Merge pull request #8075 from valeriosetti/issue8016
driver-only ECC: curve acceleration macros
This commit is contained in:
Dave Rodgman
GitHub
commit
0fc86b2ddf
26 changed files with 1515 additions and 883 deletions
|
|
@ -8,3 +8,14 @@ Features
|
|||
* When all of ECDH, ECDSA and EC J-PAKE are either disabled or provided by
|
||||
a driver, it is possible to disable MBEDTLS_ECP_C and still get support
|
||||
for ECC keys and algorithms in PSA. See docs/driver-only-builds.txt.
|
||||
API changes
|
||||
* Mbed TLS 3.4 introduced support for omitting the built-in implementation
|
||||
of ECDSA and/or EC J-PAKE when those are provided by a driver. However,
|
||||
their was a flaw in the logic checking if the built-in implementation, in
|
||||
that if failed to check if all the relevant curves were supported by the
|
||||
accelerator. As a result, it was possible to declare no curves as
|
||||
accelerated and still have the built-in implementation compiled out.
|
||||
Starting with this release, it is necessary to declare which curves are
|
||||
accelerated (using MBEDTLS_PSA_ACCEL_ECC_xxx macros), or they will be
|
||||
considered not accelerated, and the built-in implementation of the curves
|
||||
and any algorithm possible using them will be included in the build.
|
||||
|
|
|
|||
|
|
@ -179,6 +179,30 @@ builtin and PSA sides. In particular:
|
|||
curve. In other words, in order to exclue all builtin algs, all the required
|
||||
curves should be supported and accelerated by the PSA driver.
|
||||
|
||||
### Limitations regarding "mixed" builds (driver and built-in)
|
||||
|
||||
In order for a build to be driver-only (no built-in implementation), all the
|
||||
requested algorithms, key types (key operations) and curves must be
|
||||
accelerated (plus a few other restrictions, see "Limitations regarding fully
|
||||
removing `ecp.c`" above). However, what if you have an accelerator that only
|
||||
supports some algorithms, some key types (key operations), or some curves, but
|
||||
want to have more enabled in you build?
|
||||
|
||||
It is possible to have acceleration for only a subset of the requested
|
||||
algorithms. In this case, the built-in implementation of the accelerated
|
||||
algorithms will be disabled, provided all the requested curves and key types
|
||||
that can be used with this algorithm are also declared as accelerated.
|
||||
|
||||
There is very limited support for having acceleration for only a subset of the
|
||||
requested key type operations. The only configuration that's tested is that of
|
||||
a driver accelerating `PUBLIC_KEY`, `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`,
|
||||
`KEY_PAIR_EXPORT` but not `KEY_PAIR_GENERATE`. (Note: currently the driver
|
||||
interface does not support `KEY_PAIR_DERIVE`.)
|
||||
|
||||
There is limited support for having acceleration for only a subset of the
|
||||
requested curves. In such builds, only the PSA API is currently tested and
|
||||
working; there are known issues in PK, and X.509 and TLS are untested.
|
||||
|
||||
Finite-field Diffie-Hellman
|
||||
---------------------------
|
||||
|
||||
|
|
|
|||
|
|
@ -66,6 +66,65 @@
|
|||
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
|
||||
#endif
|
||||
|
||||
/* Check that each MBEDTLS_ECP_DP_xxx symbol has its PSA_WANT_ECC_xxx counterpart
|
||||
* when PSA crypto is enabled. */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
/* SECP224K1 is buggy in PSA API so we skip this check */
|
||||
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#error "MBEDTLS_ECP_DP_SECP224K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
|
||||
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -135,6 +135,47 @@
|
|||
#define MBEDTLS_PK_PARSE_C
|
||||
#endif
|
||||
|
||||
/* Helpers to state that each key is supported either on the builtin or PSA side. */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#define MBEDTLS_ECP_HAVE_SECP521R1
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#define MBEDTLS_ECP_HAVE_BP512R1
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#define MBEDTLS_ECP_HAVE_CURVE448
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#define MBEDTLS_ECP_HAVE_BP384R1
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#define MBEDTLS_ECP_HAVE_SECP384R1
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#define MBEDTLS_ECP_HAVE_BP256R1
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#define MBEDTLS_ECP_HAVE_SECP256K1
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#define MBEDTLS_ECP_HAVE_SECP256R1
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#define MBEDTLS_ECP_HAVE_CURVE25519
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#define MBEDTLS_ECP_HAVE_SECP224K1
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#define MBEDTLS_ECP_HAVE_SECP224R1
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#define MBEDTLS_ECP_HAVE_SECP192K1
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#define MBEDTLS_ECP_HAVE_SECP192R1
|
||||
#endif
|
||||
|
||||
/* Helper symbol to state that the PK module has support for EC keys. This
|
||||
* can either be provided through the legacy ECP solution or through the
|
||||
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
|
||||
|
|
|
|||
|
|
@ -28,36 +28,411 @@
|
|||
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
|
||||
#define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
|
||||
|
||||
/*
|
||||
* ECC: support for a feature is controlled by a triplet or a pair:
|
||||
* (curve, key_type public/basic, alg) or (curve, key_type_<action>).
|
||||
*
|
||||
* A triplet/pair is accelerated if all of is components are accelerated;
|
||||
* otherwise each component needs to be built in.
|
||||
*
|
||||
* We proceed in two passes:
|
||||
* 1. Check if acceleration is complete for curves, key types, algs.
|
||||
* 2. Then enable built-ins for each thing that's either not accelerated of
|
||||
* doesn't have complete acceleration of the other triplet/pair components.
|
||||
*
|
||||
* Note: this needs psa/crypto_adjust_keypair_types.h to have been included
|
||||
* already, so that we know the full set of key types that are requested.
|
||||
*/
|
||||
|
||||
/* ECC: curves: is acceleration complete? */
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_255) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_448) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_192) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_224) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_256) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_384) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_521) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_192) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_224) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_256) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
|
||||
#endif
|
||||
|
||||
/* ECC: algs: is acceleration complete? */
|
||||
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDSA) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_JPAKE) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
|
||||
#endif
|
||||
|
||||
/* ECC: key types: is acceleration complete? */
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES
|
||||
#endif
|
||||
|
||||
/* Special case: we don't support cooked key derivation in drivers yet */
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
|
||||
(1 || !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE))
|
||||
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES
|
||||
#endif
|
||||
|
||||
/* ECC: curves: enable built-ins as needed.
|
||||
*
|
||||
* We need the curve built-in:
|
||||
* - if it's not accelerated, or
|
||||
* - if there's a key type with missing acceleration, or
|
||||
* - if there's a alg with missing acceleration.
|
||||
*/
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
|
||||
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
|
||||
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
|
||||
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
|
||||
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
|
||||
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
|
||||
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_192 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
|
||||
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_224 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
|
||||
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_256 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
|
||||
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_384 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
|
||||
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_521 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
|
||||
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_192 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
|
||||
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||
/* https://github.com/Mbed-TLS/mbedtls/issues/3541 */
|
||||
#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_224 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
|
||||
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_256 */
|
||||
|
||||
/* ECC: algs: enable built-ins as needed.
|
||||
*
|
||||
* We need the alg built-in:
|
||||
* - if it's not accelerated, or
|
||||
* - if there's a relevant curve (see below) with missing acceleration, or
|
||||
* - if there's a key type among (public, basic) with missing acceleration.
|
||||
*
|
||||
* Relevant curves are:
|
||||
* - all curves for ECDH
|
||||
* - Weierstrass curves for (deterministic) ECDSA
|
||||
* - secp256r1 for EC J-PAKE
|
||||
*/
|
||||
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
|
||||
#define MBEDTLS_ECDSA_DETERMINISTIC
|
||||
#define MBEDTLS_ECDSA_C
|
||||
#define MBEDTLS_HMAC_DRBG_C
|
||||
#define MBEDTLS_MD_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
|
||||
#define MBEDTLS_ECDSA_C
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_ASN1_PARSE_C
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
|
||||
#define MBEDTLS_ECDH_C
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ALG_ECDH */
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDSA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
|
||||
#define MBEDTLS_ECDSA_C
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_ASN1_PARSE_C
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ALG_ECDSA */
|
||||
|
||||
#if defined(PSA_WANT_ALG_JPAKE)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) || \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_PAKE 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
|
||||
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_ECJPAKE_C
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_ALG_JPAKE */
|
||||
|
||||
/* ECC: key types: enable built-ins as needed.
|
||||
*
|
||||
* We need the key type built-in:
|
||||
* - if it's not accelerated, or
|
||||
* - if there's a curve with missing acceleration, or
|
||||
* - only for public/basic: if there's an alg with missing acceleration.
|
||||
*/
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#define MBEDTLS_ECP_LIGHT
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#define MBEDTLS_ECP_LIGHT
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
||||
#define MBEDTLS_ECP_LIGHT
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* missing accel */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
|
||||
|
||||
/* Special case: we don't support cooked key derivation in drivers yet */
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
|
||||
#if 1 || !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \
|
||||
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
|
||||
#define MBEDTLS_ECP_LIGHT
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* missing accel */
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
|
||||
|
||||
/* End of ECC section */
|
||||
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
|
||||
|
|
@ -109,17 +484,6 @@
|
|||
#define MBEDTLS_MD5_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_JPAKE)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
|
||||
#define MBEDTLS_PSA_BUILTIN_PAKE 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
|
||||
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_ECJPAKE_C
|
||||
#endif /* MBEDTLS_PSA_ACCEL_ALG_JPAKE */
|
||||
#endif /* PSA_WANT_ALG_JPAKE */
|
||||
|
||||
#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
|
||||
#define MBEDTLS_RIPEMD160_C
|
||||
|
|
@ -238,57 +602,19 @@
|
|||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS */
|
||||
#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
|
||||
#define MBEDTLS_GENPRIME
|
||||
|
|
@ -296,48 +622,35 @@
|
|||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
|
||||
|
|
@ -554,100 +867,4 @@
|
|||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
|
||||
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
|
||||
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
|
||||
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
|
||||
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
|
||||
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
|
||||
#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
|
||||
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
|
||||
#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
|
||||
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_192 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
|
||||
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_224 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
|
||||
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_256 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
|
||||
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_384 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
|
||||
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_521 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
|
||||
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_192 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
|
||||
/*
|
||||
* SECP224K1 is buggy via the PSA API in Mbed TLS
|
||||
* (https://github.com/Mbed-TLS/mbedtls/issues/3541).
|
||||
*/
|
||||
#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
|
||||
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_224 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
|
||||
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_256 */
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H */
|
||||
|
|
|
|||
|
|
@ -70,4 +70,85 @@
|
|||
#define PSA_WANT_ALG_SHA3_512 1
|
||||
#endif
|
||||
|
||||
/* Ensure that the PSA's supported curves (PSA_WANT_ECC_xxx) are always a
|
||||
* superset of the builtin ones (MBEDTLS_ECP_DP_xxx). */
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
|
||||
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
|
||||
#endif /*MBEDTLS_ECP_DP_BP384R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
|
||||
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#define PSA_WANT_ECC_MONTGOMERY_255 1
|
||||
#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#define PSA_WANT_ECC_MONTGOMERY_448 1
|
||||
#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#define PSA_WANT_ECC_SECP_R1_192 1
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_192 */
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#define PSA_WANT_ECC_SECP_R1_224 1
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_224 */
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#define PSA_WANT_ECC_SECP_R1_256 1
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_256 */
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#define PSA_WANT_ECC_SECP_R1_384 1
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_384 */
|
||||
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#define PSA_WANT_ECC_SECP_R1_521 1
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_521 */
|
||||
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#define PSA_WANT_ECC_SECP_K1_192 1
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_192 */
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
|
||||
|
||||
/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
|
||||
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#define PSA_WANT_ECC_SECP_K1_224 1
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_224 */
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
#if !defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#define PSA_WANT_ECC_SECP_K1_256 1
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_256 */
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H */
|
||||
|
|
|
|||
|
|
@ -40,6 +40,10 @@
|
|||
|
||||
/* Require built-in implementations based on PSA requirements */
|
||||
|
||||
/* We need this to have a complete list of requirements
|
||||
* before we deduce what built-ins are required. */
|
||||
#include "psa/crypto_adjust_config_key_pair_types.h"
|
||||
|
||||
#include "mbedtls/config_adjust_legacy_from_psa.h"
|
||||
|
||||
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
|
||||
|
|
@ -48,54 +52,16 @@
|
|||
|
||||
#include "mbedtls/config_adjust_psa_from_legacy.h"
|
||||
|
||||
/* Hopefully the file above will have enabled keypair symbols in a consistent
|
||||
* way, but including this here fixes them if that wasn't the case. */
|
||||
#include "psa/crypto_adjust_config_key_pair_types.h"
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
|
||||
|
||||
#if defined(PSA_WANT_ALG_JPAKE)
|
||||
#define PSA_WANT_ALG_SOME_PAKE 1
|
||||
#endif
|
||||
|
||||
/* Even though KEY_PAIR symbols' feature several level of support (BASIC, IMPORT,
|
||||
* EXPORT, GENERATE, DERIVE) we're not planning to have support only for BASIC
|
||||
* without IMPORT/EXPORT since these last 2 features are strongly used in tests.
|
||||
* In general it is allowed to include more feature than what is strictly
|
||||
* requested.
|
||||
* As a consequence IMPORT and EXPORT features will be automatically enabled
|
||||
* as soon as the BASIC one is. */
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
||||
#endif
|
||||
|
||||
/* See description above */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
||||
#endif
|
||||
|
||||
/* See description above */
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
|
||||
#endif
|
||||
|
||||
/* See description above */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
|
||||
#endif
|
||||
|
||||
/* See description above */
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
|
||||
#endif
|
||||
|
||||
/* See description above */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
|
||||
#endif
|
||||
|
||||
#include "psa/crypto_adjust_auto_enabled.h"
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_PSA_H */
|
||||
|
|
|
|||
103
include/psa/crypto_adjust_config_key_pair_types.h
Normal file
103
include/psa/crypto_adjust_config_key_pair_types.h
Normal file
|
|
@ -0,0 +1,103 @@
|
|||
/**
|
||||
* \file psa/crypto_adjust_config_key_pair_types.h
|
||||
* \brief Adjust PSA configuration for key pair types.
|
||||
*
|
||||
* See docs/proposed/psa-conditional-inclusion-c.md.
|
||||
* - Support non-basic operations in a keypair type implicitly enables basic
|
||||
* support for that keypair type.
|
||||
* - Support for a keypair type implicitly enables the corresponding public
|
||||
* key type.
|
||||
* - Basic support for a keypair type implicilty enables import/export support
|
||||
* for that keypair type. Warning: this is implementation-specific (mainly
|
||||
* for the benefit of testing) and may change in the future!
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H
|
||||
#define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H
|
||||
|
||||
/*****************************************************************
|
||||
* ANYTHING -> BASIC
|
||||
****************************************************************/
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) || \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
|
||||
defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
|
||||
defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) || \
|
||||
defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \
|
||||
defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \
|
||||
defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) || \
|
||||
defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE)
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
||||
#endif
|
||||
|
||||
/*****************************************************************
|
||||
* BASIC -> corresponding PUBLIC
|
||||
****************************************************************/
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
|
||||
#endif
|
||||
|
||||
/*****************************************************************
|
||||
* BASIC -> IMPORT+EXPORT
|
||||
*
|
||||
* (Implementation-specific, may change in the future.)
|
||||
****************************************************************/
|
||||
|
||||
/* Even though KEY_PAIR symbols' feature several level of support (BASIC, IMPORT,
|
||||
* EXPORT, GENERATE, DERIVE) we're not planning to have support only for BASIC
|
||||
* without IMPORT/EXPORT since these last 2 features are strongly used in tests.
|
||||
* In general it is allowed to include more feature than what is strictly
|
||||
* requested.
|
||||
* As a consequence IMPORT and EXPORT features will be automatically enabled
|
||||
* as soon as the BASIC one is. */
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
|
||||
#endif
|
||||
|
||||
#endif /* PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H */
|
||||
|
|
@ -554,72 +554,72 @@ typedef struct {
|
|||
|
||||
static const oid_ecp_grp_t oid_ecp_grp[] =
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP192R1)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1"),
|
||||
MBEDTLS_ECP_DP_SECP192R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
#endif /* MBEDTLS_ECP_HAVE_SECP192R1 */
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP224R1)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1"),
|
||||
MBEDTLS_ECP_DP_SECP224R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#endif /* MBEDTLS_ECP_HAVE_SECP224R1 */
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1"),
|
||||
MBEDTLS_ECP_DP_SECP256R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
#endif /* MBEDTLS_ECP_HAVE_SECP256R1 */
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1"),
|
||||
MBEDTLS_ECP_DP_SECP384R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
#endif /* MBEDTLS_ECP_HAVE_SECP384R1 */
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP521R1)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"),
|
||||
MBEDTLS_ECP_DP_SECP521R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
#endif /* MBEDTLS_ECP_HAVE_SECP521R1 */
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP192K1)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"),
|
||||
MBEDTLS_ECP_DP_SECP192K1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
#endif /* MBEDTLS_ECP_HAVE_SECP192K1 */
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1"),
|
||||
MBEDTLS_ECP_DP_SECP224K1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
#endif /* MBEDTLS_ECP_HAVE_SECP224K1 */
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP256K1)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"),
|
||||
MBEDTLS_ECP_DP_SECP256K1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
#endif /* MBEDTLS_ECP_HAVE_SECP256K1 */
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP256R1)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"),
|
||||
MBEDTLS_ECP_DP_BP256R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
#endif /* MBEDTLS_ECP_HAVE_BP256R1 */
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP384R1)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1", "brainpool384r1"),
|
||||
MBEDTLS_ECP_DP_BP384R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
#endif /* MBEDTLS_ECP_HAVE_BP384R1 */
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP512R1)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1", "brainpool512r1"),
|
||||
MBEDTLS_ECP_DP_BP512R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
|
||||
#endif /* MBEDTLS_ECP_HAVE_BP512R1 */
|
||||
{
|
||||
NULL_OID_DESCRIPTOR,
|
||||
MBEDTLS_ECP_DP_NONE,
|
||||
|
|
@ -645,18 +645,18 @@ typedef struct {
|
|||
|
||||
static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] =
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_X25519, "X25519", "X25519"),
|
||||
MBEDTLS_ECP_DP_CURVE25519,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
#endif /* MBEDTLS_ECP_HAVE_CURVE25519 */
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE448)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_X448, "X448", "X448"),
|
||||
MBEDTLS_ECP_DP_CURVE448,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
|
||||
#endif /* MBEDTLS_ECP_HAVE_CURVE448 */
|
||||
{
|
||||
NULL_OID_DESCRIPTOR,
|
||||
MBEDTLS_ECP_DP_NONE,
|
||||
|
|
|
|||
|
|
@ -112,9 +112,9 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont
|
|||
}
|
||||
|
||||
/* Helper for Montgomery curves */
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(MBEDTLS_ECP_HAVE_CURVE448)
|
||||
#define MBEDTLS_PK_HAVE_RFC8410_CURVES
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */
|
||||
#endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -64,12 +64,12 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
|
|||
{
|
||||
mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk);
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
|
||||
if (id == MBEDTLS_ECP_DP_CURVE25519) {
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE448)
|
||||
if (id == MBEDTLS_ECP_DP_CURVE448) {
|
||||
return 1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -432,67 +432,67 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
|
|||
size_t *bits)
|
||||
{
|
||||
switch (grpid) {
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP192R1)
|
||||
case MBEDTLS_ECP_DP_SECP192R1:
|
||||
*bits = 192;
|
||||
return PSA_ECC_FAMILY_SECP_R1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP224R1)
|
||||
case MBEDTLS_ECP_DP_SECP224R1:
|
||||
*bits = 224;
|
||||
return PSA_ECC_FAMILY_SECP_R1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
|
||||
case MBEDTLS_ECP_DP_SECP256R1:
|
||||
*bits = 256;
|
||||
return PSA_ECC_FAMILY_SECP_R1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
|
||||
case MBEDTLS_ECP_DP_SECP384R1:
|
||||
*bits = 384;
|
||||
return PSA_ECC_FAMILY_SECP_R1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP521R1)
|
||||
case MBEDTLS_ECP_DP_SECP521R1:
|
||||
*bits = 521;
|
||||
return PSA_ECC_FAMILY_SECP_R1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP256R1)
|
||||
case MBEDTLS_ECP_DP_BP256R1:
|
||||
*bits = 256;
|
||||
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP384R1)
|
||||
case MBEDTLS_ECP_DP_BP384R1:
|
||||
*bits = 384;
|
||||
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP512R1)
|
||||
case MBEDTLS_ECP_DP_BP512R1:
|
||||
*bits = 512;
|
||||
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
|
||||
case MBEDTLS_ECP_DP_CURVE25519:
|
||||
*bits = 255;
|
||||
return PSA_ECC_FAMILY_MONTGOMERY;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP192K1)
|
||||
case MBEDTLS_ECP_DP_SECP192K1:
|
||||
*bits = 192;
|
||||
return PSA_ECC_FAMILY_SECP_K1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
|
||||
case MBEDTLS_ECP_DP_SECP224K1:
|
||||
*bits = 224;
|
||||
return PSA_ECC_FAMILY_SECP_K1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP256K1)
|
||||
case MBEDTLS_ECP_DP_SECP256K1:
|
||||
*bits = 256;
|
||||
return PSA_ECC_FAMILY_SECP_K1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE448)
|
||||
case MBEDTLS_ECP_DP_CURVE448:
|
||||
*bits = 448;
|
||||
return PSA_ECC_FAMILY_MONTGOMERY;
|
||||
|
|
|
|||
|
|
@ -2313,20 +2313,20 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
|
|||
const uint16_t sig_alg)
|
||||
{
|
||||
switch (sig_alg) {
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
#if defined(PSA_WANT_ALG_SHA_256) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
|
||||
#if defined(PSA_WANT_ALG_SHA_256) && defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
|
||||
break;
|
||||
#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
#if defined(PSA_WANT_ALG_SHA_384) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
#if defined(PSA_WANT_ALG_SHA_384) && defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
|
||||
break;
|
||||
#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||
#if defined(PSA_WANT_ALG_SHA_512) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
#if defined(PSA_WANT_ALG_SHA_512) && defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
|
||||
break;
|
||||
#endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V21)
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
|
|
|
|||
|
|
@ -4921,28 +4921,28 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
|
|||
* about this list.
|
||||
*/
|
||||
static uint16_t ssl_preset_default_groups[] = {
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE448)
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_X448,
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP521R1)
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP256R1)
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1,
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP384R1)
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1,
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP512R1)
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
|
|
@ -4975,21 +4975,21 @@ static uint16_t ssl_preset_default_sig_algs[] = {
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
|
||||
defined(MBEDTLS_MD_CAN_SHA256) && \
|
||||
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
|
||||
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256)
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
|
||||
defined(MBEDTLS_MD_CAN_SHA384) && \
|
||||
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
|
||||
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
|
||||
defined(MBEDTLS_MD_CAN_SHA512) && \
|
||||
defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512,
|
||||
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512)
|
||||
#endif
|
||||
|
|
@ -5071,14 +5071,14 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
|
||||
defined(MBEDTLS_MD_CAN_SHA256) && \
|
||||
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
defined(MBEDTLS_ECP_HAVE_SECP256R1)
|
||||
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
|
||||
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256)
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
|
||||
defined(MBEDTLS_MD_CAN_SHA384) && \
|
||||
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
defined(MBEDTLS_ECP_HAVE_SECP384R1)
|
||||
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
|
||||
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
|
||||
#endif
|
||||
|
|
@ -5122,10 +5122,10 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
|
|||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
static uint16_t ssl_preset_suiteb_groups[] = {
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
|
||||
#endif
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
|
||||
|
|
@ -5561,43 +5561,43 @@ static const struct {
|
|||
uint16_t bits;
|
||||
} tls_id_match_table[] =
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP521R1)
|
||||
{ 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP512R1)
|
||||
{ 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
|
||||
{ 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP384R1)
|
||||
{ 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
|
||||
{ 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP256K1)
|
||||
{ 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP256R1)
|
||||
{ 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP224R1)
|
||||
{ 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
|
||||
{ 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP192R1)
|
||||
{ 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP192K1)
|
||||
{ 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
|
||||
{ 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE448)
|
||||
{ 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448 },
|
||||
#endif
|
||||
{ 0, MBEDTLS_ECP_DP_NONE, 0, 0 },
|
||||
|
|
|
|||
|
|
@ -903,6 +903,47 @@ helper_libtestdriver1_adjust_config() {
|
|||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
}
|
||||
|
||||
# When called with no parameter this function disables all builtin curves.
|
||||
# The function optionally accepts 1 parameter: a space-separated list of the
|
||||
# curves that should be kept enabled.
|
||||
helper_disable_builtin_curves() {
|
||||
allowed_list="${1:-}"
|
||||
scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
|
||||
|
||||
for CURVE in $allowed_list; do
|
||||
scripts/config.py set $CURVE
|
||||
done
|
||||
}
|
||||
|
||||
# Helper returning the list of supported elliptic curves from CRYPTO_CONFIG_H,
|
||||
# without the "PSA_WANT_" prefix. This becomes handy for accelerating curves
|
||||
# in the following helpers.
|
||||
helper_get_psa_curve_list () {
|
||||
loc_list=""
|
||||
for ITEM in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
|
||||
loc_list="$loc_list $ITEM"
|
||||
done
|
||||
|
||||
echo "$loc_list"
|
||||
}
|
||||
|
||||
# Get the list of uncommented PSA_WANT_KEY_TYPE_xxx_ from CRYPTO_CONFIG_H. This
|
||||
# is useful to easily get a list of key type symbols to accelerate.
|
||||
# The function accepts a single argument which is the key type: ECC, DH, RSA.
|
||||
helper_get_psa_key_type_list() {
|
||||
KEY_TYPE="$1"
|
||||
loc_list=""
|
||||
for ITEM in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${KEY_TYPE}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do
|
||||
# Skip DERIVE for elliptic keys since there is no driver dispatch for
|
||||
# it so it cannot be accelerated.
|
||||
if [ "$ITEM" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then
|
||||
loc_list="$loc_list $ITEM"
|
||||
fi
|
||||
done
|
||||
|
||||
echo "$loc_list"
|
||||
}
|
||||
|
||||
# Build the drivers library libtestdriver1.a (with ASan).
|
||||
#
|
||||
# Parameters:
|
||||
|
|
@ -2297,11 +2338,12 @@ component_test_psa_crypto_config_accel_ecdsa () {
|
|||
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
||||
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
||||
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
|
||||
KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
$(helper_get_psa_key_type_list "ECC")"
|
||||
|
||||
# Note: Those are handled in a special way by the libtestdriver machinery,
|
||||
# so we only want to include them in the accel list when building the main
|
||||
# libraries, hence the use of a separate variable.
|
||||
loc_curve_list="$(helper_get_psa_curve_list)"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
|
@ -2326,7 +2368,7 @@ component_test_psa_crypto_config_accel_ecdsa () {
|
|||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecdsa_ library/ecdsa.o
|
||||
|
|
@ -2343,11 +2385,12 @@ component_test_psa_crypto_config_accel_ecdh () {
|
|||
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_ECDH \
|
||||
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
||||
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
|
||||
KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
$(helper_get_psa_key_type_list "ECC")"
|
||||
|
||||
# Note: Those are handled in a special way by the libtestdriver machinery,
|
||||
# so we only want to include them in the accel list when building the main
|
||||
# libraries, hence the use of a separate variable.
|
||||
loc_curve_list="$(helper_get_psa_curve_list)"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
|
@ -2370,7 +2413,7 @@ component_test_psa_crypto_config_accel_ecdh () {
|
|||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecdh_ library/ecdh.o
|
||||
|
|
@ -2387,11 +2430,7 @@ component_test_psa_crypto_config_accel_ffdh () {
|
|||
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_FFDH \
|
||||
KEY_TYPE_DH_KEY_PAIR_BASIC \
|
||||
KEY_TYPE_DH_KEY_PAIR_IMPORT \
|
||||
KEY_TYPE_DH_KEY_PAIR_EXPORT \
|
||||
KEY_TYPE_DH_KEY_PAIR_GENERATE \
|
||||
KEY_TYPE_DH_PUBLIC_KEY"
|
||||
$(helper_get_psa_key_type_list "DH")"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
|
@ -2447,7 +2486,13 @@ component_test_psa_crypto_config_reference_ffdh () {
|
|||
component_test_psa_crypto_config_accel_pake() {
|
||||
msg "build: full with accelerated PAKE"
|
||||
|
||||
loc_accel_list="ALG_JPAKE"
|
||||
loc_accel_list="ALG_JPAKE \
|
||||
$(helper_get_psa_key_type_list "ECC")"
|
||||
|
||||
# Note: Those are handled in a special way by the libtestdriver machinery,
|
||||
# so we only want to include them in the accel list when building the main
|
||||
# libraries, hence the use of a separate variable.
|
||||
loc_curve_list="$(helper_get_psa_curve_list)"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
|
@ -2463,7 +2508,7 @@ component_test_psa_crypto_config_accel_pake() {
|
|||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecjpake_init library/ecjpake.o
|
||||
|
|
@ -2475,6 +2520,186 @@ component_test_psa_crypto_config_accel_pake() {
|
|||
make test
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_ecc_some_key_types () {
|
||||
msg "build: full with accelerated EC algs and some key types"
|
||||
|
||||
# Algorithms and key types to accelerate
|
||||
# For key types, use an explicitly list to omit GENERATE (and DERIVE)
|
||||
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
||||
ALG_ECDH \
|
||||
ALG_JPAKE \
|
||||
KEY_TYPE_ECC_PUBLIC_KEY \
|
||||
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
||||
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_EXPORT"
|
||||
|
||||
# Note: Curves are handled in a special way by the libtestdriver machinery,
|
||||
# so we only want to include them in the accel list when building the main
|
||||
# libraries, hence the use of a separate variable.
|
||||
loc_curve_list="$(helper_get_psa_curve_list)"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# start with config full for maximum coverage (also enables USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
# Disable modules that are accelerated - some will be re-enabled
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
scripts/config.py unset MBEDTLS_ECP_C
|
||||
|
||||
# Disable all curves - those that aren't accelerated should be re-enabled
|
||||
helper_disable_builtin_curves
|
||||
|
||||
# Restartable feature is not yet supported by PSA. Once it will in
|
||||
# the future, the following line could be removed (see issues
|
||||
# 6061, 6332 and following ones)
|
||||
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
||||
|
||||
# this is not supported by the driver API yet
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
||||
# These hashes are needed for some ECDSA signature tests.
|
||||
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
||||
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
|
||||
|
||||
# ECP should be re-enabled but not the others
|
||||
not grep mbedtls_ecdh_ library/ecdh.o
|
||||
not grep mbedtls_ecdsa library/ecdsa.o
|
||||
not grep mbedtls_ecjpake library/ecjpake.o
|
||||
grep mbedtls_ecp library/ecp.o
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test suites: full with accelerated EC algs and some key types"
|
||||
make test
|
||||
}
|
||||
|
||||
# Run tests with only (non-)Weierstrass accelerated
|
||||
# Common code used in:
|
||||
# - component_test_psa_crypto_config_accel_ecc_weirstrass_curves
|
||||
# - component_test_psa_crypto_config_accel_ecc_non_weirstrass_curves
|
||||
common_test_psa_crypto_config_accel_ecc_some_curves () {
|
||||
WEIERSTRASS=$1
|
||||
if [ $WEIERSTRASS -eq 1 ]; then
|
||||
DESC="Weierstrass"
|
||||
else
|
||||
DESC="non-Weierstrass"
|
||||
fi
|
||||
|
||||
msg "build: full with accelerated EC algs and $DESC curves"
|
||||
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
||||
ALG_ECDH \
|
||||
ALG_JPAKE \
|
||||
$(helper_get_psa_key_type_list "ECC")"
|
||||
|
||||
# Note: Curves are handled in a special way by the libtestdriver machinery,
|
||||
# so we only want to include them in the accel list when building the main
|
||||
# libraries, hence the use of a separate variable.
|
||||
# Note: the following loop is a modified version of
|
||||
# helper_get_psa_curve_list that only keeps Weierstrass families.
|
||||
loc_weierstrass_list=""
|
||||
loc_non_weierstrass_list=""
|
||||
for ITEM in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
|
||||
case $ITEM in
|
||||
ECC_BRAINPOOL*|ECC_SECP*)
|
||||
loc_weierstrass_list="$loc_weierstrass_list $ITEM"
|
||||
;;
|
||||
*)
|
||||
loc_non_weierstrass_list="$loc_non_weierstrass_list $ITEM"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
if [ $WEIERSTRASS -eq 1 ]; then
|
||||
loc_curve_list=$loc_weierstrass_list
|
||||
else
|
||||
loc_curve_list=$loc_non_weierstrass_list
|
||||
fi
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# start with config full for maximum coverage (also enables USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
# Disable modules that are accelerated - some will be re-enabled
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
scripts/config.py unset MBEDTLS_ECP_C
|
||||
|
||||
# Disable all curves - those that aren't accelerated should be re-enabled
|
||||
helper_disable_builtin_curves
|
||||
|
||||
# Restartable feature is not yet supported by PSA. Once it will in
|
||||
# the future, the following line could be removed (see issues
|
||||
# 6061, 6332 and following ones)
|
||||
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
||||
|
||||
# this is not supported by the driver API yet
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
||||
# These hashes are needed for some ECDSA signature tests.
|
||||
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
||||
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
|
||||
|
||||
# We expect ECDH to be re-enabled for the missing curves
|
||||
grep mbedtls_ecdh_ library/ecdh.o
|
||||
# We expect ECP to be re-enabled, however the parts specific to the
|
||||
# families of curves that are accelerated should be ommited.
|
||||
# - functions with mxz in the name are specific to Montgomery curves
|
||||
# - ecp_muladd is specific to Weierstrass curves
|
||||
##nm library/ecp.o | tee ecp.syms
|
||||
if [ $WEIERSTRASS -eq 1 ]; then
|
||||
not grep mbedtls_ecp_muladd library/ecp.o
|
||||
grep mxz library/ecp.o
|
||||
else
|
||||
grep mbedtls_ecp_muladd library/ecp.o
|
||||
not grep mxz library/ecp.o
|
||||
fi
|
||||
# We expect ECDSA and ECJPAKE to be re-enabled only when
|
||||
# Weierstrass curves are not accelerated
|
||||
if [ $WEIERSTRASS -eq 1 ]; then
|
||||
not grep mbedtls_ecdsa library/ecdsa.o
|
||||
not grep mbedtls_ecjpake library/ecjpake.o
|
||||
else
|
||||
grep mbedtls_ecdsa library/ecdsa.o
|
||||
grep mbedtls_ecjpake library/ecjpake.o
|
||||
fi
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test suites: full with accelerated EC algs and $DESC curves"
|
||||
# does not work for PK (and above), see #8255
|
||||
make test SKIP_TEST_SUITES=pk,pkparse,pkwrite,x509parse,x509write,ssl,debug
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_ecc_weirstrass_curves () {
|
||||
common_test_psa_crypto_config_accel_ecc_some_curves 1
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_ecc_non_weirstrass_curves () {
|
||||
common_test_psa_crypto_config_accel_ecc_some_curves 0
|
||||
}
|
||||
|
||||
# Auxiliary function to build config for all EC based algorithms (EC-JPAKE,
|
||||
# ECDH, ECDSA) with and without drivers.
|
||||
# The input parameter is a boolean value which indicates:
|
||||
|
|
@ -2512,11 +2737,12 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
|
|||
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
||||
ALG_ECDH \
|
||||
ALG_JPAKE \
|
||||
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
||||
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
|
||||
KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
$(helper_get_psa_key_type_list "ECC")"
|
||||
|
||||
# Note: Those are handled in a special way by the libtestdriver machinery,
|
||||
# so we only want to include them in the accel list when building the main
|
||||
# libraries, hence the use of a separate variable.
|
||||
loc_curve_list="$(helper_get_psa_curve_list)"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
|
@ -2524,6 +2750,10 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
|
|||
# Use the same config as reference, only without built-in EC algs
|
||||
config_psa_crypto_config_ecp_light_only 1
|
||||
|
||||
# Do not disable builtin curves because that support is required for:
|
||||
# - MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||
# - MBEDTLS_PK_PARSE_EC_COMPRESSED
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
||||
|
|
@ -2532,7 +2762,7 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
|
|||
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
|
||||
|
||||
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecdsa_ library/ecdsa.o
|
||||
|
|
@ -2615,17 +2845,20 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
|
|||
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
||||
ALG_ECDH \
|
||||
ALG_JPAKE \
|
||||
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
||||
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
|
||||
KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
$(helper_get_psa_key_type_list "ECC")"
|
||||
|
||||
# Note: Those are handled in a special way by the libtestdriver machinery,
|
||||
# so we only want to include them in the accel list when building the main
|
||||
# libraries, hence the use of a separate variable.
|
||||
loc_curve_list="$(helper_get_psa_curve_list)"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Set common configurations between library's and driver's builds
|
||||
config_psa_crypto_no_ecp_at_all 1
|
||||
# Disable all the builtin curves. All the required algs are accelerated.
|
||||
helper_disable_builtin_curves
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
|
@ -2637,13 +2870,13 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
|
|||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
|
||||
|
||||
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecdsa_ library/ecdsa.o
|
||||
not grep mbedtls_ecdh_ library/ecdh.o
|
||||
not grep mbedtls_ecjpake_ library/ecjpake.o
|
||||
# Also ensure that ECP or RSA modules were not re-enabled
|
||||
# Also ensure that ECP module was not re-enabled
|
||||
not grep mbedtls_ecp_ library/ecp.o
|
||||
|
||||
# Run the tests
|
||||
|
|
@ -2783,27 +3016,26 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
|
|||
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
||||
ALG_ECDH \
|
||||
ALG_JPAKE \
|
||||
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
||||
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
|
||||
KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
$(helper_get_psa_key_type_list "ECC")"
|
||||
# Optionally we can also add DH to the list of accelerated items
|
||||
if [ "$TEST_TARGET" = "ECC_DH" ]; then
|
||||
loc_accel_list="$loc_accel_list \
|
||||
ALG_FFDH \
|
||||
KEY_TYPE_DH_KEY_PAIR_BASIC \
|
||||
KEY_TYPE_DH_KEY_PAIR_IMPORT \
|
||||
KEY_TYPE_DH_KEY_PAIR_EXPORT \
|
||||
KEY_TYPE_DH_KEY_PAIR_GENERATE \
|
||||
KEY_TYPE_DH_PUBLIC_KEY"
|
||||
$(helper_get_psa_key_type_list "DH")"
|
||||
fi
|
||||
|
||||
# Note: Those are handled in a special way by the libtestdriver machinery,
|
||||
# so we only want to include them in the accel list when building the main
|
||||
# libraries, hence the use of a separate variable.
|
||||
loc_curve_list="$(helper_get_psa_curve_list)"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Set common configurations between library's and driver's builds
|
||||
config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$TEST_TARGET"
|
||||
# Disable all the builtin curves. All the required algs are accelerated.
|
||||
helper_disable_builtin_curves
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
|
@ -2815,7 +3047,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
|
|||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
|
||||
|
||||
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecdsa_ library/ecdsa.o
|
||||
|
|
@ -2949,6 +3181,7 @@ component_test_tfm_config_p256m_driver_accel_ec () {
|
|||
# builtin support.
|
||||
loc_accel_list="ALG_ECDSA \
|
||||
ALG_ECDH \
|
||||
ECC_SECP_R1_256 \
|
||||
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
||||
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
||||
|
|
@ -2959,6 +3192,7 @@ component_test_tfm_config_p256m_driver_accel_ec () {
|
|||
# Build crypto library specifying we want to use P256M code for EC operations
|
||||
make CFLAGS="$ASAN_CFLAGS $loc_accel_flags -DMBEDTLS_PSA_P256M_DRIVER_ENABLED" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
|
||||
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecdsa_ library/ecdsa.o
|
||||
not grep mbedtls_ecdh_ library/ecdh.o
|
||||
|
|
@ -2987,116 +3221,6 @@ component_test_tfm_config() {
|
|||
make test
|
||||
}
|
||||
|
||||
# Helper function used in:
|
||||
# - component_test_psa_crypto_config_accel_all_curves_except_p192
|
||||
# - component_test_psa_crypto_config_accel_all_curves_except_x25519
|
||||
# to build and test with all accelerated curves a part from the specified one.
|
||||
psa_crypto_config_accel_all_curves_except_one () {
|
||||
BUILTIN_CURVE=$1
|
||||
|
||||
msg "build: full + all accelerated EC algs (excl $BUILTIN_CURVE)"
|
||||
|
||||
# Accelerate all EC algs (all EC curves are automatically accelerated as
|
||||
# well in the built-in version due to the "PSA_WANT_xxx" symbols in
|
||||
# "crypto_config.h")
|
||||
loc_accel_list="ALG_ECDH \
|
||||
ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
||||
ALG_JPAKE \
|
||||
KEY_TYPE_ECC_KEY_PAIR_BASIC \
|
||||
KEY_TYPE_ECC_KEY_PAIR_IMPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
||||
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
|
||||
KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
# restartable is not yet supported in PSA
|
||||
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
||||
|
||||
# disable modules for which we have drivers
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
|
||||
# Ensure also RSA and asssociated algs are disabled so that the size of
|
||||
# the public/private keys cannot be taken from there
|
||||
scripts/config.py unset MBEDTLS_RSA_C
|
||||
scripts/config.py unset MBEDTLS_PKCS1_V15
|
||||
scripts/config.py unset MBEDTLS_PKCS1_V21
|
||||
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
# Disable RSA on the PSA side too
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
|
||||
# Also disable key exchanges that depend on RSA
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
|
||||
# Explicitly disable all SW implementation for elliptic curves
|
||||
scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
|
||||
# Just leave SW implementation for the specified curve for allowing to
|
||||
# build with ECP_C.
|
||||
scripts/config.py set $BUILTIN_CURVE
|
||||
# Accelerate all curves listed in "crypto_config.h" (skipping the ones that
|
||||
# are commented out).
|
||||
# Note: Those are handled in a special way by the libtestdriver machinery,
|
||||
# so we only want to include them in the accel list when building the main
|
||||
# libraries, hence the use of a separate variable.
|
||||
loc_curve_list=""
|
||||
for CURVE in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
|
||||
loc_curve_list="$loc_curve_list $CURVE"
|
||||
done
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
||||
# These hashes are needed for some ECDSA signature tests.
|
||||
loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
||||
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
|
||||
# (See above regarding loc_curve_list.)
|
||||
helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
|
||||
|
||||
# make sure excluded modules were not auto-re-enabled by accident
|
||||
not grep mbedtls_ecdh_ library/ecdh.o
|
||||
not grep mbedtls_ecdsa_ library/ecdsa.o
|
||||
not grep mbedtls_ecjpake_ library/ecjpake.o
|
||||
if [ $BUILTIN_CURVE == "MBEDTLS_ECP_DP_SECP192R1_ENABLED" ]; then
|
||||
# The only built-in curve is Short Weierstrass, so ECP shouldn't have
|
||||
# support for Montgomery curves. Functions with mxz in their name
|
||||
# are specific to Montgomery curves.
|
||||
not grep mxz library/ecp.o
|
||||
elif [ $BUILTIN_CURVE == "MBEDTLS_ECP_DP_CURVE25519_ENABLED" ]; then
|
||||
# The only built-in curve is Montgomery, so ECP shouldn't have
|
||||
# support for Short Weierstrass curves. Functions with mbedtls_ecp_muladd
|
||||
# in their name are specific to Short Weierstrass curves.
|
||||
not grep mbedtls_ecp_muladd library/ecp.o
|
||||
else
|
||||
err_msg "Error: $BUILTIN_CURVE is not supported in psa_crypto_config_accel_all_curves_except_one()"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: full + all accelerated EC algs (excl $BUILTIN_CURVE)"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_all_curves_except_p192 () {
|
||||
psa_crypto_config_accel_all_curves_except_one MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_all_curves_except_x25519 () {
|
||||
psa_crypto_config_accel_all_curves_except_one MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
}
|
||||
|
||||
# Common helper for component_full_without_ecdhe_ecdsa() and
|
||||
# component_full_without_ecdhe_ecdsa_and_tls13() which:
|
||||
# - starts from the "full" configuration minus the list of symbols passed in
|
||||
|
|
@ -3585,12 +3709,7 @@ component_build_psa_accel_key_type_ecc_key_pair() {
|
|||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set-all "PSA_WANT_KEY_TYPE_ECC_[0-9A-Z_a-z]*"
|
||||
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -263,6 +263,14 @@ TASKS = {
|
|||
'ECP test vectors secp384r1 rfc 5114',
|
||||
'ECP test vectors secp521r1 rfc 5114',
|
||||
],
|
||||
'test_suite_psa_crypto': [
|
||||
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
|
||||
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
|
||||
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
|
||||
'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
|
||||
'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
|
||||
'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
|
||||
],
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1973,7 +1973,8 @@ trap cleanup INT TERM HUP
|
|||
# - the expected parameters are selected
|
||||
requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
|
||||
requires_hash_alg SHA_512 # "signature_algorithm ext: 6"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
requires_any_configs_enabled "MBEDTLS_ECP_DP_CURVE25519_ENABLED \
|
||||
PSA_WANT_ECC_MONTGOMERY_255"
|
||||
run_test "Default, TLS 1.2" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI force_version=tls12" \
|
||||
|
|
@ -2644,7 +2645,8 @@ run_test "Unique IV in GCM" \
|
|||
-U "IV used"
|
||||
|
||||
# Test for correctness of sent single supported algorithm
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_any_configs_enabled "MBEDTLS_ECP_DP_SECP256R1_ENABLED \
|
||||
PSA_WANT_ECC_SECP_R1_256"
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
|
|
@ -2659,7 +2661,8 @@ run_test "Single supported algorithm sending: mbedtls client" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_any_configs_enabled "MBEDTLS_ECP_DP_SECP256R1_ENABLED \
|
||||
PSA_WANT_ECC_SECP_R1_256"
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Single supported algorithm sending: openssl client" \
|
||||
"$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
|
||||
|
|
@ -11305,8 +11308,8 @@ run_test "TLS 1.3: Test gnutls tls1_3 feature" \
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
requires_ciphersuite_enabled TLS1-3-CHACHA20-POLY1305-SHA256
|
||||
requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_any_configs_enabled "PSA_WANT_ECC_MONTGOMERY_255"
|
||||
requires_any_configs_enabled "PSA_WANT_ECC_SECP_R1_256"
|
||||
run_test "TLS 1.3: Default" \
|
||||
"$P_SRV allow_sha1=0 debug_level=3 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13" \
|
||||
"$P_CLI allow_sha1=0" \
|
||||
|
|
|
|||
|
|
@ -63,5 +63,5 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA
|
|||
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
|
||||
|
||||
Debug print certificate #2 (EC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
|
||||
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
|
||||
|
|
|
|||
|
|
@ -13,39 +13,39 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
|||
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA"
|
||||
|
||||
PK utils: ECKEY SECP192R1
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC"
|
||||
|
||||
PK utils: ECKEY_DH SECP192R1
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH"
|
||||
|
||||
PK utils: ECKEY_DH Curve25519
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH"
|
||||
|
||||
PK utils: ECKEY_DH Curve448
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
|
||||
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH"
|
||||
|
||||
PK utils: ECDSA SECP192R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:192:24:"ECDSA"
|
||||
|
||||
PK utils: ECDSA SECP256R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:256:32:"ECDSA"
|
||||
|
||||
PK utils: ECDSA SECP384R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1
|
||||
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:384:48:"ECDSA"
|
||||
|
||||
PK utils: ECDSA SECP521R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA"
|
||||
|
||||
PK PSA utilities: ECDSA setup/free, info functions, unsupported operations
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_psa_utils:0
|
||||
|
||||
PK PSA utilities: RSA setup/free, info functions, unsupported operations
|
||||
|
|
@ -53,95 +53,95 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
|||
pk_psa_utils:1
|
||||
|
||||
PK can do ext: ECDSA(ANY)/NONE, invalid check STREAM_CIPHER
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_SIGN_HASH:0
|
||||
|
||||
PK can do ext: ECDSA(ANY)/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
|
||||
|
||||
PK can do ext: ECDSA(ANY)/NONE, invalid check RSA_PKCS1V15_CRYPT
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_SIGN_HASH:0
|
||||
|
||||
PK can do ext: ECDSA(ANY)/NONE, invalid check RSA_PSS(SHA256)
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
|
||||
|
||||
PK can do ext: ECDSA(ANY)/NONE, invalid check ECDH
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:0
|
||||
|
||||
PK can do ext: ECDSA(ANY)/NONE, check ECDSA(SHA256)
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
|
||||
|
||||
PK can do ext: ECDSA(SHA256)/NONE, check ECDSA(SHA256)
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
|
||||
|
||||
PK can do ext: NONE/ECDSA(ANY_HASH), check ECDSA(SHA256)
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
|
||||
|
||||
PK can do ext: NONE/ECDSA(SHA256), check ECDSA(SHA256)
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
|
||||
|
||||
PK can do ext: ECDSA(SHA256)/NONE, invalid check ECDSA(ANY)
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN_HASH:0
|
||||
|
||||
PK can do ext: ECDSA(SHA1)/NONE, invalid check ECDSA(SHA256)
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_1):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
|
||||
|
||||
PK can do ext: ECDH/NONE, invalid check STREAM_CIPHER
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_DERIVE:0
|
||||
|
||||
PK can do ext: ECDH/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0
|
||||
|
||||
PK can do ext: ECDH/NONE, invalid check RSA_PKCS1V15_CRYPT
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:0
|
||||
|
||||
PK can do ext: ECDH/NONE, invalid check RSA_PSS(SHA256)
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0
|
||||
|
||||
PK can do ext: ECDH/NONE, invalid check ECDSA(SHA256)
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0
|
||||
|
||||
PK can do ext: ECDH/NONE, check ECDH
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
|
||||
|
||||
PK can do ext: ECDH/ECDSA(ANY), check ECDH+SIGN
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:1
|
||||
|
||||
PK can do ext: ECDH/ECDSA(ANY), check ECDH+DERIVE
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
|
||||
|
||||
PK can do ext: ECDH/ECDSA(ANY), check ECDH+DERIVE|SIGN
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
|
||||
|
||||
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE|SIGN
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
|
||||
|
||||
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+SIGN
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
|
||||
|
||||
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:1
|
||||
|
||||
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check not allowed COPY usage
|
||||
|
|
@ -289,11 +289,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
|||
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
|
||||
|
||||
PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
|
||||
|
||||
PK can do ext: MBEDTLS_PK_ECKEY, check ECDH
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
|
||||
|
||||
PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256)
|
||||
|
|
@ -321,83 +321,83 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15
|
|||
pk_rsa_verify_test_vec:"9f294f0c7b32da6221a3ef83654322038e8968fa":MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"3203b7647fb7e345aa457681e5131777f1adc371f2fba8534928c4e52ef6206a856425d6269352ecbf64db2f6ad82397768cafdd8cd272e512d617ad67992226da6bc291c31404c17fd4b7e2beb20eff284a44f4d7af47fd6629e2c95809fa7f2241a04f70ac70d3271bb13258af1ed5c5988c95df7fa26603515791075feccd":MBEDTLS_ERR_RSA_VERIFY_FAILED
|
||||
|
||||
ECDSA verify test vector #1 (good)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:"046FDD3028FA94A863CD4F78DBFF8B3AA561FC6D9CCBBCA88E0AE6FA437F5415F957542D0717FF8B84562DAE99872EF841":"546869732073686F756C64206265207468652068617368206F662061206D6573736167652E00":"30350218185B2A7FB5CD9C9A8488B119B68B47D6EC833509CE9FA1FF021900FB7D259A744A2348BD45D241A39DC915B81CC2084100FA24":0
|
||||
|
||||
ECDSA verify test vector #2 (bad)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:"046FDD3028FA94A863CD4F78DBFF8B3AA561FC6D9CCBBCA88E0AE6FA437F5415F957542D0717FF8B84562DAE99872EF841":"546869732073686F756C64206265207468652068617368206F662061206D6573736167652E00":"30350218185B2A7FB5CD9C9A8488B119B68B47D6EC833509CE9FA1FF021900FB7D259A744A2348BD45D241A39DC915B81CC2084100FA25":MBEDTLS_ERR_ECP_VERIFY_FAILED
|
||||
|
||||
EC(DSA) verify test vector #1 (good)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:"046FDD3028FA94A863CD4F78DBFF8B3AA561FC6D9CCBBCA88E0AE6FA437F5415F957542D0717FF8B84562DAE99872EF841":"546869732073686F756C64206265207468652068617368206F662061206D6573736167652E00":"30350218185B2A7FB5CD9C9A8488B119B68B47D6EC833509CE9FA1FF021900FB7D259A744A2348BD45D241A39DC915B81CC2084100FA24":0
|
||||
|
||||
EC(DSA) verify test vector #2 (bad)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:"046FDD3028FA94A863CD4F78DBFF8B3AA561FC6D9CCBBCA88E0AE6FA437F5415F957542D0717FF8B84562DAE99872EF841":"546869732073686F756C64206265207468652068617368206F662061206D6573736167652E00":"30350218185B2A7FB5CD9C9A8488B119B68B47D6EC833509CE9FA1FF021900FB7D259A744A2348BD45D241A39DC915B81CC2084100FA25":MBEDTLS_ERR_ECP_VERIFY_FAILED
|
||||
|
||||
EC(DSA) verify test vector: good, bitlen(r) = 256
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"3046022100faecc085c6c5362b91ff1fd6dd77da80bc071bee9ff1ac0ef9509c017f13267c022100a7d0b908c938d3dd6c6a9cdc5b0a4a4ee455c519c1ff6cda959806b7e7461ba0":0
|
||||
|
||||
EC(DSA) verify test vector: good, bitlen(r) = 255
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30450220639f36215b2ff09bb2beb871e122de74c8d5e29ce8a105aa2b95661f42803e72022100becd8f81b2c186f9d5d2c92378d7b9452ce6de231b0c8d17bac2d8537d2331fd":0
|
||||
|
||||
EC(DSA) verify test vector: good, bitlen(r) = 248
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30450220009109f967f9082abc9c46e5ea07936529b82023a1a49b872c046f430983db2602210085f0b1960d61f8d75109b5b7ff991d3171320d2ab547104f864048455a965090":0
|
||||
|
||||
EC(DSA) verify test vector: good, bitlen(r) = 247
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"3044021f461786833b50247b07194da6cedbd3caefbcd19c73b6283ccff5097cd0d73b022100d85d20b0b8c3b596eb1cdb0381e681fa0a8bccde4e89c139020af3b0f88e099c":0
|
||||
|
||||
EC(DSA) verify test vector: good, bitlen(s) = 256
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30450220639f36215b2ff09bb2beb871e122de74c8d5e29ce8a105aa2b95661f42803e72022100becd8f81b2c186f9d5d2c92378d7b9452ce6de231b0c8d17bac2d8537d2331fd":0
|
||||
|
||||
EC(DSA) verify test vector: good, bitlen(s) = 255
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"304402206ae26950c606d08fe5e1682efdccfb3a7213ca46bd523ffd20c4213fe1400d3402207612106ada7055926167650b257da7f4c42c190b8aa9e3b680f8751fe90c63a5":0
|
||||
|
||||
EC(DSA) verify test vector: good, bitlen(s) = 248
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"3045022100fd4d718ab483827492e10b89745fad100d2dd257102b99aff179ee596a569f1f022000a1b777e32a8b4909763b615b805e59194e6196eb05719287a36eb5f17aa485":0
|
||||
|
||||
EC(DSA) verify test vector: good, bitlen(s) = 247
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30430220685a6994daa6a14e4411b5267edc2a00beee907f2dddd956b2a5a1df791c15f8021f675db4538c000c734489ac737fddd5a739c5a23cd6c6eceea70c286ca4fac9":0
|
||||
|
||||
ECDSA sign-verify: SECP192R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0
|
||||
|
||||
ECDSA sign-verify: SECP256R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0
|
||||
|
||||
ECDSA sign-verify: SECP384R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0
|
||||
|
||||
ECDSA sign-verify: SECP521R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0
|
||||
|
||||
ECDSA sign-verify: BP256R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP256R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0
|
||||
|
||||
ECDSA sign-verify: BP512R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP512R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0
|
||||
|
||||
EC(DSA) sign-verify: SECP192R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0
|
||||
|
||||
EC_DH (no) sign-verify: SECP192R1
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
RSA sign-verify
|
||||
|
|
@ -525,11 +525,11 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
|
|||
pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED
|
||||
|
||||
Check pair #1 (EC, OK)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PEM_PARSE_C
|
||||
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
|
||||
|
||||
Check pair #2 (EC, bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PEM_PARSE_C
|
||||
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
Check pair #3 (RSA, OK)
|
||||
|
|
@ -541,7 +541,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C
|
|||
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
Check pair #5 (RSA vs EC)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
|
||||
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
RSA hash_len overflow (size_t vs unsigned int)
|
||||
|
|
@ -549,72 +549,72 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64
|
|||
pk_rsa_overflow:
|
||||
|
||||
ECDSA restartable sign/verify: ECDSA, max_ops=0 (disabled)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
|
||||
pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0
|
||||
|
||||
ECDSA restartable sign/verify: ECKEY, max_ops=0 (disabled)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
|
||||
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0
|
||||
|
||||
ECDSA restartable sign/verify: ECDSA, max_ops=1
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
|
||||
pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":1:1:10000
|
||||
|
||||
ECDSA restartable sign/verify: ECKEY, max_ops=1
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
|
||||
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":1:1:10000
|
||||
|
||||
ECDSA restartable sign/verify: ECDSA, max_ops=10000
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
|
||||
pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":10000:0:0
|
||||
|
||||
ECDSA restartable sign/verify: ECKEY, max_ops=10000
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
|
||||
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":10000:0:0
|
||||
|
||||
ECDSA restartable sign/verify: ECDSA, max_ops=250
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
|
||||
pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64
|
||||
|
||||
ECDSA restartable sign/verify: ECKEY, max_ops=250
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
|
||||
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64
|
||||
|
||||
PSA wrapped sign: SECP256R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256
|
||||
|
||||
PSA wrapped sign: SECP384R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1
|
||||
pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384
|
||||
|
||||
PSA wrapped sign: SECP521R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521
|
||||
|
||||
PSA wrapped sign: SECP192K1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192K1
|
||||
pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192
|
||||
|
||||
## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336
|
||||
# PSA wrapped sign: SECP224K1
|
||||
# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||
# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP224K1
|
||||
# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224
|
||||
|
||||
PSA wrapped sign: SECP256K1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256K1
|
||||
pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256
|
||||
|
||||
PSA wrapped sign: BP256R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_BP256R1
|
||||
pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256
|
||||
|
||||
PSA wrapped sign: BP384R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_BP384R1
|
||||
pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384
|
||||
|
||||
PSA wrapped sign: BP512R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_BP512R1
|
||||
pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512
|
||||
|
||||
PSA wrapped sign: RSA PKCS1 v1.5
|
||||
|
|
@ -646,15 +646,15 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN
|
|||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
|
||||
|
||||
PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
|
||||
pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256
|
||||
|
||||
PK Sign ext:SECP384R1,PK_ECDSA,MD_SHA384
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA384
|
||||
pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384
|
||||
|
||||
PK Sign ext:SECP521R1,PK_ECDSA,MD_SHA512
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA512
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1:MBEDTLS_MD_CAN_SHA512
|
||||
pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512
|
||||
|
||||
PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA256
|
||||
|
|
|
|||
|
|
@ -905,11 +905,11 @@ Parse Public RSA Key #4 (PKCS#1 wrapped, DER)
|
|||
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0
|
||||
|
||||
Parse Public EC Key #1 (RFC 5480, DER)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0
|
||||
|
||||
Parse Public EC Key #2 (RFC 5480, PEM)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0
|
||||
|
||||
Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)
|
||||
|
|
@ -917,7 +917,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
|
|||
pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0
|
||||
|
||||
Parse Public EC Key #3 (RFC 5480, secp224r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP224R1
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0
|
||||
|
||||
# Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and
|
||||
|
|
@ -927,7 +927,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
|
|||
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
|
||||
|
||||
Parse Public EC Key #4 (RFC 5480, secp256r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
|
||||
|
||||
Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)
|
||||
|
|
@ -935,7 +935,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
|
|||
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0
|
||||
|
||||
Parse Public EC Key #5 (RFC 5480, secp384r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP384R1
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0
|
||||
|
||||
Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)
|
||||
|
|
@ -943,7 +943,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
|
|||
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0
|
||||
|
||||
Parse Public EC Key #6 (RFC 5480, secp521r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0
|
||||
|
||||
Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)
|
||||
|
|
@ -951,7 +951,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
|
|||
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0
|
||||
|
||||
Parse Public EC Key #7 (RFC 5480, brainpoolP256r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP256R1
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0
|
||||
|
||||
Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)
|
||||
|
|
@ -959,7 +959,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2
|
|||
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0
|
||||
|
||||
Parse Public EC Key #8 (RFC 5480, brainpoolP384r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP384R1
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0
|
||||
|
||||
Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)
|
||||
|
|
@ -967,7 +967,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3
|
|||
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0
|
||||
|
||||
Parse Public EC Key #9 (RFC 5480, brainpoolP512r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP512R1
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
|
||||
|
||||
Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)
|
||||
|
|
@ -975,27 +975,27 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP5
|
|||
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0
|
||||
|
||||
Parse Public EC Key #10 (RFC 8410, DER, X25519)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.der":0
|
||||
|
||||
Parse Public EC Key #11 (RFC 8410, DER, X448)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.der":0
|
||||
|
||||
Parse Public EC Key #12 (RFC 8410, PEM, X25519)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.pem":0
|
||||
|
||||
Parse Public EC Key #13 (RFC 8410, PEM, X448)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.pem":0
|
||||
|
||||
Parse EC Key #1 (SEC1 DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
|
||||
|
||||
Parse EC Key #2 (SEC1 PEM)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0
|
||||
|
||||
Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)
|
||||
|
|
@ -1003,43 +1003,43 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
|
|||
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0
|
||||
|
||||
Parse EC Key #3 (SEC1 PEM encrypted)
|
||||
depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
|
||||
depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
|
||||
|
||||
Parse EC Key #4 (PKCS8 DER)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
|
||||
|
||||
Parse EC Key #4a (PKCS8 DER, no public key)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
|
||||
|
||||
Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
|
||||
|
||||
Parse EC Key #4c (PKCS8 DER, with parameters)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
|
||||
|
||||
Parse EC Key #5 (PKCS8 PEM)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0
|
||||
|
||||
Parse EC Key #5a (PKCS8 PEM, no public key)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
|
||||
|
||||
Parse EC Key #5b (PKCS8 PEM, no public key, with parameters)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
|
||||
|
||||
Parse EC Key #5c (PKCS8 PEM, with parameters)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
|
||||
|
||||
Parse EC Key #8 (SEC1 PEM, secp224r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP224R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0
|
||||
|
||||
Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)
|
||||
|
|
@ -1047,7 +1047,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
|
|||
pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0
|
||||
|
||||
Parse EC Key #9 (SEC1 PEM, secp256r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
|
||||
|
||||
Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)
|
||||
|
|
@ -1055,7 +1055,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
|
|||
pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0
|
||||
|
||||
Parse EC Key #10 (SEC1 PEM, secp384r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP384R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0
|
||||
|
||||
Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)
|
||||
|
|
@ -1063,7 +1063,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
|
|||
pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0
|
||||
|
||||
Parse EC Key #11 (SEC1 PEM, secp521r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0
|
||||
|
||||
Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)
|
||||
|
|
@ -1071,7 +1071,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
|
|||
pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0
|
||||
|
||||
Parse EC Key #12 (SEC1 PEM, bp256r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP256R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0
|
||||
|
||||
Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)
|
||||
|
|
@ -1079,7 +1079,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2
|
|||
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0
|
||||
|
||||
Parse EC Key #13 (SEC1 PEM, bp384r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP384R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0
|
||||
|
||||
Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)
|
||||
|
|
@ -1087,7 +1087,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3
|
|||
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0
|
||||
|
||||
Parse EC Key #14 (SEC1 PEM, bp512r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP512R1
|
||||
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
|
||||
|
||||
Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)
|
||||
|
|
@ -1099,19 +1099,19 @@ depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
|
|||
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
|
||||
|
||||
Parse EC Key #16 (RFC 8410, DER, X25519)
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_parse_keyfile_ec:"data_files/ec_x25519_prv.der":"NULL":0
|
||||
|
||||
Parse EC Key #17 (RFC 8410, DER, X448)
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_CURVE448
|
||||
pk_parse_keyfile_ec:"data_files/ec_x448_prv.der":"NULL":0
|
||||
|
||||
Parse EC Key #18 (RFC 8410, PEM, X25519)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_parse_keyfile_ec:"data_files/ec_x25519_prv.pem":"NULL":0
|
||||
|
||||
Parse EC Key #19 (RFC 8410, PEM, X448)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
|
||||
pk_parse_keyfile_ec:"data_files/ec_x448_prv.pem":"NULL":0
|
||||
|
||||
Key ASN1 (No data)
|
||||
|
|
@ -1197,31 +1197,31 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
|
|||
pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (OneAsymmetricKey X25519, with NULL private key)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier)
|
||||
pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
# From RFC8410 Appendix A but made into version 0
|
||||
OneAsymmetricKey X25519, doesn't match masking requirements #1
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_parse_fix_montgomery:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"
|
||||
|
||||
# Full inverse of the expected x25519 pattern:
|
||||
|
|
@ -1230,7 +1230,7 @@ pk_parse_fix_montgomery:"302e020100300506032b656e04220420f8fffffffffffffffffffff
|
|||
# - 2nd MSb to 0
|
||||
# Note: Montgomery keys are written in Little endian format.
|
||||
OneAsymmetricKey X25519, doesn't match masking requirements #2
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_parse_fix_montgomery:"302e020100300506032b656e04220420ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbf":"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"
|
||||
|
||||
# Full inverse of the expected x448 pattern:
|
||||
|
|
@ -1238,5 +1238,5 @@ pk_parse_fix_montgomery:"302e020100300506032b656e04220420fffffffffffffffffffffff
|
|||
# - MSb to 0
|
||||
# Note: Montgomery keys are written in Little endian format.
|
||||
OneAsymmetricKey X448, doesn't match masking requirements #3
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
depends_on:MBEDTLS_ECP_HAVE_CURVE448
|
||||
pk_parse_fix_montgomery:"3046020100300506032b656f043a0438ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f":"3046020100300506032b656f043a0438fcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
|
||||
|
|
|
|||
|
|
@ -15,43 +15,43 @@ depends_on:MBEDTLS_RSA_C
|
|||
pk_write_pubkey_check:"data_files/rsa4096_pub.der":TEST_DER
|
||||
|
||||
Public key write check EC 192 bits
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM
|
||||
|
||||
Public key write check EC 192 bits (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_write_pubkey_check:"data_files/ec_pub.der":TEST_DER
|
||||
|
||||
Public key write check EC 521 bits
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM
|
||||
|
||||
Public key write check EC 521 bits (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_write_pubkey_check:"data_files/ec_521_pub.der":TEST_DER
|
||||
|
||||
Public key write check EC Brainpool 512 bits
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_BP512R1
|
||||
pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM
|
||||
|
||||
Public key write check EC Brainpool 512 bits (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_BP512R1
|
||||
pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER
|
||||
|
||||
Public key write check EC X25519
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_write_pubkey_check:"data_files/ec_x25519_pub.pem":TEST_PEM
|
||||
|
||||
Public key write check EC X25519 (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_write_pubkey_check:"data_files/ec_x25519_pub.der":TEST_DER
|
||||
|
||||
Public key write check EC X448
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE448
|
||||
pk_write_pubkey_check:"data_files/ec_x448_pub.pem":TEST_PEM
|
||||
|
||||
Public key write check EC X448 (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
|
||||
pk_write_pubkey_check:"data_files/ec_x448_pub.der":TEST_DER
|
||||
|
||||
Private key write check RSA
|
||||
|
|
@ -71,59 +71,59 @@ depends_on:MBEDTLS_RSA_C
|
|||
pk_write_key_check:"data_files/rsa4096_prv.der":TEST_DER
|
||||
|
||||
Private key write check EC 192 bits
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM
|
||||
|
||||
Private key write check EC 192 bits (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_write_key_check:"data_files/ec_prv.sec1.der":TEST_DER
|
||||
|
||||
Private key write check EC 256 bits (top bit set)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM
|
||||
|
||||
Private key write check EC 256 bits (top bit set) (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_write_key_check:"data_files/ec_256_long_prv.der":TEST_DER
|
||||
|
||||
Private key write check EC 521 bits
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM
|
||||
|
||||
Private key write check EC 521 bits (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_write_key_check:"data_files/ec_521_prv.der":TEST_DER
|
||||
|
||||
Private key write check EC 521 bits (top byte is 0)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM
|
||||
|
||||
Private key write check EC 521 bits (top byte is 0) (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_write_key_check:"data_files/ec_521_short_prv.der":TEST_DER
|
||||
|
||||
Private key write check EC Brainpool 512 bits
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_BP512R1
|
||||
pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM
|
||||
|
||||
Private key write check EC Brainpool 512 bits (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_BP512R1
|
||||
pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER
|
||||
|
||||
Private key write check EC X25519
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_write_key_check:"data_files/ec_x25519_prv.pem":TEST_PEM
|
||||
|
||||
Private key write check EC X25519 (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_write_key_check:"data_files/ec_x25519_prv.der":TEST_DER
|
||||
|
||||
Private key write check EC X448
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE448
|
||||
pk_write_key_check:"data_files/ec_x448_prv.pem":TEST_PEM
|
||||
|
||||
Private key write check EC X448 (DER)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
|
||||
pk_write_key_check:"data_files/ec_x448_prv.der":TEST_DER
|
||||
|
||||
Derive public key RSA
|
||||
|
|
@ -135,21 +135,21 @@ depends_on:MBEDTLS_RSA_C
|
|||
pk_write_public_from_private:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der"
|
||||
|
||||
Derive public key EC 192 bits
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der"
|
||||
|
||||
Derive public key EC 521 bits
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der"
|
||||
|
||||
Derive public key EC Brainpool 512 bits
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_BP512R1
|
||||
pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der"
|
||||
|
||||
Derive public key EC X25519
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
pk_write_public_from_private:"data_files/ec_x25519_prv.der":"data_files/ec_x25519_pub.der"
|
||||
|
||||
Derive public key EC X448
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
|
||||
pk_write_public_from_private:"data_files/ec_x448_prv.der":"data_files/ec_x448_pub.der"
|
||||
|
|
|
|||
|
|
@ -4813,7 +4813,7 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_P
|
|||
sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":72:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA sign message: deterministic ECDSA not supported
|
||||
depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_384
|
||||
sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":96:PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA sign message: ECDSA without hash
|
||||
|
|
|
|||
|
|
@ -365,27 +365,27 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE
|
|||
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3
|
||||
|
||||
Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0
|
||||
|
||||
Handshake, RSA-WITH-AES-128-CCM
|
||||
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0
|
||||
|
||||
Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0
|
||||
|
||||
Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0
|
||||
|
||||
Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
|
||||
|
||||
Handshake, PSK-WITH-AES-128-CBC-SHA
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
|
||||
|
||||
DTLS Handshake, tls1_2
|
||||
|
|
@ -393,31 +393,31 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_CAN_HANDLE_RS
|
|||
handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1
|
||||
|
||||
DTLS Handshake, RSA-WITH-AES-128-CCM
|
||||
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1
|
||||
|
||||
DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1
|
||||
|
||||
DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1
|
||||
|
||||
DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
|
||||
|
||||
DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1
|
||||
|
||||
DTLS Handshake with serialization, tls1_2
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS
|
||||
handshake_serialization
|
||||
|
||||
DTLS Handshake fragmentation, MFL=512
|
||||
|
|
@ -437,143 +437,143 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE
|
|||
handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3
|
||||
|
||||
Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||
|
||||
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||
|
||||
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Sending app data via TLS, MFL=512 without fragmentation
|
||||
|
|
@ -3300,7 +3300,7 @@ SSL TLS 1.3 Key schedule: PSK binder
|
|||
# Vector from RFC 8448
|
||||
# For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"'
|
||||
# For all other data, see Section 4, 'construct a ClientHello handshake message:'
|
||||
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_ECP_HAVE_CURVE25519
|
||||
ssl_tls13_create_psk_binder:PSA_ALG_SHA_256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"
|
||||
|
||||
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
|
||||
|
|
@ -3335,15 +3335,15 @@ depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_
|
|||
ssl_serialize_session_save_load:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, save-load: no ticket, cert
|
||||
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
ssl_serialize_session_save_load:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, save-load: small ticket, cert
|
||||
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
ssl_serialize_session_save_load:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, save-load: large ticket, cert
|
||||
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
ssl_serialize_session_save_load:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
TLS 1.3: CLI: Session serialization, save-load: no ticket
|
||||
|
|
@ -3375,15 +3375,15 @@ depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_
|
|||
ssl_serialize_session_load_save:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, load-save: no ticket, cert
|
||||
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
ssl_serialize_session_load_save:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, load-save: small ticket, cert
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
ssl_serialize_session_load_save:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, load-save: large ticket, cert
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
ssl_serialize_session_load_save:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
TLS 1.3: CLI: Session serialization, load-save: no ticket
|
||||
|
|
@ -3415,15 +3415,15 @@ depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_
|
|||
ssl_serialize_session_save_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, save buffer size: no ticket, cert
|
||||
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
ssl_serialize_session_save_buf_size:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, save buffer size: small ticket, cert
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
ssl_serialize_session_save_buf_size:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, save buffer size: large ticket, cert
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
TLS 1.3: CLI: Session serialization, save buffer size: no ticket
|
||||
|
|
@ -3455,15 +3455,15 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_
|
|||
ssl_serialize_session_load_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, load buffer size: no ticket, cert
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
ssl_serialize_session_load_buf_size:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, load buffer size: small ticket, cert
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
ssl_serialize_session_load_buf_size:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Session serialization, load buffer size: large ticket, cert
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
|
||||
ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
TLS 1.3: CLI: Session serialization, load buffer size: no ticket
|
||||
|
|
|
|||
|
|
@ -2546,7 +2546,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256 */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256 */
|
||||
void mbedtls_endpoint_sanity(int endpoint_type)
|
||||
{
|
||||
enum { BUFFSIZE = 1024 };
|
||||
|
|
@ -2577,7 +2577,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
void move_handshake_to_state(int endpoint_type, int tls_version, int state, int need_pass)
|
||||
{
|
||||
enum { BUFFSIZE = 1024 };
|
||||
|
|
@ -2650,7 +2650,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void handshake_version(int dtls, int client_min_version, int client_max_version,
|
||||
int server_min_version, int server_max_version,
|
||||
int expected_negotiated_version)
|
||||
|
|
@ -2742,7 +2742,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256 */
|
||||
void app_data(int mfl, int cli_msg_len, int srv_msg_len,
|
||||
int expected_cli_fragments,
|
||||
int expected_srv_fragments, int dtls)
|
||||
|
|
@ -2771,7 +2771,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
|
||||
int expected_cli_fragments,
|
||||
int expected_srv_fragments)
|
||||
|
|
@ -2783,7 +2783,7 @@ void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len,
|
||||
int expected_cli_fragments,
|
||||
int expected_srv_fragments)
|
||||
|
|
@ -2795,7 +2795,7 @@ void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len,
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void handshake_serialization()
|
||||
{
|
||||
mbedtls_test_handshake_test_options options;
|
||||
|
|
@ -2812,7 +2812,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_AES_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_AES_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
void handshake_fragmentation(int mfl,
|
||||
int expected_srv_hs_fragmentation,
|
||||
int expected_cli_hs_fragmentation)
|
||||
|
|
@ -2852,7 +2852,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void renegotiation(int legacy_renegotiation)
|
||||
{
|
||||
mbedtls_test_handshake_test_options options;
|
||||
|
|
@ -2872,7 +2872,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256 */
|
||||
void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
|
||||
int serialize, int dtls, char *cipher)
|
||||
{
|
||||
|
|
@ -2899,7 +2899,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void resize_buffers_serialize_mfl(int mfl)
|
||||
{
|
||||
test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
|
||||
|
|
@ -2909,7 +2909,7 @@ void resize_buffers_serialize_mfl(int mfl)
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation,
|
||||
char *cipher)
|
||||
{
|
||||
|
|
@ -3059,7 +3059,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_ECP_HAVE_SECP224R1:MBEDTLS_ECP_HAVE_SECP256R1 */
|
||||
void conf_curve()
|
||||
{
|
||||
|
||||
|
|
@ -3146,7 +3146,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256 */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256 */
|
||||
void force_bad_session_id_len()
|
||||
{
|
||||
enum { BUFFSIZE = 1024 };
|
||||
|
|
@ -3343,7 +3343,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PK_CAN_ECDSA_SOME */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
|
||||
void raw_key_agreement_fail(int bad_server_ecdhe_key)
|
||||
{
|
||||
enum { BUFFSIZE = 17000 };
|
||||
|
|
@ -3414,7 +3414,7 @@ exit:
|
|||
MD_OR_USE_PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_ECP_HAVE_SECP384R1 */
|
||||
void tls13_server_certificate_msg_invalid_vector_len()
|
||||
{
|
||||
int ret = -1;
|
||||
|
|
@ -3599,67 +3599,67 @@ void elliptic_curve_get_properties()
|
|||
|
||||
MD_OR_USE_PSA_INIT();
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP521R1) || defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
TEST_AVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP512R1) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
TEST_AVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP384R1) || defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
TEST_AVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP384R1) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
TEST_AVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP256R1) || defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
TEST_AVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP256K1) || defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
TEST_AVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#if defined(MBEDTLS_ECP_HAVE_BP256R1) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
TEST_AVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP224R1) || defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
TEST_AVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP224K1) || defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
TEST_AVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP192R1) || defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#if defined(MBEDTLS_ECP_HAVE_SECP192K1) || defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
TEST_AVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
TEST_AVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#if defined(MBEDTLS_ECP_HAVE_CURVE448) || defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
TEST_AVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448);
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -47,7 +47,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
|||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0
|
||||
|
||||
Certificate Request check Server5 ECDSA, key_usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0:0
|
||||
|
||||
Certificate Request check Server1, set_extension
|
||||
|
|
@ -55,7 +55,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
|||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256.ext":MBEDTLS_MD_SHA256:0:0:0:0:1
|
||||
|
||||
Certificate Request check opaque Server5 ECDSA, key_usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
|
||||
|
||||
Certificate write check Server1 SHA1
|
||||
|
|
@ -155,11 +155,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
|||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server5 ECDSA
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt":0
|
||||
|
||||
Certificate write check Server5 ECDSA, Opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_USE_PSA_CRYPTO
|
||||
x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, SubjectAltNames
|
||||
|
|
|
|||
Loading…
Reference in a new issue