 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 34ddcb1596..1f3c8525fe 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -281,15 +281,6 @@ #error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_CIPHER_C) -#error "MBEDTLS_PKCS12_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PKCS5_C) && \ - !defined(MBEDTLS_CIPHER_C) -#error "MBEDTLS_PKCS5_C defined, but not all prerequisites" -#endif - /* Helpers for hash dependencies, will be undefined at the end of the file */ /* Do SHA-256, 384, 512 to cover Entropy and TLS. */ #if defined(MBEDTLS_SHA256_C) || \ From a72a797ffdee272166fcdab72468833873d7b7a5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 16:40:40 +0100 Subject: [PATCH 405/653] all.sh: keep PKCS[5/12] enabled in accel_cipher_aead tests Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bdf46a3ed8..224f09b2ad 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3736,12 +3736,6 @@ common_psa_crypto_config_accel_cipher_aead() { # Start from the full config helper_libtestdriver1_adjust_config "full" - # CIPHER_C is disabled in the accelerated test component so we disable - # all the features that depend on it both in the accelerated and in the - # reference components. - scripts/config.py unset MBEDTLS_PKCS5_C - scripts/config.py unset MBEDTLS_PKCS12_C - scripts/config.py unset MBEDTLS_NIST_KW_C } From 5c7e94487eec04bb16d4ac6533d7bc5029cf2d03 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 21 Dec 2023 15:42:22 +0000 Subject: [PATCH 406/653] fix line length Signed-off-by: Dave Rodgman --- tests/scripts/depends.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index a7d5672be6..25a15c4756 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -381,7 +381,8 @@ class DomainData: def __init__(self, options, conf): """Gather data about the library and establish a list of domains to test.""" - build_command = [options.make_command] + options.make_vars.split(' ') + ['CFLAGS=-Werror -O2'] + build_command = [options.make_command] + options.make_vars.split(' ') + \ + ['CFLAGS=-Werror -O2'] build_and_test = [build_command, [options.make_command, 'test']] self.all_config_symbols = set(conf.settings.keys()) # Find hash modules by name. From 49067d7d0ed103a479c42663421825726495a2d5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 17:07:10 +0100 Subject: [PATCH 407/653] driver-only-builds: update documentation Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 09c09d5368..fba3779ada 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -285,10 +285,10 @@ algorithm/mode you can: - `MBEDTLS_CHACHAPOLY_C` - `MBEDTLS_NULL_CIPHER` -Once a key type and related algorithm are accelerated, all cipher and AEADs -operations of that type requested through the PSA Crypto API are performed by -the driver. Only functions belonging to legacy modules which are disabled won't -be available in this configuration. +Once a key type and related algorithm are accelerated, all the PSA Crypto APIs +will work, as well as X.509 and TLS (with MBEDTLS_USE_PSA_CRYPTO enabled) but +some non-PSA APIs will be absent or have reduced functionality, see +[Disabling CIPHER_C](#disabling-cipher_c) for details. ### Restrictions @@ -353,8 +353,11 @@ with the following conditions on the underlying key types: `MBEDTLS_CHACHA20_C` and algorithm `MBEDTLS_POLY1305_C`. It should be noticed that disabling `MBEDTLS_CIPHER_C` helps to reduce the -code's footprint, but unfortunately it makes the following modules unavailable: -- `MBEDTLS_PKCS[5|12]_C`, -- `MBEDTLS_NIST_KW_C`. +code's footprint, but unfortunately it makes the following features unavailable: +- encryption/decryption in PKCS5 and PKCS12 modules (key derivations will still + be available), +- encrypted PEM (write and unecrypted read work normally), +- parsing of encrypted keys (PKCS5 or PKCS12) in PK modules, +- NIST-KW (`MBEDTLS_NIST_KW_C`). From afccc1a6d5fb0fa7133928bca27f3e9faa302a5e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 09:35:34 +0100 Subject: [PATCH 408/653] Indent nested conditionals Signed-off-by: Gilles Peskine --- programs/Makefile | 21 +++++++++++---------- tests/Makefile | 27 ++++++++++++++------------- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index ebdadc0567..c0856b0ac3 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -43,16 +43,17 @@ WINDOWS_BUILD=1 endif ifdef WINDOWS_BUILD -DLEXT=dll -EXEXT=.exe -LOCAL_LDFLAGS += -lws2_32 -lbcrypt -ifdef SHARED -SHARED_SUFFIX=.$(DLEXT) -endif -else -DLEXT ?= so -EXEXT= -SHARED_SUFFIX= + DLEXT=dll + EXEXT=.exe + LOCAL_LDFLAGS += -lws2_32 -lbcrypt + ifdef SHARED + SHARED_SUFFIX=.$(DLEXT) + endif + +else # Not building for Windows + DLEXT ?= so + EXEXT= + SHARED_SUFFIX= endif ifdef WINDOWS diff --git a/tests/Makefile b/tests/Makefile index 29197b7c71..b044d2522c 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -47,20 +47,21 @@ WINDOWS_BUILD=1 endif ifdef WINDOWS_BUILD -DLEXT=dll -EXEXT=.exe -LOCAL_LDFLAGS += -lws2_32 -lbcrypt -ifdef SHARED -SHARED_SUFFIX=.$(DLEXT) -endif -else -DLEXT ?= so -EXEXT= -SHARED_SUFFIX= + DLEXT=dll + EXEXT=.exe + LOCAL_LDFLAGS += -lws2_32 -lbcrypt + ifdef SHARED + SHARED_SUFFIX=.$(DLEXT) + endif -ifeq ($(THREADING),pthread) -LOCAL_LDFLAGS += -lpthread -endif +else # Not building for Windows + DLEXT ?= so + EXEXT= + SHARED_SUFFIX= + + ifeq ($(THREADING),pthread) + LOCAL_LDFLAGS += -lpthread + endif endif ifdef WINDOWS From 4ad5733836fcdcaf95e48b6578e017673378f247 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 11:30:30 +0100 Subject: [PATCH 409/653] Unify treatment of MBEDTLS_TEST_OBJS Unify the treatment of MBEDTLS_TEST_OBJS between programs/Makefile and tests/Makefile: include it via LOCAL_LD_FLAGS in both cases. Document why the definition of MBEDTLS_TEST_OBJS is different. Signed-off-by: Gilles Peskine --- programs/Makefile | 6 ++++-- tests/Makefile | 9 ++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index c0856b0ac3..dc6b7a3d66 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -6,8 +6,10 @@ WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= -MBEDTLS_TEST_PATH:=../tests/src -MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c)) +MBEDTLS_TEST_PATH = ../tests +# Support code used by test programs and test builds, excluding TLS-specific +# code which is in the src/test_helpers subdirectory. +MBEDTLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/*.c ${MBEDTLS_TEST_PATH}/src/drivers/*.c)) LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../tests/include -I../include -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -I../tests/include -D_FILE_OFFSET_BITS=64 diff --git a/tests/Makefile b/tests/Makefile index b044d2522c..3caa88e2f4 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -14,7 +14,8 @@ default: all # from ./include, and private header files (used by some invasive tests) # from ../library. LOCAL_CFLAGS = $(WARNING_CFLAGS) -I./include -I../include -I../library -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = -L../library \ +LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ + -L../library \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) @@ -175,7 +176,9 @@ all: $(BINARIES) $(MBEDLIBS): $(MAKE) -C ../library -MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c src/test_helpers/*.c)) +MBEDTLS_TEST_PATH = . +MBEDTLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/*.c ${MBEDTLS_TEST_PATH}/src/drivers/*.c)) +MBEDTLS_TEST_OBJS += $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/test_helpers/*.c)) mbedtls_test: $(MBEDTLS_TEST_OBJS) @@ -231,7 +234,7 @@ c: $(C_FILES) $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(MBEDTLS_TEST_OBJS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ clean: ifndef WINDOWS From f5c5ce7789f23960b9e1aadef47d9c6aa9338d7c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 11:36:53 +0100 Subject: [PATCH 410/653] Partly unify LOCAL_CFLAGS Signed-off-by: Gilles Peskine --- programs/Makefile | 2 +- tests/Makefile | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index dc6b7a3d66..9ee9820b7a 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -11,7 +11,7 @@ MBEDTLS_TEST_PATH = ../tests # code which is in the src/test_helpers subdirectory. MBEDTLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/*.c ${MBEDTLS_TEST_PATH}/src/drivers/*.c)) -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../tests/include -I../include -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I../include -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -I../tests/include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -L../library \ diff --git a/tests/Makefile b/tests/Makefile index 3caa88e2f4..f242b51576 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -10,10 +10,9 @@ TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(C default: all -# Include public header files from ../include, test-specific header files -# from ./include, and private header files (used by some invasive tests) -# from ../library. -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I./include -I../include -I../library -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I../include -D_FILE_OFFSET_BITS=64 +# Also include library headers, for the sake of invasive tests. +LOCAL_CFLAGS += -I../library LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -L../library \ -lmbedtls$(SHARED_SUFFIX) \ From f3d1ae1f0502ecb1a3555bb3fb4ee408231dae54 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 11:40:58 +0100 Subject: [PATCH 411/653] Create common.make with LOCAL_CFLAGS and friends Create a common.make for definitions that are shared between tests/Makefile and programs/Makefile, to facilitate maintenance. Start populating it with CFLAGS/LDFLAGS variables. More to follow in subsequent commits. Keep library/Makefile independent, at least for the time being. Signed-off-by: Gilles Peskine --- programs/Makefile | 15 +-------------- scripts/common.make | 14 ++++++++++++++ tests/Makefile | 13 +------------ 3 files changed, 16 insertions(+), 26 deletions(-) create mode 100644 scripts/common.make diff --git a/programs/Makefile b/programs/Makefile index 9ee9820b7a..b03e613b4c 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -1,23 +1,10 @@ - -# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS - -CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -LDFLAGS ?= - MBEDTLS_TEST_PATH = ../tests # Support code used by test programs and test builds, excluding TLS-specific # code which is in the src/test_helpers subdirectory. MBEDTLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/*.c ${MBEDTLS_TEST_PATH}/src/drivers/*.c)) LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I../include -D_FILE_OFFSET_BITS=64 -LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -I../tests/include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ - -L../library \ - -lmbedtls$(SHARED_SUFFIX) \ - -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) +include ../scripts/common.make ifeq ($(shell uname -s),Linux) DLOPEN_LDFLAGS ?= -ldl diff --git a/scripts/common.make b/scripts/common.make new file mode 100644 index 0000000000..cee8bd245d --- /dev/null +++ b/scripts/common.make @@ -0,0 +1,14 @@ +# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS + +CFLAGS ?= -O2 +WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral +WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral +LDFLAGS ?= + +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../tests/include -I../include -D_FILE_OFFSET_BITS=64 +LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -I../tests/include -D_FILE_OFFSET_BITS=64 +LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ + -L../library \ + -lmbedtls$(SHARED_SUFFIX) \ + -lmbedx509$(SHARED_SUFFIX) \ + -lmbedcrypto$(SHARED_SUFFIX) diff --git a/tests/Makefile b/tests/Makefile index f242b51576..3a6fd593ba 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,23 +1,12 @@ - -# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS - -CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -LDFLAGS ?= +include ../scripts/common.make # Set this to -v to see the details of failing test cases TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,) default: all -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I../include -D_FILE_OFFSET_BITS=64 # Also include library headers, for the sake of invasive tests. LOCAL_CFLAGS += -I../library -LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ - -L../library \ - -lmbedtls$(SHARED_SUFFIX) \ - -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) include ../3rdparty/Makefile.inc LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) From 076fd2548038c18bb11a9518c125eb12ada152a3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 11:45:53 +0100 Subject: [PATCH 412/653] Unify common variables of programs/Makefile and tests/Makefile Signed-off-by: Gilles Peskine --- programs/Makefile | 45 ---------------------------------------- scripts/common.make | 50 +++++++++++++++++++++++++++++++++++++++++++++ tests/Makefile | 50 --------------------------------------------- 3 files changed, 50 insertions(+), 95 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index b03e613b4c..590b54eba5 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -12,45 +12,8 @@ else DLOPEN_LDFLAGS ?= endif -include ../3rdparty/Makefile.inc -LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) - -ifndef SHARED -MBEDLIBS=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a -else -MBEDLIBS=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) -endif DEP=${MBEDLIBS} ${MBEDTLS_TEST_OBJS} -ifdef DEBUG -LOCAL_CFLAGS += -g3 -endif - -# if we're running on Windows, build for Windows -ifdef WINDOWS -WINDOWS_BUILD=1 -endif - -ifdef WINDOWS_BUILD - DLEXT=dll - EXEXT=.exe - LOCAL_LDFLAGS += -lws2_32 -lbcrypt - ifdef SHARED - SHARED_SUFFIX=.$(DLEXT) - endif - -else # Not building for Windows - DLEXT ?= so - EXEXT= - SHARED_SUFFIX= -endif - -ifdef WINDOWS -PYTHON ?= python -else -PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) -endif - # Only build the dlopen test in shared library builds, and not when building # for Windows. ifdef BUILD_DLOPEN @@ -168,14 +131,6 @@ ${MBEDTLS_TEST_OBJS}: GENERATED_FILES = psa/psa_constant_names_generated.c test/query_config.c generated_files: $(GENERATED_FILES) -# See root Makefile -GEN_FILES ?= yes -ifdef GEN_FILES -gen_file_dep = -else -gen_file_dep = | -endif - psa/psa_constant_names_generated.c: $(gen_file_dep) ../scripts/generate_psa_constants.py psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_values.h psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_extra.h diff --git a/scripts/common.make b/scripts/common.make index cee8bd245d..12fd27fb41 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -12,3 +12,53 @@ LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) + +include ../3rdparty/Makefile.inc +LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) + +ifndef SHARED +MBEDLIBS=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a +else +MBEDLIBS=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) +endif + +ifdef DEBUG +LOCAL_CFLAGS += -g3 +endif + +# if we're running on Windows, build for Windows +ifdef WINDOWS +WINDOWS_BUILD=1 +endif + +ifdef WINDOWS_BUILD + DLEXT=dll + EXEXT=.exe + LOCAL_LDFLAGS += -lws2_32 -lbcrypt + ifdef SHARED + SHARED_SUFFIX=.$(DLEXT) + endif + +else # Not building for Windows + DLEXT ?= so + EXEXT= + SHARED_SUFFIX= + + ifeq ($(THREADING),pthread) + LOCAL_LDFLAGS += -lpthread + endif +endif + +ifdef WINDOWS +PYTHON ?= python +else +PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) +endif + +# See root Makefile +GEN_FILES ?= yes +ifdef GEN_FILES +gen_file_dep = +else +gen_file_dep = | +endif diff --git a/tests/Makefile b/tests/Makefile index 3a6fd593ba..8e4149b94d 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -8,65 +8,15 @@ default: all # Also include library headers, for the sake of invasive tests. LOCAL_CFLAGS += -I../library -include ../3rdparty/Makefile.inc -LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) - # Enable definition of various functions used throughout the testsuite # (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless # on non-POSIX platforms. LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L -ifndef SHARED -MBEDLIBS=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a -else -MBEDLIBS=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) -endif - -ifdef DEBUG -LOCAL_CFLAGS += -g3 -endif - ifdef RECORD_PSA_STATUS_COVERAGE_LOG LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG endif -# if we're running on Windows, build for Windows -ifdef WINDOWS -WINDOWS_BUILD=1 -endif - -ifdef WINDOWS_BUILD - DLEXT=dll - EXEXT=.exe - LOCAL_LDFLAGS += -lws2_32 -lbcrypt - ifdef SHARED - SHARED_SUFFIX=.$(DLEXT) - endif - -else # Not building for Windows - DLEXT ?= so - EXEXT= - SHARED_SUFFIX= - - ifeq ($(THREADING),pthread) - LOCAL_LDFLAGS += -lpthread - endif -endif - -ifdef WINDOWS -PYTHON ?= python -else -PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) -endif - -# See root Makefile -GEN_FILES ?= yes -ifdef GEN_FILES -gen_file_dep = -else -gen_file_dep = | -endif - .PHONY: generated_files GENERATED_BIGNUM_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) scripts/generate_bignum_tests.py --list || \ From 4392fc101ff3f5ef8d273359f73ad9a83f9923ed Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 11:49:35 +0100 Subject: [PATCH 413/653] Unify some common rules of programs/Makefile and tests/Makefile Signed-off-by: Gilles Peskine --- programs/Makefile | 10 ---------- scripts/common.make | 12 ++++++++++++ tests/Makefile | 12 ------------ 3 files changed, 12 insertions(+), 22 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 590b54eba5..64f7cc1a32 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -121,9 +121,6 @@ endif fuzz: ${MBEDTLS_TEST_OBJS} $(MAKE) -C fuzz THIRDPARTY_INCLUDES=$(THIRDPARTY_INCLUDES) -$(MBEDLIBS): - $(MAKE) -C ../library - ${MBEDTLS_TEST_OBJS}: $(MAKE) -C ../tests mbedtls_test @@ -432,12 +429,5 @@ else endif $(MAKE) -C fuzz clean -neat: clean -ifndef WINDOWS - rm -f $(GENERATED_FILES) -else - for %f in ($(subst /,\,$(GENERATED_FILES))) if exist %f del /Q /F %f -endif - list: echo $(EXES) diff --git a/scripts/common.make b/scripts/common.make index 12fd27fb41..1350b12e32 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -62,3 +62,15 @@ gen_file_dep = else gen_file_dep = | endif + +default: all + +$(MBEDLIBS): + $(MAKE) -C ../library + +neat: clean +ifndef WINDOWS + rm -f $(GENERATED_FILES) +else + for %f in ($(subst /,\,$(GENERATED_FILES))) if exist %f del /Q /F %f +endif diff --git a/tests/Makefile b/tests/Makefile index 8e4149b94d..7a10af271c 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -3,8 +3,6 @@ include ../scripts/common.make # Set this to -v to see the details of failing test cases TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,) -default: all - # Also include library headers, for the sake of invasive tests. LOCAL_CFLAGS += -I../library @@ -111,9 +109,6 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS)) all: $(BINARIES) -$(MBEDLIBS): - $(MAKE) -C ../library - MBEDTLS_TEST_PATH = . MBEDTLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/*.c ${MBEDTLS_TEST_PATH}/src/drivers/*.c)) MBEDTLS_TEST_OBJS += $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/test_helpers/*.c)) @@ -193,13 +188,6 @@ else if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h endif -neat: clean -ifndef WINDOWS - rm -f $(GENERATED_FILES) -else - for %f in ($(subst /,\,$(GENERATED_FILES))) if exist %f del /Q /F %f -endif - # Test suites caught by SKIP_TEST_SUITES are built but not executed. check: $(BINARIES) perl scripts/run-test-suites.pl $(TEST_FLAGS) --skip=$(SKIP_TEST_SUITES) From 21570cf2327a804cca9bf60c6b5a7cd4fc5b2e7b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 11:49:50 +0100 Subject: [PATCH 414/653] Auto-detect the need to link with pthread on Unix-like platforms When building with Make on a Unix-like platform (shell and compiler), auto-detect configurations that may require linking with pthread. This removes the need for MAKE_THREADING_FLAGS in all.sh. Signed-off-by: Gilles Peskine --- scripts/common.make | 27 +++++++ tests/scripts/all.sh | 169 +++++++++++++++++++++---------------------- 2 files changed, 110 insertions(+), 86 deletions(-) diff --git a/scripts/common.make b/scripts/common.make index 1350b12e32..a2d1449fea 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -31,6 +31,27 @@ ifdef WINDOWS WINDOWS_BUILD=1 endif +## Usage: $(call remove_unset_options,PREPROCESSOR_INPUT) +## Remove the preprocessor symbols that are not set in the current configuration +## from PREPROCESSOR_INPUT. Also normalize whitespace. +## Example: +## $(call remove_unset_options,MBEDTLS_FOO MBEDTLS_BAR) +## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both +## disabled, to "MBEDTLS_FOO" if MBEDTLS_BAR is enabled but MBEDTLS_FOO is +## disabled, etc. +## +## This only works with a Unix-like shell environment (Bourne/POSIX-style shell +## and standard commands) and a Unix-like compiler (supporting -E). In +## other environments, the output is likely to be empty. +define remove_unset_options +$(strip $(shell + exec 2>/dev/null; + { echo '#include '; echo $(1); } | + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -E - | + tail -n 1 +)) +endef + ifdef WINDOWS_BUILD DLEXT=dll EXEXT=.exe @@ -43,6 +64,12 @@ else # Not building for Windows DLEXT ?= so EXEXT= SHARED_SUFFIX= + ifndef THREADING + # Auto-detect configurations with pthread. + ifeq (control,$(call remove_unset_options,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) + THREADING := pthread + endif + endif ifeq ($(THREADING),pthread) LOCAL_LDFLAGS += -lpthread diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 933c563d30..315c6e5cd7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -216,9 +216,6 @@ pre_initialize_variables () { esac SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" done - - # Option to enable linking with pthreads under make - MAKE_THREADING_FLAGS="THREADING=pthread" } # Test whether the component $1 is included in the command line patterns. @@ -933,7 +930,7 @@ helper_get_psa_key_type_list() { # Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed. helper_libtestdriver1_make_drivers() { loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" } # Build the main libraries, programs and tests, @@ -951,7 +948,7 @@ helper_libtestdriver1_make_main() { # we need flags both with and without the LIBTESTDRIVER1_ prefix loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS "$@" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" } ################################################################ @@ -1446,7 +1443,7 @@ component_test_psa_external_rng_no_drbg_classic () { # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, # the SSL test programs don't have an RNG and can't work. Explicitly # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites" make test @@ -1465,7 +1462,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" make test @@ -1480,7 +1477,7 @@ component_test_psa_external_rng_use_psa_crypto () { scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_CTR_DRBG_C - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" make test @@ -1498,7 +1495,7 @@ component_test_psa_inject_entropy () { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY" make test @@ -1532,14 +1529,14 @@ component_test_crypto_full_md_light_only () { # Note: MD-light is auto-enabled in build_info.h by modules that need it, # which we haven't disabled, so no need to explicitly enable it. - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" # Make sure we don't have the HMAC functions, but the hashing functions not grep mbedtls_md_hmac library/md.o grep mbedtls_md library/md.o msg "test: crypto_full with only the light subset of MD" - make $MAKE_THREADING_FLAGS test + make test } component_test_full_no_cipher () { @@ -1565,7 +1562,7 @@ component_test_full_no_cipher () { scripts/config.py unset MBEDTLS_LMS_PRIVATE msg "test: full no CIPHER no PSA_CRYPTO_C" - make $MAKE_THREADING_FLAGS test + make test } # This is a common configurator and test function that is used in: @@ -1614,7 +1611,7 @@ common_test_full_no_cipher_with_psa_crypto () { scripts/config.py unset MBEDTLS_PKCS12_C scripts/config.py unset MBEDTLS_PKCS5_C - make $MAKE_THREADING_FLAGS + make # Ensure that CIPHER_C was not re-enabled not grep mbedtls_cipher_init library/cipher.o @@ -1647,7 +1644,7 @@ component_test_full_no_ccm() { # PSA_WANT_ALG_CCM to be re-enabled. scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM - make $MAKE_THREADING_FLAGS + make msg "test: full no PSA_WANT_ALG_CCM" make test @@ -1675,7 +1672,7 @@ component_test_full_no_ccm_star_no_tag() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - make $MAKE_THREADING_FLAGS + make # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled not grep mbedtls_psa_cipher library/psa_crypto_cipher.o @@ -1732,7 +1729,7 @@ component_test_full_no_bignum () { scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - make $MAKE_THREADING_FLAGS + make msg "test: full minus bignum" make test @@ -2010,7 +2007,7 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { component_test_psa_collect_statuses () { msg "build+test: psa_collect_statuses" # ~30s scripts/config.py full - tests/scripts/psa_collect_statuses.py --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/psa_collect_statuses.py # Check that psa_crypto_init() succeeded at least once grep -q '^0:psa_crypto_init:' tests/statuses.log rm -f tests/statuses.log @@ -2189,7 +2186,7 @@ component_test_default_no_deprecated () { component_test_full_no_deprecated () { msg "build: make, full_no_deprecated config" # ~ 30s scripts/config.py full_no_deprecated - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' $MAKE_THREADING_FLAGS + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' msg "test: make, full_no_deprecated config" # ~ 5s make test @@ -2206,7 +2203,7 @@ component_test_full_no_deprecated_deprecated_warning () { scripts/config.py full_no_deprecated scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED scripts/config.py set MBEDTLS_DEPRECATED_WARNING - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' $MAKE_THREADING_FLAGS + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s make test @@ -2226,7 +2223,7 @@ component_test_full_deprecated_warning () { # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. # Expect warnings from '#warning' directives in check_config.h and # from the use of deprecated functions in test suites. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' $MAKE_THREADING_FLAGS tests + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s make test @@ -2251,7 +2248,7 @@ component_build_crypto_default () { component_build_crypto_full () { msg "build: make, crypto only, full config" scripts/config.py crypto_full - make CFLAGS='-O1 -Werror' $MAKE_THREADING_FLAGS + make CFLAGS='-O1 -Werror' are_empty_libraries library/libmbedx509.* library/libmbedtls.* } @@ -2311,73 +2308,73 @@ support_build_baremetal () { # depends.py family of tests component_test_depends_py_cipher_id () { msg "test/build: depends.py cipher_id (gcc)" - tests/scripts/depends.py cipher_id --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py cipher_id --unset-use-psa } component_test_depends_py_cipher_chaining () { msg "test/build: depends.py cipher_chaining (gcc)" - tests/scripts/depends.py cipher_chaining --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py cipher_chaining --unset-use-psa } component_test_depends_py_cipher_padding () { msg "test/build: depends.py cipher_padding (gcc)" - tests/scripts/depends.py cipher_padding --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py cipher_padding --unset-use-psa } component_test_depends_py_curves () { msg "test/build: depends.py curves (gcc)" - tests/scripts/depends.py curves --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py curves --unset-use-psa } component_test_depends_py_hashes () { msg "test/build: depends.py hashes (gcc)" - tests/scripts/depends.py hashes --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py hashes --unset-use-psa } component_test_depends_py_kex () { msg "test/build: depends.py kex (gcc)" - tests/scripts/depends.py kex --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py kex --unset-use-psa } component_test_depends_py_pkalgs () { msg "test/build: depends.py pkalgs (gcc)" - tests/scripts/depends.py pkalgs --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py pkalgs --unset-use-psa } # PSA equivalents of the depends.py tests component_test_depends_py_cipher_id_psa () { msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py cipher_id --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py cipher_id } component_test_depends_py_cipher_chaining_psa () { msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py cipher_chaining --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py cipher_chaining } component_test_depends_py_cipher_padding_psa () { msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py cipher_padding --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py cipher_padding } component_test_depends_py_curves_psa () { msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py curves --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py curves } component_test_depends_py_hashes_psa () { msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py hashes --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py hashes } component_test_depends_py_kex_psa () { msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py kex --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py kex } component_test_depends_py_pkalgs_psa () { msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" - tests/scripts/depends.py pkalgs --make-vars="$MAKE_THREADING_FLAGS" + tests/scripts/depends.py pkalgs } component_build_no_pk_rsa_alt_support () { @@ -2389,7 +2386,7 @@ component_build_no_pk_rsa_alt_support () { scripts/config.py set MBEDTLS_X509_CRT_WRITE_C # Only compile - this is primarily to test for compile issues - make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' $MAKE_THREADING_FLAGS + make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' } component_build_module_alt () { @@ -2603,7 +2600,7 @@ component_test_psa_crypto_config_reference_ffdh () { # Disable things that are not supported scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - make $MAKE_THREADING_FLAGS + make msg "test suites: full with non-accelerated FFDH alg" make test @@ -2642,7 +2639,7 @@ component_test_psa_crypto_config_accel_pake() { # ------------- msg "test: full with accelerated PAKE" - make $MAKE_THREADING_FLAGS test + make test } component_test_psa_crypto_config_accel_ecc_some_key_types () { @@ -2702,7 +2699,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { # ------------- msg "test suites: full with accelerated EC algs and some key types" - make $MAKE_THREADING_FLAGS test + make test } # Run tests with only (non-)Weierstrass accelerated @@ -2901,7 +2898,7 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { # ------------- msg "test suites: full with accelerated EC algs" - make $MAKE_THREADING_FLAGS test + make test msg "ssl-opt: full with accelerated EC algs" tests/ssl-opt.sh @@ -2913,7 +2910,7 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () { config_psa_crypto_config_ecp_light_only 0 - make $MAKE_THREADING_FLAGS + make msg "test suites: full with non-accelerated EC algs" make test @@ -3006,7 +3003,7 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # ------------- msg "test: full + accelerated EC algs - ECP" - make $MAKE_THREADING_FLAGS test + make test msg "ssl-opt: full + accelerated EC algs - ECP" tests/ssl-opt.sh @@ -3020,7 +3017,7 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { config_psa_crypto_no_ecp_at_all 0 - make $MAKE_THREADING_FLAGS + make msg "test: full + non accelerated EC algs" make test @@ -3183,7 +3180,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM" - make $MAKE_THREADING_FLAGS test + make test msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" tests/ssl-opt.sh @@ -3214,7 +3211,7 @@ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target" - make $MAKE_THREADING_FLAGS + make msg "test suites: full + non accelerated EC algs + USE_PSA" make test @@ -3333,7 +3330,7 @@ build_full_minus_something_and_test_tls () { scripts/config.py unset $sym done - make $MAKE_THREADING_FLAGS + make msg "test: full minus something, test TLS" ( cd tests; ./test_suite_ssl ) @@ -3372,7 +3369,7 @@ build_and_test_psa_want_key_pair_partial() { # crypto_config.h so we just disable the one we don't want. scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want" - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}" make test @@ -3438,7 +3435,7 @@ component_test_psa_crypto_config_accel_rsa_crypto () { # ------------- msg "test: crypto_full with accelerated RSA" - make $MAKE_THREADING_FLAGS test + make test } component_test_psa_crypto_config_reference_rsa_crypto () { @@ -3450,7 +3447,7 @@ component_test_psa_crypto_config_reference_rsa_crypto () { # Build # ----- - make $MAKE_THREADING_FLAGS + make # Run the tests # ------------- @@ -3652,7 +3649,7 @@ component_test_psa_crypto_config_reference_hash_use_psa() { config_psa_crypto_hash_use_psa 0 - make $MAKE_THREADING_FLAGS + make msg "test: full without accelerated hashes" make test @@ -3817,7 +3814,7 @@ component_test_psa_crypto_config_accel_cipher_aead () { # ------------- msg "test: full config with accelerated cipher and AEAD" - make $MAKE_THREADING_FLAGS test + make test msg "ssl-opt: full config with accelerated cipher and AEAD" tests/ssl-opt.sh @@ -3830,7 +3827,7 @@ component_test_psa_crypto_config_reference_cipher_aead () { msg "build: full config with non-accelerated cipher and AEAD" common_psa_crypto_config_accel_cipher_aead - make $MAKE_THREADING_FLAGS + make msg "test: full config with non-accelerated cipher and AEAD" make test @@ -3847,7 +3844,7 @@ component_test_aead_chachapoly_disabled() { scripts/config.py full scripts/config.py unset MBEDTLS_CHACHAPOLY_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY" make test @@ -3860,7 +3857,7 @@ component_test_aead_only_ccm() { scripts/config.py unset MBEDTLS_GCM_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY and GCM" make test @@ -3891,7 +3888,7 @@ component_build_psa_accel_alg_ecdh() { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. @@ -3901,7 +3898,7 @@ component_build_psa_accel_alg_hmac() { scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. @@ -3914,7 +3911,7 @@ component_build_psa_accel_alg_hkdf() { # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. @@ -3933,7 +3930,7 @@ component_build_psa_accel_alg_md5() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. @@ -3952,7 +3949,7 @@ component_build_psa_accel_alg_ripemd160() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. @@ -3971,7 +3968,7 @@ component_build_psa_accel_alg_sha1() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. @@ -3987,7 +3984,7 @@ component_build_psa_accel_alg_sha224() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. @@ -4003,7 +4000,7 @@ component_build_psa_accel_alg_sha256() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. @@ -4021,7 +4018,7 @@ component_build_psa_accel_alg_sha384() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. @@ -4040,7 +4037,7 @@ component_build_psa_accel_alg_sha512() { scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4054,7 +4051,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4068,7 +4065,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4082,7 +4079,7 @@ component_build_psa_accel_alg_rsa_oaep() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4096,7 +4093,7 @@ component_build_psa_accel_alg_rsa_pss() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4111,7 +4108,7 @@ component_build_psa_accel_key_type_rsa_key_pair() { scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. @@ -4123,7 +4120,7 @@ component_build_psa_accel_key_type_rsa_public_key() { scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } @@ -4292,7 +4289,7 @@ component_test_no_platform () { # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs - make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' $MAKE_THREADING_FLAGS test + make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test } component_build_no_std_function () { @@ -4310,14 +4307,14 @@ component_build_no_ssl_srv () { msg "build: full config except SSL server, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_SRV_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' $MAKE_THREADING_FLAGS + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' } component_build_no_ssl_cli () { msg "build: full config except SSL client, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_CLI_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' $MAKE_THREADING_FLAGS + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' } component_build_no_sockets () { @@ -4492,7 +4489,7 @@ component_test_platform_calloc_macro () { component_test_malloc_0_null () { msg "build: malloc(0) returns NULL (ASan+UBSan build)" scripts/config.py full - make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: malloc(0) returns NULL (ASan+UBSan build)" make test @@ -5104,7 +5101,7 @@ component_test_psa_crypto_drivers () { loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" loc_cflags="${loc_cflags} -I../tests/include -O2" - make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" msg "test: full + test drivers dispatching to builtins" make test @@ -5131,7 +5128,7 @@ test_build_opt () { $cc --version for opt in "$@"; do msg "build/test: $cc $opt, $info" # ~ 30s - make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" $MAKE_THREADING_FLAGS + make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" # We're confident enough in compilers to not run _all_ the tests, # but at least run the unit tests. In particular, runs with # optimizations use inline assembly whereas runs with -O0 @@ -5186,7 +5183,7 @@ component_build_mbedtls_config_file () { msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s scripts/config.py -w full_config.h full echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" $MAKE_THREADING_FLAGS + make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" # Make sure this feature is enabled. We'll disable it in the next phase. programs/test/query_compile_time_config MBEDTLS_NIST_KW_C make clean @@ -5195,7 +5192,7 @@ component_build_mbedtls_config_file () { # In the user config, disable one feature (for simplicity, pick a feature # that nothing else depends on). echo '#undef MBEDTLS_NIST_KW_C' >user_config.h - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" $MAKE_THREADING_FLAGS + make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C rm -f user_config.h full_config.h @@ -5254,7 +5251,7 @@ component_test_m32_no_asm () { scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, make, gcc, no asm (ASan build)" make test @@ -5272,7 +5269,7 @@ component_test_m32_o2 () { msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, make, gcc -O2 (ASan build)" make test @@ -5307,7 +5304,7 @@ support_test_m32_everest () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s scripts/config.py full - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' $MAKE_THREADING_FLAGS + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' msg "test: 64-bit ILP32, make, gcc" make test @@ -5371,7 +5368,7 @@ component_test_no_udbl_division () { msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s scripts/config.py full scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CFLAGS='-Werror -O1' $MAKE_THREADING_FLAGS + make CFLAGS='-Werror -O1' msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s make test @@ -5381,7 +5378,7 @@ component_test_no_64bit_multiplication () { msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s scripts/config.py full scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CFLAGS='-Werror -O1' $MAKE_THREADING_FLAGS + make CFLAGS='-Werror -O1' msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s make test @@ -5395,7 +5392,7 @@ component_test_no_strings () { scripts/config.py unset MBEDTLS_ERROR_C scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY scripts/config.py unset MBEDTLS_VERSION_FEATURES - make CFLAGS='-Werror -Os' $MAKE_THREADING_FLAGS + make CFLAGS='-Werror -Os' msg "test: no strings" # ~ 10s make test @@ -5406,7 +5403,7 @@ component_test_no_x509_info () { scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl set MBEDTLS_X509_REMOVE_INFO - make CFLAGS='-Werror -O2' $MAKE_THREADING_FLAGS + make CFLAGS='-Werror -O2' msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s make test @@ -6009,7 +6006,7 @@ component_build_zeroize_checks () { scripts/config.py full # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" $MAKE_THREADING_FLAGS + make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" } From 811daaa48c3003a563e4e06102743703e323ac1f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 13:16:59 +0100 Subject: [PATCH 415/653] Revert "Add ability to pass make variables to psa_collect_statuses.py" This reverts commit 6587959a32f978aeb02766c27cf30b04d8a245e1. The feature is no longer needed, and the script is broken if you don't pass --make-vars. Signed-off-by: Gilles Peskine --- tests/scripts/psa_collect_statuses.py | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index 6291d7898e..11bbebcc1f 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -82,15 +82,10 @@ def collect_status_logs(options): cwd='tests', stdout=sys.stderr) with open(os.devnull, 'w') as devnull: - build_command = ['make', '-q'] + options.make_vars.split(' ') + \ - ['lib', 'tests'] - make_q_ret = subprocess.call(build_command, stdout=devnull, - stderr=devnull) - print("blagh") + make_q_ret = subprocess.call(['make', '-q', 'lib', 'tests'], + stdout=devnull, stderr=devnull) if make_q_ret != 0: - build_command = ['make'] + options.make_vars.split(' ') + \ - ['RECORD_PSA_STATUS_COVERAGE_LOG=1'] - subprocess.check_call(build_command, + subprocess.check_call(['make', 'RECORD_PSA_STATUS_COVERAGE_LOG=1'], stdout=sys.stderr) rebuilt = True subprocess.check_call(['make', 'test'], @@ -117,9 +112,6 @@ def main(): help='Log file location (default: {})'.format( DEFAULT_STATUS_LOG_FILE )) - parser.add_argument('--make-vars', - help='optional variable/value pairs to pass to make', - action='store', default='') parser.add_argument('--psa-constant-names', metavar='PROGRAM', default=DEFAULT_PSA_CONSTANT_NAMES, help='Path to psa_constant_names (default: {})'.format( From 259df9897267d95e97d6c2a813b4112f11c39637 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 13:17:33 +0100 Subject: [PATCH 416/653] Revert "Add option to pass make variables to depends.py" This reverts commit be978a8c4fc52965b486125f2993251025b1a399. The feature is no longer needed, and the script is broken if you don't pass --make-vars. Signed-off-by: Gilles Peskine --- tests/scripts/depends.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 5fe26f158b..38c184a6ae 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -381,7 +381,7 @@ class DomainData: def __init__(self, options, conf): """Gather data about the library and establish a list of domains to test.""" - build_command = [options.make_command] + options.make_vars.split(' ') + ['CFLAGS=-Werror'] + build_command = [options.make_command, 'CFLAGS=-Werror'] build_and_test = [build_command, [options.make_command, 'test']] self.all_config_symbols = set(conf.settings.keys()) # Find hash modules by name. @@ -526,9 +526,6 @@ def main(): parser.add_argument('--make-command', metavar='CMD', help='Command to run instead of make (e.g. gmake)', action='store', default='make') - parser.add_argument('--make-vars', - help='optional variable/value pairs to pass to make', - action='store', default='') parser.add_argument('--unset-use-psa', help='Unset MBEDTLS_USE_PSA_CRYPTO before any test', action='store_true', dest='unset_use_psa') From 2337a3b8864bdf4e700a9af020f665e9f4bec56d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 13:25:18 +0100 Subject: [PATCH 417/653] Explain the use of control Signed-off-by: Gilles Peskine --- scripts/common.make | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/common.make b/scripts/common.make index a2d1449fea..6d2fbc3e2b 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -66,6 +66,10 @@ else # Not building for Windows SHARED_SUFFIX= ifndef THREADING # Auto-detect configurations with pthread. + # If the call to remove_unset_options returns "control", the symbols + # are confirmed set and we link with pthread. + # If the auto-detection fails, the result of the call is empty and + # we keep THREADING undefined. ifeq (control,$(call remove_unset_options,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) THREADING := pthread endif From 7602298a16d3e668d7168234c118f50f1664ac3a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 15:28:07 +0100 Subject: [PATCH 418/653] Allow *.make to contain tabs Signed-off-by: Gilles Peskine --- tests/scripts/check_files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index a93b8256f0..f6f6d6c713 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -318,6 +318,7 @@ class TabIssueTracker(LineIssueTracker): heading = "Tabs present:" suffix_exemptions = frozenset([ + ".make", ".pem", # some openssl dumps have tabs ".sln", "/Makefile", From f3316f132bc73b59c24b31216a45561561ff5ba8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 18:30:37 +0100 Subject: [PATCH 419/653] Correct name and documentation of preprocessor symbol check function It's not remove_unset_options, it's remove_enabled_options (or keep_disabled_options). Signed-off-by: Gilles Peskine --- scripts/common.make | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/common.make b/scripts/common.make index 6d2fbc3e2b..2f27d0ef52 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -31,19 +31,19 @@ ifdef WINDOWS WINDOWS_BUILD=1 endif -## Usage: $(call remove_unset_options,PREPROCESSOR_INPUT) -## Remove the preprocessor symbols that are not set in the current configuration +## Usage: $(call remove_enabled_options,PREPROCESSOR_INPUT) +## Remove the preprocessor symbols that are set in the current configuration ## from PREPROCESSOR_INPUT. Also normalize whitespace. ## Example: -## $(call remove_unset_options,MBEDTLS_FOO MBEDTLS_BAR) +## $(call remove_set_options,MBEDTLS_FOO MBEDTLS_BAR) ## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both -## disabled, to "MBEDTLS_FOO" if MBEDTLS_BAR is enabled but MBEDTLS_FOO is +## enabled, to "MBEDTLS_FOO" if MBEDTLS_BAR is enabled but MBEDTLS_FOO is ## disabled, etc. ## ## This only works with a Unix-like shell environment (Bourne/POSIX-style shell ## and standard commands) and a Unix-like compiler (supporting -E). In ## other environments, the output is likely to be empty. -define remove_unset_options +define remove_enabled_options $(strip $(shell exec 2>/dev/null; { echo '#include '; echo $(1); } | @@ -66,11 +66,11 @@ else # Not building for Windows SHARED_SUFFIX= ifndef THREADING # Auto-detect configurations with pthread. - # If the call to remove_unset_options returns "control", the symbols + # If the call to remove_enabled_options returns "control", the symbols # are confirmed set and we link with pthread. # If the auto-detection fails, the result of the call is empty and # we keep THREADING undefined. - ifeq (control,$(call remove_unset_options,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) + ifeq (control,$(call remove_enabled_options,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) THREADING := pthread endif endif From e6886102ef23ad38dd8e3ac8df1e26f34c22c75e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 18:22:06 +0200 Subject: [PATCH 420/653] New function mbedtls_ecp_keypair_get_group_id Add a simple function to get the group id from a key object. This information is available via mbedtls_ecp_export, but that function consumes a lot of memory, which is a waste if all you need is to identify the curve. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 12 ++++++++++++ library/ecp.c | 6 ++++++ tests/suites/test_suite_ecp.function | 6 ++++++ 3 files changed, 24 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 7f5e880809..a29a6f7a60 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1323,6 +1323,18 @@ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); +/** \brief Query the group that a key pair belongs to. + * + * \param key The key pair to query. + * + * \return The group ID for the group registered in the key pair + * object. + * This is \c MBEDTLS_ECP_DP_NONE if no group has been set + * in the key pair object. + */ +mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id( + const mbedtls_ecp_keypair *key); + /** * \brief This function exports generic key-pair parameters. * diff --git a/library/ecp.c b/library/ecp.c index ee86cbc6e7..351e9e8feb 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3357,6 +3357,12 @@ cleanup: } #endif /* MBEDTLS_ECP_C */ +mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id( + const mbedtls_ecp_keypair *key) +{ + return key->grp.id; +} + /* * Export generic key-pair parameters. */ diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 5751624804..58d54ed084 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1030,6 +1030,7 @@ void mbedtls_ecp_gen_key(int id) &mbedtls_test_rnd_pseudo_rand, &rnd_info) == 0); + TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(&key), id); TEST_ASSERT(mbedtls_ecp_check_pubkey(&key.grp, &key.Q) == 0); TEST_ASSERT(mbedtls_ecp_check_privkey(&key.grp, &key.d) == 0); @@ -1052,6 +1053,7 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica TEST_ASSERT(ret == expected); if (expected == 0) { + TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(&key), grp_id); ret = mbedtls_ecp_check_privkey(&key.grp, &key.d); TEST_ASSERT(ret == 0); @@ -1233,6 +1235,10 @@ void ecp_export(int id, char *Qx, char *Qy, char *d, int expected_ret, int inval TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0); TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0); TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0); + + /* Check consistency with the group id */ + TEST_EQUAL(export_grp.id, + mbedtls_ecp_keypair_get_group_id(&key)); } exit: From ba5b5d67aa10e3c7dc5d2136efc226368df1b262 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 18:24:04 +0200 Subject: [PATCH 421/653] Support partial export from mbedtls_ecp_keypair Sometimes you don't need to have all the parts of a key pair object. Relax the behavior of mbedtls_ecp_keypair so that you can extract just the parts that you need. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 9 ++++++--- library/ecp.c | 6 +++--- tests/suites/test_suite_ecp.function | 14 ++++++++++++++ 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index a29a6f7a60..9effb725d0 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1338,13 +1338,16 @@ mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id( /** * \brief This function exports generic key-pair parameters. * + * Each of the output parameters can be a null pointer + * if you do not need that parameter. + * * \param key The key pair to export from. * \param grp Slot for exported ECP group. - * It must point to an initialized ECP group. + * It must either be null or point to an initialized ECP group. * \param d Slot for the exported secret value. - * It must point to an initialized mpi. + * It must either be null or point to an initialized mpi. * \param Q Slot for the exported public value. - * It must point to an initialized ECP point. + * It must either be null or point to an initialized ECP point. * * \return \c 0 on success, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. diff --git a/library/ecp.c b/library/ecp.c index 351e9e8feb..b4da3c50fe 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3371,15 +3371,15 @@ int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) { + if (grp != NULL && (ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) { return ret; } - if ((ret = mbedtls_mpi_copy(d, &key->d)) != 0) { + if (d != NULL && (ret = mbedtls_mpi_copy(d, &key->d)) != 0) { return ret; } - if ((ret = mbedtls_ecp_copy(Q, &key->Q)) != 0) { + if (Q != NULL && (ret = mbedtls_ecp_copy(Q, &key->Q)) != 0) { return ret; } diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 58d54ed084..a4c86e283c 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1239,6 +1239,20 @@ void ecp_export(int id, char *Qx, char *Qy, char *d, int expected_ret, int inval /* Check consistency with the group id */ TEST_EQUAL(export_grp.id, mbedtls_ecp_keypair_get_group_id(&key)); + + /* Test null arguments */ + mbedtls_ecp_group_free(&export_grp); + mbedtls_mpi_free(&export_d); + mbedtls_ecp_point_free(&export_Q); + mbedtls_ecp_group_init(&export_grp); + mbedtls_mpi_init(&export_d); + mbedtls_ecp_point_init(&export_Q); + TEST_EQUAL(mbedtls_ecp_export(&key, &export_grp, NULL, NULL), 0); + TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0); + TEST_EQUAL(mbedtls_ecp_export(&key, NULL, &export_d, NULL), 0); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0); + TEST_EQUAL(mbedtls_ecp_export(&key, NULL, NULL, &export_Q), 0); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0); } exit: From 091a85a7624aa452f46d3090718631907c04f215 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 19:51:28 +0200 Subject: [PATCH 422/653] Promise mbedtls_ecp_read_key doesn't overwrite the public key Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 10 ++++++++++ tests/suites/test_suite_ecp.function | 15 +++++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 9effb725d0..f1690085a4 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1262,6 +1262,16 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, /** * \brief This function reads an elliptic curve private key. * + * \note This function does not set the public key in the + * key pair object. Without a public key, the key pair object + * cannot be used with operations that require the public key. + * + * \note If a public key has already been set in the key pair + * object, this function does not check that it is consistent + * with the private key. Call mbedtls_ecp_check_pub_priv() + * after setting both the public key and the private key + * to make that check. + * * \param grp_id The ECP group identifier. * \param key The destination key. * \param buf The buffer containing the binary representation of the diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index a4c86e283c..aefb57a582 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1044,11 +1044,16 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica { int ret = 0; mbedtls_ecp_keypair key; - mbedtls_ecp_keypair key2; - mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_keypair key2; mbedtls_ecp_keypair_init(&key2); +#if defined(MBEDTLS_BIGNUM_C) + TEST_EQUAL(mbedtls_mpi_lset(&key.Q.X, 1), 0); + TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Y, 2), 0); + TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Z, 3), 0); +#endif + ret = mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len); TEST_ASSERT(ret == expected); @@ -1057,6 +1062,12 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica ret = mbedtls_ecp_check_privkey(&key.grp, &key.d); TEST_ASSERT(ret == 0); +#if defined(MBEDTLS_BIGNUM_C) + TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.X, 1), 0); + TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0); + TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0); +#endif + if (canonical) { unsigned char buf[MBEDTLS_ECP_MAX_BYTES]; From 28240323d3246908aff6379022bebf5678673c98 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 19:52:11 +0200 Subject: [PATCH 423/653] New function mbedtls_ecp_set_public_key Set the public key in a key pair. This complements mbedtls_ecp_read_key and the functions can be used in either order. Document the need to call check functions separately. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 32 +++++++++ library/ecp.c | 19 +++++ tests/suites/test_suite_ecp.data | 42 +++++++++++ tests/suites/test_suite_ecp.function | 103 +++++++++++++++++++++++++++ 4 files changed, 196 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index f1690085a4..96f030d1f2 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1259,6 +1259,38 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); +/** \brief Set the public key in a key pair object. + * + * \note This function does not check that the point actually + * belongs to the given group. Call mbedtls_ecp_check_pubkey() + * on \p Q before calling this function to check that. + * + * \note This function does not check that the public key matches + * the private key that is already in \p key, if any. + * To check the consistency of the resulting key pair object, + * call mbedtls_ecp_check_pub_priv() after setting both + * the public key and the private key. + * + * \param grp_id The ECP group identifier. + * \param key The key pair object. It must be initialized. + * If its group has already been set, it must match \p grp_id. + * If its group has not been set, it will be set to \p grp_id. + * If the public key has already been set, it is overwritten. + * \param Q The public key to copy. This must be a point on the + * curve indicated by \p grp_id. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p key does not + * match \p grp_id. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for + * the group is not implemented. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. + * \return Another negative error code on other kinds of failure. + */ +int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id, + mbedtls_ecp_keypair *key, + const mbedtls_ecp_point *Q); + /** * \brief This function reads an elliptic curve private key. * diff --git a/library/ecp.c b/library/ecp.c index b4da3c50fe..bb0cf6905c 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3198,6 +3198,25 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, } #endif /* MBEDTLS_ECP_C */ +int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id, + mbedtls_ecp_keypair *key, + const mbedtls_ecp_point *Q) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if (key->grp.id == MBEDTLS_ECP_DP_NONE) { + /* Group not set yet */ + if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { + return ret; + } + } else if (key->grp.id != grp_id) { + /* Group mismatch */ + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + return mbedtls_ecp_copy(&key->Q, Q); +} + + #define ECP_CURVE25519_KEY_SIZE 32 #define ECP_CURVE448_KEY_SIZE 56 /* diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 100299195f..8bf288b79e 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -581,6 +581,48 @@ genkey_mx_known_answer:447:"ffffffffffffffffffffffffffffffffffffffffffffffffffff ECP generate Montgomery key: Curve448, not enough entropy genkey_mx_known_answer:447:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536":"" +ECP set public key: invalid group (0) +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_NONE:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE + +ECP set public key: valid group (secp256r1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_SECP256R1:0 + +ECP set public key: group not supported (secp256r1) +depends_on:!MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE + +ECP set public key: bad group (not in enum) +ecp_set_public_key_group_check:MBEDTLS_ECP_DP_MAX:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE + +ECP set public key: good, secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_good:MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + +ECP set public key: good, Curve25519 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_set_public_key_good:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + +ECP set public key after private: good, secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + +ECP set public key after private: good, Curve25519 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_CURVE25519:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + +ECP set public key after private: secp256r1 then secp256k1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256K1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + +ECP set public key after private: secp256r1 then secp384r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP384R1:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaae1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" + +ECP set public key after private: secp384r1 then secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP384R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579" + ECP read key #1 (short weierstrass, too small) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"00":MBEDTLS_ERR_ECP_INVALID_KEY:0 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index aefb57a582..53b78d9009 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1039,6 +1039,109 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ecp_set_public_key_group_check(int grp_id, int expected_ret) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); + + TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), + expected_ret); + +exit: + mbedtls_ecp_keypair_free(&key); + mbedtls_ecp_point_free(&Q); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecp_set_public_key_good(int grp_id, data_t *public_data) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); + + TEST_EQUAL(mbedtls_ecp_group_load(&grp, grp_id), 0); + TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q, + public_data->x, public_data->len), + 0); + + /* Freshly initialized key */ + TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0); + TEST_EQUAL(key.grp.id, grp_id); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); + +#if defined(MBEDTLS_BIGNUM_C) + /* Key with a public key already set to a different value */ + TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.X, &key.Q.X, 1), 0); + TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Y, &key.Q.Y, 1), 0); + TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Z, &key.Q.Z, 1), 0); + TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0); + TEST_EQUAL(key.grp.id, grp_id); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); +#endif + +exit: + mbedtls_ecp_keypair_free(&key); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&Q); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecp_set_public_key_after_private(int private_grp_id, data_t *private_data, + int public_grp_id, data_t *public_data) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); +#if defined(MBEDTLS_BIGNUM_C) + mbedtls_mpi d; + mbedtls_mpi_init(&d); +#endif + + TEST_EQUAL(mbedtls_ecp_group_load(&grp, public_grp_id), 0); + TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q, + public_data->x, public_data->len), + 0); + TEST_EQUAL(mbedtls_ecp_read_key(private_grp_id, &key, + private_data->x, private_data->len), + 0); +#if defined(MBEDTLS_BIGNUM_C) + TEST_EQUAL(mbedtls_mpi_copy(&d, &key.d), 0); +#endif + + int ret = mbedtls_ecp_set_public_key(public_grp_id, &key, &Q); + + if (private_grp_id == public_grp_id) { + TEST_EQUAL(ret, 0); + TEST_EQUAL(key.grp.id, public_grp_id); + TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); +#if defined(MBEDTLS_BIGNUM_C) + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&d, &key.d), 0); +#endif + } else { + TEST_EQUAL(ret, MBEDTLS_ERR_ECP_BAD_INPUT_DATA); + } + +exit: + mbedtls_ecp_keypair_free(&key); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&Q); +#if defined(MBEDTLS_BIGNUM_C) + mbedtls_mpi_free(&d); +#endif +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonical) { From 7ea72026cde2d9c9e0cc6141f0d8f34493163189 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 20:39:08 +0200 Subject: [PATCH 424/653] New function mbedtls_ecp_keypair_calc_public For when you calculate or import a private key, and then need to calculate the public key. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 17 ++++++++++++++ library/ecp.c | 8 +++++++ tests/suites/test_suite_ecp.data | 18 +++++++++++++++ tests/suites/test_suite_ecp.function | 34 ++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 96f030d1f2..1847f2cb2c 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1365,6 +1365,23 @@ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); +/** \brief Calculate the public key from a private key in a key pair. + * + * \param key A keypair structure. It must have a private key set. + * If the public key is set, it will be overwritten. + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be \c + * NULL if \p f_rng doesn't need a context. + * + * \return \c 0 on success. The key pair object can be used for + * operations that require the public key. + * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX + * error code on calculation failure. + */ +int mbedtls_ecp_keypair_calc_public( + mbedtls_ecp_keypair *key, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + /** \brief Query the group that a key pair belongs to. * * \param key The key pair to query. diff --git a/library/ecp.c b/library/ecp.c index bb0cf6905c..43f7d6930a 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3374,6 +3374,14 @@ cleanup: return ret; } + +int mbedtls_ecp_keypair_calc_public(mbedtls_ecp_keypair *key, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) +{ + return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, + f_rng, p_rng); +} #endif /* MBEDTLS_ECP_C */ mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id( diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 8bf288b79e..01fdc477f7 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -529,6 +529,24 @@ ECP check public-private #7 (wrong Qy) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_ecp_check_pub_priv:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":MBEDTLS_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":MBEDTLS_ERR_ECP_BAD_INPUT_DATA +ECP calculate public: secp256r1, good +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff" + +ECP calculate public: secp256r1, private value out of range +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_SECP256R1:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ERR_ECP_INVALID_KEY:"" + +# Alice's private key from rfc 7748, masked and adjusted for endianness +# because the test function wants the little-endian representation. +ECP calculate public: Curve25519, good +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_CURVE25519:"6a2cb91da5fb77b12a99c0eb872f4cdf4566b25172c1163c7da518730a6d0770":0:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + +ECP calculate public: Curve25519, private value not masked +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_calc_public:MBEDTLS_ECP_DP_CURVE25519:"2a2cb91da5fb77b12a99c0eb872f4cdf4566b25172c1163c7da518730a6d0770":MBEDTLS_ERR_ECP_INVALID_KEY:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + ECP gen keypair [#1] depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED mbedtls_ecp_gen_keypair:MBEDTLS_ECP_DP_SECP192R1 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 53b78d9009..8c8d32699d 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -988,6 +988,40 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */ +void ecp_calc_public(int grp_id, data_t *private, + int expected_ret, data_t *expected_public) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + mbedtls_test_rnd_pseudo_info rnd_info; + memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); + + TEST_EQUAL(mbedtls_ecp_group_load(&key.grp, grp_id), 0); + TEST_EQUAL(mbedtls_mpi_read_binary(&key.d, private->x, private->len), 0); + + TEST_EQUAL(mbedtls_ecp_keypair_calc_public(&key, + &mbedtls_test_rnd_pseudo_rand, &rnd_info), + expected_ret); + + if (expected_ret == 0) { + TEST_EQUAL(mbedtls_ecp_check_pub_priv(&key, &key, + &mbedtls_test_rnd_pseudo_rand, &rnd_info), + 0); + unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; + size_t length; + TEST_EQUAL(mbedtls_ecp_point_write_binary(&key.grp, &key.Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + &length, buf, sizeof(buf)), + 0); + ASSERT_COMPARE(expected_public->x, expected_public->len, buf, length); + } + +exit: + mbedtls_ecp_keypair_free(&key); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_ECP_C */ void mbedtls_ecp_gen_keypair(int id) { From ad5e437c8e185d6a6d5ffc5c6e295475d560669c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2023 21:59:46 +0100 Subject: [PATCH 425/653] mbedtls_ecp_read_key: explain how to set the public key Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 1847f2cb2c..fc0a7636b4 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1297,6 +1297,11 @@ int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id, * \note This function does not set the public key in the * key pair object. Without a public key, the key pair object * cannot be used with operations that require the public key. + * Call mbedtls_ecp_keypair_calc_public() to set the public + * key from the private key. Alternatively, you can call + * mbedtls_ecp_set_public_key() to set the public key part, + * and then optionally mbedtls_ecp_check_pub_priv() to check + * that the private and public parts are consistent. * * \note If a public key has already been set in the key pair * object, this function does not check that it is consistent From 6dd87384ae26c5c828997b582b78265f7c355d50 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Jun 2023 20:27:19 +0200 Subject: [PATCH 426/653] Rename variable that's a C++ keyword It gave uncrustify trouble (https://github.com/uncrustify/uncrustify/issues/4044) Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ecp.function | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 8c8d32699d..354a92cec8 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -989,7 +989,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_C */ -void ecp_calc_public(int grp_id, data_t *private, +void ecp_calc_public(int grp_id, data_t *private_data, int expected_ret, data_t *expected_public) { mbedtls_ecp_keypair key; @@ -998,7 +998,8 @@ void ecp_calc_public(int grp_id, data_t *private, memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info)); TEST_EQUAL(mbedtls_ecp_group_load(&key.grp, grp_id), 0); - TEST_EQUAL(mbedtls_mpi_read_binary(&key.d, private->x, private->len), 0); + TEST_EQUAL(mbedtls_mpi_read_binary(&key.d, + private_data->x, private_data->len), 0); TEST_EQUAL(mbedtls_ecp_keypair_calc_public(&key, &mbedtls_test_rnd_pseudo_rand, &rnd_info), From 62e33bcc64c05027a5873830b7a26dbdbb84f282 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Jun 2023 22:27:32 +0200 Subject: [PATCH 427/653] New function mbedtls_ecp_write_public_key Directly export the public part of a key pair without having to go through intermediate objects (using mbedtls_ecp_point_write_binary would require a group object and a point object). Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 26 ++++++++++++++++++++++++ library/ecp.c | 12 +++++++++++ tests/suites/test_suite_ecp.function | 30 +++++++++++++++++++--------- 3 files changed, 59 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index fc0a7636b4..619a8a51a3 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1346,6 +1346,32 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, unsigned char *buf, size_t buflen); +/** + * \brief This function exports an elliptic curve public key. + * + * \param key The public key. + * \param format The point format. This must be either + * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED. + * (For groups without these formats, this parameter is + * ignored. But it still has to be either of the above + * values.) + * \param olen The address at which to store the length of + * the output in Bytes. This must not be \c NULL. + * \param buf The output buffer. This must be a writable buffer + * of length \p buflen Bytes. + * \param buflen The length of the output buffer \p buf in Bytes. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer + * is too small to hold the point. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format + * or the export for the given group is not implemented. + * \return Another negative error code on other kinds of failure. + */ +int mbedtls_ecp_write_public_key(mbedtls_ecp_keypair *key, + int format, size_t *olen, + unsigned char *buf, size_t buflen); + /** * \brief This function checks that the keypair objects * \p pub and \p prv have the same group and the diff --git a/library/ecp.c b/library/ecp.c index 43f7d6930a..12924bf325 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3333,6 +3333,18 @@ cleanup: return ret; } +/* + * Write a public key. + */ +int mbedtls_ecp_write_public_key(mbedtls_ecp_keypair *key, + int format, size_t *olen, + unsigned char *buf, size_t buflen) +{ + return mbedtls_ecp_point_write_binary(&key->grp, &key->Q, + format, olen, buf, buflen); +} + + #if defined(MBEDTLS_ECP_C) /* * Check a public-private key pair diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 354a92cec8..ced4ca3876 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -590,29 +590,41 @@ void ecp_write_binary(int id, char *x, char *y, char *z, int format, { mbedtls_ecp_group grp; mbedtls_ecp_point P; + mbedtls_ecp_keypair key; unsigned char buf[256]; size_t olen; memset(buf, 0, sizeof(buf)); mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&P); + mbedtls_ecp_keypair_init(&key); - TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0); + TEST_EQUAL(mbedtls_ecp_group_load(&grp, id), 0); - TEST_ASSERT(mbedtls_test_read_mpi(&P.X, x) == 0); - TEST_ASSERT(mbedtls_test_read_mpi(&P.Y, y) == 0); - TEST_ASSERT(mbedtls_test_read_mpi(&P.Z, z) == 0); - - TEST_ASSERT(mbedtls_ecp_point_write_binary(&grp, &P, format, - &olen, buf, blen) == ret); + TEST_EQUAL(mbedtls_test_read_mpi(&P.X, x), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&P.Y, y), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&P.Z, z), 0); + TEST_EQUAL(mbedtls_ecp_point_write_binary(&grp, &P, format, + &olen, buf, blen), ret); if (ret == 0) { - TEST_ASSERT(olen <= MBEDTLS_ECP_MAX_PT_LEN); - TEST_ASSERT(mbedtls_test_hexcmp(buf, out->x, olen, out->len) == 0); + TEST_LE_U(olen, MBEDTLS_ECP_MAX_PT_LEN); + ASSERT_COMPARE(buf, olen, + out->x, out->len); + } + + memset(buf, 0, blen); + TEST_EQUAL(mbedtls_ecp_set_public_key(grp.id, &key, &P), 0); + TEST_EQUAL(mbedtls_ecp_write_public_key(&key, format, + &olen, buf, blen), ret); + if (ret == 0) { + ASSERT_COMPARE(buf, olen, + out->x, out->len); } exit: mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&P); + mbedtls_ecp_keypair_free(&key); } /* END_CASE */ From 52cc2a6368872eb2116bc3ed1066e884920e91fa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Jun 2023 22:32:05 +0200 Subject: [PATCH 428/653] Use new mbedtls_ecp_keypair functions in sample programs This eliminates the use of MBEDTLS_PRIVATE in sample programs to access fields of an mbedtls_ecp_keypair structure. When displaying elliptic curve points, the program now display the coordinates in the standard form instead of the internal representation. The auxiliary function show_ecp_key is present in three programs. It's more complex than the previous code which was also triplicated. There's no good place for such auxiliary functions that don't belong in the library and are used in multiple sample programs. Signed-off-by: Gilles Peskine --- programs/pkey/ecdsa.c | 23 +++++---- programs/pkey/gen_key.c | 75 ++++++++++++++++++++++++--- programs/pkey/key_app.c | 94 ++++++++++++++++++++++++++-------- programs/pkey/key_app_writer.c | 82 +++++++++++++++++++++++++---- 4 files changed, 228 insertions(+), 46 deletions(-) diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index afd6fb31a4..5664b8c4e5 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -60,8 +60,8 @@ static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key) unsigned char buf[300]; size_t len; - if (mbedtls_ecp_point_write_binary(&key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q), - MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof(buf)) != 0) { + if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, buf, sizeof(buf)) != 0) { mbedtls_printf("internal error\n"); return; } @@ -79,6 +79,8 @@ int main(int argc, char *argv[]) int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; mbedtls_ecdsa_context ctx_sign, ctx_verify; + mbedtls_ecp_point Q; + mbedtls_ecp_point_init(&Q); mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; unsigned char message[100]; @@ -128,7 +130,10 @@ int main(int argc, char *argv[]) goto exit; } - mbedtls_printf(" ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).pbits); + mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign); + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id(grp_id); + mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size); dump_pubkey(" + Public key: ", &ctx_sign); @@ -174,16 +179,13 @@ int main(int argc, char *argv[]) mbedtls_printf(" . Preparing verification context..."); fflush(stdout); - if ((ret = - mbedtls_ecp_group_copy(&ctx_verify.MBEDTLS_PRIVATE(grp), - &ctx_sign.MBEDTLS_PRIVATE(grp))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_group_copy returned %d\n", ret); + if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ecp_export returned %d\n", ret); goto exit; } - if ((ret = - mbedtls_ecp_copy(&ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_copy returned %d\n", ret); + if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ecp_set_public_key returned %d\n", ret); goto exit; } @@ -208,6 +210,7 @@ exit: mbedtls_ecdsa_free(&ctx_verify); mbedtls_ecdsa_free(&ctx_sign); + mbedtls_ecp_point_free(&Q); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index f6bb237877..cbdf5b7602 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -160,6 +160,71 @@ static int write_private_key(mbedtls_pk_context *key, const char *output_file) return 0; } +#if defined(MBEDTLS_ECP_C) +static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) +{ + int ret = 0; + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( + mbedtls_ecp_keypair_get_group_id(ecp)); + mbedtls_printf("curve: %s\n", curve_info->name); + + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_mpi D; + mbedtls_mpi_init(&D); + mbedtls_ecp_point pt; + mbedtls_ecp_point_init(&pt); + mbedtls_mpi X, Y; + mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); + + MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, + (has_private ? &D : NULL), + &pt)); + + unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; + size_t len = 0; + MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( + &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, point_bin, sizeof(point_bin))); + switch (mbedtls_ecp_get_type(&grp)) { + case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: + if ((len & 1) == 0 || point_bin[0] != 0x04) { + /* Point in an unxepected format. This shouldn't happen. */ + ret = -1; + goto cleanup; + } + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); + break; + case MBEDTLS_ECP_TYPE_MONTGOMERY: + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + break; + default: + mbedtls_printf( + "This program does not yet support listing coordinates for this curve type.\n"); + break; + } + + if (has_private) { + mbedtls_mpi_write_file("D: ", &D, 16, NULL); + } + +cleanup: + mbedtls_ecp_group_free(&grp); + mbedtls_mpi_free(&D); + mbedtls_ecp_point_free(&pt); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); + return ret; +} +#endif + int main(int argc, char *argv[]) { int ret = 1; @@ -365,12 +430,10 @@ usage: #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key); - mbedtls_printf("curve: %s\n", - mbedtls_ecp_curve_info_from_grp_id(ecp->MBEDTLS_PRIVATE(grp).id)->name); - mbedtls_mpi_write_file("X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL); - mbedtls_mpi_write_file("D: ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL); + if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto exit; + } } else #endif mbedtls_printf(" ! key type not supported\n"); diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 194c4102dd..e3a6966050 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -53,6 +53,71 @@ int main(void) #else +#if defined(MBEDTLS_ECP_C) +static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) +{ + int ret = 0; + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( + mbedtls_ecp_keypair_get_group_id(ecp)); + mbedtls_printf("curve: %s\n", curve_info->name); + + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_mpi D; + mbedtls_mpi_init(&D); + mbedtls_ecp_point pt; + mbedtls_ecp_point_init(&pt); + mbedtls_mpi X, Y; + mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); + + MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, + (has_private ? &D : NULL), + &pt)); + + unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; + size_t len = 0; + MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( + &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, point_bin, sizeof(point_bin))); + switch (mbedtls_ecp_get_type(&grp)) { + case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: + if ((len & 1) == 0 || point_bin[0] != 0x04) { + /* Point in an unxepected format. This shouldn't happen. */ + ret = -1; + goto cleanup; + } + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); + break; + case MBEDTLS_ECP_TYPE_MONTGOMERY: + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + break; + default: + mbedtls_printf( + "This program does not yet support listing coordinates for this curve type.\n"); + break; + } + + if (has_private) { + mbedtls_mpi_write_file("D: ", &D, 16, NULL); + } + +cleanup: + mbedtls_ecp_group_free(&grp); + mbedtls_mpi_free(&D); + mbedtls_ecp_point_free(&pt); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); + return ret; +} +#endif + /* * global options */ @@ -219,17 +284,10 @@ usage: #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D : ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL)); + if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto cleanup; + } } else #endif { @@ -269,16 +327,10 @@ usage: #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, - NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ", - &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, - NULL)); + if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto cleanup; + } } else #endif { diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index c07c56464e..cc4c4dc727 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -176,6 +176,71 @@ static int write_private_key(mbedtls_pk_context *key, const char *output_file) return 0; } +#if defined(MBEDTLS_ECP_C) +static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) +{ + int ret = 0; + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( + mbedtls_ecp_keypair_get_group_id(ecp)); + mbedtls_printf("curve: %s\n", curve_info->name); + + mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); + mbedtls_mpi D; + mbedtls_mpi_init(&D); + mbedtls_ecp_point pt; + mbedtls_ecp_point_init(&pt); + mbedtls_mpi X, Y; + mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); + + MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, + (has_private ? &D : NULL), + &pt)); + + unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; + size_t len = 0; + MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( + &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, point_bin, sizeof(point_bin))); + switch (mbedtls_ecp_get_type(&grp)) { + case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: + if ((len & 1) == 0 || point_bin[0] != 0x04) { + /* Point in an unxepected format. This shouldn't happen. */ + ret = -1; + goto cleanup; + } + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); + break; + case MBEDTLS_ECP_TYPE_MONTGOMERY: + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); + mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); + break; + default: + mbedtls_printf( + "This program does not yet support listing coordinates for this curve type.\n"); + break; + } + + if (has_private) { + mbedtls_mpi_write_file("D: ", &D, 16, NULL); + } + +cleanup: + mbedtls_ecp_group_free(&grp); + mbedtls_mpi_free(&D); + mbedtls_ecp_point_free(&pt); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); + return ret; +} +#endif + int main(int argc, char *argv[]) { int ret = 1; @@ -338,11 +403,10 @@ usage: #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key); - mbedtls_mpi_write_file("Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL); - mbedtls_mpi_write_file("Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL); - mbedtls_mpi_write_file("Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL); - mbedtls_mpi_write_file("D : ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL); + if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto exit; + } } else #endif mbedtls_printf("key type not supported yet\n"); @@ -384,10 +448,10 @@ usage: #endif #if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key); - mbedtls_mpi_write_file("Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL); - mbedtls_mpi_write_file("Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL); - mbedtls_mpi_write_file("Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL); + if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) { + mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); + goto exit; + } } else #endif mbedtls_printf("key type not supported yet\n"); From 9552a52f5f334bf0f0eba5bcb8221c9d6ff29ea1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 23 Dec 2023 18:44:20 +0100 Subject: [PATCH 429/653] Declare dependency on bignum in sample programs Signed-off-by: Gilles Peskine --- programs/pkey/gen_key.c | 32 +++++++++++++----------------- programs/pkey/key_app_writer.c | 36 +++++++++++++++------------------- 2 files changed, 30 insertions(+), 38 deletions(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index cbdf5b7602..6914c9390d 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -9,8 +9,19 @@ #include "mbedtls/platform.h" -#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) +#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C) +int main(void) +{ + mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " + "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C " + "not defined.\n"); + mbedtls_exit(0); +} +#else + #include "mbedtls/error.h" #include "mbedtls/pk.h" #include "mbedtls/ecdsa.h" @@ -61,7 +72,6 @@ int dev_random_entropy_poll(void *data, unsigned char *output, return 0; } #endif /* !_WIN32 */ -#endif #if defined(MBEDTLS_ECP_C) #define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id @@ -96,19 +106,6 @@ int dev_random_entropy_poll(void *data, unsigned char *output, USAGE_DEV_RANDOM \ "\n" -#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_PEM_WRITE_C" - "not defined.\n"); - mbedtls_exit(0); -} -#else - /* * global options @@ -478,5 +475,4 @@ exit: mbedtls_exit(exit_code); } -#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO && - * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* program viability conditions */ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index cc4c4dc727..60f992e431 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -9,9 +9,21 @@ #include "mbedtls/platform.h" -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \ - defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) +#if !defined(MBEDTLS_PK_PARSE_C) || \ + !defined(MBEDTLS_PK_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_BIGNUM_C) +int main(void) +{ + mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " + "MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n"); + mbedtls_exit(0); +} +#else + #include "mbedtls/error.h" #include "mbedtls/pk.h" #include "mbedtls/error.h" @@ -21,7 +33,6 @@ #include #include -#endif #if defined(MBEDTLS_PEM_WRITE_C) #define USAGE_OUT \ @@ -66,20 +77,6 @@ USAGE_OUT \ "\n" -#if !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_PK_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - /* * global options @@ -495,5 +492,4 @@ exit: mbedtls_exit(exit_code); } -#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* program viability conditions */ From 3b17ae78d2123cfb8f1596ff4a9c85d288ba50c2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Jun 2023 11:08:39 +0200 Subject: [PATCH 430/653] Add ECP-heavy-only test cases to the driver parity analysis ignore list Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index d3ea8c0e1a..96d4e46bb5 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -325,6 +325,7 @@ KNOWN_TASKS = { # is required. 'test_suite_ecp': [ re.compile(r'ECP check public-private .*'), + re.compile(r'ECP calculate public: .*'), re.compile(r'ECP gen keypair .*'), re.compile(r'ECP point muladd .*'), re.compile(r'ECP point multiplication .*'), From 28e9d86cbc23ea4f202f9dc639cd3a2925dbc5fe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Jun 2023 20:40:55 +0200 Subject: [PATCH 431/653] Changelog entry for the new ECP functions Signed-off-by: Gilles Peskine --- ChangeLog.d/ecp-keypair-utilities.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/ecp-keypair-utilities.txt diff --git a/ChangeLog.d/ecp-keypair-utilities.txt b/ChangeLog.d/ecp-keypair-utilities.txt new file mode 100644 index 0000000000..6f9714aaa5 --- /dev/null +++ b/ChangeLog.d/ecp-keypair-utilities.txt @@ -0,0 +1,5 @@ +Features + * Add utility functions to manipulate mbedtls_ecp_keypair objects, filling + gaps made by making its fields private: mbedtls_ecp_set_public_key(), + mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(), + mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652. From e98ad5931a894f9668615d623c1167f18dc90800 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 10:42:12 +0100 Subject: [PATCH 432/653] mbedls_config: update documentation for MBEDTLS_PKCS[5/12]_C Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 758a514249..30b7b30f2e 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3082,7 +3082,6 @@ * * Module: library/pkcs5.c * - * Requires: MBEDTLS_CIPHER_C * Auto-enables: MBEDTLS_MD_C * * \warning If using a hash that is only provided by PSA drivers, you must @@ -3117,8 +3116,8 @@ * Module: library/pkcs12.c * Caller: library/pkparse.c * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C and either - * MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C. + * Requires: MBEDTLS_ASN1_PARSE_C and either MBEDTLS_MD_C or + * MBEDTLS_PSA_CRYPTO_C. * * \warning If using a hash that is only provided by PSA drivers, you must * call psa_crypto_init() before doing any PKCS12 operations. From b9f4bfc33b7d585530f05762c4957875915fcf9e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 11:07:48 +0100 Subject: [PATCH 433/653] all.sh: fix messages in test_psa_crypto_config_accel_des Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 224f09b2ad..b2857e05db 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3644,7 +3644,7 @@ component_test_psa_crypto_config_reference_hash_use_psa() { } component_test_psa_crypto_config_accel_des () { - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES" # Albeit this components aims at accelerating DES which should only support # CBC and ECB modes, we need to accelerate more than that otherwise DES_C @@ -3686,7 +3686,7 @@ component_test_psa_crypto_config_accel_des () { # Run the tests # ------------- - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES" make test } From b3413bf0b4a499e3a3c4ad20feeb1d72f6098e58 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 12:15:45 +0100 Subject: [PATCH 434/653] changelog: update description Signed-off-by: Valerio Setti --- ChangeLog.d/8358.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ChangeLog.d/8358.txt b/ChangeLog.d/8358.txt index 2b66d8d229..123bdbd803 100644 --- a/ChangeLog.d/8358.txt +++ b/ChangeLog.d/8358.txt @@ -1,9 +1,9 @@ Features - * It is now possible to accelerate all ciphers and AEADs through a driver, - while completely removing legacy support and MBEDTLS_CIPHER_C, and still - get most things working, including TLS - see - docs/driver-only-builds.md for full details and current limitations. - * The CTR-DRBG module no longer depends on MBEDTLS_AES_C and can also use - AES from a PSA driver. This requires MBEDTLS_PSA_CRYPTO_C, - PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING to be enabled, and - MBEDTLS_AES_C to be disabled. + * If a cipher or AEAD mechanism has a PSA driver, you can now build the + library without the corresponding built-in implementation and without + enabling MBEDTLS_CIPHER_C. + * It is possible to disable MBEDTLS_CIPHER_C in some circumstances, please + see docs/driver-only-builds.md for full details and current limitations. + * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is + disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to + MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES. From 92e5c693badb932aebd3dd6c21b5c2b527b30068 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 13:28:03 +0100 Subject: [PATCH 435/653] driver-only-builds: updated ciphers and AEADs related sections Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 85 +++++++++++++++++++------------------- 1 file changed, 43 insertions(+), 42 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index fba3779ada..c628e9e924 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -58,10 +58,13 @@ For now, only the following (families of) mechanisms are supported: - AEADs: - GCM and CCM with AES, ARIA and Camellia key types - ChachaPoly with ChaCha20 Key type -- Ciphers: +- Unauthenticated ciphers: - key types: AES, ARIA, Camellia, DES - modes: ECB, CBC, CTR, CFB, OFB, XTS +For each family listed above, all the mentioned alorithms/key types are also +all the mechanisms that exist in PSA API. + Supported means that when those are provided only by drivers, everything (including PK, X.509 and TLS if `MBEDTLS_USE_PSA_CRYPTO` is enabled) should work in the same way as if the mechanisms where built-in, except as documented @@ -246,14 +249,14 @@ Ciphers and AEADs It is possible to have all ciphers and AEAD operations provided only by a driver. More precisely, for each desired combination of key type and algorithm/mode you can: -- enable desired PSA key type(s): +- Enable desired PSA key type(s): - `PSA_WANT_KEY_TYPE_AES`, - `PSA_WANT_KEY_TYPE_ARIA`, - `PSA_WANT_KEY_TYPE_CAMELLIA`, - `PSA_WANT_KEY_TYPE_CHACHA20`, - `PSA_WANT_KEY_TYPE_DES`. -- enable desired PSA algorithm(s): - - unauthenticated ciphers modes: +- Enable desired PSA algorithm(s): + - Unauthenticated ciphers modes: - `PSA_WANT_ALG_CBC_NO_PADDING`, - `PSA_WANT_ALG_CBC_PKCS7`, - `PSA_WANT_ALG_CCM_STAR_NO_TAG`, @@ -266,9 +269,9 @@ algorithm/mode you can: - `PSA_WANT_ALG_CCM`, - `PSA_WANT_ALG_GCM`, - `PSA_WANT_ALG_CHACHA20_POLY1305`. -- enable `MBEDTLS_PSA_ACCEL_[KEY_TYPE_xxx|ALG_yyy]` symbol(s) which correspond +- Enable `MBEDTLS_PSA_ACCEL_[KEY_TYPE_xxx|ALG_yyy]` symbol(s) which correspond to the PSA_WANT_KEY_TYPE_xxx` and `PSA_WANT_ALG_yyy` of the previous steps. -- disable builtin support of key types: +- Disable builtin support of key types: - `MBEDTLS_AES_C`, - `MBEDTLS_ARIA_C`, - `MBEDTLS_CAMELLIA_C`, @@ -295,36 +298,37 @@ some non-PSA APIs will be absent or have reduced functionality, see - If an algorithm other than GCM and CCM (see ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-ccmgcm) below) is enabled but not accelerated, then all key types than can be used with it - will need to be built-in; -- if a key type is enabled but not accelerated, then all algorithms than can be + will need to be built-in. +- If a key type is enabled but not accelerated, then all algorithms than can be used with it will need to be built-in. ### Legacy <-> PSA matching -It should be noticed that the matching between legacy (i.e. `MBEDTLS_xxx_C`) -and PSA (i.e. `PSA_WANT_xxx`) symbols is not always 1:1. For example: +Note that the matching between legacy (i.e. `MBEDTLS_xxx_C`) and PSA +(i.e. `PSA_WANT_xxx`) symbols is not always 1:1. For example: - ECB mode is always enabled in legacy configuration for each key type that allows it (AES, ARIA, Camellia, DES), whereas it must be explicitly enabled - in PSA with `PSA_WANT_ALG_ECB_NO_PADDING`; -- similarly for stream ciphers, it is automatically enabled for key types that - support it (`CHACHA20_C` and `NULL_CIPHER`) whereas it must be explicitly - enabled in PSA with `PSA_WANT_ALG_STREAM_CIPHER`; -- legacy symbol `MBEDTLS_CCM_C` adds support for both cipher and AEAD, whereas - in PSA there are 2 different symbols: `PSA_WANT_ALG_CCM_STAR_NO_TAG` and - `PSA_WANT_ALG_CCM`, respectively. + in PSA with `PSA_WANT_ALG_ECB_NO_PADDING`. +- In the legacy API, MBEDTLS_CHACHA20_C enables the ChaCha20 stream cipher, and + enabling MBEDTLS_CHACHAPOLY_C also enables the ChaCha20-Poly1305 AEAD. In the + PSA API, you need to enable PSA_KEY_TYPE_CHACHA20 for both, plus + PSA_ALG_STREAM_CIPHER or PSA_ALG_CHACHA20_POLY1305 as desired. +- The legacy symbol `MBEDTLS_CCM_C` adds support for both cipher and AEAD, + whereas in PSA there are 2 different symbols: `PSA_WANT_ALG_CCM_STAR_NO_TAG` + and `PSA_WANT_ALG_CCM`, respectively. ### Partial acceleration for CCM/GCM [This section depends on #8598 so it might updated while that PR progresses.] In case legacy CCM/GCM algorithms are enabled it is still possible to benefit -from PSA acceleration by enabling support for ECB mode -(`PSA_WANT_ALG_ECB_NO_PADDING`) together with desired key type(s) +from PSA acceleration of the underlying block cipher by enabling support for +ECB mode (`PSA_WANT_ALG_ECB_NO_PADDING`) together with desired key type(s) (`PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`). In such configuration it is possible to: -- still benefit from legacy functions belonging to CCM/GCM modules - (`mbedtls_[ccm|gcm]_xxx()`), -- disable legacy key types (`MBEDTLS_[AES|ARIA|CAMELLIA]_C`) if there is no +- Still benefit from legacy functions belonging to CCM/GCM modules + (`mbedtls_[ccm|gcm]_xxx()`). +- Disable legacy key types (`MBEDTLS_[AES|ARIA|CAMELLIA]_C`) if there is no other dependency requiring them, of course. ChaChaPoly has not such feature, so it requires full acceleration (key type + @@ -332,32 +336,29 @@ algorithm) in order to work with a driver. ### CTR-DRBG -Legacy CTR-DRBG module (enabled by `MBEDTLS_CTR_DRBG_C`) can also benefit from -PSA acceleration when: -- the legacy AES module is not enabled (`MBEDTLS_AES_C`) and +The legacy CTR-DRBG module (enabled by `MBEDTLS_CTR_DRBG_C`) can also benefit +from PSA acceleration if both of the following conditions are met: +- The legacy AES module (`MBEDTLS_AES_C`) is not enabled and - AES is supported on the PSA side together with ECB mode, i.e. `PSA_WANT_KEY_TYPE_AES` + `PSA_WANT_ALG_ECB_NO_PADDING`. ### Disabling CIPHER_C -This only depends on unauthenticated ciphers: they can be either completely -accelerated or disabled in order to remove the dependency on `MBEDTLS_CIPHER_C`. +It is possible to save code size by disabling MBEDTLS_CIPHER_C when all of the +following conditions are met: +- The application is not using the `mbedtls_cipher_` API. +- In PSA, all unauthenticated (that is, non-AEAD) ciphers are either disabled or + fully accelerated (that is, all compatible key types are accelerated too). +- Either TLS is disabled, or `MBEDTLS_USE_PSA_CRYPTO` is enabled. +- `MBEDTLS_NIST_KW` is disabled. -AEADs do not have such a restriction. Of course they can be accelerated as well, -but they can also rely on the legacy modules (`MBEDTLS_[CCM|GCM|CHACHAPOLY]`) -with the following conditions on the underlying key types: -- CCM/GCM can either use legacy key type modules `MBEDTLS_[AES|ARIA|CAMELLIA]_C` - or their accelerated version, as described in section - ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-ccmgcm). -- ChaChaPoly instead can only rely on the legacy key type module - `MBEDTLS_CHACHA20_C` and algorithm `MBEDTLS_POLY1305_C`. +In such a build, everything will work as usual except for the following: +- Encryption/decryption functions from the PKCS5 and PKCS12 module will not be + available (only key derivation functions). +- Parsing of PKCS5- or PKCS12-encrypted keys in PK parse will fail. + +Note: AEAD ciphers (CCM, GCM, ChachaPoly) do not have a dependency on +MBEDTLS_CIPHER_C even when using the built-in implementations. -It should be noticed that disabling `MBEDTLS_CIPHER_C` helps to reduce the -code's footprint, but unfortunately it makes the following features unavailable: -- encryption/decryption in PKCS5 and PKCS12 modules (key derivations will still - be available), -- encrypted PEM (write and unecrypted read work normally), -- parsing of encrypted keys (PKCS5 or PKCS12) in PK modules, -- NIST-KW (`MBEDTLS_NIST_KW_C`). From ab0494f19335b09183d1cee6aa1de58e5e755077 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 13:56:13 +0100 Subject: [PATCH 436/653] analyze_outcomes: update comments of skipped tests Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 7dc6afe3ca..277ea73629 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -566,12 +566,13 @@ KNOWN_TASKS = { re.compile(r'CAMELLIA-\d+[- ]CCM\*-NO-TAG .*'), ], 'test_suite_error': [ - # Following tests require AES_C which is disabled in the accelerated component + # Following tests depend on AES_C but are not about them + # really, just need to know some error code is there. 'Single low error', 'Low and high error', ], 'test_suite_version': [ - # Following tests require AES_C which is disabled in the accelerated component + # Similar to test_suite_error above. 'Check for MBEDTLS_AES_C when already present', ], 'test_suite_platform': [ From 1994e72e185294bd67b33ddd725dec5532162a40 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 14:01:22 +0100 Subject: [PATCH 437/653] check_config/block_cipher: minor improvements Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 10 ++++------ library/block_cipher.c | 2 +- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 30ef7d6fc5..3b39c912f8 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -334,16 +334,14 @@ #undef MBEDTLS_HAS_MEMSAN #if defined(MBEDTLS_CCM_C) && \ - !(defined(MBEDTLS_BLOCK_CIPHER_CAN_AES) || defined(MBEDTLS_AES_C) || \ - defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA) || defined(MBEDTLS_ARIA_C) || \ - defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA) || defined(MBEDTLS_CAMELLIA_C)) + !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \ + defined(MBEDTLS_CCM_GCM_CAN_CAMELLIA)) #error "MBEDTLS_CCM_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_GCM_C) && \ - !(defined(MBEDTLS_BLOCK_CIPHER_CAN_AES) || defined(MBEDTLS_AES_C) || \ - defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA) || defined(MBEDTLS_ARIA_C) || \ - defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA) || defined(MBEDTLS_CAMELLIA_C)) + !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \ + defined(MBEDTLS_CCM_GCM_CAN_CAMELLIA)) #error "MBEDTLS_GCM_C defined, but not all prerequisites" #endif diff --git a/library/block_cipher.c b/library/block_cipher.c index bfb605ec49..e21541ec15 100644 --- a/library/block_cipher.c +++ b/library/block_cipher.c @@ -42,7 +42,7 @@ static psa_key_type_t psa_key_type_from_block_cipher_id(mbedtls_block_cipher_id_ } } -int mbedtls_cipher_error_from_psa(psa_status_t status) +static int mbedtls_cipher_error_from_psa(psa_status_t status) { return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_cipher_errors, psa_generic_status_to_mbedtls); From 9a4cc122a7c06866dccd60b9d0866e920c7c0e00 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 14:05:15 +0100 Subject: [PATCH 438/653] test_suite_block_cipher.psa: remove misleading initial comment Signed-off-by: Valerio Setti --- tests/suites/test_suite_block_cipher.psa.data | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/suites/test_suite_block_cipher.psa.data b/tests/suites/test_suite_block_cipher.psa.data index e9b48e1955..eb0c27837e 100644 --- a/tests/suites/test_suite_block_cipher.psa.data +++ b/tests/suites/test_suite_block_cipher.psa.data @@ -1,7 +1,3 @@ -# These tests behave differently depending on the presence of -# drivers and/or built-in, so they're isolated here for the benefit of -# analyze_outcomes.py (driver vs reference comparison). - AES - legacy only depends_on:MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY:!MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA block_cipher_psa_dynamic_dispatch:MBEDTLS_CIPHER_ID_AES:0:MBEDTLS_BLOCK_CIPHER_ENGINE_LEGACY From 1fff4f20120d1ba0982cbc1c567159d07829ff53 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 14:19:34 +0100 Subject: [PATCH 439/653] psa: add key_type as input parameter of psa_can_do_cipher() Signed-off-by: Valerio Setti --- library/block_cipher.c | 5 +++-- library/psa_crypto.c | 3 ++- library/psa_crypto_core.h | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/library/block_cipher.c b/library/block_cipher.c index e21541ec15..04cd7fb444 100644 --- a/library/block_cipher.c +++ b/library/block_cipher.c @@ -88,8 +88,9 @@ int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx, MBEDTLS_BLOCK_CIPHER_ID_NONE; #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) - if (psa_can_do_cipher(cipher_id) && - (psa_key_type_from_block_cipher_id(ctx->id) != PSA_KEY_TYPE_NONE)) { + psa_key_type_t psa_key_type = psa_key_type_from_block_cipher_id(ctx->id); + if (psa_key_type != PSA_KEY_TYPE_NONE && + psa_can_do_cipher(psa_key_type, PSA_ALG_ECB_NO_PADDING)) { ctx->engine = MBEDTLS_BLOCK_CIPHER_ENGINE_PSA; return 0; } diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a9ba787d0f..dd5b4465f3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -116,8 +116,9 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) return global_data.drivers_initialized; } -int psa_can_do_cipher(psa_algorithm_t cipher_alg) +int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg) { + (void) key_type; (void) cipher_alg; return global_data.drivers_initialized; } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 43b1c2377e..ff01add958 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -43,7 +43,7 @@ int psa_can_do_hash(psa_algorithm_t hash_alg); * * \return 1 if the driver subsytem is ready, 0 otherwise. */ -int psa_can_do_cipher(psa_algorithm_t cipher_alg); +int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg); typedef enum { PSA_SLOT_EMPTY = 0, From cd21d4eb8fe0bbad753210172dd3133160dcc03a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 16:00:55 +0100 Subject: [PATCH 440/653] all.sh: keep legacy cipher modes enabled in test_full_block_cipher_legacy_dispatch() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4a3f721466..4377095376 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3840,9 +3840,8 @@ common_block_cipher_dispatch() { # Disable cipher's modes and AEADs that, when not accelerated, cause # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h". - # Keep this also in the reference component in order to avoid re-enabling - # (in "config_adjust_legacy_from_psa.h") legacy cipher modes that were - # disabled in that component. + # Keep this also in the reference component in order to skip the same tests + # that were skipped in the accelerated one. scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB @@ -3901,11 +3900,6 @@ component_test_full_block_cipher_legacy_dispatch () { common_block_cipher_dispatch 0 - # Disable cipher modes other than ECB as in the accelerated component. ECB - # does not have a configuration symbol and it's automatically enabled as - # long as underlying key types are. - scripts/config.py unset-all MBEDTLS_CIPHER_MODE - make msg "test: full + legacy dispatch in block_cipher" From 0635cca7d19f8bfd39e630e1e096784a503e1b7a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 16:16:02 +0100 Subject: [PATCH 441/653] analyze_outcomes: update skipped tests following latest changes to all.sh Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 39 +++++++++++++++++-------------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 277ea73629..bdbdbddbc0 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -542,28 +542,31 @@ KNOWN_TASKS = { 'ignored_suites': [ # Skipped in the accelerated component 'aes', 'aria', 'camellia', - # These require AES_C and CAMELLIA_C to be enabled in order for the cipher - # module (actually cipher_wrapper) to work properly. However these symbols - # are disabled in the accelerated component so we ignore them. - 'cipher.ccm', 'cipher.gcm', 'cmac', + # These require AES_C, ARIA_C or CAMELLIA_C to be enabled in + # order for the cipher module (actually cipher_wrapper) to work + # properly. However these symbols are disabled in the accelerated + # component so we ignore them. + 'cipher.ccm', 'cipher.gcm', 'cmac', 'cipher.aes', 'cipher.aria', + 'cipher.camellia', ], 'ignored_tests': { - 'test_suite_cipher.aes': [ - # CCM*-NO-TAG is disabled in the accelerated component but - # there is no way to get CCM without CCM*-NO-TAG with legacy symbols. - re.compile(r'AES-\d+[- ]CCM\*-NO-TAG .*'), - # Following test require AES_C to be enabled for CIPHER_C operations - re.compile(r'AES-\d+-ECB .* NIST KAT .*'), - # This test requires AES_C which is disabled in the accelerated component - 'Cipher Corner Case behaviours', + 'test_suite_cipher.padding': [ + # Following tests require AES_C/CAMELLIA_C to be enabled, + # but these are not available in the accelerated component. + re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'), ], - 'test_suite_cipher.aria': [ - # Same as for test_suite_cipher.aes - re.compile(r'ARIA-\d+[- ]CCM\*-NO-TAG .*'), + 'test_suite_pkparse': [ + # PEM (called by pkparse) requires AES_C in order to decrypt + # the key, but this is not available in the accelerated + # component. + re.compile('Parse RSA Key.*(password|AES-).*'), ], - 'test_suite_cipher.camellia': [ - # Same as for test_suite_cipher.aes - re.compile(r'CAMELLIA-\d+[- ]CCM\*-NO-TAG .*'), + 'test_suite_pem': [ + # Following tests require AES_C, but this is diabled in the + # accelerated component. + 'PEM read (AES-128-CBC + invalid iv)', + 'PEM read (malformed PEM AES-128-CBC)', + 'PEM read (unknown encryption algorithm)', ], 'test_suite_error': [ # Following tests depend on AES_C but are not about them From 6a971fd61a3fc0d52f4c31379dc3a2e0651b60f9 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 28 Dec 2023 17:48:16 +0000 Subject: [PATCH 442/653] Refactor and improve Record size limit handling Signed-off-by: Waleed Elmelegy --- library/ssl_tls.c | 81 +++++++++++++++++++------------------- library/ssl_tls13_client.c | 8 ++-- 2 files changed, 44 insertions(+), 45 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 452970ebe8..250adfb28a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3387,6 +3387,31 @@ const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl) } } +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + +size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl) +{ + const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; + size_t record_size_limit = max_len; + + if (ssl->session != NULL && + ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && + ssl->session->record_size_limit < max_len) { + record_size_limit = ssl->session->record_size_limit; + } + + // TODO: this is currently untested + /* During a handshake, use the value being negotiated */ + if (ssl->session_negotiate != NULL && + ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && + ssl->session_negotiate->record_size_limit < max_len) { + record_size_limit = ssl->session_negotiate->record_size_limit; + } + + return record_size_limit; +} +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl) { @@ -3420,31 +3445,6 @@ size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl) return max_len; } -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - -size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl) -{ - const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; - size_t record_size_limit = max_len; - - if (ssl->session != NULL && - ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && - ssl->session->record_size_limit < max_len) { - record_size_limit = ssl->session->record_size_limit; - } - - // TODO: this is currently untested - /* During a handshake, use the value being negotiated */ - if (ssl->session_negotiate != NULL && - ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && - ssl->session_negotiate->record_size_limit < max_len) { - record_size_limit = ssl->session_negotiate->record_size_limit; - } - - return record_size_limit; -} -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl) { size_t max_len; @@ -3516,24 +3516,25 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) if (max_len > record_size_limit) { max_len = record_size_limit; - if (ssl->transform_out != NULL && - ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* RFC 8449, section 4: - * - * This value [record_size_limit] is the length of the plaintext - * of a protected record. - * The value includes the content type and padding added in TLS 1.3 - * (that is, the complete length of TLSInnerPlaintext). - * - * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY - * and subtract 1 (for the content type that will be added later) - */ - max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; - } } #endif + if (ssl->transform_out != NULL && + ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { + /* RFC 8449, section 4: + * + * This value [record_size_limit] is the length of the plaintext + * of a protected record. + * The value includes the content type and padding added in TLS 1.3 + * (that is, the complete length of TLSInnerPlaintext). + * + * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY + * and subtract 1 (for the content type that will be added later) + */ + max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; + } + #if defined(MBEDTLS_SSL_PROTO_DTLS) if (mbedtls_ssl_get_current_mtu(ssl) != 0) { const size_t mtu = mbedtls_ssl_get_current_mtu(ssl); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 503db5862a..5775a3ea5f 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2133,11 +2133,9 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl, if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) && (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH))) { - mbedtls_debug_print_msg(ssl, - 3, - __FILE__, - __LINE__, - "Record size limit extension cannot be used with max fragment length extension"); + MBEDTLS_SSL_DEBUG_MSG(3, + ( + "Record size limit extension cannot be used with max fragment length extension")); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); From 87a373eea689f4b3e1582e207b442ccb3c7ad6b6 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 28 Dec 2023 17:49:36 +0000 Subject: [PATCH 443/653] Improve Record size limit testing Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 131 +++++++++++++++++------------------------------ 1 file changed, 48 insertions(+), 83 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8fd295f300..de89add8cc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4842,13 +4842,9 @@ run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ "$P_SRV debug_level=3 force_version=tls13" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ 0 \ - -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ - -c "Sending extension Record Size Limit/28 (2 bytes)" \ - -s "ClientHello: record_size_limit(28) extension received."\ - -s "found record_size_limit extension" \ -s "RecordSizeLimit: 16385 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 16384" \ + -s "Maximum outgoing record payload length is 16383" \ -s "bytes written in 1 fragments" requires_gnutls_tls1_3 @@ -4863,10 +4859,6 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'" # The P_CLI can not yet send the Record Size Limit extension. Thus, the G_NEXT_SRV does not send # a response in its EncryptedExtensions record. -# -s "Parsing extension 'Record Size Limit/28 (2 bytes)" \ -# -s "Sending extension Record Size Limit/28 (2 bytes)" \ -# -c "EncryptedExtensions: record_size_limit(28) extension received."\ -# -c "found record_size_limit extension" \ # -c "RecordSizeLimit: 16385 Bytes" # In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the @@ -4882,59 +4874,56 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ # https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142 # Currently test certificates being used do not fit in 513 record size limit -# so 513 record size limit tests will not pass until certificates size -# is reduced or handshake messages fragmentation is supported. +# so for 513 record size limit tests we use preshared key to avoid sending +# the certificate. -# requires_gnutls_tls1_3 -# requires_gnutls_record_size_limit -# requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -# requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -# run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \ -# "$P_SRV debug_level=3 force_version=tls13 response_size=256" \ -# "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ -# 0 \ -# -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ -# -c "Sending extension Record Size Limit/28 (2 bytes)" \ -# -s "ClientHello: record_size_limit(28) extension received."\ -# -s "found record_size_limit extension" \ -# -s "RecordSizeLimit: 513 Bytes" \ -# -s "ClientHello: record_size_limit(28) extension exists." \ -# -s "Maximum outgoing record payload length is 511" \ -# -s "256 bytes written in 1 fragments" +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \ + "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ + psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ + response_size=256" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "Maximum outgoing record payload length is 511" \ + -s "256 bytes written in 1 fragments" -# requires_gnutls_tls1_3 -# requires_gnutls_record_size_limit -# requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -# requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -# run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \ -# "$P_SRV debug_level=3 force_version=tls13 response_size=768" \ -# "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ -# 0 \ -# -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ -# -c "Sending extension Record Size Limit/28 (2 bytes)" \ -# -s "ClientHello: record_size_limit(28) extension received."\ -# -s "found record_size_limit extension" \ -# -s "RecordSizeLimit: 513 Bytes" \ -# -s "ClientHello: record_size_limit(28) extension exists." \ -# -s "Maximum outgoing record payload length is 511" \ -# -s "768 bytes written in 2 fragments" +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ + psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ + response_size=768" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "Maximum outgoing record payload length is 511" \ + -s "768 bytes written in 2 fragments" -# requires_gnutls_tls1_3 -# requires_gnutls_record_size_limit -# requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -# requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -# run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \ -# "$P_SRV debug_level=3 force_version=tls13 response_size=1280" \ -# "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 512" \ -# 0 \ -# -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ -# -c "Sending extension Record Size Limit/28 (2 bytes)" \ -# -s "ClientHello: record_size_limit(28) extension received."\ -# -s "found record_size_limit extension" \ -# -s "RecordSizeLimit: 513 Bytes" \ -# -s "ClientHello: record_size_limit(28) extension exists." \ -# -s "Maximum outgoing record payload length is 511" \ -# -s "1280 bytes written in 3 fragments" +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ + psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ + response_size=1280" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "Maximum outgoing record payload length is 511" \ + -s "1280 bytes written in 3 fragments" requires_gnutls_tls1_3 requires_gnutls_record_size_limit @@ -4944,10 +4933,6 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=512" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 0 \ - -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ - -c "Sending extension Record Size Limit/28 (2 bytes)" \ - -s "ClientHello: record_size_limit(28) extension received."\ - -s "found record_size_limit extension" \ -s "RecordSizeLimit: 1024 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ @@ -4961,10 +4946,6 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 0 \ - -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ - -c "Sending extension Record Size Limit/28 (2 bytes)" \ - -s "ClientHello: record_size_limit(28) extension received."\ - -s "found record_size_limit extension" \ -s "RecordSizeLimit: 1024 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ @@ -4978,10 +4959,6 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 0 \ - -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ - -c "Sending extension Record Size Limit/28 (2 bytes)" \ - -s "ClientHello: record_size_limit(28) extension received."\ - -s "found record_size_limit extension" \ -s "RecordSizeLimit: 1024 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ @@ -4995,10 +4972,6 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 0 \ - -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ - -c "Sending extension Record Size Limit/28 (2 bytes)" \ - -s "ClientHello: record_size_limit(28) extension received."\ - -s "found record_size_limit extension" \ -s "RecordSizeLimit: 4096 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ @@ -5012,10 +4985,6 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 0 \ - -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ - -c "Sending extension Record Size Limit/28 (2 bytes)" \ - -s "ClientHello: record_size_limit(28) extension received."\ - -s "found record_size_limit extension" \ -s "RecordSizeLimit: 4096 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ @@ -5029,10 +4998,6 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 0 \ - -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ - -c "Sending extension Record Size Limit/28 (2 bytes)" \ - -s "ClientHello: record_size_limit(28) extension received."\ - -s "found record_size_limit extension" \ -s "RecordSizeLimit: 4096 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ From 160b2bde094148f776ab6bee31c019f9ecd8647f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 14:07:11 +0100 Subject: [PATCH 444/653] test_suite_cmac: add used key type to all test cases This is useful for grepping and skipping disparities in analyze_outcomes.py. Signed-off-by: Valerio Setti --- tests/suites/test_suite_cmac.data | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data index 03c799f336..14eb7973c6 100644 --- a/tests/suites/test_suite_cmac.data +++ b/tests/suites/test_suite_cmac.data @@ -53,43 +53,43 @@ CMAC init #8 ARIA-256: wrong cipher depends_on:MBEDTLS_ARIA_C mbedtls_cmac_setkey:MBEDTLS_CIPHER_ARIA_256_ECB:256:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -CMAC Single Blocks #1 - Empty block, no updates +CMAC Single Blocks #1 AES-128 - Empty block, no updates depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":-1:"":-1:"":-1:"":-1:"bb1d6929e95937287fa37d129b756746" -CMAC Single Blocks #2 - Single 16 byte block +CMAC Single Blocks #2 AES-128 - Single 16 byte block depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172a":16:"":-1:"":-1:"":-1:"070a16b46b4d4144f79bdd9dd04a287c" -CMAC Single Blocks #3 - Single 64 byte block +CMAC Single Blocks #3 AES-128 - Single 64 byte block depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":64:"":-1:"":-1:"":-1:"51f0bebf7e3b9d92fc49741779363cfe" -CMAC Multiple Blocks #1 - Multiple 8 byte blocks +CMAC Multiple Blocks #1 AES-128 - Multiple 8 byte blocks depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96":8:"e93d7e117393172a":8:"":-1:"":-1:"070a16b46b4d4144f79bdd9dd04a287c" -CMAC Multiple Blocks #2 - Multiple 16 byte blocks +CMAC Multiple Blocks #2 AES-128 - Multiple 16 byte blocks depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172a":16:"ae2d8a571e03ac9c9eb76fac45af8e51":16:"30c81c46a35ce411e5fbc1191a0a52ef":16:"f69f2445df4f9b17ad2b417be66c3710":16:"51f0bebf7e3b9d92fc49741779363cfe" -CMAC Multiple Blocks #3 - Multiple variable sized blocks +CMAC Multiple Blocks #3 AES-128 - Multiple variable sized blocks depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96":8:"e93d7e117393172aae2d8a571e03ac9c":16:"9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52ef":24:"f69f2445df4f9b17ad2b417be66c3710":16:"51f0bebf7e3b9d92fc49741779363cfe" -CMAC Multiple Blocks #4 - Multiple 8 byte blocks with gaps +CMAC Multiple Blocks #4 AES-128 - Multiple 8 byte blocks with gaps depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":0:"6bc1bee22e409f96":8:"":0:"e93d7e117393172a":8:"070a16b46b4d4144f79bdd9dd04a287c" -CMAC Multiple Operations, same key #1 - Empty, empty +CMAC Multiple Operations, same key #1 AES-192 - Empty, empty depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367":"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367" -CMAC Multiple Operations, same key #2 - Empty, 64 byte block +CMAC Multiple Operations, same key #2 AES-192 - Empty, 64 byte block depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":64:"":-1:"":-1:"a1d5df0eed790f794d77589659f39a11" -CMAC Multiple Operations, same key #3 - variable byte blocks +CMAC Multiple Operations, same key #3 AES-192 - variable byte blocks depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51":32:"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":32:"":-1:"a1d5df0eed790f794d77589659f39a11":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51":32:"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":32:"":-1:"a1d5df0eed790f794d77589659f39a11" From a0c9c6684d949105d9629872ab79d58870fd7d62 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 14:14:11 +0100 Subject: [PATCH 445/653] analyze_outcomes: ignore only test concerning AES/ARIA/Camellia in CMAC Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index bdbdbddbc0..3b11ca24c8 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -546,10 +546,16 @@ KNOWN_TASKS = { # order for the cipher module (actually cipher_wrapper) to work # properly. However these symbols are disabled in the accelerated # component so we ignore them. - 'cipher.ccm', 'cipher.gcm', 'cmac', 'cipher.aes', 'cipher.aria', + 'cipher.ccm', 'cipher.gcm', 'cipher.aes', 'cipher.aria', 'cipher.camellia', ], 'ignored_tests': { + 'test_suite_cmac': [ + # Following tests require AES_C/ARIA_C/CAMELLIA_C to be enabled, + # but these are not available in the accelerated component. + 'CMAC null arguments', + re.compile('CMAC.* (AES|ARIA|Camellia).*'), + ], 'test_suite_cipher.padding': [ # Following tests require AES_C/CAMELLIA_C to be enabled, # but these are not available in the accelerated component. From f333b3fbde20ecdc905bb3dfe32cd37b0b46b77a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 14:49:03 +0100 Subject: [PATCH 446/653] driver-only-builds: fix typos Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 50 +++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index c628e9e924..47d123ede7 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -270,68 +270,68 @@ algorithm/mode you can: - `PSA_WANT_ALG_GCM`, - `PSA_WANT_ALG_CHACHA20_POLY1305`. - Enable `MBEDTLS_PSA_ACCEL_[KEY_TYPE_xxx|ALG_yyy]` symbol(s) which correspond - to the PSA_WANT_KEY_TYPE_xxx` and `PSA_WANT_ALG_yyy` of the previous steps. + to the `PSA_WANT_KEY_TYPE_xxx` and `PSA_WANT_ALG_yyy` of the previous steps. - Disable builtin support of key types: - `MBEDTLS_AES_C`, - `MBEDTLS_ARIA_C`, - `MBEDTLS_CAMELLIA_C`, - `MBEDTLS_DES_C`, - - `MBEDTLS_CHACHA20_C`; + - `MBEDTLS_CHACHA20_C`. and algorithms/modes: - - `MBEDTLS_CBC_C` - - `MBEDTLS_CFB_C` - - `MBEDTLS_CTR_C` - - `MBEDTLS_OFB_C` - - `MBEDTLS_XTS_C` - - `MBEDTLS_CCM_C` - - `MBEDTLS_GCM_C` - - `MBEDTLS_CHACHAPOLY_C` - - `MBEDTLS_NULL_CIPHER` + - `MBEDTLS_CBC_C`, + - `MBEDTLS_CFB_C`, + - `MBEDTLS_CTR_C`, + - `MBEDTLS_OFB_C`, + - `MBEDTLS_XTS_C`, + - `MBEDTLS_CCM_C`, + - `MBEDTLS_GCM_C`, + - `MBEDTLS_CHACHAPOLY_C`, + - `MBEDTLS_NULL_CIPHER`. Once a key type and related algorithm are accelerated, all the PSA Crypto APIs -will work, as well as X.509 and TLS (with MBEDTLS_USE_PSA_CRYPTO enabled) but +will work, as well as X.509 and TLS (with `MBEDTLS_USE_PSA_CRYPTO` enabled) but some non-PSA APIs will be absent or have reduced functionality, see [Disabling CIPHER_C](#disabling-cipher_c) for details. ### Restrictions -- If an algorithm other than GCM and CCM (see +- If an algorithm other than CCM and GCM (see ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-ccmgcm) below) - is enabled but not accelerated, then all key types than can be used with it + is enabled but not accelerated, then all key types that can be used with it will need to be built-in. - If a key type is enabled but not accelerated, then all algorithms than can be used with it will need to be built-in. ### Legacy <-> PSA matching -Note that the matching between legacy (i.e. `MBEDTLS_xxx_C`) and PSA +Note that the relationship between legacy (i.e. `MBEDTLS_xxx_C`) and PSA (i.e. `PSA_WANT_xxx`) symbols is not always 1:1. For example: -- ECB mode is always enabled in legacy configuration for each key type that +- ECB mode is always enabled in the legacy configuration for each key type that allows it (AES, ARIA, Camellia, DES), whereas it must be explicitly enabled in PSA with `PSA_WANT_ALG_ECB_NO_PADDING`. -- In the legacy API, MBEDTLS_CHACHA20_C enables the ChaCha20 stream cipher, and - enabling MBEDTLS_CHACHAPOLY_C also enables the ChaCha20-Poly1305 AEAD. In the - PSA API, you need to enable PSA_KEY_TYPE_CHACHA20 for both, plus - PSA_ALG_STREAM_CIPHER or PSA_ALG_CHACHA20_POLY1305 as desired. +- In the legacy API, `MBEDTLS_CHACHA20_C` enables the ChaCha20 stream cipher, and + enabling `MBEDTLS_CHACHAPOLY_C` also enables the ChaCha20-Poly1305 AEAD. In the + PSA API, you need to enable `PSA_KEY_TYPE_CHACHA20` for both, plus + `PSA_ALG_STREAM_CIPHER` or `PSA_ALG_CHACHA20_POLY1305` as desired. - The legacy symbol `MBEDTLS_CCM_C` adds support for both cipher and AEAD, whereas in PSA there are 2 different symbols: `PSA_WANT_ALG_CCM_STAR_NO_TAG` and `PSA_WANT_ALG_CCM`, respectively. ### Partial acceleration for CCM/GCM -[This section depends on #8598 so it might updated while that PR progresses.] +[This section depends on #8598 so it might be updated while that PR progresses.] -In case legacy CCM/GCM algorithms are enabled it is still possible to benefit +In case legacy CCM/GCM algorithms are enabled, it is still possible to benefit from PSA acceleration of the underlying block cipher by enabling support for ECB mode (`PSA_WANT_ALG_ECB_NO_PADDING`) together with desired key type(s) -(`PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`). In such configuration it is possible +(`PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`). In such configurations it is possible to: - Still benefit from legacy functions belonging to CCM/GCM modules (`mbedtls_[ccm|gcm]_xxx()`). - Disable legacy key types (`MBEDTLS_[AES|ARIA|CAMELLIA]_C`) if there is no - other dependency requiring them, of course. + other dependency requiring them. -ChaChaPoly has not such feature, so it requires full acceleration (key type + +ChaChaPoly has no such feature, so it requires full acceleration (key type + algorithm) in order to work with a driver. ### CTR-DRBG From 045d680054841eb1965bf9e9ea869b04fb25912d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 15:42:22 +0100 Subject: [PATCH 447/653] driver-only-builds: enhancing cipher related sections Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 47 ++++++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 9 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 47d123ede7..287be1df9f 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -243,8 +243,8 @@ The same holds for the associated algorithm: `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and removing builtin support (i.e. `MBEDTLS_DHM_C`). -Ciphers and AEADs ------------------ +Ciphers (unauthenticated and AEAD) +---------------------------------- It is possible to have all ciphers and AEAD operations provided only by a driver. More precisely, for each desired combination of key type and @@ -291,7 +291,7 @@ algorithm/mode you can: Once a key type and related algorithm are accelerated, all the PSA Crypto APIs will work, as well as X.509 and TLS (with `MBEDTLS_USE_PSA_CRYPTO` enabled) but some non-PSA APIs will be absent or have reduced functionality, see -[Disabling CIPHER_C](#disabling-cipher_c) for details. +[Restrictions](#restrictions) for details. ### Restrictions @@ -302,6 +302,29 @@ some non-PSA APIs will be absent or have reduced functionality, see - If a key type is enabled but not accelerated, then all algorithms than can be used with it will need to be built-in. +Some legacy modules can't take advantage of PSA drivers yet, and will either +need to be disabled, or have reduced features when the built-in implementations +of some ciphers are removed: +- `MBEDTLS_NIST_KW_C` needs built-in AES: it must be disabled when + `MBEDTLS_AES_C` is disabled. +- `MBEDTLS_CMAC_C` needs built-in AES/DES: it must be disabled when + `MBEDTLS_AES_C` and `MBEDTLS_DES_C` are both disabled. When only one of them + is enabled, then only the corresponding cipher will be available at runtime + for use with `mbedtls_cipher_cmac_xxx`. (Note: if there is driver support for + CMAC and all compatible key types, then `PSA_WANT_ALG_CMAC` can be enabled + without `MBEDTLS_CMAC_C` and CMAC will be usable with `psa_max_xxx` APIs.) +- `MBEDTLS_CIPHER_C`: the `mbedtls_cipher_xxx()` APIs will only work with + ciphers that are built-in - that is, both the underlying cipher + (eg `MBEDTLS_AES_C`) and the mode (eg `MBEDTLS_CIPHER_MODE_CBC` or + `MBEDTLS_GCM_C`). +- `MBEDTLS_PKCS5_C`: encryption/decryption (PBES2, PBE) will only work with + ciphers that are built-in. +- PEM decryption will only work with ciphers that are built-in. +- PK parse will only be able to parse encrypted keys using built-in ciphers. + +Note that if you also disable `MBEDTLS_CIPHER_C`, there will be additional +restrictions, see [Disabling `MBEDTLS_CIPHER_C`](#disabling-mbedtls_cipher_c). + ### Legacy <-> PSA matching Note that the relationship between legacy (i.e. `MBEDTLS_xxx_C`) and PSA @@ -323,11 +346,12 @@ Note that the relationship between legacy (i.e. `MBEDTLS_xxx_C`) and PSA In case legacy CCM/GCM algorithms are enabled, it is still possible to benefit from PSA acceleration of the underlying block cipher by enabling support for -ECB mode (`PSA_WANT_ALG_ECB_NO_PADDING`) together with desired key type(s) -(`PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`). In such configurations it is possible -to: -- Still benefit from legacy functions belonging to CCM/GCM modules - (`mbedtls_[ccm|gcm]_xxx()`). +ECB mode (`PSA_WANT_ALG_ECB_NO_PADDING` + `MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING`) +together with desired key type(s) (`PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]` + +`MBEDTLS_PSA_ACCEL_KEY_TYPE_[AES|ARIA|CAMELLIA]`). +In such configurations it is possible to: +- Use CCM and GCM via the PSA Crypto APIs. +- Use CCM and GCM via legacy functions (`mbedtls_[ccm|gcm]_xxx()`). - Disable legacy key types (`MBEDTLS_[AES|ARIA|CAMELLIA]_C`) if there is no other dependency requiring them. @@ -342,7 +366,7 @@ from PSA acceleration if both of the following conditions are met: - AES is supported on the PSA side together with ECB mode, i.e. `PSA_WANT_KEY_TYPE_AES` + `PSA_WANT_ALG_ECB_NO_PADDING`. -### Disabling CIPHER_C +### Disabling `MBEDTLS_CIPHER_C` It is possible to save code size by disabling MBEDTLS_CIPHER_C when all of the following conditions are met: @@ -351,6 +375,8 @@ following conditions are met: fully accelerated (that is, all compatible key types are accelerated too). - Either TLS is disabled, or `MBEDTLS_USE_PSA_CRYPTO` is enabled. - `MBEDTLS_NIST_KW` is disabled. +- `MBEDTLS_CMAC_C` is disabled. (Note: support for CMAC in PSA can be provided by + a driver.) In such a build, everything will work as usual except for the following: - Encryption/decryption functions from the PKCS5 and PKCS12 module will not be @@ -360,5 +386,8 @@ In such a build, everything will work as usual except for the following: Note: AEAD ciphers (CCM, GCM, ChachaPoly) do not have a dependency on MBEDTLS_CIPHER_C even when using the built-in implementations. +If you also have some ciphers fully accelerated and the built-ins removed, see +[Restrictions](#restrictions) for restrictions related to removing the built-ins. + From 81338483e6e610f2df1d6ebdd46e71779f9a4499 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 15:46:17 +0100 Subject: [PATCH 448/653] changelog: enhance description Signed-off-by: Valerio Setti --- ChangeLog.d/8358.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/8358.txt b/ChangeLog.d/8358.txt index 123bdbd803..70b795a4ba 100644 --- a/ChangeLog.d/8358.txt +++ b/ChangeLog.d/8358.txt @@ -1,7 +1,7 @@ Features * If a cipher or AEAD mechanism has a PSA driver, you can now build the - library without the corresponding built-in implementation and without - enabling MBEDTLS_CIPHER_C. + library without the corresponding built-in implementation. See + docs/driver-only-builds.md for full details and current limitations. * It is possible to disable MBEDTLS_CIPHER_C in some circumstances, please see docs/driver-only-builds.md for full details and current limitations. * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is From 562dfe10674319a26c51c0b93c012f3e671e5ff2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 16:34:19 +0100 Subject: [PATCH 449/653] all.sh: keep PKCS[5/12] enabled in full_no_cipher test components Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b2857e05db..aa7626a511 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1547,8 +1547,6 @@ component_test_full_no_cipher () { # Disable features that depend on CIPHER_C scripts/config.py unset MBEDTLS_CMAC_C scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py unset MBEDTLS_PKCS12_C - scripts/config.py unset MBEDTLS_PKCS5_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_C scripts/config.py unset MBEDTLS_SSL_TLS_C scripts/config.py unset MBEDTLS_SSL_TICKET_C @@ -1606,8 +1604,6 @@ common_test_full_no_cipher_with_psa_crypto () { # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_CMAC_C scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py unset MBEDTLS_PKCS12_C - scripts/config.py unset MBEDTLS_PKCS5_C make From e581e140cc8b8394829b409c0e51286c69726182 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 16:35:07 +0100 Subject: [PATCH 450/653] oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C This commit also updates test_suite_pkparse.data file adding MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used. Signed-off-by: Valerio Setti --- include/mbedtls/oid.h | 2 +- library/oid.c | 4 +- library/pkparse.c | 10 +- tests/suites/test_suite_pkparse.data | 412 +++++++++++++-------------- 4 files changed, 214 insertions(+), 214 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index e48817d68c..8a67486bbe 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -698,7 +698,6 @@ int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg); -#endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_PKCS12_C) /** @@ -714,6 +713,7 @@ int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_ int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, mbedtls_cipher_type_t *cipher_alg); #endif /* MBEDTLS_PKCS12_C */ +#endif /* MBEDTLS_CIPHER_C */ #ifdef __cplusplus } diff --git a/library/oid.c b/library/oid.c index d8339c1383..d30a464051 100644 --- a/library/oid.c +++ b/library/oid.c @@ -866,7 +866,7 @@ static const oid_md_hmac_t oid_md_hmac[] = FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) -#if defined(MBEDTLS_PKCS12_C) +#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_C) /* * For PKCS#12 PBEs */ @@ -904,7 +904,7 @@ FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, md_alg, mbedtls_cipher_type_t, cipher_alg) -#endif /* MBEDTLS_PKCS12_C */ +#endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_C */ /* Return the x.y.z.... style numeric string for the given OID */ int mbedtls_oid_get_numeric_string(char *buf, size_t size, diff --git a/library/pkparse.c b/library/pkparse.c index 18498e5f0b..5ba9645dac 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1417,7 +1417,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der( unsigned char *buf; unsigned char *p, *end; mbedtls_asn1_buf pbe_alg_oid, pbe_params; -#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) +#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) && defined(MBEDTLS_CIPHER_C) mbedtls_cipher_type_t cipher_alg; mbedtls_md_type_t md_alg; #endif @@ -1465,7 +1465,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der( /* * Decrypt EncryptedData with appropriate PBE */ -#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) +#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) && defined(MBEDTLS_CIPHER_C) if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) { if ((ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg, md_alg, @@ -1479,8 +1479,8 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der( decrypted = 1; } else -#endif /* MBEDTLS_PKCS12_C */ -#if defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) +#endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_PADDING_PKCS7 && MBEDTLS_CIPHER_C */ +#if defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) && defined(MBEDTLS_CIPHER_C) if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid) == 0) { if ((ret = mbedtls_pkcs5_pbes2_ext(&pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, p, len, buf, len, &outlen)) != 0) { @@ -1493,7 +1493,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der( decrypted = 1; } else -#endif /* MBEDTLS_PKCS5_C */ +#endif /* MBEDTLS_PKCS5_C && MBEDTLS_CIPHER_PADDING_PKCS7 && MBEDTLS_CIPHER_C */ { ((void) pwd); } diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 71735114c2..6387735878 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -75,819 +75,819 @@ depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C pk_parse_keyfile_rsa:"data_files/format_gen.key":"":0 Parse RSA Key #20 (PKCS#8 encrypted SHA1-3DES) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem":"PolarSSLTest":0 Parse RSA Key #20.1 (PKCS#8 encrypted SHA1-3DES, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #20.2 (PKCS#8 encrypted SHA1-3DES, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #21 (PKCS#8 encrypted SHA1-3DES, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"PolarSSLTest":0 Parse RSA Key #21.1 (PKCS#8 encrypted SHA1-3DES, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #21.2 (PKCS#8 encrypted SHA1-3DES, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTest":0 Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.der":"PolarSSLTest":0 Parse RSA Key #24 (PKCS#8 encrypted SHA1-3DES DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.der":"PolarSSLTest":0 Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.der":"PolarSSLTest":0 Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem":"PolarSSLTest":0 Parse RSA Key #26.1 (PKCS#8 encrypted SHA1-2DES, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #26.2 (PKCS#8 encrypted SHA1-2DES, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #27 (PKCS#8 encrypted SHA1-2DES, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"PolarSSLTest":0 Parse RSA Key #27.1 (PKCS#8 encrypted SHA1-2DES, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #27.2 (PKCS#8 encrypted SHA1-2DES, 2048-bit no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSSLTest":0 Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.der":"PolarSSLTest":0 Parse RSA Key #30 (PKCS#8 encrypted SHA1-2DES DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.der":"PolarSSLTest":0 Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0 Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTest":0 Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBKDF2 3DES, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBKDF2 3DES, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #39 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"PolarSSLTest":0 Parse RSA Key #39.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #39.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0 Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"PolarSSLTest":0 Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #42 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"PolarSSLTest":0 Parse RSA Key #42.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #42.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0 Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"PolarSSLTest":0 Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBKDF2 DES, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBKDF2 DES, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #45 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"PolarSSLTest":0 Parse RSA Key #45.1 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #45.2 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0 Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"PolarSSLTest":0 Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #48 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"PolarSSLTest":0 Parse RSA Key #48.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #48.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0 Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #50.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #50.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #51 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #51.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #51.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #53.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #53.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #54 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #54.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #54.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #56.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #56.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #57 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #57.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #57.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #59.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #59.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #60 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #60.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #60.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #62.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #62.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #63 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #63.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #63.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"PolarSSLTest":0 Parse RSA Key #65.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #65.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #66 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"PolarSSLTest":0 Parse RSA Key #66.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #66.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0 Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #69.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #69.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #70 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #70.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #70.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"PolarSSLTest":0 Parse RSA Key #72.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #72.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #73 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"PolarSSLTest":0 Parse RSA Key #73.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #73.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0 Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #75.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #75.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #76 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #76.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #76.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTest":0 Parse RSA Key #78.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #78.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #79 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTest":0 Parse RSA Key #79.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #79.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0 Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #81.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #81.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #82 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #82.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #82.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTest":0 Parse RSA Key #84.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #85.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #86 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTest":0 Parse RSA Key #86.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #86.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0 Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #88.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #88.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #89 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #89.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #89.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"PolarSSLTest":0 Parse RSA Key #91.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #91.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #92 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"PolarSSLTest":0 Parse RSA Key #92.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #92.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0 Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #94.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #94.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #95 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #95.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #95.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"PolarSSLTest":0 Parse RSA Key #97.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #97.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #98 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"PolarSSLTest":0 Parse RSA Key #98.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #98.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0 Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse Public RSA Key #1 (PKCS#8 wrapped) @@ -1220,11 +1220,11 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519 pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (Encrypted key PKCS5, trailing garbage data) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_key_encrypted:"307C304006092A864886F70D01050D3033301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC3949100438AD100BAC552FD0AE70BECAFA60F5E519B6180C77E8DB0B9ECC6F23FEDD30AB9BDCA2AF9F97BC470FC3A82DCA2364E22642DE0AF9275A82CB":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH Key ASN1 (Encrypted key PKCS12, trailing garbage data) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS12_C +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C pk_parse_key_encrypted:"3058301C060A2A864886F70D010C0103300E0409CCCCCCCCCCCCCCCCCC02010A04380A8CAF39C4FA001884D0583B323C5E70942444FBE1F650B92F8ADF4AD7BD5049B4748F53A2531139EBF253FE01E8FC925C82C759C944B4D0":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH # From RFC8410 Appendix A but made into version 0 From ea03183bd7ddcae35349af9c79c8bdce780c2959 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 29 Dec 2023 15:36:51 +0000 Subject: [PATCH 451/653] Adjust TLS 1.3 tests to new maximum output changes Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index de89add8cc..197ca9f68f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8589,20 +8589,20 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Large client packet TLS 1.3 AEAD" \ "$P_SRV" \ - "$P_CLI request_size=16384 \ + "$P_CLI request_size=16383 \ force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" + -c "16383 bytes written in $(fragments_for_write 16383) fragments" \ + -s "Read from client: 16383 bytes read" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Large client packet TLS 1.3 AEAD shorter tag" \ "$P_SRV" \ - "$P_CLI request_size=16384 \ + "$P_CLI request_size=16383 \ force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" + -c "16383 bytes written in $(fragments_for_write 16383) fragments" \ + -s "Read from client: 16383 bytes read" # The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. run_test "Large server packet TLS 1.2 BlockCipher" \ @@ -8645,17 +8645,17 @@ run_test "Large server packet TLS 1.2 AEAD shorter tag" \ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Large server packet TLS 1.3 AEAD" \ - "$P_SRV response_size=16384" \ + "$P_SRV response_size=16383" \ "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 0 \ - -c "Read from server: 16384 bytes read" + -c "Read from server: 16383 bytes read" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Large server packet TLS 1.3 AEAD shorter tag" \ - "$P_SRV response_size=16384" \ + "$P_SRV response_size=16383" \ "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 0 \ - -c "Read from server: 16384 bytes read" + -c "Read from server: 16383 bytes read" # Tests for restartable ECC From 84d19e08364002555df292c6207d46a52024adae Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 16:41:54 +0100 Subject: [PATCH 452/653] all.sh: keep DES_C and CTR_DRBG_C enabled in test_full_no_cipher_with_crypto() These were probably leftovers from the development phase of the associated PR that were not removed in the end. Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index aa7626a511..206fdc596d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1597,9 +1597,6 @@ common_test_full_no_cipher_with_psa_crypto () { # Disable cipher modes/keys that make PSA depend on CIPHER_C. # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C. scripts/config.py unset-all MBEDTLS_CIPHER_MODE - scripts/config.py unset MBEDTLS_DES_C - # Dependencies on AES_C - scripts/config.py unset MBEDTLS_CTR_DRBG_C fi # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_CMAC_C From bae705c12b4c8a17b8a20b6a0121beac183f2517 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 1 Jan 2024 14:21:21 +0000 Subject: [PATCH 453/653] Fix TLS 1.2 test to use TLS 1.2 maximum output size Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 197ca9f68f..be736169ab 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8400,7 +8400,7 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data (*2)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \ - "$P_SRV buffer_size=100" \ + "$P_SRV buffer_size=100 force_version=tls12" \ "$P_CLI request_size=$MAX_CONTENT_LEN" \ 0 \ -s "Read from client: $MAX_CONTENT_LEN bytes read (100 + $((MAX_CONTENT_LEN - 100)))" From 3d46b7f81a8ca9b0c128c8af26c5a7396b72a435 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 1 Jan 2024 20:50:53 +0000 Subject: [PATCH 454/653] Fix Max fragmen length test to use TLS 1.2 maximum output size Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index be736169ab..0c9a5c5cae 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4481,7 +4481,7 @@ run_test "Session resume using cache, DTLS: openssl server" \ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: enabled, default" \ - "$P_SRV debug_level=3" \ + "$P_SRV debug_level=3 force_version=tls12" \ "$P_CLI debug_level=3" \ 0 \ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ @@ -4496,7 +4496,7 @@ run_test "Max fragment length: enabled, default" \ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: enabled, default, larger message" \ - "$P_SRV debug_level=3" \ + "$P_SRV debug_level=3 force_version=tls12" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 0 \ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ @@ -4534,7 +4534,7 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \ requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: disabled, larger message" \ - "$P_SRV debug_level=3" \ + "$P_SRV debug_level=3 force_version=tls12" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 0 \ -C "Maximum incoming record payload length is 16384" \ @@ -4548,7 +4548,7 @@ run_test "Max fragment length: disabled, larger message" \ requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length, DTLS: disabled, larger message" \ - "$P_SRV debug_level=3 dtls=1" \ + "$P_SRV debug_level=3 dtls=1 force_version=tls12" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1 \ -C "Maximum incoming record payload length is 16384" \ From 8c8b4da3a39cac5943c7c1d800ddb5dd39f3642f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 11:44:30 +0100 Subject: [PATCH 455/653] all.sh: keep PSA_WANT_ALG_[CCM/GCM] enabled in common_block_cipher_dispatch() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4377095376..ec4ac6bdd2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3838,7 +3838,7 @@ common_block_cipher_dispatch() { scripts/config.py unset MBEDTLS_CAMELLIA_C fi - # Disable cipher's modes and AEADs that, when not accelerated, cause + # Disable cipher's modes that, when not accelerated, cause # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h". # Keep this also in the reference component in order to skip the same tests # that were skipped in the accelerated one. @@ -3849,8 +3849,6 @@ common_block_cipher_dispatch() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM # Disable direct dependency on AES_C scripts/config.py unset MBEDTLS_NIST_KW_C From 45c3cae8a5b9c6282d3ffb3efd980ac92f5a4288 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 13:26:04 +0100 Subject: [PATCH 456/653] md: move PSA conversion functions from md_psa.h to psa_util.h Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 37 +++++++++++++++++++++++++++++++++++++ library/md_psa.h | 37 ------------------------------------- 2 files changed, 37 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 5f6a05315a..249b8d421c 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -148,6 +148,43 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, int bits_is_sloppy); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +/** + * \brief This function returns the PSA algorithm identifier + * associated with the given digest type. + * + * \param md_type The type of digest to search for. Must not be NONE. + * + * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will + * not return \c PSA_ALG_NONE, but an invalid algorithm. + * + * \warning This function does not check if the algorithm is + * supported, it always returns the corresponding identifier. + * + * \return The PSA algorithm identifier associated with \p md_type, + * regardless of whether it is supported or not. + */ +static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) +{ + return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type; +} + +/** + * \brief This function returns the given digest type + * associated with the PSA algorithm identifier. + * + * \param psa_alg The PSA algorithm identifier to search for. + * + * \warning This function does not check if the algorithm is + * supported, it always returns the corresponding identifier. + * + * \return The MD type associated with \p psa_alg, + * regardless of whether it is supported or not. + */ +static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) +{ + return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); +} + /**@}*/ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/md_psa.h b/library/md_psa.h index b201263b1a..028ba2409c 100644 --- a/library/md_psa.h +++ b/library/md_psa.h @@ -15,43 +15,6 @@ #include "mbedtls/md.h" #include "psa/crypto.h" -/** - * \brief This function returns the PSA algorithm identifier - * associated with the given digest type. - * - * \param md_type The type of digest to search for. Must not be NONE. - * - * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will - * not return \c PSA_ALG_NONE, but an invalid algorithm. - * - * \warning This function does not check if the algorithm is - * supported, it always returns the corresponding identifier. - * - * \return The PSA algorithm identifier associated with \p md_type, - * regardless of whether it is supported or not. - */ -static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) -{ - return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type; -} - -/** - * \brief This function returns the given digest type - * associated with the PSA algorithm identifier. - * - * \param psa_alg The PSA algorithm identifier to search for. - * - * \warning This function does not check if the algorithm is - * supported, it always returns the corresponding identifier. - * - * \return The MD type associated with \p psa_alg, - * regardless of whether it is supported or not. - */ -static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) -{ - return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); -} - /** Convert PSA status to MD error code. * * \param status PSA status. From 384fbde49a4e9d6b87dac45217557eed06267661 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 13:26:40 +0100 Subject: [PATCH 457/653] library/tests: replace md_psa.h with psa_util.h as include file for MD conversion Signed-off-by: Valerio Setti --- library/pk.c | 2 +- library/pk_wrap.c | 2 +- library/psa_crypto.c | 2 +- library/psa_crypto_ecp.c | 2 +- library/psa_crypto_rsa.c | 2 +- library/ssl_ciphersuites.c | 2 +- library/ssl_cookie.c | 2 +- library/ssl_tls.c | 1 + library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_keys.c | 2 +- library/ssl_tls13_server.c | 2 +- library/x509_crt.c | 2 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- tests/src/test_helpers/ssl_helpers.c | 2 +- tests/suites/test_suite_constant_time_hmac.function | 2 +- tests/suites/test_suite_md.function | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_x509write.function | 2 +- 20 files changed, 20 insertions(+), 19 deletions(-) diff --git a/library/pk.c b/library/pk.c index 61ac0dfab0..9261837017 100644 --- a/library/pk.c +++ b/library/pk.c @@ -31,7 +31,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif #include diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9247945230..c232650229 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -13,7 +13,7 @@ #include "pk_wrap.h" #include "pk_internal.h" #include "mbedtls/error.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 10d17b6df5..a20dafaf01 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -70,7 +70,7 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index e4a372d242..41641549c9 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -14,7 +14,7 @@ #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" #include "psa_crypto_random_impl.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include #include diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 0679f41eab..7b58ea22a5 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -16,7 +16,7 @@ #include "psa_crypto_random_impl.h" #include "psa_crypto_rsa.h" #include "psa_crypto_hash.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include #include diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 6224ef205f..23619a26c8 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -17,7 +17,7 @@ #include "mbedtls/ssl.h" #include "ssl_misc.h" #if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif #include diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index ee81eb420f..2772cac4be 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -24,7 +24,7 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e1fb1283e6..28bf1d8a0c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -29,6 +29,7 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "mbedtls/psa_util.h" #include "md_psa.h" #include "psa_util_internal.h" #include "psa/crypto.h" diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ae1136431e..ffaffe925a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -19,7 +19,7 @@ #include "ssl_client.h" #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index fe2a2eba78..30b444d597 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -17,7 +17,7 @@ #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "psa/crypto.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include "ssl_misc.h" #include "ssl_tls13_invasive.h" diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 9b775ec954..edb453c3e2 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -22,7 +22,7 @@ #include "ssl_tls13_invasive.h" #include "psa/crypto.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index fe7a674d66..82b6bfcec1 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -14,7 +14,7 @@ #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "mbedtls/oid.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include "ssl_misc.h" #include "ssl_tls13_keys.h" diff --git a/library/x509_crt.c b/library/x509_crt.c index 4e7672e374..84b92a891a 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -35,7 +35,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include "pk_internal.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 44b6b1781e..913b15a709 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 254da69a9f..af75e7f720 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -24,7 +24,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index d02d305394..6233580b95 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -9,7 +9,7 @@ */ #include -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 9d9aa3c778..0e870d80fd 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -3,7 +3,7 @@ #include #include #include -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include #include diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 866ff588f8..2a885e2371 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -1,6 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/md.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include "mbedtls/oid.h" #include "mbedtls/asn1.h" diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 226598c724..f054443178 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -16,7 +16,7 @@ * but the test code generator requires test case data to be valid C code * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ #include "psa/crypto.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "psa_util_internal.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index b59fd48f3c..543b441ffe 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -7,7 +7,7 @@ #include "mbedtls/rsa.h" #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, From 3d2e0f5f42b9ac646f63d67e442f4af0f8a3fe4f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 14:57:19 +0100 Subject: [PATCH 458/653] psa_util: add algorithm's availability checks for MD conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 27 +++------- library/psa_util.c | 106 +++++++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 249b8d421c..e8fb3de61a 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -152,21 +152,12 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, * \brief This function returns the PSA algorithm identifier * associated with the given digest type. * - * \param md_type The type of digest to search for. Must not be NONE. + * \param md_type The type of digest to search for. * - * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will - * not return \c PSA_ALG_NONE, but an invalid algorithm. - * - * \warning This function does not check if the algorithm is - * supported, it always returns the corresponding identifier. - * - * \return The PSA algorithm identifier associated with \p md_type, - * regardless of whether it is supported or not. + * \return The PSA algorithm identifier associated with \p md_type; + * #PSA_ALG_NONE if the algorithm is unuspported or invalid. */ -static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) -{ - return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type; -} +psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); /** * \brief This function returns the given digest type @@ -174,16 +165,10 @@ static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_ * * \param psa_alg The PSA algorithm identifier to search for. * - * \warning This function does not check if the algorithm is - * supported, it always returns the corresponding identifier. - * * \return The MD type associated with \p psa_alg, - * regardless of whether it is supported or not. + * #MBEDTLS_MD_NONE if the algorithm is unsupported or invalid. */ -static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) -{ - return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); -} +mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg); /**@}*/ diff --git a/library/psa_util.c b/library/psa_util.c index 9b06de273f..bb054a33fb 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -330,4 +330,110 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) +{ + switch (md_type) { +#if defined(PSA_WANT_ALG_MD5) + case MBEDTLS_MD_MD5: + return PSA_ALG_MD5; +#endif +#if defined(PSA_WANT_ALG_RIPEMD160) + case MBEDTLS_MD_RIPEMD160: + return PSA_ALG_RIPEMD160; +#endif +#if defined(PSA_WANT_ALG_SHA_1) + case MBEDTLS_MD_SHA1: + return PSA_ALG_SHA_1; +#endif +#if defined(PSA_WANT_ALG_SHA_224) + case MBEDTLS_MD_SHA224: + return PSA_ALG_SHA_224; +#endif +#if defined(PSA_WANT_ALG_SHA_256) + case MBEDTLS_MD_SHA256: + return PSA_ALG_SHA_256; +#endif +#if defined(PSA_WANT_ALG_SHA_384) + case MBEDTLS_MD_SHA384: + return PSA_ALG_SHA_384; +#endif +#if defined(PSA_WANT_ALG_SHA_512) + case MBEDTLS_MD_SHA512: + return PSA_ALG_SHA_512; +#endif +#if defined(PSA_WANT_ALG_SHA3_224) + case MBEDTLS_MD_SHA3_224: + return PSA_ALG_SHA3_224; +#endif +#if defined(PSA_WANT_ALG_SHA3_256) + case MBEDTLS_MD_SHA3_256: + return PSA_ALG_SHA3_256; +#endif +#if defined(PSA_WANT_ALG_SHA3_384) + case MBEDTLS_MD_SHA3_384: + return PSA_ALG_SHA3_384; +#endif +#if defined(PSA_WANT_ALG_SHA3_512) + case MBEDTLS_MD_SHA3_512: + return PSA_ALG_SHA3_512; +#endif + case MBEDTLS_MD_NONE: + default: + return PSA_ALG_NONE; + } +} + +mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) +{ + switch (psa_alg) { +#if defined(PSA_WANT_ALG_MD5) + case PSA_ALG_MD5: + return MBEDTLS_MD_MD5; +#endif +#if defined(PSA_WANT_ALG_RIPEMD160) + case PSA_ALG_RIPEMD160: + return MBEDTLS_MD_RIPEMD160; +#endif +#if defined(PSA_WANT_ALG_SHA_1) + case PSA_ALG_SHA_1: + return MBEDTLS_MD_SHA1; +#endif +#if defined(PSA_WANT_ALG_SHA_224) + case PSA_ALG_SHA_224: + return MBEDTLS_MD_SHA224; +#endif +#if defined(PSA_WANT_ALG_SHA_256) + case PSA_ALG_SHA_256: + return MBEDTLS_MD_SHA256; +#endif +#if defined(PSA_WANT_ALG_SHA_384) + case PSA_ALG_SHA_384: + return MBEDTLS_MD_SHA384; +#endif +#if defined(PSA_WANT_ALG_SHA_512) + case PSA_ALG_SHA_512: + return MBEDTLS_MD_SHA512; +#endif +#if defined(PSA_WANT_ALG_SHA3_224) + case PSA_ALG_SHA3_224: + return MBEDTLS_MD_SHA3_224; +#endif +#if defined(PSA_WANT_ALG_SHA3_256) + case PSA_ALG_SHA3_256: + return MBEDTLS_MD_SHA3_256; +#endif +#if defined(PSA_WANT_ALG_SHA3_384) + case PSA_ALG_SHA3_384: + return MBEDTLS_MD_SHA3_384; +#endif +#if defined(PSA_WANT_ALG_SHA3_512) + case PSA_ALG_SHA3_512: + return MBEDTLS_MD_SHA3_512; +#endif + case PSA_ALG_NONE: + default: + return MBEDTLS_MD_NONE; + } +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ From 2c1070b39700be8a6fcda5f2266e8bbe5ac42e1c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 14:58:22 +0100 Subject: [PATCH 459/653] test_suite_md: improve md_to_from_psa() test function and related data Signed-off-by: Valerio Setti --- tests/suites/test_suite_md.data | 48 +++++++++++++++++++++++++++-- tests/suites/test_suite_md.function | 24 +++------------ 2 files changed, 51 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index fb9b5effa0..b831500d6f 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -2,8 +2,52 @@ MD list mbedtls_md_list: -MD <-> PSA conversion -md_to_from_psa: +MD <-> PSA conversion - MD5 +depends_on:PSA_WANT_ALG_MD5 +md_to_from_psa:MBEDTLS_MD_MD5:PSA_ALG_MD5 + +MD <-> PSA conversion - RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 +md_to_from_psa:MBEDTLS_MD_RIPEMD160:PSA_ALG_RIPEMD160 + +MD <-> PSA conversion - SHA1 +depends_on:PSA_WANT_ALG_SHA_1 +md_to_from_psa:MBEDTLS_MD_SHA1:PSA_ALG_SHA_1 + +MD <-> PSA conversion - SHA224 +depends_on:PSA_WANT_ALG_SHA_224 +md_to_from_psa:MBEDTLS_MD_SHA224:PSA_ALG_SHA_224 + +MD <-> PSA conversion - SHA256 +depends_on:PSA_WANT_ALG_SHA_256 +md_to_from_psa:MBEDTLS_MD_SHA256:PSA_ALG_SHA_256 + +MD <-> PSA conversion - SHA384 +depends_on:PSA_WANT_ALG_SHA_384 +md_to_from_psa:MBEDTLS_MD_SHA384:PSA_ALG_SHA_384 + +MD <-> PSA conversion - SHA512 +depends_on:PSA_WANT_ALG_SHA_512 +md_to_from_psa:MBEDTLS_MD_SHA512:PSA_ALG_SHA_512 + +MD <-> PSA conversion - SHA3_224 +depends_on:PSA_WANT_ALG_SHA3_224 +md_to_from_psa:MBEDTLS_MD_SHA3_224:PSA_ALG_SHA3_224 + +MD <-> PSA conversion - SHA3_256 +depends_on:PSA_WANT_ALG_SHA3_256 +md_to_from_psa:MBEDTLS_MD_SHA3_256:PSA_ALG_SHA3_256 + +MD <-> PSA conversion - SHA3_384 +depends_on:PSA_WANT_ALG_SHA3_384 +md_to_from_psa:MBEDTLS_MD_SHA3_384:PSA_ALG_SHA3_384 + +MD <-> PSA conversion - SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 +md_to_from_psa:MBEDTLS_MD_SHA3_512:PSA_ALG_SHA3_512 + +MD <-> PSA conversion - NONE +md_to_from_psa:MBEDTLS_MD_NONE:PSA_ALG_NONE MD NULL/uninitialised arguments md_null_args: diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 2a885e2371..0a8e4216ee 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -4,10 +4,6 @@ #include "mbedtls/oid.h" #include "mbedtls/asn1.h" - -#define MD_PSA(md, psa) \ - TEST_EQUAL(mbedtls_md_psa_alg_from_type(md), psa); \ - TEST_EQUAL(mbedtls_md_type_from_psa_alg(psa), md); /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -63,23 +59,13 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ -void md_to_from_psa() +void md_to_from_psa(int md_alg_arg, int psa_alg_arg) { - /* We use a simplified implementation that relies on numerical values - * being aligned, so make sure they remain so. */ - MD_PSA(MBEDTLS_MD_MD5, PSA_ALG_MD5); - MD_PSA(MBEDTLS_MD_RIPEMD160, PSA_ALG_RIPEMD160); - MD_PSA(MBEDTLS_MD_SHA1, PSA_ALG_SHA_1); - MD_PSA(MBEDTLS_MD_SHA224, PSA_ALG_SHA_224); - MD_PSA(MBEDTLS_MD_SHA256, PSA_ALG_SHA_256); - MD_PSA(MBEDTLS_MD_SHA384, PSA_ALG_SHA_384); - MD_PSA(MBEDTLS_MD_SHA512, PSA_ALG_SHA_512); - MD_PSA(MBEDTLS_MD_SHA3_224, PSA_ALG_SHA3_224); - MD_PSA(MBEDTLS_MD_SHA3_256, PSA_ALG_SHA3_256); - MD_PSA(MBEDTLS_MD_SHA3_384, PSA_ALG_SHA3_384); - MD_PSA(MBEDTLS_MD_SHA3_512, PSA_ALG_SHA3_512); + mbedtls_md_type_t md_alg = md_alg_arg; + psa_algorithm_t psa_alg = psa_alg_arg; - /* Don't test for NONE<->NONE as this is not guaranteed */ + TEST_EQUAL(mbedtls_md_psa_alg_from_type(md_alg), psa_alg); \ + TEST_EQUAL(mbedtls_md_type_from_psa_alg(psa_alg), md_alg); } /* END_CASE */ From a835d6da087ff55e9ec103074bba805490862140 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 15:02:19 +0100 Subject: [PATCH 460/653] changelog: document MD's conversion functions Signed-off-by: Valerio Setti --- ChangeLog.d/8664.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/8664.txt diff --git a/ChangeLog.d/8664.txt b/ChangeLog.d/8664.txt new file mode 100644 index 0000000000..03e297c18b --- /dev/null +++ b/ChangeLog.d/8664.txt @@ -0,0 +1,4 @@ +Features + * mbedtls_md_psa_alg_from_type() and mbedtls_md_type_from_psa_alg() helper + functions were added to convert from mbedtls_md_type_t to psa_algorithm_t + and viceversa. From a87cd17b35325092ebb7933ccad61303de89b12a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 15:12:37 +0100 Subject: [PATCH 461/653] psa-transition: update with MD translation functions Signed-off-by: Valerio Setti --- docs/psa-transition.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 067ffafbd3..48beb80a34 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -443,6 +443,10 @@ The equivalent to `mbedtls_md_type_t` and `MBEDTLS_MD_XXX` constants is the type | `MBEDTLS_MD_SHA3_384` | `PSA_ALG_SHA3_384` | | `MBEDTLS_MD_SHA3_512` | `PSA_ALG_SHA3_512` | +The following helper functions can be used to convert between the 2 types: +- `mbedtls_md_psa_alg_from_type()` converts from legacy `mbedtls_md_type_t` to PSA's `psa_algorithm_t`. +- `mbedtls_md_type_from_psa_alg()` converts from PSA's `psa_algorithm_t` to legacy `mbedtls_md_type_t`. + ### MAC mechanism selection PSA Crypto has a generic API with the same functions for all MAC mechanisms. The mechanism is determined by a combination of an algorithm value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69) and a key type value of type [`psa_key_type_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga63fce6880ca5933b5d6baa257febf1f6). From c1c6858bfc9a2e7a9c3062fa12e0acdb6d56fff1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 11:46:17 +0100 Subject: [PATCH 462/653] cipher_wrap: fix guards for some CCM/GCM functions Legacy CCM and GCM can work even when AES_C is not defined thanks to the block_cipher module, so we can relax guards in cipher_wrap. Signed-off-by: Valerio Setti --- library/cipher_wrap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 5be9799fce..d2fee22e2b 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -566,14 +566,14 @@ static const mbedtls_cipher_info_t aes_256_xts_info = { #endif /* MBEDTLS_CIPHER_MODE_XTS */ #endif /* MBEDTLS_AES_C */ -#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_CCM_GCM_CAN_AES) static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES, key, key_bitlen); } -#endif /* MBEDTLS_GCM_C && MBEDTLS_AES_C */ +#endif /* MBEDTLS_GCM_C && MBEDTLS_CCM_GCM_CAN_AES */ #if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_base_t gcm_aes_info = { @@ -650,14 +650,14 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = { #endif #endif /* MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA */ -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_CCM_GCM_CAN_AES) static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES, key, key_bitlen); } -#endif /* MBEDTLS_CCM_C && MBEDTLS_AES_C */ +#endif /* MBEDTLS_CCM_C && MBEDTLS_CCM_GCM_CAN_AES */ #if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_base_t ccm_aes_info = { From 6315441be7644e823faf7c5f5165c762a4f99108 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 11:47:41 +0100 Subject: [PATCH 463/653] adjust_legacy_from_psa: relax condition for legacy block cipher auto-enabling CCM/GCM can be either fully accelerated or rely on just the key type being accelerated. This means that ultimately it is just the key type which determines if the legacy block cipher modes need to be auto-enabled or not. Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_from_psa.h | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index bf87c364e0..691fed6e5a 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -692,11 +692,6 @@ #define PSA_HAVE_SOFT_BLOCK_MODE 1 #endif -#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \ - (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM)) -#define PSA_HAVE_SOFT_BLOCK_AEAD 1 -#endif - #if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 @@ -709,8 +704,7 @@ #define PSA_HAVE_SOFT_KEY_TYPE_AES 1 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ #if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ - defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ - defined(PSA_HAVE_SOFT_BLOCK_AEAD) + defined(PSA_HAVE_SOFT_BLOCK_MODE) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 #define MBEDTLS_AES_C #endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */ @@ -721,8 +715,7 @@ #define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */ #if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ - defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ - defined(PSA_HAVE_SOFT_BLOCK_AEAD) + defined(PSA_HAVE_SOFT_BLOCK_MODE) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 #define MBEDTLS_ARIA_C #endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */ @@ -733,8 +726,7 @@ #define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */ #if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \ - defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ - defined(PSA_HAVE_SOFT_BLOCK_AEAD) + defined(PSA_HAVE_SOFT_BLOCK_MODE) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 #define MBEDTLS_CAMELLIA_C #endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */ From 39b7bba8a08ad1fd171659ea8f231627a6f3367c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2024 17:56:54 +0100 Subject: [PATCH 464/653] Make input parameter const Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 2 +- library/ecp.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 619a8a51a3..76aef32fbc 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1368,7 +1368,7 @@ int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, * or the export for the given group is not implemented. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_write_public_key(mbedtls_ecp_keypair *key, +int mbedtls_ecp_write_public_key(const mbedtls_ecp_keypair *key, int format, size_t *olen, unsigned char *buf, size_t buflen); diff --git a/library/ecp.c b/library/ecp.c index 12924bf325..758d54bd76 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3336,7 +3336,7 @@ cleanup: /* * Write a public key. */ -int mbedtls_ecp_write_public_key(mbedtls_ecp_keypair *key, +int mbedtls_ecp_write_public_key(const mbedtls_ecp_keypair *key, int format, size_t *olen, unsigned char *buf, size_t buflen) { From 5d867872dda985052ac9304f06f7060f4f15e261 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2024 17:57:51 +0100 Subject: [PATCH 465/653] Improve readability of null-argument tests Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ecp.function | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index ced4ca3876..c8be4e581b 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1401,17 +1401,21 @@ void ecp_export(int id, char *Qx, char *Qy, char *d, int expected_ret, int inval TEST_EQUAL(export_grp.id, mbedtls_ecp_keypair_get_group_id(&key)); - /* Test null arguments */ + /* Test null arguments: grp only */ mbedtls_ecp_group_free(&export_grp); - mbedtls_mpi_free(&export_d); - mbedtls_ecp_point_free(&export_Q); mbedtls_ecp_group_init(&export_grp); - mbedtls_mpi_init(&export_d); - mbedtls_ecp_point_init(&export_Q); TEST_EQUAL(mbedtls_ecp_export(&key, &export_grp, NULL, NULL), 0); TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0); + + /* Test null arguments: d only */ + mbedtls_mpi_free(&export_d); + mbedtls_mpi_init(&export_d); TEST_EQUAL(mbedtls_ecp_export(&key, NULL, &export_d, NULL), 0); TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0); + + /* Test null arguments: Q only */ + mbedtls_ecp_point_free(&export_Q); + mbedtls_ecp_point_init(&export_Q); TEST_EQUAL(mbedtls_ecp_export(&key, NULL, NULL, &export_Q), 0); TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0); } From 570e54822c045f848cd3d9d9e317f965be0f6190 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2024 18:11:10 +0100 Subject: [PATCH 466/653] Finish unifying LOCAL_CFLAGS fixup "Create common.make with LOCAL_CFLAGS and friends" The code wasn't what I had intended, although it was functionally equivalent. Make it more readable and more robust. Signed-off-by: Gilles Peskine --- programs/Makefile | 1 - scripts/common.make | 2 +- tests/Makefile | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 64f7cc1a32..50be1763e1 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -3,7 +3,6 @@ MBEDTLS_TEST_PATH = ../tests # code which is in the src/test_helpers subdirectory. MBEDTLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/*.c ${MBEDTLS_TEST_PATH}/src/drivers/*.c)) -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I../include -D_FILE_OFFSET_BITS=64 include ../scripts/common.make ifeq ($(shell uname -s),Linux) diff --git a/scripts/common.make b/scripts/common.make index 2f27d0ef52..b115076f89 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -5,7 +5,7 @@ WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../tests/include -I../include -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I../include -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -I../tests/include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -L../library \ diff --git a/tests/Makefile b/tests/Makefile index 7a10af271c..848d3c499d 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,3 +1,4 @@ +MBEDTLS_TEST_PATH = . include ../scripts/common.make # Set this to -v to see the details of failing test cases @@ -109,7 +110,6 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS)) all: $(BINARIES) -MBEDTLS_TEST_PATH = . MBEDTLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/*.c ${MBEDTLS_TEST_PATH}/src/drivers/*.c)) MBEDTLS_TEST_OBJS += $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/test_helpers/*.c)) From 89391483390fbcf6ccabd00ac897e10564b52fa7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2024 18:14:00 +0100 Subject: [PATCH 467/653] Minor readability improvement Signed-off-by: Gilles Peskine --- programs/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 50be1763e1..4bf11062c6 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -1,8 +1,4 @@ MBEDTLS_TEST_PATH = ../tests -# Support code used by test programs and test builds, excluding TLS-specific -# code which is in the src/test_helpers subdirectory. -MBEDTLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/*.c ${MBEDTLS_TEST_PATH}/src/drivers/*.c)) - include ../scripts/common.make ifeq ($(shell uname -s),Linux) @@ -11,6 +7,10 @@ else DLOPEN_LDFLAGS ?= endif +# Support code used by test programs and test builds, excluding TLS-specific +# code which is in the src/test_helpers subdirectory. +MBEDTLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/*.c ${MBEDTLS_TEST_PATH}/src/drivers/*.c)) + DEP=${MBEDLIBS} ${MBEDTLS_TEST_OBJS} # Only build the dlopen test in shared library builds, and not when building From cd06a813c6a0ad4e19ce8cca88d4410b57389473 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2024 18:14:40 +0100 Subject: [PATCH 468/653] Fix name in documentation fixup "Correct name and documentation of preprocessor symbol check function" Signed-off-by: Gilles Peskine --- scripts/common.make | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/common.make b/scripts/common.make index b115076f89..e8d22cb748 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -35,7 +35,7 @@ endif ## Remove the preprocessor symbols that are set in the current configuration ## from PREPROCESSOR_INPUT. Also normalize whitespace. ## Example: -## $(call remove_set_options,MBEDTLS_FOO MBEDTLS_BAR) +## $(call remove_enabled_options,MBEDTLS_FOO MBEDTLS_BAR) ## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both ## enabled, to "MBEDTLS_FOO" if MBEDTLS_BAR is enabled but MBEDTLS_FOO is ## disabled, etc. From 0ae58dd985c3b7c8473c3d969507fffa6f7b3a59 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2024 23:11:24 +0100 Subject: [PATCH 469/653] Unify MBEDTLS_TEST_OBJS `$(MBEDTLS_TEST_OBJS)` included TLS-specific test support modules in `tests/Makefile` but not in `programs/Makefile`. This difference is not actually necessary. What is necessary is that all programs that use functions from TLS-specific test support modules are linked with those modules in addition to `-lmbedtls`, and programs that are not linked with `-lmbedtls` are not linked with TLS-specific test support modules. Since we always pass `-lmbedtls` when linking programs in `programs/Makefile`, we can link with the TLS-specific test support modules as well. This keeps things simpler. Signed-off-by: Gilles Peskine --- programs/Makefile | 4 ---- scripts/common.make | 12 ++++++++++++ tests/Makefile | 3 --- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 4bf11062c6..82c8569963 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -7,10 +7,6 @@ else DLOPEN_LDFLAGS ?= endif -# Support code used by test programs and test builds, excluding TLS-specific -# code which is in the src/test_helpers subdirectory. -MBEDTLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/*.c ${MBEDTLS_TEST_PATH}/src/drivers/*.c)) - DEP=${MBEDLIBS} ${MBEDTLS_TEST_OBJS} # Only build the dlopen test in shared library builds, and not when building diff --git a/scripts/common.make b/scripts/common.make index e8d22cb748..6c95b42354 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -105,3 +105,15 @@ ifndef WINDOWS else for %f in ($(subst /,\,$(GENERATED_FILES))) if exist %f del /Q /F %f endif + +# Auxiliary modules used by tests and some sample programs +MBEDTLS_CORE_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \ + ${MBEDTLS_TEST_PATH}/src/*.c \ + ${MBEDTLS_TEST_PATH}/src/drivers/*.c \ + )) +# Additional auxiliary modules for TLS testing +MBEDTLS_TLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \ + ${MBEDTLS_TEST_PATH}/src/test_helpers/*.c \ + )) + +MBEDTLS_TEST_OBJS = $(MBEDTLS_CORE_TEST_OBJS) $(MBEDTLS_TLS_TEST_OBJS) diff --git a/tests/Makefile b/tests/Makefile index 848d3c499d..f82c267ac5 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -110,9 +110,6 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS)) all: $(BINARIES) -MBEDTLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/*.c ${MBEDTLS_TEST_PATH}/src/drivers/*.c)) -MBEDTLS_TEST_OBJS += $(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/src/test_helpers/*.c)) - mbedtls_test: $(MBEDTLS_TEST_OBJS) TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h) From bff2a58b6ef2589c4d45033861b9a23862d27ba0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 8 Dec 2023 15:26:32 +0000 Subject: [PATCH 470/653] Add supporting files to enable use of verbatim TF-M config Signed-off-by: Dave Rodgman --- configs/ext/README.md | 20 ++++++++++++++++++++ configs/ext/config_tfm.h | 13 +++++++++++++ configs/ext/mbedtls_entropy_nv_seed_config.h | 13 +++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 configs/ext/README.md create mode 100644 configs/ext/config_tfm.h create mode 100644 configs/ext/mbedtls_entropy_nv_seed_config.h diff --git a/configs/ext/README.md b/configs/ext/README.md new file mode 100644 index 0000000000..dbd7c43e66 --- /dev/null +++ b/configs/ext/README.md @@ -0,0 +1,20 @@ +Summary +------- + +All files in this directory are distributed under the normal Mbed TLS dual Apache 2.0 or GPLv2-or-later +license. + +Background +----------- + +The two files crypto_config_profile_medium.h and tfm_mbedcrypto_config_profile_medium.h +are taken verbatim from the TF-M source code here: + +https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/mbedcrypto/mbedcrypto_config + +In TF-M, they are distributed under a 3-Clause BSD license, as noted at the top of the files. + +In Mbed TLS, with permission from the TF-M project, they are distributed under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. + +We only retain the note at the top of the files because we are taking the files un-modified, for ease of +maintenance. diff --git a/configs/ext/config_tfm.h b/configs/ext/config_tfm.h new file mode 100644 index 0000000000..60d855ed59 --- /dev/null +++ b/configs/ext/config_tfm.h @@ -0,0 +1,13 @@ +/* + * Empty placeholder + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +/* + * This file is intentionally empty. + * + * Having an empty file here allows us to build the TF-M config, which references this file, + * without making any changes to the TF-M config. + */ diff --git a/configs/ext/mbedtls_entropy_nv_seed_config.h b/configs/ext/mbedtls_entropy_nv_seed_config.h new file mode 100644 index 0000000000..60d855ed59 --- /dev/null +++ b/configs/ext/mbedtls_entropy_nv_seed_config.h @@ -0,0 +1,13 @@ +/* + * Empty placeholder + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +/* + * This file is intentionally empty. + * + * Having an empty file here allows us to build the TF-M config, which references this file, + * without making any changes to the TF-M config. + */ From 27a3785d98592fd9a84beb46fc15b5e0f8454c52 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 8 Dec 2023 15:27:49 +0000 Subject: [PATCH 471/653] Use verbatim TF-M configs from upstream Signed-off-by: Dave Rodgman --- configs/ext/crypto_config_profile_medium.h | 11 +++++----- .../tfm_mbedcrypto_config_profile_medium.h | 22 +++++++++++++++---- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/configs/ext/crypto_config_profile_medium.h b/configs/ext/crypto_config_profile_medium.h index 63ed4701de..af8869f136 100644 --- a/configs/ext/crypto_config_profile_medium.h +++ b/configs/ext/crypto_config_profile_medium.h @@ -1,13 +1,14 @@ +/* + * Copyright (c) 2018-2023, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ /** * \file psa/crypto_config.h * \brief PSA crypto configuration options (set of defines) * */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /** * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h index beebddf5af..ecdecea5ee 100644 --- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/ext/tfm_mbedcrypto_config_profile_medium.h @@ -8,14 +8,28 @@ * memory footprint. */ /* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * Copyright (C) 2006-2023, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PROFILE_M_MBEDTLS_CONFIG_H #define PROFILE_M_MBEDTLS_CONFIG_H -//#include "config_tfm.h" +#include "config_tfm.h" #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 @@ -549,7 +563,7 @@ #endif /* CRYPTO_NV_SEED */ #if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED) -//#include "mbedtls_entropy_nv_seed_config.h" +#include "mbedtls_entropy_nv_seed_config.h" #endif #ifdef CRYPTO_HW_ACCELERATOR From fc566605b693f9651576bce235b7d57bf3fc8300 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 8 Dec 2023 15:33:50 +0000 Subject: [PATCH 472/653] Mention copyright in the readme Signed-off-by: Dave Rodgman --- configs/ext/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configs/ext/README.md b/configs/ext/README.md index dbd7c43e66..adcebbf509 100644 --- a/configs/ext/README.md +++ b/configs/ext/README.md @@ -2,7 +2,7 @@ Summary ------- All files in this directory are distributed under the normal Mbed TLS dual Apache 2.0 or GPLv2-or-later -license. +license, and are copyright The Mbed TLS Contributors. Background ----------- @@ -14,7 +14,7 @@ https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/mbedcry In TF-M, they are distributed under a 3-Clause BSD license, as noted at the top of the files. -In Mbed TLS, with permission from the TF-M project, they are distributed under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. +In Mbed TLS, with permission from the TF-M project, they are distributed under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license, with copyright assigned to The Mbed TLS Contributors. We only retain the note at the top of the files because we are taking the files un-modified, for ease of maintenance. From b925d141de46dd07e5e7ec9706e487492a191359 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 8 Dec 2023 16:04:29 +0000 Subject: [PATCH 473/653] minor tidy-up Signed-off-by: Dave Rodgman --- configs/ext/README.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/configs/ext/README.md b/configs/ext/README.md index adcebbf509..1358bd4426 100644 --- a/configs/ext/README.md +++ b/configs/ext/README.md @@ -1,11 +1,16 @@ Summary ------- -All files in this directory are distributed under the normal Mbed TLS dual Apache 2.0 or GPLv2-or-later -license, and are copyright The Mbed TLS Contributors. +The two files: + +* crypto_config_profile_medium.h +* tfm_mbedcrypto_config_profile_medium.h + +are copyright The Mbed TLS Contributors, and are distributed under the license normally +used by Mbed TLS: a dual Apache 2.0 or GPLv2-or-later license. Background ------------ +---------- The two files crypto_config_profile_medium.h and tfm_mbedcrypto_config_profile_medium.h are taken verbatim from the TF-M source code here: @@ -16,5 +21,5 @@ In TF-M, they are distributed under a 3-Clause BSD license, as noted at the top In Mbed TLS, with permission from the TF-M project, they are distributed under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license, with copyright assigned to The Mbed TLS Contributors. -We only retain the note at the top of the files because we are taking the files un-modified, for ease of +We only retain the note at the top of the files because we are taking the files verbatim, for ease of maintenance. From 1c91057fabf7b1276f4b7d5279ff59b8156c3b48 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 8 Dec 2023 17:58:44 +0000 Subject: [PATCH 474/653] Update check_files.py to accomodate non-standard license headers in TF-M config files Signed-off-by: Dave Rodgman --- tests/scripts/check_files.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index f6f6d6c713..65fbc9f070 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -373,8 +373,9 @@ class LicenseIssueTracker(LineIssueTracker): r'(ChangeLog|LICENSE|[-0-9A-Z_a-z]+\.md)\Z', # Files imported from TF-M, and not used except in test builds, # may be under a different license. - r'configs/crypto_config_profile_medium\.h\Z', - r'configs/tfm_mbedcrypto_config_profile_medium\.h\Z', + r'configs/ext/crypto_config_profile_medium\.h\Z', + r'configs/ext/tfm_mbedcrypto_config_profile_medium\.h\Z', + r'configs/ext/README\.md\Z', # Third-party file. r'dco\.txt\Z', ] From 13d2633126ca890a8711712fc4eeecb69157140b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 13 Dec 2023 17:23:46 +0000 Subject: [PATCH 475/653] Fix MBEDTLS_NO_PLATFORM_ENTROPY for baremetal aarch64 with armclang Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 197b80814e..8ed0792edd 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -21,9 +21,6 @@ /* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */ #undef MBEDTLS_PSA_CRYPTO_SPM -/* Use built-in platform entropy functions (TF-M provides its own). */ -#undef MBEDTLS_NO_PLATFORM_ENTROPY - /* Disable buffer-based memory allocator. This isn't strictly required, * but using the native allocator is faster and works better with * memory management analysis frameworks such as ASan. */ @@ -53,10 +50,14 @@ /* * In order to get an example config that works cleanly out-of-the-box * for both baremetal and non-baremetal builds, we detect baremetal builds - * and set this variable automatically. + * (either IAR, Arm compiler or __ARM_EABI__ defined), and adjust some + * variables accordingly. */ -#if defined(__IAR_SYSTEMS_ICC__) || defined(__ARM_EABI__) +#if defined(__IAR_SYSTEMS_ICC__) || defined(__ARMCC_VERSION) || defined(__ARM_EABI__) #define MBEDTLS_NO_PLATFORM_ENTROPY +#else +/* Use built-in platform entropy functions (TF-M provides its own). */ +#undef MBEDTLS_NO_PLATFORM_ENTROPY #endif /*********************************************************************** From 7565b54545135f161668d42a98ca7426865df687 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 13 Dec 2023 17:26:57 +0000 Subject: [PATCH 476/653] Move MBEDTLS_CIPHER modification to appropriate section Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 8ed0792edd..14896d40f3 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -42,11 +42,6 @@ #undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS #undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE -/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it - * does not need CIPHER_C to be enabled, so we can disable it in order - * to reduce code size further. */ -#undef MBEDTLS_CIPHER_C - /* * In order to get an example config that works cleanly out-of-the-box * for both baremetal and non-baremetal builds, we detect baremetal builds @@ -66,3 +61,8 @@ // We expect TF-M to pick this up soon #define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + +/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it + * does not need CIPHER_C to be enabled, so we can disable it in order + * to reduce code size further. */ +#undef MBEDTLS_CIPHER_C From a10d112e456bfebab8a55757d8ef1efc7d90e54d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jan 2024 14:08:10 +0100 Subject: [PATCH 477/653] Remove useless guards on MBEDTLS_BIGNUM_C All of ECP requires the bignum module and there is no plan to change that, so guarding a few bits of code is just noise. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ecp.function | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index c8be4e581b..295fe7f151 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1123,7 +1123,6 @@ void ecp_set_public_key_good(int grp_id, data_t *public_data) TEST_EQUAL(key.grp.id, grp_id); TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); -#if defined(MBEDTLS_BIGNUM_C) /* Key with a public key already set to a different value */ TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.X, &key.Q.X, 1), 0); TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Y, &key.Q.Y, 1), 0); @@ -1131,7 +1130,6 @@ void ecp_set_public_key_good(int grp_id, data_t *public_data) TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0); TEST_EQUAL(key.grp.id, grp_id); TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); -#endif exit: mbedtls_ecp_keypair_free(&key); @@ -1150,10 +1148,8 @@ void ecp_set_public_key_after_private(int private_grp_id, data_t *private_data, mbedtls_ecp_group_init(&grp); mbedtls_ecp_point Q; mbedtls_ecp_point_init(&Q); -#if defined(MBEDTLS_BIGNUM_C) mbedtls_mpi d; mbedtls_mpi_init(&d); -#endif TEST_EQUAL(mbedtls_ecp_group_load(&grp, public_grp_id), 0); TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q, @@ -1162,9 +1158,7 @@ void ecp_set_public_key_after_private(int private_grp_id, data_t *private_data, TEST_EQUAL(mbedtls_ecp_read_key(private_grp_id, &key, private_data->x, private_data->len), 0); -#if defined(MBEDTLS_BIGNUM_C) TEST_EQUAL(mbedtls_mpi_copy(&d, &key.d), 0); -#endif int ret = mbedtls_ecp_set_public_key(public_grp_id, &key, &Q); @@ -1172,9 +1166,7 @@ void ecp_set_public_key_after_private(int private_grp_id, data_t *private_data, TEST_EQUAL(ret, 0); TEST_EQUAL(key.grp.id, public_grp_id); TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0); -#if defined(MBEDTLS_BIGNUM_C) TEST_EQUAL(mbedtls_mpi_cmp_mpi(&d, &key.d), 0); -#endif } else { TEST_EQUAL(ret, MBEDTLS_ERR_ECP_BAD_INPUT_DATA); } @@ -1183,9 +1175,7 @@ exit: mbedtls_ecp_keypair_free(&key); mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&Q); -#if defined(MBEDTLS_BIGNUM_C) mbedtls_mpi_free(&d); -#endif } /* END_CASE */ @@ -1198,11 +1188,9 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica mbedtls_ecp_keypair key2; mbedtls_ecp_keypair_init(&key2); -#if defined(MBEDTLS_BIGNUM_C) TEST_EQUAL(mbedtls_mpi_lset(&key.Q.X, 1), 0); TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Y, 2), 0); TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Z, 3), 0); -#endif ret = mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len); TEST_ASSERT(ret == expected); @@ -1212,11 +1200,9 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica ret = mbedtls_ecp_check_privkey(&key.grp, &key.d); TEST_ASSERT(ret == 0); -#if defined(MBEDTLS_BIGNUM_C) TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.X, 1), 0); TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0); TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0); -#endif if (canonical) { unsigned char buf[MBEDTLS_ECP_MAX_BYTES]; From 7406b74fce33e39979a2d24337b433a1191cbc28 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 3 Jan 2024 14:47:36 +0100 Subject: [PATCH 478/653] driver-only-builds: fix typo Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 287be1df9f..f085471c6d 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -299,7 +299,7 @@ some non-PSA APIs will be absent or have reduced functionality, see ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-ccmgcm) below) is enabled but not accelerated, then all key types that can be used with it will need to be built-in. -- If a key type is enabled but not accelerated, then all algorithms than can be +- If a key type is enabled but not accelerated, then all algorithms that can be used with it will need to be built-in. Some legacy modules can't take advantage of PSA drivers yet, and will either From 478dd84b63929ff22d0068e6c6bd7ee640f784dd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jan 2024 20:50:56 +0100 Subject: [PATCH 479/653] Fix mixup between secp224r1 and secp224k1 in test scripts secp224k1 is the one with 225-bit private keys. The consequences of this mistake were: * We emitted positive test cases for hypothetical SECP_R1_225 and SECP_K1_224 curves, which were never executed. * We emitted useless not-supported test cases for SECP_R1_225 and SECP_K1_224. * We were missing positive test cases for SECP_R1_224 in automatically generated tests. * We were missing not-supported test cases for SECP_R1_224 and SECP_K1_225. Thus this didn't cause test failures, but it caused missing test coverage and some never-executed test cases. Signed-off-by: Gilles Peskine --- scripts/mbedtls_dev/asymmetric_key_data.py | 4 ++-- scripts/mbedtls_dev/crypto_knowledge.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/mbedtls_dev/asymmetric_key_data.py b/scripts/mbedtls_dev/asymmetric_key_data.py index ef3e3a05e8..29d95d0e10 100644 --- a/scripts/mbedtls_dev/asymmetric_key_data.py +++ b/scripts/mbedtls_dev/asymmetric_key_data.py @@ -41,13 +41,13 @@ ASYMMETRIC_KEY_DATA = construct_asymmetric_key_data({ 'ECC(PSA_ECC_FAMILY_SECP_K1)': { 192: ("297ac1722ccac7589ecb240dc719842538ca974beb79f228", "0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5"), - 224: ("0024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8", + 225: ("0024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8", "042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d"), 256: ("7fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9", "045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d"), }, 'ECC(PSA_ECC_FAMILY_SECP_R1)': { - 225: ("872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995", + 224: ("872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995", "046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160"), 256: ("49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee", "047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"), diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index 285d6c638f..ebfd55cdb3 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -131,8 +131,8 @@ class KeyType: 'PSA_DH_FAMILY_RFC7919': (2048, 3072, 4096, 6144, 8192), } # type: Dict[str, Tuple[int, ...]] ECC_KEY_SIZES = { - 'PSA_ECC_FAMILY_SECP_K1': (192, 224, 256), - 'PSA_ECC_FAMILY_SECP_R1': (225, 256, 384, 521), + 'PSA_ECC_FAMILY_SECP_K1': (192, 225, 256), + 'PSA_ECC_FAMILY_SECP_R1': (224, 256, 384, 521), 'PSA_ECC_FAMILY_SECP_R2': (160,), 'PSA_ECC_FAMILY_SECT_K1': (163, 233, 239, 283, 409, 571), 'PSA_ECC_FAMILY_SECT_R1': (163, 233, 283, 409, 571), From 68b5182dad13f8c4ba0302b9cd4cd0c249e3043b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jan 2024 20:57:52 +0100 Subject: [PATCH 480/653] Add test data for secp192r1 Same generation methodology as 0cbaf056fadf60228b32245aeba893959be31ede: ``` openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-192 -text |perl -0777 -pe 's/.*\npriv:([\n 0-9a-f:]*)pub:([\n 0-9a-f:]*).*/"$1","$2"/s or die; y/\n ://d; s/,/,\n /;' ``` Signed-off-by: Gilles Peskine --- scripts/mbedtls_dev/asymmetric_key_data.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/mbedtls_dev/asymmetric_key_data.py b/scripts/mbedtls_dev/asymmetric_key_data.py index 29d95d0e10..8ca6758782 100644 --- a/scripts/mbedtls_dev/asymmetric_key_data.py +++ b/scripts/mbedtls_dev/asymmetric_key_data.py @@ -47,6 +47,8 @@ ASYMMETRIC_KEY_DATA = construct_asymmetric_key_data({ "045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d"), }, 'ECC(PSA_ECC_FAMILY_SECP_R1)': { + 192: ("d83b57a59c51358d9c8bbb898aff507f44dd14cf16917190", + "04e35fcbee11cec3154f80a1a61df7d7612de4f2fd70c5608d0ee3a4a1a5719471adb33966dd9b035fdb774feeba94b04c"), 224: ("872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995", "046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160"), 256: ("49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee", From 2a22dac6948898ac108b18db9957384540b7e7d0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jan 2024 20:58:55 +0100 Subject: [PATCH 481/653] Fix typo in curve name Signed-off-by: Gilles Peskine --- include/psa/crypto_values.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 5e33f6bd50..a5e885ff5a 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -600,7 +600,7 @@ /** SEC random curves over prime fields. * * This family comprises the following curves: - * secp192k1, secp224r1, secp256r1, secp384r1, secp521r1. + * secp192r1, secp224r1, secp256r1, secp384r1, secp521r1. * They are defined in _Standards for Efficient Cryptography_, * _SEC 2: Recommended Elliptic Curve Domain Parameters_. * https://www.secg.org/sec2-v2.pdf From 6e2069661efe1a9dbd746838dd40643ceb25fa09 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jan 2024 20:59:03 +0100 Subject: [PATCH 482/653] Note unusual curve size Signed-off-by: Gilles Peskine --- include/psa/crypto_values.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index a5e885ff5a..e69f0c4d69 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -594,6 +594,8 @@ * They are defined in _Standards for Efficient Cryptography_, * _SEC 2: Recommended Elliptic Curve Domain Parameters_. * https://www.secg.org/sec2-v2.pdf + * + * \note For secp224k1, the bit-size is 225 (size of a private value). */ #define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t) 0x17) From 44d557c52d4380c638058cae34ae12e53dd07440 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jan 2024 20:59:38 +0100 Subject: [PATCH 483/653] Indicate which curves Mbed TLS supports Signed-off-by: Gilles Peskine --- include/psa/crypto_values.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index e69f0c4d69..8d30bf0fb9 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -596,6 +596,8 @@ * https://www.secg.org/sec2-v2.pdf * * \note For secp224k1, the bit-size is 225 (size of a private value). + * + * \note Mbed TLS only supports secp192k1 and secp256k1. */ #define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t) 0x17) @@ -608,7 +610,7 @@ * https://www.secg.org/sec2-v2.pdf */ #define PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t) 0x12) -/* SECP160R2 (SEC2 v1, obsolete) */ +/* SECP160R2 (SEC2 v1, obsolete, not supported in Mbed TLS) */ #define PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t) 0x1b) /** SEC Koblitz curves over binary fields. @@ -618,6 +620,8 @@ * They are defined in _Standards for Efficient Cryptography_, * _SEC 2: Recommended Elliptic Curve Domain Parameters_. * https://www.secg.org/sec2-v2.pdf + * + * \note Mbed TLS does not support any curve in this family. */ #define PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t) 0x27) @@ -628,6 +632,8 @@ * They are defined in _Standards for Efficient Cryptography_, * _SEC 2: Recommended Elliptic Curve Domain Parameters_. * https://www.secg.org/sec2-v2.pdf + * + * \note Mbed TLS does not support any curve in this family. */ #define PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t) 0x22) @@ -638,6 +644,8 @@ * It is defined in _Standards for Efficient Cryptography_, * _SEC 2: Recommended Elliptic Curve Domain Parameters_. * https://www.secg.org/sec2-v2.pdf + * + * \note Mbed TLS does not support any curve in this family. */ #define PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t) 0x2b) @@ -647,6 +655,9 @@ * brainpoolP160r1, brainpoolP192r1, brainpoolP224r1, brainpoolP256r1, * brainpoolP320r1, brainpoolP384r1, brainpoolP512r1. * It is defined in RFC 5639. + * + * \note Mbed TLS only supports the 256-bit, 384-bit and 512-bit curves + * in this family. */ #define PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t) 0x30) @@ -675,6 +686,8 @@ * - 448-bit: Edwards448, the twisted Edwards curve birationally equivalent * to Curve448. * Hamburg, _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015. + * + * \note Mbed TLS does not support Edwards curves yet. */ #define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42) From 2a185c30af0ea800335b179e0af59cbccd88ae0c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 13:31:36 +0100 Subject: [PATCH 484/653] changelog: rename changelog file to reflect the number of the related issue Signed-off-by: Valerio Setti --- ChangeLog.d/{8664.txt => 8340.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{8664.txt => 8340.txt} (100%) diff --git a/ChangeLog.d/8664.txt b/ChangeLog.d/8340.txt similarity index 100% rename from ChangeLog.d/8664.txt rename to ChangeLog.d/8340.txt From 04cccef256e2f66ead467e46e38c483e5765b2a2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 13:33:12 +0100 Subject: [PATCH 485/653] changelog: improve wording Signed-off-by: Valerio Setti --- ChangeLog.d/8340.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/8340.txt b/ChangeLog.d/8340.txt index 03e297c18b..78e84f7daf 100644 --- a/ChangeLog.d/8340.txt +++ b/ChangeLog.d/8340.txt @@ -1,4 +1,4 @@ Features - * mbedtls_md_psa_alg_from_type() and mbedtls_md_type_from_psa_alg() helper - functions were added to convert from mbedtls_md_type_t to psa_algorithm_t - and viceversa. + * Add functions mbedtls_md_psa_alg_from_type() and + mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and + psa_algorithm_t and vice versa. From 60f0f727c303e5131672710bf737aa8da8d419bf Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 4 Jan 2024 14:57:31 +0000 Subject: [PATCH 486/653] Add config dependencies to record size tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0c9a5c5cae..92b3e171c6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4927,8 +4927,9 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit requires_gnutls_tls1_3 requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \ "$P_SRV debug_level=3 force_version=tls13 response_size=512" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ @@ -4940,8 +4941,9 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit requires_gnutls_tls1_3 requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \ "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ @@ -4953,8 +4955,9 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit requires_gnutls_tls1_3 requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \ "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ @@ -4966,8 +4969,9 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit requires_gnutls_tls1_3 requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \ "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ @@ -4979,8 +4983,9 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit requires_gnutls_tls1_3 requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \ "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ @@ -4992,8 +4997,9 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit requires_gnutls_tls1_3 requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \ "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ From d7dc7ff91cc5c2638d7ee41b61fa5af25668c25e Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 21 Dec 2023 16:40:43 +0000 Subject: [PATCH 487/653] Update psa_key_slot_t Remove the `status` field and replace with the `state` field. Remove the `lock_count` field and replace with the `registered_readers` field. Add documentation which describes how and why these fields are to be used. Signed-off-by: Ryan Everett --- library/psa_crypto_core.h | 50 ++++++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 14 deletions(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 46c57755ec..9ea482da2c 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -35,8 +35,10 @@ int psa_can_do_hash(psa_algorithm_t hash_alg); typedef enum { PSA_SLOT_EMPTY = 0, - PSA_SLOT_OCCUPIED, -} psa_key_slot_status_t; + PSA_SLOT_FILLING, + PSA_SLOT_FULL, + PSA_SLOT_PENDING_DELETION, +} psa_key_slot_state_t; /** The data structure representing a key slot, containing key material * and metadata for one key. @@ -44,18 +46,39 @@ typedef enum { typedef struct { psa_core_key_attributes_t attr; - psa_key_slot_status_t status; + /* + * The current state of the key slot, as described in + * docs/architecture/psa-thread-safety/psa-thread-safety.md. + * + * Library functions can modify the state of a key slot by calling + * psa_key_slot_state_transition. + * + * The state variable is used to help determine whether library functions + * which operate on the slot succeed. For example, psa_finish_key_creation, + * which transfers the state of a slot from PSA_SLOT_FILLING to + * PSA_SLOT_FULL, must fail with error code PSA_ERROR_BAD_STATE + * if the state of the slot is not PSA_SLOT_FILLING. + * + * Library functions which traverse the array of key slots only consider + * slots that are in a suitable state for the function. + * For example, psa_get_and_lock_key_slot_in_memory, which finds a slot + * containing a given key ID, will only check slots whose state variable is + * PSA_SLOT_FULL. */ + psa_key_slot_state_t state; /* - * Number of locks on the key slot held by the library. + * Number of functions registered as reading the material in the key slot. * - * This counter is incremented by one each time a library function - * retrieves through one of the dedicated internal API a pointer to the - * key slot. + * Library functions must not write directly to registered_readers + * (unless the slot's state is PSA_SLOT_FILLING and the slot needs to be + * wiped following a failed key creation). * - * This counter is decremented by one each time a library function stops - * accessing the key slot and states it by calling the - * psa_unlock_key_slot() API. + * A function must call psa_register_read(slot) before reading the current + * contents of the slot for an operation. + * They then must call psa_unregister_read(slot) once they have finished + * reading the current contents of the slot. + * A function must call psa_key_slot_has_readers(slot) to check if + * the slot is in use for reading. * * This counter is used to prevent resetting the key slot while the library * may access it. For example, such control is needed in the following @@ -66,10 +89,9 @@ typedef struct { * the library cannot be reclaimed to free a key slot to load the * persistent key. * . In case of a multi-threaded application where one thread asks to close - * or purge or destroy a key while it is in used by the library through - * another thread. - */ - size_t lock_count; + * or purge or destroy a key while it is in use by the library through + * another thread. */ + size_t registered_readers; /* Dynamically allocated key data buffer. * Format as specified in psa_export_key(). */ From aa33c512cc489d18cbb48b6b64aa959046a83dd1 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 21 Dec 2023 17:32:07 +0000 Subject: [PATCH 488/653] Update psa_wipe_key_slot Change psa_wipe_key_slot to use the new state system. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 16 +++++++++++----- library/psa_crypto_core.h | 9 ++++++--- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 10d17b6df5..7a76c0bbfa 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -981,18 +981,23 @@ psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) * Persistent storage is not affected. */ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot) { + if (slot->state != PSA_SLOT_PENDING_DELETION) { + return PSA_ERROR_BAD_STATE; + } + psa_status_t status = psa_remove_key_data_from_memory(slot); /* * As the return error code may not be handled in case of multiple errors, - * do our best to report an unexpected lock counter. Assert with - * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is equal to one: + * do our best to report an unexpected amount of registered readers. + * Assert with MBEDTLS_TEST_HOOK_TEST_ASSERT that registered_readers is + * equal to one: * if the MBEDTLS_TEST_HOOKS configuration option is enabled and the * function is called as part of the execution of a test suite, the * execution of the test suite is stopped in error if the assertion fails. */ - if (slot->lock_count != 1) { - MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->lock_count == 1); + if (slot->registered_readers != 1) { + MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 1); status = PSA_ERROR_CORRUPTION_DETECTED; } @@ -1003,7 +1008,8 @@ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot) * key material can linger until all operations are completed. */ /* At this point, key material and other type-specific content has * been wiped. Clear remaining metadata. We can call memset and not - * zeroize because the metadata is not particularly sensitive. */ + * zeroize because the metadata is not particularly sensitive. + * This memset also sets the slot's state to PSA_SLOT_EMPTY. */ memset(slot, 0, sizeof(*slot)); return status; } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 9ea482da2c..5c1edafe7a 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -200,13 +200,16 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( /** Completely wipe a slot in memory, including its policy. * * Persistent storage is not affected. + * Sets the slot's state to PSA_SLOT_EMPTY. * * \param[in,out] slot The key slot to wipe. * * \retval #PSA_SUCCESS - * Success. This includes the case of a key slot that was - * already fully wiped. - * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * The slot has been successfully wiped. + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * The amount of registered readers was not equal to 1. + * \retval #PSA_ERROR_BAD_STATE + * The slot's state was not PSA_SLOT_PENDING_DELETION. */ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot); From 62aa79ac5c4dd4623af9a04a0caa96bcb6c23580 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 2 Jan 2024 16:21:03 +0000 Subject: [PATCH 489/653] Implement psa_key_slot_has_readers and remove psa_is_key_slot_occupied Remove psa_is_key_slot_occupied, any function which calls this can just check the state variable instead. Replace psa_is_key_slot_locked with psa_key_slot_has_readers. References to the now removed functions are changed in future commits. Signed-off-by: Ryan Everett --- library/psa_crypto_core.h | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 5c1edafe7a..3b5c634975 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -106,31 +106,15 @@ typedef struct { #define PSA_KA_MASK_INTERNAL_ONLY ( \ 0) -/** Test whether a key slot is occupied. - * - * A key slot is occupied iff the key type is nonzero. This works because - * no valid key can have 0 as its key type. +/** Test whether a key slot has any registered readers. * * \param[in] slot The key slot to test. * - * \return 1 if the slot is occupied, 0 otherwise. + * \return 1 if the slot has any registered readers, 0 otherwise. */ -static inline int psa_is_key_slot_occupied(const psa_key_slot_t *slot) +static inline int psa_key_slot_has_readers(const psa_key_slot_t *slot) { - return slot->status == PSA_SLOT_OCCUPIED; -} - -/** Test whether a key slot is locked. - * - * A key slot is locked iff its lock counter is strictly greater than 0. - * - * \param[in] slot The key slot to test. - * - * \return 1 if the slot is locked, 0 otherwise. - */ -static inline int psa_is_key_slot_locked(const psa_key_slot_t *slot) -{ - return slot->lock_count > 0; + return slot->registered_readers > 0; } /** Retrieve flags from psa_key_slot_t::attr::core::flags. From 39cc9d755e20827cb7ebc3cde53065def94e2ef6 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 21 Dec 2023 17:57:14 +0000 Subject: [PATCH 490/653] Implement psa_register_read and psa_unregister_read Replaces psa_lock_key_slot and psa_unlock_key_slot. Future commits will remove the calls to locking/unlocking functions, and add calls to registering/unregistering functions. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 25 ++++++++++++----- library/psa_crypto_slot_management.h | 40 +++++++++++++++++----------- 2 files changed, 43 insertions(+), 22 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 5ecc3a76c7..32881e5e9e 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -394,26 +394,37 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ } -psa_status_t psa_unlock_key_slot(psa_key_slot_t *slot) +psa_status_t psa_unregister_read(psa_key_slot_t *slot) { if (slot == NULL) { return PSA_SUCCESS; } + if ((slot->state != PSA_SLOT_FULL) && + (slot->state != PSA_SLOT_PENDING_DELETION)) { + return PSA_ERROR_BAD_STATE; + } - if (slot->lock_count > 0) { - slot->lock_count--; + /* If we are the last reader and the slot is marked for deletion, + * we must wipe the slot here. */ + if ((slot->state == PSA_SLOT_PENDING_DELETION) && + (slot->registered_readers == 1)) { + return psa_wipe_key_slot(slot); + } + + if (psa_key_slot_has_readers(slot)) { + slot->registered_readers--; return PSA_SUCCESS; } /* * As the return error code may not be handled in case of multiple errors, - * do our best to report if the lock counter is equal to zero. Assert with - * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is strictly greater - * than zero: if the MBEDTLS_TEST_HOOKS configuration option is enabled and + * do our best to report if there are no registered readers. Assert with + * MBEDTLS_TEST_HOOK_TEST_ASSERT that there are registered readers: + * if the MBEDTLS_TEST_HOOKS configuration option is enabled and * the function is called as part of the execution of a test suite, the * execution of the test suite is stopped in error if the assertion fails. */ - MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->lock_count > 0); + MBEDTLS_TEST_HOOK_TEST_ASSERT(psa_key_slot_has_readers(slot)); return PSA_ERROR_CORRUPTION_DETECTED; } diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 6041a35289..c38876d3dd 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -113,32 +113,39 @@ void psa_wipe_all_key_slots(void); psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id, psa_key_slot_t **p_slot); -/** Lock a key slot. +/** Register as a reader of a key slot. * - * This function increments the key slot lock counter by one. + * This function increments the key slot registered reader counter by one. * * \param[in] slot The key slot. * * \retval #PSA_SUCCESS - The key slot lock counter was incremented. + The key slot registered reader counter was incremented. * \retval #PSA_ERROR_CORRUPTION_DETECTED - * The lock counter already reached its maximum value and was not + * The reader counter already reached its maximum value and was not * increased. + * \retval #PSA_ERROR_BAD_STATE + * The slot's state was not PSA_SLOT_FULL. */ -static inline psa_status_t psa_lock_key_slot(psa_key_slot_t *slot) +static inline psa_status_t psa_register_read(psa_key_slot_t *slot) { - if (slot->lock_count >= SIZE_MAX) { + if (slot->state != PSA_SLOT_FULL) { + return PSA_ERROR_BAD_STATE; + } + if (slot->registered_readers >= SIZE_MAX) { return PSA_ERROR_CORRUPTION_DETECTED; } - - slot->lock_count++; + slot->registered_readers++; return PSA_SUCCESS; } -/** Unlock a key slot. +/** Unregister from reading a key slot. * - * This function decrements the key slot lock counter by one. + * This function decrements the key slot registered reader counter by one. + * If the state of the slot is PSA_SLOT_PENDING_DELETION, + * and there is only one registered reader (the caller), + * this function will call psa_wipe_slot(). * * \note To ease the handling of errors in retrieving a key slot * a NULL input pointer is valid, and the function returns @@ -146,13 +153,16 @@ static inline psa_status_t psa_lock_key_slot(psa_key_slot_t *slot) * * \param[in] slot The key slot. * \retval #PSA_SUCCESS - * \p slot is NULL or the key slot lock counter has been - * decremented successfully. + * \p slot is NULL or the key slot reader counter has been + * decremented (and potentially wiped) successfully. * \retval #PSA_ERROR_CORRUPTION_DETECTED - * The lock counter was equal to 0. - * + * registered_readers was equal to 0. + * \retval #PSA_ERROR_BAD_STATE + * The slot's state was neither PSA_SLOT_FULL nor + * PSA_SLOT_PENDING_DELETION, or a wipe was attempted and + * the slot's state was not PSA_SLOT_PENDING_DELETION. */ -psa_status_t psa_unlock_key_slot(psa_key_slot_t *slot); +psa_status_t psa_unregister_read(psa_key_slot_t *slot); /** Test whether a lifetime designates a key in an external cryptoprocessor. * From 4a78277cb2684ca0e9615ba390ecee87d27dde06 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 4 Jan 2024 10:53:26 +0000 Subject: [PATCH 491/653] Implement psa_key_slot_state_transition This inline function is used in every case we want to change the state of a slot, except for where we do not care about what the state of the slot was before. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.h | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index c38876d3dd..f0bbed98fc 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -112,6 +112,31 @@ void psa_wipe_all_key_slots(void); */ psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id, psa_key_slot_t **p_slot); +/** Change the state of a key slot. + * + * This function changes the state of the key slot from expected_state to + * new state. If the state of the slot was not expected_state, the state is + * unchanged. + * + * \param[in] slot The key slot. + * \param[in] expected_state The current state of the slot. + * \param[in] new_state The new state of the slot. + * + * \retval #PSA_SUCCESS + The key slot's state variable is new_state. + * \retval #PSA_ERROR_BAD_STATE + * The slot's state was not expected_state. + */ +static inline psa_status_t psa_key_slot_state_transition( + psa_key_slot_t *slot, psa_key_slot_state_t expected_state, + psa_key_slot_state_t new_state) +{ + if (slot->state != expected_state) { + return PSA_ERROR_BAD_STATE; + } + slot->state = new_state; + return PSA_SUCCESS; +} /** Register as a reader of a key slot. * From 2afb5160110f54a5d89e968723b3dbb940de42b7 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 22 Dec 2023 15:59:45 +0000 Subject: [PATCH 492/653] Update and rename psa_get_empty_key_slot Rename to psa_reserve_free_key_slot, as this function reserves a slot which is free (not always empty) for filling. Implement necessary state transitions and state checks. Rename unlocked_persistent_key_slot to unused_persistent_key_slot. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 39 +++++++++++++++++----------- library/psa_crypto_slot_management.h | 24 ++++++++++------- 2 files changed, 39 insertions(+), 24 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 32881e5e9e..0f480fb098 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -147,30 +147,31 @@ void psa_wipe_all_key_slots(void) global_data.key_slots_initialized = 0; } -psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id, - psa_key_slot_t **p_slot) +psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, + psa_key_slot_t **p_slot) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t slot_idx; - psa_key_slot_t *selected_slot, *unlocked_persistent_key_slot; + psa_key_slot_t *selected_slot, *unused_persistent_key_slot; if (!global_data.key_slots_initialized) { status = PSA_ERROR_BAD_STATE; goto error; } - selected_slot = unlocked_persistent_key_slot = NULL; + selected_slot = unused_persistent_key_slot = NULL; for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { psa_key_slot_t *slot = &global_data.key_slots[slot_idx]; - if (!psa_is_key_slot_occupied(slot)) { + if (slot->state == PSA_SLOT_EMPTY) { selected_slot = slot; break; } - if ((unlocked_persistent_key_slot == NULL) && - (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && - (!psa_is_key_slot_locked(slot))) { - unlocked_persistent_key_slot = slot; + if ((unused_persistent_key_slot == NULL) && + (slot->state == PSA_SLOT_FULL) && + (!psa_key_slot_has_readers(slot)) && + (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime))) { + unused_persistent_key_slot = slot; } } @@ -182,16 +183,24 @@ psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id, * storage. */ if ((selected_slot == NULL) && - (unlocked_persistent_key_slot != NULL)) { - selected_slot = unlocked_persistent_key_slot; - selected_slot->lock_count = 1; - psa_wipe_key_slot(selected_slot); + (unused_persistent_key_slot != NULL)) { + selected_slot = unused_persistent_key_slot; + psa_register_read(selected_slot); + /* If the state is not changed then psa_wipe_key_slot + * will report an error. */ + psa_key_slot_state_transition(selected_slot, PSA_SLOT_FULL, + PSA_SLOT_PENDING_DELETION); + status = psa_wipe_key_slot(selected_slot); + if (status != PSA_SUCCESS) { + goto error; + } } if (selected_slot != NULL) { - status = psa_lock_key_slot(selected_slot); + status = psa_key_slot_state_transition(selected_slot, PSA_SLOT_EMPTY, + PSA_SLOT_FILLING); if (status != PSA_SUCCESS) { - goto error; + return status; } *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index f0bbed98fc..b2cf570112 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -95,23 +95,29 @@ psa_status_t psa_initialize_key_slots(void); * This does not affect persistent storage. */ void psa_wipe_all_key_slots(void); -/** Find a free key slot. +/** Find a free key slot and reserve it to be filled with a key. * - * This function returns a key slot that is available for use and is in its - * ground state (all-bits-zero). On success, the key slot is locked. It is - * the responsibility of the caller to unlock the key slot when it does not - * access it anymore. + * This function finds a key slot that is free, + * sets its state to PSA_SLOT_FILLING and then returns the slot. + * + * On success, the key slot's state is PSA_SLOT_FILLING. + * It is the responsibility of the caller to change the slot's state to + * PSA_SLOT_EMPTY/FULL once key creation has finished. * * \param[out] volatile_key_id On success, volatile key identifier * associated to the returned slot. * \param[out] p_slot On success, a pointer to the slot. * * \retval #PSA_SUCCESS \emptydescription - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription - * \retval #PSA_ERROR_BAD_STATE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * There were no free key slots. + * \retval #PSA_ERROR_BAD_STATE + * This function attempted to operate on a key slot which was in an + * unexpected state. */ -psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id, - psa_key_slot_t **p_slot); +psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, + psa_key_slot_t **p_slot); + /** Change the state of a key slot. * * This function changes the state of the key slot from expected_state to From b69118ebd0b7aa63d5b7c9b2c17f295aa4c854f8 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 2 Jan 2024 15:54:32 +0000 Subject: [PATCH 493/653] Update key creation functions to use the new key slot states Update psa_start_key_creation, psa_finish_key_creation and psa_fail_key_creation. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7a76c0bbfa..3c5bbbdf6e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1576,8 +1576,9 @@ static psa_status_t psa_validate_key_attributes( * In case of failure at any step, stop the sequence and call * psa_fail_key_creation(). * - * On success, the key slot is locked. It is the responsibility of the caller - * to unlock the key slot when it does not access it anymore. + * On success, the key slot's state is PSA_SLOT_FILLING. + * It is the responsibility of the caller to change the slot's state to + * PSA_SLOT_EMPTY/FULL once key creation has finished. * * \param method An identification of the calling function. * \param[in] attributes Key attributes for the new key. @@ -1608,7 +1609,7 @@ static psa_status_t psa_start_key_creation( return status; } - status = psa_get_empty_key_slot(&volatile_key_id, p_slot); + status = psa_reserve_free_key_slot(&volatile_key_id, p_slot); if (status != PSA_SUCCESS) { return status; } @@ -1634,7 +1635,7 @@ static psa_status_t psa_start_key_creation( /* Erase external-only flags from the internal copy. To access * external-only flags, query `attributes`. Thanks to the check * in psa_validate_key_attributes(), this leaves the dual-use - * flags and any internal flag that psa_get_empty_key_slot() + * flags and any internal flag that psa_reserve_free_key_slot() * may have set. */ slot->attr.flags &= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY; @@ -1686,8 +1687,6 @@ static psa_status_t psa_start_key_creation( } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - slot->status = PSA_SLOT_OCCUPIED; - return PSA_SUCCESS; } @@ -1699,9 +1698,9 @@ static psa_status_t psa_start_key_creation( * See the documentation of psa_start_key_creation() for the intended use * of this function. * - * If the finalization succeeds, the function unlocks the key slot (it was - * locked by psa_start_key_creation()) and the key slot cannot be accessed - * anymore as part of the key creation process. + * If the finalization succeeds, the function sets the key slot's state to + * PSA_SLOT_FULL, and the key slot can no longer be accessed as part of the + * key creation process. * * \param[in,out] slot Pointer to the slot with key material. * \param[in] driver The secure element driver for the key, @@ -1717,6 +1716,7 @@ static psa_status_t psa_start_key_creation( * \retval #PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE \emptydescription * * \return If this function fails, the key slot is an invalid state. * You must call psa_fail_key_creation() to wipe and free the slot. @@ -1777,7 +1777,8 @@ static psa_status_t psa_finish_key_creation( if (status == PSA_SUCCESS) { *key = slot->attr.id; - status = psa_unlock_key_slot(slot); + status = psa_key_slot_state_transition(slot, PSA_SLOT_FILLING, + PSA_SLOT_FULL); if (status != PSA_SUCCESS) { *key = MBEDTLS_SVC_KEY_ID_INIT; } @@ -1792,7 +1793,7 @@ static psa_status_t psa_finish_key_creation( * or after psa_finish_key_creation() fails. In other circumstances, this * function may not clean up persistent storage. * See the documentation of psa_start_key_creation() for the intended use - * of this function. + * of this function. Sets the slot's state to PSA_SLOT_EMPTY. * * \param[in,out] slot Pointer to the slot with key material. * \param[in] driver The secure element driver for the key, @@ -1824,6 +1825,11 @@ static void psa_fail_key_creation(psa_key_slot_t *slot, (void) psa_crypto_stop_transaction(); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + /* Prepare the key slot to be wiped, and then wipe it. */ + slot->registered_readers = 1; + psa_key_slot_state_transition(slot, PSA_SLOT_FILLING, + PSA_SLOT_PENDING_DELETION); + psa_wipe_key_slot(slot); } From 098c6659ada1a89194caddcf8bc7334a463f502b Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 3 Jan 2024 13:03:36 +0000 Subject: [PATCH 494/653] Update psa_get_and_lock_key_slot_X functions Signed-off-by: Ryan Everett --- library/psa_crypto.c | 14 ++++++++------ library/psa_crypto_slot_management.c | 19 ++++++++++++++++--- library/psa_crypto_slot_management.h | 9 ++++++--- 3 files changed, 30 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3c5bbbdf6e..a27fd42c42 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -881,8 +881,9 @@ static psa_status_t psa_restrict_key_policy( * In case of a persistent key, the function loads the description of the key * into a key slot if not already done. * - * On success, the returned key slot is locked. It is the responsibility of - * the caller to unlock the key slot when it does not access it anymore. + * On success, the returned key slot has been registered for reading. + * It is the responsibility of the caller to call psa_unregister_read(slot) + * when they have finished reading the contents of the slot. */ static psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key, @@ -926,7 +927,7 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( error: *p_slot = NULL; - psa_unlock_key_slot(slot); + psa_unregister_read(slot); return status; } @@ -941,8 +942,9 @@ error: * psa_get_and_lock_key_slot_with_policy() when there is no opaque key support * for a cryptographic operation. * - * On success, the returned key slot is locked. It is the responsibility of the - * caller to unlock the key slot when it does not access it anymore. + * On success, the returned key slot has been registered for reading. + * It is the responsibility of the caller to call psa_unregister_read(slot) + * when they have finished reading the contents of the slot. */ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( mbedtls_svc_key_id_t key, @@ -957,7 +959,7 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( } if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)) { - psa_unlock_key_slot(*p_slot); + psa_unregister_read(*p_slot); *p_slot = NULL; return PSA_ERROR_NOT_SUPPORTED; } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 0f480fb098..4846e33ea8 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -108,7 +108,9 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { slot = &global_data.key_slots[slot_idx]; - if (mbedtls_svc_key_id_equal(key, slot->attr.id)) { + /* Only consider slots which are in a full state. */ + if ((slot->state == PSA_SLOT_FULL) && + (mbedtls_svc_key_id_equal(key, slot->attr.id))) { break; } } @@ -117,7 +119,7 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( } if (status == PSA_SUCCESS) { - status = psa_lock_key_slot(slot); + status = psa_register_read(slot); if (status == PSA_SUCCESS) { *p_slot = slot; } @@ -367,7 +369,7 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) psa_key_id_t volatile_key_id; - status = psa_get_empty_key_slot(&volatile_key_id, p_slot); + status = psa_reserve_free_key_slot(&volatile_key_id, p_slot); if (status != PSA_SUCCESS) { return status; } @@ -388,13 +390,24 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ if (status != PSA_SUCCESS) { + /* Prepare the key slot to be wiped, and then wipe it. + * Don't overwrite status as a BAD_STATE error here + * can be reported in the psa_wipe_key_slot call. */ + (*p_slot)->registered_readers = 1; + psa_key_slot_state_transition((*p_slot), PSA_SLOT_FILLING, + PSA_SLOT_PENDING_DELETION); psa_wipe_key_slot(*p_slot); + if (status == PSA_ERROR_DOES_NOT_EXIST) { status = PSA_ERROR_INVALID_HANDLE; } } else { /* Add implicit usage flags. */ psa_extend_key_usage_flags(&(*p_slot)->attr.policy.usage); + + psa_key_slot_state_transition((*p_slot), PSA_SLOT_FILLING, + PSA_SLOT_FULL); + status = psa_register_read(*p_slot); } return status; diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index b2cf570112..5858b18514 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -54,8 +54,9 @@ static inline int psa_key_id_is_volatile(psa_key_id_t key_id) * In case of a persistent key, the function loads the description of the key * into a key slot if not already done. * - * On success, the returned key slot is locked. It is the responsibility of - * the caller to unlock the key slot when it does not access it anymore. + * On success, the returned key slot has been registered for reading. + * It is the responsibility of the caller to call psa_unregister_read(slot) + * when they have finished reading the contents of the slot. * * \param key Key identifier to query. * \param[out] p_slot On success, `*p_slot` contains a pointer to the @@ -67,7 +68,9 @@ static inline int psa_key_id_is_volatile(psa_key_id_t key_id) * description of the key identified by \p key. * The key slot counter has been incremented. * \retval #PSA_ERROR_BAD_STATE - * The library has not been initialized. + * The library has not been initialized. Or, + * this call was operating on a key slot and found the slot in + * an invalid state for the operation. * \retval #PSA_ERROR_INVALID_HANDLE * \p key is not a valid key identifier. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY From c70ce576bd8856a8efa99d4353700bd3130d000b Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 3 Jan 2024 16:04:33 +0000 Subject: [PATCH 495/653] Update psa_destroy_key, psa_purge_key and psa_close_key This does not yet implement destruction while a key is in use for psa_destroy_key; that will be implemented in a separate pr. (I am not sure if I am allowed to change the documentation in the include files.) Signed-off-by: Ryan Everett --- include/psa/crypto.h | 8 ++++++-- include/psa/crypto_compat.h | 4 +++- library/psa_crypto.c | 8 +++++--- library/psa_crypto_slot_management.c | 19 +++++++++++-------- 4 files changed, 25 insertions(+), 14 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index fe10ee0e44..fd1928a656 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -415,7 +415,9 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes); * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize - * results in this error code. + * results in this error code. Or, + * this call was operating on a key slot and found the slot in + * an invalid state for the operation. */ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key); @@ -555,7 +557,9 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize - * results in this error code. + * results in this error code. Or, + * this call was operating on a key slot and found the slot in + * an invalid state for the operation. */ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key); diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index f896fae1c9..bfc00164b5 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -142,7 +142,9 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key, * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize - * results in this error code. + * results in this error code. Or, + * this call was operating on a key slot and found the slot in + * an invalid state for the operation. */ psa_status_t psa_close_key(psa_key_handle_t handle); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a27fd42c42..3e49d0a759 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1048,11 +1048,13 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) * implemented), the key should be destroyed when all accesses have * stopped. */ - if (slot->lock_count > 1) { - psa_unlock_key_slot(slot); + if (slot->registered_readers > 1) { + psa_unregister_read(slot); return PSA_ERROR_GENERIC_ERROR; } + slot->state = PSA_SLOT_PENDING_DELETION; + if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) { /* Refuse the destruction of a read-only key (which may or may not work * if we attempt it, depending on whether the key is merely read-only @@ -1126,7 +1128,7 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) exit: status = psa_wipe_key_slot(slot); - /* Prioritize CORRUPTION_DETECTED from wiping over a storage error */ + /* Prioritize an error from wiping over a storage error */ if (status != PSA_SUCCESS) { overall_status = status; } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 4846e33ea8..a21388a0b3 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -539,11 +539,14 @@ psa_status_t psa_close_key(psa_key_handle_t handle) return status; } - if (slot->lock_count <= 1) { - return psa_wipe_key_slot(slot); - } else { - return psa_unlock_key_slot(slot); + if (slot->registered_readers == 1) { + status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL, + PSA_SLOT_PENDING_DELETION); + if (status != PSA_SUCCESS) { + return status; + } } + return psa_unregister_read(slot); } psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) @@ -557,11 +560,11 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) } if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && - (slot->lock_count <= 1)) { - return psa_wipe_key_slot(slot); - } else { - return psa_unlock_key_slot(slot); + (slot->registered_readers == 1)) { + psa_key_slot_state_transition(slot, PSA_SLOT_FULL, + PSA_SLOT_PENDING_DELETION); } + return psa_unregister_read(slot); } void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats) From eb27dc0f3a95e0c75b45a3366e862324b90bc742 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 3 Jan 2024 16:19:12 +0000 Subject: [PATCH 496/653] Update psa_load_X_key_into_slot These functions (on success) take a slot from PSA_SLOT_FILLING to PSA_SLOT_FULL. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a21388a0b3..3d997a50c7 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -250,7 +250,8 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) slot, data->slot_number, sizeof(data->slot_number)); if (status == PSA_SUCCESS) { - slot->status = PSA_SLOT_OCCUPIED; + status = psa_key_slot_state_transition(slot, PSA_SLOT_FILLING, + PSA_SLOT_FULL); } goto exit; } @@ -261,7 +262,8 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) goto exit; } - slot->status = PSA_SLOT_OCCUPIED; + status = psa_key_slot_state_transition(slot, PSA_SLOT_FILLING, + PSA_SLOT_FULL); exit: psa_free_persistent_key_data(key_data, key_data_length); @@ -335,8 +337,9 @@ static psa_status_t psa_load_builtin_key_into_slot(psa_key_slot_t *slot) /* Copy actual key length and core attributes into the slot on success */ slot->key.bytes = key_buffer_length; slot->attr = attributes.core; - slot->status = PSA_SLOT_OCCUPIED; + status = psa_key_slot_state_transition(slot, PSA_SLOT_FILLING, + PSA_SLOT_FULL); exit: if (status != PSA_SUCCESS) { psa_remove_key_data_from_memory(slot); From 1b70a07eca5bd44bef32203c59ecf5f033246f64 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 4 Jan 2024 10:32:49 +0000 Subject: [PATCH 497/653] Replace psa_unlock_key_slot calls in operations which act on FULL slots Replaces calls to psa_unlock_key_slot with calls to psa_unregister_read. All instances follow a pattern of a call to psa_get_and_lock_key_slot_X, followed by some code which reads from a slot, followed by a call to psa_unregister_read. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 44 ++++++++++++++-------------- library/psa_crypto_slot_management.c | 2 +- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3e49d0a759..da5e5be778 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1253,7 +1253,7 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, psa_reset_key_attributes(attributes); } - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -1349,7 +1349,7 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key, slot->key.data, slot->key.bytes, data, data_size, data_length); - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -1463,7 +1463,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, data, data_size, data_length); exit: - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -2141,7 +2141,7 @@ exit: psa_fail_key_creation(target_slot, driver); } - unlock_status = psa_unlock_key_slot(source_slot); + unlock_status = psa_unregister_read(source_slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -2462,7 +2462,7 @@ exit: psa_mac_abort(operation); } - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -2648,7 +2648,7 @@ exit: psa_wipe_tag_output_buffer(mac, status, mac_size, *mac_length); - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -2792,7 +2792,7 @@ exit: psa_wipe_tag_output_buffer(signature, status, signature_size, *signature_length); - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -2840,7 +2840,7 @@ static psa_status_t psa_verify_internal(mbedtls_svc_key_id_t key, signature, signature_length); } - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; @@ -3107,7 +3107,7 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, alg, input, input_length, salt, salt_length, output, output_size, output_length); exit: - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -3159,7 +3159,7 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, output, output_size, output_length); exit: - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -3268,7 +3268,7 @@ exit: psa_sign_hash_abort_internal(operation); } - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); if (unlock_status != PSA_SUCCESS) { operation->error_occurred = 1; @@ -3413,7 +3413,7 @@ psa_status_t psa_verify_hash_start( psa_verify_hash_abort_internal(operation); } - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); if (unlock_status != PSA_SUCCESS) { operation->error_occurred = 1; @@ -3985,7 +3985,7 @@ exit: psa_cipher_abort(operation); } - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -4230,7 +4230,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, output_size - default_iv_length, output_length); exit: - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); if (status == PSA_SUCCESS) { status = unlock_status; } @@ -4291,7 +4291,7 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, output, output_size, output_length); exit: - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); if (status == PSA_SUCCESS) { status = unlock_status; } @@ -4417,7 +4417,7 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key, } exit: - psa_unlock_key_slot(slot); + psa_unregister_read(slot); return status; } @@ -4472,7 +4472,7 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key, } exit: - psa_unlock_key_slot(slot); + psa_unregister_read(slot); return status; } @@ -4584,7 +4584,7 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation, operation->key_type = psa_get_key_type(&attributes); exit: - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); if (status == PSA_SUCCESS) { status = unlock_status; @@ -6907,7 +6907,7 @@ psa_status_t psa_key_derivation_input_key( slot->key.data, slot->key.bytes); - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -7064,7 +7064,7 @@ psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *op } } - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -7125,7 +7125,7 @@ exit: *output_length = output_size; } - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -7799,7 +7799,7 @@ exit: if (status != PSA_SUCCESS) { psa_pake_abort(operation); } - unlock_status = psa_unlock_key_slot(slot); + unlock_status = psa_unregister_read(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 3d997a50c7..3c16de3343 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -516,7 +516,7 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle) *handle = key; - return psa_unlock_key_slot(slot); + return psa_unregister_read(slot); #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ (void) key; From 6cd2b8db960e30cdd858a695b8618731c3225cc0 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 4 Jan 2024 12:10:18 +0000 Subject: [PATCH 498/653] Update psa_wipe_all_key_slots This will still wipe the slot regardless of state/readers. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 3c16de3343..a8be912b73 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -143,7 +143,8 @@ void psa_wipe_all_key_slots(void) for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { psa_key_slot_t *slot = &global_data.key_slots[slot_idx]; - slot->lock_count = 1; + slot->registered_readers = 1; + slot->state = PSA_SLOT_PENDING_DELETION; (void) psa_wipe_key_slot(slot); } global_data.key_slots_initialized = 0; From 6a9c14b918da52d614fcff92df382b03aa366ff9 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 4 Jan 2024 12:13:45 +0000 Subject: [PATCH 499/653] Update mbedtls_psa_get_stats Uses readers to report "locked_slots", and slot state empty to report "empty_slots". Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a8be912b73..ef76dcb897 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -579,10 +579,10 @@ void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats) for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { const psa_key_slot_t *slot = &global_data.key_slots[slot_idx]; - if (psa_is_key_slot_locked(slot)) { + if (psa_key_slot_has_readers(slot)) { ++stats->locked_slots; } - if (!psa_is_key_slot_occupied(slot)) { + if (slot->state == PSA_SLOT_EMPTY) { ++stats->empty_slots; continue; } From 3742f7c4b46d85369e8691efbf0f291a6f0d9830 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 Jan 2024 10:37:58 +0100 Subject: [PATCH 500/653] changelog: improve wording Signed-off-by: Valerio Setti --- ChangeLog.d/8340.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/8340.txt b/ChangeLog.d/8340.txt index 78e84f7daf..5664bf170c 100644 --- a/ChangeLog.d/8340.txt +++ b/ChangeLog.d/8340.txt @@ -1,4 +1,4 @@ Features * Add functions mbedtls_md_psa_alg_from_type() and mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and - psa_algorithm_t and vice versa. + psa_algorithm_t. From e2d3db5cfc977cd6a88e9e3d1bbfaf6f9dcb663c Mon Sep 17 00:00:00 2001 From: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com> Date: Fri, 5 Jan 2024 14:19:16 +0000 Subject: [PATCH 501/653] Update mbedtls_ssl_get_output_record_size_limit signature Co-authored-by: Ronald Cron Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com> --- library/ssl_misc.h | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index fabb48bd8f..c8de036097 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -441,18 +441,13 @@ size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) /** - * \brief Return the RecordSizeLimit (in bytes) for - * the output buffer. This is less than the value requested by the - * peer (see RFC 8449), since it subtracts the space required for the - * content type and padding of the TLSInnerPlaintext struct (RFC 8446). - * Returns MBEDTLS_SSL_OUT_CONTENT_LEN if no limit was requested by the peer. - * - * \sa mbedtls_ssl_get_max_out_record_payload() - * ssl_compute_internal_record_size_limit() + * \brief Get the size limit in bytes for the protected outgoing records + * as defined in RFC 8449 * * \param ssl SSL context * - * \return Current record size limit for the output buffer. + * \return The size limit in bytes for the protected outgoing + * records as defined in RFC 8449. */ size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ From 98f5db9fca7fa9dc3a30c3264b720e41589d713d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 Jan 2024 18:17:38 +0100 Subject: [PATCH 502/653] psa_util: fix typo in comment Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index e8fb3de61a..7fcc9d2b0f 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -155,7 +155,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, * \param md_type The type of digest to search for. * * \return The PSA algorithm identifier associated with \p md_type; - * #PSA_ALG_NONE if the algorithm is unuspported or invalid. + * #PSA_ALG_NONE if the algorithm is unsupported or invalid. */ psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); From 729cf89704c1d86d9798534da2c16baf50b3936d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jan 2024 10:38:51 +0100 Subject: [PATCH 503/653] Consolidate ChangeLog entries about CIPHER_C MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/8060.txt | 4 ---- ChangeLog.d/8357.txt | 8 -------- ChangeLog.d/8358.txt | 2 -- ChangeLog.d/no-cipher.txt | 9 +++++++++ 4 files changed, 9 insertions(+), 14 deletions(-) delete mode 100644 ChangeLog.d/8060.txt delete mode 100644 ChangeLog.d/8357.txt create mode 100644 ChangeLog.d/no-cipher.txt diff --git a/ChangeLog.d/8060.txt b/ChangeLog.d/8060.txt deleted file mode 100644 index a5fd93c8db..0000000000 --- a/ChangeLog.d/8060.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * The CCM and GCM modules no longer depend on MBEDTLS_CIPHER_C. People who - use CCM and GCM but don't need the Cipher API can now disable - MBEDTLS_CIPHER_C in order to save code size. diff --git a/ChangeLog.d/8357.txt b/ChangeLog.d/8357.txt deleted file mode 100644 index 9cae396ec5..0000000000 --- a/ChangeLog.d/8357.txt +++ /dev/null @@ -1,8 +0,0 @@ -Features - * It is now possible to have AEADs support (CCM, GCM and ChaChaPoly) without - MBEDTLS_CIPHER_C. This holds both for the builtin suport (MBEDTLS_CCM_C, - MBEDTLS_GCM_C and MBEDTLS_CHACHAPOLY_C) as well as the PSA one - (PSA_WANT_ALG_CCM, PSA_WANT_ALG_GCM, PSA_WANT_ALG_CHACHA20_POLY1305). - On the PSA side this means that it is possible to enable - MBEDTLS_PSA_CRYPTO_C without MBEDTLS_CIPHER_C if none of the - non-authenticated ciphers is enabled. diff --git a/ChangeLog.d/8358.txt b/ChangeLog.d/8358.txt index 70b795a4ba..2c3e15d665 100644 --- a/ChangeLog.d/8358.txt +++ b/ChangeLog.d/8358.txt @@ -2,8 +2,6 @@ Features * If a cipher or AEAD mechanism has a PSA driver, you can now build the library without the corresponding built-in implementation. See docs/driver-only-builds.md for full details and current limitations. - * It is possible to disable MBEDTLS_CIPHER_C in some circumstances, please - see docs/driver-only-builds.md for full details and current limitations. * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES. diff --git a/ChangeLog.d/no-cipher.txt b/ChangeLog.d/no-cipher.txt new file mode 100644 index 0000000000..4deadab980 --- /dev/null +++ b/ChangeLog.d/no-cipher.txt @@ -0,0 +1,9 @@ +Features + * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code + size by disabling it in more circumstances. In particular, the CCM and + GCM modules no longer depends on MBEDTLS_CIPHER_C. Also, + MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all + unauthenticated (non-AEAD) ciphers are disabled, or if they're all + fully provided by drivers. See docs/driver-only-builds.md for full + details and current limitations; in particular, NIST_KW and PKCS5/PKCS12 + decryption still unconditionally depend on MBEDTLS_CIPHER_C. From a57278151b0fe3d5bbbd22b1c3becb314f7a7705 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jan 2024 10:47:46 +0100 Subject: [PATCH 504/653] Update ChangeLog for CCM/GCM improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/{8358.txt => driver-only-cipher.txt} | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) rename ChangeLog.d/{8358.txt => driver-only-cipher.txt} (58%) diff --git a/ChangeLog.d/8358.txt b/ChangeLog.d/driver-only-cipher.txt similarity index 58% rename from ChangeLog.d/8358.txt rename to ChangeLog.d/driver-only-cipher.txt index 2c3e15d665..e2a946c916 100644 --- a/ChangeLog.d/8358.txt +++ b/ChangeLog.d/driver-only-cipher.txt @@ -1,6 +1,10 @@ Features * If a cipher or AEAD mechanism has a PSA driver, you can now build the - library without the corresponding built-in implementation. See + library without the corresponding built-in implementation. Generally + speaking that requires both the key type and algorithm to be accelerated + or they'll both be built in. However for CCM and GCM the built-in + implementation is able to take advantage of a driver that only + accelerates the key type (that is, the block cipher primitive). See docs/driver-only-builds.md for full details and current limitations. * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to From dc4103e9aadc503f490f267a30c6f5a9c8ee8ebd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jan 2024 10:54:47 +0100 Subject: [PATCH 505/653] Clarify CCM/CM with partial accel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/driver-only-builds.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index f085471c6d..1a60bfd4f1 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -349,9 +349,11 @@ from PSA acceleration of the underlying block cipher by enabling support for ECB mode (`PSA_WANT_ALG_ECB_NO_PADDING` + `MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING`) together with desired key type(s) (`PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]` + `MBEDTLS_PSA_ACCEL_KEY_TYPE_[AES|ARIA|CAMELLIA]`). + In such configurations it is possible to: - Use CCM and GCM via the PSA Crypto APIs. -- Use CCM and GCM via legacy functions (`mbedtls_[ccm|gcm]_xxx()`). +- Use CCM and GCM via legacy functions `mbedtls_[ccm|gcm]_xxx()` (but not the + legacy functions `mbedtls_cipher_xxx()`). - Disable legacy key types (`MBEDTLS_[AES|ARIA|CAMELLIA]_C`) if there is no other dependency requiring them. From 7f48d5e203274bebdf74bc26c92b8f416465cc49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jan 2024 10:55:09 +0100 Subject: [PATCH 506/653] Rename test components to better reflect content MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 34 +++++++++++++++---------------- tests/scripts/analyze_outcomes.py | 8 ++++---- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8f899c060c..8bf91d62e0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3741,9 +3741,9 @@ component_test_psa_crypto_config_accel_aead () { } # This is a common configuration function used in: -# - component_test_psa_crypto_config_accel_cipher_aead -# - component_test_psa_crypto_config_reference_cipher_aead -common_psa_crypto_config_accel_cipher_aead() { +# - component_test_psa_crypto_config_accel_cipher_aead_cmac +# - component_test_psa_crypto_config_reference_cipher_aead_cmac +common_psa_crypto_config_accel_cipher_aead_cmac() { # Start from the full config helper_libtestdriver1_adjust_config "full" @@ -3751,12 +3751,12 @@ common_psa_crypto_config_accel_cipher_aead() { } # The 2 following test components, i.e. -# - component_test_psa_crypto_config_accel_cipher_aead -# - component_test_psa_crypto_config_reference_cipher_aead +# - component_test_psa_crypto_config_accel_cipher_aead_cmac +# - component_test_psa_crypto_config_reference_cipher_aead_cmac # are meant to be used together in analyze_outcomes.py script in order to test # driver's coverage for ciphers and AEADs. -component_test_psa_crypto_config_accel_cipher_aead () { - msg "build: full config with accelerated cipher and AEAD" +component_test_psa_crypto_config_accel_cipher_aead_cmac () { + msg "build: full config with accelerated cipher inc. AEAD and CMAC" loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \ ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \ @@ -3766,7 +3766,7 @@ component_test_psa_crypto_config_accel_cipher_aead () { # Configure # --------- - common_psa_crypto_config_accel_cipher_aead + common_psa_crypto_config_accel_cipher_aead_cmac # Disable the things that are being accelerated scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC @@ -3810,29 +3810,29 @@ component_test_psa_crypto_config_accel_cipher_aead () { # Run the tests # ------------- - msg "test: full config with accelerated cipher and AEAD" + msg "test: full config with accelerated cipher inc. AEAD and CMAC" make test - msg "ssl-opt: full config with accelerated cipher and AEAD" + msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC" tests/ssl-opt.sh - msg "compat.sh: full config with accelerated cipher and AEAD" + msg "compat.sh: full config with accelerated cipher inc. AEAD and CMAC" tests/compat.sh -V NO -p mbedTLS } -component_test_psa_crypto_config_reference_cipher_aead () { - msg "build: full config with non-accelerated cipher and AEAD" - common_psa_crypto_config_accel_cipher_aead +component_test_psa_crypto_config_reference_cipher_aead_cmac () { + msg "build: full config with non-accelerated cipher inc. AEAD and CMAC" + common_psa_crypto_config_accel_cipher_aead_cmac make - msg "test: full config with non-accelerated cipher and AEAD" + msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" make test - msg "ssl-opt: full config with non-accelerated cipher and AEAD" + msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC" tests/ssl-opt.sh - msg "compat.sh: full config with non-accelerated cipher and AEAD" + msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC" tests/compat.sh -V NO -p mbedTLS } diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 3b11ca24c8..a86797175f 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -240,16 +240,16 @@ KNOWN_TASKS = { } } }, - 'analyze_driver_vs_reference_cipher_aead': { + 'analyze_driver_vs_reference_cipher_aead_cmac': { 'test_function': do_analyze_driver_vs_reference, 'args': { - 'component_ref': 'test_psa_crypto_config_reference_cipher_aead', - 'component_driver': 'test_psa_crypto_config_accel_cipher_aead', + 'component_ref': 'test_psa_crypto_config_reference_cipher_aead_cmac', + 'component_driver': 'test_psa_crypto_config_accel_cipher_aead_cmac', # Modules replaced by drivers. 'ignored_suites': [ # low-level (block/stream) cipher modules 'aes', 'aria', 'camellia', 'des', 'chacha20', - # AEAD modes + # AEAD modes and CMAC 'ccm', 'chachapoly', 'cmac', 'gcm', # The Cipher abstraction layer 'cipher', From 88bae8bc5273c51bb532c2f3e5955db7722ec1ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jan 2024 10:56:35 +0100 Subject: [PATCH 507/653] Rename tests components for clarity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All no_cipher components have crypto (as in libmbedcrypto.a), but the difference is one doesn't have PSA crypto while the other two do. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8bf91d62e0..b37973addc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1540,7 +1540,7 @@ component_test_crypto_full_md_light_only () { make test } -component_test_full_no_cipher () { +component_test_full_no_cipher_no_psa_crypto () { msg "build: full no CIPHER no PSA_CRYPTO_C" scripts/config.py full scripts/config.py unset MBEDTLS_CIPHER_C @@ -1565,8 +1565,8 @@ component_test_full_no_cipher () { } # This is a common configurator and test function that is used in: -# - component_test_full_no_cipher_with_crypto -# - component_test_full_no_cipher_with_crypto_config +# - component_test_full_no_cipher_with_psa_crypto +# - component_test_full_no_cipher_with_psa_crypto_config # It accepts 2 input parameters: # - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG # - $2: a text string which describes the test component @@ -1614,11 +1614,11 @@ common_test_full_no_cipher_with_psa_crypto () { make test } -component_test_full_no_cipher_with_crypto() { +component_test_full_no_cipher_with_psa_crypto() { common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG" } -component_test_full_no_cipher_with_crypto_config() { +component_test_full_no_cipher_with_psa_crypto_config() { common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER" } From c1cea63478aa3739c1a724a93c53273bdc236b1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jan 2024 11:02:26 +0100 Subject: [PATCH 508/653] Quickly mention the status of RSA accel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Not related to other commits in this PR, should have been done in #8616 really, but since I'm updating the document, might as well do it here. Signed-off-by: Manuel Pégourié-Gonnard --- docs/driver-only-builds.md | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 1a60bfd4f1..8f708259ce 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -55,6 +55,8 @@ For now, only the following (families of) mechanisms are supported: - hashes: SHA-3, SHA-2, SHA-1, MD5, etc. - elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types. - finite-field Diffie-Hellman: FFDH algorithm, DH key types. +- RSA: PKCS#1 v1.5 and v2.1 signature and encryption algorithms, RSA key types + (for now, only crypto, no X.509 or TLS support). - AEADs: - GCM and CCM with AES, ARIA and Camellia key types - ChachaPoly with ChaCha20 Key type @@ -71,9 +73,6 @@ work in the same way as if the mechanisms where built-in, except as documented in the "Limitations" sub-sections of the sections dedicated to each family below. -Currently (mid-2023) we don't have plans to extend this to RSA. If -you're interested in driver-only support for RSA, please let us know. - Hashes ------ @@ -138,9 +137,10 @@ then you can also disable `MBEDTLS_ECP_C`. However, a small subset of it might still be included in the build, see limitations sub-section below. In addition, if: -- `MBEDTLS_ECP_C` is fully removed (see limitation sub-section below), and -- support for RSA key types and algorithms is fully disabled, and -- support for DH key types and the FFDH algorithm is either disabled, or +- `MBEDTLS_ECP_C` is fully removed (see limitation sub-section below), +- and support for RSA key types and algorithms is either fully disabled or + fully provided by a driver, +- and support for DH key types and the FFDH algorithm is either disabled or fully provided by a driver, then you can also disable `MBEDTLS_BIGNUM_C`. @@ -243,6 +243,29 @@ The same holds for the associated algorithm: `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and removing builtin support (i.e. `MBEDTLS_DHM_C`). +RSA +--- + +It is possible for all RSA operations to be provided only by a driver. + +More precisely, if: +- all the RSA algorithms that are enabled (`PSA_WANT_ALG_RSA_*`) are also + accelerated (`MBEDTLS_PSA_ACCEL_ALG_RSA_*`), +- and all the RSA key types that are enabled (`PSA_WANT_KEY_TYPE_RSA_*`) are + also accelerated (`MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_*`), + +then you can disable `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15` and +`MBEDTLS_PKCS1_V21`, and RSA will still work in PSA Crypto. + +### Limitations on RSA acceleration + +Unlike other mechanisms, for now in configurations with driver-only RSA, only +PSA Crypto works. In particular, PK, X.509 and TLS will _not_ work with +driver-only RSA even if `MBEDTLS_USE_PSA_CRYPTO` is enabled. + +Currently (early 2024) we don't have plans to extend this support. If you're +interested in wider driver-only support for RSA, please let us know. + Ciphers (unauthenticated and AEAD) ---------------------------------- From d0c6f70e58e7909a02b83f66e5d78f3050635654 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jan 2024 11:33:31 +0100 Subject: [PATCH 509/653] Update architecture doc for cipher dual dispatch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../psa-migration/md-cipher-dispatch.md | 32 +++++++++++++++---- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index 430b0caec9..ac67dd6b23 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -494,7 +494,7 @@ int psa_can_do_hash(psa_algorithm_t hash_alg); The job of this private function is to return 1 if `hash_alg` can be performed through PSA now, and 0 otherwise. It is only defined on algorithms that are enabled via PSA. -As a starting point, return 1 if PSA crypto has been initialized. This will be refined later (to return 1 if the [accelerator subsystem](https://github.com/Mbed-TLS/mbedtls/issues/6007) has been initialized). +As a starting point, return 1 if PSA crypto's driver subsystem has been initialized. Usage note: for algorithms that are not enabled via PSA, calling `psa_can_do_hash` is generally safe: whether it returns 0 or 1, you can call a PSA hash function on the algorithm and it will return `PSA_ERROR_NOT_SUPPORTED`. @@ -566,14 +566,15 @@ The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a l * Compile-time dependencies: instead of checking `defined(MBEDTLS_PSA_CRYPTO_C)`, check `defined(MBEDTLS_PSA_CRYPTO_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)`. * Implementers of `MBEDTLS_PSA_CRYPTO_CLIENT` will need to provide `psa_can_do_hash()` (or a more general function `psa_can_do`) alongside `psa_crypto_init()`. Note that at this point, it will become a public interface, hence we won't be able to change it at a whim. -### Internal "block cipher" abstraction (Cipher light) +### Internal "block cipher" abstraction (previously known as "Cipher light") #### Definition The new module is automatically enabled in `build_info.h` by modules that need -it, namely: CCM, GCM, only when `CIPHER_C` is not available. Note: CCM and GCM -currently depend on the full `CIPHER_C` (enforced by `check_config.h`); this -hard dependency would be replaced by the above auto-enablement. +it, namely: CCM, GCM, only when `CIPHER_C` is not available, or the new module +is needed for PSA dispatch (see next section). Note: CCM and GCM currently +depend on the full `CIPHER_C` (enforced by `check_config.h`); this hard +dependency would be replaced by the above auto-enablement. The following API functions are offered: ``` @@ -593,6 +594,23 @@ The only supported ciphers are AES, ARIA and Camellia. They are identified by an `mbedtls_cipher_id_t` in the `setup()` function, because that's how they're identifed by callers (GCM/CCM). -#### Cipher light dual dispatch +#### Block cipher dual dispatch -This is likely to come in the future, but has not been defined yet. +Support for dual dispatch in the new internal module `block_cipher` is extremely similar to that in MD light. + +A block cipher context contains either a legacy module's context (AES, ARIA, Camellia) or a PSA key identifier; it has a field indicated which one is in use. All fields are private. + +The `engine` field is almost redundant with knowledge about `type`. However, when an algorithm is available both via a legacy module and a PSA accelerator, we will choose based on the runtime availability of the accelerator when the context is set up. This choice needs to be recorded in the context structure. + +Support is determined at runtime using the new internal function +``` +int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg); +``` + +The job of this private function is to return 1 if `hash_alg` can be performed through PSA now, and 0 otherwise. It is only defined on algorithms that are enabled via PSA. As a starting point, return 1 if PSA crypto's driver subsystem has been initialized. + +Each function in the module needs to know whether to dispatch via PSA or legacy. All function with just consult the context's `engine` field, except `setup()` which will set it according to the key type and the return value of `psa_can_do_cipher()` as discussed above. + +Note that this assumes that an operation that has been started via PSA can be completed. This implies that `mbedtls_psa_crypto_free` must not be called while an operation using PSA is in progress. + +After calling a PSA function, call `mbedtls_cipher_error_from_psa` to convert its status code. From 95c32973f90b0b0867061f21e4a3e75164bff804 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 11:28:47 +0100 Subject: [PATCH 510/653] check_config: add check for PSA builtin unauthenticated ciphers Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b21135686a..4dc26779c6 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -203,6 +203,19 @@ #endif #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) && \ + (defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)) && \ + !defined(MBEDTLS_CIPHER_C) +#error "Built-in unauthenticated ciphers are enabled in PSA, but not all prerequisites" +#endif + #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECDH_C defined, but not all prerequisites" #endif From c95ab2a1a06dd53042b47abfd336d356128f638c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 17:15:34 +0100 Subject: [PATCH 511/653] mbedtls_config: extend documentation for MBEDTLS_PSA_CRYPTO_C Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 94e21e2710..5670d67ec3 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3167,7 +3167,8 @@ * * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, - * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. + * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG; + * MBEDTLS_CIPHER_C if any unauthenticated cipher is builtin in PSA. * */ #define MBEDTLS_PSA_CRYPTO_C From 1aaffec7cf5e52d9b7cd7d95f857511b7ca549ae Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 09:06:54 +0100 Subject: [PATCH 512/653] Revert "check_config: add check for PSA builtin unauthenticated ciphers" This reverts commit d5d99e800a0d648e976a28819ab8709daabcab9b. Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 4dc26779c6..b21135686a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -203,19 +203,6 @@ #endif #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) && \ - (defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)) && \ - !defined(MBEDTLS_CIPHER_C) -#error "Built-in unauthenticated ciphers are enabled in PSA, but not all prerequisites" -#endif - #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECDH_C defined, but not all prerequisites" #endif From 9772642b8c44381c46ac70202b895bc52bcda1cb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 09:55:09 +0100 Subject: [PATCH 513/653] adjust_legacy_crypto: auto-enable CIPHER_C when any builtin cipher is enabled in PSA Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index c6b7f8ef31..696266c6fb 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -22,6 +22,20 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H +/* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin + * in PSA. */ +#if defined(MBEDTLS_PSA_CRYPTO_C) && \ + (defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)) +#define MBEDTLS_CIPHER_C +#endif + /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. */ From d5cab81405dd72ffbab9ef65261771aecbe531ba Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 10:04:51 +0100 Subject: [PATCH 514/653] mbedtls_config: update documentation for CIPHER_C and CRYPTO_C Adding auto-enablement sections. Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 5670d67ec3..6a5828c740 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2579,6 +2579,8 @@ * library/ssl_ciphersuites.c * library/ssl_msg.c * library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled) + * Auto-enabled by: MBEDTLS_PSA_CRYPTO_C depending on which ciphers are enabled + * (see the documentation of that option for details). * * Uncomment to enable generic cipher wrappers. */ @@ -3167,9 +3169,10 @@ * * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, - * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG; - * MBEDTLS_CIPHER_C if any unauthenticated cipher is builtin in PSA. - * + * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. + * Auto-enables: MBEDTLS_CIPHER_C if any unauthenticated (ie, non-AEAD) cipher + * is enabled in PSA (unless it's fully accelerated, see + * docs/driver-only-builds.md about that). */ #define MBEDTLS_PSA_CRYPTO_C From cd38f2720678fffd28669aa1625695106060695f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 08:41:03 +0100 Subject: [PATCH 515/653] Revert "psa_util: fix typo in comment" This reverts commit 98f5db9fca7fa9dc3a30c3264b720e41589d713d. Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 7fcc9d2b0f..e8fb3de61a 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -155,7 +155,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, * \param md_type The type of digest to search for. * * \return The PSA algorithm identifier associated with \p md_type; - * #PSA_ALG_NONE if the algorithm is unsupported or invalid. + * #PSA_ALG_NONE if the algorithm is unuspported or invalid. */ psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); From 9b2d738ccde53c4643a9905f548509e2a8457d86 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 08:41:21 +0100 Subject: [PATCH 516/653] Revert "test_suite_md: improve md_to_from_psa() test function and related data" This reverts commit 2c1070b39700be8a6fcda5f2266e8bbe5ac42e1c. Signed-off-by: Valerio Setti --- tests/suites/test_suite_md.data | 48 ++--------------------------- tests/suites/test_suite_md.function | 24 ++++++++++++--- 2 files changed, 21 insertions(+), 51 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index b831500d6f..fb9b5effa0 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -2,52 +2,8 @@ MD list mbedtls_md_list: -MD <-> PSA conversion - MD5 -depends_on:PSA_WANT_ALG_MD5 -md_to_from_psa:MBEDTLS_MD_MD5:PSA_ALG_MD5 - -MD <-> PSA conversion - RIPEMD160 -depends_on:PSA_WANT_ALG_RIPEMD160 -md_to_from_psa:MBEDTLS_MD_RIPEMD160:PSA_ALG_RIPEMD160 - -MD <-> PSA conversion - SHA1 -depends_on:PSA_WANT_ALG_SHA_1 -md_to_from_psa:MBEDTLS_MD_SHA1:PSA_ALG_SHA_1 - -MD <-> PSA conversion - SHA224 -depends_on:PSA_WANT_ALG_SHA_224 -md_to_from_psa:MBEDTLS_MD_SHA224:PSA_ALG_SHA_224 - -MD <-> PSA conversion - SHA256 -depends_on:PSA_WANT_ALG_SHA_256 -md_to_from_psa:MBEDTLS_MD_SHA256:PSA_ALG_SHA_256 - -MD <-> PSA conversion - SHA384 -depends_on:PSA_WANT_ALG_SHA_384 -md_to_from_psa:MBEDTLS_MD_SHA384:PSA_ALG_SHA_384 - -MD <-> PSA conversion - SHA512 -depends_on:PSA_WANT_ALG_SHA_512 -md_to_from_psa:MBEDTLS_MD_SHA512:PSA_ALG_SHA_512 - -MD <-> PSA conversion - SHA3_224 -depends_on:PSA_WANT_ALG_SHA3_224 -md_to_from_psa:MBEDTLS_MD_SHA3_224:PSA_ALG_SHA3_224 - -MD <-> PSA conversion - SHA3_256 -depends_on:PSA_WANT_ALG_SHA3_256 -md_to_from_psa:MBEDTLS_MD_SHA3_256:PSA_ALG_SHA3_256 - -MD <-> PSA conversion - SHA3_384 -depends_on:PSA_WANT_ALG_SHA3_384 -md_to_from_psa:MBEDTLS_MD_SHA3_384:PSA_ALG_SHA3_384 - -MD <-> PSA conversion - SHA3_512 -depends_on:PSA_WANT_ALG_SHA3_512 -md_to_from_psa:MBEDTLS_MD_SHA3_512:PSA_ALG_SHA3_512 - -MD <-> PSA conversion - NONE -md_to_from_psa:MBEDTLS_MD_NONE:PSA_ALG_NONE +MD <-> PSA conversion +md_to_from_psa: MD NULL/uninitialised arguments md_null_args: diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 0a8e4216ee..2a885e2371 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -4,6 +4,10 @@ #include "mbedtls/oid.h" #include "mbedtls/asn1.h" + +#define MD_PSA(md, psa) \ + TEST_EQUAL(mbedtls_md_psa_alg_from_type(md), psa); \ + TEST_EQUAL(mbedtls_md_type_from_psa_alg(psa), md); /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -59,13 +63,23 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ -void md_to_from_psa(int md_alg_arg, int psa_alg_arg) +void md_to_from_psa() { - mbedtls_md_type_t md_alg = md_alg_arg; - psa_algorithm_t psa_alg = psa_alg_arg; + /* We use a simplified implementation that relies on numerical values + * being aligned, so make sure they remain so. */ + MD_PSA(MBEDTLS_MD_MD5, PSA_ALG_MD5); + MD_PSA(MBEDTLS_MD_RIPEMD160, PSA_ALG_RIPEMD160); + MD_PSA(MBEDTLS_MD_SHA1, PSA_ALG_SHA_1); + MD_PSA(MBEDTLS_MD_SHA224, PSA_ALG_SHA_224); + MD_PSA(MBEDTLS_MD_SHA256, PSA_ALG_SHA_256); + MD_PSA(MBEDTLS_MD_SHA384, PSA_ALG_SHA_384); + MD_PSA(MBEDTLS_MD_SHA512, PSA_ALG_SHA_512); + MD_PSA(MBEDTLS_MD_SHA3_224, PSA_ALG_SHA3_224); + MD_PSA(MBEDTLS_MD_SHA3_256, PSA_ALG_SHA3_256); + MD_PSA(MBEDTLS_MD_SHA3_384, PSA_ALG_SHA3_384); + MD_PSA(MBEDTLS_MD_SHA3_512, PSA_ALG_SHA3_512); - TEST_EQUAL(mbedtls_md_psa_alg_from_type(md_alg), psa_alg); \ - TEST_EQUAL(mbedtls_md_type_from_psa_alg(psa_alg), md_alg); + /* Don't test for NONE<->NONE as this is not guaranteed */ } /* END_CASE */ From dd2afcd881df115474eb12f9aa877b35530ec799 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 08:41:29 +0100 Subject: [PATCH 517/653] Revert "psa_util: add algorithm's availability checks for MD conversion functions" This reverts commit 3d2e0f5f42b9ac646f63d67e442f4af0f8a3fe4f. Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 27 +++++++--- library/psa_util.c | 106 ------------------------------------- 2 files changed, 21 insertions(+), 112 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index e8fb3de61a..249b8d421c 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -152,12 +152,21 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, * \brief This function returns the PSA algorithm identifier * associated with the given digest type. * - * \param md_type The type of digest to search for. + * \param md_type The type of digest to search for. Must not be NONE. * - * \return The PSA algorithm identifier associated with \p md_type; - * #PSA_ALG_NONE if the algorithm is unuspported or invalid. + * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will + * not return \c PSA_ALG_NONE, but an invalid algorithm. + * + * \warning This function does not check if the algorithm is + * supported, it always returns the corresponding identifier. + * + * \return The PSA algorithm identifier associated with \p md_type, + * regardless of whether it is supported or not. */ -psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); +static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) +{ + return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type; +} /** * \brief This function returns the given digest type @@ -165,10 +174,16 @@ psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); * * \param psa_alg The PSA algorithm identifier to search for. * + * \warning This function does not check if the algorithm is + * supported, it always returns the corresponding identifier. + * * \return The MD type associated with \p psa_alg, - * #MBEDTLS_MD_NONE if the algorithm is unsupported or invalid. + * regardless of whether it is supported or not. */ -mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg); +static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) +{ + return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); +} /**@}*/ diff --git a/library/psa_util.c b/library/psa_util.c index bb054a33fb..9b06de273f 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -330,110 +330,4 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ -psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) -{ - switch (md_type) { -#if defined(PSA_WANT_ALG_MD5) - case MBEDTLS_MD_MD5: - return PSA_ALG_MD5; -#endif -#if defined(PSA_WANT_ALG_RIPEMD160) - case MBEDTLS_MD_RIPEMD160: - return PSA_ALG_RIPEMD160; -#endif -#if defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_MD_SHA1: - return PSA_ALG_SHA_1; -#endif -#if defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_MD_SHA224: - return PSA_ALG_SHA_224; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - return PSA_ALG_SHA_256; -#endif -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - return PSA_ALG_SHA_384; -#endif -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_MD_SHA512: - return PSA_ALG_SHA_512; -#endif -#if defined(PSA_WANT_ALG_SHA3_224) - case MBEDTLS_MD_SHA3_224: - return PSA_ALG_SHA3_224; -#endif -#if defined(PSA_WANT_ALG_SHA3_256) - case MBEDTLS_MD_SHA3_256: - return PSA_ALG_SHA3_256; -#endif -#if defined(PSA_WANT_ALG_SHA3_384) - case MBEDTLS_MD_SHA3_384: - return PSA_ALG_SHA3_384; -#endif -#if defined(PSA_WANT_ALG_SHA3_512) - case MBEDTLS_MD_SHA3_512: - return PSA_ALG_SHA3_512; -#endif - case MBEDTLS_MD_NONE: - default: - return PSA_ALG_NONE; - } -} - -mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) -{ - switch (psa_alg) { -#if defined(PSA_WANT_ALG_MD5) - case PSA_ALG_MD5: - return MBEDTLS_MD_MD5; -#endif -#if defined(PSA_WANT_ALG_RIPEMD160) - case PSA_ALG_RIPEMD160: - return MBEDTLS_MD_RIPEMD160; -#endif -#if defined(PSA_WANT_ALG_SHA_1) - case PSA_ALG_SHA_1: - return MBEDTLS_MD_SHA1; -#endif -#if defined(PSA_WANT_ALG_SHA_224) - case PSA_ALG_SHA_224: - return MBEDTLS_MD_SHA224; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case PSA_ALG_SHA_256: - return MBEDTLS_MD_SHA256; -#endif -#if defined(PSA_WANT_ALG_SHA_384) - case PSA_ALG_SHA_384: - return MBEDTLS_MD_SHA384; -#endif -#if defined(PSA_WANT_ALG_SHA_512) - case PSA_ALG_SHA_512: - return MBEDTLS_MD_SHA512; -#endif -#if defined(PSA_WANT_ALG_SHA3_224) - case PSA_ALG_SHA3_224: - return MBEDTLS_MD_SHA3_224; -#endif -#if defined(PSA_WANT_ALG_SHA3_256) - case PSA_ALG_SHA3_256: - return MBEDTLS_MD_SHA3_256; -#endif -#if defined(PSA_WANT_ALG_SHA3_384) - case PSA_ALG_SHA3_384: - return MBEDTLS_MD_SHA3_384; -#endif -#if defined(PSA_WANT_ALG_SHA3_512) - case PSA_ALG_SHA3_512: - return MBEDTLS_MD_SHA3_512; -#endif - case PSA_ALG_NONE: - default: - return MBEDTLS_MD_NONE; - } -} - #endif /* MBEDTLS_PSA_CRYPTO_C */ From 60c9eee2671fcbd06b04fb3cdf1ae5c5aba1dc83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 9 Jan 2024 10:08:53 +0100 Subject: [PATCH 518/653] Improve wording & fix typos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/architecture/psa-migration/md-cipher-dispatch.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index ac67dd6b23..30afad8315 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -514,7 +514,7 @@ Note that this assumes that an operation that has been started via PSA can be co #### Error code conversion -After calling a PSA function, call `mbedtls_md_error_from_psa` to convert its status code. +After calling a PSA function, MD light calls `mbedtls_md_error_from_psa` to convert its status code. ### Support all legacy algorithms in PSA @@ -570,8 +570,8 @@ The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a l #### Definition -The new module is automatically enabled in `build_info.h` by modules that need -it, namely: CCM, GCM, only when `CIPHER_C` is not available, or the new module +The new module is automatically enabled in `config_adjust_legacy_crypto.h` by modules that need +it (namely: CCM, GCM) only when `CIPHER_C` is not available, or the new module is needed for PSA dispatch (see next section). Note: CCM and GCM currently depend on the full `CIPHER_C` (enforced by `check_config.h`); this hard dependency would be replaced by the above auto-enablement. @@ -598,7 +598,7 @@ identifed by callers (GCM/CCM). Support for dual dispatch in the new internal module `block_cipher` is extremely similar to that in MD light. -A block cipher context contains either a legacy module's context (AES, ARIA, Camellia) or a PSA key identifier; it has a field indicated which one is in use. All fields are private. +A block cipher context contains either a legacy module's context (AES, ARIA, Camellia) or a PSA key identifier; it has a field indicating which one is in use. All fields are private. The `engine` field is almost redundant with knowledge about `type`. However, when an algorithm is available both via a legacy module and a PSA accelerator, we will choose based on the runtime availability of the accelerator when the context is set up. This choice needs to be recorded in the context structure. @@ -613,4 +613,4 @@ Each function in the module needs to know whether to dispatch via PSA or legacy. Note that this assumes that an operation that has been started via PSA can be completed. This implies that `mbedtls_psa_crypto_free` must not be called while an operation using PSA is in progress. -After calling a PSA function, call `mbedtls_cipher_error_from_psa` to convert its status code. +After calling a PSA function, `block_cipher` functions call `mbedtls_cipher_error_from_psa` to convert its status code. From ddba51e6c9120869c15bd931d4dad9bd3d35e787 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 10:16:33 +0100 Subject: [PATCH 519/653] psa: rename "mbedtls_ecc_group_of_psa" to "mbedtls_ecc_group_from_psa" Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 6 +++--- library/pk_internal.h | 4 ++-- library/pkparse.c | 2 +- library/psa_crypto.c | 2 +- library/psa_crypto_ecp.c | 6 +++--- library/psa_util.c | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 5f6a05315a..5368e040e4 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -143,9 +143,9 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * \return #MBEDTLS_ECP_DP_NONE if \p bits is not * correct for \p curve. */ -mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy); +mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, + size_t bits, + int bits_is_sloppy); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /**@}*/ diff --git a/library/pk_internal.h b/library/pk_internal.h index 025ee8b019..642a0c7bb7 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -98,13 +98,13 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_c } opaque_key_type = psa_get_key_type(&opaque_attrs); curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type); - id = mbedtls_ecc_group_of_psa(curve, psa_get_key_bits(&opaque_attrs), 0); + id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs), 0); psa_reset_key_attributes(&opaque_attrs); } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); + id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits, 0); #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ id = mbedtls_pk_ec_ro(*pk)->grp.id; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ diff --git a/library/pkparse.c b/library/pkparse.c index d36fa3f838..ef3aff22b0 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -250,7 +250,7 @@ static int pk_ecc_set_pubkey_psa_ecp_fallback(mbedtls_pk_context *pk, mbedtls_ecp_group_id ecp_group_id; int ret; - ecp_group_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); + ecp_group_id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits, 0); mbedtls_ecp_keypair_init(&ecp_key); ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a8baa6b6f5..d393109811 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5708,7 +5708,7 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper( psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_of_psa(curve, bits, 0); + mbedtls_ecc_group_from_psa(curve, bits, 0); if (grp_id == MBEDTLS_ECP_DP_NONE) { ret = MBEDTLS_ERR_ASN1_INVALID_DATA; diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index e4a372d242..3f2ec23e3d 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -83,8 +83,8 @@ psa_status_t mbedtls_psa_ecp_load_representation( mbedtls_ecp_keypair_init(ecp); /* Load the group. */ - grp_id = mbedtls_ecc_group_of_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), - curve_bits, !explicit_bits); + grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), + curve_bits, !explicit_bits); if (grp_id == MBEDTLS_ECP_DP_NONE) { /* We can't distinguish between a nonsensical family/size combination * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a @@ -285,7 +285,7 @@ psa_status_t mbedtls_psa_ecp_generate_key( psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_of_psa(curve, attributes->core.bits, 0); + mbedtls_ecc_group_from_psa(curve, attributes->core.bits, 0); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); diff --git a/library/psa_util.c b/library/psa_util.c index 36b7175dfb..f4685dbc69 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -252,9 +252,9 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, } } -mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy) +mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, + size_t bits, + int bits_is_sloppy) { switch (curve) { case PSA_ECC_FAMILY_SECP_R1: From d36c313b53b4ba45561bbcde9408f8c0f39b8ece Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 14:03:51 +0100 Subject: [PATCH 520/653] psa: remove bits_is_sloppy parameter from mbedtls_ecc_group_from_psa() Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 3 +-- library/pk_internal.h | 4 ++-- library/pkparse.c | 2 +- library/psa_crypto.c | 2 +- library/psa_crypto_ecp.c | 16 ++++++++++++++-- library/psa_util.c | 16 +++------------- 6 files changed, 22 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 5368e040e4..e1dd822e53 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -144,8 +144,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * correct for \p curve. */ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy); + size_t bits); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /**@}*/ diff --git a/library/pk_internal.h b/library/pk_internal.h index 642a0c7bb7..3d5adf8de7 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -98,13 +98,13 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_c } opaque_key_type = psa_get_key_type(&opaque_attrs); curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type); - id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs), 0); + id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs)); psa_reset_key_attributes(&opaque_attrs); } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits, 0); + id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits); #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ id = mbedtls_pk_ec_ro(*pk)->grp.id; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ diff --git a/library/pkparse.c b/library/pkparse.c index ef3aff22b0..5f95545af6 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -250,7 +250,7 @@ static int pk_ecc_set_pubkey_psa_ecp_fallback(mbedtls_pk_context *pk, mbedtls_ecp_group_id ecp_group_id; int ret; - ecp_group_id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits, 0); + ecp_group_id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits); mbedtls_ecp_keypair_init(&ecp_key); ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d393109811..850f206101 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5708,7 +5708,7 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper( psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_from_psa(curve, bits, 0); + mbedtls_ecc_group_from_psa(curve, bits); if (grp_id == MBEDTLS_ECP_DP_NONE) { ret = MBEDTLS_ERR_ASN1_INVALID_DATA; diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 3f2ec23e3d..20ef29c122 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -41,6 +41,7 @@ psa_status_t mbedtls_psa_ecp_load_representation( psa_status_t status; mbedtls_ecp_keypair *ecp = NULL; size_t curve_bytes = data_length; + size_t curve_bits_check; int explicit_bits = (curve_bits != 0); if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && @@ -84,7 +85,7 @@ psa_status_t mbedtls_psa_ecp_load_representation( /* Load the group. */ grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), - curve_bits, !explicit_bits); + curve_bits); if (grp_id == MBEDTLS_ECP_DP_NONE) { /* We can't distinguish between a nonsensical family/size combination * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a @@ -96,6 +97,17 @@ psa_status_t mbedtls_psa_ecp_load_representation( goto exit; } + /* Get the exact number of bits which are necessary for this key. This is + * used to validate the "curve_bits" input parameter (only in case it was + * provided). + * Note: we intentionally ignore the return value of mbedtls_ecc_group_to_psa() + * because we are only interested in the curve's bit size. */ + mbedtls_ecc_group_to_psa(grp_id, &curve_bits_check); + if (explicit_bits && (curve_bits_check != curve_bits)) { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + status = mbedtls_to_psa_error( mbedtls_ecp_group_load(&ecp->grp, grp_id)); if (status != PSA_SUCCESS) { @@ -285,7 +297,7 @@ psa_status_t mbedtls_psa_ecp_generate_key( psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_from_psa(curve, attributes->core.bits, 0); + mbedtls_ecc_group_from_psa(curve, attributes->core.bits); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); diff --git a/library/psa_util.c b/library/psa_util.c index f4685dbc69..abd7a5f6b9 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -253,8 +253,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, } mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy) + size_t bits) { switch (curve) { case PSA_ECC_FAMILY_SECP_R1: @@ -277,12 +276,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, #endif #if defined(PSA_WANT_ECC_SECP_R1_521) case 521: - return MBEDTLS_ECP_DP_SECP521R1; case 528: - if (bits_is_sloppy) { - return MBEDTLS_ECP_DP_SECP521R1; - } - break; + return MBEDTLS_ECP_DP_SECP521R1; #endif } break; @@ -308,12 +303,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, switch (bits) { #if defined(PSA_WANT_ECC_MONTGOMERY_255) case 255: - return MBEDTLS_ECP_DP_CURVE25519; case 256: - if (bits_is_sloppy) { - return MBEDTLS_ECP_DP_CURVE25519; - } - break; + return MBEDTLS_ECP_DP_CURVE25519; #endif #if defined(PSA_WANT_ECC_MONTGOMERY_448) case 448: @@ -340,7 +331,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, break; } - (void) bits_is_sloppy; return MBEDTLS_ECP_DP_NONE; } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ From 673868be5df7918878c78b98f4ef87f7ec76b7a8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 14:48:31 +0100 Subject: [PATCH 521/653] psa_crypto_ecp: add helper for checking EC parameters This commit also updates "test_suite_psa_crypto.data" replacing PSA_ERROR_NOT_SUPPORTED with PSA_ERROR_INVALID_ARGUMENT when a wrong bit size is provided while importing key. Signed-off-by: Valerio Setti --- library/psa_crypto_ecp.c | 78 +++++++++++++++++++------ tests/suites/test_suite_psa_crypto.data | 6 +- 2 files changed, 63 insertions(+), 21 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 20ef29c122..866ef7956a 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -32,6 +32,60 @@ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) +/* Helper function to verify if the provided EC's family and key bit size are + * valid. */ +static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_bit_size_roundup) +{ + switch (family) { + case PSA_ECC_FAMILY_SECP_R1: + switch (bits) { + case 192: + case 224: + case 256: + case 384: + case 521: + return PSA_SUCCESS; + case 528: + if (allow_bit_size_roundup) { + return PSA_SUCCESS; + } + } + break; + + case PSA_ECC_FAMILY_BRAINPOOL_P_R1: + switch (bits) { + case 256: + case 384: + case 512: + return PSA_SUCCESS; + } + break; + + case PSA_ECC_FAMILY_MONTGOMERY: + switch (bits) { + case 448: + case 255: + return PSA_SUCCESS; + case 256: + if (allow_bit_size_roundup) { + return PSA_SUCCESS; + } + } + break; + + case PSA_ECC_FAMILY_SECP_K1: + switch (bits) { + case 192: + case 224: + case 256: + return PSA_SUCCESS; + } + break; + } + + return PSA_ERROR_INVALID_ARGUMENT; +} + psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type, size_t curve_bits, const uint8_t *data, size_t data_length, @@ -41,7 +95,6 @@ psa_status_t mbedtls_psa_ecp_load_representation( psa_status_t status; mbedtls_ecp_keypair *ecp = NULL; size_t curve_bytes = data_length; - size_t curve_bits_check; int explicit_bits = (curve_bits != 0); if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && @@ -83,27 +136,16 @@ psa_status_t mbedtls_psa_ecp_load_representation( } mbedtls_ecp_keypair_init(ecp); + status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), curve_bits, + !explicit_bits); + if (status != PSA_SUCCESS) { + goto exit; + } + /* Load the group. */ grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), curve_bits); if (grp_id == MBEDTLS_ECP_DP_NONE) { - /* We can't distinguish between a nonsensical family/size combination - * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a - * well-regarded curve that Mbed TLS just doesn't know about (which - * would warrant PSA_ERROR_NOT_SUPPORTED). For uniformity with how - * curves that Mbed TLS knows about but for which support is disabled - * at build time, return NOT_SUPPORTED. */ - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - - /* Get the exact number of bits which are necessary for this key. This is - * used to validate the "curve_bits" input parameter (only in case it was - * provided). - * Note: we intentionally ignore the return value of mbedtls_ecc_group_to_psa() - * because we are only interested in the curve's bit size. */ - mbedtls_ecc_group_to_psa(grp_id, &curve_bits_check); - if (explicit_bits && (curve_bits_check != curve_bits)) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 1bd8b65002..0cb800573e 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -684,7 +684,7 @@ import_with_data:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size=255 for secp256r1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 -import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_NOT_SUPPORTED +import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size=521 for secp521r1 (good) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521 @@ -692,7 +692,7 @@ import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af PSA import EC keypair: explicit bit-size=528 for secp521r1 (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521 -import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_NOT_SUPPORTED +import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size, DER format depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 @@ -716,7 +716,7 @@ import_with_data:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba0120 PSA import EC keypair: implicit bit-size, not a valid length depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 -import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_NOT_SUPPORTED +import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: secp256r1, all-bits-zero (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 From 3b7663de29940dd6b6c00995711936f50ebf7c62 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Dec 2023 14:56:14 +0100 Subject: [PATCH 522/653] psa_util: update the documentation of ECC conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 6 ------ 1 file changed, 6 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index e1dd822e53..a2604e1f31 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -109,9 +109,6 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; #include /** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. - * - * \note This function is provided solely for the convenience of - * Mbed TLS and may be removed at any time without notice. * * \param grpid An Mbed TLS elliptic curve identifier * (`MBEDTLS_ECP_DP_xxx`). @@ -125,9 +122,6 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits); /** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. - * - * \note This function is provided solely for the convenience of - * Mbed TLS and may be removed at any time without notice. * * \param curve A PSA elliptic curve identifier * (`PSA_ECC_FAMILY_xxx`). From bf999cb22ec7de888cf3ca3baf79bca137f53f57 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 17:48:13 +0100 Subject: [PATCH 523/653] test_suite_psa_crypto: add test functions and cases for ECC conversion functions Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 55 +++++++++++++++++++++ tests/suites/test_suite_psa_crypto.function | 29 +++++++++++ 2 files changed, 84 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 0cb800573e..d2fa842500 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7406,3 +7406,58 @@ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY PSA derive persistent key: HKDF SHA-256, exportable persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY + +ECP group ID <-> PSA family - SECP192R1 +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192R1 + +ECP group ID <-> PSA family - SECP224R1 +depends_on:PSA_WANT_ECC_SECP_R1_224 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224R1 + +ECP group ID <-> PSA family - SECP256R1 +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256R1 + +ECP group ID <-> PSA family - SECP384R1 +depends_on:PSA_WANT_ECC_SECP_R1_384 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP384R1 + +ECP group ID <-> PSA family - SECP521R1 +depends_on:PSA_WANT_ECC_SECP_R1_521 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP521R1 + +ECP group ID <-> PSA family - BP256R1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP256R1 + +ECP group ID <-> PSA family - BP384R1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP384R1 + +ECP group ID <-> PSA family - BP512R1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP512R1 + +ECP group ID <-> PSA family - CURVE25519 +depends_on:PSA_WANT_ECC_MONTGOMERY_255 +ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE25519 + +ECP group ID <-> PSA family - SECP192K1 +depends_on:PSA_WANT_ECC_SECP_K1_192 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1 + +ECP group ID <-> PSA family - SECP224K1 +depends_on:PSA_WANT_ECC_SECP_K1_224 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1 + +ECP group ID <-> PSA family - SECP256K1 +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256K1 + +ECP group ID <-> PSA family - CURVE448 +depends_on:PSA_WANT_ECC_MONTGOMERY_448 +ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE448 + +ECP group ID <-> PSA family - fail +ecc_conversion_functions_fail: \ No newline at end of file diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4c08a9017c..a2d156d4ee 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6,6 +6,8 @@ #include "mbedtls/oid.h" #include "common.h" +#include "mbedtls/psa_util.h" + /* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random() * uses mbedtls_ctr_drbg internally. */ #include "mbedtls/ctr_drbg.h" @@ -9479,6 +9481,33 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ecc_conversion_functions(int grp_id_arg) +{ + mbedtls_ecp_group_id grp_id = grp_id_arg; + psa_ecc_family_t ecc_family; + size_t bits; + + ecc_family = mbedtls_ecc_group_to_psa(grp_id, &bits); + TEST_ASSERT(ecc_family != 0); + TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits)); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecc_conversion_functions_fail(void) +{ + psa_ecc_family_t ecc_family; + size_t bits; + + // Pick an invalid group ID (MBEDTLS_ECP_DP_CURVE448 is the last enum) + ecc_family = mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_CURVE448 + 1, &bits); + TEST_EQUAL(ecc_family, 0); + + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_SECP_R1, 0)); +} +/* END_CASE */ + /* BEGIN_CASE */ void key_agreement_output(int alg_arg, int our_key_type_arg, data_t *our_key_data, From 90e764c1bff2416eadfca2a901786c98f32966f5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 18:16:33 +0100 Subject: [PATCH 524/653] changelog: added documentation for the 2 new public functions Signed-off-by: Valerio Setti --- ChangeLog.d/7764.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/7764.txt diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt new file mode 100644 index 0000000000..be332cd605 --- /dev/null +++ b/ChangeLog.d/7764.txt @@ -0,0 +1,4 @@ +Features + * mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() helper + functions were added to convert from mbedtls_ecp_group_id to + psa_ecc_family_t and curve's bit size and viceversa, respectively. \ No newline at end of file From dc33200b74db515ef0e031d97f8207282ed41e06 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 28 Dec 2023 18:28:11 +0100 Subject: [PATCH 525/653] psa-transition: extend "Elliptic curve mechanism selection" Signed-off-by: Valerio Setti --- docs/psa-transition.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 067ffafbd3..71b3d68f90 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -743,6 +743,10 @@ A curve is fully determined by a curve family identifier and the private key siz | `MBEDTLS_ECP_DP_SECP256K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | | `MBEDTLS_ECP_DP_CURVE448` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 448 | +The following helper functions can be used to convert between the 2 types: +- `mbedtls_ecc_group_to_psa()` converts from the legacy curve type identifier to PSA curve family and bit-size. +- `mbedtls_ecc_group_from_psa()` converts from PSA curve family and bit-size to the legacy identifier. + The following cryptographic algorithms work with ECC keys: * ECDH key agreement (including X25519 and X448): [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43). From 0e608807e36e46c06abcd7bd1bdb8c6cef2c3f66 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 11:46:44 +0100 Subject: [PATCH 526/653] psa: let mbedtls_ecc_group_from_psa() accept only exact bit lengths Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 9 ++------- library/psa_crypto_ecp.c | 30 +++++++++++++++--------------- library/psa_util.c | 2 -- 3 files changed, 17 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index a2604e1f31..cfb4bce58c 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -126,16 +126,11 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * \param curve A PSA elliptic curve identifier * (`PSA_ECC_FAMILY_xxx`). * \param bits The bit-length of a private key on \p curve. - * \param bits_is_sloppy If true, \p bits may be the bit-length rounded up - * to the nearest multiple of 8. This allows the caller - * to infer the exact curve from the length of a key - * which is supplied as a byte string. * * \return The corresponding Mbed TLS elliptic curve identifier * (`MBEDTLS_ECP_DP_xxx`). - * \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized. - * \return #MBEDTLS_ECP_DP_NONE if \p bits is not - * correct for \p curve. + * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve + * and \p bits is not recognized. */ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, size_t bits); diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 866ef7956a..3c5aa729bd 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -32,13 +32,16 @@ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) -/* Helper function to verify if the provided EC's family and key bit size are - * valid. */ -static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_bit_size_roundup) +/* Helper function to verify if the provided EC's family and key bit size are valid. + * + * Note: "bits" parameter is used both as input and output and it might be updated + * in case provided input value is not multiple of 8 ("sloppy" bits). + */ +static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits) { switch (family) { case PSA_ECC_FAMILY_SECP_R1: - switch (bits) { + switch (*bits) { case 192: case 224: case 256: @@ -46,14 +49,13 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_ case 521: return PSA_SUCCESS; case 528: - if (allow_bit_size_roundup) { - return PSA_SUCCESS; - } + *bits = 521; + return PSA_SUCCESS; } break; case PSA_ECC_FAMILY_BRAINPOOL_P_R1: - switch (bits) { + switch (*bits) { case 256: case 384: case 512: @@ -62,19 +64,18 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t bits, int allow_ break; case PSA_ECC_FAMILY_MONTGOMERY: - switch (bits) { + switch (*bits) { case 448: case 255: return PSA_SUCCESS; case 256: - if (allow_bit_size_roundup) { - return PSA_SUCCESS; - } + *bits = 255; + return PSA_SUCCESS; } break; case PSA_ECC_FAMILY_SECP_K1: - switch (bits) { + switch (*bits) { case 192: case 224: case 256: @@ -136,8 +137,7 @@ psa_status_t mbedtls_psa_ecp_load_representation( } mbedtls_ecp_keypair_init(ecp); - status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), curve_bits, - !explicit_bits); + status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), &curve_bits); if (status != PSA_SUCCESS) { goto exit; } diff --git a/library/psa_util.c b/library/psa_util.c index abd7a5f6b9..28b0285521 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -276,7 +276,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, #endif #if defined(PSA_WANT_ECC_SECP_R1_521) case 521: - case 528: return MBEDTLS_ECP_DP_SECP521R1; #endif } @@ -303,7 +302,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, switch (bits) { #if defined(PSA_WANT_ECC_MONTGOMERY_255) case 255: - case 256: return MBEDTLS_ECP_DP_CURVE25519; #endif #if defined(PSA_WANT_ECC_MONTGOMERY_448) From ad819679a55a36338d8c1ba4e72db69d11409646 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 12:14:41 +0100 Subject: [PATCH 527/653] test_suite_psa_crypto: explicitly check return values of conversion functions Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 31 ++++++++++---------- tests/suites/test_suite_psa_crypto.function | 32 ++++++++------------- 2 files changed, 28 insertions(+), 35 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d2fa842500..501cbb7833 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7409,55 +7409,56 @@ persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b ECP group ID <-> PSA family - SECP192R1 depends_on:PSA_WANT_ECC_SECP_R1_192 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192R1:PSA_ECC_FAMILY_SECP_R1:192 ECP group ID <-> PSA family - SECP224R1 depends_on:PSA_WANT_ECC_SECP_R1_224 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224R1:PSA_ECC_FAMILY_SECP_R1:224 ECP group ID <-> PSA family - SECP256R1 depends_on:PSA_WANT_ECC_SECP_R1_256 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256R1:PSA_ECC_FAMILY_SECP_R1:256 ECP group ID <-> PSA family - SECP384R1 depends_on:PSA_WANT_ECC_SECP_R1_384 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP384R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP384R1:PSA_ECC_FAMILY_SECP_R1:384 ECP group ID <-> PSA family - SECP521R1 depends_on:PSA_WANT_ECC_SECP_R1_521 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP521R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP521R1:PSA_ECC_FAMILY_SECP_R1:521 ECP group ID <-> PSA family - BP256R1 depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256 -ecc_conversion_functions:MBEDTLS_ECP_DP_BP256R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP256R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:256 ECP group ID <-> PSA family - BP384R1 depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384 -ecc_conversion_functions:MBEDTLS_ECP_DP_BP384R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384 ECP group ID <-> PSA family - BP512R1 depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 -ecc_conversion_functions:MBEDTLS_ECP_DP_BP512R1 +ecc_conversion_functions:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512 ECP group ID <-> PSA family - CURVE25519 depends_on:PSA_WANT_ECC_MONTGOMERY_255 -ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE25519 +ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE25519:PSA_ECC_FAMILY_MONTGOMERY:255 ECP group ID <-> PSA family - SECP192K1 depends_on:PSA_WANT_ECC_SECP_K1_192 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192 ECP group ID <-> PSA family - SECP224K1 depends_on:PSA_WANT_ECC_SECP_K1_224 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224 ECP group ID <-> PSA family - SECP256K1 depends_on:PSA_WANT_ECC_SECP_K1_256 -ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256K1 +ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256K1:PSA_ECC_FAMILY_SECP_K1:256 ECP group ID <-> PSA family - CURVE448 depends_on:PSA_WANT_ECC_MONTGOMERY_448 -ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE448 +ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE448:PSA_ECC_FAMILY_MONTGOMERY:448 + +ECP group ID <-> PSA family - Wrong values +ecc_conversion_functions:MBEDTLS_ECP_DP_MAX:0:0 -ECP group ID <-> PSA family - fail -ecc_conversion_functions_fail: \ No newline at end of file diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index a2d156d4ee..ec8afe705f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9481,30 +9481,22 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ -void ecc_conversion_functions(int grp_id_arg) +/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +void ecc_conversion_functions(int grp_id_arg, int psa_family_arg, int bits_arg) { mbedtls_ecp_group_id grp_id = grp_id_arg; - psa_ecc_family_t ecc_family; - size_t bits; + psa_ecc_family_t ecc_family = psa_family_arg; + size_t bits = bits_arg; + size_t bits_tmp; - ecc_family = mbedtls_ecc_group_to_psa(grp_id, &bits); - TEST_ASSERT(ecc_family != 0); - TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits)); -} -/* END_CASE */ + TEST_EQUAL(ecc_family, mbedtls_ecc_group_to_psa(grp_id, &bits_tmp)); + TEST_EQUAL(bits, bits_tmp); -/* BEGIN_CASE */ -void ecc_conversion_functions_fail(void) -{ - psa_ecc_family_t ecc_family; - size_t bits; - - // Pick an invalid group ID (MBEDTLS_ECP_DP_CURVE448 is the last enum) - ecc_family = mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_CURVE448 + 1, &bits); - TEST_EQUAL(ecc_family, 0); - - TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_SECP_R1, 0)); + if (grp_id != MBEDTLS_ECP_DP_MAX) { + TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits)); + } else { + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(ecc_family, bits)); + } } /* END_CASE */ From 8bd330dff554dfbf3e170463bcd21d31e2405595 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Dec 2023 13:35:58 +0100 Subject: [PATCH 528/653] changelog: add missing newline Signed-off-by: Valerio Setti --- ChangeLog.d/7764.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt index be332cd605..5eb14b4d22 100644 --- a/ChangeLog.d/7764.txt +++ b/ChangeLog.d/7764.txt @@ -1,4 +1,4 @@ Features * mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() helper functions were added to convert from mbedtls_ecp_group_id to - psa_ecc_family_t and curve's bit size and viceversa, respectively. \ No newline at end of file + psa_ecc_family_t and curve's bit size and viceversa, respectively. From 0bc8598d20071c1a8ae122cdeae74f7c53ba0e62 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 3 Jan 2024 15:22:46 +0100 Subject: [PATCH 529/653] psa_util: properly handle secp224r1 private key size Signed-off-by: Valerio Setti --- library/psa_crypto_ecp.c | 5 +++++ library/psa_util.c | 8 ++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 3c5aa729bd..f38efff670 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -80,6 +80,11 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits) case 224: case 256: return PSA_SUCCESS; + /* secp224k1 has 224-bit coordinates but 225-bit private keys. + * This means that private keys are represented with 232 bits. */ + case 232: + *bits = 225; + return PSA_SUCCESS; } break; } diff --git a/library/psa_util.c b/library/psa_util.c index 28b0285521..971f965e40 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -232,8 +232,10 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, return PSA_ECC_FAMILY_SECP_K1; #endif #if defined(MBEDTLS_ECP_HAVE_SECP224K1) + /* secp224k1 has 224-bit coordinates but 225-bit private keys. + * The nominal key size in PSA is the private key size, hence 225. */ case MBEDTLS_ECP_DP_SECP224K1: - *bits = 224; + *bits = 225; return PSA_ECC_FAMILY_SECP_K1; #endif #if defined(MBEDTLS_ECP_HAVE_SECP256K1) @@ -318,7 +320,9 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, return MBEDTLS_ECP_DP_SECP192K1; #endif #if defined(PSA_WANT_ECC_SECP_K1_224) - case 224: + /* secp224k1 has 224-bit coordinates but 225-bit private keys. + * The nominal key size in PSA is the private key size, hence 225. */ + case 225: return MBEDTLS_ECP_DP_SECP224K1; #endif #if defined(PSA_WANT_ECC_SECP_K1_256) From fc8a48a9e34d0bd42a0b8c6aaffeffc11391f230 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 09:03:23 +0100 Subject: [PATCH 530/653] changelog: fix working Signed-off-by: Valerio Setti --- ChangeLog.d/7764.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt index 5eb14b4d22..0734fb9113 100644 --- a/ChangeLog.d/7764.txt +++ b/ChangeLog.d/7764.txt @@ -1,4 +1,4 @@ Features - * mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() helper - functions were added to convert from mbedtls_ecp_group_id to - psa_ecc_family_t and curve's bit size and viceversa, respectively. + * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() + to convert between mbedtls_ecp_group_id and psa_ecc_family_t and curve's + bit size and vice versa, respectively. From afa01c7394a2e02b060f741f56c3614f7af70b86 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 09:47:50 +0100 Subject: [PATCH 531/653] psa-transition: update "Elliptic curve mechanism selection" section - add hyperlinks for the conversion functions. - move conversion functions' description before the legacy<->PSA table. Signed-off-by: Valerio Setti --- docs/psa-transition.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 71b3d68f90..617426cfd7 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -725,7 +725,11 @@ An ECC public key has the type [`PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)`](https://mb An ECC key pair has the type [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) where `curve` is a curve family identifier. A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). You can always use a private key for operations on the corresponding public key (as long as the policy permits it). -A curve is fully determined by a curve family identifier and the private key size in bits. The following table gives the correspondence between legacy and PSA elliptic curve designations. +A curve is fully determined by a curve family identifier and the private key size in bits. You can use the following functions to convert between the PSA and legacy elliptic curve designations: +- [`mbedtls_ecc_group_to_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga9c83c095adfec7da99401cf81e164f99) converts from the legacy curve type identifier to PSA curve family and bit-size. +- [`mbedtls_ecc_group_from_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga6243eb619d5b2f5fe4667811adeb8a12) converts from PSA curve family and bit-size to the legacy identifier. + +The following table gives the correspondence between legacy and PSA elliptic curve designations. | Mbed TLS legacy curve identifier | PSA curve family | Curve bit-size | | -------------------------------- | ---------------- | -------------- | @@ -743,10 +747,6 @@ A curve is fully determined by a curve family identifier and the private key siz | `MBEDTLS_ECP_DP_SECP256K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | | `MBEDTLS_ECP_DP_CURVE448` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 448 | -The following helper functions can be used to convert between the 2 types: -- `mbedtls_ecc_group_to_psa()` converts from the legacy curve type identifier to PSA curve family and bit-size. -- `mbedtls_ecc_group_from_psa()` converts from PSA curve family and bit-size to the legacy identifier. - The following cryptographic algorithms work with ECC keys: * ECDH key agreement (including X25519 and X448): [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43). From 4ba0c61eda41c5873879d670e58842e4f6196f52 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 09:51:25 +0100 Subject: [PATCH 532/653] test_suite_psa_crypto: add test case for ECP conversion with null values Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 501cbb7833..c0916e067f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7459,6 +7459,9 @@ ECP group ID <-> PSA family - CURVE448 depends_on:PSA_WANT_ECC_MONTGOMERY_448 ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE448:PSA_ECC_FAMILY_MONTGOMERY:448 +ECP group ID <-> PSA family - Null values +ecc_conversion_functions:MBEDTLS_ECP_DP_NONE:0:0 + ECP group ID <-> PSA family - Wrong values ecc_conversion_functions:MBEDTLS_ECP_DP_MAX:0:0 From ac739524740747292352b8b8393e7fdbe244b6d2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 10:22:01 +0100 Subject: [PATCH 533/653] test_suite_psa_crypto: improve failing tests for EC conversion functions Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 2 +- tests/suites/test_suite_psa_crypto.function | 30 ++++++++++++++++----- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c0916e067f..eda6f5d8c2 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7463,5 +7463,5 @@ ECP group ID <-> PSA family - Null values ecc_conversion_functions:MBEDTLS_ECP_DP_NONE:0:0 ECP group ID <-> PSA family - Wrong values -ecc_conversion_functions:MBEDTLS_ECP_DP_MAX:0:0 +ecc_conversion_functions_fail diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ec8afe705f..1112cfcd59 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9491,15 +9491,33 @@ void ecc_conversion_functions(int grp_id_arg, int psa_family_arg, int bits_arg) TEST_EQUAL(ecc_family, mbedtls_ecc_group_to_psa(grp_id, &bits_tmp)); TEST_EQUAL(bits, bits_tmp); - - if (grp_id != MBEDTLS_ECP_DP_MAX) { - TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits)); - } else { - TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(ecc_family, bits)); - } + TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits)); } /* END_CASE */ +/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +void ecc_conversion_functions_fail() +{ + size_t bits; + + /* Invalid legacy curve identifier. */ + TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_NONE, &bits)); + TEST_EQUAL(0, bits); + + /* Invalid PSA EC family. */ + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(0, 192)); + /* Invalid bit-size for a valid EC family. */ + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_SECP_R1, 512)); + + /* Twisted-Edward curves are not supported yet. */ + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, + mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 255)); + TEST_EQUAL(MBEDTLS_ECP_DP_NONE, + mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 448)); +} +/* END_CASE */ + + /* BEGIN_CASE */ void key_agreement_output(int alg_arg, int our_key_type_arg, data_t *our_key_data, From 65df79303fafe853809dc392f8eb91d2bddec31d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 10:58:36 +0100 Subject: [PATCH 534/653] psa_crypto_ecp: return unsupported for secp224k1 in check_ecc_parameters() Signed-off-by: Valerio Setti --- library/psa_crypto_ecp.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index f38efff670..d6b640cf75 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -77,14 +77,14 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits) case PSA_ECC_FAMILY_SECP_K1: switch (*bits) { case 192: - case 224: case 256: return PSA_SUCCESS; - /* secp224k1 has 224-bit coordinates but 225-bit private keys. - * This means that private keys are represented with 232 bits. */ + /* secp224k1 is not and will not be supported in PSA (#3541). + * Note: secp224k1 has 225-bit private keys which are rounded + * up to 232 for their representation. */ + case 224: case 232: - *bits = 225; - return PSA_SUCCESS; + return PSA_ERROR_NOT_SUPPORTED; } break; } From 7863627bd6fe7320542095fde87eae093b30a61d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 13:17:04 +0100 Subject: [PATCH 535/653] psa_util: remove support for secp224k1 in EC conversion functions Signed-off-by: Valerio Setti --- library/psa_util.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index 971f965e40..d833299e8c 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -232,11 +232,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, return PSA_ECC_FAMILY_SECP_K1; #endif #if defined(MBEDTLS_ECP_HAVE_SECP224K1) - /* secp224k1 has 224-bit coordinates but 225-bit private keys. - * The nominal key size in PSA is the private key size, hence 225. */ - case MBEDTLS_ECP_DP_SECP224K1: - *bits = 225; - return PSA_ECC_FAMILY_SECP_K1; + /* secp224k1 is not and will not be supported in PSA (#3541). */ #endif #if defined(MBEDTLS_ECP_HAVE_SECP256K1) case MBEDTLS_ECP_DP_SECP256K1: @@ -320,10 +316,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, return MBEDTLS_ECP_DP_SECP192K1; #endif #if defined(PSA_WANT_ECC_SECP_K1_224) - /* secp224k1 has 224-bit coordinates but 225-bit private keys. - * The nominal key size in PSA is the private key size, hence 225. */ - case 225: - return MBEDTLS_ECP_DP_SECP224K1; + /* secp224k1 is not and will not be supported in PSA (#3541). */ #endif #if defined(PSA_WANT_ECC_SECP_K1_256) case 256: From eca07140f3c160eba07cf63c34c1d2495c925b40 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 13:17:31 +0100 Subject: [PATCH 536/653] psa_util: update documentation of EC conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index cfb4bce58c..d0d95ae19a 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -112,11 +112,16 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; * * \param grpid An Mbed TLS elliptic curve identifier * (`MBEDTLS_ECP_DP_xxx`). - * \param[out] bits On success, the bit size of the curve. + * \param[out] bits On success the bit size of the curve; 0 on failure. * - * \return The corresponding PSA elliptic curve identifier + * \return On success the corresponding PSA elliptic curve identifier * (`PSA_ECC_FAMILY_xxx`). - * \return \c 0 on failure (\p grpid is not recognized). + * \return \c 0 if \p grpid is not supported. + * + * \note A successful conversion means that the curve is supported + * in PSA. Legacy support (`mbedtls_ecp_xxx`) is only + * enabled if the curve is builtin (see + * `config_adjust_legacy_from_psa.h` for details). */ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits); @@ -127,10 +132,23 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * (`PSA_ECC_FAMILY_xxx`). * \param bits The bit-length of a private key on \p curve. * - * \return The corresponding Mbed TLS elliptic curve identifier - * (`MBEDTLS_ECP_DP_xxx`). + * \return On success the corresponding Mbed TLS elliptic curve + * identifier (`MBEDTLS_ECP_DP_xxx`). * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve - * and \p bits is not recognized. + * and \p bits is not supported or invalid: + * - not supported means that the proper `PSA_WANT_ECC_xxx` + * symbol is not enabled for the requested curve. + * - invalid if `PSA_WANT_ECC_xxx` is enabled, but the + * combination of \p curve and \p bits are not correct + * for that curve. + * \return #MBEDTLS_ECP_DP_NONE for secp224k1 curve, no matter + * what the status of `PSA_WANT_ECC_SECP_K1_224` is, because + * this curve is not and will not be supported in PSA (#3541). + * + * \note A successful conversion means that the curve is supported + * in PSA. Legacy support (`mbedtls_ecp_xxx`) is only + * enabled if the curve is builtin (see + * `config_adjust_legacy_from_psa.h` for details). */ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, size_t bits); From db6e02902de5c399e37fc9f171f117d1c9afa962 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 Jan 2024 10:15:45 +0100 Subject: [PATCH 537/653] test_suite_psa_crypto: test also MBEDTLS_ECP_DP_MAX in ecc_conversion_functions_fail() Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.function | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 1112cfcd59..7b6f5ae04d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9500,7 +9500,9 @@ void ecc_conversion_functions_fail() { size_t bits; - /* Invalid legacy curve identifier. */ + /* Invalid legacy curve identifiers. */ + TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_MAX, &bits)); + TEST_EQUAL(0, bits); TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_NONE, &bits)); TEST_EQUAL(0, bits); From 0d438fa390355958c0745f0393859110029f0bf6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 Jan 2024 10:33:51 +0100 Subject: [PATCH 538/653] psa_crypto_ecp: fix comment for secp224k1 in check_ecc_parameters Signed-off-by: Valerio Setti --- library/psa_crypto_ecp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index d6b640cf75..4d9a59baa9 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -80,8 +80,8 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits) case 256: return PSA_SUCCESS; /* secp224k1 is not and will not be supported in PSA (#3541). - * Note: secp224k1 has 225-bit private keys which are rounded - * up to 232 for their representation. */ + * Note: secp224k1 has 224-bit coordinates but 225-bit private + * keys which are rounded up to 232 for their representation. */ case 224: case 232: return PSA_ERROR_NOT_SUPPORTED; From 2622b1dab364d29923035189620a44a5109d0c20 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 Jan 2024 10:36:33 +0100 Subject: [PATCH 539/653] changelog: improve wording Signed-off-by: Valerio Setti --- ChangeLog.d/7764.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt index 0734fb9113..9830584034 100644 --- a/ChangeLog.d/7764.txt +++ b/ChangeLog.d/7764.txt @@ -1,4 +1,4 @@ Features * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() to convert between mbedtls_ecp_group_id and psa_ecc_family_t and curve's - bit size and vice versa, respectively. + bit size. From 3afdd02e378f4e901845ad7d6f00e7379073d497 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 08:50:20 +0100 Subject: [PATCH 540/653] changelog: improve wording Signed-off-by: Valerio Setti --- ChangeLog.d/7764.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt index 9830584034..4cd20798a2 100644 --- a/ChangeLog.d/7764.txt +++ b/ChangeLog.d/7764.txt @@ -1,4 +1,3 @@ Features * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() - to convert between mbedtls_ecp_group_id and psa_ecc_family_t and curve's - bit size. + to convert between Mbed TLS and PSA curve identifiers. From d0aa9c1316e4fdc98c3e5f501bf9aa1e0b3342b0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 09:10:44 +0100 Subject: [PATCH 541/653] psa_util: update documentation for PSA conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 31 ++++++++----------------------- 1 file changed, 8 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index d0d95ae19a..f36d89ad62 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -114,14 +114,11 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; * (`MBEDTLS_ECP_DP_xxx`). * \param[out] bits On success the bit size of the curve; 0 on failure. * - * \return On success the corresponding PSA elliptic curve identifier - * (`PSA_ECC_FAMILY_xxx`). - * \return \c 0 if \p grpid is not supported. - * - * \note A successful conversion means that the curve is supported - * in PSA. Legacy support (`mbedtls_ecp_xxx`) is only - * enabled if the curve is builtin (see - * `config_adjust_legacy_from_psa.h` for details). + * \return If the curve is supported in the PSA API, this function + * returns the proper PSA curve identifier + * (`PSA_ECC_FAMILY_xxx`). This holds even if the curve is + * not supported by the ECP module. + * \return \c 0 if the curve is not supported in the PSA API. */ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits); @@ -132,23 +129,11 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * (`PSA_ECC_FAMILY_xxx`). * \param bits The bit-length of a private key on \p curve. * - * \return On success the corresponding Mbed TLS elliptic curve + * \return If the curve is supported in the PSA API, this function + * returns the corresponding Mbed TLS elliptic curve * identifier (`MBEDTLS_ECP_DP_xxx`). * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve - * and \p bits is not supported or invalid: - * - not supported means that the proper `PSA_WANT_ECC_xxx` - * symbol is not enabled for the requested curve. - * - invalid if `PSA_WANT_ECC_xxx` is enabled, but the - * combination of \p curve and \p bits are not correct - * for that curve. - * \return #MBEDTLS_ECP_DP_NONE for secp224k1 curve, no matter - * what the status of `PSA_WANT_ECC_SECP_K1_224` is, because - * this curve is not and will not be supported in PSA (#3541). - * - * \note A successful conversion means that the curve is supported - * in PSA. Legacy support (`mbedtls_ecp_xxx`) is only - * enabled if the curve is builtin (see - * `config_adjust_legacy_from_psa.h` for details). + * and \p bits is not supported. */ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, size_t bits); From 39faa9cad4e83293094e74b2a39bab8914109994 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 09:11:22 +0100 Subject: [PATCH 542/653] psa_util: rename parameter of mbedtls_ecc_group_from_psa The new name better reflects the fact that the 1st parameter is just the EC family and not the curve. Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 4 ++-- library/psa_util.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index f36d89ad62..1b142562ec 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -125,7 +125,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, /** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. * - * \param curve A PSA elliptic curve identifier + * \param family A PSA elliptic curve family identifier * (`PSA_ECC_FAMILY_xxx`). * \param bits The bit-length of a private key on \p curve. * @@ -135,7 +135,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve * and \p bits is not supported. */ -mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, +mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, size_t bits); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ diff --git a/library/psa_util.c b/library/psa_util.c index d833299e8c..41586e262c 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -250,10 +250,10 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, } } -mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t curve, +mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, size_t bits) { - switch (curve) { + switch (family) { case PSA_ECC_FAMILY_SECP_R1: switch (bits) { #if defined(PSA_WANT_ECC_SECP_R1_192) From 2bd2b788cf82437d1d238bbdadbd26fa652532aa Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 15:19:42 +0100 Subject: [PATCH 543/653] Add tests for Issue #8687 Signed-off-by: Jonathan Winzig --- tests/suites/test_suite_x509write.data | 6 ++++++ tests/suites/test_suite_x509write.function | 21 +++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 28cef301c9..730e76e716 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -265,3 +265,9 @@ mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=P Check max serial length x509_set_serial_check: + +Check max extension length (Max-1) +x509_set_extension_length_check:0xFFFFFFFE + +Check max extension length (Max) +x509_set_extension_length_check:0xFFFFFFFF \ No newline at end of file diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index b59fd48f3c..7690dc0499 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -752,3 +752,24 @@ exit: USE_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE */ +void x509_set_extension_length_check(int val_len) +{ + int ret = 0; + + mbedtls_x509write_csr ctx; + mbedtls_x509write_csr_init(&ctx); + + unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 }; + unsigned char *p = buf + sizeof(buf); + + ret = mbedtls_x509_set_extension(&(ctx.MBEDTLS_PRIVATE(extensions)), + MBEDTLS_OID_EXTENDED_KEY_USAGE, + MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE), + 0, + p, + val_len); + TEST_ASSERT(ret == MBEDTLS_ERR_X509_BAD_INPUT_DATA || ret == MBEDTLS_ERR_X509_ALLOC_FAILED); +} +/* END_CASE */ From 05c722bfd03712b5fbea0dc3087244be10425935 Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 15:20:03 +0100 Subject: [PATCH 544/653] Fix Issue #8687 Signed-off-by: Jonathan Winzig --- library/x509_create.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/x509_create.c b/library/x509_create.c index 8f31c3beab..c761a8c450 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -382,6 +382,10 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, { mbedtls_asn1_named_data *cur; + if (0xFFFFFFFF == (uint32_t) val_len) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } + if ((cur = mbedtls_asn1_store_named_data(head, oid, oid_len, NULL, val_len + 1)) == NULL) { return MBEDTLS_ERR_X509_ALLOC_FAILED; From 5caf20ea80b46edbad29448d169e694659968cd1 Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 16:41:10 +0100 Subject: [PATCH 545/653] Update fix to be more platform-independent Co-authored-by: David Horstmann Signed-off-by: Jonathan Winzig --- library/x509_create.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_create.c b/library/x509_create.c index c761a8c450..f7a17e712d 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -382,7 +382,7 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, { mbedtls_asn1_named_data *cur; - if (0xFFFFFFFF == (uint32_t) val_len) { + if (val_len > (SIZE_MAX - 1)) { return MBEDTLS_ERR_X509_BAD_INPUT_DATA; } From c5e77bf4e490d6a84311916572b6e9c8320ffc06 Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 16:47:12 +0100 Subject: [PATCH 546/653] Add missing newline at the end of test_suite_x509write.data Signed-off-by: Jonathan Winzig --- tests/suites/test_suite_x509write.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 730e76e716..f46d19d584 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -270,4 +270,4 @@ Check max extension length (Max-1) x509_set_extension_length_check:0xFFFFFFFE Check max extension length (Max) -x509_set_extension_length_check:0xFFFFFFFF \ No newline at end of file +x509_set_extension_length_check:0xFFFFFFFF From a72454bc16701603a93b05c60b4339341703a2c6 Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 17:39:42 +0100 Subject: [PATCH 547/653] Update test-data to use SIZE_MAX Co-authored-by: David Horstmann Signed-off-by: Jonathan Winzig --- tests/suites/test_suite_x509write.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index f46d19d584..869ea7f595 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -270,4 +270,4 @@ Check max extension length (Max-1) x509_set_extension_length_check:0xFFFFFFFE Check max extension length (Max) -x509_set_extension_length_check:0xFFFFFFFF +x509_set_extension_length_check:SIZE_MAX From 6c9779fabbafa060e130728bdb899f0cf9d7d08a Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 17:47:10 +0100 Subject: [PATCH 548/653] Remove unneeded testcase Signed-off-by: Jonathan Winzig --- tests/suites/test_suite_x509write.data | 7 ++----- tests/suites/test_suite_x509write.function | 6 +++--- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 869ea7f595..5c6a9032d0 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -266,8 +266,5 @@ mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=P Check max serial length x509_set_serial_check: -Check max extension length (Max-1) -x509_set_extension_length_check:0xFFFFFFFE - -Check max extension length (Max) -x509_set_extension_length_check:SIZE_MAX +Check max extension length +x509_set_extension_length_check: diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 7690dc0499..4c002f9ee2 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -754,7 +754,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void x509_set_extension_length_check(int val_len) +void x509_set_extension_length_check() { int ret = 0; @@ -769,7 +769,7 @@ void x509_set_extension_length_check(int val_len) MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE), 0, p, - val_len); - TEST_ASSERT(ret == MBEDTLS_ERR_X509_BAD_INPUT_DATA || ret == MBEDTLS_ERR_X509_ALLOC_FAILED); + SIZE_MAX); + TEST_ASSERT(MBEDTLS_ERR_X509_BAD_INPUT_DATA == ret); } /* END_CASE */ From 315c3ca9e55f74e58ae4a5be96c2ed890106c0dd Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 18:31:11 +0100 Subject: [PATCH 549/653] Add required dependency to the testcase Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com> Signed-off-by: Jonathan Winzig --- tests/suites/test_suite_x509write.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 4c002f9ee2..503d9764cb 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -753,7 +753,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_WRITE_C */ void x509_set_extension_length_check() { int ret = 0; From 0f45a1aec5a73de46796681d09483bd87c26e744 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 10 Jan 2024 09:43:06 +0100 Subject: [PATCH 550/653] Fix typos / improve syntax MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/driver-only-cipher.txt | 2 +- ChangeLog.d/no-cipher.txt | 2 +- docs/architecture/psa-migration/md-cipher-dispatch.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/driver-only-cipher.txt b/ChangeLog.d/driver-only-cipher.txt index e2a946c916..331b2f997c 100644 --- a/ChangeLog.d/driver-only-cipher.txt +++ b/ChangeLog.d/driver-only-cipher.txt @@ -2,7 +2,7 @@ Features * If a cipher or AEAD mechanism has a PSA driver, you can now build the library without the corresponding built-in implementation. Generally speaking that requires both the key type and algorithm to be accelerated - or they'll both be built in. However for CCM and GCM the built-in + or they'll both be built in. However, for CCM and GCM the built-in implementation is able to take advantage of a driver that only accelerates the key type (that is, the block cipher primitive). See docs/driver-only-builds.md for full details and current limitations. diff --git a/ChangeLog.d/no-cipher.txt b/ChangeLog.d/no-cipher.txt index 4deadab980..87f2f6d3ae 100644 --- a/ChangeLog.d/no-cipher.txt +++ b/ChangeLog.d/no-cipher.txt @@ -1,7 +1,7 @@ Features * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code size by disabling it in more circumstances. In particular, the CCM and - GCM modules no longer depends on MBEDTLS_CIPHER_C. Also, + GCM modules no longer depend on MBEDTLS_CIPHER_C. Also, MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all unauthenticated (non-AEAD) ciphers are disabled, or if they're all fully provided by drivers. See docs/driver-only-builds.md for full diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index 30afad8315..eda65a348c 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -609,7 +609,7 @@ int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg); The job of this private function is to return 1 if `hash_alg` can be performed through PSA now, and 0 otherwise. It is only defined on algorithms that are enabled via PSA. As a starting point, return 1 if PSA crypto's driver subsystem has been initialized. -Each function in the module needs to know whether to dispatch via PSA or legacy. All function with just consult the context's `engine` field, except `setup()` which will set it according to the key type and the return value of `psa_can_do_cipher()` as discussed above. +Each function in the module needs to know whether to dispatch via PSA or legacy. All functions consult the context's `engine` field, except `setup()` which will set it according to the key type and the return value of `psa_can_do_cipher()` as discussed above. Note that this assumes that an operation that has been started via PSA can be completed. This implies that `mbedtls_psa_crypto_free` must not be called while an operation using PSA is in progress. From e3344867539d0522a45848cd6e99f36233232d5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 10 Jan 2024 10:24:31 +0100 Subject: [PATCH 551/653] Add new lines before lists MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is more portable markdown, and also for people who read the text, it make the new lines after the list (but inside the same sentence) less surprising I hope. Signed-off-by: Manuel Pégourié-Gonnard --- docs/driver-only-builds.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 8f708259ce..f59420e3d1 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -16,6 +16,7 @@ driver. In order to have some mechanism provided only by a driver, you'll want the following compile-time configuration options enabled: + - `MBEDTLS_PSA_CRYPTO_C` (enabled by default) - this enables PSA Crypto. - `MBEDTLS_USE_PSA_CRYPTO` (disabled by default) - this makes PK, X.509 and TLS use PSA Crypto. You need to enable this if you're using PK, X.509 or TLS @@ -28,6 +29,7 @@ mechanism through the PSA API in Mbed TLS](proposed/psa-conditional-inclusion-c.md) for details. In addition, for each mechanism you want provided only by your driver: + - Define the corresponding `PSA_WANT` macro in `psa/crypto_config.h` - this means the algorithm will be available in the PSA Crypto API. - Define the corresponding `MBEDTLS_PSA_ACCEL` in your build. This could be @@ -52,6 +54,7 @@ Mechanisms covered ------------------ For now, only the following (families of) mechanisms are supported: + - hashes: SHA-3, SHA-2, SHA-1, MD5, etc. - elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types. - finite-field Diffie-Hellman: FFDH algorithm, DH key types. @@ -79,6 +82,7 @@ Hashes It is possible to have all hash operations provided only by a driver. More precisely: + - you can enable `PSA_WANT_ALG_SHA_256` without `MBEDTLS_SHA256_C`, provided you have `MBEDTLS_PSA_ACCEL_ALG_SHA_256` enabled; - and similarly for all supported hash algorithms: `MD5`, `RIPEMD160`, @@ -97,6 +101,7 @@ considerations](#general-considerations) above. If you want to check at compile-time whether a certain hash algorithm is available in the present build of Mbed TLS, regardless of whether it's provided by a driver or built-in, you should use the following macros: + - for code that uses only the PSA Crypto API: `PSA_WANT_ALG_xxx` from `psa/crypto.h`; - for code that uses non-PSA crypto APIs: `MBEDTLS_MD_CAN_xxx` from @@ -106,10 +111,12 @@ Elliptic-curve cryptography (ECC) --------------------------------- It is possible to have most ECC operations provided only by a driver: + - the ECDH, ECDSA and EC J-PAKE algorithms; - key import, export, and random generation. More precisely, if: + - you have driver support for ECC public and using private keys (that is, `MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY` and `MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC` are enabled), and @@ -118,6 +125,7 @@ More precisely, if: `MBEDTLS_PSA_ACCEL_ECC_xxx` macros is enabled as well); then you can: + - enable `PSA_WANT_ALG_ECDH` without `MBEDTLS_ECDH_C`, provided `MBEDTLS_PSA_ACCEL_ALG_ECDH` is enabled - enable `PSA_WANT_ALG_ECDSA` without `MBEDTLS_ECDSA_C`, provided @@ -126,6 +134,7 @@ then you can: `MBEDTLS_PSA_ACCEL_ALG_JPAKE` is enabled. In addition, if: + - none of `MBEDTLS_ECDH_C`, `MBEDTLS_ECDSA_C`, `MBEDTLS_ECJPAKE_C` are enabled (see conditions above), and - you have driver support for all enabled ECC key pair operations - that is, @@ -137,6 +146,7 @@ then you can also disable `MBEDTLS_ECP_C`. However, a small subset of it might still be included in the build, see limitations sub-section below. In addition, if: + - `MBEDTLS_ECP_C` is fully removed (see limitation sub-section below), - and support for RSA key types and algorithms is either fully disabled or fully provided by a driver, @@ -148,6 +158,7 @@ then you can also disable `MBEDTLS_BIGNUM_C`. In such builds, all crypto operations via the PSA Crypto API will work as usual, as well as the PK, X.509 and TLS modules if `MBEDTLS_USE_PSA_CRYPTO` is enabled, with the following exceptions: + - direct calls to APIs from the disabled modules are not possible; - PK, X.509 and TLS will not support restartable ECC operations (see limitation sub-section below). @@ -155,6 +166,7 @@ enabled, with the following exceptions: If you want to check at compile-time whether a certain curve is available in the present build of Mbed TLS, regardless of whether ECC is provided by a driver or built-in, you should use the following macros: + - for code that uses only the PSA Crypto API: `PSA_WANT_ECC_xxx` from `psa/crypto.h`; - for code that may also use non-PSA crypto APIs: `MBEDTLS_ECP_HAVE_xxx` from @@ -170,6 +182,7 @@ automatically defined when enabling `MBEDTLS_PSA_P256M_DRIVER_ENABLED`. A limited subset of `ecp.c` will still be automatically re-enabled if any of the following is enabled: + - `MBEDTLS_PK_PARSE_EC_COMPRESSED` - support for parsing ECC keys where the public part is in compressed format; - `MBEDTLS_PK_PARSE_EC_EXTENDED` - support for parsing ECC keys where the @@ -249,6 +262,7 @@ RSA It is possible for all RSA operations to be provided only by a driver. More precisely, if: + - all the RSA algorithms that are enabled (`PSA_WANT_ALG_RSA_*`) are also accelerated (`MBEDTLS_PSA_ACCEL_ALG_RSA_*`), - and all the RSA key types that are enabled (`PSA_WANT_KEY_TYPE_RSA_*`) are @@ -272,6 +286,7 @@ Ciphers (unauthenticated and AEAD) It is possible to have all ciphers and AEAD operations provided only by a driver. More precisely, for each desired combination of key type and algorithm/mode you can: + - Enable desired PSA key type(s): - `PSA_WANT_KEY_TYPE_AES`, - `PSA_WANT_KEY_TYPE_ARIA`, @@ -328,6 +343,7 @@ some non-PSA APIs will be absent or have reduced functionality, see Some legacy modules can't take advantage of PSA drivers yet, and will either need to be disabled, or have reduced features when the built-in implementations of some ciphers are removed: + - `MBEDTLS_NIST_KW_C` needs built-in AES: it must be disabled when `MBEDTLS_AES_C` is disabled. - `MBEDTLS_CMAC_C` needs built-in AES/DES: it must be disabled when @@ -352,6 +368,7 @@ restrictions, see [Disabling `MBEDTLS_CIPHER_C`](#disabling-mbedtls_cipher_c). Note that the relationship between legacy (i.e. `MBEDTLS_xxx_C`) and PSA (i.e. `PSA_WANT_xxx`) symbols is not always 1:1. For example: + - ECB mode is always enabled in the legacy configuration for each key type that allows it (AES, ARIA, Camellia, DES), whereas it must be explicitly enabled in PSA with `PSA_WANT_ALG_ECB_NO_PADDING`. @@ -374,6 +391,7 @@ together with desired key type(s) (`PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]` + `MBEDTLS_PSA_ACCEL_KEY_TYPE_[AES|ARIA|CAMELLIA]`). In such configurations it is possible to: + - Use CCM and GCM via the PSA Crypto APIs. - Use CCM and GCM via legacy functions `mbedtls_[ccm|gcm]_xxx()` (but not the legacy functions `mbedtls_cipher_xxx()`). @@ -387,6 +405,7 @@ algorithm) in order to work with a driver. The legacy CTR-DRBG module (enabled by `MBEDTLS_CTR_DRBG_C`) can also benefit from PSA acceleration if both of the following conditions are met: + - The legacy AES module (`MBEDTLS_AES_C`) is not enabled and - AES is supported on the PSA side together with ECB mode, i.e. `PSA_WANT_KEY_TYPE_AES` + `PSA_WANT_ALG_ECB_NO_PADDING`. @@ -395,6 +414,7 @@ from PSA acceleration if both of the following conditions are met: It is possible to save code size by disabling MBEDTLS_CIPHER_C when all of the following conditions are met: + - The application is not using the `mbedtls_cipher_` API. - In PSA, all unauthenticated (that is, non-AEAD) ciphers are either disabled or fully accelerated (that is, all compatible key types are accelerated too). @@ -404,6 +424,7 @@ following conditions are met: a driver.) In such a build, everything will work as usual except for the following: + - Encryption/decryption functions from the PKCS5 and PKCS12 module will not be available (only key derivation functions). - Parsing of PKCS5- or PKCS12-encrypted keys in PK parse will fail. From a8b4291836b788d509bd00cd2436e5cbd363544a Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 8 Nov 2023 11:10:47 +0800 Subject: [PATCH 552/653] tls13: add generic function to write Record Size Limit ext Signed-off-by: Yanray Wang --- library/ssl_misc.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a8afd429cf..62b212d722 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2710,6 +2710,13 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end); + +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, + uint16_t record_size_limit, + unsigned char *buf, + const unsigned char *end, + size_t *out_len); #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_SSL_ALPN) From faf70bdf9d314e52fd8b3e7d92a922316cac05c5 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 7 Dec 2023 10:03:32 +0800 Subject: [PATCH 553/653] ssl_tls13_generic: check value of RecordSizeLimit in helper function Signed-off-by: Yanray Wang --- library/ssl_tls13_generic.c | 67 +++++++++++++++++++++++++++++++------ 1 file changed, 56 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index ecfaf8a1a9..0befe3bba3 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1698,6 +1698,27 @@ int mbedtls_ssl_tls13_check_received_extension( } #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) +/* RFC 8449, section 4: + * + * Endpoints MUST NOT send a "record_size_limit" extension with a value + * smaller than 64. An endpoint MUST treat receipt of a smaller value + * as a fatal error and generate an "illegal_parameter" alert. + */ +static int mbedtls_ssl_is_record_size_limit_valid(mbedtls_ssl_context *ssl, + uint16_t record_size_limit) +{ + if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid record size limit : %u Bytes", + record_size_limit)); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } + + return 0; +} + /* RFC 8449, section 4: * * The ExtensionData of the "record_size_limit" extension is @@ -1709,6 +1730,7 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; uint16_t record_size_limit; const size_t extension_data_len = end - buf; @@ -1731,17 +1753,9 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit)); - /* RFC 8449, section 4: - * - * Endpoints MUST NOT send a "record_size_limit" extension with a value - * smaller than 64. An endpoint MUST treat receipt of a smaller value - * as a fatal error and generate an "illegal_parameter" alert. - */ - if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + ret = mbedtls_ssl_is_record_size_limit_valid(ssl, record_size_limit); + if (ret != 0) { + return ret; } ssl->session_negotiate->record_size_limit = record_size_limit; @@ -1749,6 +1763,37 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, return 0; } +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, + uint16_t record_size_limit, + unsigned char *buf, + const unsigned char *end, + size_t *out_len) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *p = buf; + *out_len = 0; + + ret = mbedtls_ssl_is_record_size_limit_valid(ssl, record_size_limit); + if (ret != 0) { + return ret; + } + + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); + + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT, p, 0); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH, p, 2); + MBEDTLS_PUT_UINT16_BE(record_size_limit, p, 4); + + *out_len = 6; + + MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %u Bytes", record_size_limit)); + + mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); + + return 0; +} + #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ From 42017cd4c9dacef74a82618a1d1b8afbfbfe35a9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 8 Nov 2023 11:15:23 +0800 Subject: [PATCH 554/653] tls13: cli: write Record Size Limit ext in ClientHello - add the support in library - update corresponding test case Signed-off-by: Yanray Wang --- library/ssl_tls13_client.c | 9 +++++++++ tests/ssl-opt.sh | 11 +++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 342ec5242e..0d132227c0 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1160,6 +1160,15 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, } p += ext_len; +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + ret = mbedtls_ssl_tls13_write_record_size_limit_ext( + ssl, MBEDTLS_SSL_IN_CONTENT_LEN, p, end, &ext_len); + if (ret != 0) { + return ret; + } + p += ext_len; +#endif + #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) { ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 92b3e171c6..1cd01dc0c2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4856,10 +4856,13 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \ "$P_CLI debug_level=4 force_version=tls13" \ 0 \ - -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'" -# The P_CLI can not yet send the Record Size Limit extension. Thus, the G_NEXT_SRV does not send -# a response in its EncryptedExtensions record. -# -c "RecordSizeLimit: 16385 Bytes" + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "found record_size_limit extension" \ + -c "RecordSizeLimit: 16385 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension received." \ + -s "Parsing extension 'Record Size Limit/28' (2 bytes)" \ + -s "record_size_limit 16384 negotiated" # In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the # maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size". From 47d294694355b2544f8a2647c3fcfae5b77ac8fc Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 3 Jan 2024 17:31:52 +0000 Subject: [PATCH 555/653] tls13: server: write Record Size Limit ext in EncryptedExtensions - add the support in library - update corresponding test cases. Signed-off-by: Yanray Wang Signed-off-by: Waleed Elmelegy --- library/ssl_tls13_server.c | 9 +++++++++ tests/ssl-opt.sh | 24 ++++++++++-------------- 2 files changed, 19 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index a7c266b528..c9fddda1ee 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2530,6 +2530,15 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_EARLY_DATA */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + ret = mbedtls_ssl_tls13_write_record_size_limit_ext( + ssl, MBEDTLS_SSL_IN_CONTENT_LEN, p, end, &output_len); + if (ret != 0) { + return ret; + } + p += output_len; +#endif + extensions_len = (p - p_extensions_len) - 2; MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1cd01dc0c2..89243e4a29 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4843,7 +4843,6 @@ run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ 0 \ -s "RecordSizeLimit: 16385 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 16383" \ -s "bytes written in 1 fragments" @@ -4857,10 +4856,7 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ "$P_CLI debug_level=4 force_version=tls13" \ 0 \ -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "found record_size_limit extension" \ -c "RecordSizeLimit: 16385 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension received." \ -s "Parsing extension 'Record Size Limit/28' (2 bytes)" \ -s "record_size_limit 16384 negotiated" @@ -4937,8 +4933,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=512" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 0 \ - -s "RecordSizeLimit: 1024 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ -s "512 bytes written in 1 fragments" @@ -4951,8 +4947,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 0 \ - -s "RecordSizeLimit: 1024 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ -s "1536 bytes written in 2 fragments" @@ -4965,8 +4961,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 0 \ - -s "RecordSizeLimit: 1024 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ -s "2560 bytes written in 3 fragments" @@ -4979,8 +4975,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 0 \ - -s "RecordSizeLimit: 4096 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ -s "2048 bytes written in 1 fragments" @@ -4993,8 +4989,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 0 \ - -s "RecordSizeLimit: 4096 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ -s "6144 bytes written in 2 fragments" From 598ea09dd5b142a0743c4a9b8ab7a3a9b6a9a813 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 3 Jan 2024 17:34:03 +0000 Subject: [PATCH 556/653] TLS1.3: SRV/CLI: add support for sending Record Size Limit extension Signed-off-by: Yanray Wang Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 89243e4a29..e45a165df8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5003,11 +5003,33 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 0 \ - -s "RecordSizeLimit: 4096 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ -s "10240 bytes written in 3 fragments" +# TODO: For time being, we send fixed value of RecordSizeLimit defined by +# MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of +# RecordSizeLimit, we need to modify value of RecordSizeLimit in below test. +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (16384)" \ + "$P_SRV debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4 force_version=tls13" \ + 0 \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "RecordSizeLimit: 16384 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 16383" \ + -s "RecordSizeLimit: 16384 Bytes" \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 16383" \ + -s "Maximum incoming record payload length is 16384" + # Tests for renegotiation # Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION From 148dfb64575dab43a26fe66677d2b7f98d22f049 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 4 Jan 2024 18:02:35 +0000 Subject: [PATCH 557/653] Change record size limit writing function Signed-off-by: Waleed Elmelegy --- library/ssl_misc.h | 1 - library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 12 ++++-------- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 62b212d722..7195d63432 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2713,7 +2713,6 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, - uint16_t record_size_limit, unsigned char *buf, const unsigned char *end, size_t *out_len); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0d132227c0..2a8081ddac 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1162,7 +1162,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) ret = mbedtls_ssl_tls13_write_record_size_limit_ext( - ssl, MBEDTLS_SSL_IN_CONTENT_LEN, p, end, &ext_len); + ssl, p, end, &ext_len); if (ret != 0) { return ret; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 0befe3bba3..ad2b7f6729 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1765,29 +1765,25 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, - uint16_t record_size_limit, unsigned char *buf, const unsigned char *end, size_t *out_len) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; *out_len = 0; - ret = mbedtls_ssl_is_record_size_limit_valid(ssl, record_size_limit); - if (ret != 0) { - return ret; - } + MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_IN_CONTENT_LEN >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN, + "MBEDTLS_SSL_IN_CONTENT_LEN is less than the minimum record size limit"); MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT, p, 0); MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH, p, 2); - MBEDTLS_PUT_UINT16_BE(record_size_limit, p, 4); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_IN_CONTENT_LEN, p, 4); *out_len = 6; - MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %u Bytes", record_size_limit)); + MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %u Bytes", MBEDTLS_SSL_IN_CONTENT_LEN)); mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); From d2fc90e024b055e023c412fac6a1377229396eff Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 4 Jan 2024 18:04:53 +0000 Subject: [PATCH 558/653] Stop sending record size limit extension if it's not sent from client Signed-off-by: Waleed Elmelegy --- library/ssl_tls13_server.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index c9fddda1ee..36d1c059f5 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2500,6 +2500,9 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, size_t extensions_len = 0; unsigned char *p_extensions_len; size_t output_len; +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + uint32_t record_size_extension_mask; +#endif *out_len = 0; @@ -2531,12 +2534,15 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_EARLY_DATA */ #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - ret = mbedtls_ssl_tls13_write_record_size_limit_ext( - ssl, MBEDTLS_SSL_IN_CONTENT_LEN, p, end, &output_len); - if (ret != 0) { - return ret; + record_size_extension_mask = mbedtls_ssl_get_extension_mask(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); + if (ssl->handshake->received_extensions | record_size_extension_mask) { + ret = mbedtls_ssl_tls13_write_record_size_limit_ext( + ssl, p, end, &output_len); + if (ret != 0) { + return ret; + } + p += output_len; } - p += output_len; #endif extensions_len = (p - p_extensions_len) - 2; From e1ac98d8887872ccc8a5034a5e237f74965f3a47 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 5 Jan 2024 18:10:12 +0000 Subject: [PATCH 559/653] remove mbedtls_ssl_is_record_size_limit_valid function Signed-off-by: Waleed Elmelegy --- library/ssl_tls13_generic.c | 46 +++++++++++++++---------------------- 1 file changed, 19 insertions(+), 27 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index ad2b7f6729..0afedbc356 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1698,26 +1698,6 @@ int mbedtls_ssl_tls13_check_received_extension( } #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) -/* RFC 8449, section 4: - * - * Endpoints MUST NOT send a "record_size_limit" extension with a value - * smaller than 64. An endpoint MUST treat receipt of a smaller value - * as a fatal error and generate an "illegal_parameter" alert. - */ -static int mbedtls_ssl_is_record_size_limit_valid(mbedtls_ssl_context *ssl, - uint16_t record_size_limit) -{ - if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid record size limit : %u Bytes", - record_size_limit)); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - return 0; -} /* RFC 8449, section 4: * @@ -1730,7 +1710,6 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; uint16_t record_size_limit; const size_t extension_data_len = end - buf; @@ -1753,9 +1732,19 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit)); - ret = mbedtls_ssl_is_record_size_limit_valid(ssl, record_size_limit); - if (ret != 0) { - return ret; + /* RFC 8449, section 4: + * + * Endpoints MUST NOT send a "record_size_limit" extension with a value + * smaller than 64. An endpoint MUST treat receipt of a smaller value + * as a fatal error and generate an "illegal_parameter" alert. + */ + if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid record size limit : %u Bytes", + record_size_limit)); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } ssl->session_negotiate->record_size_limit = record_size_limit; @@ -1773,17 +1762,20 @@ int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, *out_len = 0; MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_IN_CONTENT_LEN >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN, - "MBEDTLS_SSL_IN_CONTENT_LEN is less than the minimum record size limit"); + "MBEDTLS_SSL_IN_CONTENT_LEN is less than the " + "minimum record size limit"); MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT, p, 0); - MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH, p, 2); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH, + p, 2); MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_IN_CONTENT_LEN, p, 4); *out_len = 6; - MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %u Bytes", MBEDTLS_SSL_IN_CONTENT_LEN)); + MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %u Bytes", + MBEDTLS_SSL_IN_CONTENT_LEN)); mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); From fbe42743eb37c0d8b846b6127144643400288fa4 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 5 Jan 2024 18:11:10 +0000 Subject: [PATCH 560/653] Fix issue in checking in writing extensions Fix issue in checking if server received record size limit extension. Signed-off-by: Waleed Elmelegy --- library/ssl_tls13_server.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 36d1c059f5..227d287af5 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2500,9 +2500,6 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, size_t extensions_len = 0; unsigned char *p_extensions_len; size_t output_len; -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - uint32_t record_size_extension_mask; -#endif *out_len = 0; @@ -2534,8 +2531,7 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_EARLY_DATA */ #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - record_size_extension_mask = mbedtls_ssl_get_extension_mask(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); - if (ssl->handshake->received_extensions | record_size_extension_mask) { + if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) { ret = mbedtls_ssl_tls13_write_record_size_limit_ext( ssl, p, end, &output_len); if (ret != 0) { From 3a37756496f89937214d600d5f2b7b8ccd95ed07 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 5 Jan 2024 18:13:42 +0000 Subject: [PATCH 561/653] Improve record size limit tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e45a165df8..f47cc8ef6e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4843,6 +4843,7 @@ run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ 0 \ -s "RecordSizeLimit: 16385 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 16383" \ -s "bytes written in 1 fragments" @@ -4856,6 +4857,9 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ "$P_CLI debug_level=4 force_version=tls13" \ 0 \ -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "found record_size_limit extension" \ + -c "EncryptedExtensions: record_size_limit(28) extension received." \ -c "RecordSizeLimit: 16385 Bytes" \ -s "Parsing extension 'Record Size Limit/28' (2 bytes)" \ -s "record_size_limit 16384 negotiated" @@ -4933,6 +4937,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=512" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 0 \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ -s "Sent RecordSizeLimit: 16384 Bytes" \ -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ @@ -4947,6 +4953,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 0 \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ -s "Sent RecordSizeLimit: 16384 Bytes" \ -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ @@ -4961,6 +4969,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ 0 \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ -s "Sent RecordSizeLimit: 16384 Bytes" \ -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ @@ -4975,6 +4985,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 0 \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ -s "Sent RecordSizeLimit: 16384 Bytes" \ -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ @@ -4989,6 +5001,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 0 \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ -s "Sent RecordSizeLimit: 16384 Bytes" \ -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ @@ -5003,6 +5017,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ 0 \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ -s "Sent RecordSizeLimit: 16384 Bytes" \ -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ @@ -5011,23 +5027,20 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit # TODO: For time being, we send fixed value of RecordSizeLimit defined by # MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of # RecordSizeLimit, we need to modify value of RecordSizeLimit in below test. -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_value_equals "MBEDTLS_SSL_IN_CONTENT_LEN" 16384 +requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (16384)" \ +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (default)" \ "$P_SRV debug_level=4 force_version=tls13" \ - "$P_CLI debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "RecordSizeLimit: 16384 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 16383" \ - -s "RecordSizeLimit: 16384 Bytes" \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 16383" \ + -c "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ + -c "RecordSizeLimit: $MAX_IN_LEN Bytes" \ + -c "Maximum outgoing record payload length is 16383" \ + -s "RecordSizeLimit: $MAX_IN_LEN Bytes" \ + -s "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ + -s "Maximum outgoing record payload length is 16383" \ -s "Maximum incoming record payload length is 16384" # Tests for renegotiation From 2a2462e8f93d290220cd63956fb1ada69646dc1f Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 5 Jan 2024 18:58:46 +0000 Subject: [PATCH 562/653] Add Changlog entry for record size extension Signed-off-by: Waleed Elmelegy --- ChangeLog.d/add-record-size-limit-extension-support.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/add-record-size-limit-extension-support.txt diff --git a/ChangeLog.d/add-record-size-limit-extension-support.txt b/ChangeLog.d/add-record-size-limit-extension-support.txt new file mode 100644 index 0000000000..ca1a7c268d --- /dev/null +++ b/ChangeLog.d/add-record-size-limit-extension-support.txt @@ -0,0 +1,2 @@ +Features + * Add support for sending and receiving Record Size Limit extension. From 9457e67afd58b5e3deb67dbceb9662c34daeff41 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 8 Jan 2024 15:40:12 +0000 Subject: [PATCH 563/653] update record size limit tests to be more consistent Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f47cc8ef6e..12605f5b01 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4836,8 +4836,9 @@ run_test "Max fragment length: DTLS client, larger message" \ requires_gnutls_tls1_3 requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ "$P_SRV debug_level=3 force_version=tls13" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ @@ -4849,20 +4850,17 @@ run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ requires_gnutls_tls1_3 requires_gnutls_record_size_limit -requires_gnutls_next_disable_tls13_compat +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert -d 4" \ "$P_CLI debug_level=4 force_version=tls13" \ 0 \ -c "Sent RecordSizeLimit: 16384 Bytes" \ -c "ClientHello: record_size_limit(28) extension exists." \ - -c "found record_size_limit extension" \ -c "EncryptedExtensions: record_size_limit(28) extension received." \ -c "RecordSizeLimit: 16385 Bytes" \ - -s "Parsing extension 'Record Size Limit/28' (2 bytes)" \ - -s "record_size_limit 16384 negotiated" # In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the # maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size". @@ -4889,10 +4887,13 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ response_size=256" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ 0 \ -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 511" \ -s "256 bytes written in 1 fragments" @@ -4909,6 +4910,9 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ 0 \ -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 511" \ -s "768 bytes written in 2 fragments" @@ -4925,6 +4929,9 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ 0 \ -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 511" \ -s "1280 bytes written in 3 fragments" From f501790ff20bf3896fff6299fd1f889106fab047 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 9 Jan 2024 14:18:34 +0000 Subject: [PATCH 564/653] Improve comments across record size limit changes Signed-off-by: Waleed Elmelegy --- library/ssl_misc.h | 1 + library/ssl_tls.c | 18 +++++++++--------- tests/ssl-opt.sh | 20 ++++++++++++-------- 3 files changed, 22 insertions(+), 17 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7195d63432..2e621be89d 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2704,6 +2704,7 @@ int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) #define MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH (2) +/* This value is defined by RFC 8449 */ #define MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN (64) MBEDTLS_CHECK_RETURN_CRITICAL diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f92e40ac72..517af785a6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3521,15 +3521,15 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) if (ssl->transform_out != NULL && ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* RFC 8449, section 4: - * - * This value [record_size_limit] is the length of the plaintext - * of a protected record. - * The value includes the content type and padding added in TLS 1.3 - * (that is, the complete length of TLSInnerPlaintext). - * - * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY - * and subtract 1 (for the content type that will be added later) + /* + * In TLS 1.3 case, when records are protected, `max_len` as computed + * above is the maximum length of the TLSInnerPlaintext structure that + * along the plaintext payload contains the inner content type (one byte) + * and some zero padding. Given the algorithm used for padding + * in mbedtls_ssl_encrypt_buf(), compute the maximum length for + * the plaintext payload. Round down to a multiple of + * MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY and + * subtract 1. */ max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 12605f5b01..30e6a725a5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4862,16 +4862,18 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ -c "EncryptedExtensions: record_size_limit(28) extension received." \ -c "RecordSizeLimit: 16385 Bytes" \ -# In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the -# maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size". -# There is currently a lower limit of 512, caused by this function not respecting the -# "%ALLOW_SMALL_RECORDS" priority string and not using the more recent function -# https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size. +# In the following tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the +# maximum record size using gnutls_record_set_max_size() +# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size). +# There is currently a lower limit of 512, caused by gnutls_record_set_max_size() +# not respecting the "%ALLOW_SMALL_RECORDS" priority string and not using the +# more recent function gnutls_record_set_max_recv_size() +# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size). # There is currently an upper limit of 4096, caused by the cli arg parser: # https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/src/cli-args.def#L395. -# Thus, these tests are currently limit to that value range. -# Moreover, the value sent in the extension is expected to be larger by one compared -# to the value passed on the cli: +# Thus, these tests are currently limited to the value range 512-4096. +# Also, the value sent in the extension will be one larger than the value +# set at the command line: # https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142 # Currently test certificates being used do not fit in 513 record size limit @@ -5050,6 +5052,8 @@ run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size -s "Maximum outgoing record payload length is 16383" \ -s "Maximum incoming record payload length is 16384" +# End of Record size limit tests + # Tests for renegotiation # Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION From 2fa99b2ddd5581f922a85555d84352cc291ff8d9 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 9 Jan 2024 17:15:03 +0000 Subject: [PATCH 565/653] Add tests for client complying with record size limit Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 145 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 144 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 30e6a725a5..a0811a4289 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5033,6 +5033,150 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit -s "Maximum outgoing record payload length is 4095" \ -s "10240 bytes written in 3 fragments" +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 1 fragment" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=256" \ + 0 \ + -c "RecordSizeLimit: 513 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 511" \ + -c "256 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 2 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=768" \ + 0 \ + -c "RecordSizeLimit: 513 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 511" \ + -c "768 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 3 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=1280" \ + 0 \ + -c "RecordSizeLimit: 513 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 511" \ + -c "1280 bytes written in 3 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 1 fragment" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=512" \ + 0 \ + -c "RecordSizeLimit: 1024 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 1023" \ + -c "512 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 2 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=1536" \ + 0 \ + -c "RecordSizeLimit: 1024 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 1023" \ + -c "1536 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 3 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=2560" \ + 0 \ + -c "RecordSizeLimit: 1024 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 1023" \ + -c "2560 bytes written in 3 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 1 fragment" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=2048" \ + 0 \ + -c "RecordSizeLimit: 4096 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 4095" \ + -c "2048 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 2 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=6144" \ + 0 \ + -c "RecordSizeLimit: 4096 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 4095" \ + -c "6144 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 3 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=10240" \ + 0 \ + -c "RecordSizeLimit: 4096 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 4095" \ + -c "10240 bytes written in 3 fragments" + # TODO: For time being, we send fixed value of RecordSizeLimit defined by # MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of # RecordSizeLimit, we need to modify value of RecordSizeLimit in below test. @@ -5046,7 +5190,6 @@ run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size 0 \ -c "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ -c "RecordSizeLimit: $MAX_IN_LEN Bytes" \ - -c "Maximum outgoing record payload length is 16383" \ -s "RecordSizeLimit: $MAX_IN_LEN Bytes" \ -s "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ -s "Maximum outgoing record payload length is 16383" \ From e840263f76c830e17d09a1d8f4d4e5ab8b1644d1 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 9 Jan 2024 17:21:20 +0000 Subject: [PATCH 566/653] Move record size limit testing to tls13 component Signed-off-by: Waleed Elmelegy --- tests/scripts/all.sh | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f1b9cc23a6..1ab7e5833a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5645,6 +5645,7 @@ support_build_armcc () { component_test_tls13_only () { msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2" scripts/config.py set MBEDTLS_SSL_EARLY_DATA + scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test: TLS 1.3 only, all key exchange modes enabled" @@ -5807,18 +5808,6 @@ component_test_tls13_no_compatibility_mode () { tests/ssl-opt.sh } -component_test_tls13_only_record_size_limit () { - msg "build: TLS 1.3 only from default, record size limit extension enabled" - scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, record size limit extension enabled" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension enabled)" - tests/ssl-opt.sh -} - component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs From f37c70746b1c6645564b68ee52eb5e1fb55e232d Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 9 Jan 2024 17:22:46 +0000 Subject: [PATCH 567/653] Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to full config Signed-off-by: Waleed Elmelegy --- scripts/config.py | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/config.py b/scripts/config.py index d5fb85e52d..ab0e5ea6e8 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -207,7 +207,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient - 'MBEDTLS_SSL_RECORD_SIZE_LIMIT', # in development, currently breaks other tests 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature From 7ae74b74cc8001cb83f61885893b05685966b933 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 9 Jan 2024 21:51:05 +0000 Subject: [PATCH 568/653] Make sure record size limit is not configured without TLS 1.3 Signed-off-by: Waleed Elmelegy --- tests/scripts/all.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1ab7e5833a..cf8d920c53 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1335,6 +1335,7 @@ component_test_no_ctr_drbg_classic () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1381,6 +1382,7 @@ component_test_no_hmac_drbg_classic () { scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1434,6 +1436,7 @@ component_test_psa_external_rng_no_drbg_classic () { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py unset MBEDTLS_ENTROPY_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED @@ -2436,6 +2439,7 @@ component_test_no_use_psa_crypto_full_cmake_asan() { scripts/config.py unset MBEDTLS_PSA_CRYPTO_C scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C @@ -3360,6 +3364,7 @@ build_and_test_psa_want_key_pair_partial() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in # crypto_config.h so we just disable the one we don't want. @@ -3958,6 +3963,7 @@ component_build_psa_accel_alg_ecdh() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED @@ -3974,6 +3980,7 @@ component_build_psa_accel_alg_hmac() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } @@ -3984,9 +3991,11 @@ component_build_psa_accel_alg_hkdf() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py unset MBEDTLS_HKDF_C # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } @@ -3997,6 +4006,7 @@ component_build_psa_accel_alg_md5() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 @@ -4016,6 +4026,7 @@ component_build_psa_accel_alg_ripemd160() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 @@ -4035,6 +4046,7 @@ component_build_psa_accel_alg_sha1() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 @@ -4054,6 +4066,7 @@ component_build_psa_accel_alg_sha224() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 @@ -4070,6 +4083,7 @@ component_build_psa_accel_alg_sha256() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 @@ -4086,6 +4100,7 @@ component_build_psa_accel_alg_sha384() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 @@ -4104,6 +4119,7 @@ component_build_psa_accel_alg_sha512() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 @@ -4123,6 +4139,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP @@ -4137,6 +4154,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP @@ -4151,6 +4169,7 @@ component_build_psa_accel_alg_rsa_oaep() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN @@ -4165,6 +4184,7 @@ component_build_psa_accel_alg_rsa_pss() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN @@ -4179,6 +4199,7 @@ component_build_psa_accel_key_type_rsa_key_pair() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 @@ -4194,6 +4215,7 @@ component_build_psa_accel_key_type_rsa_public_key() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver From a3bfdea82b55710bd1a1ff7ae6ebeecc3bc44634 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 10 Jan 2024 15:30:46 +0000 Subject: [PATCH 569/653] Revert "Make sure record size limit is not configured without TLS 1.3" This reverts commit 52cac7a3e6782bbf46a76158c9034afad53981a7. Signed-off-by: Waleed Elmelegy --- tests/scripts/all.sh | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index cf8d920c53..1ab7e5833a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1335,7 +1335,6 @@ component_test_no_ctr_drbg_classic () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1382,7 +1381,6 @@ component_test_no_hmac_drbg_classic () { scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1436,7 +1434,6 @@ component_test_psa_external_rng_no_drbg_classic () { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py unset MBEDTLS_ENTROPY_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED @@ -2439,7 +2436,6 @@ component_test_no_use_psa_crypto_full_cmake_asan() { scripts/config.py unset MBEDTLS_PSA_CRYPTO_C scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C @@ -3364,7 +3360,6 @@ build_and_test_psa_want_key_pair_partial() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in # crypto_config.h so we just disable the one we don't want. @@ -3963,7 +3958,6 @@ component_build_psa_accel_alg_ecdh() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED @@ -3980,7 +3974,6 @@ component_build_psa_accel_alg_hmac() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } @@ -3991,11 +3984,9 @@ component_build_psa_accel_alg_hkdf() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py unset MBEDTLS_HKDF_C # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" } @@ -4006,7 +3997,6 @@ component_build_psa_accel_alg_md5() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 @@ -4026,7 +4016,6 @@ component_build_psa_accel_alg_ripemd160() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 @@ -4046,7 +4035,6 @@ component_build_psa_accel_alg_sha1() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 @@ -4066,7 +4054,6 @@ component_build_psa_accel_alg_sha224() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 @@ -4083,7 +4070,6 @@ component_build_psa_accel_alg_sha256() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 @@ -4100,7 +4086,6 @@ component_build_psa_accel_alg_sha384() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 @@ -4119,7 +4104,6 @@ component_build_psa_accel_alg_sha512() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 @@ -4139,7 +4123,6 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP @@ -4154,7 +4137,6 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP @@ -4169,7 +4151,6 @@ component_build_psa_accel_alg_rsa_oaep() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN @@ -4184,7 +4165,6 @@ component_build_psa_accel_alg_rsa_pss() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN @@ -4199,7 +4179,6 @@ component_build_psa_accel_key_type_rsa_key_pair() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 @@ -4215,7 +4194,6 @@ component_build_psa_accel_key_type_rsa_public_key() { scripts/config.py full scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver From 09561a75750d4924b5c06eb8cedee32433455369 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 10 Jan 2024 16:13:53 +0000 Subject: [PATCH 570/653] Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to config_adjust_ssl.h Signed-off-by: Waleed Elmelegy --- include/mbedtls/config_adjust_ssl.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 8415f3e5f5..5dd331c765 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -65,6 +65,7 @@ #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED #undef MBEDTLS_SSL_EARLY_DATA +#undef MBEDTLS_SSL_RECORD_SIZE_LIMIT #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ From 1487760b550c9cd87168ffa4ce464e8e80d94992 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 10 Jan 2024 16:15:08 +0000 Subject: [PATCH 571/653] Change order of checking of record size limit client tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a0811a4289..10d75a77f2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5042,9 +5042,9 @@ run_test "Record Size Limit: TLS 1.3: Client complies with record size limit "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ "$P_CLI debug_level=4 force_version=tls13 request_size=256" \ 0 \ - -c "RecordSizeLimit: 513 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 513 Bytes" \ -c "EncryptedExtensions: record_size_limit(28) extension exists." \ -c "Maximum outgoing record payload length is 511" \ -c "256 bytes written in 1 fragments" @@ -5058,9 +5058,9 @@ run_test "Record Size Limit: TLS 1.3: Client complies with record size limit "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ "$P_CLI debug_level=4 force_version=tls13 request_size=768" \ 0 \ - -c "RecordSizeLimit: 513 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 513 Bytes" \ -c "EncryptedExtensions: record_size_limit(28) extension exists." \ -c "Maximum outgoing record payload length is 511" \ -c "768 bytes written in 2 fragments" @@ -5074,9 +5074,9 @@ run_test "Record Size Limit: TLS 1.3: Client complies with record size limit "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ "$P_CLI debug_level=4 force_version=tls13 request_size=1280" \ 0 \ - -c "RecordSizeLimit: 513 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 513 Bytes" \ -c "EncryptedExtensions: record_size_limit(28) extension exists." \ -c "Maximum outgoing record payload length is 511" \ -c "1280 bytes written in 3 fragments" @@ -5090,9 +5090,9 @@ run_test "Record Size Limit: TLS 1.3: Client complies with record size limit "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ "$P_CLI debug_level=4 force_version=tls13 request_size=512" \ 0 \ - -c "RecordSizeLimit: 1024 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 1024 Bytes" \ -c "EncryptedExtensions: record_size_limit(28) extension exists." \ -c "Maximum outgoing record payload length is 1023" \ -c "512 bytes written in 1 fragments" @@ -5106,9 +5106,9 @@ run_test "Record Size Limit: TLS 1.3: Client complies with record size limit "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ "$P_CLI debug_level=4 force_version=tls13 request_size=1536" \ 0 \ - -c "RecordSizeLimit: 1024 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 1024 Bytes" \ -c "EncryptedExtensions: record_size_limit(28) extension exists." \ -c "Maximum outgoing record payload length is 1023" \ -c "1536 bytes written in 2 fragments" @@ -5122,9 +5122,9 @@ run_test "Record Size Limit: TLS 1.3: Client complies with record size limit "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ "$P_CLI debug_level=4 force_version=tls13 request_size=2560" \ 0 \ - -c "RecordSizeLimit: 1024 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 1024 Bytes" \ -c "EncryptedExtensions: record_size_limit(28) extension exists." \ -c "Maximum outgoing record payload length is 1023" \ -c "2560 bytes written in 3 fragments" @@ -5138,9 +5138,9 @@ run_test "Record Size Limit: TLS 1.3: Client complies with record size limit "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ "$P_CLI debug_level=4 force_version=tls13 request_size=2048" \ 0 \ - -c "RecordSizeLimit: 4096 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 4096 Bytes" \ -c "EncryptedExtensions: record_size_limit(28) extension exists." \ -c "Maximum outgoing record payload length is 4095" \ -c "2048 bytes written in 1 fragments" @@ -5154,9 +5154,9 @@ run_test "Record Size Limit: TLS 1.3: Client complies with record size limit "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ "$P_CLI debug_level=4 force_version=tls13 request_size=6144" \ 0 \ - -c "RecordSizeLimit: 4096 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 4096 Bytes" \ -c "EncryptedExtensions: record_size_limit(28) extension exists." \ -c "Maximum outgoing record payload length is 4095" \ -c "6144 bytes written in 2 fragments" @@ -5170,9 +5170,9 @@ run_test "Record Size Limit: TLS 1.3: Client complies with record size limit "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ "$P_CLI debug_level=4 force_version=tls13 request_size=10240" \ 0 \ - -c "RecordSizeLimit: 4096 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 4096 Bytes" \ -c "EncryptedExtensions: record_size_limit(28) extension exists." \ -c "Maximum outgoing record payload length is 4095" \ -c "10240 bytes written in 3 fragments" From 3ff472441a704aa15aa55cf57d16c3e1b63062ab Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 10 Jan 2024 16:15:52 +0000 Subject: [PATCH 572/653] Fix warning in ssl_tls13_generic.c Signed-off-by: Waleed Elmelegy --- library/ssl_tls13_generic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 0afedbc356..47fa65c188 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1774,7 +1774,7 @@ int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, *out_len = 6; - MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %u Bytes", + MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %d Bytes", MBEDTLS_SSL_IN_CONTENT_LEN)); mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); From e83be5f639311adcd8bead731786cdaa49d920d3 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 10 Jan 2024 23:39:54 +0000 Subject: [PATCH 573/653] Change renegotiation tests to work with TLS 1.2 only Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 10d75a77f2..5f0daaa1e7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5530,7 +5530,7 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server strict, client-initiated" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ + "$P_CLI force_version=tls12 debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 0 \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ @@ -5649,7 +5649,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server strict, client default" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3" \ + "$P_CLI force_version=tls12 debug_level=3" \ 0 \ -c "found renegotiation extension" \ -C "error" \ From 19ec9e4f66eabb8e8fa71f0cca69b1fb74095c4d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 13:45:05 +0100 Subject: [PATCH 574/653] psa_crypto_ecp: remove support for secp224k1 Since this curve is not supported in PSA (and it will not ever be in the future), we save a few bytes. Signed-off-by: Valerio Setti --- library/psa_crypto_ecp.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 4d9a59baa9..61c941479a 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -77,14 +77,9 @@ static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits) case PSA_ECC_FAMILY_SECP_K1: switch (*bits) { case 192: + /* secp224k1 is not and will not be supported in PSA (#3541). */ case 256: return PSA_SUCCESS; - /* secp224k1 is not and will not be supported in PSA (#3541). - * Note: secp224k1 has 224-bit coordinates but 225-bit private - * keys which are rounded up to 232 for their representation. */ - case 224: - case 232: - return PSA_ERROR_NOT_SUPPORTED; } break; } From 85ddd43656b420d1812aaa1c68c8bc280193c209 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 11 Jan 2024 11:07:57 +0000 Subject: [PATCH 575/653] Improve record size limit changelog wording Signed-off-by: Waleed Elmelegy --- ChangeLog.d/add-record-size-limit-extension-support.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/add-record-size-limit-extension-support.txt b/ChangeLog.d/add-record-size-limit-extension-support.txt index ca1a7c268d..bc954003ab 100644 --- a/ChangeLog.d/add-record-size-limit-extension-support.txt +++ b/ChangeLog.d/add-record-size-limit-extension-support.txt @@ -1,2 +1,5 @@ Features - * Add support for sending and receiving Record Size Limit extension. + * Add support for Record Size Limit extension as defined by RFC 8449 + and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT. + Application data sent and received will be fragmented according to + Record size limits negotiated during handshake. From 4b09dcd19c68c24a07bd81be88606e665f7ddfeb Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 12 Jan 2024 10:50:25 +0000 Subject: [PATCH 576/653] Change renegotiation test to use G_NEXT_SRV Change renegotiation test to use G_NEXT_SRV to avoid problems when sending TLS 1.3 extensions since we exceed the extension limit in G_SRV. Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5f0daaa1e7..e5637e3e55 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5199,6 +5199,10 @@ run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size # Tests for renegotiation +# G_NEXT_SRV is used in renegotiation tests becuase of the increased +# extensions limit since we exceed the limit in G_SRV when we send +# TLS 1.3 extensions in the initial handshake. + # Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION run_test "Renegotiation: none, for reference" \ "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ @@ -5529,8 +5533,8 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server strict, client-initiated" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ + "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 0 \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ @@ -5543,7 +5547,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 1 \ -c "client hello, adding renegotiation extension" \ @@ -5557,7 +5561,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ allow_legacy=0" \ 1 \ @@ -5572,7 +5576,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ allow_legacy=1" \ 0 \ @@ -5633,7 +5637,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ - "$G_SRV -u --mtu 4096" \ + "$G_NEXT_SRV -u --mtu 4096" \ "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ 0 \ -c "client hello, adding renegotiation extension" \ @@ -5648,8 +5652,8 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server strict, client default" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ - "$P_CLI force_version=tls12 debug_level=3" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ + "$P_CLI debug_level=3" \ 0 \ -c "found renegotiation extension" \ -C "error" \ @@ -5658,7 +5662,7 @@ run_test "Renego ext: gnutls server strict, client default" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client default" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3" \ 0 \ -C "found renegotiation extension" \ @@ -5668,7 +5672,7 @@ run_test "Renego ext: gnutls server unsafe, client default" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client break legacy" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 allow_legacy=-1" \ 1 \ -C "found renegotiation extension" \ From f0ccf467139a023b4fb7edabc21339ac49057c19 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 12 Jan 2024 10:52:45 +0000 Subject: [PATCH 577/653] Add minor cosmetic changes to record size limit changelog and comments Signed-off-by: Waleed Elmelegy --- ChangeLog.d/add-record-size-limit-extension-support.txt | 2 +- library/ssl_misc.h | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/add-record-size-limit-extension-support.txt b/ChangeLog.d/add-record-size-limit-extension-support.txt index bc954003ab..3562b85044 100644 --- a/ChangeLog.d/add-record-size-limit-extension-support.txt +++ b/ChangeLog.d/add-record-size-limit-extension-support.txt @@ -1,5 +1,5 @@ Features - * Add support for Record Size Limit extension as defined by RFC 8449 + * Add support for record size limit extension as defined by RFC 8449 and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT. Application data sent and received will be fragmented according to Record size limits negotiated during handshake. diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2e621be89d..b0cdd5d789 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2704,8 +2704,7 @@ int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) #define MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH (2) -/* This value is defined by RFC 8449 */ -#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN (64) +#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN (64) /* As defined in RFC 8449 */ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, From 67223bb50178bab8138f5633f88fa366bb340179 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 12 Jan 2024 16:37:07 +0000 Subject: [PATCH 578/653] add support for AES-CTR to benchmark Signed-off-by: Dave Rodgman --- programs/test/benchmark.c | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 755a7311a3..6f7f69bda0 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -507,7 +507,7 @@ typedef struct { char md5, ripemd160, sha1, sha256, sha512, sha3_224, sha3_256, sha3_384, sha3_512, des3, des, - aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly, + aes_cbc, aes_cfb128, aes_cfb8, aes_ctr, aes_gcm, aes_ccm, aes_xts, chachapoly, aes_cmac, des3_cmac, aria, camellia, chacha20, poly1305, @@ -571,6 +571,8 @@ int main(int argc, char *argv[]) todo.aes_cfb128 = 1; } else if (strcmp(argv[i], "aes_cfb8") == 0) { todo.aes_cfb8 = 1; + } else if (strcmp(argv[i], "aes_ctr") == 0) { + todo.aes_ctr = 1; } else if (strcmp(argv[i], "aes_xts") == 0) { todo.aes_xts = 1; } else if (strcmp(argv[i], "aes_gcm") == 0) { @@ -774,6 +776,31 @@ int main(int argc, char *argv[]) mbedtls_aes_free(&aes); } #endif +#if defined(MBEDTLS_CIPHER_MODE_CTR) + if (todo.aes_ctr) { + int keysize; + mbedtls_aes_context aes; + + uint8_t stream_block[16]; + size_t nc_off; + + mbedtls_aes_init(&aes); + for (keysize = 128; keysize <= 256; keysize += 64) { + mbedtls_snprintf(title, sizeof(title), "AES-CTR-%d", keysize); + + memset(buf, 0, sizeof(buf)); + memset(tmp, 0, sizeof(tmp)); + memset(stream_block, 0, sizeof(stream_block)); + nc_off = 0; + + CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); + + TIME_AND_TSC(title, mbedtls_aes_crypt_ctr(&aes, BUFSIZE, &nc_off, tmp, stream_block, + buf, buf)); + } + mbedtls_aes_free(&aes); + } +#endif #if defined(MBEDTLS_CIPHER_MODE_XTS) if (todo.aes_xts) { int keysize; From f202c2968b9c83ffe948ad5af788a7d035acc87a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 10:42:37 +0100 Subject: [PATCH 579/653] test_suite_psa_crypto: test asymmetric encryption/decryption also with opaque keys Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 20 +++++++++++-------- tests/suites/test_suite_psa_crypto.function | 22 ++++++++++++++++----- 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 1bd8b65002..e6acfb20f8 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1025,35 +1025,39 @@ aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_ PSA key policy: asymmetric encryption, encrypt | decrypt depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0 PSA key policy: asymmetric encryption, wrong algorithm (v1.5/OAEP) depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0 PSA key policy: asymmetric encryption, wrong algorithm (OAEP with different hash) depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0 PSA key policy: asymmetric encryption, alg=0 in policy depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0 PSA key policy: asymmetric encryption, ANY_HASH in policy is not meaningful depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0 PSA key policy: asymmetric encryption, encrypt but not decrypt depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0 PSA key policy: asymmetric encryption, decrypt but not encrypt depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT +asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0 PSA key policy: asymmetric encryption, neither encrypt nor decrypt depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT +asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0 + +PSA key policy: asymmetric encryption, opaque key, encrypt | decrypt +depends_on:PSA_CRYPTO_DRIVER_TEST:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:1 PSA key policy: asymmetric signature, sign | verify hash, PKCS#1v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4c08a9017c..f67508c5f2 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -2107,7 +2107,8 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, int policy_alg, int key_type, data_t *key_data, - int exercise_alg) + int exercise_alg, + int use_opaque_key) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2124,6 +2125,11 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, psa_set_key_algorithm(&attributes, policy_alg); psa_set_key_type(&attributes, key_type); + if (use_opaque_key) { + psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION)); + } + PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -2142,8 +2148,11 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, NULL, 0, buffer, buffer_length, &output_length); - if (policy_alg == exercise_alg && - (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { + if (use_opaque_key) { + /* Encryption/decryption is opaque keys is currently not supported. */ + TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED); + } else if (policy_alg == exercise_alg && + (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { PSA_ASSERT(status); } else { TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); @@ -2157,8 +2166,11 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, NULL, 0, buffer, buffer_length, &output_length); - if (policy_alg == exercise_alg && - (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) { + if (use_opaque_key) { + /* Encryption/decryption is opaque keys is currently not supported. */ + TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED); + } else if (policy_alg == exercise_alg && + (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) { TEST_EQUAL(status, PSA_ERROR_INVALID_PADDING); } else { TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); From 5bb454aace1db636dc7128a48eb5d7328b018639 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 10:43:16 +0100 Subject: [PATCH 580/653] psa_crypto: allow asymmetric encryption/decryption also with opaque keys Signed-off-by: Valerio Setti --- library/psa_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a8baa6b6f5..e4ecdd08c9 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3080,7 +3080,7 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, return PSA_ERROR_INVALID_ARGUMENT; } - status = psa_get_and_lock_transparent_key_slot_with_policy( + status = psa_get_and_lock_key_slot_with_policy( key, &slot, PSA_KEY_USAGE_ENCRYPT, alg); if (status != PSA_SUCCESS) { return status; @@ -3132,7 +3132,7 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, return PSA_ERROR_INVALID_ARGUMENT; } - status = psa_get_and_lock_transparent_key_slot_with_policy( + status = psa_get_and_lock_key_slot_with_policy( key, &slot, PSA_KEY_USAGE_DECRYPT, alg); if (status != PSA_SUCCESS) { return status; From c4f984f2a579307dbffeda22e7b5a96d606fd34d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 12 Jan 2024 18:29:01 +0000 Subject: [PATCH 581/653] Iterate in 16-byte chunks Signed-off-by: Dave Rodgman --- library/aes.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/library/aes.c b/library/aes.c index f4b9739f7f..ced8a32639 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1441,36 +1441,42 @@ int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, const unsigned char *input, unsigned char *output) { - int c, i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - n = *nc_off; + size_t offset = *nc_off; - if (n > 0x0F) { + if (offset > 0x0F) { return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } - while (length--) { - if (n == 0) { + for (size_t i = 0; i < length;) { + size_t n = 16; + if (offset == 0) { ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block); if (ret != 0) { goto exit; } - - for (i = 16; i > 0; i--) { - if (++nonce_counter[i - 1] != 0) { + for (int j = 16; j > 0; j--) { + if (++nonce_counter[j - 1] != 0) { break; } } + } else { + n -= offset; } - c = *input++; - *output++ = (unsigned char) (c ^ stream_block[n]); - n = (n + 1) & 0x0F; + if (n > (length - i)) { + n = (length - i); + } + mbedtls_xor(&output[i], &input[i], &stream_block[offset], n); + // offset might be non-zero for the last block, but in that case, we don't use it again + offset = 0; + i += n; } - *nc_off = n; + // capture offset for future resumption + *nc_off = (*nc_off + length) % 16; + ret = 0; exit: From 4755e6bda47e8722ade10b0a86d1e94e89c312f1 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 12 Jan 2024 16:35:59 +0000 Subject: [PATCH 582/653] Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION psa_wipe_key_slot can now be called on a slot in any state, if the slot's state is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered reader. Remove the state changing calls that are no longer necessary. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 14 +++----------- library/psa_crypto_core.h | 7 ++----- library/psa_crypto_slot_management.c | 25 ++++++------------------- library/psa_crypto_slot_management.h | 2 +- 4 files changed, 12 insertions(+), 36 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index da5e5be778..1f64500258 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -983,10 +983,6 @@ psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) * Persistent storage is not affected. */ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot) { - if (slot->state != PSA_SLOT_PENDING_DELETION) { - return PSA_ERROR_BAD_STATE; - } - psa_status_t status = psa_remove_key_data_from_memory(slot); /* @@ -998,7 +994,9 @@ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot) * function is called as part of the execution of a test suite, the * execution of the test suite is stopped in error if the assertion fails. */ - if (slot->registered_readers != 1) { + if (((slot->state == PSA_SLOT_FULL) || + (slot->state == PSA_SLOT_PENDING_DELETION)) && + (slot->registered_readers != 1)) { MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 1); status = PSA_ERROR_CORRUPTION_DETECTED; } @@ -1828,12 +1826,6 @@ static void psa_fail_key_creation(psa_key_slot_t *slot, * itself. */ (void) psa_crypto_stop_transaction(); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - - /* Prepare the key slot to be wiped, and then wipe it. */ - slot->registered_readers = 1; - psa_key_slot_state_transition(slot, PSA_SLOT_FILLING, - PSA_SLOT_PENDING_DELETION); - psa_wipe_key_slot(slot); } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 3b5c634975..f11df9f36c 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -70,8 +70,6 @@ typedef struct { * Number of functions registered as reading the material in the key slot. * * Library functions must not write directly to registered_readers - * (unless the slot's state is PSA_SLOT_FILLING and the slot needs to be - * wiped following a failed key creation). * * A function must call psa_register_read(slot) before reading the current * contents of the slot for an operation. @@ -191,9 +189,8 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( * \retval #PSA_SUCCESS * The slot has been successfully wiped. * \retval #PSA_ERROR_CORRUPTION_DETECTED - * The amount of registered readers was not equal to 1. - * \retval #PSA_ERROR_BAD_STATE - * The slot's state was not PSA_SLOT_PENDING_DELETION. + * The slot's state was PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION, and + * the amount of registered readers was not equal to 1. */ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot); diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index ef76dcb897..e7ea8efb46 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -189,10 +189,6 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, (unused_persistent_key_slot != NULL)) { selected_slot = unused_persistent_key_slot; psa_register_read(selected_slot); - /* If the state is not changed then psa_wipe_key_slot - * will report an error. */ - psa_key_slot_state_transition(selected_slot, PSA_SLOT_FULL, - PSA_SLOT_PENDING_DELETION); status = psa_wipe_key_slot(selected_slot); if (status != PSA_SUCCESS) { goto error; @@ -394,12 +390,6 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ if (status != PSA_SUCCESS) { - /* Prepare the key slot to be wiped, and then wipe it. - * Don't overwrite status as a BAD_STATE error here - * can be reported in the psa_wipe_key_slot call. */ - (*p_slot)->registered_readers = 1; - psa_key_slot_state_transition((*p_slot), PSA_SLOT_FILLING, - PSA_SLOT_PENDING_DELETION); psa_wipe_key_slot(*p_slot); if (status == PSA_ERROR_DOES_NOT_EXIST) { @@ -544,13 +534,10 @@ psa_status_t psa_close_key(psa_key_handle_t handle) return status; } if (slot->registered_readers == 1) { - status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL, - PSA_SLOT_PENDING_DELETION); - if (status != PSA_SUCCESS) { - return status; - } + return psa_wipe_key_slot(slot); + } else { + return psa_unregister_read(slot); } - return psa_unregister_read(slot); } psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) @@ -565,10 +552,10 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && (slot->registered_readers == 1)) { - psa_key_slot_state_transition(slot, PSA_SLOT_FULL, - PSA_SLOT_PENDING_DELETION); + return psa_wipe_key_slot(slot); + } else { + return psa_unregister_read(slot); } - return psa_unregister_read(slot); } void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats) diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 5858b18514..9b8e89132c 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -179,7 +179,7 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot) * This function decrements the key slot registered reader counter by one. * If the state of the slot is PSA_SLOT_PENDING_DELETION, * and there is only one registered reader (the caller), - * this function will call psa_wipe_slot(). + * this function will call psa_wipe_key_slot(). * * \note To ease the handling of errors in retrieving a key slot * a NULL input pointer is valid, and the function returns From dfe8bf86a8957cf93795584cba2eb5603d40f84c Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 12 Jan 2024 17:45:05 +0000 Subject: [PATCH 583/653] Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong These error codes are only returned if the program has been tampered with, so they should be CORRUPTION_DETECTED. Signed-off-by: Ryan Everett --- include/psa/crypto.h | 8 ++------ include/psa/crypto_compat.h | 4 +--- library/psa_crypto.c | 1 - library/psa_crypto_core.h | 2 +- library/psa_crypto_slot_management.c | 2 +- library/psa_crypto_slot_management.h | 29 ++++++++++++---------------- 6 files changed, 17 insertions(+), 29 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index fd1928a656..fe10ee0e44 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -415,9 +415,7 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes); * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize - * results in this error code. Or, - * this call was operating on a key slot and found the slot in - * an invalid state for the operation. + * results in this error code. */ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key); @@ -557,9 +555,7 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize - * results in this error code. Or, - * this call was operating on a key slot and found the slot in - * an invalid state for the operation. + * results in this error code. */ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key); diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index bfc00164b5..f896fae1c9 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -142,9 +142,7 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key, * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize - * results in this error code. Or, - * this call was operating on a key slot and found the slot in - * an invalid state for the operation. + * results in this error code. */ psa_status_t psa_close_key(psa_key_handle_t handle); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1f64500258..2a8183e048 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1718,7 +1718,6 @@ static psa_status_t psa_start_key_creation( * \retval #PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription - * \retval #PSA_ERROR_BAD_STATE \emptydescription * * \return If this function fails, the key slot is an invalid state. * You must call psa_fail_key_creation() to wipe and free the slot. diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index f11df9f36c..376337e16f 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -56,7 +56,7 @@ typedef struct { * The state variable is used to help determine whether library functions * which operate on the slot succeed. For example, psa_finish_key_creation, * which transfers the state of a slot from PSA_SLOT_FILLING to - * PSA_SLOT_FULL, must fail with error code PSA_ERROR_BAD_STATE + * PSA_SLOT_FULL, must fail with error code PSA_ERROR_CORRUPTION_DETECTED * if the state of the slot is not PSA_SLOT_FILLING. * * Library functions which traverse the array of key slots only consider diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index e7ea8efb46..3accacff0a 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -417,7 +417,7 @@ psa_status_t psa_unregister_read(psa_key_slot_t *slot) } if ((slot->state != PSA_SLOT_FULL) && (slot->state != PSA_SLOT_PENDING_DELETION)) { - return PSA_ERROR_BAD_STATE; + return PSA_ERROR_CORRUPTION_DETECTED; } /* If we are the last reader and the slot is marked for deletion, diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 9b8e89132c..0b0d7b320e 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -68,9 +68,7 @@ static inline int psa_key_id_is_volatile(psa_key_id_t key_id) * description of the key identified by \p key. * The key slot counter has been incremented. * \retval #PSA_ERROR_BAD_STATE - * The library has not been initialized. Or, - * this call was operating on a key slot and found the slot in - * an invalid state for the operation. + * The library has not been initialized. * \retval #PSA_ERROR_INVALID_HANDLE * \p key is not a valid key identifier. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -114,7 +112,8 @@ void psa_wipe_all_key_slots(void); * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * There were no free key slots. - * \retval #PSA_ERROR_BAD_STATE + * \retval #PSA_ERROR_BAD_STATE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED * This function attempted to operate on a key slot which was in an * unexpected state. */ @@ -133,7 +132,7 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, * * \retval #PSA_SUCCESS The key slot's state variable is new_state. - * \retval #PSA_ERROR_BAD_STATE + * \retval #PSA_ERROR_CORRUPTION_DETECTED * The slot's state was not expected_state. */ static inline psa_status_t psa_key_slot_state_transition( @@ -141,7 +140,7 @@ static inline psa_status_t psa_key_slot_state_transition( psa_key_slot_state_t new_state) { if (slot->state != expected_state) { - return PSA_ERROR_BAD_STATE; + return PSA_ERROR_CORRUPTION_DETECTED; } slot->state = new_state; return PSA_SUCCESS; @@ -157,16 +156,12 @@ static inline psa_status_t psa_key_slot_state_transition( The key slot registered reader counter was incremented. * \retval #PSA_ERROR_CORRUPTION_DETECTED * The reader counter already reached its maximum value and was not - * increased. - * \retval #PSA_ERROR_BAD_STATE - * The slot's state was not PSA_SLOT_FULL. + * increased, or the slot's state was not PSA_SLOT_FULL. */ static inline psa_status_t psa_register_read(psa_key_slot_t *slot) { - if (slot->state != PSA_SLOT_FULL) { - return PSA_ERROR_BAD_STATE; - } - if (slot->registered_readers >= SIZE_MAX) { + if ((slot->state != PSA_SLOT_FULL) || + (slot->registered_readers >= SIZE_MAX)) { return PSA_ERROR_CORRUPTION_DETECTED; } slot->registered_readers++; @@ -190,11 +185,11 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot) * \p slot is NULL or the key slot reader counter has been * decremented (and potentially wiped) successfully. * \retval #PSA_ERROR_CORRUPTION_DETECTED - * registered_readers was equal to 0. - * \retval #PSA_ERROR_BAD_STATE * The slot's state was neither PSA_SLOT_FULL nor - * PSA_SLOT_PENDING_DELETION, or a wipe was attempted and - * the slot's state was not PSA_SLOT_PENDING_DELETION. + * PSA_SLOT_PENDING_DELETION. + * Or a wipe was attempted and the slot's state was not + * PSA_SLOT_PENDING_DELETION. + * Or registered_readers was equal to 0. */ psa_status_t psa_unregister_read(psa_key_slot_t *slot); From 709120a9ceb73dd02578d487caebee0a51491767 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 15 Jan 2024 11:19:03 +0000 Subject: [PATCH 584/653] Revert change to return behaviour in psa_reserve_free_key_slot This change was a mistake, we still need to wipe the pointers here. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 3accacff0a..8d7ff908e1 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -199,7 +199,7 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, status = psa_key_slot_state_transition(selected_slot, PSA_SLOT_EMPTY, PSA_SLOT_FILLING); if (status != PSA_SUCCESS) { - return status; + goto error; } *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + From 1d32a577645cc188793ffd1401d84a05fa39e0ca Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 15 Jan 2024 11:27:58 +0000 Subject: [PATCH 585/653] Revert change to psa_destroy_key documentation Signed-off-by: Ryan Everett --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2a8183e048..d15ace5595 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1126,7 +1126,7 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) exit: status = psa_wipe_key_slot(slot); - /* Prioritize an error from wiping over a storage error */ + /* Prioritize CORRUPTION_DETECTED from wiping over a storage error */ if (status != PSA_SUCCESS) { overall_status = status; } From b49cf1019d32e204c13839fba9ac329d623a1105 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 13 Jan 2024 16:40:58 +0000 Subject: [PATCH 586/653] Introduce mbedtls_ctr_increment_counter Signed-off-by: Dave Rodgman --- library/ctr.h | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 library/ctr.h diff --git a/library/ctr.h b/library/ctr.h new file mode 100644 index 0000000000..a6b84cdeb5 --- /dev/null +++ b/library/ctr.h @@ -0,0 +1,30 @@ +/** + * \file ctr.h + * + * \brief This file contains common functionality for counter algorithms. + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "common.h" + +/** + * \brief Increment a big-endian 16-byte value. + * This is quite performance-sensitive for AES-CTR and CTR-DRBG. + * + * \param n A 16-byte value to be incremented. + */ +static inline void mbedtls_ctr_increment_counter(uint8_t n[16]) +{ + // The 32-bit version seems to perform about the same as a 64-bit version + // on 64-bit architectures, so no need to define a 64-bit version. + for (int i = 3;; i--) { + uint32_t x = MBEDTLS_GET_UINT32_BE(n, i << 2); + x += 1; + MBEDTLS_PUT_UINT32_BE(x, n, i << 2); + if (x != 0 || i == 0) { + break; + } + } +} From ae730348e9c983410d343c14940e08550bcb58b4 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 13 Jan 2024 17:31:13 +0000 Subject: [PATCH 587/653] Add tests for mbedtls_ctr_increment_counter Signed-off-by: Dave Rodgman --- tests/suites/test_suite_ctr_drbg.data | 45 ++++++++++++++ tests/suites/test_suite_ctr_drbg.function | 73 +++++++++++++++++++++++ 2 files changed, 118 insertions(+) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index 028a07f80d..89dfb9792a 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1105,3 +1105,48 @@ ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1:5 CTR_DRBG self test ctr_drbg_selftest: + +Increment counter rollover +ctr_increment_rollover + +Increment counter 00 +ctr_increment:"00" + +Increment counter ff00 +ctr_increment:"ff00" + +Increment counter ff0000 +ctr_increment:"ff0000" + +Increment counter ff000000 +ctr_increment:"ff000000" + +Increment counter ff00000000 +ctr_increment:"ff00000000" + +Increment counter ff0000000000 +ctr_increment:"ff0000000000" + +Increment counter ff000000000000 +ctr_increment:"ff000000000000" + +Increment counter 01 +ctr_increment:"01" + +Increment counter ff01 +ctr_increment:"ff01" + +Increment counter ff0001 +ctr_increment:"ff0001" + +Increment counter ff000001 +ctr_increment:"ff000001" + +Increment counter ff00000001 +ctr_increment:"ff00000001" + +Increment counter ff0000000001 +ctr_increment:"ff0000000001" + +Increment counter ff000000000001 +ctr_increment:"ff000000000001" diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 1f0a072c7c..425c43ef11 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -2,6 +2,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "string.h" +#include "ctr.h" #if defined(MBEDTLS_THREADING_PTHREAD) #include "mbedtls/threading.h" @@ -443,3 +444,75 @@ void ctr_drbg_selftest() AES_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE */ +void ctr_increment_rollover() +{ + uint8_t c[16]; + uint8_t r[16]; + + // test all increments from 2^n - 1 to 2^n (i.e. where we roll over into the next bit) + for (int n = 0; n <= 128; n++) { + memset(c, 0, 16); + memset(r, 0, 16); + + // set least significant (highest address) n bits to 1, i.e. generate (2^n - 1) + for (int i = 0; i < n; i++) { + int bit = i % 8; + int byte = (i / 8); + c[15 - byte] |= 1 << bit; + } + // increment to get 2^n + mbedtls_ctr_increment_counter(c); + + // now generate a reference result equal to 2^n - i.e. set only bit (n + 1) + // if n == 127, this will not set any bits (i.e. wraps to 0). + int bit = n % 8; + int byte = n / 8; + if (byte < 16) { + r[15 - byte] = 1 << bit; + } + + TEST_MEMORY_COMPARE(c, 16, r, 16); + } + + uint64_t lsb = 10, msb = 20; + MBEDTLS_PUT_UINT64_BE(msb, c, 0); + MBEDTLS_PUT_UINT64_BE(lsb, c, 8); + memcpy(r, c, 16); + mbedtls_ctr_increment_counter(c); + for (int i = 15; i >= 0; i--) { + r[i] += 1; + if (r[i] != 0) { + break; + } + } + TEST_MEMORY_COMPARE(c, 16, r, 16); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ctr_increment(data_t *x) +{ + uint8_t c[16]; + uint8_t r[16]; + + // initialise c and r from test argument + memset(c, 0, 16); + memcpy(c, x->x, x->len); + memcpy(r, c, 16); + + // increment c + mbedtls_ctr_increment_counter(c); + // increment reference + for (int i = 15; i >= 0; i--) { + r[i] += 1; + if (r[i] != 0) { + break; + } + } + + // test that mbedtls_ctr_increment_counter behaviour matches reference + TEST_MEMORY_COMPARE(c, 16, r, 16); +} +/* END_CASE */ From 591ff05384f36658022f3c67f408dbc903ec8897 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 13 Jan 2024 16:42:38 +0000 Subject: [PATCH 588/653] Use optimised counter increment in AES-CTR and CTR-DRBG Signed-off-by: Dave Rodgman --- library/aes.c | 7 ++----- library/ctr_drbg.c | 17 +++++------------ 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/library/aes.c b/library/aes.c index ced8a32639..b1a5c3ed10 100644 --- a/library/aes.c +++ b/library/aes.c @@ -53,6 +53,7 @@ #endif #include "mbedtls/platform.h" +#include "ctr.h" /* * This is a convenience shorthand macro to check if we need reverse S-box and @@ -1456,11 +1457,7 @@ int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, if (ret != 0) { goto exit; } - for (int j = 16; j > 0; j--) { - if (++nonce_counter[j - 1] != 0) { - break; - } - } + mbedtls_ctr_increment_counter(nonce_counter); } else { n -= offset; } diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index da34f950b8..f3995f709c 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -14,6 +14,7 @@ #if defined(MBEDTLS_CTR_DRBG_C) +#include "ctr.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -333,7 +334,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, { unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN]; unsigned char *p = tmp; - int i, j; + int j; int ret = 0; #if !defined(MBEDTLS_AES_C) psa_status_t status; @@ -346,11 +347,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, /* * Increase counter */ - for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) { - if (++ctx->counter[i - 1] != 0) { - break; - } - } + mbedtls_ctr_increment_counter(ctx->counter); /* * Crypt counter block @@ -652,13 +649,9 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, while (output_len > 0) { /* - * Increase counter + * Increase counter (treat it as a 128-bit big-endian integer). */ - for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) { - if (++ctx->counter[i - 1] != 0) { - break; - } - } + mbedtls_ctr_increment_counter(ctx->counter); /* * Crypt counter block From 174eeff235f2d3c8290a5709811669332521685b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 13 Jan 2024 16:43:18 +0000 Subject: [PATCH 589/653] Save 14 bytes in CTR-DRBG Signed-off-by: Dave Rodgman --- library/ctr_drbg.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index f3995f709c..30574679f9 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -369,9 +369,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } - for (i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++) { - tmp[i] ^= data[i]; - } + mbedtls_xor(tmp, tmp, data, MBEDTLS_CTR_DRBG_SEEDLEN); /* * Update key and counter @@ -614,10 +612,11 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, { int ret = 0; mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng; - unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN]; unsigned char *p = output; - unsigned char tmp[MBEDTLS_CTR_DRBG_BLOCKSIZE]; - int i; + struct { + unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN]; + unsigned char tmp[MBEDTLS_CTR_DRBG_BLOCKSIZE]; + } locals; size_t use_len; if (output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST) { @@ -628,7 +627,7 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; } - memset(add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN); + memset(locals.add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN); if (ctx->reseed_counter > ctx->reseed_interval || ctx->prediction_resistance) { @@ -639,10 +638,10 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, } if (add_len > 0) { - if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) { + if ((ret = block_cipher_df(locals.add_input, additional, add_len)) != 0) { goto exit; } - if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) { + if ((ret = ctr_drbg_update_internal(ctx, locals.add_input)) != 0) { goto exit; } } @@ -658,7 +657,7 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, */ #if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, - ctx->counter, tmp)) != 0) { + ctx->counter, locals.tmp)) != 0) { goto exit; } #else @@ -678,20 +677,19 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, /* * Copy random block to destination */ - memcpy(p, tmp, use_len); + memcpy(p, locals.tmp, use_len); p += use_len; output_len -= use_len; } - if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) { + if ((ret = ctr_drbg_update_internal(ctx, locals.add_input)) != 0) { goto exit; } ctx->reseed_counter++; exit: - mbedtls_platform_zeroize(add_input, sizeof(add_input)); - mbedtls_platform_zeroize(tmp, sizeof(tmp)); + mbedtls_platform_zeroize(&locals, sizeof(locals)); return ret; } From 46697da5b3b555148c7e5a46aaf70393c6a48eb3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 14 Jan 2024 12:59:49 +0000 Subject: [PATCH 590/653] Make gcm counter increment more efficient Signed-off-by: Dave Rodgman --- library/gcm.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/library/gcm.c b/library/gcm.c index 20d55c0a89..c677ca4d70 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -401,12 +401,9 @@ int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx, /* Increment the counter. */ static void gcm_incr(unsigned char y[16]) { - size_t i; - for (i = 16; i > 12; i--) { - if (++y[i - 1] != 0) { - break; - } - } + uint32_t x = MBEDTLS_GET_UINT32_BE(y, 12); + x++; + MBEDTLS_PUT_UINT32_BE(x, y, 12); } /* Calculate and apply the encryption mask. Process use_len bytes of data, From 66a827fc8394f67096f6f3ea7eb11ddbe8ad6616 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 15:00:52 +0100 Subject: [PATCH 591/653] test_driver_key_management: make opaque [un]wrapping functions public Signed-off-by: Valerio Setti --- tests/include/test/drivers/key_management.h | 8 ++++++++ tests/src/drivers/test_driver_key_management.c | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 526adbb91b..9a68777ecd 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -67,6 +67,14 @@ void mbedtls_test_transparent_free(void); psa_status_t mbedtls_test_opaque_init(void); void mbedtls_test_opaque_free(void); +psa_status_t mbedtls_test_opaque_wrap_key( + const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer, + size_t wrapped_key_buffer_size, size_t *wrapped_key_buffer_length); + +psa_status_t mbedtls_test_opaque_unwrap_key( + const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer, + size_t key_buffer_size, size_t *key_buffer_length); + psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length); diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index d522ebfe8d..4188c25c18 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -125,7 +125,7 @@ static size_t mbedtls_test_opaque_get_base_size() * The argument wrapped_key_buffer_length is filled with the wrapped * key_size on success. * */ -static psa_status_t mbedtls_test_opaque_wrap_key( +psa_status_t mbedtls_test_opaque_wrap_key( const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer, @@ -159,7 +159,7 @@ static psa_status_t mbedtls_test_opaque_wrap_key( * The argument key_buffer_length is filled with the unwrapped(clear) * key_size on success. * */ -static psa_status_t mbedtls_test_opaque_unwrap_key( +psa_status_t mbedtls_test_opaque_unwrap_key( const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer, From 62b6f10f64f8454b3aba38fda05257356cd56541 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 15:03:17 +0100 Subject: [PATCH 592/653] test_driver_asymmetric_encryption: implement opaque [en/de]cryption functions Signed-off-by: Valerio Setti --- .../test_driver_asymmetric_encryption.c | 78 +++++++++++++------ 1 file changed, 55 insertions(+), 23 deletions(-) diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c index ff46387d58..4fc8c9d34b 100644 --- a/tests/src/drivers/test_driver_asymmetric_encryption.c +++ b/tests/src/drivers/test_driver_asymmetric_encryption.c @@ -13,11 +13,15 @@ #include "psa_crypto_rsa.h" #include "string.h" #include "test/drivers/asymmetric_encryption.h" +#include "test/drivers/key_management.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/library/psa_crypto_rsa.h" #endif +#define PSA_RSA_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) + mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks = MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT; @@ -104,7 +108,7 @@ psa_status_t mbedtls_test_transparent_asymmetric_decrypt( } /* - * opaque versions - TODO + * opaque versions */ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, @@ -112,17 +116,31 @@ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) salt; - (void) salt_length; - (void) output; - (void) output_size; - (void) output_length; + unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE]; + size_t unwrapped_key_length; + psa_status_t status; + + status = mbedtls_test_opaque_unwrap_key(key, key_length, + unwrapped_key, sizeof(unwrapped_key), + &unwrapped_key_length); + if (status != PSA_SUCCESS) { + return status; + } + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)) + return libtestdriver1_mbedtls_psa_asymmetric_encrypt( + (const libtestdriver1_psa_key_attributes_t *) attributes, + unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#else + return mbedtls_psa_asymmetric_encrypt( + attributes, unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#endif + return PSA_ERROR_NOT_SUPPORTED; } @@ -132,17 +150,31 @@ psa_status_t mbedtls_test_opaque_asymmetric_decrypt( size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) salt; - (void) salt_length; - (void) output; - (void) output_size; - (void) output_length; + unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE]; + size_t unwrapped_key_length; + psa_status_t status; + + status = mbedtls_test_opaque_unwrap_key(key, key_length, + unwrapped_key, sizeof(unwrapped_key), + &unwrapped_key_length); + if (status != PSA_SUCCESS) { + return status; + } + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)) + return libtestdriver1_mbedtls_psa_asymmetric_decrypt( + (const libtestdriver1_psa_key_attributes_t *) attributes, + unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#else + return mbedtls_psa_asymmetric_decrypt( + attributes, unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#endif + return PSA_ERROR_NOT_SUPPORTED; } From 4860a6c7acc281bf581f972147d09c0407bebbe1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 15:05:24 +0100 Subject: [PATCH 593/653] test_suite_psa_crypto: revert known failing checks for [en|de]cryption with opaque keys Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.function | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f67508c5f2..60c4f30d80 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -2148,11 +2148,8 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, NULL, 0, buffer, buffer_length, &output_length); - if (use_opaque_key) { - /* Encryption/decryption is opaque keys is currently not supported. */ - TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED); - } else if (policy_alg == exercise_alg && - (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { + if (policy_alg == exercise_alg && + (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { PSA_ASSERT(status); } else { TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); @@ -2166,11 +2163,8 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, NULL, 0, buffer, buffer_length, &output_length); - if (use_opaque_key) { - /* Encryption/decryption is opaque keys is currently not supported. */ - TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED); - } else if (policy_alg == exercise_alg && - (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) { + if (policy_alg == exercise_alg && + (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) { TEST_EQUAL(status, PSA_ERROR_INVALID_PADDING); } else { TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); From 4cc6fb90393e3d271e8e00a28410f4904095a411 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 14 Jan 2024 18:13:05 +0000 Subject: [PATCH 594/653] add test for multipart AES-CTR Signed-off-by: Dave Rodgman --- tests/suites/test_suite_aes.ctr.data | 119 +++++++++++++++++++++++++++ tests/suites/test_suite_aes.function | 72 ++++++++++++++++ 2 files changed, 191 insertions(+) create mode 100644 tests/suites/test_suite_aes.ctr.data diff --git a/tests/suites/test_suite_aes.ctr.data b/tests/suites/test_suite_aes.ctr.data new file mode 100644 index 0000000000..6ce7c01fc4 --- /dev/null +++ b/tests/suites/test_suite_aes.ctr.data @@ -0,0 +1,119 @@ +AES-CTR aes_encrypt_ctr_multipart 1 1 +aes_encrypt_ctr_multipart:1:1 + +AES-CTR aes_encrypt_ctr_multipart 2 1 +aes_encrypt_ctr_multipart:2:1 + +AES-CTR aes_encrypt_ctr_multipart 2 2 +aes_encrypt_ctr_multipart:2:2 + +AES-CTR aes_encrypt_ctr_multipart 4 1 +aes_encrypt_ctr_multipart:4:1 + +AES-CTR aes_encrypt_ctr_multipart 4 2 +aes_encrypt_ctr_multipart:4:2 + +AES-CTR aes_encrypt_ctr_multipart 15 1 +aes_encrypt_ctr_multipart:15:1 + +AES-CTR aes_encrypt_ctr_multipart 15 2 +aes_encrypt_ctr_multipart:15:2 + +AES-CTR aes_encrypt_ctr_multipart 15 8 +aes_encrypt_ctr_multipart:15:8 + +AES-CTR aes_encrypt_ctr_multipart 15 15 +aes_encrypt_ctr_multipart:15:15 + +AES-CTR aes_encrypt_ctr_multipart 16 1 +aes_encrypt_ctr_multipart:16:1 + +AES-CTR aes_encrypt_ctr_multipart 16 2 +aes_encrypt_ctr_multipart:16:2 + +AES-CTR aes_encrypt_ctr_multipart 16 8 +aes_encrypt_ctr_multipart:16:8 + +AES-CTR aes_encrypt_ctr_multipart 16 15 +aes_encrypt_ctr_multipart:16:15 + +AES-CTR aes_encrypt_ctr_multipart 16 16 +aes_encrypt_ctr_multipart:16:16 + +AES-CTR aes_encrypt_ctr_multipart 17 1 +aes_encrypt_ctr_multipart:17:1 + +AES-CTR aes_encrypt_ctr_multipart 17 2 +aes_encrypt_ctr_multipart:17:2 + +AES-CTR aes_encrypt_ctr_multipart 17 8 +aes_encrypt_ctr_multipart:17:8 + +AES-CTR aes_encrypt_ctr_multipart 17 15 +aes_encrypt_ctr_multipart:17:15 + +AES-CTR aes_encrypt_ctr_multipart 17 16 +aes_encrypt_ctr_multipart:17:16 + +AES-CTR aes_encrypt_ctr_multipart 63 1 +aes_encrypt_ctr_multipart:63:1 + +AES-CTR aes_encrypt_ctr_multipart 63 2 +aes_encrypt_ctr_multipart:63:2 + +AES-CTR aes_encrypt_ctr_multipart 63 8 +aes_encrypt_ctr_multipart:63:8 + +AES-CTR aes_encrypt_ctr_multipart 63 15 +aes_encrypt_ctr_multipart:63:15 + +AES-CTR aes_encrypt_ctr_multipart 63 16 +aes_encrypt_ctr_multipart:63:16 + +AES-CTR aes_encrypt_ctr_multipart 63 17 +aes_encrypt_ctr_multipart:63:17 + +AES-CTR aes_encrypt_ctr_multipart 64 1 +aes_encrypt_ctr_multipart:64:1 + +AES-CTR aes_encrypt_ctr_multipart 64 2 +aes_encrypt_ctr_multipart:64:2 + +AES-CTR aes_encrypt_ctr_multipart 64 8 +aes_encrypt_ctr_multipart:64:8 + +AES-CTR aes_encrypt_ctr_multipart 64 15 +aes_encrypt_ctr_multipart:64:15 + +AES-CTR aes_encrypt_ctr_multipart 64 16 +aes_encrypt_ctr_multipart:64:16 + +AES-CTR aes_encrypt_ctr_multipart 64 17 +aes_encrypt_ctr_multipart:64:17 + +AES-CTR aes_encrypt_ctr_multipart 1024 1 +aes_encrypt_ctr_multipart:1024:1 + +AES-CTR aes_encrypt_ctr_multipart 1024 10 +aes_encrypt_ctr_multipart:1024:10 + +AES-CTR aes_encrypt_ctr_multipart 1024 15 +aes_encrypt_ctr_multipart:1024:15 + +AES-CTR aes_encrypt_ctr_multipart 1024 16 +aes_encrypt_ctr_multipart:1024:16 + +AES-CTR aes_encrypt_ctr_multipart 1024 63 +aes_encrypt_ctr_multipart:1024:63 + +AES-CTR aes_encrypt_ctr_multipart 1024 64 +aes_encrypt_ctr_multipart:1024:64 + +AES-CTR aes_encrypt_ctr_multipart 1024 65 +aes_encrypt_ctr_multipart:1024:65 + +AES-CTR aes_encrypt_ctr_multipart 1024 1023 +aes_encrypt_ctr_multipart:1024:1023 + +AES-CTR aes_encrypt_ctr_multipart 1024 1024 +aes_encrypt_ctr_multipart:1024:1024 diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 2ca3f7f20f..f4950a0834 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -88,6 +88,78 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ +void aes_encrypt_ctr_multipart(int length, int step_size) +{ + unsigned char key[16]; + unsigned char ctr_a[16]; + unsigned char ctr_b[16]; + unsigned char stream_block_a[16]; + unsigned char stream_block_b[16]; + unsigned char *input = NULL; + unsigned char *output_a = NULL; + unsigned char *output_b = NULL; + mbedtls_aes_context ctx; + size_t nc_off_a, nc_off_b; + + TEST_ASSERT(length >= 0); + TEST_ASSERT(step_size > 0); + + TEST_CALLOC(input, length); + TEST_CALLOC(output_a, length); + TEST_CALLOC(output_b, length); + + // set up a random key + mbedtls_test_rnd_std_rand(NULL, key, sizeof(key)); + + // random input + mbedtls_test_rnd_std_rand(NULL, input, sizeof(input)); + + + // complete encryption in one call + mbedtls_aes_init(&ctx); + TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key, sizeof(key) * 8) == 0); + memset(ctr_a, 0, sizeof(ctr_a)); + memset(stream_block_a, 0, sizeof(stream_block_a)); + nc_off_a = 0; + TEST_EQUAL(mbedtls_aes_crypt_ctr(&ctx, length, &nc_off_a, ctr_a, + stream_block_a, input, output_a), 0); + mbedtls_aes_free(&ctx); + + + // encrypt in multiple steps of varying size + mbedtls_aes_init(&ctx); + TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key, sizeof(key) * 8) == 0); + memset(ctr_b, 0, sizeof(ctr_b)); + memset(stream_block_b, 0, sizeof(stream_block_b)); + nc_off_b = 0; + size_t remaining = length; + unsigned char *ip = input, *op = output_b; + while (remaining != 0) { + size_t l = MIN(remaining, (size_t) step_size); + step_size *= 2; + remaining -= l; + TEST_EQUAL(mbedtls_aes_crypt_ctr(&ctx, l, &nc_off_b, ctr_b, stream_block_b, ip, op), 0); + ip += l; + op += l; + } + + // finally, validate that multiple steps produced same result as single-pass + TEST_MEMORY_COMPARE(output_a, length, output_b, length); + TEST_MEMORY_COMPARE(ctr_a, sizeof(ctr_a), ctr_b, sizeof(ctr_b)); + TEST_MEMORY_COMPARE(stream_block_a, sizeof(stream_block_a), + stream_block_b, sizeof(stream_block_b)); + TEST_EQUAL(nc_off_a, nc_off_b); + +exit: + mbedtls_free(input); + mbedtls_free(output_a); + mbedtls_free(output_b); + + mbedtls_aes_free(&ctx); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ void aes_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst, int setkey_result) From 24ad1b59e884df644d872149bb662b9c0cb9eb87 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 14 Jan 2024 23:52:27 +0000 Subject: [PATCH 595/653] Add NIST AES-CTR test vectors Signed-off-by: Dave Rodgman --- tests/suites/test_suite_aes.ctr.data | 16 ++++++++++ tests/suites/test_suite_aes.function | 46 ++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/tests/suites/test_suite_aes.ctr.data b/tests/suites/test_suite_aes.ctr.data index 6ce7c01fc4..85c4c96452 100644 --- a/tests/suites/test_suite_aes.ctr.data +++ b/tests/suites/test_suite_aes.ctr.data @@ -1,3 +1,19 @@ +# Test vectors from NIST Special Publication 800-38A 2001 Edition +# Recommendation for Block Edition Cipher Modes of Operation + +# as below, but corrupt the key to check the test catches it +AES-CTR NIST 128 bad +aes_ctr:"00000000000000000000000000000000":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee":1 + +AES-CTR NIST 128 +aes_ctr:"2b7e151628aed2a6abf7158809cf4f3c":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee":0 + +AES-CTR NIST 192 +aes_ctr:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e941e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050":0 + +AES-CTR NIST 256 +aes_ctr:"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c52b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6":0 + AES-CTR aes_encrypt_ctr_multipart 1 1 aes_encrypt_ctr_multipart:1:1 diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index f4950a0834..7b1306a824 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -88,6 +88,52 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ +void aes_ctr(data_t *key, data_t *ictr, data_t *pt, data_t *ct, int expected) +{ + unsigned char *output = NULL; + unsigned char ctr[16]; + unsigned char stream_block[16]; + mbedtls_aes_context ctx; + + // sanity checks on test input + TEST_ASSERT(pt->len == ct->len); + TEST_ASSERT(key->len == 16 || key->len == 24 || key->len == 32); + + TEST_CALLOC(output, pt->len); + + // expected result is always success on zero-length input, so skip len == 0 if expecting failure + for (size_t len = (expected == 0 ? 0 : 1); len <= pt->len; len++) { + for (int i = 0; i < 2; i++) { + mbedtls_aes_init(&ctx); + TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key->x, key->len * 8) == 0); + + memcpy(ctr, ictr->x, 16); + memset(stream_block, 0, 16); + memset(output, 0, pt->len); + + size_t nc_off = 0; + + if (i == 0) { + // encrypt + TEST_EQUAL(mbedtls_aes_crypt_ctr(&ctx, len, &nc_off, ctr, + stream_block, pt->x, output), 0); + TEST_ASSERT(!!memcmp(output, ct->x, len) == expected); + } else { + // decrypt + TEST_EQUAL(mbedtls_aes_crypt_ctr(&ctx, len, &nc_off, ctr, + stream_block, ct->x, output), 0); + TEST_ASSERT(!!memcmp(output, pt->x, len) == expected); + } + } + } + +exit: + mbedtls_free(output); + mbedtls_aes_free(&ctx); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ void aes_encrypt_ctr_multipart(int length, int step_size) { From 9f97566c0442066e01fedd28e5ce47b24baf158b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 14 Jan 2024 23:55:20 +0000 Subject: [PATCH 596/653] Add Changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/ctr-perf.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/ctr-perf.txt diff --git a/ChangeLog.d/ctr-perf.txt b/ChangeLog.d/ctr-perf.txt new file mode 100644 index 0000000000..bc04080bfa --- /dev/null +++ b/ChangeLog.d/ctr-perf.txt @@ -0,0 +1,3 @@ +Features + * Improve performance of AES-GCM, AES-CTR and CTR-DRBG when + hardware accelerated AES is not present (around 13-23% on 64-bit Arm). From 333ca8fdfc0c41852aadbf55e60100a6db5d09ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 16 Jan 2024 17:05:19 +0100 Subject: [PATCH 597/653] Migrate to new RTD redirect format MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Migrate to the new redirect format introduced by ReadTheDocs in readthedocs/readthedocs.org#10881 Signed-off-by: Bence Szépkúti --- docs/redirects.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/redirects.yaml b/docs/redirects.yaml index 7ea1d95504..969ffe43cc 100644 --- a/docs/redirects.yaml +++ b/docs/redirects.yaml @@ -7,5 +7,5 @@ # expose it. - type: exact - from_url: /projects/api/en/latest/$rest - to_url: /projects/api/en/development/ + from_url: /projects/api/en/latest/* + to_url: /projects/api/en/development/:splat From b7778b2388c2bdae733a7d702432faf41b718d80 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 16 Jan 2024 16:27:34 +0000 Subject: [PATCH 598/653] Fix ASAN error in test Signed-off-by: Dave Rodgman --- tests/suites/test_suite_aes.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 7b1306a824..9118a98655 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -159,7 +159,7 @@ void aes_encrypt_ctr_multipart(int length, int step_size) mbedtls_test_rnd_std_rand(NULL, key, sizeof(key)); // random input - mbedtls_test_rnd_std_rand(NULL, input, sizeof(input)); + mbedtls_test_rnd_std_rand(NULL, input, length); // complete encryption in one call From 7e5b7f91ca8efd5252a36765502ce9115ba73e61 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 16 Jan 2024 17:28:25 +0000 Subject: [PATCH 599/653] Fix error in ctr_drbg Signed-off-by: Dave Rodgman --- library/ctr_drbg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 30574679f9..66d9d28c58 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -665,7 +665,7 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, size_t tmp_len; status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter), - tmp, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); + locals.tmp, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); if (status != PSA_SUCCESS) { ret = psa_generic_status_to_mbedtls(status); goto exit; From 9039ba572b102f32fd1418c1ab6d6cd8edc30dbc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 16 Jan 2024 18:38:55 +0000 Subject: [PATCH 600/653] Fix test dependencies Signed-off-by: Dave Rodgman --- tests/suites/test_suite_aes.ctr.data | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_aes.ctr.data b/tests/suites/test_suite_aes.ctr.data index 85c4c96452..a14823666c 100644 --- a/tests/suites/test_suite_aes.ctr.data +++ b/tests/suites/test_suite_aes.ctr.data @@ -9,9 +9,11 @@ AES-CTR NIST 128 aes_ctr:"2b7e151628aed2a6abf7158809cf4f3c":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee":0 AES-CTR NIST 192 +depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH aes_ctr:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e941e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050":0 AES-CTR NIST 256 +depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH aes_ctr:"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c52b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6":0 AES-CTR aes_encrypt_ctr_multipart 1 1 From 584dc80d965541e1e93301d4e9b1d7f719168c32 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Jan 2024 16:43:07 +0100 Subject: [PATCH 601/653] add changelog Signed-off-by: Valerio Setti --- ChangeLog.d/8461.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/8461.txt diff --git a/ChangeLog.d/8461.txt b/ChangeLog.d/8461.txt new file mode 100644 index 0000000000..459e47bd27 --- /dev/null +++ b/ChangeLog.d/8461.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix unsupported PSA asymmetric encryption and dectryption + (psa_asymmetric_[en|de]crypt) with opaque keys. + Resolves #8461. From 885248c8ee824fafabd56a915ce0b941e4380631 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 Jan 2024 11:06:31 +0000 Subject: [PATCH 602/653] Add header guards Signed-off-by: Dave Rodgman --- library/ctr.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ctr.h b/library/ctr.h index a6b84cdeb5..aa48fb9e70 100644 --- a/library/ctr.h +++ b/library/ctr.h @@ -7,6 +7,9 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#ifndef MBEDTLS_CTR_H +#define MBEDTLS_CTR_H + #include "common.h" /** @@ -28,3 +31,5 @@ static inline void mbedtls_ctr_increment_counter(uint8_t n[16]) } } } + +#endif /* MBEDTLS_CTR_H */ From 7ed542e0f1aea1673f2b8bb3079c294e04777558 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 17 Jan 2024 11:39:09 +0000 Subject: [PATCH 603/653] Implement delayed deletion in psa_destroy_key and some cleanup Signed-off-by: Ryan Everett --- library/psa_crypto.c | 80 +++++++++++++++++++++++++++++--------------- 1 file changed, 53 insertions(+), 27 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d15ace5595..565b5e14ce 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -987,18 +987,41 @@ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot) /* * As the return error code may not be handled in case of multiple errors, - * do our best to report an unexpected amount of registered readers. - * Assert with MBEDTLS_TEST_HOOK_TEST_ASSERT that registered_readers is - * equal to one: + * do our best to report an unexpected amount of registered readers or + * an unexpected state. + * Assert with MBEDTLS_TEST_HOOK_TEST_ASSERT that the slot is valid for + * wiping. * if the MBEDTLS_TEST_HOOKS configuration option is enabled and the * function is called as part of the execution of a test suite, the * execution of the test suite is stopped in error if the assertion fails. */ - if (((slot->state == PSA_SLOT_FULL) || - (slot->state == PSA_SLOT_PENDING_DELETION)) && - (slot->registered_readers != 1)) { - MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 1); - status = PSA_ERROR_CORRUPTION_DETECTED; + switch (slot->state) { + case PSA_SLOT_FULL: + /* In this state psa_wipe_key_slot() must only be called if the + * caller is the last reader. */ + case PSA_SLOT_PENDING_DELETION: + /* In this state psa_wipe_key_slot() must only be called if the + * caller is the last reader. */ + if (slot->registered_readers != 1) { + MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 1); + status = PSA_ERROR_CORRUPTION_DETECTED; + } + break; + case PSA_SLOT_FILLING: + /* In this state registered_readers must be 0. */ + if (slot->registered_readers != 0) { + MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 0); + status = PSA_ERROR_CORRUPTION_DETECTED; + } + break; + case PSA_SLOT_EMPTY: + /* The slot is already empty, it cannot be wiped. */ + MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->state != PSA_SLOT_EMPTY); + status = PSA_ERROR_CORRUPTION_DETECTED; + break; + default: + /* The slot's state is invalid. */ + status = PSA_ERROR_CORRUPTION_DETECTED; } /* Multipart operations may still be using the key. This is safe @@ -1028,29 +1051,25 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) } /* - * Get the description of the key in a key slot. In case of a persistent - * key, this will load the key description from persistent memory if not - * done yet. We cannot avoid this loading as without it we don't know if + * Get the description of the key in a key slot, and register to read it. + * In the case of a persistent key, this will load the key description + * from persistent memory if not done yet. + * We cannot avoid this loading as without it we don't know if * the key is operated by an SE or not and this information is needed by - * the current implementation. - */ + * the current implementation. */ status = psa_get_and_lock_key_slot(key, &slot); if (status != PSA_SUCCESS) { return status; } - /* - * If the key slot containing the key description is under access by the - * library (apart from the present access), the key cannot be destroyed - * yet. For the time being, just return in error. Eventually (to be - * implemented), the key should be destroyed when all accesses have - * stopped. - */ - if (slot->registered_readers > 1) { - psa_unregister_read(slot); - return PSA_ERROR_GENERIC_ERROR; - } - + /* Set the key slot containing the key description's state to + * PENDING_DELETION. This stops new operations from registering + * to read the slot. Current readers can safely continue to access + * the key within the slot; the last registered reader will + * automatically wipe the slot when they call psa_unregister_read(). + * If the key is persistent, we can now delete the copy of the key + * from memory. If the key is opaque, we require the driver to + * deal with the deletion. */ slot->state = PSA_SLOT_PENDING_DELETION; if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) { @@ -1099,6 +1118,9 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { + /* Destroy the copy of the persistent key from memory. + * The slot will still hold a copy of the key until the last reader + * unregisters. */ status = psa_destroy_persistent_key(slot->attr.id); if (overall_status == PSA_SUCCESS) { overall_status = status; @@ -1125,8 +1147,11 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ exit: - status = psa_wipe_key_slot(slot); - /* Prioritize CORRUPTION_DETECTED from wiping over a storage error */ + /* Unregister from reading the slot. If we are the last active reader + * then this will wipe the slot. */ + status = psa_unregister_read(slot); + /* Prioritize CORRUPTION_DETECTED from unregistering over + * a storage error. */ if (status != PSA_SUCCESS) { overall_status = status; } @@ -1825,6 +1850,7 @@ static void psa_fail_key_creation(psa_key_slot_t *slot, * itself. */ (void) psa_crypto_stop_transaction(); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + psa_wipe_key_slot(slot); } From 38a2b7a6a3215b2d062da23b9945bbecd889e277 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 17 Jan 2024 11:45:44 +0000 Subject: [PATCH 604/653] Extend psa_wipe_key_slot documentation Signed-off-by: Ryan Everett --- library/psa_crypto_core.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 376337e16f..b5b9c54515 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -190,7 +190,10 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( * The slot has been successfully wiped. * \retval #PSA_ERROR_CORRUPTION_DETECTED * The slot's state was PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION, and - * the amount of registered readers was not equal to 1. + * the amount of registered readers was not equal to 1. Or, + * the slot's state was PSA_SLOT_EMPTY. Or, + * the slot's state was PSA_SLOT_FILLING, and the amount + * of registered readers was not equal to 0. */ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot); From 4a0ba80bdbf9b2ef1f44071cdabc733962870d69 Mon Sep 17 00:00:00 2001 From: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com> Date: Wed, 17 Jan 2024 14:12:33 +0000 Subject: [PATCH 605/653] Clarify psa_destroy_key documentation Co-authored-by: Janos Follath Signed-off-by: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com> --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 565b5e14ce..56265c1977 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1118,7 +1118,7 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { - /* Destroy the copy of the persistent key from memory. + /* Destroy the copy of the persistent key from storage. * The slot will still hold a copy of the key until the last reader * unregisters. */ status = psa_destroy_persistent_key(slot->attr.id); From 43ff242a8b0e2a6d7488e502eb70c55e31a057c4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 Jan 2024 08:42:38 +0100 Subject: [PATCH 606/653] changelog: fix typo Signed-off-by: Valerio Setti --- ChangeLog.d/8461.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/8461.txt b/ChangeLog.d/8461.txt index 459e47bd27..d6a65f0702 100644 --- a/ChangeLog.d/8461.txt +++ b/ChangeLog.d/8461.txt @@ -1,4 +1,4 @@ Bugfix - * Fix unsupported PSA asymmetric encryption and dectryption + * Fix unsupported PSA asymmetric encryption and decryption (psa_asymmetric_[en|de]crypt) with opaque keys. Resolves #8461. From 4f34b155f52fa1015cfe3f1177ed5739e7d07dc7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 Jan 2024 08:44:13 +0100 Subject: [PATCH 607/653] test_driver_key_management: keep mbedtls_test_opaque_wrap_key() private Only mbedtls_test_opaque_unwrap_key() is actually needed by other test drivers to deal with opaque keys. mbedtls_test_opaque_wrap_key() can be kept private to test_driver_key_management.c. Signed-off-by: Valerio Setti --- tests/include/test/drivers/key_management.h | 4 ---- tests/src/drivers/test_driver_key_management.c | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 9a68777ecd..7b5c4c7bf1 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -67,10 +67,6 @@ void mbedtls_test_transparent_free(void); psa_status_t mbedtls_test_opaque_init(void); void mbedtls_test_opaque_free(void); -psa_status_t mbedtls_test_opaque_wrap_key( - const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer, - size_t wrapped_key_buffer_size, size_t *wrapped_key_buffer_length); - psa_status_t mbedtls_test_opaque_unwrap_key( const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 4188c25c18..a3d532d51a 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -125,7 +125,7 @@ static size_t mbedtls_test_opaque_get_base_size() * The argument wrapped_key_buffer_length is filled with the wrapped * key_size on success. * */ -psa_status_t mbedtls_test_opaque_wrap_key( +static psa_status_t mbedtls_test_opaque_wrap_key( const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer, From 491f7e5ac3f03e247571f3c5088619bf8a807051 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 8 Jan 2024 11:04:21 +0000 Subject: [PATCH 608/653] Define key_slot_mutex Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 8d7ff908e1..2d24e6deb9 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -23,10 +23,27 @@ #include #include #include "mbedtls/platform.h" +#if defined(MBEDTLS_THREADING_C) +#include "mbedtls/threading.h" +#endif typedef struct { psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; uint8_t key_slots_initialized; + +#if defined(MBEDTLS_THREADING_C) + /* + * A mutex used to make the PSA subsystem thread safe. + * + * key_slot_mutex protects key_slots[i].registered_readers and + * key_slots[i].state for all valid i. + * + * This mutex must be held when any read from or write to a state or + * registered_readers field is performed, i.e. when calling functions: + * psa_key_slot_state_transition, psa_register_read, psa_unregister_read, + * psa_key_slot_has_readers and psa_wipe_key_slot. */ + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(key_slot_mutex); +#endif } psa_global_data_t; static psa_global_data_t global_data; From 846889355c0863e4b16745c535e425b66050f4cc Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 8 Jan 2024 11:10:03 +0000 Subject: [PATCH 609/653] Initialize and free the key slot mutex Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 17 ++++++++++++++++- library/psa_crypto_slot_management.h | 8 ++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 2d24e6deb9..180aecb584 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -147,7 +147,14 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( psa_status_t psa_initialize_key_slots(void) { - /* Nothing to do: program startup and psa_wipe_all_key_slots() both +#if defined(MBEDTLS_THREADING_C) + /* Initialize the global key slot mutex. */ + if (!global_data.key_slots_initialized) { + mbedtls_mutex_init(&global_data.key_slot_mutex); + } +#endif + + /* Program startup and psa_wipe_all_key_slots() both * guarantee that the key slots are initialized to all-zero, which * means that all the key slots are in a valid, empty state. */ global_data.key_slots_initialized = 1; @@ -164,6 +171,14 @@ void psa_wipe_all_key_slots(void) slot->state = PSA_SLOT_PENDING_DELETION; (void) psa_wipe_key_slot(slot); } + +#if defined(MBEDTLS_THREADING_C) + /* Free the global key slot mutex. */ + if (global_data.key_slots_initialized) { + mbedtls_mutex_free(&global_data.key_slot_mutex); + } +#endif + global_data.key_slots_initialized = 0; } diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 0b0d7b320e..01778f899e 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -85,6 +85,10 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot); /** Initialize the key slot structures. + * If multi-threading is enabled then initialize the key slot mutex. + * This function is not thread-safe, + * if called by competing threads the key slot mutex may be initialized + * more than once. * * \retval #PSA_SUCCESS * Currently this function always succeeds. @@ -92,6 +96,10 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_status_t psa_initialize_key_slots(void); /** Delete all data from key slots in memory. + * If multi-threading is enabled then free the key slot mutex. + * This function is not thread-safe, + * if called by competing threads the key slot mutex may be freed + * more than once. * * This does not affect persistent storage. */ void psa_wipe_all_key_slots(void); From 0e3b677cf4600bec736020715f85909f4534c5dd Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 8 Jan 2024 11:11:39 +0000 Subject: [PATCH 610/653] Support PSA_ERROR_SERVICE_FAILURE To be returned in the case where mbedtls_mutex_lock and mbedtls_mutex_unlock fail. Signed-off-by: Ryan Everett --- include/psa/crypto_values.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 8d30bf0fb9..90d98fdb79 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -279,6 +279,11 @@ * to read from a resource. */ #define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143) +/** This can be returned if a function can no longer operate correctly. + * For example, if an essential initialization operation failed or + * a mutex operation failed. */ +#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) + /** The key identifier is not valid. See also :ref:\`key-handles\`. */ #define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136) From fb02d57de790dc4cc27b5f9a43c4433c13a5ed60 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 8 Jan 2024 11:13:03 +0000 Subject: [PATCH 611/653] Document the thread safety of the primitive key slot functions Signed-off-by: Ryan Everett --- library/psa_crypto_core.h | 4 ++++ library/psa_crypto_slot_management.h | 10 ++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 1edd63e256..7b167248e8 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -117,6 +117,8 @@ typedef struct { 0) /** Test whether a key slot has any registered readers. + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * * \param[in] slot The key slot to test. * @@ -195,6 +197,8 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( * * Persistent storage is not affected. * Sets the slot's state to PSA_SLOT_EMPTY. + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * * \param[in,out] slot The key slot to wipe. * diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 01778f899e..fc46257f21 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -134,6 +134,9 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, * new state. If the state of the slot was not expected_state, the state is * unchanged. * + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. + * * \param[in] slot The key slot. * \param[in] expected_state The current state of the slot. * \param[in] new_state The new state of the slot. @@ -157,7 +160,8 @@ static inline psa_status_t psa_key_slot_state_transition( /** Register as a reader of a key slot. * * This function increments the key slot registered reader counter by one. - * + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * \param[in] slot The key slot. * * \retval #PSA_SUCCESS @@ -182,7 +186,9 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot) * This function decrements the key slot registered reader counter by one. * If the state of the slot is PSA_SLOT_PENDING_DELETION, * and there is only one registered reader (the caller), - * this function will call psa_wipe_key_slot(). + * this function will call psa_wipe_slot(). + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * * \note To ease the handling of errors in retrieving a key slot * a NULL input pointer is valid, and the function returns From 558da2ffd3f414ba221d907fb026f716a29b5f09 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 19 Jan 2024 12:59:28 +0000 Subject: [PATCH 612/653] Move key_slot_mutex to threading.h Make this a global mutex so that we don't have to init and free it. Also rename the mutex to follow the convention Signed-off-by: Ryan Everett --- include/mbedtls/threading.h | 14 +++++++++++++ library/psa_crypto_slot_management.c | 31 +--------------------------- library/psa_crypto_slot_management.h | 10 +-------- library/threading.c | 9 ++++++++ 4 files changed, 25 insertions(+), 39 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index b504233bdc..b4e050241b 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -100,6 +100,20 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +/* + * A mutex used to make the PSA subsystem thread safe. + * + * key_slot_mutex protects the registered_readers and + * state variable for all key slots in &global_data.key_slots. + * + * This mutex must be held when any read from or write to a state or + * registered_readers field is performed, i.e. when calling functions: + * psa_key_slot_state_transition(), psa_register_read(), psa_unregister_read(), + * psa_key_slot_has_readers() and psa_wipe_key_slot(). */ +extern mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex; +#endif + #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 180aecb584..47ace359d7 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -30,20 +30,6 @@ typedef struct { psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; uint8_t key_slots_initialized; - -#if defined(MBEDTLS_THREADING_C) - /* - * A mutex used to make the PSA subsystem thread safe. - * - * key_slot_mutex protects key_slots[i].registered_readers and - * key_slots[i].state for all valid i. - * - * This mutex must be held when any read from or write to a state or - * registered_readers field is performed, i.e. when calling functions: - * psa_key_slot_state_transition, psa_register_read, psa_unregister_read, - * psa_key_slot_has_readers and psa_wipe_key_slot. */ - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(key_slot_mutex); -#endif } psa_global_data_t; static psa_global_data_t global_data; @@ -147,14 +133,7 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( psa_status_t psa_initialize_key_slots(void) { -#if defined(MBEDTLS_THREADING_C) - /* Initialize the global key slot mutex. */ - if (!global_data.key_slots_initialized) { - mbedtls_mutex_init(&global_data.key_slot_mutex); - } -#endif - - /* Program startup and psa_wipe_all_key_slots() both + /* Nothing to do: program startup and psa_wipe_all_key_slots() both * guarantee that the key slots are initialized to all-zero, which * means that all the key slots are in a valid, empty state. */ global_data.key_slots_initialized = 1; @@ -171,14 +150,6 @@ void psa_wipe_all_key_slots(void) slot->state = PSA_SLOT_PENDING_DELETION; (void) psa_wipe_key_slot(slot); } - -#if defined(MBEDTLS_THREADING_C) - /* Free the global key slot mutex. */ - if (global_data.key_slots_initialized) { - mbedtls_mutex_free(&global_data.key_slot_mutex); - } -#endif - global_data.key_slots_initialized = 0; } diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index fc46257f21..4c0721d3be 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -85,10 +85,6 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot); /** Initialize the key slot structures. - * If multi-threading is enabled then initialize the key slot mutex. - * This function is not thread-safe, - * if called by competing threads the key slot mutex may be initialized - * more than once. * * \retval #PSA_SUCCESS * Currently this function always succeeds. @@ -96,10 +92,6 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_status_t psa_initialize_key_slots(void); /** Delete all data from key slots in memory. - * If multi-threading is enabled then free the key slot mutex. - * This function is not thread-safe, - * if called by competing threads the key slot mutex may be freed - * more than once. * * This does not affect persistent storage. */ void psa_wipe_all_key_slots(void); @@ -186,7 +178,7 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot) * This function decrements the key slot registered reader counter by one. * If the state of the slot is PSA_SLOT_PENDING_DELETION, * and there is only one registered reader (the caller), - * this function will call psa_wipe_slot(). + * this function will call psa_wipe_key_slot(). * If multi-threading is enabled, the caller must hold the * global key slot mutex. * diff --git a/library/threading.c b/library/threading.c index 873b5077b8..94404acb8c 100644 --- a/library/threading.c +++ b/library/threading.c @@ -148,6 +148,9 @@ void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), #if defined(THREADING_USE_GMTIME) mbedtls_mutex_init(&mbedtls_threading_gmtime_mutex); #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_mutext_init(&mbedtls_threading_key_slot_mutex); +#endif } /* @@ -161,6 +164,9 @@ void mbedtls_threading_free_alt(void) #if defined(THREADING_USE_GMTIME) mbedtls_mutex_free(&mbedtls_threading_gmtime_mutex); #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_mutex_free(&mbedtls_threading_key_slot_mutex); +#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -176,5 +182,8 @@ mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; #if defined(THREADING_USE_GMTIME) mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) +mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex MUTEX_INIT; +#endif #endif /* MBEDTLS_THREADING_C */ From 7aeacc1ec4b832b43c512067323156705e686fe2 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 19 Jan 2024 13:02:58 +0000 Subject: [PATCH 613/653] Add empty line in register_read comment Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.h | 1 + 1 file changed, 1 insertion(+) diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 4c0721d3be..002429b933 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -154,6 +154,7 @@ static inline psa_status_t psa_key_slot_state_transition( * This function increments the key slot registered reader counter by one. * If multi-threading is enabled, the caller must hold the * global key slot mutex. + * * \param[in] slot The key slot. * * \retval #PSA_SUCCESS From 63952b7de5f1ef0e18b9c7ada084a9a7a64d452b Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 19 Jan 2024 13:45:19 +0000 Subject: [PATCH 614/653] Fix typo Signed-off-by: Ryan Everett --- library/threading.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/threading.c b/library/threading.c index 94404acb8c..c28290fb76 100644 --- a/library/threading.c +++ b/library/threading.c @@ -149,7 +149,7 @@ void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), mbedtls_mutex_init(&mbedtls_threading_gmtime_mutex); #endif #if defined(MBEDTLS_PSA_CRYPTO_C) - mbedtls_mutext_init(&mbedtls_threading_key_slot_mutex); + mbedtls_mutex_init(&mbedtls_threading_key_slot_mutex); #endif } From 69b5a860644510e0315b9ec65991d5e111e81f15 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 19 Jan 2024 14:02:08 +0000 Subject: [PATCH 615/653] Improve mbedtls_xor for IAR Signed-off-by: Dave Rodgman --- library/common.h | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/library/common.h b/library/common.h index e532777e78..5c73e8a665 100644 --- a/library/common.h +++ b/library/common.h @@ -191,21 +191,30 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned uint8x16_t x = veorq_u8(v1, v2); vst1q_u8(r + i, x); } + // This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case + // where n is a constant multiple of 16. + // It makes no difference for others (e.g. recent gcc and clang) if n is a compile-time + // constant, and very little difference if n is not a compile-time constant. + if (n % 16 != 0) #elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64) /* This codepath probably only makes sense on architectures with 64-bit registers */ for (; (i + 8) <= n; i += 8) { uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); mbedtls_put_unaligned_uint64(r + i, x); } + if (n % 8 != 0) #else for (; (i + 4) <= n; i += 4) { uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i); mbedtls_put_unaligned_uint32(r + i, x); } + if (n % 4 != 0) #endif #endif - for (; i < n; i++) { - r[i] = a[i] ^ b[i]; + { + for (; i < n; i++) { + r[i] = a[i] ^ b[i]; + } } } @@ -236,15 +245,23 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); mbedtls_put_unaligned_uint64(r + i, x); } + // This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case + // where n is a constant multiple of 8. + // It makes no difference for others (e.g. recent gcc and clang) if n is a compile-time + // constant, and very little difference if n is not a compile-time constant. + if (n % 8 != 0) #else for (; (i + 4) <= n; i += 4) { uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i); mbedtls_put_unaligned_uint32(r + i, x); } + if (n % 4 != 0) #endif #endif - for (; i < n; i++) { - r[i] = a[i] ^ b[i]; + { + for (; i < n; i++) { + r[i] = a[i] ^ b[i]; + } } } From 7d8c99abb08a9e0716cd9bb9747cffce1a7d235a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 19 Jan 2024 14:02:58 +0000 Subject: [PATCH 616/653] Move MBEDTLS_COMPILER_IS_GCC defn into alignment.h Signed-off-by: Dave Rodgman --- library/alignment.h | 8 ++++++++ library/common.h | 9 --------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/library/alignment.h b/library/alignment.h index 9e1e044ec6..219f4f0af5 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -15,6 +15,14 @@ #include #include +#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ + && !defined(__llvm__) && !defined(__INTEL_COMPILER) +/* Defined if the compiler really is gcc and not clang, etc */ +#define MBEDTLS_COMPILER_IS_GCC +#define MBEDTLS_GCC_VERSION \ + (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) +#endif + /* * Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS for architectures where unaligned memory * accesses are known to be efficient. diff --git a/library/common.h b/library/common.h index 5c73e8a665..faefd64ea8 100644 --- a/library/common.h +++ b/library/common.h @@ -27,15 +27,6 @@ #define MBEDTLS_HAVE_NEON_INTRINSICS #endif - -#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ - && !defined(__llvm__) && !defined(__INTEL_COMPILER) -/* Defined if the compiler really is gcc and not clang, etc */ -#define MBEDTLS_COMPILER_IS_GCC -#define MBEDTLS_GCC_VERSION \ - (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) -#endif - /** Helper to define a function as static except when building invasive tests. * * If a function is only used inside its own source file and should be From c581264977e2b0309697fddc4a345ba1c4d02544 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 19 Jan 2024 14:04:28 +0000 Subject: [PATCH 617/653] Fix unaligned access on old compilers Add an alternative implementation of unaligned access that is efficient for IAR and old versions of gcc. Signed-off-by: Dave Rodgman --- library/alignment.h | 74 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/library/alignment.h b/library/alignment.h index 219f4f0af5..e7318c2ac3 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -45,6 +45,46 @@ #define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS #endif +#if defined(__IAR_SYSTEMS_ICC__) && \ + (defined(MBEDTLS_ARCH_IS_ARM64) || defined(MBEDTLS_ARCH_IS_ARM32) \ + || defined(__ICCRX__) || defined(__ICCRL78__) || defined(__ICCRISCV__)) +#pragma language=save +#pragma language=extended +#define MBEDTLS_POP_IAR_LANGUAGE_PRAGMA +/* IAR recommend this technique for accessing unaligned data in + * https://www.iar.com/knowledge/support/technical-notes/compiler/accessing-unaligned-data + * This results in a single load / store instruction (if unaligned access is supported). + * According to that document, this is only supported on certain architectures. + */ + #define UINT_UNALIGNED +typedef uint16_t __packed mbedtls_uint16_unaligned_t; +typedef uint32_t __packed mbedtls_uint32_unaligned_t; +typedef uint64_t __packed mbedtls_uint64_unaligned_t; +#elif defined(MBEDTLS_COMPILER_IS_GCC) && (MBEDTLS_GCC_VERSION >= 40504) && \ + ((MBEDTLS_GCC_VERSION < 90300) || (!defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS))) +/* + * Old versions of gcc, depending on how the target is specified, may generate a branch to memcpy + * for calls like `memcpy(dest, src, 4)` rather than generating some LDR or LDRB instructions + * (similar for stores). + * Recent versions where unaligned access is not enabled also do this. + * + * For performance (and code size, in some cases), we want to avoid the branch and just generate + * some inline load/store instructions since the access is small and constant-size. + * + * The manual states: + * "The aligned attribute specifies a minimum alignment for the variable or structure field, + * measured in bytes." + * https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html + * + * Tested with several versions of GCC from 4.5.0 up to 9.3.0 + * We don't enable for older than 4.5.0 as this has not been tested. + */ + #define UINT_UNALIGNED +typedef uint16_t __attribute__((__aligned__(1))) mbedtls_uint16_unaligned_t; +typedef uint32_t __attribute__((__aligned__(1))) mbedtls_uint32_unaligned_t; +typedef uint64_t __attribute__((__aligned__(1))) mbedtls_uint64_unaligned_t; + #endif + /** * Read the unsigned 16 bits integer from the given address, which need not * be aligned. @@ -55,7 +95,12 @@ inline uint16_t mbedtls_get_unaligned_uint16(const void *p) { uint16_t r; +#if defined(UINT_UNALIGNED) + mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p; + r = *p16; +#else memcpy(&r, p, sizeof(r)); +#endif return r; } @@ -68,7 +113,12 @@ inline uint16_t mbedtls_get_unaligned_uint16(const void *p) */ inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x) { +#if defined(UINT_UNALIGNED) + mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p; + *p16 = x; +#else memcpy(p, &x, sizeof(x)); +#endif } /** @@ -81,7 +131,12 @@ inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x) inline uint32_t mbedtls_get_unaligned_uint32(const void *p) { uint32_t r; +#if defined(UINT_UNALIGNED) + mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; + r = *p32; +#else memcpy(&r, p, sizeof(r)); +#endif return r; } @@ -94,7 +149,12 @@ inline uint32_t mbedtls_get_unaligned_uint32(const void *p) */ inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x) { +#if defined(UINT_UNALIGNED) + mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; + *p32 = x; +#else memcpy(p, &x, sizeof(x)); +#endif } /** @@ -107,7 +167,12 @@ inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x) inline uint64_t mbedtls_get_unaligned_uint64(const void *p) { uint64_t r; +#if defined(UINT_UNALIGNED) + mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; + r = *p64; +#else memcpy(&r, p, sizeof(r)); +#endif return r; } @@ -120,9 +185,18 @@ inline uint64_t mbedtls_get_unaligned_uint64(const void *p) */ inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x) { +#if defined(UINT_UNALIGNED) + mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; + *p64 = x; +#else memcpy(p, &x, sizeof(x)); +#endif } +#if defined(MBEDTLS_POP_IAR_LANGUAGE_PRAGMA) +#pragma language=restore +#endif + /** Byte Reading Macros * * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th From 55b5dd2cfc3c751368ddf262d7fb1b8ba7540bdc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 19 Jan 2024 14:06:52 +0000 Subject: [PATCH 618/653] Make unaligned accessors always inline Signed-off-by: Dave Rodgman --- library/alignment.h | 48 +++++++++++++++++++++++++++++++++++------ library/platform_util.c | 12 ----------- 2 files changed, 42 insertions(+), 18 deletions(-) diff --git a/library/alignment.h b/library/alignment.h index e7318c2ac3..b61301922e 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -85,6 +85,12 @@ typedef uint32_t __attribute__((__aligned__(1))) mbedtls_uint32_unaligned_t; typedef uint64_t __attribute__((__aligned__(1))) mbedtls_uint64_unaligned_t; #endif +/* + * We try to force mbedtls_(get|put)_unaligned_uintXX to be always inline, because this results + * in code that is both smaller and faster. IAR and gcc both benefit from this when optimising + * for size. + */ + /** * Read the unsigned 16 bits integer from the given address, which need not * be aligned. @@ -92,7 +98,12 @@ typedef uint64_t __attribute__((__aligned__(1))) mbedtls_uint64_unaligned_t; * \param p pointer to 2 bytes of data * \return Data at the given address */ -inline uint16_t mbedtls_get_unaligned_uint16(const void *p) +#if defined(__IAR_SYSTEMS_ICC__) +#pragma inline = forced +#elif defined(__GNUC__) +__attribute__((always_inline)) +#endif +static inline uint16_t mbedtls_get_unaligned_uint16(const void *p) { uint16_t r; #if defined(UINT_UNALIGNED) @@ -111,7 +122,12 @@ inline uint16_t mbedtls_get_unaligned_uint16(const void *p) * \param p pointer to 2 bytes of data * \param x data to write */ -inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x) +#if defined(__IAR_SYSTEMS_ICC__) +#pragma inline = forced +#elif defined(__GNUC__) +__attribute__((always_inline)) +#endif +static inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x) { #if defined(UINT_UNALIGNED) mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p; @@ -128,7 +144,12 @@ inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x) * \param p pointer to 4 bytes of data * \return Data at the given address */ -inline uint32_t mbedtls_get_unaligned_uint32(const void *p) +#if defined(__IAR_SYSTEMS_ICC__) +#pragma inline = forced +#elif defined(__GNUC__) +__attribute__((always_inline)) +#endif +static inline uint32_t mbedtls_get_unaligned_uint32(const void *p) { uint32_t r; #if defined(UINT_UNALIGNED) @@ -147,7 +168,12 @@ inline uint32_t mbedtls_get_unaligned_uint32(const void *p) * \param p pointer to 4 bytes of data * \param x data to write */ -inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x) +#if defined(__IAR_SYSTEMS_ICC__) +#pragma inline = forced +#elif defined(__GNUC__) +__attribute__((always_inline)) +#endif +static inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x) { #if defined(UINT_UNALIGNED) mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; @@ -164,7 +190,12 @@ inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x) * \param p pointer to 8 bytes of data * \return Data at the given address */ -inline uint64_t mbedtls_get_unaligned_uint64(const void *p) +#if defined(__IAR_SYSTEMS_ICC__) +#pragma inline = forced +#elif defined(__GNUC__) +__attribute__((always_inline)) +#endif +static inline uint64_t mbedtls_get_unaligned_uint64(const void *p) { uint64_t r; #if defined(UINT_UNALIGNED) @@ -183,7 +214,12 @@ inline uint64_t mbedtls_get_unaligned_uint64(const void *p) * \param p pointer to 8 bytes of data * \param x data to write */ -inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x) +#if defined(__IAR_SYSTEMS_ICC__) +#pragma inline = forced +#elif defined(__GNUC__) +__attribute__((always_inline)) +#endif +static inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x) { #if defined(UINT_UNALIGNED) mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; diff --git a/library/platform_util.c b/library/platform_util.c index 63643d26fc..e79fc5c8e9 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -226,18 +226,6 @@ extern inline void mbedtls_xor(unsigned char *r, const unsigned char *b, size_t n); -extern inline uint16_t mbedtls_get_unaligned_uint16(const void *p); - -extern inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x); - -extern inline uint32_t mbedtls_get_unaligned_uint32(const void *p); - -extern inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x); - -extern inline uint64_t mbedtls_get_unaligned_uint64(const void *p); - -extern inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x); - #if defined(MBEDTLS_HAVE_TIME) && !defined(MBEDTLS_PLATFORM_MS_TIME_ALT) #include From 18d90d75195fb56834360c42a4f06318afa3cccc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 19 Jan 2024 14:08:04 +0000 Subject: [PATCH 619/653] Make mbedtls_xor always inline Signed-off-by: Dave Rodgman --- library/common.h | 18 +++++++++++++++++- library/platform_util.c | 9 --------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/library/common.h b/library/common.h index faefd64ea8..760dff49e7 100644 --- a/library/common.h +++ b/library/common.h @@ -158,6 +158,12 @@ static inline const unsigned char *mbedtls_buffer_offset_const( return p == NULL ? NULL : p + n; } +/* Always inline mbedtls_xor for similar reasons as mbedtls_xor_no_simd. */ +#if defined(__IAR_SYSTEMS_ICC__) +#pragma inline = forced +#elif defined(__GNUC__) +__attribute__((always_inline)) +#endif /** * Perform a fast block XOR operation, such that * r[i] = a[i] ^ b[i] where 0 <= i < n @@ -169,7 +175,10 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * \param b Pointer to input (buffer of at least \p n bytes) * \param n Number of bytes to process. */ -inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned char *b, size_t n) +static inline void mbedtls_xor(unsigned char *r, + const unsigned char *a, + const unsigned char *b, + size_t n) { size_t i = 0; #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) @@ -209,6 +218,13 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned } } +/* Always inline mbedtls_xor_no_simd as we see significant perf regressions when it does not get + * inlined (e.g., observed about 3x perf difference in gcm_mult_largetable with gcc 7 - 12) */ +#if defined(__IAR_SYSTEMS_ICC__) +#pragma inline = forced +#elif defined(__GNUC__) +__attribute__((always_inline)) +#endif /** * Perform a fast block XOR operation, such that * r[i] = a[i] ^ b[i] where 0 <= i < n diff --git a/library/platform_util.c b/library/platform_util.c index e79fc5c8e9..9f5dcb8748 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -217,15 +217,6 @@ struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt, void (*mbedtls_test_hook_test_fail)(const char *, int, const char *); #endif /* MBEDTLS_TEST_HOOKS */ -/* - * Provide external definitions of some inline functions so that the compiler - * has the option to not inline them - */ -extern inline void mbedtls_xor(unsigned char *r, - const unsigned char *a, - const unsigned char *b, - size_t n); - #if defined(MBEDTLS_HAVE_TIME) && !defined(MBEDTLS_PLATFORM_MS_TIME_ALT) #include From 2143a4ad1fc79e3e601e078f86aafcb6fbabcc71 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 19 Jan 2024 14:08:17 +0000 Subject: [PATCH 620/653] Improve mbedtls_xor docs Signed-off-by: Dave Rodgman --- library/common.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/library/common.h b/library/common.h index 760dff49e7..3b1c7e1e7a 100644 --- a/library/common.h +++ b/library/common.h @@ -174,6 +174,14 @@ __attribute__((always_inline)) * \param a Pointer to input (buffer of at least \p n bytes) * \param b Pointer to input (buffer of at least \p n bytes) * \param n Number of bytes to process. + * + * \note Depending on the situation, it may be faster to use either mbedtls_xor or + * mbedtls_xor_no_simd (these are functionally equivalent). + * If the result is used immediately after the xor operation in non-SIMD code (e.g, in + * AES-CBC), there may be additional latency to transfer the data from SIMD to scalar + * registers, and in this case, mbedtls_xor_no_simd may be faster. In other cases where + * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor may be faster. + * For targets without SIMD support, they will behave the same. */ static inline void mbedtls_xor(unsigned char *r, const unsigned char *a, @@ -238,6 +246,14 @@ __attribute__((always_inline)) * \param a Pointer to input (buffer of at least \p n bytes) * \param b Pointer to input (buffer of at least \p n bytes) * \param n Number of bytes to process. + * + * \note Depending on the situation, it may be faster to use either mbedtls_xor or + * mbedtls_xor_no_simd (these are functionally equivalent). + * If the result is used immediately after the xor operation in non-SIMD code (e.g, in + * AES-CBC), there may be additional latency to transfer the data from SIMD to scalar + * registers, and in this case, mbedtls_xor_no_simd may be faster. In other cases where + * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor may be faster. + * For targets without SIMD support, they will behave the same. */ static inline void mbedtls_xor_no_simd(unsigned char *r, const unsigned char *a, From 7470557855e5eecb74064a7e1773995e03bd622a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 19 Jan 2024 14:29:32 +0000 Subject: [PATCH 621/653] Add changelog entry Signed-off-by: Dave Rodgman --- ChangeLog.d/iar-gcc-perf.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/iar-gcc-perf.txt diff --git a/ChangeLog.d/iar-gcc-perf.txt b/ChangeLog.d/iar-gcc-perf.txt new file mode 100644 index 0000000000..fb0fbb10d1 --- /dev/null +++ b/ChangeLog.d/iar-gcc-perf.txt @@ -0,0 +1,2 @@ +Features + * Improve performance for gcc (versions older than 9.3.0) and IAR. From 00b4eeb0b3b8569ee371dd91a0a6fac6ebc0ee34 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 19 Jan 2024 16:06:41 +0000 Subject: [PATCH 622/653] Improve comments Signed-off-by: Dave Rodgman --- library/common.h | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/library/common.h b/library/common.h index 3b1c7e1e7a..2eb9170374 100644 --- a/library/common.h +++ b/library/common.h @@ -158,7 +158,7 @@ static inline const unsigned char *mbedtls_buffer_offset_const( return p == NULL ? NULL : p + n; } -/* Always inline mbedtls_xor for similar reasons as mbedtls_xor_no_simd. */ +/* Always inline mbedtls_xor() for similar reasons as mbedtls_xor_no_simd(). */ #if defined(__IAR_SYSTEMS_ICC__) #pragma inline = forced #elif defined(__GNUC__) @@ -175,12 +175,12 @@ __attribute__((always_inline)) * \param b Pointer to input (buffer of at least \p n bytes) * \param n Number of bytes to process. * - * \note Depending on the situation, it may be faster to use either mbedtls_xor or - * mbedtls_xor_no_simd (these are functionally equivalent). + * \note Depending on the situation, it may be faster to use either mbedtls_xor() or + * mbedtls_xor_no_simd() (these are functionally equivalent). * If the result is used immediately after the xor operation in non-SIMD code (e.g, in * AES-CBC), there may be additional latency to transfer the data from SIMD to scalar - * registers, and in this case, mbedtls_xor_no_simd may be faster. In other cases where - * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor may be faster. + * registers, and in this case, mbedtls_xor_no_simd() may be faster. In other cases where + * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor() may be faster. * For targets without SIMD support, they will behave the same. */ static inline void mbedtls_xor(unsigned char *r, @@ -199,10 +199,10 @@ static inline void mbedtls_xor(unsigned char *r, uint8x16_t x = veorq_u8(v1, v2); vst1q_u8(r + i, x); } - // This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case - // where n is a constant multiple of 16. - // It makes no difference for others (e.g. recent gcc and clang) if n is a compile-time - // constant, and very little difference if n is not a compile-time constant. + /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case + * where n is a constant multiple of 16. + * It makes no difference for others (e.g. recent gcc and clang) if n is a compile-time + * constant, and very little difference if n is not a compile-time constant. */ if (n % 16 != 0) #elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64) /* This codepath probably only makes sense on architectures with 64-bit registers */ @@ -226,7 +226,7 @@ static inline void mbedtls_xor(unsigned char *r, } } -/* Always inline mbedtls_xor_no_simd as we see significant perf regressions when it does not get +/* Always inline mbedtls_xor_no_simd() as we see significant perf regressions when it does not get * inlined (e.g., observed about 3x perf difference in gcm_mult_largetable with gcc 7 - 12) */ #if defined(__IAR_SYSTEMS_ICC__) #pragma inline = forced @@ -237,7 +237,7 @@ __attribute__((always_inline)) * Perform a fast block XOR operation, such that * r[i] = a[i] ^ b[i] where 0 <= i < n * - * In some situations, this can perform better than mbedtls_xor (e.g., it's about 5% + * In some situations, this can perform better than mbedtls_xor() (e.g., it's about 5% * better in AES-CBC). * * \param r Pointer to result (buffer of at least \p n bytes). \p r @@ -247,12 +247,12 @@ __attribute__((always_inline)) * \param b Pointer to input (buffer of at least \p n bytes) * \param n Number of bytes to process. * - * \note Depending on the situation, it may be faster to use either mbedtls_xor or - * mbedtls_xor_no_simd (these are functionally equivalent). + * \note Depending on the situation, it may be faster to use either mbedtls_xor() or + * mbedtls_xor_no_simd() (these are functionally equivalent). * If the result is used immediately after the xor operation in non-SIMD code (e.g, in * AES-CBC), there may be additional latency to transfer the data from SIMD to scalar - * registers, and in this case, mbedtls_xor_no_simd may be faster. In other cases where - * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor may be faster. + * registers, and in this case, mbedtls_xor_no_simd() may be faster. In other cases where + * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor() may be faster. * For targets without SIMD support, they will behave the same. */ static inline void mbedtls_xor_no_simd(unsigned char *r, @@ -268,10 +268,10 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); mbedtls_put_unaligned_uint64(r + i, x); } - // This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case - // where n is a constant multiple of 8. - // It makes no difference for others (e.g. recent gcc and clang) if n is a compile-time - // constant, and very little difference if n is not a compile-time constant. + /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case + * where n is a constant multiple of 16. + * It makes no difference for others (e.g. recent gcc and clang) if n is a compile-time + * constant, and very little difference if n is not a compile-time constant. */ if (n % 8 != 0) #else for (; (i + 4) <= n; i += 4) { From 336efeec50cc237a7c1e03a0744d3188a7f805fd Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 19 Jan 2024 16:38:53 +0000 Subject: [PATCH 623/653] Move MBEDTLS_COMPILER_IS_GCC & MBEDTLS_GCC_VERSION into build_info Signed-off-by: Dave Rodgman --- include/mbedtls/build_info.h | 8 ++++++++ library/alignment.h | 8 +------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 7a70e2543e..c0b724c835 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -83,6 +83,14 @@ #endif #endif +#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ + && !defined(__llvm__) && !defined(__INTEL_COMPILER) +/* Defined if the compiler really is gcc and not clang, etc */ +#define MBEDTLS_COMPILER_IS_GCC +#define MBEDTLS_GCC_VERSION \ + (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) +#endif + #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 #endif diff --git a/library/alignment.h b/library/alignment.h index b61301922e..26f15261cd 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -15,13 +15,7 @@ #include #include -#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ - && !defined(__llvm__) && !defined(__INTEL_COMPILER) -/* Defined if the compiler really is gcc and not clang, etc */ -#define MBEDTLS_COMPILER_IS_GCC -#define MBEDTLS_GCC_VERSION \ - (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) -#endif +#include "mbedtls/build_info.h" /* * Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS for architectures where unaligned memory From 075f8797ac35925089116959c98366ccd2cb00e6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 19 Jan 2024 16:48:42 +0000 Subject: [PATCH 624/653] Remove include of build_info.h Signed-off-by: Dave Rodgman --- library/alignment.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/alignment.h b/library/alignment.h index 26f15261cd..248f29bc72 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -15,8 +15,6 @@ #include #include -#include "mbedtls/build_info.h" - /* * Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS for architectures where unaligned memory * accesses are known to be efficient. From 3c129dd6aa54cd83cbeb8c7bb13f8c75752a00dc Mon Sep 17 00:00:00 2001 From: v1gnesh Date: Mon, 22 Jan 2024 15:59:49 +0530 Subject: [PATCH 625/653] Update entropy_poll.c Signed-off-by: v1gnesh --- library/entropy_poll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index de2e0387a0..bd21e2d226 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -29,7 +29,7 @@ #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ - !defined(__HAIKU__) && !defined(__midipix__) + !defined(__HAIKU__) && !defined(__midipix__) && !defined(__MVS__) #error \ "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h" #endif From d0b55edea39b3da311ecb384d7c4d49dd924feb3 Mon Sep 17 00:00:00 2001 From: v1gnesh Date: Mon, 22 Jan 2024 17:13:56 +0530 Subject: [PATCH 626/653] Create 8726.txt changelog entry Signed-off-by: v1gnesh --- ChangeLog.d/8726.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/8726.txt diff --git a/ChangeLog.d/8726.txt b/ChangeLog.d/8726.txt new file mode 100644 index 0000000000..dc789b4344 --- /dev/null +++ b/ChangeLog.d/8726.txt @@ -0,0 +1,3 @@ +Features + * Add platform support for z/OS. + From 1c7629c1c03fcc74781bc448d5b4d5d6ffd7219c Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 15:19:42 +0100 Subject: [PATCH 627/653] Add tests for Issue #8687 Signed-off-by: Jonathan Winzig --- tests/suites/test_suite_x509write.data | 6 ++++++ tests/suites/test_suite_x509write.function | 21 +++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 0f190286bc..f1d4e34a56 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -265,3 +265,9 @@ mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=P Check max serial length x509_set_serial_check: + +Check max extension length (Max-1) +x509_set_extension_length_check:0xFFFFFFFE + +Check max extension length (Max) +x509_set_extension_length_check:0xFFFFFFFF \ No newline at end of file diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index a7ed26295e..7ec6557271 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -750,3 +750,24 @@ exit: USE_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE */ +void x509_set_extension_length_check(int val_len) +{ + int ret = 0; + + mbedtls_x509write_csr ctx; + mbedtls_x509write_csr_init(&ctx); + + unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 }; + unsigned char *p = buf + sizeof(buf); + + ret = mbedtls_x509_set_extension(&(ctx.MBEDTLS_PRIVATE(extensions)), + MBEDTLS_OID_EXTENDED_KEY_USAGE, + MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE), + 0, + p, + val_len); + TEST_ASSERT(ret == MBEDTLS_ERR_X509_BAD_INPUT_DATA || ret == MBEDTLS_ERR_X509_ALLOC_FAILED); +} +/* END_CASE */ From 63b5e216f8fcaff0f6b87bb05ffd5631158ac3c4 Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 15:20:03 +0100 Subject: [PATCH 628/653] Fix Issue #8687 Signed-off-by: Jonathan Winzig --- library/x509_create.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/x509_create.c b/library/x509_create.c index 5e732d67f8..2c17cb10c8 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -380,6 +380,10 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, { mbedtls_asn1_named_data *cur; + if (0xFFFFFFFF == (uint32_t) val_len) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } + if ((cur = mbedtls_asn1_store_named_data(head, oid, oid_len, NULL, val_len + 1)) == NULL) { return MBEDTLS_ERR_X509_ALLOC_FAILED; From a0c9448beaa6df9d4305c6d85fc659f10eb4ee80 Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 16:41:10 +0100 Subject: [PATCH 629/653] Update fix to be more platform-independent Co-authored-by: David Horstmann Signed-off-by: Jonathan Winzig --- library/x509_create.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_create.c b/library/x509_create.c index 2c17cb10c8..751ee08ed4 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -380,7 +380,7 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, { mbedtls_asn1_named_data *cur; - if (0xFFFFFFFF == (uint32_t) val_len) { + if (val_len > (SIZE_MAX - 1)) { return MBEDTLS_ERR_X509_BAD_INPUT_DATA; } From 93f5240ae594a5f88907a57264a1a73ee1886189 Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 16:47:12 +0100 Subject: [PATCH 630/653] Add missing newline at the end of test_suite_x509write.data Signed-off-by: Jonathan Winzig --- tests/suites/test_suite_x509write.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index f1d4e34a56..6aa0dadb64 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -270,4 +270,4 @@ Check max extension length (Max-1) x509_set_extension_length_check:0xFFFFFFFE Check max extension length (Max) -x509_set_extension_length_check:0xFFFFFFFF \ No newline at end of file +x509_set_extension_length_check:0xFFFFFFFF From 144bfde1cd10ab6e1647628fe10ead0057395648 Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 17:39:42 +0100 Subject: [PATCH 631/653] Update test-data to use SIZE_MAX Co-authored-by: David Horstmann Signed-off-by: Jonathan Winzig --- tests/suites/test_suite_x509write.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 6aa0dadb64..e41de849b7 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -270,4 +270,4 @@ Check max extension length (Max-1) x509_set_extension_length_check:0xFFFFFFFE Check max extension length (Max) -x509_set_extension_length_check:0xFFFFFFFF +x509_set_extension_length_check:SIZE_MAX From acd35a55c849ea0de8ffac164801cc75f286a7bd Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 17:47:10 +0100 Subject: [PATCH 632/653] Remove unneeded testcase Signed-off-by: Jonathan Winzig --- tests/suites/test_suite_x509write.data | 7 ++----- tests/suites/test_suite_x509write.function | 6 +++--- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index e41de849b7..f63ae2bea3 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -266,8 +266,5 @@ mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=P Check max serial length x509_set_serial_check: -Check max extension length (Max-1) -x509_set_extension_length_check:0xFFFFFFFE - -Check max extension length (Max) -x509_set_extension_length_check:SIZE_MAX +Check max extension length +x509_set_extension_length_check: diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 7ec6557271..11b5f2a024 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -752,7 +752,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void x509_set_extension_length_check(int val_len) +void x509_set_extension_length_check() { int ret = 0; @@ -767,7 +767,7 @@ void x509_set_extension_length_check(int val_len) MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE), 0, p, - val_len); - TEST_ASSERT(ret == MBEDTLS_ERR_X509_BAD_INPUT_DATA || ret == MBEDTLS_ERR_X509_ALLOC_FAILED); + SIZE_MAX); + TEST_ASSERT(MBEDTLS_ERR_X509_BAD_INPUT_DATA == ret); } /* END_CASE */ From af553bf719be37876abe20fbb057fb44b4a6a6e5 Mon Sep 17 00:00:00 2001 From: Jonathan Winzig Date: Tue, 9 Jan 2024 18:31:11 +0100 Subject: [PATCH 633/653] Add required dependency to the testcase Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com> Signed-off-by: Jonathan Winzig --- tests/suites/test_suite_x509write.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 11b5f2a024..c557ee00ee 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -751,7 +751,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_WRITE_C */ void x509_set_extension_length_check() { int ret = 0; From 968a92865966b35334655e65547da5f288722769 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 16 Jan 2024 11:16:56 +0000 Subject: [PATCH 634/653] Add Changelog for #8687 Signed-off-by: Paul Elliott --- ChangeLog.d/fix_int_overflow_x509_extension | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/fix_int_overflow_x509_extension diff --git a/ChangeLog.d/fix_int_overflow_x509_extension b/ChangeLog.d/fix_int_overflow_x509_extension new file mode 100644 index 0000000000..2a679284f8 --- /dev/null +++ b/ChangeLog.d/fix_int_overflow_x509_extension @@ -0,0 +1,8 @@ +Security + * Fix a failure to validate input when writing x509 extensions lengths which + could result in an integer overflow, causing a zero-length buffer to be + allocated to hold the extension. The extension would then be copied into + the buffer, causing a heap buffer overflow. + + + From d6b096532c936390d9a085dedb6444cee069a3ba Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 21 Nov 2023 09:33:54 +0000 Subject: [PATCH 635/653] Make RSA unblinding constant flow Signed-off-by: Janos Follath --- library/rsa.c | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index db0b0f74f1..32a26500ed 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" +#include "bignum_core.h" #include "rsa_alt_helpers.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" @@ -969,6 +970,40 @@ cleanup: return ret; } +/* + * Unblind + * T = T * Vf mod N + */ +int rsa_unblind(mbedtls_mpi* T, mbedtls_mpi* Vf, mbedtls_mpi* N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + const mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N->p); + const size_t nlimbs = N->n; + const size_t tlimbs = mbedtls_mpi_core_montmul_working_limbs(nlimbs); + mbedtls_mpi RR, M_T; + + mbedtls_mpi_init(&RR); + mbedtls_mpi_init(&M_T); + + MBEDTLS_MPI_CHK(mbedtls_mpi_core_get_mont_r2_unsafe(&RR, N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&M_T, tlimbs)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(T, nlimbs)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Vf, nlimbs)); + + // T = T * R mod N + mbedtls_mpi_core_to_mont_rep(T->p, T->p, N->p, nlimbs, mm, RR.p, M_T.p); + // T = T * Vf mod N + mbedtls_mpi_core_montmul(T->p, T->p, Vf->p, nlimbs, N->p, nlimbs, mm, M_T.p); + +cleanup: + + mbedtls_mpi_free(&RR); + mbedtls_mpi_free(&M_T); + + return ret; +} + /* * Exponent blinding supposed to prevent side-channel attacks using multiple * traces of measurements to recover the RSA key. The more collisions are there, @@ -1160,8 +1195,7 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, * Unblind * T = T * Vf mod N */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vf)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N)); + MBEDTLS_MPI_CHK(rsa_unblind(&T, &ctx->Vf, &ctx->N)); /* Verify the result to prevent glitching attacks. */ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&C, &T, &ctx->E, From 6bcbc925bfe6f56c2d9871e34126cde37181ee14 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 21 Nov 2023 09:46:43 +0000 Subject: [PATCH 636/653] Extend blinding to RSA result check Signed-off-by: Janos Follath --- library/rsa.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 32a26500ed..5b6bf404ab 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1113,8 +1113,6 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, goto cleanup; } - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&I, &T)); - /* * Blinding * T = T * Vi mod N @@ -1123,6 +1121,8 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vi)); MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&I, &T)); + /* * Exponent blinding */ @@ -1191,12 +1191,6 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&T, &TQ, &TP)); #endif /* MBEDTLS_RSA_NO_CRT */ - /* - * Unblind - * T = T * Vf mod N - */ - MBEDTLS_MPI_CHK(rsa_unblind(&T, &ctx->Vf, &ctx->N)); - /* Verify the result to prevent glitching attacks. */ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&C, &T, &ctx->E, &ctx->N, &ctx->RN)); @@ -1205,6 +1199,12 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, goto cleanup; } + /* + * Unblind + * T = T * Vf mod N + */ + MBEDTLS_MPI_CHK(rsa_unblind(&T, &ctx->Vf, &ctx->N)); + olen = ctx->len; MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen)); From a865fc951ead31a8f85bbee5d7d11bfa1a28de27 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 21 Nov 2023 09:57:27 +0000 Subject: [PATCH 637/653] Add Changelog for the Marvin attack fix Signed-off-by: Janos Follath --- ChangeLog.d/fix-Marvin-attack.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/fix-Marvin-attack.txt diff --git a/ChangeLog.d/fix-Marvin-attack.txt b/ChangeLog.d/fix-Marvin-attack.txt new file mode 100644 index 0000000000..f729304eef --- /dev/null +++ b/ChangeLog.d/fix-Marvin-attack.txt @@ -0,0 +1,6 @@ +Security + * Fix a timing side channel in RSA private operations. This side channel + could be sufficient for a local attacker to recover the plaintext. It + requires the attecker to send a large number of messages for decryption. + For details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. + Reported by Hubert Kario, Red Hat. From 100dcddfca3c10179bc55e3c3dd82b4a468c6809 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 21 Nov 2023 12:48:52 +0000 Subject: [PATCH 638/653] Make local function static Signed-off-by: Janos Follath --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 5b6bf404ab..2dc6dae8d1 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -974,7 +974,7 @@ cleanup: * Unblind * T = T * Vf mod N */ -int rsa_unblind(mbedtls_mpi* T, mbedtls_mpi* Vf, mbedtls_mpi* N) +static int rsa_unblind(mbedtls_mpi* T, mbedtls_mpi* Vf, mbedtls_mpi* N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N->p); From a62a554071a0599bb7522d08c4c605588715e508 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 21 Nov 2023 14:20:08 +0000 Subject: [PATCH 639/653] Fix style Signed-off-by: Janos Follath --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 2dc6dae8d1..97e7228da0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -974,7 +974,7 @@ cleanup: * Unblind * T = T * Vf mod N */ -static int rsa_unblind(mbedtls_mpi* T, mbedtls_mpi* Vf, mbedtls_mpi* N) +static int rsa_unblind(mbedtls_mpi *T, mbedtls_mpi *Vf, mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N->p); From e6750b2a0bf750d35172bdef12c2dcfc28213207 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 27 Dec 2023 10:22:59 +0000 Subject: [PATCH 640/653] RSA: document Montgomery trick in unblind Signed-off-by: Janos Follath --- library/rsa.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 97e7228da0..f57909b71b 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -991,9 +991,14 @@ static int rsa_unblind(mbedtls_mpi *T, mbedtls_mpi *Vf, mbedtls_mpi *N) MBEDTLS_MPI_CHK(mbedtls_mpi_grow(T, nlimbs)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Vf, nlimbs)); - // T = T * R mod N + /* T = T * Vf mod N + * Reminder: montmul(A, B, N) = A * B * R^-1 mod N + * Usually both operands are multiplied by R mod N beforehand (by calling + * `to_mont_rep()` on them), yielding a result that's also * R mod N (aka + * "in the Montgomery domain"). Here we only multiply one operand by R mod + * N, so the result is directly what we want - no need to call + * `from_mont_rep()` on it. */ mbedtls_mpi_core_to_mont_rep(T->p, T->p, N->p, nlimbs, mm, RR.p, M_T.p); - // T = T * Vf mod N mbedtls_mpi_core_montmul(T->p, T->p, Vf->p, nlimbs, N->p, nlimbs, mm, M_T.p); cleanup: From 47ee7708123347a925aac44709e53a13d1c486e8 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 27 Dec 2023 10:33:00 +0000 Subject: [PATCH 641/653] RSA: remove unneeded temporaries Signed-off-by: Janos Follath --- library/rsa.c | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index f57909b71b..111af680ff 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1056,18 +1056,9 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, /* Temporaries holding the blinded exponents for * the mod p resp. mod q computation (if used). */ mbedtls_mpi DP_blind, DQ_blind; - - /* Pointers to actual exponents to be used - either the unblinded - * or the blinded ones, depending on the presence of a PRNG. */ - mbedtls_mpi *DP = &ctx->DP; - mbedtls_mpi *DQ = &ctx->DQ; #else /* Temporary holding the blinded exponent (if used). */ mbedtls_mpi D_blind; - - /* Pointer to actual exponent to be used - either the unblinded - * or the blinded one, depending on the presence of a PRNG. */ - mbedtls_mpi *D = &ctx->D; #endif /* MBEDTLS_RSA_NO_CRT */ /* Temporaries holding the initial input and the double @@ -1143,8 +1134,6 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &P1, &Q1)); MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &D_blind, &R)); MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&D_blind, &D_blind, &ctx->D)); - - D = &D_blind; #else /* * DP_blind = ( P - 1 ) * R + DP @@ -1155,8 +1144,6 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DP_blind, &DP_blind, &ctx->DP)); - DP = &DP_blind; - /* * DQ_blind = ( Q - 1 ) * R + DQ */ @@ -1165,12 +1152,10 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DQ_blind, &Q1, &R)); MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DQ_blind, &DQ_blind, &ctx->DQ)); - - DQ = &DQ_blind; #endif /* MBEDTLS_RSA_NO_CRT */ #if defined(MBEDTLS_RSA_NO_CRT) - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, D, &ctx->N, &ctx->RN)); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, &D_blind, &ctx->N, &ctx->RN)); #else /* * Faster decryption using the CRT @@ -1179,8 +1164,8 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, * TQ = input ^ dQ mod Q */ - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TP, &T, DP, &ctx->P, &ctx->RP)); - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TQ, &T, DQ, &ctx->Q, &ctx->RQ)); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TP, &T, &DP_blind, &ctx->P, &ctx->RP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TQ, &T, &DQ_blind, &ctx->Q, &ctx->RQ)); /* * T = (TP - TQ) * (Q^-1 mod P) mod P From b4b8f3df3b88fec865d4c2698b94b7f3c08229c1 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 27 Dec 2023 10:44:36 +0000 Subject: [PATCH 642/653] RSA: improve readability Signed-off-by: Janos Follath --- library/rsa.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 111af680ff..0ca0bfead4 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -974,7 +974,7 @@ cleanup: * Unblind * T = T * Vf mod N */ -static int rsa_unblind(mbedtls_mpi *T, mbedtls_mpi *Vf, mbedtls_mpi *N) +static int rsa_unblind(mbedtls_mpi *T, mbedtls_mpi *Vf, const mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N->p); @@ -1063,7 +1063,7 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, /* Temporaries holding the initial input and the double * checked result; should be the same in the end. */ - mbedtls_mpi I, C; + mbedtls_mpi input_blinded, check_result_blinded; if (f_rng == NULL) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; @@ -1098,8 +1098,8 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, mbedtls_mpi_init(&TP); mbedtls_mpi_init(&TQ); #endif - mbedtls_mpi_init(&I); - mbedtls_mpi_init(&C); + mbedtls_mpi_init(&input_blinded); + mbedtls_mpi_init(&check_result_blinded); /* End of MPI initialization */ @@ -1117,7 +1117,7 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vi)); MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&I, &T)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&input_blinded, &T)); /* * Exponent blinding @@ -1182,9 +1182,9 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, #endif /* MBEDTLS_RSA_NO_CRT */ /* Verify the result to prevent glitching attacks. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&C, &T, &ctx->E, + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&check_result_blinded, &T, &ctx->E, &ctx->N, &ctx->RN)); - if (mbedtls_mpi_cmp_mpi(&C, &I) != 0) { + if (mbedtls_mpi_cmp_mpi(&check_result_blinded, &input_blinded) != 0) { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; goto cleanup; } @@ -1222,8 +1222,8 @@ cleanup: mbedtls_mpi_free(&TP); mbedtls_mpi_free(&TQ); #endif - mbedtls_mpi_free(&C); - mbedtls_mpi_free(&I); + mbedtls_mpi_free(&check_result_blinded); + mbedtls_mpi_free(&input_blinded); if (ret != 0 && ret >= -0x007f) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret); From 16ab76bbe774806079e2d5cab0c4209a4f7b0602 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 27 Dec 2023 10:47:21 +0000 Subject: [PATCH 643/653] Fix typo Signed-off-by: Janos Follath --- ChangeLog.d/fix-Marvin-attack.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-Marvin-attack.txt b/ChangeLog.d/fix-Marvin-attack.txt index f729304eef..017f7b1f80 100644 --- a/ChangeLog.d/fix-Marvin-attack.txt +++ b/ChangeLog.d/fix-Marvin-attack.txt @@ -1,6 +1,6 @@ Security * Fix a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It - requires the attecker to send a large number of messages for decryption. + requires the attacker to send a large number of messages for decryption. For details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported by Hubert Kario, Red Hat. From 393df9c99512337b403bbe80a3a3cee30f277fc6 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 29 Dec 2023 11:14:58 +0000 Subject: [PATCH 644/653] Add warning for PKCS 1.5 decryption Any timing variance dependant on the output of this function enables a Bleichenbacher attack. It is extremely difficult to use safely. In the Marvin attack paper (https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the author suggests that implementations of PKCS 1.5 decryption that don't include a countermeasure should be considered inherently dangerous. They suggest that all libraries implement the same countermeasure, as implementing different countermeasures across libraries enables the Bleichenbacher attack as well. This is extremely fragile and therefore we don't implement it. The use of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable. Add a warning to PKCS 1.5 decryption to warn users about this. Signed-off-by: Janos Follath --- include/mbedtls/rsa.h | 9 +++++++++ include/psa/crypto_values.h | 7 +++++++ 2 files changed, 16 insertions(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index df665240d1..be831f19dc 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -684,6 +684,10 @@ int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 decryption * operation. * + * \warning When \p ctx->padding is set to #MBEDTLS_RSA_PKCS_V15, + * mbedtls_rsa_rsaes_pkcs1_v15_decrypt() is called, which is an + * inherently dangerous function (CWE-242). + * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N (for example, * 128 Bytes if RSA-1024 is used) to be able to hold an @@ -720,6 +724,11 @@ int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 decryption * operation (RSAES-PKCS1-v1_5-DECRYPT). * + * \warning This is an inherently dangerous function (CWE-242). Unless + * it is used in a side channel free and safe way (eg. + * implementing the TLS protocol as per 7.4.7.1 of RFC 5246), + * the calling code is vulnerable. + * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N, for example, * 128 Bytes if RSA-1024 is used, to be able to hold an diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 5e33f6bd50..a17879b948 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1736,6 +1736,13 @@ 0) /** RSA PKCS#1 v1.5 encryption. + * + * \warning Calling psa_asymmetric_decrypt() with this algorithm as a + * parameter is considered an inherently dangerous function + * (CWE-242). Unless it is used in a side channel free and safe + * way (eg. implementing the TLS protocol as per 7.4.7.1 of + * RFC 5246), the calling code is vulnerable. + * */ #define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t) 0x07000200) From 0d57f1034e2ebd1b29e1adb8620b1f0b16b6fe80 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Jan 2024 14:24:02 +0000 Subject: [PATCH 645/653] Update Marvin fix Changelog entry Upon further consideration we think that a remote attacker close to the victim might be able to have precise enough timing information to exploit the side channel as well. Update the Changelog to reflect this. Signed-off-by: Janos Follath --- ChangeLog.d/fix-Marvin-attack.txt | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/fix-Marvin-attack.txt b/ChangeLog.d/fix-Marvin-attack.txt index 017f7b1f80..763533c25c 100644 --- a/ChangeLog.d/fix-Marvin-attack.txt +++ b/ChangeLog.d/fix-Marvin-attack.txt @@ -1,6 +1,8 @@ Security - * Fix a timing side channel in RSA private operations. This side channel - could be sufficient for a local attacker to recover the plaintext. It - requires the attacker to send a large number of messages for decryption. - For details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. - Reported by Hubert Kario, Red Hat. + * Fix a timing side channel in private key RSA operations. This side channel + could be sufficient for an attacker to recover the plaintext. A local + attacker or a remote attacker who is close to the victim on the network + might have precise enough timing measurements to exploit this. It requires + the attacker to send a large number of messages for decryption. For + details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported + by Hubert Kario, Red Hat. From 6ba416968b0c14336141501b90ef9b34ec3a3eff Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 22 Jan 2024 15:40:12 +0000 Subject: [PATCH 646/653] Assemble Changelog Signed-off-by: Dave Rodgman --- ChangeLog | 15 +++++++++++++++ ChangeLog.d/fix-Marvin-attack.txt | 8 -------- ChangeLog.d/fix_int_overflow_x509_extension | 8 -------- 3 files changed, 15 insertions(+), 16 deletions(-) delete mode 100644 ChangeLog.d/fix-Marvin-attack.txt delete mode 100644 ChangeLog.d/fix_int_overflow_x509_extension diff --git a/ChangeLog b/ChangeLog index 28c45f718f..28f2654b41 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,20 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS 3.5.2 branch released 2024-01-26 + +Security + * Fix a timing side channel in private key RSA operations. This side channel + could be sufficient for an attacker to recover the plaintext. A local + attacker or a remote attacker who is close to the victim on the network + might have precise enough timing measurements to exploit this. It requires + the attacker to send a large number of messages for decryption. For + details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported + by Hubert Kario, Red Hat. + * Fix a failure to validate input when writing x509 extensions lengths which + could result in an integer overflow, causing a zero-length buffer to be + allocated to hold the extension. The extension would then be copied into + the buffer, causing a heap buffer overflow. + = Mbed TLS 3.5.1 branch released 2023-11-06 Changes diff --git a/ChangeLog.d/fix-Marvin-attack.txt b/ChangeLog.d/fix-Marvin-attack.txt deleted file mode 100644 index 763533c25c..0000000000 --- a/ChangeLog.d/fix-Marvin-attack.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a timing side channel in private key RSA operations. This side channel - could be sufficient for an attacker to recover the plaintext. A local - attacker or a remote attacker who is close to the victim on the network - might have precise enough timing measurements to exploit this. It requires - the attacker to send a large number of messages for decryption. For - details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported - by Hubert Kario, Red Hat. diff --git a/ChangeLog.d/fix_int_overflow_x509_extension b/ChangeLog.d/fix_int_overflow_x509_extension deleted file mode 100644 index 2a679284f8..0000000000 --- a/ChangeLog.d/fix_int_overflow_x509_extension +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a failure to validate input when writing x509 extensions lengths which - could result in an integer overflow, causing a zero-length buffer to be - allocated to hold the extension. The extension would then be copied into - the buffer, causing a heap buffer overflow. - - - From e23d6479cc5925fa6221d3ca010334ad18302f4e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 22 Jan 2024 15:45:49 +0000 Subject: [PATCH 647/653] Bump version ./scripts/bump_version.sh --version 3.5.1 Signed-off-by: Dave Rodgman --- CMakeLists.txt | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/build_info.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 87a41d75cb..4321db8c55 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -377,7 +377,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) write_basic_package_version_file( "cmake/MbedTLSConfigVersion.cmake" COMPATIBILITY SameMajorVersion - VERSION 3.5.1) + VERSION 3.5.2) install( FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index c391c59cef..17762d7264 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -10,7 +10,7 @@ */ /** - * @mainpage Mbed TLS v3.5.1 API Documentation + * @mainpage Mbed TLS v3.5.2 API Documentation * * This documentation describes the internal structure of Mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 89048f2217..cbbb7597f3 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "Mbed TLS v3.5.1" +PROJECT_NAME = "Mbed TLS v3.5.2" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index c4fab1205c..87e3c2ea1e 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -26,16 +26,16 @@ */ #define MBEDTLS_VERSION_MAJOR 3 #define MBEDTLS_VERSION_MINOR 5 -#define MBEDTLS_VERSION_PATCH 1 +#define MBEDTLS_VERSION_PATCH 2 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x03050100 -#define MBEDTLS_VERSION_STRING "3.5.1" -#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.1" +#define MBEDTLS_VERSION_NUMBER 0x03050200 +#define MBEDTLS_VERSION_STRING "3.5.2" +#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.2" /* Macros for build-time platform detection */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index eeda06aeeb..fcd00a0ab5 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -296,7 +296,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) add_library(${mbedcrypto_target} SHARED ${src_crypto}) - set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.1 SOVERSION 15) + set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.2 SOVERSION 15) target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) if(TARGET ${everest_target}) @@ -308,11 +308,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY) endif() add_library(${mbedx509_target} SHARED ${src_x509}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.1 SOVERSION 6) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.2 SOVERSION 6) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) - set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.1 SOVERSION 20) + set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.2 SOVERSION 20) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) endif(USE_SHARED_MBEDTLS_LIBRARY) diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index faa31662a3..6290331c12 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compile time library version -check_compiletime_version:"3.5.1" +check_compiletime_version:"3.5.2" Check runtime library version -check_runtime_version:"3.5.1" +check_runtime_version:"3.5.2" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 00b530e3957061a06663e1785dc923ee0b7e7c95 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 23 Jan 2024 09:36:34 +0000 Subject: [PATCH 648/653] Limit compiler hint to compilers that are known to benefit from it Signed-off-by: Dave Rodgman --- library/common.h | 50 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/library/common.h b/library/common.h index 2eb9170374..937c80284c 100644 --- a/library/common.h +++ b/library/common.h @@ -199,30 +199,40 @@ static inline void mbedtls_xor(unsigned char *r, uint8x16_t x = veorq_u8(v1, v2); vst1q_u8(r + i, x); } +#if defined(__IAR_SYSTEMS_ICC__) /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case * where n is a constant multiple of 16. - * It makes no difference for others (e.g. recent gcc and clang) if n is a compile-time - * constant, and very little difference if n is not a compile-time constant. */ - if (n % 16 != 0) + * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time + * constant, and is a very small perf regression if n is not a compile-time constant. */ + if (n % 16 == 0) { + return; + } +#endif #elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64) /* This codepath probably only makes sense on architectures with 64-bit registers */ for (; (i + 8) <= n; i += 8) { uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); mbedtls_put_unaligned_uint64(r + i, x); } - if (n % 8 != 0) +#if defined(__IAR_SYSTEMS_ICC__) + if (n % 8 == 0) { + return; + } +#endif #else for (; (i + 4) <= n; i += 4) { uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i); mbedtls_put_unaligned_uint32(r + i, x); } - if (n % 4 != 0) +#if defined(__IAR_SYSTEMS_ICC__) + if (n % 4 == 0) { + return; + } #endif #endif - { - for (; i < n; i++) { - r[i] = a[i] ^ b[i]; - } +#endif + for (; i < n; i++) { + r[i] = a[i] ^ b[i]; } } @@ -268,23 +278,29 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); mbedtls_put_unaligned_uint64(r + i, x); } +#if defined(__IAR_SYSTEMS_ICC__) /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case * where n is a constant multiple of 16. - * It makes no difference for others (e.g. recent gcc and clang) if n is a compile-time - * constant, and very little difference if n is not a compile-time constant. */ - if (n % 8 != 0) + * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time + * constant, and is a very small perf regression if n is not a compile-time constant. */ + if (n % 8 == 0) { + return; + } +#endif #else for (; (i + 4) <= n; i += 4) { uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i); mbedtls_put_unaligned_uint32(r + i, x); } - if (n % 4 != 0) +#if defined(__IAR_SYSTEMS_ICC__) + if (n % 4 == 0) { + return; + } #endif #endif - { - for (; i < n; i++) { - r[i] = a[i] ^ b[i]; - } +#endif + for (; i < n; i++) { + r[i] = a[i] ^ b[i]; } } From 468c02cf617234626c4008aae821f7245ec14117 Mon Sep 17 00:00:00 2001 From: v1gnesh Date: Tue, 23 Jan 2024 15:29:40 +0530 Subject: [PATCH 649/653] Update ChangeLog.d/8726.txt Co-authored-by: Janos Follath Signed-off-by: v1gnesh --- ChangeLog.d/8726.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ChangeLog.d/8726.txt b/ChangeLog.d/8726.txt index dc789b4344..c1e5a40158 100644 --- a/ChangeLog.d/8726.txt +++ b/ChangeLog.d/8726.txt @@ -1,3 +1,2 @@ Features - * Add platform support for z/OS. - + * Add partial platform support for z/OS. From c64280a2d71f6e88835787b2121857f063af7029 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 23 Jan 2024 10:03:22 +0000 Subject: [PATCH 650/653] Fix comment typo Signed-off-by: Dave Rodgman --- library/common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/common.h b/library/common.h index 937c80284c..3936ffdfe1 100644 --- a/library/common.h +++ b/library/common.h @@ -280,7 +280,7 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, } #if defined(__IAR_SYSTEMS_ICC__) /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case - * where n is a constant multiple of 16. + * where n is a constant multiple of 8. * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time * constant, and is a very small perf regression if n is not a compile-time constant. */ if (n % 8 == 0) { From daca7a3979c22da155ec9dce49ab1abf3b65d3a9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 24 Jan 2024 09:49:11 +0000 Subject: [PATCH 651/653] Update BRANCHES.md Signed-off-by: Dave Rodgman --- BRANCHES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BRANCHES.md b/BRANCHES.md index c085b16168..b71247f3eb 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -106,6 +106,6 @@ The following branches are currently maintained: - [`development`](https://github.com/Mbed-TLS/mbedtls/) - [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28) maintained until at least the end of 2024, see - . + . Users are urged to always use the latest version of a maintained branch. From fc587a337fd37e8417e4fdd579ee651d63a646d7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 26 Jan 2024 12:48:33 +0000 Subject: [PATCH 652/653] Remove already-assmebled Changelog entry Signed-off-by: Dave Rodgman --- ChangeLog.d/fix-Marvin-attack.txt | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 ChangeLog.d/fix-Marvin-attack.txt diff --git a/ChangeLog.d/fix-Marvin-attack.txt b/ChangeLog.d/fix-Marvin-attack.txt deleted file mode 100644 index 763533c25c..0000000000 --- a/ChangeLog.d/fix-Marvin-attack.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a timing side channel in private key RSA operations. This side channel - could be sufficient for an attacker to recover the plaintext. A local - attacker or a remote attacker who is close to the victim on the network - might have precise enough timing measurements to exploit this. It requires - the attacker to send a large number of messages for decryption. For - details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported - by Hubert Kario, Red Hat. From b2c9f0e2df5e2be130c17cf7011f1be9ae813b44 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 31 Jan 2024 14:38:15 +0000 Subject: [PATCH 653/653] Disable poisoning with PSA_CRYPTO_DRIVER_TEST This option causes nested calls to PSA functions, so is not compatible with memory poisoning as it currently stands. Signed-off-by: David Horstmann --- tests/include/test/memory.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/include/test/memory.h b/tests/include/test/memory.h index 20fd8d30a5..940d9e6baa 100644 --- a/tests/include/test/memory.h +++ b/tests/include/test/memory.h @@ -27,7 +27,8 @@ * Currently, only Asan (Address Sanitizer) is supported. */ #if defined(MBEDTLS_TEST_HAVE_ASAN) && \ - (__STDC_VERSION__ >= 201112L) + (__STDC_VERSION__ >= 201112L) && \ + !defined(PSA_CRYPTO_DRIVER_TEST) # define MBEDTLS_TEST_MEMORY_CAN_POISON #endif