From a42a8de120fd0f5e8fbe46f7ddd80e1a96dbc5a1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Nov 2021 12:18:41 +0100 Subject: [PATCH 001/339] PSA thread safety analysis Looks like a mutex isn't enough? Signed-off-by: Gilles Peskine --- docs/architecture/psa-thread-safety.md | 130 +++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 docs/architecture/psa-thread-safety.md diff --git a/docs/architecture/psa-thread-safety.md b/docs/architecture/psa-thread-safety.md new file mode 100644 index 000000000..047f74ba9 --- /dev/null +++ b/docs/architecture/psa-thread-safety.md @@ -0,0 +1,130 @@ +Thread safety of the PSA key store +================================== + +Analysis of the behavior of the PSA key store as of Mbed TLS 9202ba37b19d3ea25c8451fd8597fce69eaa6867. + +## Resources to protect + +### Global variables + +* `psa_crypto_slot_management::global_data.key_slots[i]`: see [“Key slots”](#key-slots). + +* `psa_crypto_slot_management::global_data.key_slots_initialized`: + * `psa_initialize_key_slots`: modification. + * `psa_wipe_all_key_slots`: modification. + * `psa_get_empty_key_slot`: read. + * `psa_get_and_lock_key_slot`: read. + +* `psa_crypto::global_data.rng`: depends on the RNG implementation. See [“Random generator”](#random-generator). + * `psa_generate_random`: query. + * `mbedtls_psa_crypto_configure_entropy_sources` (only if `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is enabled): setup. Only called from `psa_crypto_init` via `mbedtls_psa_random_init`, or from test code. + * `mbedtls_psa_crypto_free`: deinit. + * `psa_crypto_init`: seed (via `mbedtls_psa_random_seed`); setup via `mbedtls_psa_crypto_configure_entropy_sources. + +* `psa_crypto::global_data.{initialized,rng_state}`: these are bit-fields and cannot be modified independently so they must be protected by the same mutex. The following functions access these fields: + * `mbedtls_psa_crypto_configure_entropy_sources` [`rng_state`] (only if `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is enabled): read. Only called from `psa_crypto_init` via `mbedtls_psa_random_init`, or from test code. + * `mbedtls_psa_crypto_free`: modification. + * `psa_crypto_init`: modification. + * Many functions via `GUARD_MODULE_INITIALIZED`: read. + +### Key slots + +#### Key slot array traversal + +“Occupied key slot” is determined by `psa_is_key_slot_occupied` based on `slot->attr.type`. + +The following functions traverse the key slot array: + +* `psa_get_and_lock_key_slot_in_memory`: reads `slot->attr.id`. +* `psa_get_and_lock_key_slot_in_memory`: calls `psa_lock_key_slot` on one occupied slot. +* `psa_get_empty_key_slot`: calls `psa_is_key_slot_occupied`. +* `psa_get_empty_key_slot`: calls `psa_wipe_key_slot` and more modifications on one occupied slot with no active user. +* `psa_get_empty_key_slot`: calls `psa_lock_key_slot` and more modification on one unoccupied slot. +* `psa_wipe_all_key_slots`: writes to all slots. +* `mbedtls_psa_get_stats`: reads from all slots. + +#### Key slot state + +The following functions modify a slot's usage state: + +* `psa_lock_key_slot`: writes to `slot->lock_count`. +* `psa_unlock_key_slot`: writes to `slot->lock_count`. +* `psa_wipe_key_slot`: writes to `slot->lock_count`. +* `psa_destroy_key`: reads `slot->lock_count`, calls `psa_lock_key_slot`. +* `psa_wipe_all_key_slots`: writes to all slots. +* `psa_get_empty_key_slot`: writes to `slot->lock_count` and calls `psa_wipe_key_slot` and `psa_lock_key_slot` on one occupied slot with no active user; calls `psa_lock_key_slot` on one unoccupied slot. +* `psa_close_key`: reads `slot->lock_count`; calls `psa_get_and_lock_key_slot_in_memory`, `psa_wipe_key_slot` and `psa_unlock_key_slot`. +* `psa_purge_key`: reads `slot->lock_count`; calls `psa_get_and_lock_key_slot_in_memory`, `psa_wipe_key_slot` and `psa_unlock_key_slot`. + +TODO: modification of `slot->attr.id`, `slot->attr.type`. + +TODO: change `psa_is_key_slot_occupied` to checking the id? + +#### Key slot content + +Other than what is used to determine the [“key slot state”](#key-slot-state), the contents of a key slot are only accessed as follows: + +* Modification during key creation (between `psa_start_key_creation` and `psa_finish_key_creation` or `psa_fail_key_creation`). +* Destruction in `psa_wipe_key_slot`. +* Read in many functions, between calls to `psa_lock_key_slot` and `psa_unlock_key_slot`. + +### Random generator + +The PSA RNG can be accessed both from various PSA functions, and from application code via `mbedtls_psa_get_random`. + +With the built-in RNG implementations using `mbedtls_ctr_drbg_context` or `mbedtls_hmac_drbg_context`, querying the RNG with `mbedtls_xxx_drbg_random()` is thread-safe (protected by a mutex inside the RNG implementation), but other operations (init, free, seed) are not. + +When `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is enabled, thread safety depends on the implementation. + +### Driver resources + +Depends on the driver. The PSA driver interface specification does not discuss whether drivers must support concurrent calls. + +## Simple global lock strategy + +Have a single mutex protecting all accesses to the key store and other global variables. In practice, this means every PSA API function needs to take the lock on entry and release on exit, except for: + +* Hash function. +* Accessors for key attributes and other local structures. + +Note that operation functions do need to take the lock, since they need to prevent the destruction of the key. + +Note that this does not protect access to the RNG via `mbedtls_psa_get_random`, which is guaranteed to be thread-safe when `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is disabled. + +This approach is conceptually simple, but requires extra instrumentation to every function and has bad performance in a multithreaded environment since a slow operation in one thread blocks unrelated operations on other threads. + +## Global lock excluding slot content + +Have a single mutex protecting all accesses to the key store and other global variables, except that it's ok to access the content of a key slot without taking the lock if one of the following conditions holds: + +* The key slot is in a state that guarantees that the thread has exclusive access. +* The key slot is in a state that guarantees that no other thread can modify the slot content, and the accessing thread is only reading the slot. + +Note that a thread must hold the global mutex when it reads or changes a slot's state. + +### Slot states + +For concurrency purposes, a slot can be in one of three states: + +* UNUSED: no thread is currently accessing the slot. It may be occupied by a volatile key or a cached key. +* WRITING: a thread has exclusive access to the slot. This can only happen in specific circumstances as detailed below. +* READING: any thread may read from the slot. + +A high-level view of state transitions: + +* `psa_get_empty_key_slot`: UNUSED → WRITING. +* `psa_get_and_lock_key_slot_in_memory`: UNUSED or READING → READING. This function only accepts slots in the UNUSED or READING state. A slot with the correct id but in the WRITING state is considered free. +* `psa_unlock_key_slot`: READING → UNUSED or READING. +* `psa_finish_key_creation`: WRITING → READING. +* `psa_fail_key_creation`: WRITING → UNUSED. +* `psa_wipe_key_slot`: any → UNUSED. If the slot is READING or WRITING on entry, this function must wait until the writer or all readers have finished. (By the way, the WRITING state is possible if `mbedtls_psa_crypto_free` is called while a key creation is in progress.) See [“Destruction of a key in use”](#destruction of a key in use). + +The current `state->lock_count` corresponds to the difference between UNUSED and READING: a slot is in use iff its lock count is nonzero, so `lock_count == 0` corresponds to UNUSED and `lock_count != 0` corresponds to READING. + +There is currently no indication of when a slot is in the WRITING state. This only happens between a call to `psa_start_key_creation` and a call to one of `psa_finish_key_creation` or `psa_fail_key_creation`. This new state can be conveyed by a new boolean flag, or by setting `lock_count` to `~0`. + +### Destruction of a key in use + +Problem: a key slot is destroyed (by `psa_wipe_key_slot`) while it's in use (READING or WRITING). + +TODO: how do we ensure that? This needs something more sophisticated than mutexes (concurrency number >2)! Even a per-slot mutex isn't enough (we'd need a reader-writer lock). From eec6b2c6b48293ded35dc290f8631aaac93e306c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 8 Nov 2021 14:09:29 +0100 Subject: [PATCH 002/339] Updated slot->attr and slot->key access Signed-off-by: Gilles Peskine --- docs/architecture/psa-thread-safety.md | 73 +++++++++++++++++++++++++- 1 file changed, 72 insertions(+), 1 deletion(-) diff --git a/docs/architecture/psa-thread-safety.md b/docs/architecture/psa-thread-safety.md index 047f74ba9..c894b92a1 100644 --- a/docs/architecture/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety.md @@ -56,7 +56,50 @@ The following functions modify a slot's usage state: * `psa_close_key`: reads `slot->lock_count`; calls `psa_get_and_lock_key_slot_in_memory`, `psa_wipe_key_slot` and `psa_unlock_key_slot`. * `psa_purge_key`: reads `slot->lock_count`; calls `psa_get_and_lock_key_slot_in_memory`, `psa_wipe_key_slot` and `psa_unlock_key_slot`. -TODO: modification of `slot->attr.id`, `slot->attr.type`. +**slot->attr access:** +`psa_crypto_core.h`: +* `psa_key_slot_set_flags` - writes to attr.flags +* `psa_key_slot_set_bits_in_flags` - writes to attr.flags +* `psa_key_slot_clear_bits` - writes to attr.flags +* `psa_is_key_slot_occupied` - reads attr.type +* `psa_key_slot_get_flags` - reads attr.flags + +`psa_crypto_slot_management.c`: +* `psa_get_and_lock_key_slot_in_memory` - reads attr.id +* `psa_get_empty_key_slot` - reads attr.lifetime +* `psa_load_persistent_key_into_slot` - passes attr pointer to psa_load_persistent_key +* `psa_load_persistent_key` - reads attr.id and passes pointer to psa_parse_key_data_from_storage +* `psa_parse_key_data_from_storage` - writes to many attributes +* `psa_get_and_lock_key_slot` - writes to attr.id, attr.lifetime, and attr.policy.usage +* `psa_purge_key` - reads attr.lifetime, calls psa_wipe_key_slot +* `mbedtls_psa_get_stats` - reads attr.lifetime, attr.id + +`psa_crypto.c`: +* `psa_get_and_lock_key_slot_with_policy` - reads attr.type, attr.policy. +* `psa_get_and_lock_transparent_key_slot_with_policy` - reads attr.lifetime +* `psa_destroy_key` - reads attr.lifetime, attr.id +* `psa_get_key_attributes` - copies all publicly available attributes of a key +* `psa_export_key` - copies attributes +* `psa_export_public_key` - reads attr.type, copies attributes +* `psa_start_key_creation` - writes to the whole attr structure +* `psa_validate_optional_attributes` - reads attr.type, attr.bits +* `psa_import_key` - reads attr.bits +* `psa_copy_key` - reads attr.bits, attr.type, attr.lifetime, attr.policy +* `psa_mac_setup` - copies whole attr structure +* `psa_mac_compute_internal` - copies whole attr structure +* `psa_verify_internal` - copies whole attr structure +* `psa_sign_internal` - copies whole attr structure, reads attr.type +* `psa_assymmetric_encrypt` - reads attr.type +* `psa_assymetric_decrypt` - reads attr.type +* `psa_cipher_setup` - copies whole attr structure, reads attr.type +* `psa_cipher_encrypt` - copies whole attr structure, reads attr.type +* `psa_cipher_decrypt` - copies whole attr structure, reads attr.type +* `psa_aead_encrypt` - copies whole attr structure +* `psa_aead_decrypt` - copies whole attr structure +* `psa_aead_setup` - copies whole attr structure +* `psa_generate_derived_key_internal` - reads attr.type, writes to and reads from attr.bits, copies whole attr structure +* `psa_key_derivation_input_key` - reads attr.type +* `psa_key_agreement_raw_internal` - reads attr.type and attr.bits TODO: change `psa_is_key_slot_occupied` to checking the id? @@ -68,6 +111,34 @@ Other than what is used to determine the [“key slot state”](#key-slot-state) * Destruction in `psa_wipe_key_slot`. * Read in many functions, between calls to `psa_lock_key_slot` and `psa_unlock_key_slot`. +**slot->key access:** +* `psa_allocate_buffer_to_slot` - allocates key.data, sets key.bytes; +* `psa_copy_key_material_into_slot` - writes to key.data +* `psa_remove_key_data_from_memory` - writes and reads to/from key data +* `psa_get_key_attributes` - reads from key data +* `psa_export_key` - passes key data to psa_driver_wrapper_export_key +* `psa_export_public_key` - passes key data to psa_driver_wrapper_export_public_key +* `psa_finish_key_creation` - passes key data to psa_save_persistent_key +* `psa_validate_optional_attributes` - passes key data and bytes to mbedtls_psa_rsa_load_representation +* `psa_import_key` - passes key data to psa_driver_wrapper_import_key +* `psa_copy_key` - passes key data to psa_driver_wrapper_copy_key, psa_copy_key_material_into_slot +* `psa_mac_setup` - passes key data to psa_driver_wrapper_mac_sign_setup, psa_driver_wrapper_mac_verify_setup +* `psa_mac_compute_internal` - passes key data to psa_driver_wrapper_mac_compute +* `psa_sign_internal` - passes key data to psa_driver_wrapper_sign_message, psa_driver_wrapper_sign_hash +* `psa_verify_internal` - passes key data to psa_driver_wrapper_verify_message, psa_driver_wrapper_verify_hash +* `psa_asymmetric_encrypt` - passes key data to mbedtls_psa_rsa_load_representation +* `psa_asymmetric_decrypt` - passes key data to mbedtls_psa_rsa_load_representation +* `psa_cipher_setup ` - passes key data to psa_driver_wrapper_cipher_encrypt_setup and psa_driver_wrapper_cipher_decrypt_setup +* `psa_cipher_encrypt` - passes key data to psa_driver_wrapper_cipher_encrypt +* `psa_cipher_decrypt` - passes key data to psa_driver_wrapper_cipher_decrypt +* `psa_aead_encrypt` - passes key data to psa_driver_wrapper_aead_encrypt +* `psa_aead_decrypt` - passes key data to psa_driver_wrapper_aead_decrypt +* `psa_aead_setup` - passes key data to psa_driver_wrapper_aead_encrypt_setup and psa_driver_wrapper_aead_decrypt_setup +* `psa_generate_derived_key_internal` - passes key data to psa_driver_wrapper_import_key +* `psa_key_derivation_input_key` - passes key data to psa_key_derivation_input_internal +* `psa_key_agreement_raw_internal` - passes key data to mbedtls_psa_ecp_load_representation +* `psa_generate_key` - passes key data to psa_driver_wrapper_generate_key + ### Random generator The PSA RNG can be accessed both from various PSA functions, and from application code via `mbedtls_psa_get_random`. From 41d0334b4c94c5f6854630f23d4d0d40997b2a21 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 14 Feb 2022 23:55:59 +0100 Subject: [PATCH 003/339] Write up requirements Signed-off-by: Gilles Peskine --- docs/architecture/psa-thread-safety.md | 72 +++++++++++++++++++++++++- 1 file changed, 70 insertions(+), 2 deletions(-) diff --git a/docs/architecture/psa-thread-safety.md b/docs/architecture/psa-thread-safety.md index c894b92a1..1ddb1a8fb 100644 --- a/docs/architecture/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety.md @@ -1,10 +1,78 @@ -Thread safety of the PSA key store +Thread safety of the PSA subsystem ================================== -Analysis of the behavior of the PSA key store as of Mbed TLS 9202ba37b19d3ea25c8451fd8597fce69eaa6867. +## Requirements + +### Backward compatibility requirement + +Code that is currently working must keep working. There can be an exception for code that uses features that are advertised as experimental; for example, it would be annoying but ok to add extra requirements for drivers. + +In particular, if you build with `MBEDTLS_PSA_CRYPTO_C` and `MBEDTLS_THREADING_C` and you either protect all PSA calls with a mutex, or only ever call PSA functions from a single thread, your application works. + +As a consequence, we must not add a new platform requirement beyond mutexes for the base case. It would be ok to add new platform requirements if they're only needed for PSA drivers, or if they're only performance improvements. + +Tempting platform requirements that we cannot add to the default `MBEDTLS_THREADING_C` include: + +* Releasing a mutex from a different thread than the one that acquired it. This isn't even guaranteed to work with pthreads. +* New primitives such as semaphores or condition variables. + +### Correctness out of the box + +If you build with `MBEDTLS_PSA_CRYPTO_C` and `MBEDTLS_THREADING_C`, the code must be functionally correct: no race conditions, deadlocks or livelocks. + +The [PSA Crypto API specification](https://armmbed.github.io/mbed-crypto/html/overview/conventions.html#concurrent-calls) defines minimum expectations for concurrent calls. They must work as if they had been executed one at a time, except that the following cases have undefined behavior: + +* Destroying a key while it's in use. +* Concurrent calls using the same operation object. (An operation object may not be used by more than one thread at a time. But it can move from one thread to another between calls.) +* Overlap of an output buffer with an input or output of a concurrent call. +* Modification of an input buffer during a call. + +Note that while the specification does not define the behavior in such cases, Mbed TLS can be used as a crypto service. It's acceptable if an application can mess itself up, but it is not acceptable if an application can mess up the crypto service. As a consequence, destroying a key while it's in use may violate the security property that all key material is erased as soon as `psa_destroy_key` returns, but it may not cause data corruption or read-after-free inside the key store. + +### No spinning + +The code must not spin on a potentially non-blocking task. For example, this is proscribed: +``` +lock(m); +while (!its_my_turn) { + unlock(m); + lock(m); +} +``` + +Rationale: this can cause battery drain, and can even be a livelock (spinning forever), e.g. if the thread that might unblock this one has a lower priority. + +### Driver requirements + +At the time of writing, the driver interface specification does not consider multithreaded environments. + +We need to define clear policies so that driver implementers know what to expect. Here are two possible policies at two ends of the spectrum; what is desirable is probably somewhere in between. + +* Driver entry points may be called concurrently from multiple threads, even if they're using the same key, and even including destroying a key while an operation is in progress on it. +* At most one driver entry point is active at any given time. + +A more reasonable policy could be: + +* By default, each driver only has at most one entry point active at any given time. In other words, each driver has its own exclusive lock. +* Drivers have an optional `"thread_safe"` boolean property. If true, it allows concurrent calls to this driver. +* Even with a thread-safe driver, the core never starts the destruction of a key while there are operations in progress on it, and never performs concurrent calls on the same multipart operation. + +### Long-term performance requirements + +In the short term, correctness is the important thing. We can start with a global lock. + +In the medium to long term, performing a slow or blocking operation (for example, a driver call, or an RSA decryption) should not block other threads, even if they're calling the same driver or using the same key object. + +We may want to go directly to a more sophisticated approach because when a system works with a global lock, it's typically hard to get rid of it to get more fine-grained concurrency. + +### Key destruction long-term requirements + +As noted above in [“Correctness out of the box”](#correctness-out-of-the-box), when a key is destroyed, it's ok if `psa_destroy_key` allows copies of the key to live until ongoing operations using the key return. In the long term, it would be good to guarantee that `psa_destroy_key` wipes all copies of the key material. ## Resources to protect +Analysis of the behavior of the PSA key store as of Mbed TLS 9202ba37b19d3ea25c8451fd8597fce69eaa6867. + ### Global variables * `psa_crypto_slot_management::global_data.key_slots[i]`: see [“Key slots”](#key-slots). From 41618da50e35894bc62caf5a6f8a0d29f22fa2a0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 16 Feb 2022 22:32:12 +0100 Subject: [PATCH 004/339] Clarify backward compatibility requirement There are two somewhat distinct aspects here: if it compiled, it still compiles; and if it worked functionally, it still works. They're related in that if application code currently compiles but cannot possibly work, we could reasonably make it not compile anymore. Signed-off-by: Gilles Peskine --- docs/architecture/psa-thread-safety.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/architecture/psa-thread-safety.md b/docs/architecture/psa-thread-safety.md index 1ddb1a8fb..b15594251 100644 --- a/docs/architecture/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety.md @@ -7,7 +7,9 @@ Thread safety of the PSA subsystem Code that is currently working must keep working. There can be an exception for code that uses features that are advertised as experimental; for example, it would be annoying but ok to add extra requirements for drivers. -In particular, if you build with `MBEDTLS_PSA_CRYPTO_C` and `MBEDTLS_THREADING_C` and you either protect all PSA calls with a mutex, or only ever call PSA functions from a single thread, your application works. +(In this section, “currently” means Mbed TLS releases without proper concurrency management: 3.0.0, 3.1.0, and any other subsequent 3.x version.) + +In particular, if you either protect all PSA calls with a mutex, or only ever call PSA functions from a single thread, your application currently works and must keep working. If your application currently builds and works with `MBEDTLS_PSA_CRYPTO_C` and `MBEDTLS_THREADING_C` enabled, it must keep building and working. As a consequence, we must not add a new platform requirement beyond mutexes for the base case. It would be ok to add new platform requirements if they're only needed for PSA drivers, or if they're only performance improvements. From 5ca3f0ba0042001da71500307d38abb64a52dbec Mon Sep 17 00:00:00 2001 From: SlugFiller <5435495+SlugFiller@users.noreply.github.com> Date: Mon, 22 May 2023 06:31:45 +0300 Subject: [PATCH 005/339] Support compilation using CLang on Windows The Microsoft-only equivalent to GCC's `cpuid.h` is `intrin.h`. CLang contains both, but neither is directly included in Win32 builds, causing `__cpuid` to not be defined. This explicitly includes `intrin.h` when `cpuid.h` is not used. Signed-off-by: SlugFiller <5435495+SlugFiller@users.noreply.github.com> --- library/aesni.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/aesni.c b/library/aesni.c index a23c5b595..78dd8b094 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -35,6 +35,8 @@ #if MBEDTLS_AESNI_HAVE_CODE == 2 #if !defined(_WIN32) #include +#else +#include #endif #include #endif From 0ee9683987396f6c02016a7f455c57968a3db339 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 9 May 2023 09:49:01 +0100 Subject: [PATCH 006/339] Move mbedtls_ct_base64_(enc|dec)_char into base64.c Signed-off-by: Dave Rodgman --- include/mbedtls/base64.h | 29 ++++++++++++++++++++++ library/base64.c | 33 +++++++++++++++++++++++++ library/constant_time.c | 36 ---------------------------- library/constant_time_internal.h | 41 ++++++++++---------------------- 4 files changed, 74 insertions(+), 65 deletions(-) diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h index 635be713d..e82c270ea 100644 --- a/include/mbedtls/base64.h +++ b/include/mbedtls/base64.h @@ -87,6 +87,35 @@ int mbedtls_base64_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ +#if defined(MBEDTLS_TEST_HOOKS) + +/** Given a value in the range 0..63, return the corresponding Base64 digit. + * + * The implementation assumes that letters are consecutive (e.g. ASCII + * but not EBCDIC). + * + * \param value A value in the range 0..63. + * + * \return A base64 digit converted from \p value. + */ +unsigned char mbedtls_ct_base64_enc_char(unsigned char value); + +/** Given a Base64 digit, return its value. + * + * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'), + * return -1. + * + * The implementation assumes that letters are consecutive (e.g. ASCII + * but not EBCDIC). + * + * \param c A base64 digit. + * + * \return The value of the base64 digit \p c. + */ +signed char mbedtls_ct_base64_dec_value(unsigned char c); + +#endif /* MBEDTLS_TEST_HOOKS */ + #ifdef __cplusplus } #endif diff --git a/library/base64.c b/library/base64.c index 3eb9e7cc5..3f13fdab0 100644 --- a/library/base64.c +++ b/library/base64.c @@ -33,6 +33,39 @@ #include "mbedtls/platform.h" #endif /* MBEDTLS_SELF_TEST */ +MBEDTLS_STATIC_TESTABLE +unsigned char mbedtls_ct_base64_enc_char(unsigned char value) +{ + unsigned char digit = 0; + /* For each range of values, if value is in that range, mask digit with + * the corresponding value. Since value can only be in a single range, + * only at most one masking will change digit. */ + digit |= mbedtls_ct_uchar_mask_of_range(0, 25, value) & ('A' + value); + digit |= mbedtls_ct_uchar_mask_of_range(26, 51, value) & ('a' + value - 26); + digit |= mbedtls_ct_uchar_mask_of_range(52, 61, value) & ('0' + value - 52); + digit |= mbedtls_ct_uchar_mask_of_range(62, 62, value) & '+'; + digit |= mbedtls_ct_uchar_mask_of_range(63, 63, value) & '/'; + return digit; +} + +MBEDTLS_STATIC_TESTABLE +signed char mbedtls_ct_base64_dec_value(unsigned char c) +{ + unsigned char val = 0; + /* For each range of digits, if c is in that range, mask val with + * the corresponding value. Since c can only be in a single range, + * only at most one masking will change val. Set val to one plus + * the desired value so that it stays 0 if c is in none of the ranges. */ + val |= mbedtls_ct_uchar_mask_of_range('A', 'Z', c) & (c - 'A' + 0 + 1); + val |= mbedtls_ct_uchar_mask_of_range('a', 'z', c) & (c - 'a' + 26 + 1); + val |= mbedtls_ct_uchar_mask_of_range('0', '9', c) & (c - '0' + 52 + 1); + val |= mbedtls_ct_uchar_mask_of_range('+', '+', c) & (c - '+' + 62 + 1); + val |= mbedtls_ct_uchar_mask_of_range('/', '/', c) & (c - '/' + 63 + 1); + /* At this point, val is 0 if c is an invalid digit and v+1 if c is + * a digit with the value v. */ + return val - 1; +} + /* * Encode a buffer into base64 format */ diff --git a/library/constant_time.c b/library/constant_time.c index c823b7889..1f6c2ca02 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -212,7 +212,6 @@ size_t mbedtls_ct_size_mask_ge(size_t x, * * Constant flow with respect to c. */ -MBEDTLS_STATIC_TESTABLE unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low, unsigned char high, unsigned char c) @@ -344,41 +343,6 @@ void mbedtls_ct_mpi_uint_cond_assign(size_t n, #endif /* MBEDTLS_BIGNUM_C */ -#if defined(MBEDTLS_BASE64_C) - -unsigned char mbedtls_ct_base64_enc_char(unsigned char value) -{ - unsigned char digit = 0; - /* For each range of values, if value is in that range, mask digit with - * the corresponding value. Since value can only be in a single range, - * only at most one masking will change digit. */ - digit |= mbedtls_ct_uchar_mask_of_range(0, 25, value) & ('A' + value); - digit |= mbedtls_ct_uchar_mask_of_range(26, 51, value) & ('a' + value - 26); - digit |= mbedtls_ct_uchar_mask_of_range(52, 61, value) & ('0' + value - 52); - digit |= mbedtls_ct_uchar_mask_of_range(62, 62, value) & '+'; - digit |= mbedtls_ct_uchar_mask_of_range(63, 63, value) & '/'; - return digit; -} - -signed char mbedtls_ct_base64_dec_value(unsigned char c) -{ - unsigned char val = 0; - /* For each range of digits, if c is in that range, mask val with - * the corresponding value. Since c can only be in a single range, - * only at most one masking will change val. Set val to one plus - * the desired value so that it stays 0 if c is in none of the ranges. */ - val |= mbedtls_ct_uchar_mask_of_range('A', 'Z', c) & (c - 'A' + 0 + 1); - val |= mbedtls_ct_uchar_mask_of_range('a', 'z', c) & (c - 'a' + 26 + 1); - val |= mbedtls_ct_uchar_mask_of_range('0', '9', c) & (c - '0' + 52 + 1); - val |= mbedtls_ct_uchar_mask_of_range('+', '+', c) & (c - '+' + 62 + 1); - val |= mbedtls_ct_uchar_mask_of_range('/', '/', c) & (c - '/' + 63 + 1); - /* At this point, val is 0 if c is an invalid digit and v+1 if c is - * a digit with the value v. */ - return val - 1; -} - -#endif /* MBEDTLS_BASE64_C */ - #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) /** Shift some data towards the left inside a buffer. diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index c4a32c7f0..4ca392526 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -185,35 +185,6 @@ void mbedtls_ct_mpi_uint_cond_assign(size_t n, #endif /* MBEDTLS_BIGNUM_C */ -#if defined(MBEDTLS_BASE64_C) - -/** Given a value in the range 0..63, return the corresponding Base64 digit. - * - * The implementation assumes that letters are consecutive (e.g. ASCII - * but not EBCDIC). - * - * \param value A value in the range 0..63. - * - * \return A base64 digit converted from \p value. - */ -unsigned char mbedtls_ct_base64_enc_char(unsigned char value); - -/** Given a Base64 digit, return its value. - * - * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'), - * return -1. - * - * The implementation assumes that letters are consecutive (e.g. ASCII - * but not EBCDIC). - * - * \param c A base64 digit. - * - * \return The value of the base64 digit \p c. - */ -signed char mbedtls_ct_base64_dec_value(unsigned char c); - -#endif /* MBEDTLS_BASE64_C */ - #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) /** Conditional memcpy without branches. @@ -360,4 +331,16 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ +#if defined(MBEDTLS_BASE64_C) + +/* Return 0xff if low <= c <= high, 0 otherwise. + * + * Constant flow with respect to c. + */ +unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low, + unsigned char high, + unsigned char c); + +#endif /* MBEDTLS_BASE64_C */ + #endif /* MBEDTLS_CONSTANT_TIME_INTERNAL_H */ From 8c94e219f9e4a017af84b6aaa777cd12c19010d9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 9 May 2023 10:39:03 +0100 Subject: [PATCH 007/339] Evolve mbedtls_ct_uchar_in_range_if interface Signed-off-by: Dave Rodgman --- library/base64.c | 20 ++++++++++---------- library/constant_time_internal.h | 24 +++++++++++++++++++----- 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/library/base64.c b/library/base64.c index 3f13fdab0..2b623b9bc 100644 --- a/library/base64.c +++ b/library/base64.c @@ -40,11 +40,11 @@ unsigned char mbedtls_ct_base64_enc_char(unsigned char value) /* For each range of values, if value is in that range, mask digit with * the corresponding value. Since value can only be in a single range, * only at most one masking will change digit. */ - digit |= mbedtls_ct_uchar_mask_of_range(0, 25, value) & ('A' + value); - digit |= mbedtls_ct_uchar_mask_of_range(26, 51, value) & ('a' + value - 26); - digit |= mbedtls_ct_uchar_mask_of_range(52, 61, value) & ('0' + value - 52); - digit |= mbedtls_ct_uchar_mask_of_range(62, 62, value) & '+'; - digit |= mbedtls_ct_uchar_mask_of_range(63, 63, value) & '/'; + digit |= mbedtls_ct_uchar_in_range_if(0, 25, value, 'A' + value); + digit |= mbedtls_ct_uchar_in_range_if(26, 51, value, 'a' + value - 26); + digit |= mbedtls_ct_uchar_in_range_if(52, 61, value, '0' + value - 52); + digit |= mbedtls_ct_uchar_in_range_if(62, 62, value, '+'); + digit |= mbedtls_ct_uchar_in_range_if(63, 63, value, '/'); return digit; } @@ -56,11 +56,11 @@ signed char mbedtls_ct_base64_dec_value(unsigned char c) * the corresponding value. Since c can only be in a single range, * only at most one masking will change val. Set val to one plus * the desired value so that it stays 0 if c is in none of the ranges. */ - val |= mbedtls_ct_uchar_mask_of_range('A', 'Z', c) & (c - 'A' + 0 + 1); - val |= mbedtls_ct_uchar_mask_of_range('a', 'z', c) & (c - 'a' + 26 + 1); - val |= mbedtls_ct_uchar_mask_of_range('0', '9', c) & (c - '0' + 52 + 1); - val |= mbedtls_ct_uchar_mask_of_range('+', '+', c) & (c - '+' + 62 + 1); - val |= mbedtls_ct_uchar_mask_of_range('/', '/', c) & (c - '/' + 63 + 1); + val |= mbedtls_ct_uchar_in_range_if('A', 'Z', c, c - 'A' + 0 + 1); + val |= mbedtls_ct_uchar_in_range_if('a', 'z', c, c - 'a' + 26 + 1); + val |= mbedtls_ct_uchar_in_range_if('0', '9', c, c - '0' + 52 + 1); + val |= mbedtls_ct_uchar_in_range_if('+', '+', c, c - '+' + 62 + 1); + val |= mbedtls_ct_uchar_in_range_if('/', '/', c, c - '/' + 63 + 1); /* At this point, val is 0 if c is an invalid digit and v+1 if c is * a digit with the value v. */ return val - 1; diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 4ca392526..dde6a0bfc 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -333,13 +333,27 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, #if defined(MBEDTLS_BASE64_C) -/* Return 0xff if low <= c <= high, 0 otherwise. +/** Constant-flow char selection * - * Constant flow with respect to c. + * \param low Bottom of range + * \param high Top of range + * \param c Value to compare to range + * \param t Value to return, if in range + * + * \return \p t if \p low <= \p c <= \p high, 0 otherwise. */ -unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low, - unsigned char high, - unsigned char c); +static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low, + unsigned char high, + unsigned char c, + unsigned char t) +{ + /* low_mask is: 0 if low <= c, 0x...ff if low > c */ + unsigned low_mask = ((unsigned) c - low) >> 8; + /* high_mask is: 0 if c <= high, 0x...ff if c > high */ + unsigned high_mask = ((unsigned) high - c) >> 8; + return (unsigned char) + mbedtls_ct_uint_if(~mbedtls_ct_mpi_uint_mask(low_mask | high_mask), t, 0); +} #endif /* MBEDTLS_BASE64_C */ From 2801f7fa8dcf9790b21f154712d8413570b409e0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 9 May 2023 11:00:07 +0100 Subject: [PATCH 008/339] Move mbedtls_ct_hmac into ssl_msg.c Signed-off-by: Dave Rodgman --- library/constant_time.c | 221 ------------------------------ library/constant_time_internal.h | 57 -------- library/ssl_misc.h | 60 ++++++++ library/ssl_msg.c | 228 +++++++++++++++++++++++++++++++ 4 files changed, 288 insertions(+), 278 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 1f6c2ca02..a786d380b 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -431,227 +431,6 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, } } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - -#if defined(PSA_WANT_ALG_SHA_384) -#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_384) -#elif defined(PSA_WANT_ALG_SHA_256) -#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_256) -#else /* See check_config.h */ -#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_1) -#endif - -int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, - psa_algorithm_t mac_alg, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output) -{ - /* - * This function breaks the HMAC abstraction and uses psa_hash_clone() - * extension in order to get constant-flow behaviour. - * - * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means - * concatenation, and okey/ikey are the XOR of the key with some fixed bit - * patterns (see RFC 2104, sec. 2). - * - * We'll first compute ikey/okey, then inner_hash = HASH(ikey + msg) by - * hashing up to minlen, then cloning the context, and for each byte up - * to maxlen finishing up the hash computation, keeping only the - * correct result. - * - * Then we only need to compute HASH(okey + inner_hash) and we're done. - */ - psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH(mac_alg); - const size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg); - unsigned char key_buf[MAX_HASH_BLOCK_LENGTH]; - const size_t hash_size = PSA_HASH_LENGTH(hash_alg); - psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; - size_t hash_length; - - unsigned char aux_out[PSA_HASH_MAX_SIZE]; - psa_hash_operation_t aux_operation = PSA_HASH_OPERATION_INIT; - size_t offset; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t mac_key_length; - size_t i; - -#define PSA_CHK(func_call) \ - do { \ - status = (func_call); \ - if (status != PSA_SUCCESS) \ - goto cleanup; \ - } while (0) - - /* Export MAC key - * We assume key length is always exactly the output size - * which is never more than the block size, thus we use block_size - * as the key buffer size. - */ - PSA_CHK(psa_export_key(key, key_buf, block_size, &mac_key_length)); - - /* Calculate ikey */ - for (i = 0; i < mac_key_length; i++) { - key_buf[i] = (unsigned char) (key_buf[i] ^ 0x36); - } - for (; i < block_size; ++i) { - key_buf[i] = 0x36; - } - - PSA_CHK(psa_hash_setup(&operation, hash_alg)); - - /* Now compute inner_hash = HASH(ikey + msg) */ - PSA_CHK(psa_hash_update(&operation, key_buf, block_size)); - PSA_CHK(psa_hash_update(&operation, add_data, add_data_len)); - PSA_CHK(psa_hash_update(&operation, data, min_data_len)); - - /* Fill the hash buffer in advance with something that is - * not a valid hash (barring an attack on the hash and - * deliberately-crafted input), in case the caller doesn't - * check the return status properly. */ - memset(output, '!', hash_size); - - /* For each possible length, compute the hash up to that point */ - for (offset = min_data_len; offset <= max_data_len; offset++) { - PSA_CHK(psa_hash_clone(&operation, &aux_operation)); - PSA_CHK(psa_hash_finish(&aux_operation, aux_out, - PSA_HASH_MAX_SIZE, &hash_length)); - /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size, - offset, data_len_secret); - - if (offset < max_data_len) { - PSA_CHK(psa_hash_update(&operation, data + offset, 1)); - } - } - - /* Abort current operation to prepare for final operation */ - PSA_CHK(psa_hash_abort(&operation)); - - /* Calculate okey */ - for (i = 0; i < mac_key_length; i++) { - key_buf[i] = (unsigned char) ((key_buf[i] ^ 0x36) ^ 0x5C); - } - for (; i < block_size; ++i) { - key_buf[i] = 0x5C; - } - - /* Now compute HASH(okey + inner_hash) */ - PSA_CHK(psa_hash_setup(&operation, hash_alg)); - PSA_CHK(psa_hash_update(&operation, key_buf, block_size)); - PSA_CHK(psa_hash_update(&operation, output, hash_size)); - PSA_CHK(psa_hash_finish(&operation, output, hash_size, &hash_length)); - -#undef PSA_CHK - -cleanup: - mbedtls_platform_zeroize(key_buf, MAX_HASH_BLOCK_LENGTH); - mbedtls_platform_zeroize(aux_out, PSA_HASH_MAX_SIZE); - - psa_hash_abort(&operation); - psa_hash_abort(&aux_operation); - return PSA_TO_MBEDTLS_ERR(status); -} - -#undef MAX_HASH_BLOCK_LENGTH - -#else -int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output) -{ - /* - * This function breaks the HMAC abstraction and uses the md_clone() - * extension to the MD API in order to get constant-flow behaviour. - * - * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means - * concatenation, and okey/ikey are the XOR of the key with some fixed bit - * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx. - * - * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to - * minlen, then cloning the context, and for each byte up to maxlen - * finishing up the hash computation, keeping only the correct result. - * - * Then we only need to compute HASH(okey + inner_hash) and we're done. - */ - const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info); - /* TLS 1.2 only supports SHA-384, SHA-256, SHA-1, MD-5, - * all of which have the same block size except SHA-384. */ - const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64; - const unsigned char * const ikey = ctx->hmac_ctx; - const unsigned char * const okey = ikey + block_size; - const size_t hash_size = mbedtls_md_get_size(ctx->md_info); - - unsigned char aux_out[MBEDTLS_MD_MAX_SIZE]; - mbedtls_md_context_t aux; - size_t offset; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_md_init(&aux); - -#define MD_CHK(func_call) \ - do { \ - ret = (func_call); \ - if (ret != 0) \ - goto cleanup; \ - } while (0) - - MD_CHK(mbedtls_md_setup(&aux, ctx->md_info, 0)); - - /* After hmac_start() of hmac_reset(), ikey has already been hashed, - * so we can start directly with the message */ - MD_CHK(mbedtls_md_update(ctx, add_data, add_data_len)); - MD_CHK(mbedtls_md_update(ctx, data, min_data_len)); - - /* Fill the hash buffer in advance with something that is - * not a valid hash (barring an attack on the hash and - * deliberately-crafted input), in case the caller doesn't - * check the return status properly. */ - memset(output, '!', hash_size); - - /* For each possible length, compute the hash up to that point */ - for (offset = min_data_len; offset <= max_data_len; offset++) { - MD_CHK(mbedtls_md_clone(&aux, ctx)); - MD_CHK(mbedtls_md_finish(&aux, aux_out)); - /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size, - offset, data_len_secret); - - if (offset < max_data_len) { - MD_CHK(mbedtls_md_update(ctx, data + offset, 1)); - } - } - - /* The context needs to finish() before it starts() again */ - MD_CHK(mbedtls_md_finish(ctx, aux_out)); - - /* Now compute HASH(okey + inner_hash) */ - MD_CHK(mbedtls_md_starts(ctx)); - MD_CHK(mbedtls_md_update(ctx, okey, block_size)); - MD_CHK(mbedtls_md_update(ctx, output, hash_size)); - MD_CHK(mbedtls_md_finish(ctx, output)); - - /* Done, get ready for next time */ - MD_CHK(mbedtls_md_hmac_reset(ctx)); - -#undef MD_CHK - -cleanup: - mbedtls_md_free(&aux); - return ret; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ #if defined(MBEDTLS_BIGNUM_C) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index dde6a0bfc..d8a0fc7b3 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -236,63 +236,6 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, size_t offset_max, size_t len); -/** Compute the HMAC of variable-length data with constant flow. - * - * This function computes the HMAC of the concatenation of \p add_data and \p - * data, and does with a code flow and memory access pattern that does not - * depend on \p data_len_secret, but only on \p min_data_len and \p - * max_data_len. In particular, this function always reads exactly \p - * max_data_len bytes from \p data. - * - * \param ctx The HMAC context. It must have keys configured - * with mbedtls_md_hmac_starts() and use one of the - * following hashes: SHA-384, SHA-256, SHA-1 or MD-5. - * It is reset using mbedtls_md_hmac_reset() after - * the computation is complete to prepare for the - * next computation. - * \param add_data The first part of the message whose HMAC is being - * calculated. This must point to a readable buffer - * of \p add_data_len bytes. - * \param add_data_len The length of \p add_data in bytes. - * \param data The buffer containing the second part of the - * message. This must point to a readable buffer - * of \p max_data_len bytes. - * \param data_len_secret The length of the data to process in \p data. - * This must be no less than \p min_data_len and no - * greater than \p max_data_len. - * \param min_data_len The minimal length of the second part of the - * message, read from \p data. - * \param max_data_len The maximal length of the second part of the - * message, read from \p data. - * \param output The HMAC will be written here. This must point to - * a writable buffer of sufficient size to hold the - * HMAC value. - * - * \retval 0 on success. - * \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED - * The hardware accelerator failed. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output); -#else -int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 17149c59e..eb11f7b25 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2788,4 +2788,64 @@ static inline void mbedtls_ssl_session_clear_ticket_flags( int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl); #endif +#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) + +/** Compute the HMAC of variable-length data with constant flow. + * + * This function computes the HMAC of the concatenation of \p add_data and \p + * data, and does with a code flow and memory access pattern that does not + * depend on \p data_len_secret, but only on \p min_data_len and \p + * max_data_len. In particular, this function always reads exactly \p + * max_data_len bytes from \p data. + * + * \param ctx The HMAC context. It must have keys configured + * with mbedtls_md_hmac_starts() and use one of the + * following hashes: SHA-384, SHA-256, SHA-1 or MD-5. + * It is reset using mbedtls_md_hmac_reset() after + * the computation is complete to prepare for the + * next computation. + * \param add_data The first part of the message whose HMAC is being + * calculated. This must point to a readable buffer + * of \p add_data_len bytes. + * \param add_data_len The length of \p add_data in bytes. + * \param data The buffer containing the second part of the + * message. This must point to a readable buffer + * of \p max_data_len bytes. + * \param data_len_secret The length of the data to process in \p data. + * This must be no less than \p min_data_len and no + * greater than \p max_data_len. + * \param min_data_len The minimal length of the second part of the + * message, read from \p data. + * \param max_data_len The maximal length of the second part of the + * message, read from \p data. + * \param output The HMAC will be written here. This must point to + * a writable buffer of sufficient size to hold the + * HMAC value. + * + * \retval 0 on success. + * \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED + * The hardware accelerator failed. + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, + psa_algorithm_t mac_alg, + const unsigned char *add_data, + size_t add_data_len, + const unsigned char *data, + size_t data_len_secret, + size_t min_data_len, + size_t max_data_len, + unsigned char *output); +#else +int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, + const unsigned char *add_data, + size_t add_data_len, + const unsigned char *data, + size_t data_len_secret, + size_t min_data_len, + size_t max_data_len, + unsigned char *output); +#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */ +#endif /* MBEDTLS_TEST_HOOKS && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) */ + #endif /* ssl_misc.h */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 18c19f93e..69706cf53 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -54,6 +54,234 @@ psa_generic_status_to_mbedtls) #endif +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + +#if defined(PSA_WANT_ALG_SHA_384) +#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_384) +#elif defined(PSA_WANT_ALG_SHA_256) +#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_256) +#else /* See check_config.h */ +#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_1) +#endif + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, + psa_algorithm_t mac_alg, + const unsigned char *add_data, + size_t add_data_len, + const unsigned char *data, + size_t data_len_secret, + size_t min_data_len, + size_t max_data_len, + unsigned char *output) +{ + /* + * This function breaks the HMAC abstraction and uses psa_hash_clone() + * extension in order to get constant-flow behaviour. + * + * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means + * concatenation, and okey/ikey are the XOR of the key with some fixed bit + * patterns (see RFC 2104, sec. 2). + * + * We'll first compute ikey/okey, then inner_hash = HASH(ikey + msg) by + * hashing up to minlen, then cloning the context, and for each byte up + * to maxlen finishing up the hash computation, keeping only the + * correct result. + * + * Then we only need to compute HASH(okey + inner_hash) and we're done. + */ + psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH(mac_alg); + const size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg); + unsigned char key_buf[MAX_HASH_BLOCK_LENGTH]; + const size_t hash_size = PSA_HASH_LENGTH(hash_alg); + psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; + size_t hash_length; + + unsigned char aux_out[PSA_HASH_MAX_SIZE]; + psa_hash_operation_t aux_operation = PSA_HASH_OPERATION_INIT; + size_t offset; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t mac_key_length; + size_t i; + +#define PSA_CHK(func_call) \ + do { \ + status = (func_call); \ + if (status != PSA_SUCCESS) \ + goto cleanup; \ + } while (0) + + /* Export MAC key + * We assume key length is always exactly the output size + * which is never more than the block size, thus we use block_size + * as the key buffer size. + */ + PSA_CHK(psa_export_key(key, key_buf, block_size, &mac_key_length)); + + /* Calculate ikey */ + for (i = 0; i < mac_key_length; i++) { + key_buf[i] = (unsigned char) (key_buf[i] ^ 0x36); + } + for (; i < block_size; ++i) { + key_buf[i] = 0x36; + } + + PSA_CHK(psa_hash_setup(&operation, hash_alg)); + + /* Now compute inner_hash = HASH(ikey + msg) */ + PSA_CHK(psa_hash_update(&operation, key_buf, block_size)); + PSA_CHK(psa_hash_update(&operation, add_data, add_data_len)); + PSA_CHK(psa_hash_update(&operation, data, min_data_len)); + + /* Fill the hash buffer in advance with something that is + * not a valid hash (barring an attack on the hash and + * deliberately-crafted input), in case the caller doesn't + * check the return status properly. */ + memset(output, '!', hash_size); + + /* For each possible length, compute the hash up to that point */ + for (offset = min_data_len; offset <= max_data_len; offset++) { + PSA_CHK(psa_hash_clone(&operation, &aux_operation)); + PSA_CHK(psa_hash_finish(&aux_operation, aux_out, + PSA_HASH_MAX_SIZE, &hash_length)); + /* Keep only the correct inner_hash in the output buffer */ + mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size, + offset, data_len_secret); + + if (offset < max_data_len) { + PSA_CHK(psa_hash_update(&operation, data + offset, 1)); + } + } + + /* Abort current operation to prepare for final operation */ + PSA_CHK(psa_hash_abort(&operation)); + + /* Calculate okey */ + for (i = 0; i < mac_key_length; i++) { + key_buf[i] = (unsigned char) ((key_buf[i] ^ 0x36) ^ 0x5C); + } + for (; i < block_size; ++i) { + key_buf[i] = 0x5C; + } + + /* Now compute HASH(okey + inner_hash) */ + PSA_CHK(psa_hash_setup(&operation, hash_alg)); + PSA_CHK(psa_hash_update(&operation, key_buf, block_size)); + PSA_CHK(psa_hash_update(&operation, output, hash_size)); + PSA_CHK(psa_hash_finish(&operation, output, hash_size, &hash_length)); + +#undef PSA_CHK + +cleanup: + mbedtls_platform_zeroize(key_buf, MAX_HASH_BLOCK_LENGTH); + mbedtls_platform_zeroize(aux_out, PSA_HASH_MAX_SIZE); + + psa_hash_abort(&operation); + psa_hash_abort(&aux_operation); + return PSA_TO_MBEDTLS_ERR(status); +} + +#undef MAX_HASH_BLOCK_LENGTH + +#else +MBEDTLS_STATIC_TESTABLE +int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, + const unsigned char *add_data, + size_t add_data_len, + const unsigned char *data, + size_t data_len_secret, + size_t min_data_len, + size_t max_data_len, + unsigned char *output) +{ + /* + * This function breaks the HMAC abstraction and uses the md_clone() + * extension to the MD API in order to get constant-flow behaviour. + * + * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means + * concatenation, and okey/ikey are the XOR of the key with some fixed bit + * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx. + * + * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to + * minlen, then cloning the context, and for each byte up to maxlen + * finishing up the hash computation, keeping only the correct result. + * + * Then we only need to compute HASH(okey + inner_hash) and we're done. + */ + const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info); + /* TLS 1.2 only supports SHA-384, SHA-256, SHA-1, MD-5, + * all of which have the same block size except SHA-384. */ + const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64; + const unsigned char * const ikey = ctx->hmac_ctx; + const unsigned char * const okey = ikey + block_size; + const size_t hash_size = mbedtls_md_get_size(ctx->md_info); + + unsigned char aux_out[MBEDTLS_MD_MAX_SIZE]; + mbedtls_md_context_t aux; + size_t offset; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + mbedtls_md_init(&aux); + +#define MD_CHK(func_call) \ + do { \ + ret = (func_call); \ + if (ret != 0) \ + goto cleanup; \ + } while (0) + + MD_CHK(mbedtls_md_setup(&aux, ctx->md_info, 0)); + + /* After hmac_start() of hmac_reset(), ikey has already been hashed, + * so we can start directly with the message */ + MD_CHK(mbedtls_md_update(ctx, add_data, add_data_len)); + MD_CHK(mbedtls_md_update(ctx, data, min_data_len)); + + /* Fill the hash buffer in advance with something that is + * not a valid hash (barring an attack on the hash and + * deliberately-crafted input), in case the caller doesn't + * check the return status properly. */ + memset(output, '!', hash_size); + + /* For each possible length, compute the hash up to that point */ + for (offset = min_data_len; offset <= max_data_len; offset++) { + MD_CHK(mbedtls_md_clone(&aux, ctx)); + MD_CHK(mbedtls_md_finish(&aux, aux_out)); + /* Keep only the correct inner_hash in the output buffer */ + mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size, + offset, data_len_secret); + + if (offset < max_data_len) { + MD_CHK(mbedtls_md_update(ctx, data + offset, 1)); + } + } + + /* The context needs to finish() before it starts() again */ + MD_CHK(mbedtls_md_finish(ctx, aux_out)); + + /* Now compute HASH(okey + inner_hash) */ + MD_CHK(mbedtls_md_starts(ctx)); + MD_CHK(mbedtls_md_update(ctx, okey, block_size)); + MD_CHK(mbedtls_md_update(ctx, output, hash_size)); + MD_CHK(mbedtls_md_finish(ctx, output)); + + /* Done, get ready for next time */ + MD_CHK(mbedtls_md_hmac_reset(ctx)); + +#undef MD_CHK + +cleanup: + mbedtls_md_free(&aux); + return ret; +} + +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl); /* From 0afe0018713de498eaaf6b7de3f6ee325db8e186 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 9 May 2023 11:09:52 +0100 Subject: [PATCH 009/339] Expose mbedtls_ct_size_gt and mbedtls_ct_mem_move_to_left in ct interface Signed-off-by: Dave Rodgman --- library/constant_time.c | 32 ++------------------------- library/constant_time_internal.h | 38 ++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 30 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index a786d380b..093ae2872 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -253,19 +253,7 @@ unsigned mbedtls_ct_size_bool_eq(size_t x, #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) -/** Constant-flow "greater than" comparison: - * return x > y - * - * This is equivalent to \p x > \p y, but is likely to be compiled - * to code using bitwise operation rather than a branch. - * - * \param x The first value to analyze. - * \param y The second value to analyze. - * - * \return 1 if \p x greater than \p y, otherwise 0. - */ -static unsigned mbedtls_ct_size_gt(size_t x, - size_t y) +unsigned mbedtls_ct_size_gt(size_t x, size_t y) { /* Return the sign bit (1 for negative) of (y - x). */ return (y - x) >> (sizeof(size_t) * 8 - 1); @@ -345,23 +333,7 @@ void mbedtls_ct_mpi_uint_cond_assign(size_t n, #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) -/** Shift some data towards the left inside a buffer. - * - * `mbedtls_ct_mem_move_to_left(start, total, offset)` is functionally - * equivalent to - * ``` - * memmove(start, start + offset, total - offset); - * memset(start + offset, 0, total - offset); - * ``` - * but it strives to use a memory access pattern (and thus total timing) - * that does not depend on \p offset. This timing independence comes at - * the expense of performance. - * - * \param start Pointer to the start of the buffer. - * \param total Total size of the buffer. - * \param offset Offset from which to copy \p total - \p offset bytes. - */ -static void mbedtls_ct_mem_move_to_left(void *start, +void mbedtls_ct_mem_move_to_left(void *start, size_t total, size_t offset) { diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index d8a0fc7b3..84ca96233 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -300,4 +300,42 @@ static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low, #endif /* MBEDTLS_BASE64_C */ + +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) + +/** Constant-flow "greater than" comparison: + * return x > y + * + * This is equivalent to \p x > \p y, but is likely to be compiled + * to code using bitwise operation rather than a branch. + * + * \param x The first value to analyze. + * \param y The second value to analyze. + * + * \return 1 if \p x greater than \p y, otherwise 0. + */ +unsigned mbedtls_ct_size_gt(size_t x, size_t y); + +/** Shift some data towards the left inside a buffer. + * + * `mbedtls_ct_mem_move_to_left(start, total, offset)` is functionally + * equivalent to + * ``` + * memmove(start, start + offset, total - offset); + * memset(start + offset, 0, total - offset); + * ``` + * but it strives to use a memory access pattern (and thus total timing) + * that does not depend on \p offset. This timing independence comes at + * the expense of performance. + * + * \param start Pointer to the start of the buffer. + * \param total Total size of the buffer. + * \param offset Offset from which to copy \p total - \p offset bytes. + */ +void mbedtls_ct_mem_move_to_left(void *start, + size_t total, + size_t offset); + +#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */ + #endif /* MBEDTLS_CONSTANT_TIME_INTERNAL_H */ From 19e8cd06febe82340cf6b74fd4f467ab098f6fd1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 9 May 2023 11:10:21 +0100 Subject: [PATCH 010/339] Move mbedtls_ct_rsaes_pkcs1_v15_unpadding into rsa.c Signed-off-by: Dave Rodgman --- library/constant_time.c | 135 +------------------------- library/constant_time_internal.h | 40 +------- library/rsa.c | 158 +++++++++++++++++++++++++++++++ 3 files changed, 162 insertions(+), 171 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 093ae2872..16d7a1fc4 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -334,8 +334,8 @@ void mbedtls_ct_mpi_uint_cond_assign(size_t n, #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) void mbedtls_ct_mem_move_to_left(void *start, - size_t total, - size_t offset) + size_t total, + size_t offset) { volatile unsigned char *buf = start; size_t i, n; @@ -590,134 +590,3 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, } #endif /* MBEDTLS_BIGNUM_C */ - -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) - -int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, - size_t ilen, - unsigned char *output, - size_t output_max_len, - size_t *olen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, plaintext_max_size; - - /* The following variables take sensitive values: their value must - * not leak into the observable behavior of the function other than - * the designated outputs (output, olen, return value). Otherwise - * this would open the execution of the function to - * side-channel-based variants of the Bleichenbacher padding oracle - * attack. Potential side channels include overall timing, memory - * access patterns (especially visible to an adversary who has access - * to a shared memory cache), and branches (especially visible to - * an adversary who has access to a shared code cache or to a shared - * branch predictor). */ - size_t pad_count = 0; - unsigned bad = 0; - unsigned char pad_done = 0; - size_t plaintext_size = 0; - unsigned output_too_large; - - plaintext_max_size = (output_max_len > ilen - 11) ? ilen - 11 - : output_max_len; - - /* Check and get padding length in constant time and constant - * memory trace. The first byte must be 0. */ - bad |= input[0]; - - - /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00 - * where PS must be at least 8 nonzero bytes. */ - bad |= input[1] ^ MBEDTLS_RSA_CRYPT; - - /* Read the whole buffer. Set pad_done to nonzero if we find - * the 0x00 byte and remember the padding length in pad_count. */ - for (i = 2; i < ilen; i++) { - pad_done |= ((input[i] | (unsigned char) -input[i]) >> 7) ^ 1; - pad_count += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1; - } - - - /* If pad_done is still zero, there's no data, only unfinished padding. */ - bad |= mbedtls_ct_uint_if(pad_done, 0, 1); - - /* There must be at least 8 bytes of padding. */ - bad |= mbedtls_ct_size_gt(8, pad_count); - - /* If the padding is valid, set plaintext_size to the number of - * remaining bytes after stripping the padding. If the padding - * is invalid, avoid leaking this fact through the size of the - * output: use the maximum message size that fits in the output - * buffer. Do it without branches to avoid leaking the padding - * validity through timing. RSA keys are small enough that all the - * size_t values involved fit in unsigned int. */ - plaintext_size = mbedtls_ct_uint_if( - bad, (unsigned) plaintext_max_size, - (unsigned) (ilen - pad_count - 3)); - - /* Set output_too_large to 0 if the plaintext fits in the output - * buffer and to 1 otherwise. */ - output_too_large = mbedtls_ct_size_gt(plaintext_size, - plaintext_max_size); - - /* Set ret without branches to avoid timing attacks. Return: - * - INVALID_PADDING if the padding is bad (bad != 0). - * - OUTPUT_TOO_LARGE if the padding is good but the decrypted - * plaintext does not fit in the output buffer. - * - 0 if the padding is correct. */ - ret = -(int) mbedtls_ct_uint_if( - bad, -MBEDTLS_ERR_RSA_INVALID_PADDING, - mbedtls_ct_uint_if(output_too_large, - -MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, - 0)); - - /* If the padding is bad or the plaintext is too large, zero the - * data that we're about to copy to the output buffer. - * We need to copy the same amount of data - * from the same buffer whether the padding is good or not to - * avoid leaking the padding validity through overall timing or - * through memory or cache access patterns. */ - bad = mbedtls_ct_uint_mask(bad | output_too_large); - for (i = 11; i < ilen; i++) { - input[i] &= ~bad; - } - - /* If the plaintext is too large, truncate it to the buffer size. - * Copy anyway to avoid revealing the length through timing, because - * revealing the length is as bad as revealing the padding validity - * for a Bleichenbacher attack. */ - plaintext_size = mbedtls_ct_uint_if(output_too_large, - (unsigned) plaintext_max_size, - (unsigned) plaintext_size); - - /* Move the plaintext to the leftmost position where it can start in - * the working buffer, i.e. make it start plaintext_max_size from - * the end of the buffer. Do this with a memory access trace that - * does not depend on the plaintext size. After this move, the - * starting location of the plaintext is no longer sensitive - * information. */ - mbedtls_ct_mem_move_to_left(input + ilen - plaintext_max_size, - plaintext_max_size, - plaintext_max_size - plaintext_size); - - /* Finally copy the decrypted plaintext plus trailing zeros into the output - * buffer. If output_max_len is 0, then output may be an invalid pointer - * and the result of memcpy() would be undefined; prevent undefined - * behavior making sure to depend only on output_max_len (the size of the - * user-provided output buffer), which is independent from plaintext - * length, validity of padding, success of the decryption, and other - * secrets. */ - if (output_max_len != 0) { - memcpy(output, input + ilen - plaintext_max_size, plaintext_max_size); - } - - /* Report the amount of data we copied to the output buffer. In case - * of errors (bad padding or output too large), the value of *olen - * when this function returns is not specified. Making it equivalent - * to the good case limits the risks of leaking the padding validity. */ - *olen = plaintext_size; - - return ret; -} - -#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 84ca96233..bfeb8c55e 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -238,42 +238,6 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) - -/** This function performs the unpadding part of a PKCS#1 v1.5 decryption - * operation (EME-PKCS1-v1_5 decoding). - * - * \note The return value from this function is a sensitive value - * (this is unusual). #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE shouldn't happen - * in a well-written application, but 0 vs #MBEDTLS_ERR_RSA_INVALID_PADDING - * is often a situation that an attacker can provoke and leaking which - * one is the result is precisely the information the attacker wants. - * - * \param input The input buffer which is the payload inside PKCS#1v1.5 - * encryption padding, called the "encoded message EM" - * by the terminology. - * \param ilen The length of the payload in the \p input buffer. - * \param output The buffer for the payload, called "message M" by the - * PKCS#1 terminology. This must be a writable buffer of - * length \p output_max_len bytes. - * \param olen The address at which to store the length of - * the payload. This must not be \c NULL. - * \param output_max_len The length in bytes of the output buffer \p output. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE - * The output buffer is too small for the unpadded payload. - * \return #MBEDTLS_ERR_RSA_INVALID_PADDING - * The input doesn't contain properly formatted padding. - */ -int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, - size_t ilen, - unsigned char *output, - size_t output_max_len, - size_t *olen); - -#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ - #if defined(MBEDTLS_BASE64_C) /** Constant-flow char selection @@ -333,8 +297,8 @@ unsigned mbedtls_ct_size_gt(size_t x, size_t y); * \param offset Offset from which to copy \p total - \p offset bytes. */ void mbedtls_ct_mem_move_to_left(void *start, - size_t total, - size_t offset); + size_t total, + size_t offset); #endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */ diff --git a/library/rsa.c b/library/rsa.c index 87b331189..e4a45b37c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -56,6 +56,164 @@ #include "mbedtls/platform.h" + +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) + +/** This function performs the unpadding part of a PKCS#1 v1.5 decryption + * operation (EME-PKCS1-v1_5 decoding). + * + * \note The return value from this function is a sensitive value + * (this is unusual). #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE shouldn't happen + * in a well-written application, but 0 vs #MBEDTLS_ERR_RSA_INVALID_PADDING + * is often a situation that an attacker can provoke and leaking which + * one is the result is precisely the information the attacker wants. + * + * \param input The input buffer which is the payload inside PKCS#1v1.5 + * encryption padding, called the "encoded message EM" + * by the terminology. + * \param ilen The length of the payload in the \p input buffer. + * \param output The buffer for the payload, called "message M" by the + * PKCS#1 terminology. This must be a writable buffer of + * length \p output_max_len bytes. + * \param olen The address at which to store the length of + * the payload. This must not be \c NULL. + * \param output_max_len The length in bytes of the output buffer \p output. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE + * The output buffer is too small for the unpadded payload. + * \return #MBEDTLS_ERR_RSA_INVALID_PADDING + * The input doesn't contain properly formatted padding. + */ +static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, + size_t ilen, + unsigned char *output, + size_t output_max_len, + size_t *olen) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t i, plaintext_max_size; + + /* The following variables take sensitive values: their value must + * not leak into the observable behavior of the function other than + * the designated outputs (output, olen, return value). Otherwise + * this would open the execution of the function to + * side-channel-based variants of the Bleichenbacher padding oracle + * attack. Potential side channels include overall timing, memory + * access patterns (especially visible to an adversary who has access + * to a shared memory cache), and branches (especially visible to + * an adversary who has access to a shared code cache or to a shared + * branch predictor). */ + size_t pad_count = 0; + unsigned bad = 0; + unsigned char pad_done = 0; + size_t plaintext_size = 0; + unsigned output_too_large; + + plaintext_max_size = (output_max_len > ilen - 11) ? ilen - 11 + : output_max_len; + + /* Check and get padding length in constant time and constant + * memory trace. The first byte must be 0. */ + bad |= input[0]; + + + /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00 + * where PS must be at least 8 nonzero bytes. */ + bad |= input[1] ^ MBEDTLS_RSA_CRYPT; + + /* Read the whole buffer. Set pad_done to nonzero if we find + * the 0x00 byte and remember the padding length in pad_count. */ + for (i = 2; i < ilen; i++) { + pad_done |= ((input[i] | (unsigned char) -input[i]) >> 7) ^ 1; + pad_count += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1; + } + + + /* If pad_done is still zero, there's no data, only unfinished padding. */ + bad |= mbedtls_ct_uint_if(pad_done, 0, 1); + + /* There must be at least 8 bytes of padding. */ + bad |= mbedtls_ct_size_gt(8, pad_count); + + /* If the padding is valid, set plaintext_size to the number of + * remaining bytes after stripping the padding. If the padding + * is invalid, avoid leaking this fact through the size of the + * output: use the maximum message size that fits in the output + * buffer. Do it without branches to avoid leaking the padding + * validity through timing. RSA keys are small enough that all the + * size_t values involved fit in unsigned int. */ + plaintext_size = mbedtls_ct_uint_if( + bad, (unsigned) plaintext_max_size, + (unsigned) (ilen - pad_count - 3)); + + /* Set output_too_large to 0 if the plaintext fits in the output + * buffer and to 1 otherwise. */ + output_too_large = mbedtls_ct_size_gt(plaintext_size, + plaintext_max_size); + + /* Set ret without branches to avoid timing attacks. Return: + * - INVALID_PADDING if the padding is bad (bad != 0). + * - OUTPUT_TOO_LARGE if the padding is good but the decrypted + * plaintext does not fit in the output buffer. + * - 0 if the padding is correct. */ + ret = -(int) mbedtls_ct_uint_if( + bad, -MBEDTLS_ERR_RSA_INVALID_PADDING, + mbedtls_ct_uint_if(output_too_large, + -MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, + 0)); + + /* If the padding is bad or the plaintext is too large, zero the + * data that we're about to copy to the output buffer. + * We need to copy the same amount of data + * from the same buffer whether the padding is good or not to + * avoid leaking the padding validity through overall timing or + * through memory or cache access patterns. */ + bad = mbedtls_ct_uint_mask(bad | output_too_large); + for (i = 11; i < ilen; i++) { + input[i] &= ~bad; + } + + /* If the plaintext is too large, truncate it to the buffer size. + * Copy anyway to avoid revealing the length through timing, because + * revealing the length is as bad as revealing the padding validity + * for a Bleichenbacher attack. */ + plaintext_size = mbedtls_ct_uint_if(output_too_large, + (unsigned) plaintext_max_size, + (unsigned) plaintext_size); + + /* Move the plaintext to the leftmost position where it can start in + * the working buffer, i.e. make it start plaintext_max_size from + * the end of the buffer. Do this with a memory access trace that + * does not depend on the plaintext size. After this move, the + * starting location of the plaintext is no longer sensitive + * information. */ + mbedtls_ct_mem_move_to_left(input + ilen - plaintext_max_size, + plaintext_max_size, + plaintext_max_size - plaintext_size); + + /* Finally copy the decrypted plaintext plus trailing zeros into the output + * buffer. If output_max_len is 0, then output may be an invalid pointer + * and the result of memcpy() would be undefined; prevent undefined + * behavior making sure to depend only on output_max_len (the size of the + * user-provided output buffer), which is independent from plaintext + * length, validity of padding, success of the decryption, and other + * secrets. */ + if (output_max_len != 0) { + memcpy(output, input + ilen - plaintext_max_size, plaintext_max_size); + } + + /* Report the amount of data we copied to the output buffer. In case + * of errors (bad padding or output too large), the value of *olen + * when this function returns is not specified. Making it equivalent + * to the good case limits the risks of leaking the padding validity. */ + *olen = plaintext_size; + + return ret; +} + +#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ + #if !defined(MBEDTLS_RSA_ALT) int mbedtls_rsa_import(mbedtls_rsa_context *ctx, From 7d4f0198103e77b58701232b2141c8f99e07e7a7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 9 May 2023 14:01:05 +0100 Subject: [PATCH 011/339] Move some bignum functions out of constant_time module Signed-off-by: Dave Rodgman --- library/bignum.c | 136 +++++++++++++++++++++++ library/bignum_core.c | 40 +++++++ library/bignum_core.h | 18 +++ library/constant_time.c | 185 ------------------------------- library/constant_time_internal.h | 18 --- 5 files changed, 194 insertions(+), 203 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 36effaf8d..b62f3f2c3 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -54,6 +54,142 @@ #define MPI_VALIDATE(cond) \ MBEDTLS_INTERNAL_VALIDATE(cond) +/* + * Compare signed values in constant time + */ +int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, + const mbedtls_mpi *Y, + unsigned *ret) +{ + size_t i; + /* The value of any of these variables is either 0 or 1 at all times. */ + unsigned cond, done, X_is_negative, Y_is_negative; + + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); + MPI_VALIDATE_RET(ret != NULL); + + if (X->n != Y->n) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } + + /* + * Set sign_N to 1 if N >= 0, 0 if N < 0. + * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0. + */ + X_is_negative = (X->s & 2) >> 1; + Y_is_negative = (Y->s & 2) >> 1; + + /* + * If the signs are different, then the positive operand is the bigger. + * That is if X is negative (X_is_negative == 1), then X < Y is true and it + * is false if X is positive (X_is_negative == 0). + */ + cond = (X_is_negative ^ Y_is_negative); + *ret = cond & X_is_negative; + + /* + * This is a constant-time function. We might have the result, but we still + * need to go through the loop. Record if we have the result already. + */ + done = cond; + + for (i = X->n; i > 0; i--) { + /* + * If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both + * X and Y are negative. + * + * Again even if we can make a decision, we just mark the result and + * the fact that we are done and continue looping. + */ + cond = mbedtls_ct_mpi_uint_lt(Y->p[i - 1], X->p[i - 1]); + *ret |= cond & (1 - done) & X_is_negative; + done |= cond; + + /* + * If X->p[i - 1] < Y->p[i - 1] then X < Y is true if and only if both + * X and Y are positive. + * + * Again even if we can make a decision, we just mark the result and + * the fact that we are done and continue looping. + */ + cond = mbedtls_ct_mpi_uint_lt(X->p[i - 1], Y->p[i - 1]); + *ret |= cond & (1 - done) & (1 - X_is_negative); + done |= cond; + } + + return 0; +} + +/* + * Conditionally assign X = Y, without leaking information + * about whether the assignment was made or not. + * (Leaking information about the respective sizes of X and Y is ok however.) + */ +#if defined(_MSC_VER) && defined(_M_ARM64) && (_MSC_FULL_VER < 193131103) +/* + * MSVC miscompiles this function if it's inlined prior to Visual Studio 2022 version 17.1. See: + * https://developercommunity.visualstudio.com/t/c-compiler-miscompiles-part-of-mbedtls-library-on/1646989 + */ +__declspec(noinline) +#endif +int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, + const mbedtls_mpi *Y, + unsigned char assign) +{ + int ret = 0; + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); + + /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ + mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask(assign); + + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); + + X->s = (int) mbedtls_ct_uint_if(assign, Y->s, X->s); + + mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, assign); + + for (size_t i = Y->n; i < X->n; i++) { + X->p[i] &= ~limb_mask; + } + +cleanup: + return ret; +} + +/* + * Conditionally swap X and Y, without leaking information + * about whether the swap was made or not. + * Here it is not ok to simply swap the pointers, which would lead to + * different memory access patterns when X and Y are used afterwards. + */ +int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, + mbedtls_mpi *Y, + unsigned char swap) +{ + int ret = 0; + int s; + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); + + if (X == Y) { + return 0; + } + + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n)); + + s = X->s; + X->s = (int) mbedtls_ct_uint_if(swap, Y->s, X->s); + Y->s = (int) mbedtls_ct_uint_if(swap, s, Y->s); + + mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, swap); + +cleanup: + return ret; +} + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_mpi_zeroize(mbedtls_mpi_uint *v, size_t n) { diff --git a/library/bignum_core.c b/library/bignum_core.c index de57cfc04..a51b3f404 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -168,6 +168,46 @@ unsigned mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min, return min_le_lsl | msll_nonzero; } +unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, + const mbedtls_mpi_uint *B, + size_t limbs) +{ + unsigned ret, cond, done; + + /* The value of any of these variables is either 0 or 1 for the rest of + * their scope. */ + ret = cond = done = 0; + + for (size_t i = limbs; i > 0; i--) { + /* + * If B[i - 1] < A[i - 1] then A < B is false and the result must + * remain 0. + * + * Again even if we can make a decision, we just mark the result and + * the fact that we are done and continue looping. + */ + cond = mbedtls_ct_mpi_uint_lt(B[i - 1], A[i - 1]); + done |= cond; + + /* + * If A[i - 1] < B[i - 1] then A < B is true. + * + * Again even if we can make a decision, we just mark the result and + * the fact that we are done and continue looping. + */ + cond = mbedtls_ct_mpi_uint_lt(A[i - 1], B[i - 1]); + ret |= cond & (1 - done); + done |= cond; + } + + /* + * If all the limbs were equal, then the numbers are equal, A < B is false + * and leaving the result 0 is correct. + */ + + return ret; +} + void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, size_t limbs, diff --git a/library/bignum_core.h b/library/bignum_core.h index 21a5a11c6..1fc537575 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -148,6 +148,24 @@ unsigned mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min, const mbedtls_mpi_uint *A, size_t A_limbs); +/** + * \brief Check if one unsigned MPI is less than another in constant + * time. + * + * \param A The left-hand MPI. This must point to an array of limbs + * with the same allocated length as \p B. + * \param B The right-hand MPI. This must point to an array of limbs + * with the same allocated length as \p A. + * \param limbs The number of limbs in \p A and \p B. + * This must not be 0. + * + * \return The result of the comparison: + * \c 1 if \p A is less than \p B. + * \c 0 if \p A is greater than or equal to \p B. + */ +unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, + const mbedtls_mpi_uint *B, + size_t limbs); /** * \brief Perform a safe conditional copy of an MPI which doesn't reveal * whether assignment was done or not. diff --git a/library/constant_time.c b/library/constant_time.c index 16d7a1fc4..135a6ece3 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -405,188 +405,3 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ -#if defined(MBEDTLS_BIGNUM_C) - -#define MPI_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA) - -/* - * Conditionally assign X = Y, without leaking information - * about whether the assignment was made or not. - * (Leaking information about the respective sizes of X and Y is ok however.) - */ -#if defined(_MSC_VER) && defined(_M_ARM64) && (_MSC_FULL_VER < 193131103) -/* - * MSVC miscompiles this function if it's inlined prior to Visual Studio 2022 version 17.1. See: - * https://developercommunity.visualstudio.com/t/c-compiler-miscompiles-part-of-mbedtls-library-on/1646989 - */ -__declspec(noinline) -#endif -int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, - const mbedtls_mpi *Y, - unsigned char assign) -{ - int ret = 0; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(Y != NULL); - - /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ - mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask(assign); - - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); - - X->s = (int) mbedtls_ct_uint_if(assign, Y->s, X->s); - - mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, assign); - - for (size_t i = Y->n; i < X->n; i++) { - X->p[i] &= ~limb_mask; - } - -cleanup: - return ret; -} - -/* - * Conditionally swap X and Y, without leaking information - * about whether the swap was made or not. - * Here it is not ok to simply swap the pointers, which would lead to - * different memory access patterns when X and Y are used afterwards. - */ -int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, - mbedtls_mpi *Y, - unsigned char swap) -{ - int ret = 0; - int s; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(Y != NULL); - - if (X == Y) { - return 0; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n)); - - s = X->s; - X->s = (int) mbedtls_ct_uint_if(swap, Y->s, X->s); - Y->s = (int) mbedtls_ct_uint_if(swap, s, Y->s); - - mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, swap); - -cleanup: - return ret; -} - -/* - * Compare unsigned values in constant time - */ -unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, - const mbedtls_mpi_uint *B, - size_t limbs) -{ - unsigned ret, cond, done; - - /* The value of any of these variables is either 0 or 1 for the rest of - * their scope. */ - ret = cond = done = 0; - - for (size_t i = limbs; i > 0; i--) { - /* - * If B[i - 1] < A[i - 1] then A < B is false and the result must - * remain 0. - * - * Again even if we can make a decision, we just mark the result and - * the fact that we are done and continue looping. - */ - cond = mbedtls_ct_mpi_uint_lt(B[i - 1], A[i - 1]); - done |= cond; - - /* - * If A[i - 1] < B[i - 1] then A < B is true. - * - * Again even if we can make a decision, we just mark the result and - * the fact that we are done and continue looping. - */ - cond = mbedtls_ct_mpi_uint_lt(A[i - 1], B[i - 1]); - ret |= cond & (1 - done); - done |= cond; - } - - /* - * If all the limbs were equal, then the numbers are equal, A < B is false - * and leaving the result 0 is correct. - */ - - return ret; -} - -/* - * Compare signed values in constant time - */ -int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, - const mbedtls_mpi *Y, - unsigned *ret) -{ - size_t i; - /* The value of any of these variables is either 0 or 1 at all times. */ - unsigned cond, done, X_is_negative, Y_is_negative; - - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(Y != NULL); - MPI_VALIDATE_RET(ret != NULL); - - if (X->n != Y->n) { - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - } - - /* - * Set sign_N to 1 if N >= 0, 0 if N < 0. - * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0. - */ - X_is_negative = (X->s & 2) >> 1; - Y_is_negative = (Y->s & 2) >> 1; - - /* - * If the signs are different, then the positive operand is the bigger. - * That is if X is negative (X_is_negative == 1), then X < Y is true and it - * is false if X is positive (X_is_negative == 0). - */ - cond = (X_is_negative ^ Y_is_negative); - *ret = cond & X_is_negative; - - /* - * This is a constant-time function. We might have the result, but we still - * need to go through the loop. Record if we have the result already. - */ - done = cond; - - for (i = X->n; i > 0; i--) { - /* - * If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both - * X and Y are negative. - * - * Again even if we can make a decision, we just mark the result and - * the fact that we are done and continue looping. - */ - cond = mbedtls_ct_mpi_uint_lt(Y->p[i - 1], X->p[i - 1]); - *ret |= cond & (1 - done) & X_is_negative; - done |= cond; - - /* - * If X->p[i - 1] < Y->p[i - 1] then X < Y is true if and only if both - * X and Y are positive. - * - * Again even if we can make a decision, we just mark the result and - * the fact that we are done and continue looping. - */ - cond = mbedtls_ct_mpi_uint_lt(X->p[i - 1], Y->p[i - 1]); - *ret |= cond & (1 - done) & (1 - X_is_negative); - done |= cond; - } - - return 0; -} - -#endif /* MBEDTLS_BIGNUM_C */ diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index bfeb8c55e..e085478d6 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -129,24 +129,6 @@ unsigned mbedtls_ct_size_bool_eq(size_t x, unsigned mbedtls_ct_mpi_uint_lt(const mbedtls_mpi_uint x, const mbedtls_mpi_uint y); -/** - * \brief Check if one unsigned MPI is less than another in constant - * time. - * - * \param A The left-hand MPI. This must point to an array of limbs - * with the same allocated length as \p B. - * \param B The right-hand MPI. This must point to an array of limbs - * with the same allocated length as \p A. - * \param limbs The number of limbs in \p A and \p B. - * This must not be 0. - * - * \return The result of the comparison: - * \c 1 if \p A is less than \p B. - * \c 0 if \p A is greater than or equal to \p B. - */ -unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, - const mbedtls_mpi_uint *B, - size_t limbs); #endif /* MBEDTLS_BIGNUM_C */ /** Choose between two integer values without branches. From 14bec1490f8bfdc6d7b4a6776d5604bb332c26bf Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 11 May 2023 16:19:27 +0100 Subject: [PATCH 012/339] tests Signed-off-by: Dave Rodgman --- tests/suites/test_suite_base64.function | 5 +- tests/suites/test_suite_bignum.function | 2 +- tests/suites/test_suite_bignum_core.function | 34 +- .../suites/test_suite_bignum_random.function | 8 +- tests/suites/test_suite_constant_time.data | 511 ++++++++++++++++-- .../suites/test_suite_constant_time.function | 256 ++++++++- .../test_suite_constant_time_hmac.function | 2 +- 7 files changed, 732 insertions(+), 86 deletions(-) diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index ce6bd42b7..d9ac82cd0 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -1,7 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/base64.h" #include "constant_time_internal.h" -#include "constant_time_invasive.h" #include #if defined(MBEDTLS_TEST_HOOKS) @@ -16,7 +15,7 @@ static const char base64_digits[] = * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +/* BEGIN_CASE */ void mask_of_range(int low_arg, int high_arg) { unsigned char low = low_arg, high = high_arg; @@ -24,7 +23,7 @@ void mask_of_range(int low_arg, int high_arg) for (c = 0; c <= 0xff; c++) { mbedtls_test_set_step(c); TEST_CF_SECRET(&c, sizeof(c)); - unsigned char m = mbedtls_ct_uchar_mask_of_range(low, high, c); + unsigned char m = mbedtls_ct_uchar_in_range_if(low, high, c, 0xff); TEST_CF_PUBLIC(&c, sizeof(c)); TEST_CF_PUBLIC(&m, sizeof(m)); if (low <= c && c <= high) { diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function index 7f858e554..caa7e0467 100644 --- a/tests/suites/test_suite_bignum.function +++ b/tests/suites/test_suite_bignum.function @@ -438,7 +438,7 @@ void mpi_lt_mpi_ct(int size_X, char *input_X, TEST_ASSERT(mbedtls_mpi_lt_mpi_ct(&X, &Y, &ret) == input_err); if (input_err == 0) { - TEST_ASSERT(ret == input_uret); + TEST_EQUAL(ret, input_uret); } exit: diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index 81a3a4531..7ac03d000 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -358,7 +358,7 @@ void mpi_core_lt_ct(char *input_X, char *input_Y, int exp_ret) TEST_CF_SECRET(Y, X_limbs * sizeof(mbedtls_mpi_uint)); ret = mbedtls_mpi_core_lt_ct(X, Y, X_limbs); - TEST_EQUAL(ret, exp_ret); + TEST_EQUAL(!!ret, exp_ret); exit: mbedtls_free(X); @@ -384,25 +384,25 @@ void mpi_core_uint_le_mpi(char *input_A) TEST_CF_SECRET(A, A_limbs * sizeof(*A)); - TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(0, A, A_limbs), 1); - TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(A[0], A, A_limbs), 1); + TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(0, A, A_limbs), 1); + TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(A[0], A, A_limbs), 1); if (is_large) { - TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(A[0] + 1, - A, A_limbs), 1); - TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1, - A, A_limbs), 1); - TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1), - A, A_limbs), 1); + TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(A[0] + 1, + A, A_limbs), 1); + TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1, + A, A_limbs), 1); + TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1), + A, A_limbs), 1); } else { - TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(A[0] + 1, - A, A_limbs), + TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(A[0] + 1, + A, A_limbs), A[0] + 1 <= A[0]); - TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1, - A, A_limbs), + TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1, + A, A_limbs), (mbedtls_mpi_uint) (-1) >> 1 <= A[0]); - TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1), - A, A_limbs), + TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1), + A, A_limbs), (mbedtls_mpi_uint) (-1) <= A[0]); } @@ -447,7 +447,7 @@ void mpi_core_cond_assign(char *input_X, TEST_CF_SECRET(X, bytes); TEST_CF_SECRET(Y, bytes); - mbedtls_mpi_core_cond_assign(X, Y, copy_limbs, 1); + mbedtls_mpi_core_cond_assign(X, Y, copy_limbs, mbedtls_ct_bool(1)); TEST_CF_PUBLIC(X, bytes); TEST_CF_PUBLIC(Y, bytes); @@ -515,7 +515,7 @@ void mpi_core_cond_swap(char *input_X, TEST_CF_SECRET(X, bytes); TEST_CF_SECRET(Y, bytes); - mbedtls_mpi_core_cond_swap(X, Y, copy_limbs, 1); + mbedtls_mpi_core_cond_swap(X, Y, copy_limbs, mbedtls_ct_bool(1)); TEST_CF_PUBLIC(X, bytes); TEST_CF_PUBLIC(Y, bytes); diff --git a/tests/suites/test_suite_bignum_random.function b/tests/suites/test_suite_bignum_random.function index e4db3d7ac..51ff4d8f7 100644 --- a/tests/suites/test_suite_bignum_random.function +++ b/tests/suites/test_suite_bignum_random.function @@ -134,7 +134,7 @@ void mpi_core_random_basic(int min, char *bound_bytes, int expected_ret) if (expected_ret == 0) { TEST_EQUAL(0, mbedtls_mpi_core_lt_ct(result, lower_bound, limbs)); - TEST_EQUAL(1, mbedtls_mpi_core_lt_ct(result, upper_bound, limbs)); + TEST_ASSERT(0 != mbedtls_mpi_core_lt_ct(result, upper_bound, limbs)); } exit: @@ -429,8 +429,7 @@ void mpi_mod_random_validation(int min, char *bound_hex, * size as the modulus, otherwise it's a mistake in the test data. */ TEST_EQUAL(result_limbs, N.limbs); /* Sanity check: check that the result is in range */ - TEST_EQUAL(mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs), - 1); + TEST_ASSERT(0 != mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs)); /* Check result >= min (changes result) */ TEST_EQUAL(mbedtls_mpi_core_sub_int(result_digits, result_digits, min, result_limbs), @@ -444,8 +443,7 @@ void mpi_mod_random_validation(int min, char *bound_hex, mbedtls_test_rnd_std_rand, NULL), expected_ret); if (expected_ret == 0) { - TEST_EQUAL(mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs), - 1); + TEST_ASSERT(0 != mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs)); TEST_EQUAL(mbedtls_mpi_core_sub_int(result_digits, result.p, min, result_limbs), 0); diff --git a/tests/suites/test_suite_constant_time.data b/tests/suites/test_suite_constant_time.data index 91a25facc..f692176cd 100644 --- a/tests/suites/test_suite_constant_time.data +++ b/tests/suites/test_suite_constant_time.data @@ -1,14 +1,14 @@ # these are the numbers we'd get with an empty plaintext and truncated HMAC Constant-flow memcpy from offset: small -ssl_cf_memcpy_offset:0:5:10 +mbedtls_ct_memcpy_offset:0:5:10 # we could get this with 255-bytes plaintext and untruncated SHA-256 Constant-flow memcpy from offset: medium -ssl_cf_memcpy_offset:0:255:32 +mbedtls_ct_memcpy_offset:0:255:32 # we could get this with 255-bytes plaintext and untruncated SHA-384 Constant-flow memcpy from offset: large -ssl_cf_memcpy_offset:100:339:48 +mbedtls_ct_memcpy_offset:100:339:48 mbedtls_ct_memcmp NULL mbedtls_ct_memcmp_null @@ -91,47 +91,492 @@ mbedtls_ct_memcmp:-1:17:2 mbedtls_ct_memcmp len 17 offset 3 mbedtls_ct_memcmp:-1:17:3 -mbedtls_ct_memcpy_if_eq len 1 offset 0 -mbedtls_ct_memcpy_if_eq:1:1:0 +mbedtls_ct_memcpy_if len 1 offset 0 +mbedtls_ct_memcpy_if:1:1:0 -mbedtls_ct_memcpy_if_eq len 1 offset 1 -mbedtls_ct_memcpy_if_eq:1:1:1 +mbedtls_ct_memcpy_if len 1 offset 1 +mbedtls_ct_memcpy_if:1:1:1 -mbedtls_ct_memcpy_if_eq len 4 offset 0 -mbedtls_ct_memcpy_if_eq:1:1:0 +mbedtls_ct_memcpy_if len 4 offset 0 +mbedtls_ct_memcpy_if:1:1:0 -mbedtls_ct_memcpy_if_eq len 4 offset 1 -mbedtls_ct_memcpy_if_eq:1:1:1 +mbedtls_ct_memcpy_if len 4 offset 1 +mbedtls_ct_memcpy_if:1:1:1 -mbedtls_ct_memcpy_if_eq len 4 offset 2 -mbedtls_ct_memcpy_if_eq:1:1:2 +mbedtls_ct_memcpy_if len 4 offset 2 +mbedtls_ct_memcpy_if:1:1:2 -mbedtls_ct_memcpy_if_eq len 4 offset 3 -mbedtls_ct_memcpy_if_eq:1:1:3 +mbedtls_ct_memcpy_if len 4 offset 3 +mbedtls_ct_memcpy_if:1:1:3 -mbedtls_ct_memcpy_if_eq len 15 offset 0 -mbedtls_ct_memcpy_if_eq:1:15:0 +mbedtls_ct_memcpy_if len 15 offset 0 +mbedtls_ct_memcpy_if:1:15:0 -mbedtls_ct_memcpy_if_eq len 15 offset 1 -mbedtls_ct_memcpy_if_eq:1:15:1 +mbedtls_ct_memcpy_if len 15 offset 1 +mbedtls_ct_memcpy_if:1:15:1 -mbedtls_ct_memcpy_if_eq len 16 offset 0 -mbedtls_ct_memcpy_if_eq:1:16:0 +mbedtls_ct_memcpy_if len 16 offset 0 +mbedtls_ct_memcpy_if:1:16:0 -mbedtls_ct_memcpy_if_eq len 16 offset 1 -mbedtls_ct_memcpy_if_eq:1:16:1 +mbedtls_ct_memcpy_if len 16 offset 1 +mbedtls_ct_memcpy_if:1:16:1 -mbedtls_ct_memcpy_if_eq len 17 offset 0 -mbedtls_ct_memcpy_if_eq:1:17:0 +mbedtls_ct_memcpy_if len 17 offset 0 +mbedtls_ct_memcpy_if:1:17:0 -mbedtls_ct_memcpy_if_eq len 17 offset 1 -mbedtls_ct_memcpy_if_eq:1:17:1 +mbedtls_ct_memcpy_if len 17 offset 1 +mbedtls_ct_memcpy_if:1:17:1 -mbedtls_ct_memcpy_if_eq len 0 not eq -mbedtls_ct_memcpy_if_eq:0:17:0 +mbedtls_ct_memcpy_if len 0 not eq +mbedtls_ct_memcpy_if:0:17:0 -mbedtls_ct_memcpy_if_eq len 5 offset 1 not eq -mbedtls_ct_memcpy_if_eq:0:5:1 +mbedtls_ct_memcpy_if len 5 offset 1 not eq +mbedtls_ct_memcpy_if:0:5:1 + +mbedtls_ct_memcpy_if len 17 offset 3 not eq +mbedtls_ct_memcpy_if:0:17:3 + +mbedtls_ct_bool 0 +mbedtls_ct_bool:"0x0" + +mbedtls_ct_bool 1 +mbedtls_ct_bool:"0x1" + +mbedtls_ct_bool 4 +mbedtls_ct_bool:"0x4" + +mbedtls_ct_bool 0xfffffff +mbedtls_ct_bool:"0xfffffff" + +mbedtls_ct_bool 0x7fffffff +mbedtls_ct_bool:"0x7fffffff" + +mbedtls_ct_bool 0xfffffffe +mbedtls_ct_bool:"0xfffffffe" + +mbedtls_ct_bool 0xffffffff +mbedtls_ct_bool:"0xffffffff" + +mbedtls_ct_bool 0x0fffffffffffffff +mbedtls_ct_bool:"0x0fffffffffffffff" + +mbedtls_ct_bool 0x7fffffffffffffff +mbedtls_ct_bool:"0x7fffffffffffffff" + +mbedtls_ct_bool 0xffffffffffffffff +mbedtls_ct_bool:"0xffffffffffffffff" + +mbedtls_ct_bool_xxx 0x0 0x0 +mbedtls_ct_bool_xxx:"0x0":"0x0" + +mbedtls_ct_bool_xxx 0x0 0x1 +mbedtls_ct_bool_xxx:"0x0":"0x1" + +mbedtls_ct_bool_xxx 0x0 0x7fffffff +mbedtls_ct_bool_xxx:"0x0":"0x7fffffff" + +mbedtls_ct_bool_xxx 0x0 0xffffffff +mbedtls_ct_bool_xxx:"0x0":"0xffffffff" + +mbedtls_ct_bool_xxx 0x0 0x7fffffffffffffff +mbedtls_ct_bool_xxx:"0x0":"0x7fffffffffffffff" + +mbedtls_ct_bool_xxx 0x0 0xffffffffffffffff +mbedtls_ct_bool_xxx:"0x0":"0xffffffffffffffff" + +mbedtls_ct_bool_xxx 0x1 0x0 +mbedtls_ct_bool_xxx:"0x1":"0x0" + +mbedtls_ct_bool_xxx 0x1 0x1 +mbedtls_ct_bool_xxx:"0x1":"0x1" + +mbedtls_ct_bool_xxx 0x1 0x7fffffff +mbedtls_ct_bool_xxx:"0x1":"0x7fffffff" + +mbedtls_ct_bool_xxx 0x1 0xffffffff +mbedtls_ct_bool_xxx:"0x1":"0xffffffff" + +mbedtls_ct_bool_xxx 0x1 0x7fffffffffffffff +mbedtls_ct_bool_xxx:"0x1":"0x7fffffffffffffff" + +mbedtls_ct_bool_xxx 0x1 0xffffffffffffffff +mbedtls_ct_bool_xxx:"0x1":"0xffffffffffffffff" + +mbedtls_ct_bool_xxx 0x7fffffff 0x0 +mbedtls_ct_bool_xxx:"0x7fffffff":"0x0" + +mbedtls_ct_bool_xxx 0x7fffffff 0x1 +mbedtls_ct_bool_xxx:"0x7fffffff":"0x1" + +mbedtls_ct_bool_xxx 0x7fffffff 0x7fffffff +mbedtls_ct_bool_xxx:"0x7fffffff":"0x7fffffff" + +mbedtls_ct_bool_xxx 0x7fffffff 0xffffffff +mbedtls_ct_bool_xxx:"0x7fffffff":"0xffffffff" + +mbedtls_ct_bool_xxx 0x7fffffff 0x7fffffffffffffff +mbedtls_ct_bool_xxx:"0x7fffffff":"0x7fffffffffffffff" + +mbedtls_ct_bool_xxx 0x7fffffff 0xffffffffffffffff +mbedtls_ct_bool_xxx:"0x7fffffff":"0xffffffffffffffff" + +mbedtls_ct_bool_xxx 0xffffffff 0x0 +mbedtls_ct_bool_xxx:"0xffffffff":"0x0" + +mbedtls_ct_bool_xxx 0xffffffff 0x1 +mbedtls_ct_bool_xxx:"0xffffffff":"0x1" + +mbedtls_ct_bool_xxx 0xffffffff 0x7fffffff +mbedtls_ct_bool_xxx:"0xffffffff":"0x7fffffff" + +mbedtls_ct_bool_xxx 0xffffffff 0xffffffff +mbedtls_ct_bool_xxx:"0xffffffff":"0xffffffff" + +mbedtls_ct_bool_xxx 0xffffffff 0x7fffffffffffffff +mbedtls_ct_bool_xxx:"0xffffffff":"0x7fffffffffffffff" + +mbedtls_ct_bool_xxx 0xffffffff 0xffffffffffffffff +mbedtls_ct_bool_xxx:"0xffffffff":"0xffffffffffffffff" + +mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x0 +mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x0" + +mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x1 +mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x1" + +mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x7fffffff +mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x7fffffff" + +mbedtls_ct_bool_xxx 0x7fffffffffffffff 0xffffffff +mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0xffffffff" + +mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x7fffffffffffffff +mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x7fffffffffffffff" + +mbedtls_ct_bool_xxx 0x7fffffffffffffff 0xffffffffffffffff +mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0xffffffffffffffff" + +mbedtls_ct_bool_xxx 0xffffffffffffffff 0x0 +mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x0" + +mbedtls_ct_bool_xxx 0xffffffffffffffff 0x1 +mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x1" + +mbedtls_ct_bool_xxx 0xffffffffffffffff 0x7fffffff +mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x7fffffff" + +mbedtls_ct_bool_xxx 0xffffffffffffffff 0xffffffff +mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0xffffffff" + +mbedtls_ct_bool_xxx 0xffffffffffffffff 0x7fffffffffffffff +mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x7fffffffffffffff" + +mbedtls_ct_bool_xxx 0xffffffffffffffff 0xffffffffffffffff +mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0xffffffffffffffff" + +mbedtls_ct_bool_xxx 138 256 +mbedtls_ct_bool_xxx:"138":"256" + +mbedtls_ct_bool_xxx 256 138 +mbedtls_ct_bool_xxx:"256":"138" + +mbedtls_ct_bool_xxx 6 6 +mbedtls_ct_bool_xxx:"0x6":"0x6" + +mbedtls_ct_uchar_in_range_if 0 0 0 0 +mbedtls_ct_uchar_in_range_if:0:0:0:0 + +mbedtls_ct_uchar_in_range_if 0 100 2 2 +mbedtls_ct_uchar_in_range_if:0:100:2:2 + +mbedtls_ct_uchar_in_range_if 0 100 2 0 +mbedtls_ct_uchar_in_range_if:0:100:2:0 + +mbedtls_ct_uchar_in_range_if 0 100 200 2 +mbedtls_ct_uchar_in_range_if:0:100:200:2 + +mbedtls_ct_uchar_in_range_if 0 255 0 2 +mbedtls_ct_uchar_in_range_if:0:255:0:2 + +mbedtls_ct_uchar_in_range_if 0 255 100 2 +mbedtls_ct_uchar_in_range_if:0:255:100:2 + +mbedtls_ct_uchar_in_range_if 0 255 255 2 +mbedtls_ct_uchar_in_range_if:0:255:255:2 + +mbedtls_ct_uchar_in_range_if 255 255 255 255 +mbedtls_ct_uchar_in_range_if:255:255:255:255 + +mbedtls_ct_if 0x0 0x0 0x0 +mbedtls_ct_if:"0x0":"0x0":"0x0" + +mbedtls_ct_if 0x0 0x0 0x1 +mbedtls_ct_if:"0x0":"0x0":"0x1" + +mbedtls_ct_if 0x0 0x0 0x7fffffff +mbedtls_ct_if:"0x0":"0x0":"0x7fffffff" + +mbedtls_ct_if 0x0 0x0 0xffffffff +mbedtls_ct_if:"0x0":"0x0":"0xffffffff" + +mbedtls_ct_if 0x0 0x0 0x7fffffffffffffff +mbedtls_ct_if:"0x0":"0x0":"0x7fffffffffffffff" + +mbedtls_ct_if 0x0 0x0 0xffffffffffffffff +mbedtls_ct_if:"0x0":"0x0":"0xffffffffffffffff" + +mbedtls_ct_if 0x0 0x1 0x0 +mbedtls_ct_if:"0x0":"0x1":"0x0" + +mbedtls_ct_if 0x0 0x1 0x1 +mbedtls_ct_if:"0x0":"0x1":"0x1" + +mbedtls_ct_if 0x0 0x1 0x7fffffff +mbedtls_ct_if:"0x0":"0x1":"0x7fffffff" + +mbedtls_ct_if 0x0 0x1 0xffffffff +mbedtls_ct_if:"0x0":"0x1":"0xffffffff" + +mbedtls_ct_if 0x0 0x1 0x7fffffffffffffff +mbedtls_ct_if:"0x0":"0x1":"0x7fffffffffffffff" + +mbedtls_ct_if 0x0 0x1 0xffffffffffffffff +mbedtls_ct_if:"0x0":"0x1":"0xffffffffffffffff" + +mbedtls_ct_if 0x0 0x7fffffff 0x0 +mbedtls_ct_if:"0x0":"0x7fffffff":"0x0" + +mbedtls_ct_if 0x0 0x7fffffff 0x1 +mbedtls_ct_if:"0x0":"0x7fffffff":"0x1" + +mbedtls_ct_if 0x0 0x7fffffff 0x7fffffff +mbedtls_ct_if:"0x0":"0x7fffffff":"0x7fffffff" + +mbedtls_ct_if 0x0 0x7fffffff 0xffffffff +mbedtls_ct_if:"0x0":"0x7fffffff":"0xffffffff" + +mbedtls_ct_if 0x0 0x7fffffff 0x7fffffffffffffff +mbedtls_ct_if:"0x0":"0x7fffffff":"0x7fffffffffffffff" + +mbedtls_ct_if 0x0 0x7fffffff 0xffffffffffffffff +mbedtls_ct_if:"0x0":"0x7fffffff":"0xffffffffffffffff" + +mbedtls_ct_if 0x0 0xffffffff 0x0 +mbedtls_ct_if:"0x0":"0xffffffff":"0x0" + +mbedtls_ct_if 0x0 0xffffffff 0x1 +mbedtls_ct_if:"0x0":"0xffffffff":"0x1" + +mbedtls_ct_if 0x0 0xffffffff 0x7fffffff +mbedtls_ct_if:"0x0":"0xffffffff":"0x7fffffff" + +mbedtls_ct_if 0x0 0xffffffff 0xffffffff +mbedtls_ct_if:"0x0":"0xffffffff":"0xffffffff" + +mbedtls_ct_if 0x0 0xffffffff 0x7fffffffffffffff +mbedtls_ct_if:"0x0":"0xffffffff":"0x7fffffffffffffff" + +mbedtls_ct_if 0x0 0xffffffff 0xffffffffffffffff +mbedtls_ct_if:"0x0":"0xffffffff":"0xffffffffffffffff" + +mbedtls_ct_if 0x0 0x7fffffffffffffff 0x0 +mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x0" + +mbedtls_ct_if 0x0 0x7fffffffffffffff 0x1 +mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x1" + +mbedtls_ct_if 0x0 0x7fffffffffffffff 0x7fffffff +mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x7fffffff" + +mbedtls_ct_if 0x0 0x7fffffffffffffff 0xffffffff +mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0xffffffff" + +mbedtls_ct_if 0x0 0x7fffffffffffffff 0x7fffffffffffffff +mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x7fffffffffffffff" + +mbedtls_ct_if 0x0 0x7fffffffffffffff 0xffffffffffffffff +mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0xffffffffffffffff" + +mbedtls_ct_if 0x0 0xffffffffffffffff 0x0 +mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x0" + +mbedtls_ct_if 0x0 0xffffffffffffffff 0x1 +mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x1" + +mbedtls_ct_if 0x0 0xffffffffffffffff 0x7fffffff +mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x7fffffff" + +mbedtls_ct_if 0x0 0xffffffffffffffff 0xffffffff +mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0xffffffff" + +mbedtls_ct_if 0x0 0xffffffffffffffff 0x7fffffffffffffff +mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x7fffffffffffffff" + +mbedtls_ct_if 0x0 0xffffffffffffffff 0xffffffffffffffff +mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0xffffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x0 0x0 +mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x0" + +mbedtls_ct_if 0xffffffffffffffff 0x0 0x1 +mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x1" + +mbedtls_ct_if 0xffffffffffffffff 0x0 0x7fffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x7fffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x0 0xffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0xffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x0 0x7fffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x7fffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x0 0xffffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0xffffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x1 0x0 +mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x0" + +mbedtls_ct_if 0xffffffffffffffff 0x1 0x1 +mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x1" + +mbedtls_ct_if 0xffffffffffffffff 0x1 0x7fffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x7fffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x1 0xffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0xffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x1 0x7fffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x7fffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x1 0xffffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0xffffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x0 +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x0" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x1 +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x1" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x7fffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x7fffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0xffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0xffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x7fffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x7fffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0xffffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0xffffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x0 +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x0" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x1 +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x1" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x7fffffff +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x7fffffff" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0xffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0xffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x7fffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x7fffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0xffffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0xffffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x0 +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x0" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x1 +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x1" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x7fffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x7fffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0xffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0xffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x7fffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x7fffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0xffffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0xffffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x0 +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x0" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x1 +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x1" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x7fffffff +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x7fffffff" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0xffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0xffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x7fffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x7fffffffffffffff" + +mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0xffffffffffffffff +mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0xffffffffffffffff" + +mbedtls_ct_zeroize_if 0x0 0 +mbedtls_ct_zeroize_if:"0x0":0 + +mbedtls_ct_zeroize_if 0x0 1 +mbedtls_ct_zeroize_if:"0x0":1 + +mbedtls_ct_zeroize_if 0x0 1024 +mbedtls_ct_zeroize_if:"0x0":1024 + +mbedtls_ct_zeroize_if 0xffffffffffffffff 0 +mbedtls_ct_zeroize_if:"0xffffffffffffffff":0 + +mbedtls_ct_zeroize_if 0xffffffffffffffff 1 +mbedtls_ct_zeroize_if:"0xffffffffffffffff":1 + +mbedtls_ct_zeroize_if 0xffffffffffffffff 4 +mbedtls_ct_zeroize_if:"0xffffffffffffffff":4 + +mbedtls_ct_zeroize_if 0xffffffffffffffff 5 +mbedtls_ct_zeroize_if:"0xffffffffffffffff":5 + +mbedtls_ct_zeroize_if 0xffffffffffffffff 7 +mbedtls_ct_zeroize_if:"0xffffffffffffffff":7 + +mbedtls_ct_zeroize_if 0xffffffffffffffff 8 +mbedtls_ct_zeroize_if:"0xffffffffffffffff":8 + +mbedtls_ct_zeroize_if 0xffffffffffffffff 9 +mbedtls_ct_zeroize_if:"0xffffffffffffffff":9 + +mbedtls_ct_zeroize_if 0xffffffffffffffff 1024 +mbedtls_ct_zeroize_if:"0xffffffffffffffff":1024 + +mbedtls_ct_memmove_left 0 0 +mbedtls_ct_memmove_left:0:0 + +mbedtls_ct_memmove_left 1 0 +mbedtls_ct_memmove_left:1:0 + +mbedtls_ct_memmove_left 1 1 +mbedtls_ct_memmove_left:1:1 + +mbedtls_ct_memmove_left 16 0 +mbedtls_ct_memmove_left:16:0 + +mbedtls_ct_memmove_left 16 1 +mbedtls_ct_memmove_left:16:1 + +mbedtls_ct_memmove_left 16 4 +mbedtls_ct_memmove_left:16:4 + +mbedtls_ct_memmove_left 16 15 +mbedtls_ct_memmove_left:16:15 + +mbedtls_ct_memmove_left 16 16 +mbedtls_ct_memmove_left:16:16 -mbedtls_ct_memcpy_if_eq len 17 offset 3 not eq -mbedtls_ct_memcpy_if_eq:0:17:3 diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index a2bf3967f..c9bdf7e34 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -8,9 +8,15 @@ * under MSan or Valgrind will detect a non-constant-time implementation. */ +#include + +#include +#include +#include + +#include #include #include -#include #include /* END_HEADER */ @@ -25,6 +31,143 @@ void mbedtls_ct_memcmp_null() } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_ct_bool(char *input) +{ + mbedtls_ct_uint_t v = (mbedtls_ct_uint_t) strtoull(input, NULL, 16); + TEST_ASSERT(errno == 0); + + mbedtls_ct_condition_t expected = (v != 0) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + TEST_CF_SECRET(&v, sizeof(v)); + TEST_EQUAL(mbedtls_ct_bool(v), expected); + TEST_CF_PUBLIC(&v, sizeof(v)); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_ct_bool_xxx(char *x_str, char *y_str) +{ + mbedtls_ct_uint_t x = strtoull(x_str, NULL, 0); + mbedtls_ct_uint_t y = strtoull(y_str, NULL, 0); + + mbedtls_ct_uint_t x1 = x; + mbedtls_ct_uint_t y1 = y; + + TEST_CF_SECRET(&x, sizeof(x)); + TEST_CF_SECRET(&y, sizeof(y)); + + mbedtls_ct_condition_t expected = x1 ? MBEDTLS_CT_FALSE : MBEDTLS_CT_TRUE; + TEST_EQUAL(mbedtls_ct_bool_not(mbedtls_ct_bool(x)), expected); + + expected = x1 != y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + TEST_EQUAL(mbedtls_ct_bool_ne(x, y), expected); + + expected = x1 == y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + TEST_EQUAL(mbedtls_ct_bool_eq(x, y), expected); + + expected = x1 > y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + TEST_EQUAL(mbedtls_ct_bool_gt(x, y), expected); + + expected = x1 < y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + TEST_EQUAL(mbedtls_ct_bool_lt(x, y), expected); + + expected = x1 >= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + TEST_EQUAL(mbedtls_ct_bool_ge(x, y), expected); + + expected = x1 <= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + TEST_EQUAL(mbedtls_ct_bool_le(x, y), expected); + + expected = mbedtls_ct_bool(x) ^ mbedtls_ct_bool(y) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + TEST_EQUAL(mbedtls_ct_bool_xor(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); + + expected = mbedtls_ct_bool(x) & mbedtls_ct_bool(y) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + TEST_EQUAL(mbedtls_ct_bool_and(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); + + expected = mbedtls_ct_bool(x) | mbedtls_ct_bool(y) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + TEST_EQUAL(mbedtls_ct_bool_or(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); + + TEST_CF_PUBLIC(&x, sizeof(x)); + TEST_CF_PUBLIC(&y, sizeof(y)); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_BASE64_C */ +void mbedtls_ct_uchar_in_range_if(int li, int hi, int xi, int ti) +{ + unsigned char l = li, h = hi, x = xi, t = ti; + unsigned char expected = (x >= l) && (x <= h) ? t : 0; + + TEST_CF_SECRET(&x, sizeof(x)); + TEST_CF_SECRET(&l, sizeof(l)); + TEST_CF_SECRET(&h, sizeof(h)); + TEST_CF_SECRET(&t, sizeof(t)); + + TEST_EQUAL(mbedtls_ct_uchar_in_range_if(l, h, x, t), expected); + + TEST_CF_PUBLIC(&x, sizeof(x)); + TEST_CF_PUBLIC(&l, sizeof(l)); + TEST_CF_PUBLIC(&h, sizeof(h)); + TEST_CF_PUBLIC(&t, sizeof(t)); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_ct_if(char *c_str, char *t_str, char *f_str) +{ + mbedtls_ct_condition_t c = mbedtls_ct_bool(strtoull(c_str, NULL, 16)); + mbedtls_ct_uint_t t = (mbedtls_ct_uint_t) strtoull(t_str, NULL, 16); + mbedtls_ct_uint_t f = (mbedtls_ct_uint_t) strtoull(f_str, NULL, 16); + + mbedtls_ct_uint_t expected = c ? t : f; + mbedtls_ct_uint_t expected0 = c ? t : 0; + + TEST_CF_SECRET(&c, sizeof(c)); + TEST_CF_SECRET(&t, sizeof(t)); + TEST_CF_SECRET(&f, sizeof(f)); + + TEST_EQUAL(mbedtls_ct_if(c, t, f), expected); + TEST_EQUAL(mbedtls_ct_size_if(c, t, f), (size_t) expected); + TEST_EQUAL(mbedtls_ct_uint_if(c, t, f), (unsigned) expected); +#if defined(MBEDTLS_BIGNUM_C) + TEST_EQUAL(mbedtls_ct_mpi_uint_if(c, t, f), (mbedtls_mpi_uint) expected); +#endif + + TEST_EQUAL(mbedtls_ct_uint_if0(c, t), (unsigned) expected0); +#if defined(MBEDTLS_BIGNUM_C) + TEST_EQUAL(mbedtls_ct_mpi_uint_if0(c, t), (mbedtls_mpi_uint) expected0); +#endif + + TEST_CF_PUBLIC(&c, sizeof(c)); + TEST_CF_PUBLIC(&t, sizeof(t)); + TEST_CF_PUBLIC(&f, sizeof(f)); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:!MBEDTLS_RSA_ALT */ +void mbedtls_ct_zeroize_if(char *c_str, int len) +{ + uint8_t *buf = NULL; + mbedtls_ct_condition_t c = mbedtls_ct_bool(strtoull(c_str, NULL, 16)); + + ASSERT_ALLOC(buf, len); + for (size_t i = 0; i < (size_t) len; i++) { + buf[i] = 1; + } + + TEST_CF_SECRET(&c, sizeof(c)); + TEST_CF_SECRET(buf, len); + mbedtls_ct_zeroize_if(c, buf, len); + TEST_CF_PUBLIC(&c, sizeof(c)); + TEST_CF_PUBLIC(buf, len); + + for (size_t i = 0; i < (size_t) len; i++) { + TEST_EQUAL(buf[i], c != 0 ? 0 : 1); + } +exit: + mbedtls_free(buf); +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_ct_memcmp(int same, int size, int offset) { @@ -32,9 +175,6 @@ void mbedtls_ct_memcmp(int same, int size, int offset) ASSERT_ALLOC(a, size + offset); ASSERT_ALLOC(b, size + offset); - TEST_CF_SECRET(a + offset, size); - TEST_CF_SECRET(b + offset, size); - /* Construct data that matches, if same == -1, otherwise * same gives the number of bytes (after the initial offset) * that will match; after that it will differ. @@ -49,9 +189,15 @@ void mbedtls_ct_memcmp(int same, int size, int offset) } int reference = memcmp(a + offset, b + offset, size); + + TEST_CF_SECRET(a, size + offset); + TEST_CF_SECRET(b, size + offset); + int actual = mbedtls_ct_memcmp(a + offset, b + offset, size); - TEST_CF_PUBLIC(a + offset, size); - TEST_CF_PUBLIC(b + offset, size); + + TEST_CF_PUBLIC(a, size + offset); + TEST_CF_PUBLIC(b, size + offset); + TEST_CF_PUBLIC(&actual, sizeof(actual)); if (same == -1 || same >= size) { TEST_ASSERT(reference == 0); @@ -66,30 +212,31 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC */ -void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset) +/* BEGIN_CASE */ +void mbedtls_ct_memcpy_if(int eq, int size, int offset) { - uint8_t *src = NULL, *result = NULL, *expected = NULL; + uint8_t *src = NULL, *src2 = NULL, *result = NULL, *expected = NULL; ASSERT_ALLOC(src, size + offset); + ASSERT_ALLOC(src2, size + offset); ASSERT_ALLOC(result, size + offset); ASSERT_ALLOC(expected, size + offset); for (int i = 0; i < size + offset; i++) { - src[i] = 1; - result[i] = 0xff; + src[i] = 1; + result[i] = 0xff; expected[i] = eq ? 1 : 0xff; } - int one, secret_eq; - TEST_CF_SECRET(&one, sizeof(one)); - TEST_CF_SECRET(&secret_eq, sizeof(secret_eq)); - one = 1; - secret_eq = eq; + int secret_eq = eq; + TEST_CF_SECRET(&secret_eq, sizeof(secret_eq)); + TEST_CF_SECRET(src, size + offset); + TEST_CF_SECRET(result, size + offset); - mbedtls_ct_memcpy_if_eq(result + offset, src, size, secret_eq, one); + mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), result + offset, src, NULL, size); - TEST_CF_PUBLIC(&one, sizeof(one)); TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq)); + TEST_CF_PUBLIC(src, size + offset); + TEST_CF_PUBLIC(result, size + offset); ASSERT_COMPARE(expected, size, result + offset, size); @@ -99,26 +246,80 @@ void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset) expected[i] = eq ? 1 : 0xff; } - TEST_CF_SECRET(&one, sizeof(one)); - TEST_CF_SECRET(&secret_eq, sizeof(secret_eq)); - one = 1; - secret_eq = eq; + TEST_CF_SECRET(&secret_eq, sizeof(secret_eq)); + TEST_CF_SECRET(src, size + offset); + TEST_CF_SECRET(result, size + offset); - mbedtls_ct_memcpy_if_eq(result, src + offset, size, secret_eq, one); + mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), result, src + offset, NULL, size); - TEST_CF_PUBLIC(&one, sizeof(one)); TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq)); + TEST_CF_PUBLIC(src, size + offset); + TEST_CF_PUBLIC(result, size + offset); + + ASSERT_COMPARE(expected, size, result, size); + + for (int i = 0; i < size + offset; i++) { + src[i] = 1; + src2[i] = 2; + result[i] = 0xff; + expected[i] = eq ? 1 : 2; + } + + TEST_CF_SECRET(&secret_eq, sizeof(secret_eq)); + TEST_CF_SECRET(src, size + offset); + TEST_CF_SECRET(src2, size + offset); + TEST_CF_SECRET(result, size + offset); + + mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), result, src + offset, src2 + offset, size); + + TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq)); + TEST_CF_PUBLIC(src, size + offset); + TEST_CF_SECRET(src2, size + offset); + TEST_CF_PUBLIC(result, size + offset); ASSERT_COMPARE(expected, size, result, size); exit: mbedtls_free(src); + mbedtls_free(src2); mbedtls_free(result); mbedtls_free(expected); } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */ -void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len) +/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:!MBEDTLS_RSA_ALT */ +void mbedtls_ct_memmove_left(int len, int offset) +{ + size_t l = (size_t) len; + size_t o = (size_t) offset; + + uint8_t *buf = NULL, *buf_expected = NULL; + ASSERT_ALLOC(buf, l); + ASSERT_ALLOC(buf_expected, l); + + for (size_t i = 0; i < l; i++) { + buf[i] = (uint8_t) i; + buf_expected[i] = buf[i]; + } + + TEST_CF_SECRET(&o, sizeof(o)); + TEST_CF_SECRET(buf, l); + mbedtls_ct_memmove_left(buf, l, o); + TEST_CF_PUBLIC(&o, sizeof(o)); + TEST_CF_PUBLIC(buf, l); + + if (l > 0) { + memmove(buf_expected, buf_expected + o, l - o); + memset(buf_expected + (l - o), 0, o); + TEST_ASSERT(memcmp(buf, buf_expected, l) == 0); + } +exit: + mbedtls_free(buf); + mbedtls_free(buf_expected); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +void mbedtls_ct_memcpy_offset(int offset_min, int offset_max, int len) { unsigned char *dst = NULL; unsigned char *src = NULL; @@ -135,9 +336,12 @@ void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len) mbedtls_test_set_step((int) secret); TEST_CF_SECRET(&secret, sizeof(secret)); + TEST_CF_SECRET(src, len); + TEST_CF_SECRET(dst, len); mbedtls_ct_memcpy_offset(dst, src, secret, offset_min, offset_max, len); TEST_CF_PUBLIC(&secret, sizeof(secret)); + TEST_CF_PUBLIC(src, len); TEST_CF_PUBLIC(dst, len); ASSERT_COMPARE(dst, len, src + secret, len); diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 985d482eb..407d69338 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -8,7 +8,7 @@ #include /* END_HEADER */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */ void ssl_cf_hmac(int hash) { /* From 40a41d046183b2e8361f147d4963e5468a38d791 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 11:59:56 +0100 Subject: [PATCH 013/339] Introduce new CT interface (retain old interface) Signed-off-by: Dave Rodgman --- library/constant_time.c | 30 +- library/constant_time_impl.h | 276 ++++++++++++++++++ library/constant_time_internal.h | 475 +++++++++++++++++++++++++++++-- library/constant_time_invasive.h | 51 ---- 4 files changed, 734 insertions(+), 98 deletions(-) create mode 100644 library/constant_time_impl.h delete mode 100644 library/constant_time_invasive.h diff --git a/library/constant_time.c b/library/constant_time.c index 135a6ece3..cc12c9c7c 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -22,17 +22,14 @@ * might be translated to branches by some compilers on some platforms. */ +#include + #include "common.h" #include "constant_time_internal.h" #include "mbedtls/constant_time.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" -#if defined(MBEDTLS_BIGNUM_C) -#include "mbedtls/bignum.h" -#include "bignum_core.h" -#endif - #if defined(MBEDTLS_SSL_TLS_C) #include "ssl_misc.h" #endif @@ -41,10 +38,6 @@ #include "mbedtls/rsa.h" #endif -#if defined(MBEDTLS_BASE64_C) -#include "constant_time_invasive.h" -#endif - #include #if defined(MBEDTLS_USE_PSA_CRYPTO) #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ @@ -62,13 +55,11 @@ * Some of these definitions could be moved into alignment.h but for now they are * only used here. */ -#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && defined(MBEDTLS_HAVE_ASM) -#if defined(__arm__) || defined(__thumb__) || defined(__thumb2__) || defined(__aarch64__) -#define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS -#endif -#endif +#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && \ + (defined(MBEDTLS_CT_ARM_ASM) || defined(MBEDTLS_CT_AARCH64_ASM)) + +#define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS -#if defined(MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS) static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsigned char *p) { /* This is UB, even where it's safe: @@ -76,14 +67,17 @@ static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsi * so instead the same thing is expressed in assembly below. */ uint32_t r; -#if defined(__arm__) || defined(__thumb__) || defined(__thumb2__) +#if defined(MBEDTLS_CT_ARM_ASM) asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :); -#elif defined(__aarch64__) +#elif defined(MBEDTLS_CT_AARCH64_ASM) asm volatile ("ldr %w0, [%1]" : "=r" (r) : "r" (p) :); +#else +#error No assembly defined for mbedtls_get_unaligned_volatile_uint32 #endif return r; } -#endif /* MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS */ +#endif /* defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && + (defined(MBEDTLS_CT_ARM_ASM) || defined(MBEDTLS_CT_AARCH64_ASM)) */ int mbedtls_ct_memcmp(const void *a, const void *b, diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h new file mode 100644 index 000000000..218a4a614 --- /dev/null +++ b/library/constant_time_impl.h @@ -0,0 +1,276 @@ +/** + * Constant-time functions + * + * For readability, the static inline definitions are here, and + * constant_time_internal.h has only the declarations. + * + * This results in duplicate declarations of the form: + * static inline void f() { ... } + * static inline void f(); + * when constant_time_internal.h is included. This appears to behave + * exactly as if the declaration-without-definition was not present. + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONSTANT_TIME_IMPL_H +#define MBEDTLS_CONSTANT_TIME_IMPL_H + +#include + +#include "common.h" + +#if defined(MBEDTLS_BIGNUM_C) +#include "mbedtls/bignum.h" +#endif + + +/* Disable asm under Memsan because it confuses Memsan and generates false errors */ +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) +#define MBEDTLS_CT_NO_ASM +#elif defined(__has_feature) +#if __has_feature(memory_sanitizer) +#define MBEDTLS_CT_NO_ASM +#endif +#endif + +/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ +#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \ + __ARMCC_VERSION >= 6000000) && !defined(MBEDTLS_CT_NO_ASM) +#define MBEDTLS_CT_ASM +#if (defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) +#define MBEDTLS_CT_ARM_ASM +#elif defined(__aarch64__) +#define MBEDTLS_CT_AARCH64_ASM +#endif +#endif + +#define MBEDTLS_CT_SIZE (sizeof(mbedtls_ct_uint_t) * 8) + + +/* ============================================================================ + * Core const-time primitives + */ + +/** Ensure that the compiler cannot know the value of x (i.e., cannot optimise + * based on its value) after this function is called. + * + * If we are not using assembly, this will be fairly inefficient, so its use + * should be minimised. + */ +static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) +{ +#if defined(MBEDTLS_CT_ASM) + asm volatile ("" : [x] "+r" (x) :); + return x; +#else + volatile mbedtls_ct_uint_t result = x; + return result; +#endif +} + +/* Convert a number into a condition in constant time. */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x) +{ + /* + * Define mask-generation code that, as far as possible, will not use branches or conditional instructions. + * + * For some platforms / type sizes, we define assembly to assure this. + * + * Otherwise, we define a plain C fallback which (in May 2023) does not get optimised into + * conditional instructions or branches by trunk clang, gcc, or MSVC v19. + */ + const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x); +#if defined(_MSC_VER) + /* MSVC has a warning about unary minus on unsigned, but this is + * well-defined and precisely what we want to do here */ +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + return (mbedtls_ct_condition_t) (((mbedtls_ct_int_t) ((-xo) | -(xo >> 1))) >> + (MBEDTLS_CT_SIZE - 1)); +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif +} + +static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition, + mbedtls_ct_uint_t if1, + mbedtls_ct_uint_t if0) +{ + mbedtls_ct_condition_t not_mask = + (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition)); + mbedtls_ct_condition_t mask = + (mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(condition); + return (mbedtls_ct_uint_t) ((mask & if1) | (not_mask & if0)); +} + +static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) +{ + /* Ensure that the compiler cannot optimise the following operations over x and y, + * even if it knows the value of x and y. + */ + const mbedtls_ct_uint_t yo = mbedtls_ct_compiler_opaque(y); + /* + * Check if the most significant bits (MSB) of the operands are different. + * cond is true iff the MSBs differ. + */ + mbedtls_ct_condition_t cond = mbedtls_ct_bool((x ^ yo) >> (MBEDTLS_CT_SIZE - 1)); + + /* + * If the MSB are the same then the difference x-y will be negative (and + * have its MSB set to 1 during conversion to unsigned) if and only if x> (MBEDTLS_CT_SIZE - 1); + + // Convert to a condition (i.e., all bits set iff non-zero) + return mbedtls_ct_bool(ret); +} + +static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) +{ + /* diff = 0 if x == y, non-zero otherwise */ + const mbedtls_ct_uint_t diff = mbedtls_ct_compiler_opaque(x) ^ y; + + /* all ones if x != y, 0 otherwise */ + return mbedtls_ct_bool(diff); +} + +static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low, + unsigned char high, + unsigned char c, + unsigned char t) +{ + const unsigned char co = (const unsigned char) mbedtls_ct_compiler_opaque(c); + const unsigned char to = (const unsigned char) mbedtls_ct_compiler_opaque(t); + + /* low_mask is: 0 if low <= c, 0x...ff if low > c */ + unsigned low_mask = ((unsigned) co - low) >> 8; + /* high_mask is: 0 if c <= high, 0x...ff if c > high */ + unsigned high_mask = ((unsigned) high - co) >> 8; + + return (unsigned char) (~(low_mask | high_mask)) & to; +} + + +/* ============================================================================ + * Everything below here is trivial wrapper functions + */ + +static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x, + mbedtls_ct_uint_t y) +{ + return ~mbedtls_ct_bool_ne(x, y); +} + +static inline size_t mbedtls_ct_size_if(mbedtls_ct_condition_t condition, + size_t if1, + size_t if0) +{ + return (size_t) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, (mbedtls_ct_uint_t) if0); +} + +static inline unsigned mbedtls_ct_uint_if_new(mbedtls_ct_condition_t condition, + unsigned if1, + unsigned if0) +{ + return (unsigned) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, (mbedtls_ct_uint_t) if0); +} + +#if defined(MBEDTLS_BIGNUM_C) + +static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition, \ + mbedtls_mpi_uint if1, \ + mbedtls_mpi_uint if0) +{ + return (mbedtls_mpi_uint) mbedtls_ct_if(condition, + (mbedtls_ct_uint_t) if1, + (mbedtls_ct_uint_t) if0); +} + +#endif + +static inline size_t mbedtls_ct_size_if0(mbedtls_ct_condition_t condition, size_t if1) +{ + return (size_t) (mbedtls_ct_compiler_opaque(condition) & if1); +} + +static inline unsigned mbedtls_ct_uint_if0(mbedtls_ct_condition_t condition, unsigned if1) +{ + return (unsigned) (mbedtls_ct_compiler_opaque(condition) & if1); +} + +#if defined(MBEDTLS_BIGNUM_C) + +static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if0(mbedtls_ct_condition_t condition, + mbedtls_mpi_uint if1) +{ + return (mbedtls_mpi_uint) (mbedtls_ct_compiler_opaque(condition) & if1); +} + +#endif /* MBEDTLS_BIGNUM_C */ + +static inline mbedtls_ct_condition_t mbedtls_ct_bool_gt(mbedtls_ct_uint_t x, + mbedtls_ct_uint_t y) +{ + return mbedtls_ct_bool_lt(y, x); +} + +static inline mbedtls_ct_condition_t mbedtls_ct_bool_ge(mbedtls_ct_uint_t x, + mbedtls_ct_uint_t y) +{ + return ~mbedtls_ct_bool_lt(x, y); +} + +static inline mbedtls_ct_condition_t mbedtls_ct_bool_le(mbedtls_ct_uint_t x, + mbedtls_ct_uint_t y) +{ + return ~mbedtls_ct_bool_gt(x, y); +} + +static inline mbedtls_ct_condition_t mbedtls_ct_bool_xor(mbedtls_ct_condition_t x, + mbedtls_ct_condition_t y) +{ + return (mbedtls_ct_condition_t) (mbedtls_ct_compiler_opaque(x) ^ mbedtls_ct_compiler_opaque(y)); +} + +static inline mbedtls_ct_condition_t mbedtls_ct_bool_and(mbedtls_ct_condition_t x, + mbedtls_ct_condition_t y) +{ + return (mbedtls_ct_condition_t) (mbedtls_ct_compiler_opaque(x) & mbedtls_ct_compiler_opaque(y)); +} + +static inline mbedtls_ct_condition_t mbedtls_ct_bool_or(mbedtls_ct_condition_t x, + mbedtls_ct_condition_t y) +{ + return (mbedtls_ct_condition_t) (mbedtls_ct_compiler_opaque(x) | mbedtls_ct_compiler_opaque(y)); +} + +static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t x) +{ + return (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(x)); +} + +#endif /* MBEDTLS_CONSTANT_TIME_IMPL_H */ diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index e085478d6..d1e3755d2 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -20,6 +20,9 @@ #ifndef MBEDTLS_CONSTANT_TIME_INTERNAL_H #define MBEDTLS_CONSTANT_TIME_INTERNAL_H +#include +#include + #include "common.h" #if defined(MBEDTLS_BIGNUM_C) @@ -30,8 +33,6 @@ #include "ssl_misc.h" #endif -#include - /** Turn a value into a mask: * - if \p value == 0, return the all-bits 0 mask, aka 0 @@ -220,33 +221,6 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ -#if defined(MBEDTLS_BASE64_C) - -/** Constant-flow char selection - * - * \param low Bottom of range - * \param high Top of range - * \param c Value to compare to range - * \param t Value to return, if in range - * - * \return \p t if \p low <= \p c <= \p high, 0 otherwise. - */ -static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low, - unsigned char high, - unsigned char c, - unsigned char t) -{ - /* low_mask is: 0 if low <= c, 0x...ff if low > c */ - unsigned low_mask = ((unsigned) c - low) >> 8; - /* high_mask is: 0 if c <= high, 0x...ff if c > high */ - unsigned high_mask = ((unsigned) high - c) >> 8; - return (unsigned char) - mbedtls_ct_uint_if(~mbedtls_ct_mpi_uint_mask(low_mask | high_mask), t, 0); -} - -#endif /* MBEDTLS_BASE64_C */ - - #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) /** Constant-flow "greater than" comparison: @@ -284,4 +258,447 @@ void mbedtls_ct_mem_move_to_left(void *start, #endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */ + + +/* The constant-time interface provides various operations that are likely + * to result in constant-time code that does not branch or use conditional + * instructions for secret data (for secret pointers, this also applies to + * the data pointed to). + * + * It has three main parts: + * + * - boolean operations (and a few non-boolean operations) + * These are all named mbedtls_ct_bool_, and operate over + * mbedtls_ct_condition_t. + * All arguments to these operations are considered secret. + * example: bool x = y | z => x = mbedtls_ct_bool_or(y, z) + * + * - conditional data selection + * These are all named mbedtls_ct__if and mbedtls_ct__if0 + * All arguments are considered secret. + * example: size_t a = x ? b : c => a = mbedtls_ct_size_if(x, b, c) + * example: unsigned a = x ? b : 0 => a = mbedtls_ct_uint_if0(x, b) + * + * - block memory operations + * Only some arguments are considered secret, as documented for each + * function. + * example: if (x) memcpy(...) => mbedtls_ct_memcpy_if(x, ...) + * + * mbedtls_ct_condition_t should be treated as opaque and only manipulated + * via the functions in this header. + * + * mbedtls_ct_uint_t is an unsigned integer type over which constant time + * operations may be performed via the functions in this header. It is as big + * as the larger of size_t and mbedtls_mpi_uint, i.e. it is safe to cast + * to/from "unsigned int", "size_t", and "mbedtls_mpi_uint" (and any other + * not-larger integer types). + * + * For Arm (32-bit, 64-bit and Thumb), assembly implementations are used + * to ensure that the generated code is constant time. For other architectures, + * a plain C fallback designed to yield constant-time code (this has been + * observed to be constant-time on latest gcc, clang and MSVC as of May 2023). + */ + +#if (SIZE_MAX > 0xffffffffffffffffULL) +/* Pointer size > 64-bit */ +typedef size_t mbedtls_ct_condition_t; +typedef size_t mbedtls_ct_uint_t; +typedef ptrdiff_t mbedtls_ct_int_t; +#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) SIZE_MAX) +#elif (SIZE_MAX > 0xffffffff) || defined(MBEDTLS_HAVE_INT64) +/* 32-bit < pointer size < 64-bit, or 64-bit MPI */ +typedef uint64_t mbedtls_ct_condition_t; +typedef uint64_t mbedtls_ct_uint_t; +typedef int64_t mbedtls_ct_int_t; +#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) UINT64_MAX) +#else +/* Pointer size < 32-bit, and no 64-bit MPIs */ +typedef uint32_t mbedtls_ct_condition_t; +typedef uint32_t mbedtls_ct_uint_t; +typedef int32_t mbedtls_ct_int_t; +#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) UINT32_MAX) +#endif +#define MBEDTLS_CT_FALSE ((mbedtls_ct_condition_t) 0) + +/* constant_time_impl.h contains all the static inline implementations, + * so that constant_time_internal.h is more readable. + */ +#include "constant_time_impl.h" + + +/* ============================================================================ + * Boolean operations + */ + +/** Convert a number into a mbedtls_ct_condition_t. + * + * \param x Number to convert. + * + * \return MBEDTLS_CT_TRUE if \p x != 0, or MBEDTLS_CT_FALSE if \p x == 0 + * + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x); + +/** Boolean "not equal" operation. + * + * Functionally equivalent to: + * + * \p x != \p y + * + * \param x The first value to analyze. + * \param y The second value to analyze. + * + * \return MBEDTLS_CT_TRUE if \p x != \p y, otherwise MBEDTLS_CT_FALSE. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y); + +/** Boolean "equals" operation. + * + * Functionally equivalent to: + * + * \p x == \p y + * + * \param x The first value to analyze. + * \param y The second value to analyze. + * + * \return MBEDTLS_CT_TRUE if \p x == \p y, otherwise MBEDTLS_CT_FALSE. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x, + mbedtls_ct_uint_t y); + +/** Boolean "less than" operation. + * + * Functionally equivalent to: + * + * \p x < \p y + * + * \param x The first value to analyze. + * \param y The second value to analyze. + * + * \return MBEDTLS_CT_TRUE if \p x < \p y, otherwise MBEDTLS_CT_FALSE. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y); + +/** Boolean "greater than" operation. + * + * Functionally equivalent to: + * + * \p x > \p y + * + * \param x The first value to analyze. + * \param y The second value to analyze. + * + * \return MBEDTLS_CT_TRUE if \p x > \p y, otherwise MBEDTLS_CT_FALSE. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_gt(mbedtls_ct_uint_t x, + mbedtls_ct_uint_t y); + +/** Boolean "greater or equal" operation. + * + * Functionally equivalent to: + * + * \p x >= \p y + * + * \param x The first value to analyze. + * \param y The second value to analyze. + * + * \return MBEDTLS_CT_TRUE if \p x >= \p y, + * otherwise MBEDTLS_CT_FALSE. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_ge(mbedtls_ct_uint_t x, + mbedtls_ct_uint_t y); + +/** Boolean "less than or equal" operation. + * + * Functionally equivalent to: + * + * \p x <= \p y + * + * \param x The first value to analyze. + * \param y The second value to analyze. + * + * \return MBEDTLS_CT_TRUE if \p x <= \p y, + * otherwise MBEDTLS_CT_FALSE. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_le(mbedtls_ct_uint_t x, + mbedtls_ct_uint_t y); + +/** Boolean "xor" operation. + * + * Functionally equivalent to: + * + * \p x ^ \p y + * + * \param x The first value to analyze. + * \param y The second value to analyze. + * + * \note This is more efficient than mbedtls_ct_bool_ne if both arguments are + * mbedtls_ct_condition_t. + * + * \return MBEDTLS_CT_TRUE if \p x ^ \p y, + * otherwise MBEDTLS_CT_FALSE. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_xor(mbedtls_ct_condition_t x, + mbedtls_ct_condition_t y); + +/** Boolean "and" operation. + * + * Functionally equivalent to: + * + * \p x && \p y + * + * \param x The first value to analyze. + * \param y The second value to analyze. + * + * \return MBEDTLS_CT_TRUE if \p x && \p y, + * otherwise MBEDTLS_CT_FALSE. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_and(mbedtls_ct_condition_t x, + mbedtls_ct_condition_t y); + +/** Boolean "or" operation. + * + * Functionally equivalent to: + * + * \p x || \p y + * + * \param x The first value to analyze. + * \param y The second value to analyze. + * + * \return MBEDTLS_CT_TRUE if \p x || \p y, + * otherwise MBEDTLS_CT_FALSE. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_or(mbedtls_ct_condition_t x, + mbedtls_ct_condition_t y); + +/** Boolean "not" operation. + * + * Functionally equivalent to: + * + * ! \p x + * + * \param x The value to invert + * + * \return MBEDTLS_CT_FALSE if \p x, otherwise MBEDTLS_CT_TRUE. + */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t x); + + +/* ============================================================================ + * Data selection operations + */ + +/** Choose between two size_t values. + * + * Functionally equivalent to: + * + * condition ? if1 : if0. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0. + */ +static inline size_t mbedtls_ct_size_if(mbedtls_ct_condition_t condition, + size_t if1, + size_t if0); + +/** Choose between two unsigned values. + * + * Functionally equivalent to: + * + * condition ? if1 : if0. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0. + */ +static inline unsigned mbedtls_ct_uint_if_new(mbedtls_ct_condition_t condition, + unsigned if1, + unsigned if0); + +#if defined(MBEDTLS_BIGNUM_C) + +/** Choose between two mbedtls_mpi_uint values. + * + * Functionally equivalent to: + * + * condition ? if1 : if0. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0. + */ +static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition, \ + mbedtls_mpi_uint if1, \ + mbedtls_mpi_uint if0); + +#endif + +/** Choose between an unsigned value and 0. + * + * Functionally equivalent to: + * + * condition ? if1 : 0. + * + * Functionally equivalent tombedtls_ct_uint_if(condition, if1, 0) but + * results in smaller code size. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0. + */ +static inline unsigned mbedtls_ct_uint_if0(mbedtls_ct_condition_t condition, unsigned if1); + +#if defined(MBEDTLS_BIGNUM_C) + +/** Choose between an mbedtls_mpi_uint value and 0. + * + * Functionally equivalent to: + * + * condition ? if1 : 0. + * + * Functionally equivalent tombedtls_ct_mpi_uint_if(condition, if1, 0) but + * results in smaller code size. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0. + */ +static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if0(mbedtls_ct_condition_t condition, + mbedtls_mpi_uint if1); + +#endif + +/** Constant-flow char selection + * + * \param low Secret. Bottom of range + * \param high Secret. Top of range + * \param c Secret. Value to compare to range + * \param t Secret. Value to return, if in range + * + * \return \p t if \p low <= \p c <= \p high, 0 otherwise. + */ +static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low, + unsigned char high, + unsigned char c, + unsigned char t); + + +/* ============================================================================ + * Block memory operations + */ + +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) + +/** Conditionally set a block of memory to zero. + * + * Regardless of the condition, every byte will be read once and written to + * once. + * + * \param condition Secret. Condition to test. + * \param buf Secret. Pointer to the start of the buffer. + * \param len Number of bytes to set to zero. + * + * \warning Unlike mbedtls_platform_zeroize, this does not have the same guarantees + * about not being optimised away if the memory is never read again. + */ +void mbedtls_ct_zeroize_if(mbedtls_ct_condition_t condition, void *buf, size_t len); + +/** Shift some data towards the left inside a buffer. + * + * Functionally equivalent to: + * + * memmove(start, start + offset, total - offset); + * memset(start + (total - offset), 0, offset); + * + * Timing independence comes at the expense of performance. + * + * \param start Secret. Pointer to the start of the buffer. + * \param total Total size of the buffer. + * \param offset Secret. Offset from which to copy \p total - \p offset bytes. + */ +void mbedtls_ct_memmove_left(void *start, + size_t total, + size_t offset); + +#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */ + +/** Conditional memcpy. + * + * Functionally equivalent to: + * + * if (condition) { + * memcpy(dest, src1, len); + * } else { + * if (src2 != NULL) + * memcpy(dest, src2, len); + * } + * + * It will always read len bytes from src1. + * If src2 != NULL, it will always read len bytes from src2. + * If src2 == NULL, it will instead read len bytes from dest (as if src2 == dest). + * + * \param condition The condition + * \param dest Secret. Destination pointer. + * \param src1 Secret. Pointer to copy from (if \p condition == MBEDTLS_CT_TRUE). Shouldn't overlap with \p dest. + * \param src2 Secret (contents only - may branch to test if src2 == NULL). + * Pointer to copy from (if \p condition == MBEDTLS_CT_FALSE and \p src2 is not NULL). Shouldn't overlap with \p dest. May be NULL. + * \param len Number of bytes to copy. + */ +void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition, + unsigned char *dest, + const unsigned char *src1, + const unsigned char *src2, + size_t len + ); + +/** Copy data from a secret position. + * + * Functionally equivalent to: + * + * memcpy(dst, src + offset, len) + * + * This function copies \p len bytes from \p src_base + \p offset to \p + * dst, with a code flow and memory access pattern that does not depend on + * \p offset, but only on \p offset_min, \p offset_max and \p len. + * + * \note This function reads from \p dest, but the value that + * is read does not influence the result and this + * function's behavior is well-defined regardless of the + * contents of the buffers. This may result in false + * positives from static or dynamic analyzers, especially + * if \p dest is not initialized. + * + * \param dest Secret. The destination buffer. This must point to a writable + * buffer of at least \p len bytes. + * \param src Secret. The base of the source buffer. This must point to a + * readable buffer of at least \p offset_max + \p len + * bytes. Shouldn't overlap with \p dest. + * \param offset Secret. The offset in the source buffer from which to copy. + * This must be no less than \p offset_min and no greater + * than \p offset_max. + * \param offset_min The minimal value of \p offset. + * \param offset_max The maximal value of \p offset. + * \param len The number of bytes to copy. + */ +void mbedtls_ct_memcpy_offset(unsigned char *dest, + const unsigned char *src, + size_t offset, + size_t offset_min, + size_t offset_max, + size_t len); + +/* Documented in include/mbedtls/constant_time.h. a and b are secret. */ +int mbedtls_ct_memcmp(const void *a, + const void *b, + size_t n); + #endif /* MBEDTLS_CONSTANT_TIME_INTERNAL_H */ diff --git a/library/constant_time_invasive.h b/library/constant_time_invasive.h deleted file mode 100644 index c176b28ff..000000000 --- a/library/constant_time_invasive.h +++ /dev/null @@ -1,51 +0,0 @@ -/** - * \file constant_time_invasive.h - * - * \brief Constant-time module: interfaces for invasive testing only. - * - * The interfaces in this file are intended for testing purposes only. - * They SHOULD NOT be made available in library integrations except when - * building the library for testing. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_CONSTANT_TIME_INVASIVE_H -#define MBEDTLS_CONSTANT_TIME_INVASIVE_H - -#include "common.h" - -#if defined(MBEDTLS_TEST_HOOKS) - -/** Turn a value into a mask: - * - if \p low <= \p c <= \p high, - * return the all-bits 1 mask, aka (unsigned) -1 - * - otherwise, return the all-bits 0 mask, aka 0 - * - * \param low The value to analyze. - * \param high The value to analyze. - * \param c The value to analyze. - * - * \return All-bits-one if \p low <= \p c <= \p high, otherwise zero. - */ -unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low, - unsigned char high, - unsigned char c); - -#endif /* MBEDTLS_TEST_HOOKS */ - -#endif /* MBEDTLS_CONSTANT_TIME_INVASIVE_H */ From 74e18ebf7784746358255c51916699be9004d9c1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 12:21:32 +0100 Subject: [PATCH 014/339] Improve const-timeness of mbedtls_ct_bool_lt Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 218a4a614..f4ad115b9 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -123,12 +123,13 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbe /* Ensure that the compiler cannot optimise the following operations over x and y, * even if it knows the value of x and y. */ + const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x); const mbedtls_ct_uint_t yo = mbedtls_ct_compiler_opaque(y); /* * Check if the most significant bits (MSB) of the operands are different. * cond is true iff the MSBs differ. */ - mbedtls_ct_condition_t cond = mbedtls_ct_bool((x ^ yo) >> (MBEDTLS_CT_SIZE - 1)); + mbedtls_ct_condition_t cond = mbedtls_ct_bool((xo ^ yo) >> (MBEDTLS_CT_SIZE - 1)); /* * If the MSB are the same then the difference x-y will be negative (and @@ -140,7 +141,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbe */ // Select either y, or x - y - mbedtls_ct_uint_t ret = mbedtls_ct_if(cond, yo, (mbedtls_ct_uint_t) (x - yo)); + mbedtls_ct_uint_t ret = mbedtls_ct_if(cond, yo, (mbedtls_ct_uint_t) (xo - yo)); // Extract only the MSB of ret ret = ret >> (MBEDTLS_CT_SIZE - 1); From 1c4eaa121f3da33ea76d22f059c71d2321d9291e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 12:22:59 +0100 Subject: [PATCH 015/339] Remove not-needed compiler_opaque in ct_if Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index f4ad115b9..149cf7506 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -111,11 +111,9 @@ static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition, mbedtls_ct_uint_t if1, mbedtls_ct_uint_t if0) { - mbedtls_ct_condition_t not_mask = + mbedtls_ct_condition_t not_cond = (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition)); - mbedtls_ct_condition_t mask = - (mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(condition); - return (mbedtls_ct_uint_t) ((mask & if1) | (not_mask & if0)); + return (mbedtls_ct_uint_t) ((condition & if1) | (not_cond & if0)); } static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) From debf8679e035edda7c40aee8b02e0cdd383ec01a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 12:12:44 +0100 Subject: [PATCH 016/339] Add impl of mbedtls_ct_zeroize_if Signed-off-by: Dave Rodgman --- library/constant_time.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/library/constant_time.c b/library/constant_time.c index cc12c9c7c..af385cd59 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -399,3 +399,22 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) + +void mbedtls_ct_zeroize_if(mbedtls_ct_condition_t condition, void *buf, size_t len) +{ + uint32_t mask = (uint32_t) ~condition; + uint8_t *p = (uint8_t *) buf; + size_t i = 0; +#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) + for (; (i + 4) <= len; i += 4) { + mbedtls_put_unaligned_uint32((void *) (p + i), + mbedtls_get_unaligned_uint32((void *) (p + i)) & mask); + } +#endif + for (; i < len; i++) { + p[i] = p[i] & mask; + } +} + +#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */ From 6cee26db16bffee669dd1d748870045eb4d9321b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 12:16:29 +0100 Subject: [PATCH 017/339] Remove old interface for mem_move_to_left Signed-off-by: Dave Rodgman --- library/constant_time.c | 2 +- library/constant_time_internal.h | 20 -------------------- 2 files changed, 1 insertion(+), 21 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index af385cd59..32c0e5a20 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -327,7 +327,7 @@ void mbedtls_ct_mpi_uint_cond_assign(size_t n, #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) -void mbedtls_ct_mem_move_to_left(void *start, +void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) { diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index d1e3755d2..5e0d9c45f 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -236,26 +236,6 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, */ unsigned mbedtls_ct_size_gt(size_t x, size_t y); -/** Shift some data towards the left inside a buffer. - * - * `mbedtls_ct_mem_move_to_left(start, total, offset)` is functionally - * equivalent to - * ``` - * memmove(start, start + offset, total - offset); - * memset(start + offset, 0, total - offset); - * ``` - * but it strives to use a memory access pattern (and thus total timing) - * that does not depend on \p offset. This timing independence comes at - * the expense of performance. - * - * \param start Pointer to the start of the buffer. - * \param total Total size of the buffer. - * \param offset Offset from which to copy \p total - \p offset bytes. - */ -void mbedtls_ct_mem_move_to_left(void *start, - size_t total, - size_t offset); - #endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */ From 15c142b58d5043ff4d2971ab95902f1c8202c35c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 12:20:11 +0100 Subject: [PATCH 018/339] Use new interface in mbedtls_ct_memmove_left Signed-off-by: Dave Rodgman --- library/constant_time.c | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 32c0e5a20..0b44587d5 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -327,26 +327,20 @@ void mbedtls_ct_mpi_uint_cond_assign(size_t n, #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) -void mbedtls_ct_memmove_left(void *start, - size_t total, - size_t offset) +void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) { volatile unsigned char *buf = start; - size_t i, n; - if (total == 0) { - return; - } - for (i = 0; i < total; i++) { - unsigned no_op = mbedtls_ct_size_gt(total - offset, i); + for (size_t i = 0; i < total; i++) { + mbedtls_ct_condition_t no_op = mbedtls_ct_bool_gt(total - offset, i); /* The first `total - offset` passes are a no-op. The last * `offset` passes shift the data one byte to the left and * zero out the last byte. */ - for (n = 0; n < total - 1; n++) { + for (size_t n = 0; n < total - 1; n++) { unsigned char current = buf[n]; - unsigned char next = buf[n+1]; - buf[n] = mbedtls_ct_uint_if(no_op, current, next); + unsigned char next = buf[n+1]; + buf[n] = mbedtls_ct_uint_if_new(no_op, current, next); } - buf[total-1] = mbedtls_ct_uint_if(no_op, buf[total-1], 0); + buf[total-1] = mbedtls_ct_uint_if0(no_op, buf[total-1]); } } From 9f9c3b8c33a23ee93030fadfeb0fbedf1ef09f4c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 12:28:51 +0100 Subject: [PATCH 019/339] Use new CT interface in rsa.c Signed-off-by: Dave Rodgman --- library/rsa.c | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index e4a45b37c..9d67ef7d9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -105,36 +105,37 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, * an adversary who has access to a shared code cache or to a shared * branch predictor). */ size_t pad_count = 0; - unsigned bad = 0; - unsigned char pad_done = 0; + mbedtls_ct_condition_t bad; + mbedtls_ct_condition_t pad_done; size_t plaintext_size = 0; - unsigned output_too_large; + mbedtls_ct_condition_t output_too_large; plaintext_max_size = (output_max_len > ilen - 11) ? ilen - 11 : output_max_len; /* Check and get padding length in constant time and constant * memory trace. The first byte must be 0. */ - bad |= input[0]; + bad = mbedtls_ct_bool(input[0]); /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00 * where PS must be at least 8 nonzero bytes. */ - bad |= input[1] ^ MBEDTLS_RSA_CRYPT; + bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_ne(input[1], MBEDTLS_RSA_CRYPT)); /* Read the whole buffer. Set pad_done to nonzero if we find * the 0x00 byte and remember the padding length in pad_count. */ + pad_done = MBEDTLS_CT_FALSE; for (i = 2; i < ilen; i++) { - pad_done |= ((input[i] | (unsigned char) -input[i]) >> 7) ^ 1; - pad_count += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1; + mbedtls_ct_condition_t found = mbedtls_ct_bool_eq(input[i], 0); + pad_done = mbedtls_ct_bool_or(pad_done, found); + pad_count += mbedtls_ct_uint_if0(mbedtls_ct_bool_not(pad_done), 1); } - /* If pad_done is still zero, there's no data, only unfinished padding. */ - bad |= mbedtls_ct_uint_if(pad_done, 0, 1); + bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_not(pad_done)); /* There must be at least 8 bytes of padding. */ - bad |= mbedtls_ct_size_gt(8, pad_count); + bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_gt(8, pad_count)); /* If the padding is valid, set plaintext_size to the number of * remaining bytes after stripping the padding. If the padding @@ -143,13 +144,13 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, * buffer. Do it without branches to avoid leaking the padding * validity through timing. RSA keys are small enough that all the * size_t values involved fit in unsigned int. */ - plaintext_size = mbedtls_ct_uint_if( + plaintext_size = mbedtls_ct_uint_if_new( bad, (unsigned) plaintext_max_size, (unsigned) (ilen - pad_count - 3)); /* Set output_too_large to 0 if the plaintext fits in the output * buffer and to 1 otherwise. */ - output_too_large = mbedtls_ct_size_gt(plaintext_size, + output_too_large = mbedtls_ct_bool_gt(plaintext_size, plaintext_max_size); /* Set ret without branches to avoid timing attacks. Return: @@ -157,11 +158,13 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, * - OUTPUT_TOO_LARGE if the padding is good but the decrypted * plaintext does not fit in the output buffer. * - 0 if the padding is correct. */ - ret = -(int) mbedtls_ct_uint_if( - bad, -MBEDTLS_ERR_RSA_INVALID_PADDING, - mbedtls_ct_uint_if(output_too_large, - -MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, - 0)); + ret = -(int) mbedtls_ct_uint_if_new( + bad, + (unsigned) (-(MBEDTLS_ERR_RSA_INVALID_PADDING)), + mbedtls_ct_uint_if0( + output_too_large, + (unsigned) (-(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE))) + ); /* If the padding is bad or the plaintext is too large, zero the * data that we're about to copy to the output buffer. @@ -169,16 +172,13 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, * from the same buffer whether the padding is good or not to * avoid leaking the padding validity through overall timing or * through memory or cache access patterns. */ - bad = mbedtls_ct_uint_mask(bad | output_too_large); - for (i = 11; i < ilen; i++) { - input[i] &= ~bad; - } + mbedtls_ct_zeroize_if(mbedtls_ct_bool_or(bad, output_too_large), input + 11, ilen - 11); /* If the plaintext is too large, truncate it to the buffer size. * Copy anyway to avoid revealing the length through timing, because * revealing the length is as bad as revealing the padding validity * for a Bleichenbacher attack. */ - plaintext_size = mbedtls_ct_uint_if(output_too_large, + plaintext_size = mbedtls_ct_uint_if_new(output_too_large, (unsigned) plaintext_max_size, (unsigned) plaintext_size); @@ -188,9 +188,9 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, * does not depend on the plaintext size. After this move, the * starting location of the plaintext is no longer sensitive * information. */ - mbedtls_ct_mem_move_to_left(input + ilen - plaintext_max_size, - plaintext_max_size, - plaintext_max_size - plaintext_size); + mbedtls_ct_memmove_left(input + ilen - plaintext_max_size, + plaintext_max_size, + plaintext_max_size - plaintext_size); /* Finally copy the decrypted plaintext plus trailing zeros into the output * buffer. If output_max_len is 0, then output may be an invalid pointer From 293eedd3ad48aa34a4d815127ade8d870087b6c9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 12:31:36 +0100 Subject: [PATCH 020/339] Use new CT interface in ssl_tls12_server.c Signed-off-by: Dave Rodgman --- library/ssl_tls12_server.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a377d805b..c2f14f126 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3481,9 +3481,8 @@ static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, unsigned char *pms = ssl->handshake->premaster + pms_offset; unsigned char ver[2]; unsigned char fake_pms[48], peer_pms[48]; - unsigned char mask; - size_t i, peer_pmslen; - unsigned int diff; + size_t peer_pmslen; + mbedtls_ct_condition_t diff; /* In case of a failure in decryption, the decryption may write less than * 2 bytes of output, but we always read the first two bytes. It doesn't @@ -3512,13 +3511,10 @@ static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, /* Avoid data-dependent branches while checking for invalid * padding, to protect against timing-based Bleichenbacher-type * attacks. */ - diff = (unsigned int) ret; - diff |= peer_pmslen ^ 48; - diff |= peer_pms[0] ^ ver[0]; - diff |= peer_pms[1] ^ ver[1]; - - /* mask = diff ? 0xff : 0x00 using bit operations to avoid branches */ - mask = mbedtls_ct_uint_mask(diff); + diff = mbedtls_ct_bool(ret); + diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pmslen, 48)); + diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pms[0], ver[0])); + diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pms[1], ver[1])); /* * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding @@ -3537,7 +3533,7 @@ static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_DEBUG_ALL) - if (diff != 0) { + if (diff != MBEDTLS_CT_FALSE) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); } #endif @@ -3551,9 +3547,7 @@ static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, /* Set pms to either the true or the fake PMS, without * data-dependent branches. */ - for (i = 0; i < ssl->handshake->pmslen; i++) { - pms[i] = (mask & fake_pms[i]) | ((~mask) & peer_pms[i]); - } + mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen); return 0; } From 7fe6e6fb2bafbd4386316d1fc5a80a05a270c384 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 12:34:56 +0100 Subject: [PATCH 021/339] Add impl of mbedtls_ct_memcpy_if Signed-off-by: Dave Rodgman --- library/constant_time.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/library/constant_time.c b/library/constant_time.c index 0b44587d5..e9da8e0a9 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -346,6 +346,35 @@ void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ +void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition, + unsigned char *dest, + const unsigned char *src1, + const unsigned char *src2, + size_t len) +{ + const uint32_t mask = (uint32_t) condition; + const uint32_t not_mask = (uint32_t) ~mbedtls_ct_compiler_opaque(condition); + + /* If src2 is NULL and condition == 0, then this function has no effect. + * In this case, copy from dest back into dest. */ + if (src2 == NULL) { + src2 = dest; + } + + /* dest[i] = c1 == c2 ? src[i] : dest[i] */ + size_t i = 0; +#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) + for (; (i + 4) <= len; i += 4) { + uint32_t a = mbedtls_get_unaligned_uint32(src1 + i) & mask; + uint32_t b = mbedtls_get_unaligned_uint32(src2 + i) & not_mask; + mbedtls_put_unaligned_uint32(dest + i, a | b); + } +#endif /* MBEDTLS_EFFICIENT_UNALIGNED_ACCESS */ + for (; i < len; i++) { + dest[i] = (src1[i] & mask) | (src2[i] & not_mask); + } +} + #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) void mbedtls_ct_memcpy_if_eq(unsigned char *dest, From a81373f80e82cca9f6e4b4cfe3f8a01a14d8e1f9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 12:36:01 +0100 Subject: [PATCH 022/339] Use new CT interface in ssl_msg.c Signed-off-by: Dave Rodgman --- library/ssl_msg.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 69706cf53..b5019ef1e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -148,8 +148,8 @@ int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, PSA_CHK(psa_hash_finish(&aux_operation, aux_out, PSA_HASH_MAX_SIZE, &hash_length)); /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size, - offset, data_len_secret); + mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offset, data_len_secret), + output, aux_out, NULL, hash_size); if (offset < max_data_len) { PSA_CHK(psa_hash_update(&operation, data + offset, 1)); @@ -251,8 +251,8 @@ int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, MD_CHK(mbedtls_md_clone(&aux, ctx)); MD_CHK(mbedtls_md_finish(&aux, aux_out)); /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size, - offset, data_len_secret); + mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offset, data_len_secret), + output, aux_out, NULL, hash_size); if (offset < max_data_len) { MD_CHK(mbedtls_md_update(ctx, data + offset, 1)); @@ -1912,11 +1912,11 @@ hmac_failed_etm_enabled: padlen = data[rec->data_len - 1]; if (auth_done == 1) { - const size_t mask = mbedtls_ct_size_mask_ge( + const mbedtls_ct_condition_t ge = mbedtls_ct_bool_ge( rec->data_len, padlen + 1); - correct &= mask; - padlen &= mask; + correct = mbedtls_ct_size_if0(ge, correct); + padlen = mbedtls_ct_size_if0(ge, padlen); } else { #if defined(MBEDTLS_SSL_DEBUG_ALL) if (rec->data_len < transform->maclen + padlen + 1) { @@ -1928,12 +1928,11 @@ hmac_failed_etm_enabled: padlen + 1)); } #endif - - const size_t mask = mbedtls_ct_size_mask_ge( + const mbedtls_ct_condition_t ge = mbedtls_ct_bool_ge( rec->data_len, transform->maclen + padlen + 1); - correct &= mask; - padlen &= mask; + correct = mbedtls_ct_size_if0(ge, correct); + padlen = mbedtls_ct_size_if0(ge, padlen); } padlen++; @@ -1962,19 +1961,20 @@ hmac_failed_etm_enabled: /* pad_count += (idx >= padding_idx) && * (check[idx] == padlen - 1); */ - const size_t mask = mbedtls_ct_size_mask_ge(idx, padding_idx); - const size_t equal = mbedtls_ct_size_bool_eq(check[idx], - padlen - 1); - pad_count += mask & equal; + const mbedtls_ct_condition_t a = mbedtls_ct_bool_ge(idx, padding_idx); + size_t increment = mbedtls_ct_size_if0(a, 1); + const mbedtls_ct_condition_t b = mbedtls_ct_bool_eq(check[idx], padlen - 1); + increment = mbedtls_ct_size_if0(b, increment); + pad_count += increment; } - correct &= mbedtls_ct_size_bool_eq(pad_count, padlen); + correct = mbedtls_ct_size_if0(mbedtls_ct_bool_eq(pad_count, padlen), padlen); #if defined(MBEDTLS_SSL_DEBUG_ALL) if (padlen > 0 && correct == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected")); } #endif - padlen &= mbedtls_ct_size_mask(correct); + padlen = mbedtls_ct_size_if0(mbedtls_ct_bool(correct), padlen); #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ From cd2e38b90638a71eccbc1a242c1914f8ce6652a3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 13:31:55 +0100 Subject: [PATCH 023/339] Update mbedtls_mpi_safe_cond_(assign|swap) to use new CT interface Signed-off-by: Dave Rodgman --- library/bignum.c | 8 ++++++-- library/bignum_core.c | 16 +++++++--------- library/bignum_core.h | 22 ++++++---------------- library/bignum_mod_raw.c | 4 ++-- 4 files changed, 21 insertions(+), 29 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index b62f3f2c3..76910b1e6 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -141,6 +141,8 @@ int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, MPI_VALIDATE_RET(X != NULL); MPI_VALIDATE_RET(Y != NULL); + mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign); + /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask(assign); @@ -148,7 +150,7 @@ int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, X->s = (int) mbedtls_ct_uint_if(assign, Y->s, X->s); - mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, assign); + mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign); for (size_t i = Y->n; i < X->n; i++) { X->p[i] &= ~limb_mask; @@ -177,6 +179,8 @@ int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, return 0; } + mbedtls_ct_condition_t do_swap = mbedtls_ct_bool(swap); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n)); @@ -184,7 +188,7 @@ int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, X->s = (int) mbedtls_ct_uint_if(swap, Y->s, X->s); Y->s = (int) mbedtls_ct_uint_if(swap, s, Y->s); - mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, swap); + mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, do_swap); cleanup: return ret; diff --git a/library/bignum_core.c b/library/bignum_core.c index a51b3f404..75806cf24 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -211,31 +211,29 @@ unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, size_t limbs, - unsigned char assign) + mbedtls_ct_condition_t assign) { if (X == A) { return; } - mbedtls_ct_mpi_uint_cond_assign(limbs, X, A, assign); + mbedtls_ct_memcpy_if(assign, (unsigned char *) X, (unsigned char *) A, NULL, + limbs * sizeof(mbedtls_mpi_uint)); } void mbedtls_mpi_core_cond_swap(mbedtls_mpi_uint *X, mbedtls_mpi_uint *Y, size_t limbs, - unsigned char swap) + mbedtls_ct_condition_t swap) { if (X == Y) { return; } - /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */ - mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask(swap); - for (size_t i = 0; i < limbs; i++) { mbedtls_mpi_uint tmp = X[i]; - X[i] = (X[i] & ~limb_mask) | (Y[i] & limb_mask); - Y[i] = (Y[i] & ~limb_mask) | (tmp & limb_mask); + X[i] = mbedtls_ct_mpi_uint_if(swap, Y[i], X[i]); + Y[i] = mbedtls_ct_mpi_uint_if(swap, tmp, Y[i]); } } @@ -637,7 +635,7 @@ void mbedtls_mpi_core_ct_uint_table_lookup(mbedtls_mpi_uint *dest, size_t index) { for (size_t i = 0; i < count; i++, table += limbs) { - unsigned char assign = mbedtls_ct_size_bool_eq(i, index); + mbedtls_ct_condition_t assign = mbedtls_ct_bool_eq(i, index); mbedtls_mpi_core_cond_assign(dest, table, limbs, assign); } } diff --git a/library/bignum_core.h b/library/bignum_core.h index 1fc537575..5432c8009 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -86,6 +86,8 @@ #include "mbedtls/bignum.h" #endif +#include "constant_time_internal.h" + #define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ #define biL (ciL << 3) /** bits in limb */ #define biH (ciL << 2) /** half limb size */ @@ -176,21 +178,15 @@ unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, * \param[in] A The address of the source MPI. This must be initialized. * \param limbs The number of limbs of \p A. * \param assign The condition deciding whether to perform the - * assignment or not. Must be either 0 or 1: - * * \c 1: Perform the assignment `X = A`. - * * \c 0: Keep the original value of \p X. + * assignment or not. * * \note This function avoids leaking any information about whether * the assignment was done or not. - * - * \warning If \p assign is neither 0 nor 1, the result of this function - * is indeterminate, and the resulting value in \p X might be - * neither its original value nor the value in \p A. */ void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, size_t limbs, - unsigned char assign); + mbedtls_ct_condition_t assign); /** * \brief Perform a safe conditional swap of two MPIs which doesn't reveal @@ -202,21 +198,15 @@ void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X, * This must be initialized. * \param limbs The number of limbs of \p X and \p Y. * \param swap The condition deciding whether to perform - * the swap or not. Must be either 0 or 1: - * * \c 1: Swap the values of \p X and \p Y. - * * \c 0: Keep the original values of \p X and \p Y. + * the swap or not. * * \note This function avoids leaking any information about whether * the swap was done or not. - * - * \warning If \p swap is neither 0 nor 1, the result of this function - * is indeterminate, and both \p X and \p Y might end up with - * values different to either of the original ones. */ void mbedtls_mpi_core_cond_swap(mbedtls_mpi_uint *X, mbedtls_mpi_uint *Y, size_t limbs, - unsigned char swap); + mbedtls_ct_condition_t swap); /** Import X from unsigned binary data, little-endian. * diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 791921151..ef8c2b33b 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -40,7 +40,7 @@ void mbedtls_mpi_mod_raw_cond_assign(mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *N, unsigned char assign) { - mbedtls_mpi_core_cond_assign(X, A, N->limbs, assign); + mbedtls_mpi_core_cond_assign(X, A, N->limbs, mbedtls_ct_bool(assign)); } void mbedtls_mpi_mod_raw_cond_swap(mbedtls_mpi_uint *X, @@ -48,7 +48,7 @@ void mbedtls_mpi_mod_raw_cond_swap(mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *N, unsigned char swap) { - mbedtls_mpi_core_cond_swap(X, Y, N->limbs, swap); + mbedtls_mpi_core_cond_swap(X, Y, N->limbs, mbedtls_ct_bool(swap)); } int mbedtls_mpi_mod_raw_read(mbedtls_mpi_uint *X, From 589ccb8aaacb466efdf843de6c090133ef84471b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 13:55:01 +0100 Subject: [PATCH 024/339] Update mbedtls_mpi_safe_cond_(assign|swap) part 2 Signed-off-by: Dave Rodgman --- library/bignum.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 76910b1e6..dd77bfc9f 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -141,19 +141,17 @@ int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, MPI_VALIDATE_RET(X != NULL); MPI_VALIDATE_RET(Y != NULL); - mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign); - - /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ - mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask(assign); - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); - X->s = (int) mbedtls_ct_uint_if(assign, Y->s, X->s); + mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign); + + X->s = (int) mbedtls_ct_uint_if_new(do_assign, Y->s, X->s); mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign); + mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign); for (size_t i = Y->n; i < X->n; i++) { - X->p[i] &= ~limb_mask; + X->p[i] = mbedtls_ct_mpi_uint_if0(do_not_assign, X->p[i]); } cleanup: From 1a7a5626ec3bd8cb86d6e8c51725c72987a98a08 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 13:47:56 +0100 Subject: [PATCH 025/339] Update mbedtls_mpi_lt_mpi_ct to new interface Signed-off-by: Dave Rodgman --- library/bignum.c | 51 +++++++++++++++++------------------------------- 1 file changed, 18 insertions(+), 33 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index dd77bfc9f..9e215d8e5 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -61,9 +61,7 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned *ret) { - size_t i; - /* The value of any of these variables is either 0 or 1 at all times. */ - unsigned cond, done, X_is_negative, Y_is_negative; + mbedtls_ct_condition_t cond, X_is_negative, Y_is_negative, result; MPI_VALIDATE_RET(X != NULL); MPI_VALIDATE_RET(Y != NULL); @@ -77,46 +75,33 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, * Set sign_N to 1 if N >= 0, 0 if N < 0. * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0. */ - X_is_negative = (X->s & 2) >> 1; - Y_is_negative = (Y->s & 2) >> 1; + X_is_negative = mbedtls_ct_bool((X->s & 2) >> 1); + Y_is_negative = mbedtls_ct_bool((Y->s & 2) >> 1); /* * If the signs are different, then the positive operand is the bigger. * That is if X is negative (X_is_negative == 1), then X < Y is true and it * is false if X is positive (X_is_negative == 0). */ - cond = (X_is_negative ^ Y_is_negative); - *ret = cond & X_is_negative; + cond = mbedtls_ct_bool_xor(X_is_negative, Y_is_negative); // non-zero if different sign + result = mbedtls_ct_bool_and(cond, X_is_negative); - /* - * This is a constant-time function. We might have the result, but we still - * need to go through the loop. Record if we have the result already. + /* Assuming signs are the same, compare X and Y. We switch the comparison + * order if they are negative so that we get the right result, regardles of + * sign. + * + * Store in ret iff the signs are the same (i.e., iff cond == 0). If + * the signs differ, done has already been set. */ - done = cond; - for (i = X->n; i > 0; i--) { - /* - * If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both - * X and Y are negative. - * - * Again even if we can make a decision, we just mark the result and - * the fact that we are done and continue looping. - */ - cond = mbedtls_ct_mpi_uint_lt(Y->p[i - 1], X->p[i - 1]); - *ret |= cond & (1 - done) & X_is_negative; - done |= cond; + /* This is used to conditionally swap the pointers in const time */ + void * const p[2] = { X->p, Y->p }; + mbedtls_ct_condition_t lt = mbedtls_mpi_core_lt_ct( + p[X_is_negative & 1], p[(X_is_negative & 1) ^ 1], X->n); - /* - * If X->p[i - 1] < Y->p[i - 1] then X < Y is true if and only if both - * X and Y are positive. - * - * Again even if we can make a decision, we just mark the result and - * the fact that we are done and continue looping. - */ - cond = mbedtls_ct_mpi_uint_lt(X->p[i - 1], Y->p[i - 1]); - *ret |= cond & (1 - done) & (1 - X_is_negative); - done |= cond; - } + result = mbedtls_ct_bool_or(result, mbedtls_ct_bool_and(mbedtls_ct_bool_not(cond), lt)); + + *ret = mbedtls_ct_uint_if0(result, 1); return 0; } From ee54faf1cddc02a7656a85b7e18fadb2192e73a6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 13:56:33 +0100 Subject: [PATCH 026/339] Update mpi_select to use new CT interface Signed-off-by: Dave Rodgman --- library/bignum.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 9e215d8e5..59b5f7418 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1725,10 +1725,8 @@ static int mpi_select(mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_ for (size_t i = 0; i < T_size; i++) { MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(R, &T[i], - (unsigned char) mbedtls_ct_size_bool_eq(i, - idx))); + (unsigned char) mbedtls_ct_bool_eq(i, idx))); } - cleanup: return ret; } From fd7fab40738b9ea94be6b2fcab6dba2d0e601432 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 14:00:39 +0100 Subject: [PATCH 027/339] Update mbedtls_mpi_core_uint_le_mpi to new CT interface Signed-off-by: Dave Rodgman --- library/bignum_core.c | 16 +++++++--------- library/bignum_core.h | 8 ++++---- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 75806cf24..c9008a1d8 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -148,24 +148,22 @@ void mbedtls_mpi_core_bigendian_to_host(mbedtls_mpi_uint *A, /* Whether min <= A, in constant time. * A_limbs must be at least 1. */ -unsigned mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min, - const mbedtls_mpi_uint *A, - size_t A_limbs) +mbedtls_ct_condition_t mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min, + const mbedtls_mpi_uint *A, + size_t A_limbs) { /* min <= least significant limb? */ - unsigned min_le_lsl = 1 ^ mbedtls_ct_mpi_uint_lt(A[0], min); + mbedtls_ct_condition_t min_le_lsl = mbedtls_ct_bool_ge(A[0], min); /* limbs other than the least significant one are all zero? */ - mbedtls_mpi_uint msll_mask = 0; + mbedtls_ct_condition_t msll_mask = MBEDTLS_CT_FALSE; for (size_t i = 1; i < A_limbs; i++) { - msll_mask |= A[i]; + msll_mask = mbedtls_ct_bool_or(msll_mask, mbedtls_ct_bool(A[i])); } - /* The most significant limbs of A are not all zero iff msll_mask != 0. */ - unsigned msll_nonzero = mbedtls_ct_mpi_uint_mask(msll_mask) & 1; /* min <= A iff the lowest limb of A is >= min or the other limbs * are not all zero. */ - return min_le_lsl | msll_nonzero; + return mbedtls_ct_bool_or(msll_mask, min_le_lsl); } unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, diff --git a/library/bignum_core.h b/library/bignum_core.h index 5432c8009..e2d18e9b6 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -144,11 +144,11 @@ void mbedtls_mpi_core_bigendian_to_host(mbedtls_mpi_uint *A, * \param A_limbs The number of limbs of \p A. * This must be at least 1. * - * \return 1 if \p min is less than or equal to \p A, otherwise 0. + * \return MBEDTLS_CT_TRUE if \p min is less than or equal to \p A, otherwise MBEDTLS_CT_FALSE. */ -unsigned mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min, - const mbedtls_mpi_uint *A, - size_t A_limbs); +mbedtls_ct_condition_t mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min, + const mbedtls_mpi_uint *A, + size_t A_limbs); /** * \brief Check if one unsigned MPI is less than another in constant From 231a5166828a7ef8487d05d9b4e9783713e61b08 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 15:13:14 +0100 Subject: [PATCH 028/339] Remove not-needed mbedtls_ct_mpi_uint_cond_assign Signed-off-by: Dave Rodgman --- library/bignum_core.c | 6 +++++- library/constant_time.c | 30 ------------------------------ library/constant_time_internal.h | 21 --------------------- 3 files changed, 5 insertions(+), 52 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index c9008a1d8..a23862bee 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -608,7 +608,11 @@ void mbedtls_mpi_core_montmul(mbedtls_mpi_uint *X, * So the correct return value is already in X if (carry ^ borrow) = 0, * but is in (the lower AN_limbs limbs of) T if (carry ^ borrow) = 1. */ - mbedtls_ct_mpi_uint_cond_assign(AN_limbs, X, T, (unsigned char) (carry ^ borrow)); + mbedtls_ct_memcpy_if(mbedtls_ct_bool(carry ^ borrow), + (unsigned char *) X, + (unsigned char *) T, + NULL, + AN_limbs * sizeof(mbedtls_mpi_uint)); } int mbedtls_mpi_core_get_mont_r2_unsafe(mbedtls_mpi *X, diff --git a/library/constant_time.c b/library/constant_time.c index e9da8e0a9..c5255851e 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -295,36 +295,6 @@ unsigned mbedtls_ct_uint_if(unsigned condition, return (mask & if1) | (~mask & if0); } -#if defined(MBEDTLS_BIGNUM_C) - -void mbedtls_ct_mpi_uint_cond_assign(size_t n, - mbedtls_mpi_uint *dest, - const mbedtls_mpi_uint *src, - unsigned char condition) -{ - size_t i; - - /* MSVC has a warning about unary minus on unsigned integer types, - * but this is well-defined and precisely what we want to do here. */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - - /* all-bits 1 if condition is 1, all-bits 0 if condition is 0 */ - const mbedtls_mpi_uint mask = -condition; - -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif - - for (i = 0; i < n; i++) { - dest[i] = (src[i] & mask) | (dest[i] & ~mask); - } -} - -#endif /* MBEDTLS_BIGNUM_C */ - #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 5e0d9c45f..f2cb4871b 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -147,27 +147,6 @@ unsigned mbedtls_ct_uint_if(unsigned condition, unsigned if1, unsigned if0); -#if defined(MBEDTLS_BIGNUM_C) - -/** Conditionally assign a value without branches. - * - * This is equivalent to `if ( condition ) dest = src`, but is likely - * to be compiled to code using bitwise operation rather than a branch. - * - * \param n \p dest and \p src must be arrays of limbs of size n. - * \param dest The MPI to conditionally assign to. This must point - * to an initialized MPI. - * \param src The MPI to be assigned from. This must point to an - * initialized MPI. - * \param condition Condition to test, must be 0 or 1. - */ -void mbedtls_ct_mpi_uint_cond_assign(size_t n, - mbedtls_mpi_uint *dest, - const mbedtls_mpi_uint *src, - unsigned char condition); - -#endif /* MBEDTLS_BIGNUM_C */ - #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) /** Conditional memcpy without branches. From 8ac9a1df24c9992cfda01bdbb3dac30f9012ec56 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 15:16:22 +0100 Subject: [PATCH 029/339] Use new CT interface in mbedtls_mpi_core_lt_ct Signed-off-by: Dave Rodgman --- library/bignum_core.c | 22 +++++++++------------- library/bignum_core.h | 12 ++++++------ 2 files changed, 15 insertions(+), 19 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index a23862bee..7a77f0720 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -166,15 +166,11 @@ mbedtls_ct_condition_t mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min, return mbedtls_ct_bool_or(msll_mask, min_le_lsl); } -unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, - const mbedtls_mpi_uint *B, - size_t limbs) +mbedtls_ct_condition_t mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, + const mbedtls_mpi_uint *B, + size_t limbs) { - unsigned ret, cond, done; - - /* The value of any of these variables is either 0 or 1 for the rest of - * their scope. */ - ret = cond = done = 0; + mbedtls_ct_condition_t ret = MBEDTLS_CT_FALSE, cond = MBEDTLS_CT_FALSE, done = MBEDTLS_CT_FALSE; for (size_t i = limbs; i > 0; i--) { /* @@ -184,8 +180,8 @@ unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = mbedtls_ct_mpi_uint_lt(B[i - 1], A[i - 1]); - done |= cond; + cond = mbedtls_ct_bool_lt(B[i - 1], A[i - 1]); + done = mbedtls_ct_bool_or(done, cond); /* * If A[i - 1] < B[i - 1] then A < B is true. @@ -193,9 +189,9 @@ unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = mbedtls_ct_mpi_uint_lt(A[i - 1], B[i - 1]); - ret |= cond & (1 - done); - done |= cond; + cond = mbedtls_ct_bool_lt(A[i - 1], B[i - 1]); + ret = mbedtls_ct_bool_or(ret, mbedtls_ct_bool_and(cond, mbedtls_ct_bool_not(done))); + done = mbedtls_ct_bool_or(done, cond); } /* diff --git a/library/bignum_core.h b/library/bignum_core.h index e2d18e9b6..64d51b92d 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -161,13 +161,13 @@ mbedtls_ct_condition_t mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min, * \param limbs The number of limbs in \p A and \p B. * This must not be 0. * - * \return The result of the comparison: - * \c 1 if \p A is less than \p B. - * \c 0 if \p A is greater than or equal to \p B. + * \return MBEDTLS_CT_TRUE if \p A is less than \p B. + * MBEDTLS_CT_FALSE if \p A is greater than or equal to \p B. */ -unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, - const mbedtls_mpi_uint *B, - size_t limbs); +mbedtls_ct_condition_t mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, + const mbedtls_mpi_uint *B, + size_t limbs); + /** * \brief Perform a safe conditional copy of an MPI which doesn't reveal * whether assignment was done or not. From b59b73e2bc82a0b970f388245de4bb9fd2e086b9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 15:17:12 +0100 Subject: [PATCH 030/339] Use new CT interface in mbedtls_mpi_core_add_if Signed-off-by: Dave Rodgman --- library/bignum_core.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 7a77f0720..308f5c76f 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -458,11 +458,10 @@ mbedtls_mpi_uint mbedtls_mpi_core_add_if(mbedtls_mpi_uint *X, { mbedtls_mpi_uint c = 0; - /* all-bits 0 if cond is 0, all-bits 1 if cond is non-0 */ - const mbedtls_mpi_uint mask = mbedtls_ct_mpi_uint_mask(cond); + mbedtls_ct_condition_t do_add = mbedtls_ct_bool(cond); for (size_t i = 0; i < limbs; i++) { - mbedtls_mpi_uint add = mask & A[i]; + mbedtls_mpi_uint add = mbedtls_ct_mpi_uint_if0(do_add, A[i]); mbedtls_mpi_uint t = c + X[i]; c = (t < X[i]); t += add; From fd492ab1be4c04fa5eae726bf9af5e55967a2870 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 15:17:29 +0100 Subject: [PATCH 031/339] Use new CT interface in mbedtls_mpi_core_random Signed-off-by: Dave Rodgman --- library/bignum_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 308f5c76f..b41d046a5 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -672,7 +672,7 @@ int mbedtls_mpi_core_random(mbedtls_mpi_uint *X, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - unsigned ge_lower = 1, lt_upper = 0; + mbedtls_ct_condition_t ge_lower = MBEDTLS_CT_TRUE, lt_upper = MBEDTLS_CT_FALSE; size_t n_bits = mbedtls_mpi_core_bitlen(N, limbs); size_t n_bytes = (n_bits + 7) / 8; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -717,7 +717,7 @@ int mbedtls_mpi_core_random(mbedtls_mpi_uint *X, ge_lower = mbedtls_mpi_core_uint_le_mpi(min, X, limbs); lt_upper = mbedtls_mpi_core_lt_ct(X, N, limbs); - } while (ge_lower == 0 || lt_upper == 0); + } while (mbedtls_ct_bool_and(ge_lower, lt_upper) == MBEDTLS_CT_FALSE); cleanup: return ret; From cf06acac3243a9d4300439f2e2deb24275ee4200 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 15:21:37 +0100 Subject: [PATCH 032/339] Use new CT interface in mbedtls_mpi_safe_cond_swap Signed-off-by: Dave Rodgman --- library/bignum.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 59b5f7418..e8d91631e 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -168,8 +168,8 @@ int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n)); s = X->s; - X->s = (int) mbedtls_ct_uint_if(swap, Y->s, X->s); - Y->s = (int) mbedtls_ct_uint_if(swap, s, Y->s); + X->s = (int) mbedtls_ct_uint_if_new(do_swap, Y->s, X->s); + Y->s = (int) mbedtls_ct_uint_if_new(do_swap, s, Y->s); mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, do_swap); From 199a2c5d39ba1a879431d5b92568a919c0699ed9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 15:46:23 +0100 Subject: [PATCH 033/339] Use new CT interface in mbedtls_ct_memcpy_offset Signed-off-by: Dave Rodgman --- library/constant_time.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index c5255851e..76faeb6bc 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -385,8 +385,8 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, size_t offsetval; for (offsetval = offset_min; offsetval <= offset_max; offsetval++) { - mbedtls_ct_memcpy_if_eq(dest, src + offsetval, len, - offsetval, offset); + mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offsetval, offset), dest, src + offsetval, NULL, + len); } } From 2243137715db22ad7111da7f13b25fcabe80caf8 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 15:35:07 +0100 Subject: [PATCH 034/339] Remove old interface Signed-off-by: Dave Rodgman --- library/constant_time.c | 210 ------------------------------- library/constant_time_internal.h | 190 ---------------------------- 2 files changed, 400 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 76faeb6bc..c86316b00 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -113,188 +113,6 @@ int mbedtls_ct_memcmp(const void *a, return (int) diff; } -unsigned mbedtls_ct_uint_mask(unsigned value) -{ - /* MSVC has a warning about unary minus on unsigned, but this is - * well-defined and precisely what we want to do here */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - return -((value | -value) >> (sizeof(value) * 8 - 1)); -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif -} - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - -size_t mbedtls_ct_size_mask(size_t value) -{ - /* MSVC has a warning about unary minus on unsigned integer types, - * but this is well-defined and precisely what we want to do here. */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - return -((value | -value) >> (sizeof(value) * 8 - 1)); -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif -} - -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -#if defined(MBEDTLS_BIGNUM_C) - -mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask(mbedtls_mpi_uint value) -{ - /* MSVC has a warning about unary minus on unsigned, but this is - * well-defined and precisely what we want to do here */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - return -((value | -value) >> (sizeof(value) * 8 - 1)); -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif -} - -#endif /* MBEDTLS_BIGNUM_C */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) - -/** Constant-flow mask generation for "less than" comparison: - * - if \p x < \p y, return all-bits 1, that is (size_t) -1 - * - otherwise, return all bits 0, that is 0 - * - * This function can be used to write constant-time code by replacing branches - * with bit operations using masks. - * - * \param x The first value to analyze. - * \param y The second value to analyze. - * - * \return All-bits-one if \p x is less than \p y, otherwise zero. - */ -static size_t mbedtls_ct_size_mask_lt(size_t x, - size_t y) -{ - /* This has the most significant bit set if and only if x < y */ - const size_t sub = x - y; - - /* sub1 = (x < y) ? 1 : 0 */ - const size_t sub1 = sub >> (sizeof(sub) * 8 - 1); - - /* mask = (x < y) ? 0xff... : 0x00... */ - const size_t mask = mbedtls_ct_size_mask(sub1); - - return mask; -} - -size_t mbedtls_ct_size_mask_ge(size_t x, - size_t y) -{ - return ~mbedtls_ct_size_mask_lt(x, y); -} - -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ - -#if defined(MBEDTLS_BASE64_C) - -/* Return 0xff if low <= c <= high, 0 otherwise. - * - * Constant flow with respect to c. - */ -unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low, - unsigned char high, - unsigned char c) -{ - /* low_mask is: 0 if low <= c, 0x...ff if low > c */ - unsigned low_mask = ((unsigned) c - low) >> 8; - /* high_mask is: 0 if c <= high, 0x...ff if c > high */ - unsigned high_mask = ((unsigned) high - c) >> 8; - return ~(low_mask | high_mask) & 0xff; -} - -#endif /* MBEDTLS_BASE64_C */ - -unsigned mbedtls_ct_size_bool_eq(size_t x, - size_t y) -{ - /* diff = 0 if x == y, non-zero otherwise */ - const size_t diff = x ^ y; - - /* MSVC has a warning about unary minus on unsigned integer types, - * but this is well-defined and precisely what we want to do here. */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - - /* diff_msb's most significant bit is equal to x != y */ - const size_t diff_msb = (diff | (size_t) -diff); - -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif - - /* diff1 = (x != y) ? 1 : 0 */ - const unsigned diff1 = diff_msb >> (sizeof(diff_msb) * 8 - 1); - - return 1 ^ diff1; -} - -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) - -unsigned mbedtls_ct_size_gt(size_t x, size_t y) -{ - /* Return the sign bit (1 for negative) of (y - x). */ - return (y - x) >> (sizeof(size_t) * 8 - 1); -} - -#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ - -#if defined(MBEDTLS_BIGNUM_C) - -unsigned mbedtls_ct_mpi_uint_lt(const mbedtls_mpi_uint x, - const mbedtls_mpi_uint y) -{ - mbedtls_mpi_uint ret; - mbedtls_mpi_uint cond; - - /* - * Check if the most significant bits (MSB) of the operands are different. - */ - cond = (x ^ y); - /* - * If the MSB are the same then the difference x-y will be negative (and - * have its MSB set to 1 during conversion to unsigned) if and only if x> (sizeof(mbedtls_mpi_uint) * 8 - 1); - - return (unsigned) ret; -} - -#endif /* MBEDTLS_BIGNUM_C */ - -unsigned mbedtls_ct_uint_if(unsigned condition, - unsigned if1, - unsigned if0) -{ - unsigned mask = mbedtls_ct_uint_mask(condition); - return (mask & if1) | (~mask & if0); -} - #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) @@ -347,34 +165,6 @@ void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition, #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -void mbedtls_ct_memcpy_if_eq(unsigned char *dest, - const unsigned char *src, - size_t len, - size_t c1, - size_t c2) -{ - /* mask = c1 == c2 ? 0xff : 0x00 */ - const size_t equal = mbedtls_ct_size_bool_eq(c1, c2); - - /* dest[i] = c1 == c2 ? src[i] : dest[i] */ - size_t i = 0; -#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) - const uint32_t mask32 = (uint32_t) mbedtls_ct_size_mask(equal); - const unsigned char mask = (unsigned char) mask32 & 0xff; - - for (; (i + 4) <= len; i += 4) { - uint32_t a = mbedtls_get_unaligned_uint32(src + i) & mask32; - uint32_t b = mbedtls_get_unaligned_uint32(dest + i) & ~mask32; - mbedtls_put_unaligned_uint32(dest + i, a | b); - } -#else - const unsigned char mask = (unsigned char) mbedtls_ct_size_mask(equal); -#endif /* MBEDTLS_EFFICIENT_UNALIGNED_ACCESS */ - for (; i < len; i++) { - dest[i] = (src[i] & mask) | (dest[i] & ~mask); - } -} - void mbedtls_ct_memcpy_offset(unsigned char *dest, const unsigned char *src, size_t offset, diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index f2cb4871b..362b822a4 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -29,196 +29,6 @@ #include "mbedtls/bignum.h" #endif -#if defined(MBEDTLS_SSL_TLS_C) -#include "ssl_misc.h" -#endif - - -/** Turn a value into a mask: - * - if \p value == 0, return the all-bits 0 mask, aka 0 - * - otherwise, return the all-bits 1 mask, aka (unsigned) -1 - * - * This function can be used to write constant-time code by replacing branches - * with bit operations using masks. - * - * \param value The value to analyze. - * - * \return Zero if \p value is zero, otherwise all-bits-one. - */ -unsigned mbedtls_ct_uint_mask(unsigned value); - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - -/** Turn a value into a mask: - * - if \p value == 0, return the all-bits 0 mask, aka 0 - * - otherwise, return the all-bits 1 mask, aka (size_t) -1 - * - * This function can be used to write constant-time code by replacing branches - * with bit operations using masks. - * - * \param value The value to analyze. - * - * \return Zero if \p value is zero, otherwise all-bits-one. - */ -size_t mbedtls_ct_size_mask(size_t value); - -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -#if defined(MBEDTLS_BIGNUM_C) - -/** Turn a value into a mask: - * - if \p value == 0, return the all-bits 0 mask, aka 0 - * - otherwise, return the all-bits 1 mask, aka (mbedtls_mpi_uint) -1 - * - * This function can be used to write constant-time code by replacing branches - * with bit operations using masks. - * - * \param value The value to analyze. - * - * \return Zero if \p value is zero, otherwise all-bits-one. - */ -mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask(mbedtls_mpi_uint value); - -#endif /* MBEDTLS_BIGNUM_C */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) - -/** Constant-flow mask generation for "greater or equal" comparison: - * - if \p x >= \p y, return all-bits 1, that is (size_t) -1 - * - otherwise, return all bits 0, that is 0 - * - * This function can be used to write constant-time code by replacing branches - * with bit operations using masks. - * - * \param x The first value to analyze. - * \param y The second value to analyze. - * - * \return All-bits-one if \p x is greater or equal than \p y, - * otherwise zero. - */ -size_t mbedtls_ct_size_mask_ge(size_t x, - size_t y); - -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ - -/** Constant-flow boolean "equal" comparison: - * return x == y - * - * This is equivalent to \p x == \p y, but is likely to be compiled - * to code using bitwise operation rather than a branch. - * - * \param x The first value to analyze. - * \param y The second value to analyze. - * - * \return 1 if \p x equals to \p y, otherwise 0. - */ -unsigned mbedtls_ct_size_bool_eq(size_t x, - size_t y); - -#if defined(MBEDTLS_BIGNUM_C) - -/** Decide if an integer is less than the other, without branches. - * - * This is equivalent to \p x < \p y, but is likely to be compiled - * to code using bitwise operation rather than a branch. - * - * \param x The first value to analyze. - * \param y The second value to analyze. - * - * \return 1 if \p x is less than \p y, otherwise 0. - */ -unsigned mbedtls_ct_mpi_uint_lt(const mbedtls_mpi_uint x, - const mbedtls_mpi_uint y); - -#endif /* MBEDTLS_BIGNUM_C */ - -/** Choose between two integer values without branches. - * - * This is equivalent to `condition ? if1 : if0`, but is likely to be compiled - * to code using bitwise operation rather than a branch. - * - * \param condition Condition to test. - * \param if1 Value to use if \p condition is nonzero. - * \param if0 Value to use if \p condition is zero. - * - * \return \c if1 if \p condition is nonzero, otherwise \c if0. - */ -unsigned mbedtls_ct_uint_if(unsigned condition, - unsigned if1, - unsigned if0); - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - -/** Conditional memcpy without branches. - * - * This is equivalent to `if ( c1 == c2 ) memcpy(dest, src, len)`, but is likely - * to be compiled to code using bitwise operation rather than a branch. - * - * \param dest The pointer to conditionally copy to. - * \param src The pointer to copy from. Shouldn't overlap with \p dest. - * \param len The number of bytes to copy. - * \param c1 The first value to analyze in the condition. - * \param c2 The second value to analyze in the condition. - */ -void mbedtls_ct_memcpy_if_eq(unsigned char *dest, - const unsigned char *src, - size_t len, - size_t c1, size_t c2); - -/** Copy data from a secret position with constant flow. - * - * This function copies \p len bytes from \p src_base + \p offset_secret to \p - * dst, with a code flow and memory access pattern that does not depend on \p - * offset_secret, but only on \p offset_min, \p offset_max and \p len. - * Functionally equivalent to `memcpy(dst, src + offset_secret, len)`. - * - * \note This function reads from \p dest, but the value that - * is read does not influence the result and this - * function's behavior is well-defined regardless of the - * contents of the buffers. This may result in false - * positives from static or dynamic analyzers, especially - * if \p dest is not initialized. - * - * \param dest The destination buffer. This must point to a writable - * buffer of at least \p len bytes. - * \param src The base of the source buffer. This must point to a - * readable buffer of at least \p offset_max + \p len - * bytes. Shouldn't overlap with \p dest. - * \param offset The offset in the source buffer from which to copy. - * This must be no less than \p offset_min and no greater - * than \p offset_max. - * \param offset_min The minimal value of \p offset. - * \param offset_max The maximal value of \p offset. - * \param len The number of bytes to copy. - */ -void mbedtls_ct_memcpy_offset(unsigned char *dest, - const unsigned char *src, - size_t offset, - size_t offset_min, - size_t offset_max, - size_t len); - -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) - -/** Constant-flow "greater than" comparison: - * return x > y - * - * This is equivalent to \p x > \p y, but is likely to be compiled - * to code using bitwise operation rather than a branch. - * - * \param x The first value to analyze. - * \param y The second value to analyze. - * - * \return 1 if \p x greater than \p y, otherwise 0. - */ -unsigned mbedtls_ct_size_gt(size_t x, size_t y); - -#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */ - - - /* The constant-time interface provides various operations that are likely * to result in constant-time code that does not branch or use conditional * instructions for secret data (for secret pointers, this also applies to From 2b4486a01483a4163e12a53b8276d27c1d3fff24 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 15:51:59 +0100 Subject: [PATCH 035/339] Rename mbedtls_ct_uint_if_new to mbedtls_ct_uint_if Signed-off-by: Dave Rodgman --- library/bignum.c | 6 +++--- library/constant_time.c | 2 +- library/constant_time_impl.h | 2 +- library/constant_time_internal.h | 2 +- library/rsa.c | 6 +++--- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index e8d91631e..30a30dd92 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -130,7 +130,7 @@ int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign); - X->s = (int) mbedtls_ct_uint_if_new(do_assign, Y->s, X->s); + X->s = (int) mbedtls_ct_uint_if(do_assign, Y->s, X->s); mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign); @@ -168,8 +168,8 @@ int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n)); s = X->s; - X->s = (int) mbedtls_ct_uint_if_new(do_swap, Y->s, X->s); - Y->s = (int) mbedtls_ct_uint_if_new(do_swap, s, Y->s); + X->s = (int) mbedtls_ct_uint_if(do_swap, Y->s, X->s); + Y->s = (int) mbedtls_ct_uint_if(do_swap, s, Y->s); mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, do_swap); diff --git a/library/constant_time.c b/library/constant_time.c index c86316b00..e11d88e6b 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -126,7 +126,7 @@ void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) for (size_t n = 0; n < total - 1; n++) { unsigned char current = buf[n]; unsigned char next = buf[n+1]; - buf[n] = mbedtls_ct_uint_if_new(no_op, current, next); + buf[n] = mbedtls_ct_uint_if(no_op, current, next); } buf[total-1] = mbedtls_ct_uint_if0(no_op, buf[total-1]); } diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 149cf7506..b73f92ee9 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -191,7 +191,7 @@ static inline size_t mbedtls_ct_size_if(mbedtls_ct_condition_t condition, return (size_t) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, (mbedtls_ct_uint_t) if0); } -static inline unsigned mbedtls_ct_uint_if_new(mbedtls_ct_condition_t condition, +static inline unsigned mbedtls_ct_uint_if(mbedtls_ct_condition_t condition, unsigned if1, unsigned if0) { diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 362b822a4..09de92f17 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -285,7 +285,7 @@ static inline size_t mbedtls_ct_size_if(mbedtls_ct_condition_t condition, * * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0. */ -static inline unsigned mbedtls_ct_uint_if_new(mbedtls_ct_condition_t condition, +static inline unsigned mbedtls_ct_uint_if(mbedtls_ct_condition_t condition, unsigned if1, unsigned if0); diff --git a/library/rsa.c b/library/rsa.c index 9d67ef7d9..44ff3d2c0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -144,7 +144,7 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, * buffer. Do it without branches to avoid leaking the padding * validity through timing. RSA keys are small enough that all the * size_t values involved fit in unsigned int. */ - plaintext_size = mbedtls_ct_uint_if_new( + plaintext_size = mbedtls_ct_uint_if( bad, (unsigned) plaintext_max_size, (unsigned) (ilen - pad_count - 3)); @@ -158,7 +158,7 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, * - OUTPUT_TOO_LARGE if the padding is good but the decrypted * plaintext does not fit in the output buffer. * - 0 if the padding is correct. */ - ret = -(int) mbedtls_ct_uint_if_new( + ret = -(int) mbedtls_ct_uint_if( bad, (unsigned) (-(MBEDTLS_ERR_RSA_INVALID_PADDING)), mbedtls_ct_uint_if0( @@ -178,7 +178,7 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, * Copy anyway to avoid revealing the length through timing, because * revealing the length is as bad as revealing the padding validity * for a Bleichenbacher attack. */ - plaintext_size = mbedtls_ct_uint_if_new(output_too_large, + plaintext_size = mbedtls_ct_uint_if(output_too_large, (unsigned) plaintext_max_size, (unsigned) plaintext_size); From 8f5e5c18d8bc75212b4b9f48178e393d9a30f0d2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 16 May 2023 13:30:15 +0100 Subject: [PATCH 036/339] Make memmove_left more efficient Signed-off-by: Dave Rodgman --- library/constant_time.c | 39 +++++++++++++------ .../suites/test_suite_constant_time.function | 5 ++- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index e11d88e6b..cf1f2b8c9 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -117,18 +117,35 @@ int mbedtls_ct_memcmp(const void *a, void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) { - volatile unsigned char *buf = start; + /* Iterate over the array, reading each byte once and writing each byte once. */ for (size_t i = 0; i < total; i++) { - mbedtls_ct_condition_t no_op = mbedtls_ct_bool_gt(total - offset, i); - /* The first `total - offset` passes are a no-op. The last - * `offset` passes shift the data one byte to the left and - * zero out the last byte. */ - for (size_t n = 0; n < total - 1; n++) { - unsigned char current = buf[n]; - unsigned char next = buf[n+1]; - buf[n] = mbedtls_ct_uint_if(no_op, current, next); - } - buf[total-1] = mbedtls_ct_uint_if0(no_op, buf[total-1]); + /* Each iteration, read one byte, and write it to start[i]. + * + * The source address will either be the "true" source address, if it's in the range + * where data is getting moved, or (if the source address is off the end of the + * array), it will wrap back to the start. + * + * If the source address is out of range, mask it to zero. + */ + + // The address that we will read from + // TODO: if offset is marked as secret, this upsets Memsan. + size_t j = i + offset; + + // Is the address off the end of the array? + mbedtls_ct_condition_t not_dummy = mbedtls_ct_bool_lt(j, total); + + // Bring read address into range + j = j % total; + + // Read a byte + uint8_t b = ((uint8_t*)start)[j]; + + // Set it to zero if it's out of range + b = mbedtls_ct_uint_if0(not_dummy, b); + + // Write the byte to start[i] + ((uint8_t*)start)[i] = b; } } diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index c9bdf7e34..ba31c96d4 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -301,10 +301,11 @@ void mbedtls_ct_memmove_left(int len, int offset) buf_expected[i] = buf[i]; } - TEST_CF_SECRET(&o, sizeof(o)); + //Note: Marking o as secret causes false positives from Memsan + //TEST_CF_SECRET(&o, sizeof(o)); TEST_CF_SECRET(buf, l); mbedtls_ct_memmove_left(buf, l, o); - TEST_CF_PUBLIC(&o, sizeof(o)); + //TEST_CF_PUBLIC(&o, sizeof(o)); TEST_CF_PUBLIC(buf, l); if (l > 0) { From fe76af20aa8ffd7c5dc05cd7b1a8ccaaab68055d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 17:45:17 +0100 Subject: [PATCH 037/339] Improve use of compiler_opaque Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index b73f92ee9..b4b3917cd 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -151,7 +151,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbe static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) { /* diff = 0 if x == y, non-zero otherwise */ - const mbedtls_ct_uint_t diff = mbedtls_ct_compiler_opaque(x) ^ y; + const mbedtls_ct_uint_t diff = mbedtls_ct_compiler_opaque(x) ^ mbedtls_ct_compiler_opaque(y); /* all ones if x != y, 0 otherwise */ return mbedtls_ct_bool(diff); @@ -213,12 +213,12 @@ static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t con static inline size_t mbedtls_ct_size_if0(mbedtls_ct_condition_t condition, size_t if1) { - return (size_t) (mbedtls_ct_compiler_opaque(condition) & if1); + return (size_t) (condition & if1); } static inline unsigned mbedtls_ct_uint_if0(mbedtls_ct_condition_t condition, unsigned if1) { - return (unsigned) (mbedtls_ct_compiler_opaque(condition) & if1); + return (unsigned) (condition & if1); } #if defined(MBEDTLS_BIGNUM_C) @@ -226,7 +226,7 @@ static inline unsigned mbedtls_ct_uint_if0(mbedtls_ct_condition_t condition, uns static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if0(mbedtls_ct_condition_t condition, mbedtls_mpi_uint if1) { - return (mbedtls_mpi_uint) (mbedtls_ct_compiler_opaque(condition) & if1); + return (mbedtls_mpi_uint) (condition & if1); } #endif /* MBEDTLS_BIGNUM_C */ @@ -252,24 +252,24 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_le(mbedtls_ct_uint_t x, static inline mbedtls_ct_condition_t mbedtls_ct_bool_xor(mbedtls_ct_condition_t x, mbedtls_ct_condition_t y) { - return (mbedtls_ct_condition_t) (mbedtls_ct_compiler_opaque(x) ^ mbedtls_ct_compiler_opaque(y)); + return (mbedtls_ct_condition_t) (x ^ y); } static inline mbedtls_ct_condition_t mbedtls_ct_bool_and(mbedtls_ct_condition_t x, mbedtls_ct_condition_t y) { - return (mbedtls_ct_condition_t) (mbedtls_ct_compiler_opaque(x) & mbedtls_ct_compiler_opaque(y)); + return (mbedtls_ct_condition_t) (x & y); } static inline mbedtls_ct_condition_t mbedtls_ct_bool_or(mbedtls_ct_condition_t x, mbedtls_ct_condition_t y) { - return (mbedtls_ct_condition_t) (mbedtls_ct_compiler_opaque(x) | mbedtls_ct_compiler_opaque(y)); + return (mbedtls_ct_condition_t) (x | y); } static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t x) { - return (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(x)); + return (mbedtls_ct_condition_t) (~x); } #endif /* MBEDTLS_CONSTANT_TIME_IMPL_H */ From 585f7f776d06ea4fe1af56edd94baf751fb6cc62 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 17 May 2023 17:45:33 +0100 Subject: [PATCH 038/339] Whitespace etc Signed-off-by: Dave Rodgman --- library/constant_time.c | 8 ++++---- library/constant_time_impl.h | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index cf1f2b8c9..e8ed08605 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -139,13 +139,13 @@ void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) j = j % total; // Read a byte - uint8_t b = ((uint8_t*)start)[j]; + uint8_t b = ((uint8_t *) start)[j]; // Set it to zero if it's out of range b = mbedtls_ct_uint_if0(not_dummy, b); // Write the byte to start[i] - ((uint8_t*)start)[i] = b; + ((uint8_t *) start)[i] = b; } } @@ -192,8 +192,8 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, size_t offsetval; for (offsetval = offset_min; offsetval <= offset_max; offsetval++) { - mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offsetval, offset), dest, src + offsetval, NULL, - len); + mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offsetval, offset), dest, src + offsetval, NULL, + len); } } diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index b4b3917cd..44682c049 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -178,12 +178,6 @@ static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low, * Everything below here is trivial wrapper functions */ -static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x, - mbedtls_ct_uint_t y) -{ - return ~mbedtls_ct_bool_ne(x, y); -} - static inline size_t mbedtls_ct_size_if(mbedtls_ct_condition_t condition, size_t if1, size_t if0) @@ -200,8 +194,8 @@ static inline unsigned mbedtls_ct_uint_if(mbedtls_ct_condition_t condition, #if defined(MBEDTLS_BIGNUM_C) -static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition, \ - mbedtls_mpi_uint if1, \ +static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition, + mbedtls_mpi_uint if1, mbedtls_mpi_uint if0) { return (mbedtls_mpi_uint) mbedtls_ct_if(condition, @@ -231,6 +225,12 @@ static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if0(mbedtls_ct_condition_t co #endif /* MBEDTLS_BIGNUM_C */ +static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x, + mbedtls_ct_uint_t y) +{ + return ~mbedtls_ct_bool_ne(x, y); +} + static inline mbedtls_ct_condition_t mbedtls_ct_bool_gt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) { From 1e8b6ac09c8076d5a8938612679b2357f4a088ac Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 18 May 2023 11:23:59 +0100 Subject: [PATCH 039/339] Improve tests for mbedtls_ct_uchar_in_range_if Remove tests from base64. Improve coverage in constant_time tests. Signed-off-by: Dave Rodgman --- tests/suites/test_suite_base64.data | 24 --- tests/suites/test_suite_base64.function | 20 --- tests/suites/test_suite_constant_time.data | 153 ++++++++++++++++-- .../suites/test_suite_constant_time.function | 27 ++-- 4 files changed, 151 insertions(+), 73 deletions(-) diff --git a/tests/suites/test_suite_base64.data b/tests/suites/test_suite_base64.data index 555666807..3999e73bf 100644 --- a/tests/suites/test_suite_base64.data +++ b/tests/suites/test_suite_base64.data @@ -1,27 +1,3 @@ -mask_of_range empty (1..0) -mask_of_range:1:0 - -mask_of_range empty (255..0) -mask_of_range:255:0 - -mask_of_range empty (42..7) -mask_of_range:42:7 - -mask_of_range 0..0 -mask_of_range:0:0 - -mask_of_range 42..42 -mask_of_range:42:42 - -mask_of_range 255..255 -mask_of_range:255:255 - -mask_of_range 0..255 -mask_of_range:0:255 - -mask_of_range 'A'..'Z' -mask_of_range:65:90 - enc_char (all digits) enc_chars: diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index d9ac82cd0..052d1d097 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -15,26 +15,6 @@ static const char base64_digits[] = * END_DEPENDENCIES */ -/* BEGIN_CASE */ -void mask_of_range(int low_arg, int high_arg) -{ - unsigned char low = low_arg, high = high_arg; - unsigned c; - for (c = 0; c <= 0xff; c++) { - mbedtls_test_set_step(c); - TEST_CF_SECRET(&c, sizeof(c)); - unsigned char m = mbedtls_ct_uchar_in_range_if(low, high, c, 0xff); - TEST_CF_PUBLIC(&c, sizeof(c)); - TEST_CF_PUBLIC(&m, sizeof(m)); - if (low <= c && c <= high) { - TEST_EQUAL(m, 0xff); - } else { - TEST_EQUAL(m, 0); - } - } -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ void enc_chars() { diff --git a/tests/suites/test_suite_constant_time.data b/tests/suites/test_suite_constant_time.data index f692176cd..1b0b964da 100644 --- a/tests/suites/test_suite_constant_time.data +++ b/tests/suites/test_suite_constant_time.data @@ -283,29 +283,149 @@ mbedtls_ct_bool_xxx:"256":"138" mbedtls_ct_bool_xxx 6 6 mbedtls_ct_bool_xxx:"0x6":"0x6" -mbedtls_ct_uchar_in_range_if 0 0 0 0 -mbedtls_ct_uchar_in_range_if:0:0:0:0 +mbedtls_ct_uchar_in_range_if 0 0 0 +mbedtls_ct_uchar_in_range_if:0:0:0 -mbedtls_ct_uchar_in_range_if 0 100 2 2 -mbedtls_ct_uchar_in_range_if:0:100:2:2 +mbedtls_ct_uchar_in_range_if 0 0 100 +mbedtls_ct_uchar_in_range_if:0:0:100 -mbedtls_ct_uchar_in_range_if 0 100 2 0 -mbedtls_ct_uchar_in_range_if:0:100:2:0 +mbedtls_ct_uchar_in_range_if 0 0 255 +mbedtls_ct_uchar_in_range_if:0:0:255 -mbedtls_ct_uchar_in_range_if 0 100 200 2 -mbedtls_ct_uchar_in_range_if:0:100:200:2 +mbedtls_ct_uchar_in_range_if 0 65 0 +mbedtls_ct_uchar_in_range_if:0:65:0 -mbedtls_ct_uchar_in_range_if 0 255 0 2 -mbedtls_ct_uchar_in_range_if:0:255:0:2 +mbedtls_ct_uchar_in_range_if 0 65 100 +mbedtls_ct_uchar_in_range_if:0:65:100 -mbedtls_ct_uchar_in_range_if 0 255 100 2 -mbedtls_ct_uchar_in_range_if:0:255:100:2 +mbedtls_ct_uchar_in_range_if 0 65 255 +mbedtls_ct_uchar_in_range_if:0:65:255 -mbedtls_ct_uchar_in_range_if 0 255 255 2 -mbedtls_ct_uchar_in_range_if:0:255:255:2 +mbedtls_ct_uchar_in_range_if 0 90 0 +mbedtls_ct_uchar_in_range_if:0:90:0 -mbedtls_ct_uchar_in_range_if 255 255 255 255 -mbedtls_ct_uchar_in_range_if:255:255:255:255 +mbedtls_ct_uchar_in_range_if 0 90 100 +mbedtls_ct_uchar_in_range_if:0:90:100 + +mbedtls_ct_uchar_in_range_if 0 90 255 +mbedtls_ct_uchar_in_range_if:0:90:255 + +mbedtls_ct_uchar_in_range_if 0 255 0 +mbedtls_ct_uchar_in_range_if:0:255:0 + +mbedtls_ct_uchar_in_range_if 0 255 100 +mbedtls_ct_uchar_in_range_if:0:255:100 + +mbedtls_ct_uchar_in_range_if 0 255 255 +mbedtls_ct_uchar_in_range_if:0:255:255 + +mbedtls_ct_uchar_in_range_if 65 0 0 +mbedtls_ct_uchar_in_range_if:65:0:0 + +mbedtls_ct_uchar_in_range_if 65 0 100 +mbedtls_ct_uchar_in_range_if:65:0:100 + +mbedtls_ct_uchar_in_range_if 65 0 255 +mbedtls_ct_uchar_in_range_if:65:0:255 + +mbedtls_ct_uchar_in_range_if 65 65 0 +mbedtls_ct_uchar_in_range_if:65:65:0 + +mbedtls_ct_uchar_in_range_if 65 65 100 +mbedtls_ct_uchar_in_range_if:65:65:100 + +mbedtls_ct_uchar_in_range_if 65 65 255 +mbedtls_ct_uchar_in_range_if:65:65:255 + +mbedtls_ct_uchar_in_range_if 65 90 0 +mbedtls_ct_uchar_in_range_if:65:90:0 + +mbedtls_ct_uchar_in_range_if 65 90 100 +mbedtls_ct_uchar_in_range_if:65:90:100 + +mbedtls_ct_uchar_in_range_if 65 90 255 +mbedtls_ct_uchar_in_range_if:65:90:255 + +mbedtls_ct_uchar_in_range_if 65 255 0 +mbedtls_ct_uchar_in_range_if:65:255:0 + +mbedtls_ct_uchar_in_range_if 65 255 100 +mbedtls_ct_uchar_in_range_if:65:255:100 + +mbedtls_ct_uchar_in_range_if 65 255 255 +mbedtls_ct_uchar_in_range_if:65:255:255 + +mbedtls_ct_uchar_in_range_if 90 0 0 +mbedtls_ct_uchar_in_range_if:90:0:0 + +mbedtls_ct_uchar_in_range_if 90 0 100 +mbedtls_ct_uchar_in_range_if:90:0:100 + +mbedtls_ct_uchar_in_range_if 90 0 255 +mbedtls_ct_uchar_in_range_if:90:0:255 + +mbedtls_ct_uchar_in_range_if 90 65 0 +mbedtls_ct_uchar_in_range_if:90:65:0 + +mbedtls_ct_uchar_in_range_if 90 65 100 +mbedtls_ct_uchar_in_range_if:90:65:100 + +mbedtls_ct_uchar_in_range_if 90 65 255 +mbedtls_ct_uchar_in_range_if:90:65:255 + +mbedtls_ct_uchar_in_range_if 90 90 0 +mbedtls_ct_uchar_in_range_if:90:90:0 + +mbedtls_ct_uchar_in_range_if 90 90 100 +mbedtls_ct_uchar_in_range_if:90:90:100 + +mbedtls_ct_uchar_in_range_if 90 90 255 +mbedtls_ct_uchar_in_range_if:90:90:255 + +mbedtls_ct_uchar_in_range_if 90 255 0 +mbedtls_ct_uchar_in_range_if:90:255:0 + +mbedtls_ct_uchar_in_range_if 90 255 100 +mbedtls_ct_uchar_in_range_if:90:255:100 + +mbedtls_ct_uchar_in_range_if 90 255 255 +mbedtls_ct_uchar_in_range_if:90:255:255 + +mbedtls_ct_uchar_in_range_if 255 0 0 +mbedtls_ct_uchar_in_range_if:255:0:0 + +mbedtls_ct_uchar_in_range_if 255 0 100 +mbedtls_ct_uchar_in_range_if:255:0:100 + +mbedtls_ct_uchar_in_range_if 255 0 255 +mbedtls_ct_uchar_in_range_if:255:0:255 + +mbedtls_ct_uchar_in_range_if 255 65 0 +mbedtls_ct_uchar_in_range_if:255:65:0 + +mbedtls_ct_uchar_in_range_if 255 65 100 +mbedtls_ct_uchar_in_range_if:255:65:100 + +mbedtls_ct_uchar_in_range_if 255 65 255 +mbedtls_ct_uchar_in_range_if:255:65:255 + +mbedtls_ct_uchar_in_range_if 255 90 0 +mbedtls_ct_uchar_in_range_if:255:90:0 + +mbedtls_ct_uchar_in_range_if 255 90 100 +mbedtls_ct_uchar_in_range_if:255:90:100 + +mbedtls_ct_uchar_in_range_if 255 90 255 +mbedtls_ct_uchar_in_range_if:255:90:255 + +mbedtls_ct_uchar_in_range_if 255 255 0 +mbedtls_ct_uchar_in_range_if:255:255:0 + +mbedtls_ct_uchar_in_range_if 255 255 100 +mbedtls_ct_uchar_in_range_if:255:255:100 + +mbedtls_ct_uchar_in_range_if 255 255 255 +mbedtls_ct_uchar_in_range_if:255:255:255 mbedtls_ct_if 0x0 0x0 0x0 mbedtls_ct_if:"0x0":"0x0":"0x0" @@ -579,4 +699,3 @@ mbedtls_ct_memmove_left:16:15 mbedtls_ct_memmove_left 16 16 mbedtls_ct_memmove_left:16:16 - diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index ba31c96d4..ac4dd7ab7 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -92,22 +92,25 @@ void mbedtls_ct_bool_xxx(char *x_str, char *y_str) /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_BASE64_C */ -void mbedtls_ct_uchar_in_range_if(int li, int hi, int xi, int ti) +void mbedtls_ct_uchar_in_range_if(int li, int hi, int ti) { - unsigned char l = li, h = hi, x = xi, t = ti; - unsigned char expected = (x >= l) && (x <= h) ? t : 0; + unsigned char l = li, h = hi, t = ti; - TEST_CF_SECRET(&x, sizeof(x)); - TEST_CF_SECRET(&l, sizeof(l)); - TEST_CF_SECRET(&h, sizeof(h)); - TEST_CF_SECRET(&t, sizeof(t)); + for (unsigned x = 0; x <= 255; x++) { + unsigned char expected = (x >= l) && (x <= h) ? t : 0; - TEST_EQUAL(mbedtls_ct_uchar_in_range_if(l, h, x, t), expected); + TEST_CF_SECRET(&x, sizeof(x)); + TEST_CF_SECRET(&l, sizeof(l)); + TEST_CF_SECRET(&h, sizeof(h)); + TEST_CF_SECRET(&t, sizeof(t)); - TEST_CF_PUBLIC(&x, sizeof(x)); - TEST_CF_PUBLIC(&l, sizeof(l)); - TEST_CF_PUBLIC(&h, sizeof(h)); - TEST_CF_PUBLIC(&t, sizeof(t)); + TEST_EQUAL(mbedtls_ct_uchar_in_range_if(l, h, (unsigned char) x, t), expected); + + TEST_CF_PUBLIC(&x, sizeof(x)); + TEST_CF_PUBLIC(&l, sizeof(l)); + TEST_CF_PUBLIC(&h, sizeof(h)); + TEST_CF_PUBLIC(&t, sizeof(t)); + } } /* END_CASE */ From 2c76484005c54d438734270d5616c5e87d3011e0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 18 May 2023 13:28:21 +0100 Subject: [PATCH 040/339] Fix non-opaque use of mbedtls_ct_condition_t Signed-off-by: Dave Rodgman --- library/bignum.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 30a30dd92..8ad725858 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -96,8 +96,8 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, /* This is used to conditionally swap the pointers in const time */ void * const p[2] = { X->p, Y->p }; - mbedtls_ct_condition_t lt = mbedtls_mpi_core_lt_ct( - p[X_is_negative & 1], p[(X_is_negative & 1) ^ 1], X->n); + size_t i = mbedtls_ct_size_if0(X_is_negative, 1); + mbedtls_ct_condition_t lt = mbedtls_mpi_core_lt_ct(p[i], p[i ^ 1], X->n); result = mbedtls_ct_bool_or(result, mbedtls_ct_bool_and(mbedtls_ct_bool_not(cond), lt)); From 3108645d67e7bd0eae2877fa7f5018f520817c1e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 18 May 2023 13:47:13 +0100 Subject: [PATCH 041/339] Document and test that memcpy_if may have src == dest Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 8 ++++--- .../suites/test_suite_constant_time.function | 24 +++++++++++++++++++ 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 09de92f17..0cb3f2a34 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -417,9 +417,11 @@ void mbedtls_ct_memmove_left(void *start, * * \param condition The condition * \param dest Secret. Destination pointer. - * \param src1 Secret. Pointer to copy from (if \p condition == MBEDTLS_CT_TRUE). Shouldn't overlap with \p dest. + * \param src1 Secret. Pointer to copy from (if \p condition == MBEDTLS_CT_TRUE). + * This may be equal to \p dest, but may not overlap in other ways. * \param src2 Secret (contents only - may branch to test if src2 == NULL). - * Pointer to copy from (if \p condition == MBEDTLS_CT_FALSE and \p src2 is not NULL). Shouldn't overlap with \p dest. May be NULL. + * Pointer to copy from (if \p condition == MBEDTLS_CT_FALSE and \p src2 is not NULL). May be NULL. + * This may be equal to \p dest, but may not overlap it in other ways. It may overlap with \p src1. * \param len Number of bytes to copy. */ void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition, @@ -450,7 +452,7 @@ void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition, * buffer of at least \p len bytes. * \param src Secret. The base of the source buffer. This must point to a * readable buffer of at least \p offset_max + \p len - * bytes. Shouldn't overlap with \p dest. + * bytes. Shouldn't overlap with \p dest * \param offset Secret. The offset in the source buffer from which to copy. * This must be no less than \p offset_min and no greater * than \p offset_max. diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index ac4dd7ab7..2fafa948d 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -224,6 +224,7 @@ void mbedtls_ct_memcpy_if(int eq, int size, int offset) ASSERT_ALLOC(result, size + offset); ASSERT_ALLOC(expected, size + offset); + /* Apply offset to result only */ for (int i = 0; i < size + offset; i++) { src[i] = 1; result[i] = 0xff; @@ -243,6 +244,8 @@ void mbedtls_ct_memcpy_if(int eq, int size, int offset) ASSERT_COMPARE(expected, size, result + offset, size); + + /* Apply offset to src only */ for (int i = 0; i < size + offset; i++) { src[i] = 1; result[i] = 0xff; @@ -261,6 +264,8 @@ void mbedtls_ct_memcpy_if(int eq, int size, int offset) ASSERT_COMPARE(expected, size, result, size); + + /* Apply offset to src and src2 */ for (int i = 0; i < size + offset; i++) { src[i] = 1; src2[i] = 2; @@ -281,6 +286,25 @@ void mbedtls_ct_memcpy_if(int eq, int size, int offset) TEST_CF_PUBLIC(result, size + offset); ASSERT_COMPARE(expected, size, result, size); + + + /* result == src == dest */ + for (int i = 0; i < size + offset; i++) { + src[i] = 2; + expected[i] = 2; + } + + TEST_CF_SECRET(&secret_eq, sizeof(secret_eq)); + TEST_CF_SECRET(src, size + offset); + TEST_CF_SECRET(result, size + offset); + + mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), src + offset, src + offset, src + offset, size); + + TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq)); + TEST_CF_PUBLIC(src, size + offset); + TEST_CF_PUBLIC(result, size + offset); + + ASSERT_COMPARE(expected, size, src + offset, size); exit: mbedtls_free(src); mbedtls_free(src2); From 3b25c40f5296a284de45d402e050a3454de47fd9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 18 May 2023 14:41:06 +0100 Subject: [PATCH 042/339] Fix RSA perf regression Signed-off-by: Dave Rodgman --- library/bignum_core.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index b41d046a5..5e1959079 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -211,8 +211,14 @@ void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X, return; } - mbedtls_ct_memcpy_if(assign, (unsigned char *) X, (unsigned char *) A, NULL, - limbs * sizeof(mbedtls_mpi_uint)); + /* This function is very performance-sensitive for RSA. For this reason + * we have the loop below, instead of calling mbedtls_ct_memcpy_if + * (this is more optimal since here we don't have to handle the case where + * we copy awkwardly sized data). + */ + for (size_t i = 0; i < limbs; i++) { + X[i] = mbedtls_ct_mpi_uint_if(assign, A[i], X[i]); + } } void mbedtls_mpi_core_cond_swap(mbedtls_mpi_uint *X, From 1947088f91254b1d36cfcc18b21893e6572c963d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 18 May 2023 15:17:21 +0100 Subject: [PATCH 043/339] Remove references to rsa.h and ssl_misc.h from constant_time.c Signed-off-by: Dave Rodgman --- library/constant_time.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index e8ed08605..90fbcf2d2 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -30,14 +30,6 @@ #include "mbedtls/error.h" #include "mbedtls/platform_util.h" -#if defined(MBEDTLS_SSL_TLS_C) -#include "ssl_misc.h" -#endif - -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" -#endif - #include #if defined(MBEDTLS_USE_PSA_CRYPTO) #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ @@ -180,8 +172,6 @@ void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition, } } -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - void mbedtls_ct_memcpy_offset(unsigned char *dest, const unsigned char *src, size_t offset, @@ -197,8 +187,6 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, } } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) void mbedtls_ct_zeroize_if(mbedtls_ct_condition_t condition, void *buf, size_t len) From 0fec4395ac292d68b86644069c9f1ee2deb071ab Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 18 May 2023 15:24:36 +0100 Subject: [PATCH 044/339] Move base64 test interfaces into base64_internal.h Signed-off-by: Dave Rodgman --- include/mbedtls/base64.h | 29 ------------- library/base64.c | 1 + library/base64_internal.h | 57 +++++++++++++++++++++++++ tests/suites/test_suite_base64.function | 1 + 4 files changed, 59 insertions(+), 29 deletions(-) create mode 100644 library/base64_internal.h diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h index e82c270ea..635be713d 100644 --- a/include/mbedtls/base64.h +++ b/include/mbedtls/base64.h @@ -87,35 +87,6 @@ int mbedtls_base64_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ -#if defined(MBEDTLS_TEST_HOOKS) - -/** Given a value in the range 0..63, return the corresponding Base64 digit. - * - * The implementation assumes that letters are consecutive (e.g. ASCII - * but not EBCDIC). - * - * \param value A value in the range 0..63. - * - * \return A base64 digit converted from \p value. - */ -unsigned char mbedtls_ct_base64_enc_char(unsigned char value); - -/** Given a Base64 digit, return its value. - * - * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'), - * return -1. - * - * The implementation assumes that letters are consecutive (e.g. ASCII - * but not EBCDIC). - * - * \param c A base64 digit. - * - * \return The value of the base64 digit \p c. - */ -signed char mbedtls_ct_base64_dec_value(unsigned char c); - -#endif /* MBEDTLS_TEST_HOOKS */ - #ifdef __cplusplus } #endif diff --git a/library/base64.c b/library/base64.c index 2b623b9bc..fa22e5375 100644 --- a/library/base64.c +++ b/library/base64.c @@ -24,6 +24,7 @@ #if defined(MBEDTLS_BASE64_C) #include "mbedtls/base64.h" +#include "base64_internal.h" #include "constant_time_internal.h" #include diff --git a/library/base64_internal.h b/library/base64_internal.h new file mode 100644 index 000000000..f9f56d78d --- /dev/null +++ b/library/base64_internal.h @@ -0,0 +1,57 @@ +/** + * \file base64_internal.h + * + * \brief RFC 1521 base64 encoding/decoding: interfaces for invasive testing + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_BASE64_INTERNAL +#define MBEDTLS_BASE64_INTERNAL + +#include "common.h" + +#if defined(MBEDTLS_TEST_HOOKS) + +/** Given a value in the range 0..63, return the corresponding Base64 digit. + * + * The implementation assumes that letters are consecutive (e.g. ASCII + * but not EBCDIC). + * + * \param value A value in the range 0..63. + * + * \return A base64 digit converted from \p value. + */ +unsigned char mbedtls_ct_base64_enc_char(unsigned char value); + +/** Given a Base64 digit, return its value. + * + * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'), + * return -1. + * + * The implementation assumes that letters are consecutive (e.g. ASCII + * but not EBCDIC). + * + * \param c A base64 digit. + * + * \return The value of the base64 digit \p c. + */ +signed char mbedtls_ct_base64_dec_value(unsigned char c); + +#endif /* MBEDTLS_TEST_HOOKS */ + +#endif /* MBEDTLS_BASE64_INTERNAL */ diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index 052d1d097..e351ad8a2 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/base64.h" +#include "base64_internal.h" #include "constant_time_internal.h" #include From ec85b8546816cbbf73e171dcd370f51b3bb4010d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 18 May 2023 20:41:02 +0100 Subject: [PATCH 045/339] code style Signed-off-by: Dave Rodgman --- tests/suites/test_suite_constant_time.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index 2fafa948d..cce5b8435 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -298,7 +298,8 @@ void mbedtls_ct_memcpy_if(int eq, int size, int offset) TEST_CF_SECRET(src, size + offset); TEST_CF_SECRET(result, size + offset); - mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), src + offset, src + offset, src + offset, size); + mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), src + offset, src + offset, src + offset, + size); TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq)); TEST_CF_PUBLIC(src, size + offset); From 2894d007d32ac793ccabb998eb1cd05459a45f95 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 8 Jun 2023 17:52:21 +0100 Subject: [PATCH 046/339] Strengthen fall-back for mbedtls_ct_compiler_opaque Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 44682c049..c490d8229 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -65,20 +65,29 @@ * Core const-time primitives */ -/** Ensure that the compiler cannot know the value of x (i.e., cannot optimise +/* Ensure that the compiler cannot know the value of x (i.e., cannot optimise * based on its value) after this function is called. * * If we are not using assembly, this will be fairly inefficient, so its use * should be minimised. */ + +#if !defined(MBEDTLS_CT_ASM) +/* +* Define an object with the value zero, such that the compiler cannot prove that it +* has the value zero (because it is volatile, it "may be modified in ways unknown to +* the implementation"). +*/ +static volatile mbedtls_ct_uint_t mbedtls_ct_zero = 0; +#endif + static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) { #if defined(MBEDTLS_CT_ASM) asm volatile ("" : [x] "+r" (x) :); return x; #else - volatile mbedtls_ct_uint_t result = x; - return result; + return x ^ mbedtls_ct_zero; #endif } From 58c80f4d9208aa75aa5cb60585c1af176918d9e1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 12 Jun 2023 18:19:46 +0100 Subject: [PATCH 047/339] Make mbedtls_ct_zero non-static Signed-off-by: Dave Rodgman --- library/constant_time.c | 9 +++++++++ library/constant_time_impl.h | 7 +------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 90fbcf2d2..40a7f0dba 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -37,6 +37,15 @@ psa_generic_status_to_mbedtls) #endif +#if !defined(MBEDTLS_CT_ASM) +/* +* Define an object with the value zero, such that the compiler cannot prove that it +* has the value zero (because it is volatile, it "may be modified in ways unknown to +* the implementation"). +*/ +volatile mbedtls_ct_uint_t mbedtls_ct_zero = 0; +#endif + /* * Define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS where assembly is present to * perform fast unaligned access to volatile data. diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index c490d8229..91418e58f 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -73,12 +73,7 @@ */ #if !defined(MBEDTLS_CT_ASM) -/* -* Define an object with the value zero, such that the compiler cannot prove that it -* has the value zero (because it is volatile, it "may be modified in ways unknown to -* the implementation"). -*/ -static volatile mbedtls_ct_uint_t mbedtls_ct_zero = 0; +extern volatile mbedtls_ct_uint_t mbedtls_ct_zero; #endif static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) From 1ab0b48ac3a69275349fd9e6d77b0807d5eaebad Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 12 Jun 2023 18:22:18 +0100 Subject: [PATCH 048/339] Code style Signed-off-by: Dave Rodgman --- library/constant_time.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 40a7f0dba..68b9bdb3f 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -39,10 +39,10 @@ #if !defined(MBEDTLS_CT_ASM) /* -* Define an object with the value zero, such that the compiler cannot prove that it -* has the value zero (because it is volatile, it "may be modified in ways unknown to -* the implementation"). -*/ + * Define an object with the value zero, such that the compiler cannot prove that it + * has the value zero (because it is volatile, it "may be modified in ways unknown to + * the implementation"). + */ volatile mbedtls_ct_uint_t mbedtls_ct_zero = 0; #endif From f27727b22e243a1a93f8b045d4e3be93501ad901 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 13 May 2023 12:12:02 +0100 Subject: [PATCH 049/339] Docs update Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 0cb3f2a34..2320234d8 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -36,10 +36,10 @@ * * It has three main parts: * - * - boolean operations (and a few non-boolean operations) + * - boolean operations * These are all named mbedtls_ct_bool_, and operate over * mbedtls_ct_condition_t. - * All arguments to these operations are considered secret. + * All arguments are considered secret. * example: bool x = y | z => x = mbedtls_ct_bool_or(y, z) * * - conditional data selection @@ -62,10 +62,11 @@ * to/from "unsigned int", "size_t", and "mbedtls_mpi_uint" (and any other * not-larger integer types). * - * For Arm (32-bit, 64-bit and Thumb), assembly implementations are used - * to ensure that the generated code is constant time. For other architectures, - * a plain C fallback designed to yield constant-time code (this has been - * observed to be constant-time on latest gcc, clang and MSVC as of May 2023). + * For Arm (32-bit, 64-bit and Thumb), x86 and x86-64, assembly implementations + * are used to ensure that the generated code is constant time. For other + * architectures, a plain C fallback designed to yield constant-time code (this + * has been observed to be constant-time on latest gcc, clang and MSVC as of + * May 2023). */ #if (SIZE_MAX > 0xffffffffffffffffULL) From 855f72bb4c8fbacc2fa60017905318eb85c16c43 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 13 Jun 2023 10:36:06 +0100 Subject: [PATCH 050/339] Fix ecp test Signed-off-by: Dave Rodgman --- tests/suites/test_suite_ecp.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index bd0fcf2f1..1560299d5 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1653,7 +1653,7 @@ void ecp_mod_random(int id, int ctype) TEST_EQUAL(0, mbedtls_mpi_mod_random(&rX, 1, &m, mbedtls_test_rnd_std_rand, NULL)); - TEST_ASSERT(mbedtls_mpi_core_lt_ct(rX.p, m.p, limbs) == 1); + TEST_ASSERT(mbedtls_mpi_core_lt_ct(rX.p, m.p, limbs) == MBEDTLS_CT_TRUE); exit: mbedtls_mpi_mod_modulus_free(&m); From daa363b4d358dbf4141999f689c7165c421028d4 Mon Sep 17 00:00:00 2001 From: SlugFiller <5435495+SlugFiller@users.noreply.github.com> Date: Wed, 14 Jun 2023 05:42:12 +0300 Subject: [PATCH 051/339] Add changelog entry Signed-off-by: SlugFiller <5435495+SlugFiller@users.noreply.github.com> --- ChangeLog.d/fix-win32-llvm-build.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/fix-win32-llvm-build.txt diff --git a/ChangeLog.d/fix-win32-llvm-build.txt b/ChangeLog.d/fix-win32-llvm-build.txt new file mode 100644 index 000000000..826551ccf --- /dev/null +++ b/ChangeLog.d/fix-win32-llvm-build.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix builds on Windows with clang From 8bde649c0bfe1484b10ad10e687d8bc69c112048 Mon Sep 17 00:00:00 2001 From: Marek Jansta Date: Mon, 7 Nov 2022 12:38:38 +0100 Subject: [PATCH 052/339] Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate Signed-off-by: Marek Jansta --- .../x509-ec-algorithm-identifier-fix.txt | 4 ++++ include/mbedtls/x509.h | 3 ++- library/x509_create.c | 19 +++++++++++++++--- library/x509write_crt.c | 20 +++++++++++++++---- library/x509write_csr.c | 2 +- tests/data_files/Makefile | 2 +- tests/data_files/Readme-x509.txt | 4 ++++ .../parse_input/server5-non-compliant.crt | 12 +++++++++++ tests/data_files/server5.req.ku.sha1 | 6 +++--- tests/suites/test_suite_x509parse.data | 8 ++++++++ 10 files changed, 67 insertions(+), 13 deletions(-) create mode 100644 ChangeLog.d/x509-ec-algorithm-identifier-fix.txt create mode 100644 tests/data_files/parse_input/server5-non-compliant.crt diff --git a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt new file mode 100644 index 000000000..cd216da36 --- /dev/null +++ b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix x509 certificate generation to conform to RFCs when using ECC key. + The certificate was rejected by some crypto frameworks. + Fixes #2924. diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index df6d7623a..fffa475d7 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -478,7 +478,8 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first); int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, - unsigned char *sig, size_t size); + unsigned char *sig, size_t size, + mbedtls_pk_type_t pk_alg); int mbedtls_x509_get_ns_cert_type(unsigned char **p, const unsigned char *end, unsigned char *ns_cert_type); diff --git a/library/x509_create.c b/library/x509_create.c index 50db95688..da10c3931 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -282,9 +282,11 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, - unsigned char *sig, size_t size) + unsigned char *sig, size_t size, + mbedtls_pk_type_t pk_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int write_null_par; size_t len = 0; if (*p < start || (size_t) (*p - start) < size) { @@ -307,8 +309,19 @@ int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, // Write OID // - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(p, start, oid, - oid_len, 0)); + if (pk_alg == MBEDTLS_PK_ECDSA) { + /* + * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature + * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and + * https://www.rfc-editor.org/rfc/rfc5758#section-3. + */ + write_null_par = 0; + } else { + write_null_par = 1; + } + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_algorithm_identifier_ext(p, start, oid, oid_len, + 0, write_null_par)); return (int) len; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 59fd58900..04ff6240d 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -577,6 +577,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; + int write_sig_null_par; /* * Prepare data to be signed at the end of the target buffer @@ -668,9 +669,20 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, /* * Signature ::= AlgorithmIdentifier */ + if (pk_alg == MBEDTLS_PK_ECDSA) { + /* + * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature + * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and + * https://www.rfc-editor.org/rfc/rfc5758#section-3. + */ + write_sig_null_par = 0; + } else { + write_sig_null_par = 1; + } MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_algorithm_identifier(&c, buf, - sig_oid, strlen(sig_oid), 0)); + mbedtls_asn1_write_algorithm_identifier_ext(&c, buf, + sig_oid, strlen(sig_oid), + 0, write_sig_null_par)); /* * Serial ::= INTEGER @@ -762,8 +774,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, * into the CRT buffer. */ c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c, - sig_oid, sig_oid_len, sig, - sig_len)); + sig_oid, sig_oid_len, + sig, sig_len, pk_alg)); /* * Memory layout after this step: diff --git a/library/x509write_csr.c b/library/x509write_csr.c index d792d3450..4622d7ae9 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -363,7 +363,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len, - sig, sig_len)); + sig, sig_len, pk_alg)); /* * Compact the space between the CSR data and signature by moving the diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 0c2fa141a..89a61c2c5 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1395,7 +1395,7 @@ all_final += server5-badsign.crt # The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' server5.req.ku.sha1: server5.key - $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 + $(OPENSSL) req -key $< -out $@ -new -nodes -subj "/C=NL/O=PolarSSL/CN=PolarSSL Server 1" -sha1 -addext keyUsage=digitalSignature,nonRepudiation all_final += server5.req.ku.sha1 # server6* diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt index 84c775fd9..82f93d230 100644 --- a/tests/data_files/Readme-x509.txt +++ b/tests/data_files/Readme-x509.txt @@ -76,6 +76,10 @@ List of certificates: -badsign.crt: S5 with corrupted signature -expired.crt: S5 with "not after" date in the past -future.crt: S5 with "not before" date in the future + -non-compliant.crt: S5, RFC non-compliant + (with forbidden EC algorithm identifier NULL parameter) + generated by (before fix): + cert_write subject_key=server5.key subject_name="CN=Test EC RFC non-compliant" issuer_crt=test-ca2.crt issuer_key=test-ca2.key -selfsigned.crt: Self-signed cert with S5 key -ss-expired.crt: Self-signed cert with S5 key, expired -ss-forgeca.crt: Copy of test-int-ca3 self-signed with S5 key diff --git a/tests/data_files/parse_input/server5-non-compliant.crt b/tests/data_files/parse_input/server5-non-compliant.crt new file mode 100644 index 000000000..abea17ddc --- /dev/null +++ b/tests/data_files/parse_input/server5-non-compliant.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBwjCCAUagAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMCQxIjAgBgNVBAMMGVRlc3Qg +RUMgUkZDIG5vbi1jb21wbGlhbnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3 +zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI +wmt3DVXNiioO+gHItO3/o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRQYaWP1AfZ +14IBDOVlf4xjRqcTvjAfBgNVHSMEGDAWgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAM +BggqhkjOPQQDAgUAA2gAMGUCMAJ3J/DooFSaBG2OhzyWai32q6INDZfoS2bToSKf +gy6hbJiIX/G9eFts5+BJQ3QpjgIxALRmIgdR91BDdqpeF5JCmhgjbfbgMQ7mrMeS +ZGfNyFyjS75QnIA6nKryQmgPXo+sCQ== +-----END CERTIFICATE----- diff --git a/tests/data_files/server5.req.ku.sha1 b/tests/data_files/server5.req.ku.sha1 index 3281c9460..c73a0e27d 100644 --- a/tests/data_files/server5.req.ku.sha1 +++ b/tests/data_files/server5.req.ku.sha1 @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY +MIIBFDCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY BgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD -AgbAMAsGByqGSM49BAEFAANIADBFAiEAnIKF+xKk0iEuN4MHd4FZWNvrznLQgkeg -2n8ejjreTzcCIAH34z2TycuMpWQRhpV+YT988pBWR67LAg7REyZnjSAB +AgbAMAkGByqGSM49BAEDSAAwRQIhAJyChfsSpNIhLjeDB3eBWVjb685y0IJHoNp/ +Ho463k83AiAB9+M9k8nLjKVkEYaVfmE/fPKQVkeuywIO0RMmZ40gAQ== -----END CERTIFICATE REQUEST----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index edb782470..cbc464874 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3101,6 +3101,14 @@ X509 File parse (Algorithm Params Tag mismatch) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C x509parse_crt_file:"data_files/parse_input/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH +X509 File parse (does not conform to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field is present, mbedTLS generated before bugfix, OK) +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 +x509parse_crt_file:"data_files/parse_input/server5-non-compliant.crt":0 + +X509 File parse (conforms to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field must be absent for ECDSA) +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 +x509parse_crt_file:"data_files/parse_input/server5.crt":0 + X509 Get time (UTC no issues) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0 From ee7a758b85a762f0166fe4dadc0a20ad1920e890 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Jun 2023 12:12:22 +0200 Subject: [PATCH 053/339] MD: isolate strings to separate table MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the long term, we don't really want those strings in the library. Start with isolating them in a separate table rather than having them in the main md_info structure. This way, the table can easily be garbage-collected by the linker if none of the two functions using it are called. Also, simplify the implementation of mbedtls_md_info_from_string(). This saves 151 bytes with MD_C, and 141 with MD_LIGHT only. Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 136 +++++++++++++++++++++------------------------- library/md_wrap.h | 3 - 2 files changed, 62 insertions(+), 77 deletions(-) diff --git a/library/md.c b/library/md.c index a29d876e9..7cd57ef88 100644 --- a/library/md.c +++ b/library/md.c @@ -78,7 +78,6 @@ #if defined(MBEDTLS_MD_CAN_MD5) const mbedtls_md_info_t mbedtls_md5_info = { - "MD5", MBEDTLS_MD_MD5, 16, 64, @@ -87,7 +86,6 @@ const mbedtls_md_info_t mbedtls_md5_info = { #if defined(MBEDTLS_MD_CAN_RIPEMD160) const mbedtls_md_info_t mbedtls_ripemd160_info = { - "RIPEMD160", MBEDTLS_MD_RIPEMD160, 20, 64, @@ -96,7 +94,6 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { #if defined(MBEDTLS_MD_CAN_SHA1) const mbedtls_md_info_t mbedtls_sha1_info = { - "SHA1", MBEDTLS_MD_SHA1, 20, 64, @@ -105,7 +102,6 @@ const mbedtls_md_info_t mbedtls_sha1_info = { #if defined(MBEDTLS_MD_CAN_SHA224) const mbedtls_md_info_t mbedtls_sha224_info = { - "SHA224", MBEDTLS_MD_SHA224, 28, 64, @@ -114,7 +110,6 @@ const mbedtls_md_info_t mbedtls_sha224_info = { #if defined(MBEDTLS_MD_CAN_SHA256) const mbedtls_md_info_t mbedtls_sha256_info = { - "SHA256", MBEDTLS_MD_SHA256, 32, 64, @@ -123,7 +118,6 @@ const mbedtls_md_info_t mbedtls_sha256_info = { #if defined(MBEDTLS_MD_CAN_SHA384) const mbedtls_md_info_t mbedtls_sha384_info = { - "SHA384", MBEDTLS_MD_SHA384, 48, 128, @@ -132,7 +126,6 @@ const mbedtls_md_info_t mbedtls_sha384_info = { #if defined(MBEDTLS_MD_CAN_SHA512) const mbedtls_md_info_t mbedtls_sha512_info = { - "SHA512", MBEDTLS_MD_SHA512, 64, 128, @@ -141,7 +134,6 @@ const mbedtls_md_info_t mbedtls_sha512_info = { #if defined(MBEDTLS_MD_CAN_SHA3_224) const mbedtls_md_info_t mbedtls_sha3_224_info = { - "SHA3-224", MBEDTLS_MD_SHA3_224, 28, 144, @@ -150,7 +142,6 @@ const mbedtls_md_info_t mbedtls_sha3_224_info = { #if defined(MBEDTLS_MD_CAN_SHA3_256) const mbedtls_md_info_t mbedtls_sha3_256_info = { - "SHA3-256", MBEDTLS_MD_SHA3_256, 32, 136, @@ -159,7 +150,6 @@ const mbedtls_md_info_t mbedtls_sha3_256_info = { #if defined(MBEDTLS_MD_CAN_SHA3_384) const mbedtls_md_info_t mbedtls_sha3_384_info = { - "SHA3-384", MBEDTLS_MD_SHA3_384, 48, 104, @@ -168,7 +158,6 @@ const mbedtls_md_info_t mbedtls_sha3_384_info = { #if defined(MBEDTLS_MD_CAN_SHA3_512) const mbedtls_md_info_t mbedtls_sha3_512_info = { - "SHA3-512", MBEDTLS_MD_SHA3_512, 64, 72, @@ -928,69 +917,77 @@ const int *mbedtls_md_list(void) return supported_digests; } +typedef struct { + const char *md_name; + mbedtls_md_type_t md_type; +} md_name_entry; + +static const md_name_entry md_names[] = { +#if defined(MBEDTLS_MD_CAN_MD5) + { "MD5", MBEDTLS_MD_MD5 }, +#endif +#if defined(MBEDTLS_MD_CAN_RIPEMD160) + { "RIPEMD160", MBEDTLS_MD_RIPEMD160 }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA1) + { "SHA1", MBEDTLS_MD_SHA1 }, + { "SHA", MBEDTLS_MD_SHA1 }, // compatibility fallback +#endif +#if defined(MBEDTLS_MD_CAN_SHA224) + { "SHA224", MBEDTLS_MD_SHA224 }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA256) + { "SHA256", MBEDTLS_MD_SHA256 }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA384) + { "SHA384", MBEDTLS_MD_SHA384 }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA512) + { "SHA512", MBEDTLS_MD_SHA512 }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_224) + { "SHA3-224", MBEDTLS_MD_SHA3_224 }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_256) + { "SHA3-256", MBEDTLS_MD_SHA3_256 }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_384) + { "SHA3-384", MBEDTLS_MD_SHA3_384 }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_512) + { "SHA3-512", MBEDTLS_MD_SHA3_512 }, +#endif + { NULL, MBEDTLS_MD_NONE }, +}; + const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) { if (NULL == md_name) { return NULL; } - /* Get the appropriate digest information */ -#if defined(MBEDTLS_MD_CAN_MD5) - if (!strcmp("MD5", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_MD5); + const md_name_entry *entry = md_names; + while (entry->md_name != NULL && + strcmp(entry->md_name, md_name) != 0) { + ++entry; } -#endif -#if defined(MBEDTLS_MD_CAN_RIPEMD160) - if (!strcmp("RIPEMD160", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160); + + return mbedtls_md_info_from_type(entry->md_type); +} + +const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) +{ + if (md_info == NULL) { + return NULL; } -#endif -#if defined(MBEDTLS_MD_CAN_SHA1) - if (!strcmp("SHA1", md_name) || !strcmp("SHA", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); + + const md_name_entry *entry = md_names; + while (entry->md_type != MBEDTLS_MD_NONE && + entry->md_type != md_info->type) { + ++entry; } -#endif -#if defined(MBEDTLS_MD_CAN_SHA224) - if (!strcmp("SHA224", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224); - } -#endif -#if defined(MBEDTLS_MD_CAN_SHA256) - if (!strcmp("SHA256", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); - } -#endif -#if defined(MBEDTLS_MD_CAN_SHA384) - if (!strcmp("SHA384", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); - } -#endif -#if defined(MBEDTLS_MD_CAN_SHA512) - if (!strcmp("SHA512", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); - } -#endif -#if defined(MBEDTLS_MD_CAN_SHA3_224) - if (!strcmp("SHA3-224", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_224); - } -#endif -#if defined(MBEDTLS_MD_CAN_SHA3_256) - if (!strcmp("SHA3-256", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_256); - } -#endif -#if defined(MBEDTLS_MD_CAN_SHA3_384) - if (!strcmp("SHA3-384", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_384); - } -#endif -#if defined(MBEDTLS_MD_CAN_SHA3_512) - if (!strcmp("SHA3-512", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_512); - } -#endif - return NULL; + + return entry->md_name; } const mbedtls_md_info_t *mbedtls_md_info_from_ctx( @@ -1191,15 +1188,6 @@ cleanup: return ret; } -const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) -{ - if (md_info == NULL) { - return NULL; - } - - return md_info->name; -} - #endif /* MBEDTLS_MD_C */ #endif /* MBEDTLS_MD_LIGHT */ diff --git a/library/md_wrap.h b/library/md_wrap.h index 5e1e327e7..665ab1c5b 100644 --- a/library/md_wrap.h +++ b/library/md_wrap.h @@ -39,9 +39,6 @@ extern "C" { * Allows message digest functions to be called in a generic way. */ struct mbedtls_md_info_t { - /** Name of the message digest */ - const char *name; - /** Digest identifier */ mbedtls_md_type_t type; From c882adf0ca33fb4794ba823c0609249aa7abea7a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 07:37:56 +0100 Subject: [PATCH 054/339] Docs improvement Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 2320234d8..966075816 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -76,13 +76,13 @@ typedef size_t mbedtls_ct_uint_t; typedef ptrdiff_t mbedtls_ct_int_t; #define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) SIZE_MAX) #elif (SIZE_MAX > 0xffffffff) || defined(MBEDTLS_HAVE_INT64) -/* 32-bit < pointer size < 64-bit, or 64-bit MPI */ +/* 32-bit < pointer size <= 64-bit, or 64-bit MPI */ typedef uint64_t mbedtls_ct_condition_t; typedef uint64_t mbedtls_ct_uint_t; typedef int64_t mbedtls_ct_int_t; #define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) UINT64_MAX) #else -/* Pointer size < 32-bit, and no 64-bit MPIs */ +/* Pointer size <= 32-bit, and no 64-bit MPIs */ typedef uint32_t mbedtls_ct_condition_t; typedef uint32_t mbedtls_ct_uint_t; typedef int32_t mbedtls_ct_int_t; From 9e97e6daed2c4acaa7c5a8db615917006a50681b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Jun 2023 12:47:29 +0200 Subject: [PATCH 055/339] Remove useless extern declarations and includes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 22 +++++++++++----------- library/md_wrap.h | 28 ---------------------------- library/psa_crypto.c | 1 - library/psa_crypto_hash.h | 2 -- 4 files changed, 11 insertions(+), 42 deletions(-) diff --git a/library/md.c b/library/md.c index 7cd57ef88..b6e054d31 100644 --- a/library/md.c +++ b/library/md.c @@ -77,7 +77,7 @@ #endif #if defined(MBEDTLS_MD_CAN_MD5) -const mbedtls_md_info_t mbedtls_md5_info = { +static const mbedtls_md_info_t mbedtls_md5_info = { MBEDTLS_MD_MD5, 16, 64, @@ -85,7 +85,7 @@ const mbedtls_md_info_t mbedtls_md5_info = { #endif #if defined(MBEDTLS_MD_CAN_RIPEMD160) -const mbedtls_md_info_t mbedtls_ripemd160_info = { +static const mbedtls_md_info_t mbedtls_ripemd160_info = { MBEDTLS_MD_RIPEMD160, 20, 64, @@ -93,7 +93,7 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { #endif #if defined(MBEDTLS_MD_CAN_SHA1) -const mbedtls_md_info_t mbedtls_sha1_info = { +static const mbedtls_md_info_t mbedtls_sha1_info = { MBEDTLS_MD_SHA1, 20, 64, @@ -101,7 +101,7 @@ const mbedtls_md_info_t mbedtls_sha1_info = { #endif #if defined(MBEDTLS_MD_CAN_SHA224) -const mbedtls_md_info_t mbedtls_sha224_info = { +static const mbedtls_md_info_t mbedtls_sha224_info = { MBEDTLS_MD_SHA224, 28, 64, @@ -109,7 +109,7 @@ const mbedtls_md_info_t mbedtls_sha224_info = { #endif #if defined(MBEDTLS_MD_CAN_SHA256) -const mbedtls_md_info_t mbedtls_sha256_info = { +static const mbedtls_md_info_t mbedtls_sha256_info = { MBEDTLS_MD_SHA256, 32, 64, @@ -117,7 +117,7 @@ const mbedtls_md_info_t mbedtls_sha256_info = { #endif #if defined(MBEDTLS_MD_CAN_SHA384) -const mbedtls_md_info_t mbedtls_sha384_info = { +static const mbedtls_md_info_t mbedtls_sha384_info = { MBEDTLS_MD_SHA384, 48, 128, @@ -125,7 +125,7 @@ const mbedtls_md_info_t mbedtls_sha384_info = { #endif #if defined(MBEDTLS_MD_CAN_SHA512) -const mbedtls_md_info_t mbedtls_sha512_info = { +static const mbedtls_md_info_t mbedtls_sha512_info = { MBEDTLS_MD_SHA512, 64, 128, @@ -133,7 +133,7 @@ const mbedtls_md_info_t mbedtls_sha512_info = { #endif #if defined(MBEDTLS_MD_CAN_SHA3_224) -const mbedtls_md_info_t mbedtls_sha3_224_info = { +static const mbedtls_md_info_t mbedtls_sha3_224_info = { MBEDTLS_MD_SHA3_224, 28, 144, @@ -141,7 +141,7 @@ const mbedtls_md_info_t mbedtls_sha3_224_info = { #endif #if defined(MBEDTLS_MD_CAN_SHA3_256) -const mbedtls_md_info_t mbedtls_sha3_256_info = { +static const mbedtls_md_info_t mbedtls_sha3_256_info = { MBEDTLS_MD_SHA3_256, 32, 136, @@ -149,7 +149,7 @@ const mbedtls_md_info_t mbedtls_sha3_256_info = { #endif #if defined(MBEDTLS_MD_CAN_SHA3_384) -const mbedtls_md_info_t mbedtls_sha3_384_info = { +static const mbedtls_md_info_t mbedtls_sha3_384_info = { MBEDTLS_MD_SHA3_384, 48, 104, @@ -157,7 +157,7 @@ const mbedtls_md_info_t mbedtls_sha3_384_info = { #endif #if defined(MBEDTLS_MD_CAN_SHA3_512) -const mbedtls_md_info_t mbedtls_sha3_512_info = { +static const mbedtls_md_info_t mbedtls_sha3_512_info = { MBEDTLS_MD_SHA3_512, 64, 72, diff --git a/library/md_wrap.h b/library/md_wrap.h index 665ab1c5b..71b60db76 100644 --- a/library/md_wrap.h +++ b/library/md_wrap.h @@ -49,34 +49,6 @@ struct mbedtls_md_info_t { unsigned char block_size; }; -#if defined(MBEDTLS_MD5_C) -extern const mbedtls_md_info_t mbedtls_md5_info; -#endif -#if defined(MBEDTLS_RIPEMD160_C) -extern const mbedtls_md_info_t mbedtls_ripemd160_info; -#endif -#if defined(MBEDTLS_SHA1_C) -extern const mbedtls_md_info_t mbedtls_sha1_info; -#endif -#if defined(MBEDTLS_SHA224_C) -extern const mbedtls_md_info_t mbedtls_sha224_info; -#endif -#if defined(MBEDTLS_SHA256_C) -extern const mbedtls_md_info_t mbedtls_sha256_info; -#endif -#if defined(MBEDTLS_SHA384_C) -extern const mbedtls_md_info_t mbedtls_sha384_info; -#endif -#if defined(MBEDTLS_SHA512_C) -extern const mbedtls_md_info_t mbedtls_sha512_info; -#endif -#if defined(MBEDTLS_SHA3_C) -extern const mbedtls_md_info_t mbedtls_sha3_224_info; -extern const mbedtls_md_info_t mbedtls_sha3_256_info; -extern const mbedtls_md_info_t mbedtls_sha3_384_info; -extern const mbedtls_md_info_t mbedtls_sha3_512_info; -#endif - #ifdef __cplusplus } #endif diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5e38c3ad6..13b8cb0c3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -72,7 +72,6 @@ #include "mbedtls/gcm.h" #include "mbedtls/md5.h" #include "mbedtls/md.h" -#include "md_wrap.h" #include "mbedtls/pk.h" #include "pk_wrap.h" #include "mbedtls/platform_util.h" diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h index d6bbd3fee..2dfb0115e 100644 --- a/library/psa_crypto_hash.h +++ b/library/psa_crypto_hash.h @@ -23,8 +23,6 @@ #include -#include "md_wrap.h" - /** Calculate the hash (digest) of a message using Mbed TLS routines. * * \note The signature of this function is that of a PSA driver hash_compute From a36ef6b41080c96ad8ea6f862541113f9ccaf1a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Jun 2023 12:02:07 +0200 Subject: [PATCH 056/339] Omit block_size when MD_C is not enabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It's only used by our HMAC implementation Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 50 ++++++++++++++++------------------------------- library/md_wrap.h | 2 ++ 2 files changed, 19 insertions(+), 33 deletions(-) diff --git a/library/md.c b/library/md.c index b6e054d31..8dde66e5d 100644 --- a/library/md.c +++ b/library/md.c @@ -76,91 +76,75 @@ #error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE" #endif +#if defined(MBEDTLS_MD_C) +#define MD_INFO(type, out_size, block_size) type, out_size, block_size, +#else +#define MD_INFO(type, out_size, block_size) type, out_size, +#endif + #if defined(MBEDTLS_MD_CAN_MD5) static const mbedtls_md_info_t mbedtls_md5_info = { - MBEDTLS_MD_MD5, - 16, - 64, + MD_INFO(MBEDTLS_MD_MD5, 16, 64) }; #endif #if defined(MBEDTLS_MD_CAN_RIPEMD160) static const mbedtls_md_info_t mbedtls_ripemd160_info = { - MBEDTLS_MD_RIPEMD160, - 20, - 64, + MD_INFO(MBEDTLS_MD_RIPEMD160, 20, 64) }; #endif #if defined(MBEDTLS_MD_CAN_SHA1) static const mbedtls_md_info_t mbedtls_sha1_info = { - MBEDTLS_MD_SHA1, - 20, - 64, + MD_INFO(MBEDTLS_MD_SHA1, 20, 64) }; #endif #if defined(MBEDTLS_MD_CAN_SHA224) static const mbedtls_md_info_t mbedtls_sha224_info = { - MBEDTLS_MD_SHA224, - 28, - 64, + MD_INFO(MBEDTLS_MD_SHA224, 28, 64) }; #endif #if defined(MBEDTLS_MD_CAN_SHA256) static const mbedtls_md_info_t mbedtls_sha256_info = { - MBEDTLS_MD_SHA256, - 32, - 64, + MD_INFO(MBEDTLS_MD_SHA256, 32, 64) }; #endif #if defined(MBEDTLS_MD_CAN_SHA384) static const mbedtls_md_info_t mbedtls_sha384_info = { - MBEDTLS_MD_SHA384, - 48, - 128, + MD_INFO(MBEDTLS_MD_SHA384, 48, 128) }; #endif #if defined(MBEDTLS_MD_CAN_SHA512) static const mbedtls_md_info_t mbedtls_sha512_info = { - MBEDTLS_MD_SHA512, - 64, - 128, + MD_INFO(MBEDTLS_MD_SHA512, 64, 128) }; #endif #if defined(MBEDTLS_MD_CAN_SHA3_224) static const mbedtls_md_info_t mbedtls_sha3_224_info = { - MBEDTLS_MD_SHA3_224, - 28, - 144, + MD_INFO(MBEDTLS_MD_SHA3_224, 28, 144) }; #endif #if defined(MBEDTLS_MD_CAN_SHA3_256) static const mbedtls_md_info_t mbedtls_sha3_256_info = { - MBEDTLS_MD_SHA3_256, - 32, - 136, + MD_INFO(MBEDTLS_MD_SHA3_256, 32, 136) }; #endif #if defined(MBEDTLS_MD_CAN_SHA3_384) static const mbedtls_md_info_t mbedtls_sha3_384_info = { - MBEDTLS_MD_SHA3_384, - 48, - 104, + MD_INFO(MBEDTLS_MD_SHA3_384, 48, 104) }; #endif #if defined(MBEDTLS_MD_CAN_SHA3_512) static const mbedtls_md_info_t mbedtls_sha3_512_info = { - MBEDTLS_MD_SHA3_512, - 64, - 72, + MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72) }; #endif diff --git a/library/md_wrap.h b/library/md_wrap.h index 71b60db76..166b43b99 100644 --- a/library/md_wrap.h +++ b/library/md_wrap.h @@ -45,8 +45,10 @@ struct mbedtls_md_info_t { /** Output length of the digest function in bytes */ unsigned char size; +#if defined(MBEDTLS_MD_C) /** Block length of the digest function in bytes */ unsigned char block_size; +#endif }; #ifdef __cplusplus From e8e1e157cb50dce31e1a166b8b9f961b98db41c3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 25 Jun 2023 21:41:58 +0200 Subject: [PATCH 057/339] Fix empty union when TLS is disabled When all TLS 1.2 support is disabled, union mbedtls_ssl_premaster_secret was empty, which is not valid C even if the union is never used. Fixes #6628. Signed-off-by: Gilles Peskine --- ChangeLog.d/ssl_premaster_secret-empty.txt | 3 +++ include/mbedtls/ssl.h | 1 + 2 files changed, 4 insertions(+) create mode 100644 ChangeLog.d/ssl_premaster_secret-empty.txt diff --git a/ChangeLog.d/ssl_premaster_secret-empty.txt b/ChangeLog.d/ssl_premaster_secret-empty.txt new file mode 100644 index 000000000..0ce5f36ea --- /dev/null +++ b/ChangeLog.d/ssl_premaster_secret-empty.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix a compilation error on some platforms when including mbedtls/ssl.h + with all TLS support disabled. Fixes #6628. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 68e8d040f..006b25551 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -620,6 +620,7 @@ /* Dummy type used only for its size */ union mbedtls_ssl_premaster_secret { + unsigned char dummy; /* Make the union non-empty even with SSL disabled */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ #endif From 3cb6e41dfa7e1603876b03e256f6ca1f814054d3 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:14:15 +0530 Subject: [PATCH 058/339] Add define for builtin pbkdf2_cmac Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index b7e89472f..f1cff20b5 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -599,6 +599,14 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ +#if defined(PSA_WANT_ALG_CMAC) && defined(PSA_HAVE_SOFT_KEY_TYPE_AES) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 +#define MBEDTLS_CMAC_C +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ +#endif /* PSA_WANT_ALG_CMAC && PSA_HAVE_SOFT_KEY_TYPE_AES */ + #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) #define MBEDTLS_ECP_DP_BP256R1_ENABLED From dd45667a18fa3d37a10db3b8a72b7af35ff33a8f Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:21:13 +0530 Subject: [PATCH 059/339] Define struct for pbkdf2_cmac Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 6 ++++-- include/psa/crypto_driver_contexts_key_derivation.h | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index cd6d51df0..c598fa438 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -105,7 +105,8 @@ typedef struct psa_tls12_prf_key_derivation_s { } psa_tls12_prf_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) typedef enum { PSA_PBKDF2_STATE_INIT, /* no input provided */ PSA_PBKDF2_STATE_INPUT_COST_SET, /* input cost has been set */ @@ -125,6 +126,7 @@ typedef struct { uint8_t MBEDTLS_PRIVATE(bytes_used); uint32_t MBEDTLS_PRIVATE(block_number); } psa_pbkdf2_key_derivation_t; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ #endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */ diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h index 5b4e4745d..32de4f765 100644 --- a/include/psa/crypto_driver_contexts_key_derivation.h +++ b/include/psa/crypto_driver_contexts_key_derivation.h @@ -55,7 +55,8 @@ typedef union { #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms); #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) psa_pbkdf2_key_derivation_t MBEDTLS_PRIVATE(pbkdf2); #endif } psa_driver_key_derivation_context_t; From 3ab146f99e51179fc8e2b37d3ec9504a205b50ab Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:35:36 +0530 Subject: [PATCH 060/339] Add builtin pbkdf2 cmac guard for all the pbkdf2 functions Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 51 +++++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2b9c8a29f..4d8979caf 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5080,7 +5080,8 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ @@ -5184,8 +5185,10 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) sizeof(operation->ctx.tls12_ecjpake_to_pms.data)); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || + kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { if (operation->ctx.pbkdf2.salt != NULL) { mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, operation->ctx.pbkdf2.salt_length); @@ -5194,7 +5197,8 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) status = PSA_SUCCESS; } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) */ { status = PSA_ERROR_BAD_STATE; } @@ -5521,7 +5525,8 @@ static psa_status_t psa_key_derivation_tls12_ecjpake_to_pms_read( } #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) static psa_status_t psa_key_derivation_pbkdf2_generate_block( psa_pbkdf2_key_derivation_t *pbkdf2, psa_algorithm_t prf_alg, @@ -5650,7 +5655,8 @@ static psa_status_t psa_key_derivation_pbkdf2_read( return PSA_SUCCESS; } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, @@ -5705,12 +5711,15 @@ psa_status_t psa_key_derivation_output_bytes( &operation->ctx.tls12_ecjpake_to_pms, output, output_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || + kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { status = psa_key_derivation_pbkdf2_read(&operation->ctx.pbkdf2, kdf_alg, output, output_length); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ { (void) kdf_alg; @@ -6628,7 +6637,8 @@ static psa_status_t psa_tls12_ecjpake_to_pms_input( } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) static psa_status_t psa_pbkdf2_set_input_cost( psa_pbkdf2_key_derivation_t *pbkdf2, psa_key_derivation_step_t step, @@ -6749,7 +6759,8 @@ static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_INVALID_ARGUMENT; } } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ /** Check whether the given key type is acceptable for the given * input step of a key derivation. @@ -6846,12 +6857,15 @@ static psa_status_t psa_key_derivation_input_internal( &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || + kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg, step, data, data_length); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ { /* This can't happen unless the operation object was not initialized */ (void) data; @@ -6875,12 +6889,15 @@ static psa_status_t psa_key_derivation_input_integer_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || + kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { status = psa_pbkdf2_set_input_cost( &operation->ctx.pbkdf2, step, value); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ { (void) step; (void) value; From 857cd4b3eeba38961010c00c5a750abd26a2aada Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:37:23 +0530 Subject: [PATCH 061/339] Add AES_CMAC_PRF_128 output size macro Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_sizes.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 8cc965b09..61ec2e6c8 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -276,6 +276,9 @@ * This is a vendor-specific macro. This can be configured if necessary */ #define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff +/* Output size of AES_CMAC_PRF_128 algorithm */ +#define AES_CMAC_PRF_128_OUTPUT_SIZE 16 + /** The maximum size of a block cipher. */ #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 From 2cd649684af255a20628679628dd9fada0cc8d4c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:38:57 +0530 Subject: [PATCH 062/339] Add pbkdf2_cmac to key derivation setup Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4d8979caf..f29d1abde 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6142,6 +6142,11 @@ static int is_kdf_alg_supported(psa_algorithm_t kdf_alg) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { return 1; } +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + return 1; + } #endif return 0; } @@ -6168,10 +6173,14 @@ static psa_status_t psa_key_derivation_setup_kdf( } /* All currently supported key derivation algorithms (apart from - * ecjpake to pms) are based on a hash algorithm. */ + * ecjpake to pms and pbkdf2_aes_cmac_128) are based on a hash algorithm. */ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); size_t hash_size = PSA_HASH_LENGTH(hash_alg); - if (kdf_alg != PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); + } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + hash_size = AES_CMAC_PRF_128_OUTPUT_SIZE; + } else { if (hash_size == 0) { return PSA_ERROR_NOT_SUPPORTED; } @@ -6183,8 +6192,6 @@ static psa_status_t psa_key_derivation_setup_kdf( if (status != PSA_SUCCESS) { return status; } - } else { - hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); } if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) || From 3d5edb8eeffbf3a7c0d7485acbd73312e4645113 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:41:25 +0530 Subject: [PATCH 063/339] Add input password function for pbkdf2 cmac Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 43 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f29d1abde..8606f17c7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6727,6 +6727,33 @@ static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, return status; } +static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, + size_t input_len, + uint8_t *output, + size_t *output_len) +{ + psa_status_t status = PSA_SUCCESS; + if (input_len != AES_CMAC_PRF_128_OUTPUT_SIZE) { + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t zeros[16] = {0}; + psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); + psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(sizeof(zeros))); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); + /* Passing AES_CMAC_PRF_128_OUTPUT_SIZE as mac_size as the driver + * function sets mac_output_length = mac_size on success. See #7801*/ + status = psa_driver_wrapper_mac_compute(&attributes, + zeros, sizeof(zeros), + PSA_ALG_CMAC, input, input_len, + output, + AES_CMAC_PRF_128_OUTPUT_SIZE, + output_len); + } else { + memcpy(output, input, input_len); + *output_len = AES_CMAC_PRF_128_OUTPUT_SIZE; + } + return status; +} + static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, psa_algorithm_t kdf_alg, const uint8_t *data, @@ -6737,13 +6764,15 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_BAD_STATE; } - if (data_length != 0) { - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { - psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); - status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, - pbkdf2->password, - &pbkdf2->password_length); - } + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); + status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, + pbkdf2->password, + &pbkdf2->password_length); + } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + status = psa_pbkdf2_cmac_set_password(data, data_length, + pbkdf2->password, + &pbkdf2->password_length); } pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET; From a2520a5b7e9fadb887c915fab5d8d866ee6dc557 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:42:19 +0530 Subject: [PATCH 064/339] Add pbkdf2 cmac to key derivation output_bytes Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8606f17c7..c3531e404 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5611,8 +5611,10 @@ static psa_status_t psa_key_derivation_pbkdf2_read( prf_alg = PSA_ALG_HMAC(PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg)); prf_output_length = PSA_HASH_LENGTH(prf_alg); psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - } else { - return PSA_ERROR_INVALID_ARGUMENT; + } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + prf_alg = PSA_ALG_CMAC; + prf_output_length = AES_CMAC_PRF_128_OUTPUT_SIZE; + psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); } switch (pbkdf2->state) { From 4536bb6f2bfdb3a552f756607ac815961a7e0c8c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:42:59 +0530 Subject: [PATCH 065/339] Change mac_size parameter in driver_mac_compute to output length See #7801 for reference Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c3531e404..1f5ab0d55 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5575,11 +5575,14 @@ static psa_status_t psa_key_derivation_pbkdf2_generate_block( memcpy(U_accumulator, U_i, prf_output_length); for (i = 1; i < pbkdf2->input_cost; i++) { + /* We are passing prf_output_length as mac_size because the driver + * function directly sets mac_output_length as mac_size upon success. + * See #7801 */ status = psa_driver_wrapper_mac_compute(attributes, pbkdf2->password, pbkdf2->password_length, prf_alg, U_i, prf_output_length, - U_i, sizeof(U_i), + U_i, prf_output_length, &mac_output_length); if (status != PSA_SUCCESS) { goto cleanup; From 1d3fca21b18cfae44838af3daf3fa1dafe4b15d6 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:45:15 +0530 Subject: [PATCH 066/339] Add test cases for input validation of pbkdf2 cmac Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 73 +++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 6587e93d6..4895f9bc4 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5543,6 +5543,79 @@ PSA key derivation: PBKDF2-HMAC-SHA256, reject cost greater than PSA_VENDOR_PBKD depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_input_invalid_cost:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_VENDOR_PBKDF2_MAX_ITERATIONS+1ULL +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, direct output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, key output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, DERIVE key as password, key output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS +#Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000000":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt missing +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password missing +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt and password before cost +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password before cost +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password bad key type +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_RAW_DATA:"706173737764":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct password, direct output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct empty password, direct output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct password, key output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, DERIVE key as salt +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_DERIVE:"73616c74":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, duplicate cost step +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, duplicate salt step +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"6c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject secret step +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject label step +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject seed step +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) From 9d4c74f25c9763f17c5440faa522b7ae266d1a91 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:47:25 +0530 Subject: [PATCH 067/339] Add test cases for output validation of pbkdf2 cmac PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library: https://github.com/Legrandin/pycryptodome Steps to generate test vectors: 1. pip install pycryptodome 2. Use the python script below to generate Derived key (see description for details): Example usage: pbkdf2_cmac.py derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16 password : 4a30314e4d45 salt : 54687265616437333563383762344f70656e54687265616444656d6f input cost : 16384 derived key len : 16 output : 8b27beed7e7a4dd6c53138c879a8e33c """ from Crypto.Protocol.KDF import PBKDF2 from Crypto.Hash import CMAC from Crypto.Cipher import AES import sys def main(): #check args if len(sys.argv) != 5: print("Invalid number of arguments. Expected: ") return password = bytes.fromhex(sys.argv[1]) salt = bytes.fromhex(sys.argv[2]) iterations = int(sys.argv[3]) dklen = int(sys.argv[4]) # If password is not 16 bytes then we need to use CMAC to derive the password if len(password) != 16: zeros = bytes.fromhex("00000000000000000000000000000000") cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16) passwd = bytes.fromhex(cobj_pass.hexdigest()) else: passwd = password cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest() actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf) print('password : ' + password.hex()) print('salt : ' + salt.hex()) print('input cost : ' + str(iterations)) print('derived key len : ' + str(dklen)) print('output : ' + actual_output.hex()) if __name__ == "__main__": main() """ Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 37 +++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 4895f9bc4..021af4dbe 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6398,6 +6398,43 @@ PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #1, 20+1 (over capacity) depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"0c60c80f961f0e71f3a9b524af6012062fe037a6":"00":0:1:0 +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 16+0 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 15+1 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e3":"3c":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 0+16 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"":"8b27beed7e7a4dd6c53138c879a8e33c":0:1:0 + +#The following test vectors were generated by a python script. Details can be found in the commit message. +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 2 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"02":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"160597e28021fb3dd9cf088b007b688360fed438":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 3 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"38ba9795fe87e47d519eacb77e82e35daa795870":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 4 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f726450415353574f524470617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":25:"25e7c43283d2e98cb6d9537a783e93153a45595a876779e00d":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 5 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361006c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"7061737300776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"3d2828c5a437d781e7733ca353c40579":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 6 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f524d9ecbf864eb814a46cda50ad5ec4c0dc03578c6c5fb4a3f9880deb5cab537e4":"":0:1:0 + PSA key derivation: ECJPAKE to PMS, no input depends_on:PSA_WANT_ALG_SHA_256 derive_ecjpake_to_pms:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT From b3042c39fe4686769f17bb092dcd2337bf196e30 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 27 Jun 2023 10:39:47 +0530 Subject: [PATCH 068/339] Define PSA_ALG_WANT_PBKDF2_AES_CMAC_PRF_128 and fix config Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 13 +++++-------- include/psa/crypto_config.h | 1 + 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index f1cff20b5..9f6b9cafe 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -519,6 +519,11 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 #define MBEDTLS_CMAC_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ +#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ #endif /* PSA_WANT_ALG_CMAC */ #if defined(PSA_WANT_ALG_CTR) @@ -599,14 +604,6 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ -#if defined(PSA_WANT_ALG_CMAC) && defined(PSA_HAVE_SOFT_KEY_TYPE_AES) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 -#define MBEDTLS_CMAC_C -#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ -#endif /* PSA_WANT_ALG_CMAC && PSA_HAVE_SOFT_KEY_TYPE_AES */ - #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) #define MBEDTLS_ECP_DP_BP256R1_ENABLED diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 9da28de8b..af78dce17 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -76,6 +76,7 @@ #define PSA_WANT_ALG_MD5 1 #define PSA_WANT_ALG_OFB 1 #define PSA_WANT_ALG_PBKDF2_HMAC 1 +#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1 #define PSA_WANT_ALG_RIPEMD160 1 #define PSA_WANT_ALG_RSA_OAEP 1 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 From 3fde8feaa96236e075e43d515126bb685318cd67 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 27 Jun 2023 10:41:43 +0530 Subject: [PATCH 069/339] FIx name of macro Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_sizes.h | 2 +- library/psa_crypto.c | 16 +++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 61ec2e6c8..b884defe0 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -277,7 +277,7 @@ #define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff /* Output size of AES_CMAC_PRF_128 algorithm */ -#define AES_CMAC_PRF_128_OUTPUT_SIZE 16 +#define PSA_AES_CMAC_PRF_128_OUTPUT_SIZE 16 /** The maximum size of a block cipher. */ #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1f5ab0d55..048ab58b3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5616,8 +5616,10 @@ static psa_status_t psa_key_derivation_pbkdf2_read( psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { prf_alg = PSA_ALG_CMAC; - prf_output_length = AES_CMAC_PRF_128_OUTPUT_SIZE; + prf_output_length = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); + } else { + return PSA_ERROR_INVALID_ARGUMENT; } switch (pbkdf2->state) { @@ -6184,7 +6186,7 @@ static psa_status_t psa_key_derivation_setup_kdf( if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { - hash_size = AES_CMAC_PRF_128_OUTPUT_SIZE; + hash_size = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; } else { if (hash_size == 0) { return PSA_ERROR_NOT_SUPPORTED; @@ -6738,23 +6740,23 @@ static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, size_t *output_len) { psa_status_t status = PSA_SUCCESS; - if (input_len != AES_CMAC_PRF_128_OUTPUT_SIZE) { + if (input_len != PSA_AES_CMAC_PRF_128_OUTPUT_SIZE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t zeros[16] = {0}; + uint8_t zeros[16] = { 0 }; psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(sizeof(zeros))); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - /* Passing AES_CMAC_PRF_128_OUTPUT_SIZE as mac_size as the driver + /* Passing PSA_AES_CMAC_PRF_128_OUTPUT_SIZE as mac_size as the driver * function sets mac_output_length = mac_size on success. See #7801*/ status = psa_driver_wrapper_mac_compute(&attributes, zeros, sizeof(zeros), PSA_ALG_CMAC, input, input_len, output, - AES_CMAC_PRF_128_OUTPUT_SIZE, + PSA_AES_CMAC_PRF_128_OUTPUT_SIZE, output_len); } else { memcpy(output, input, input_len); - *output_len = AES_CMAC_PRF_128_OUTPUT_SIZE; + *output_len = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; } return status; } From 671320633c08458b5b7a81b9d1fafd131784559a Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 27 Jun 2023 10:45:06 +0530 Subject: [PATCH 070/339] Add test cases for key and plain inputs Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 70 +++++++++++++++---------- 1 file changed, 43 insertions(+), 27 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 021af4dbe..2cb9bf55e 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5544,76 +5544,76 @@ depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_input_invalid_cost:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_VENDOR_PBKDF2_MAX_ITERATIONS+1ULL PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, direct output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, key output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, DERIVE key as password, key output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS PSA key derivation: PBKDF2-AES-CMAC-PRF-128, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS #Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000000":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt missing -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password missing -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt and password before cost -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password before cost -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password bad key type -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_RAW_DATA:"706173737764":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct password, direct output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct empty password, direct output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct password, key output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED PSA key derivation: PBKDF2-AES-CMAC-PRF-128, DERIVE key as salt -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_DERIVE:"73616c74":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, duplicate cost step -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, duplicate salt step -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"6c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject secret step -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject label step -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject seed step -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation over capacity: HKDF @@ -6399,42 +6399,58 @@ depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"0c60c80f961f0e71f3a9b524af6012062fe037a6":"00":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 16+0 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 15+1 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e3":"3c":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 0+16 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"":"8b27beed7e7a4dd6c53138c879a8e33c":0:1:0 #The following test vectors were generated by a python script. Details can be found in the commit message. PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 2 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"02":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"160597e28021fb3dd9cf088b007b688360fed438":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 3 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"38ba9795fe87e47d519eacb77e82e35daa795870":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 4 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f726450415353574f524470617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":25:"25e7c43283d2e98cb6d9537a783e93153a45595a876779e00d":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 5 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361006c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"7061737300776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"3d2828c5a437d781e7733ca353c40579":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 6 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f524d9ecbf864eb814a46cda50ad5ec4c0dc03578c6c5fb4a3f9880deb5cab537e4":"":0:1:0 +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, salt in two step +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"5468726561643733356338376234":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"4f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as key, derive key +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":""::0:1:1 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as bytes +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:0:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as bytes, derive key +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:0:1 + PSA key derivation: ECJPAKE to PMS, no input depends_on:PSA_WANT_ALG_SHA_256 derive_ecjpake_to_pms:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT From d80183864a6c2375d27e2e1b83831a7efaeff5fc Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 27 Jun 2023 10:51:16 +0530 Subject: [PATCH 071/339] Add test case for zero input cost Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2cb9bf55e..ee9b1e20a 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5616,6 +5616,10 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject seed step depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject zero input cost +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"00":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) From 7333ed3efa66c1ac9d886b7506a476a6c4b1995e Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 4 Jul 2023 11:42:08 +0530 Subject: [PATCH 072/339] Add max iterations test case for cmac Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ee9b1e20a..0bbe6bcc1 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5555,11 +5555,6 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, DERIVE key as password, depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS -#Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000000":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE - PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt missing depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE @@ -5620,6 +5615,10 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject zero input cost depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"00":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input_invalid_cost:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_VENDOR_PBKDF2_MAX_ITERATIONS+1ULL + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) From 5168bd5f0f06f6ac5e63d9f3e4bd5d41b06bc5f2 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 4 Jul 2023 11:43:45 +0530 Subject: [PATCH 073/339] Add changelog entry Signed-off-by: Kusumit Ghoderao --- ChangeLog.d/add-pbkdf2-cmac.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/add-pbkdf2-cmac.txt diff --git a/ChangeLog.d/add-pbkdf2-cmac.txt b/ChangeLog.d/add-pbkdf2-cmac.txt new file mode 100644 index 000000000..0ed84ea51 --- /dev/null +++ b/ChangeLog.d/add-pbkdf2-cmac.txt @@ -0,0 +1,2 @@ +Features + * Add support for PBKDF2-CMAC through the PSA API. From 3e1e2e1f78f43d6479c9d1f2d53e95dea15a36c8 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 6 Jul 2023 15:40:19 +0100 Subject: [PATCH 074/339] Add dependency MBEDTLS_ECP_NIST_OPTIM for ECP test For tests running the ecp_fast_mod with MBEDTLS_ECP_DP_SECPXXXR1 the dependency MBEDTLS_ECP_NIST_OPTIM has been added as this gives the curves the optimised reduction function that ecp_fast_mod tests. Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_ecp.data | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 1560c5494..e575b9cd4 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -677,55 +677,55 @@ depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":0:1 ECP mod p192 small (more than 192 bits, less limbs than 2 * 192 bits) -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"0100000000000103010000000000010201000000000001010100000000000100" ECP mod p192 readable -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"010000000000010501000000000001040100000000000103010000000000010201000000000001010100000000000100" ECP mod p192 readable with carry -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"FF00000000010500FF00000000010400FF00000000010300FF00000000010200FF00000000010100FF00000000010000" ECP mod p192 random -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"36CF96B45D706A0954D89E52CE5F38517A2270E0175849B6F3740151D238CCABEF921437E475881D83BB69E4AA258EBD" ECP mod p192 (from a past failure case) -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"1AC2D6F96A2A425E9DD1776DD8368D4BBC86BF4964E79FEA713583BF948BBEFF0939F96FB19EC48C585BDA6A2D35C750" ECP mod p224 readable without carry -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP224R1:"0000000D0000000C0000000B0000000A0000000900000008000000070000FF060000FF050000FF040000FF03000FF0020000FF010000FF00" ECP mod p224 readable with negative carry -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP224R1:"0000000D0000000C0000000B0000000A00000009000000080000000700000006000000050000000400000003000000020000000100000000" ECP mod p224 readable with positive carry -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP224R1:"0000000D0000000C0000000BFFFFFF0AFFFFFF09FFFFFF08FFFFFF070000FF060000FF050000FF040000FF03000FF0020000FF010000FF00" ECP mod p224 readable with final negative carry -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP224R1:"FF00000D0000000C0000000B0000000A00000009000000080000000700000006000000050000000400000003000000020000000100000000" ECP mod p521 very small -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP521R1:"01" ECP mod p521 small (522 bits) -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP521R1:"030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ECP mod p521 readable -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP521R1:"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ECP mod p521 readable with carry -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP521R1:"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001" ECP test vectors secp192r1 rfc 5114 From 77b0d645f58a2f20786aa2876e25ec56fef1be5d Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 6 Jul 2023 17:58:18 +0100 Subject: [PATCH 075/339] Add gitignore anchors to denote generated files These anchors encapsulate gitignore patterns which typically ignore files generated, so that scripts can be used to comment and uncomment these patterns for releases when we need the generated files in the repository. Signed-off-by: Agathiyan Bragadeesh --- library/.gitignore | 3 ++- programs/.gitignore | 10 ++++++---- tests/.gitignore | 12 +++++++----- visualc/VS2013/.gitignore | 10 ++++++---- 4 files changed, 21 insertions(+), 14 deletions(-) diff --git a/library/.gitignore b/library/.gitignore index b4dc91891..5a29a43b7 100644 --- a/library/.gitignore +++ b/library/.gitignore @@ -2,8 +2,9 @@ libmbed* *.sln *.vcxproj -# Automatically generated files +###START_GENERATED_FILES### /error.c /version_features.c /ssl_debug_helpers_generated.c /psa_crypto_driver_wrappers.c +###END_GENERATED_FILES### diff --git a/programs/.gitignore b/programs/.gitignore index d11db9e6b..a641c31c4 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -5,10 +5,6 @@ *.sln *.vcxproj -# Generated source files -/psa/psa_constant_names_generated.c -/test/query_config.c - aes/crypt_and_hash cipher/cipher_aead_demo hash/generic_sum @@ -75,5 +71,11 @@ x509/crl_app x509/load_roots x509/req_app +###START_GENERATED_FILES### +# Generated source files +/psa/psa_constant_names_generated.c +/test/query_config.c + # Generated data files pkey/keyfile.key +###END_GENERATED_FILES### diff --git a/tests/.gitignore b/tests/.gitignore index 6db65d1d3..973ebb508 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -1,11 +1,6 @@ *.sln *.vcxproj -# Generated source files -/suites/*.generated.data -/suites/test_suite_psa_crypto_storage_format.v[0-9]*.data -/suites/test_suite_psa_crypto_storage_format.current.data - *.log /test_suite* data_files/mpi_write @@ -20,3 +15,10 @@ include/test/instrument_record_status.h src/libmbed* libtestdriver1/* + +###START_GENERATED_FILES### +# Generated source files +/suites/*.generated.data +/suites/test_suite_psa_crypto_storage_format.v[0-9]*.data +/suites/test_suite_psa_crypto_storage_format.current.data +###END_GENERATED_FILES### diff --git a/visualc/VS2013/.gitignore b/visualc/VS2013/.gitignore index d3da304f7..a9ded4aab 100644 --- a/visualc/VS2013/.gitignore +++ b/visualc/VS2013/.gitignore @@ -1,7 +1,3 @@ -# Files automatically generated by generate_visualc_files.pl -/mbedTLS.sln -/*.vcxproj - # Files that may be left over from check-generated-files.sh /*.bak @@ -12,3 +8,9 @@ /Release/ /*.vcxproj.filters /*.vcxproj.user + +###START_GENERATED_FILES### +# Files automatically generated by generate_visualc_files.pl +/mbedTLS.sln +/*.vcxproj +###END_GENERATED_FILES### From 237f91a9ef116a83b7d92daf8a492721a888829b Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 6 Jul 2023 18:00:48 +0100 Subject: [PATCH 076/339] Add script to manage gitignore anchors Added scripts which comment and uncomment out patterns relating to generated files. Signed-off-by: Agathiyan Bragadeesh --- scripts/gitignore_add_generated_files.sh | 23 +++++++++++++++++++++ scripts/gitignore_remove_generated_files.sh | 23 +++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 scripts/gitignore_add_generated_files.sh create mode 100644 scripts/gitignore_remove_generated_files.sh diff --git a/scripts/gitignore_add_generated_files.sh b/scripts/gitignore_add_generated_files.sh new file mode 100644 index 000000000..27c348082 --- /dev/null +++ b/scripts/gitignore_add_generated_files.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +set -eu + +GITIGNORES=$(find . -name ".gitignore") + +for GITIGNORE in $GITIGNORES; do + IN_GEN_BLOCK=false + while read -r line; do + if [ "$line" = "###START_COMMENTED_GENERATED_FILES###" ]; then + IN_GEN_BLOCK=true + echo "###START_GENERATED_FILES###" + elif [ "$line" = "###END_COMMENTED_GENERATED_FILES###" ]; then + IN_GEN_BLOCK=false + echo "###END_GENERATED_FILES###" + elif $IN_GEN_BLOCK ; then + echo "${line:1}" + else + echo "$line" + fi + done <$GITIGNORE > "$GITIGNORE.tmp" + mv "$GITIGNORE.tmp" $GITIGNORE +done diff --git a/scripts/gitignore_remove_generated_files.sh b/scripts/gitignore_remove_generated_files.sh new file mode 100644 index 000000000..8314b2c23 --- /dev/null +++ b/scripts/gitignore_remove_generated_files.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +set -eu + +GITIGNORES=$(find . -name ".gitignore") + +for GITIGNORE in $GITIGNORES; do + IN_GEN_BLOCK=false + while read -r line; do + if [ "$line" = "###START_GENERATED_FILES###" ]; then + IN_GEN_BLOCK=true + echo "###START_COMMENTED_GENERATED_FILES###" + elif [ "$line" = "###END_GENERATED_FILES###" ]; then + IN_GEN_BLOCK=false + echo "###END_COMMENTED_GENERATED_FILES###" + elif $IN_GEN_BLOCK ; then + echo "#$line" + else + echo "$line" + fi + done <$GITIGNORE > "$GITIGNORE.tmp" + mv "$GITIGNORE.tmp" $GITIGNORE +done From cf3554b4e8fcddfbc708780a6cc5122599258f3e Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 6 Jul 2023 18:10:19 +0100 Subject: [PATCH 077/339] Update file permissions New scripts have updated executable permissions to be consistent with project requirements. Signed-off-by: Agathiyan Bragadeesh --- scripts/gitignore_add_generated_files.sh | 0 scripts/gitignore_remove_generated_files.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 scripts/gitignore_add_generated_files.sh mode change 100644 => 100755 scripts/gitignore_remove_generated_files.sh diff --git a/scripts/gitignore_add_generated_files.sh b/scripts/gitignore_add_generated_files.sh old mode 100644 new mode 100755 diff --git a/scripts/gitignore_remove_generated_files.sh b/scripts/gitignore_remove_generated_files.sh old mode 100644 new mode 100755 From 1c8ecbef646d1b02c584f964e7fe2d8a69e34e00 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 7 Jul 2023 05:12:52 -0400 Subject: [PATCH 078/339] Add support for x509 SAN RCF822 and DirectoryName for csr generation Unify the code with the x509 crt counterpart. Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 5 +++ library/x509write_csr.c | 71 ++++++++++++++++++++++++++++++++++------- 2 files changed, 64 insertions(+), 12 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 59fd58900..a6dc22c5f 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -288,6 +288,11 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c buf + buflen - len, len); + /* If we exceeded the allocated buffer it means that maximum size of the SubjectAltName list + * was incorrectly calculated and memory is corrupted. */ + if (p < buf) { + ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } cleanup: mbedtls_free(buf); return ret; diff --git a/library/x509write_csr.c b/library/x509write_csr.c index d792d3450..76473c486 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -48,6 +48,16 @@ #include "mbedtls/platform.h" +#define CHECK_OVERFLOW_ADD(a, b) \ + do \ + { \ + if (a > SIZE_MAX - (b)) \ + { \ + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \ + } \ + a += b; \ + } while (0) + void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx) { memset(ctx, 0, sizeof(mbedtls_x509write_csr)); @@ -103,37 +113,53 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct case MBEDTLS_X509_SAN_DNS_NAME: case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: case MBEDTLS_X509_SAN_IP_ADDRESS: + case MBEDTLS_X509_SAN_RFC822_NAME: /* length of value for each name entry, * maximum 4 bytes for the length field, * 1 byte for the tag/type. */ - buflen += cur->node.san.unstructured_name.len + 4 + 1; + CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); + CHECK_OVERFLOW_ADD(buflen, 4 + 1); break; - + case MBEDTLS_X509_SAN_DIRECTORY_NAME: + { + const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; + while (chunk != NULL) { + // Max 4 bytes for length, +1 for tag, + // additional 4 max for length, +1 for tag. + // See x509_write_name for more information. + CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1); + CHECK_OVERFLOW_ADD(buflen, chunk->oid.len); + CHECK_OVERFLOW_ADD(buflen, chunk->val.len); + chunk = chunk->next; + } + CHECK_OVERFLOW_ADD(buflen, 4 + 1); + break; + } default: - /* Not supported - skip. */ - break; + /* Not supported - return. */ + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; } } /* Add the extra length field and tag */ - buflen += 4 + 1; + CHECK_OVERFLOW_ADD(buflen, 4 + 1); /* Allocate buffer */ buf = mbedtls_calloc(1, buflen); if (buf == NULL) { return MBEDTLS_ERR_ASN1_ALLOC_FAILED; } - - mbedtls_platform_zeroize(buf, buflen); p = buf + buflen; /* Write ASN.1-based structure */ cur = san_list; len = 0; while (cur != NULL) { + size_t single_san_len = 0; switch (cur->node.type) { case MBEDTLS_X509_SAN_DNS_NAME: + case MBEDTLS_X509_SAN_RFC822_NAME: case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: case MBEDTLS_X509_SAN_IP_ADDRESS: { @@ -141,23 +167,44 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct (const unsigned char *) cur->node.san.unstructured_name.p; size_t unstructured_name_len = cur->node.san.unstructured_name.len; - MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_raw_buffer( &p, buf, unstructured_name, unstructured_name_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len( + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len( &p, buf, unstructured_name_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_tag( &p, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type)); } break; - default: - /* Skip unsupported names. */ + case MBEDTLS_X509_SAN_DIRECTORY_NAME: + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_x509_write_names(&p, buf, + (mbedtls_asn1_named_data *) & + cur->node + .san.directory_name)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_len(&p, buf, single_san_len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_tag(&p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_X509_SAN_DIRECTORY_NAME)); break; + default: + /* Error out on an unsupported SAN */ + ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + goto cleanup; } cur = cur->next; + /* check for overflow */ + if (len > SIZE_MAX - single_san_len) { + ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; + goto cleanup; + } + len += single_san_len; } MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); From 6bc7a386839cdbac631a2b924832009ae4c1bc8b Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 7 Jul 2023 05:13:13 -0400 Subject: [PATCH 079/339] Support more SAN subtypes in cert_req.c Signed-off-by: Andrzej Kurek --- programs/x509/cert_req.c | 73 +++++++++++++++++++++++++++++----------- 1 file changed, 53 insertions(+), 20 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 23e816b33..17de9def7 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -66,10 +66,12 @@ int main(void) " output_file=%%s default: cert.req\n" \ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ " san=%%s default: (none)\n" \ - " Semicolon-separated-list of values:\n" \ - " DNS:value\n" \ - " URI:value\n" \ - " IP:value (Only IPv4 is supported)\n" \ + " Semicolon-separated-list of values:\n" \ + " DNS:value\n" \ + " URI:value\n" \ + " RFC822:value\n" \ + " IP:value (Only IPv4 is supported)\n" \ + " DN:list of comma separated key=value pairs\n" \ " key_usage=%%s default: (empty)\n" \ " Comma-separated-list of values:\n" \ " digital_signature\n" \ @@ -153,12 +155,13 @@ int main(int argc, char *argv[]) mbedtls_pk_context key; char buf[1024]; int i; - char *p, *q, *r, *subtype_value; + char *p, *q, *r; mbedtls_x509write_csr req; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "csr example app"; mbedtls_x509_san_list *cur, *prev; + mbedtls_asn1_named_data *ext_san_dirname = NULL; #if defined(MBEDTLS_X509_CRT_PARSE_C) uint8_t ip[4] = { 0 }; #endif @@ -218,11 +221,34 @@ usage: } else if (strcmp(p, "subject_name") == 0) { opt.subject_name = q; } else if (strcmp(p, "san") == 0) { + char *subtype_value; prev = NULL; while (q != NULL) { - if ((r = strchr(q, ';')) != NULL) { + char *semicolon; + r = q; + + /* Find the first non-escaped ; occurrence and remove escaped ones */ + do { + if ((semicolon = strchr(r, ';')) != NULL) { + if (*(semicolon-1) != '\\') { + r = semicolon; + break; + } + /* Remove the escape character */ + size_t size_left = strlen(semicolon); + memmove(semicolon-1, semicolon, size_left); + *(semicolon + size_left - 1) = '\0'; + /* r will now point at the character after the semicolon */ + r = semicolon; + } + + } while (semicolon != NULL); + + if (semicolon != NULL) { *r++ = '\0'; + } else { + r = NULL; } cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list)); @@ -236,13 +262,13 @@ usage: if ((subtype_value = strchr(q, ':')) != NULL) { *subtype_value++ = '\0'; } - - if (strcmp(q, "URI") == 0) { + if (strcmp(q, "RFC822") == 0) { + cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; + } else if (strcmp(q, "URI") == 0) { cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; } else if (strcmp(q, "DNS") == 0) { cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; } else if (strcmp(q, "IP") == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) size_t ip_len = 0; cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); @@ -251,21 +277,28 @@ usage: subtype_value); goto exit; } -#else - mbedtls_printf("IP SAN parsing requires MBEDTLS_X509_CRT_PARSE_C to be defined"); - goto exit; -#endif + cur->node.san.unstructured_name.p = (unsigned char *) ip; + cur->node.san.unstructured_name.len = sizeof(ip); + } else if (strcmp(q, "DN") == 0) { + cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; + if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, + subtype_value)) != 0) { + mbedtls_strerror(ret, buf, sizeof(buf)); + mbedtls_printf( + " failed\n ! mbedtls_x509_string_to_names " + "returned -0x%04x - %s\n\n", + (unsigned int) -ret, buf); + goto exit; + } + cur->node.san.directory_name = *ext_san_dirname; } else { mbedtls_free(cur); goto usage; } - if (strcmp(q, "IP") == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) - cur->node.san.unstructured_name.p = (unsigned char *) ip; - cur->node.san.unstructured_name.len = sizeof(ip); -#endif - } else { + if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME || + cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER || + cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) { q = subtype_value; cur->node.san.unstructured_name.p = (unsigned char *) q; cur->node.san.unstructured_name.len = strlen(q); @@ -280,7 +313,6 @@ usage: prev = cur; q = r; } - } else if (strcmp(p, "md") == 0) { const mbedtls_md_info_t *md_info = mbedtls_md_info_from_string(q); @@ -467,6 +499,7 @@ exit: } mbedtls_x509write_csr_free(&req); + mbedtls_asn1_free_named_data_list(&ext_san_dirname); mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); From 34ccd8d0b6b6fd23361378c19ac5bb419884fd0f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 7 Jul 2023 06:32:17 -0400 Subject: [PATCH 080/339] Test x509 csr SAN DN and RFC822 generation Signed-off-by: Andrzej Kurek --- tests/data_files/Makefile | 3 +- tests/data_files/server1.req.sha256.conf | 17 +++++++++ tests/data_files/server1.req.sha256.ext | 22 ++++++----- tests/suites/test_suite_x509write.function | 44 ++++++++++++++++------ 4 files changed, 62 insertions(+), 24 deletions(-) create mode 100644 tests/data_files/server1.req.sha256.conf diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 2ad5c2af6..92c0f0b1d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1303,8 +1303,7 @@ all_final += server1.req.sha256 server1.req.sha256.ext: server1.key # Generating this with OpenSSL as a comparison point to test we're getting the same result - openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth" -addext "subjectAltName=URI:http://pki.example.com/,IP:127.1.1.0,DNS:example.com" -all_final += server1.req.sha256.ext + openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -config server1.req.sha256.conf parse_input/server1.req.sha384 server1.req.sha384: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 diff --git a/tests/data_files/server1.req.sha256.conf b/tests/data_files/server1.req.sha256.conf new file mode 100644 index 000000000..0d35818c1 --- /dev/null +++ b/tests/data_files/server1.req.sha256.conf @@ -0,0 +1,17 @@ +req_extensions = req_ext + +[req_ext] +extendedKeyUsage = serverAuth +subjectAltName = @alt_names + +[alt_names] +email = mail@example.com +DNS = example.com +dirName = dirname_sect +IP = 127.0.0.1 +URI = http://pki.example.com + +[dirname_sect] +C=UK +O=Mbed TLS +CN=Mbed TLS directoryName SAN diff --git a/tests/data_files/server1.req.sha256.ext b/tests/data_files/server1.req.sha256.ext index c5ff5c573..1bb05da96 100644 --- a/tests/data_files/server1.req.sha256.ext +++ b/tests/data_files/server1.req.sha256.ext @@ -1,18 +1,20 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIC3jCCAcYCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +MIIDPzCCAicCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ -DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaBdMFsGCSqGSIb3DQEJDjFO -MEwwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNQYDVR0RBC4wLIYXaHR0cDovL3BraS5l -eGFtcGxlLmNvbS+HBH8BAQCCC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IB -AQCGmTIXEUvTqwChkzRtxPIQDDchrMnCXgUrTSxre5nvUOpjVlcIIPGWAwxRovfe -pW6OaGZ/3xD0dRAcOW08sTD6GRUazFrubPA1eZiNC7vYdWV59qm84N5yRR/s8Hm+ -okwI47m7W9C0pfaNXchgFUQBn16TrZxPXklbCpBJ/TFV+1ODY0sJPHYiCFpYI+Jz -YuJmadP2BHucl8wv2RyVHywOmV1sDc74i9igVrBCAh8wu+kqImMtrnkGZDxrnj/L -5P1eDfdqG2cN+s40RnMQMosh3UfqpNV/bTgAqBPP2uluT9L1KpWcjZeuvisOgVTq -XwFI5s34fen2DUVw6MWNfbDK +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaCBvTCBugYJKoZIhvcNAQkO +MYGsMIGpMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIGRBgNVHREEgYkwgYaBEG1haWxA +ZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tpEcwRTELMAkGA1UEBhMCVUsxETAPBgNV +BAoMCE1iZWQgVExTMSMwIQYDVQQDDBpNYmVkIFRMUyBkaXJlY3RvcnlOYW1lIFNB +TocEfwAAAYYWaHR0cDovL3BraS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOC +AQEAclrNmmgAoa4ctwyBwD1T8jbyBeuxTf+ifc+MQ6pE7YuYSlanHE5l/CoVlW14 +lR5gA01pWJJ7T8RBvo25OqXbvMFSafeGXpSHOG69A6p/7YULtbPuS6uvtdR0m3t+ +2IacL0q5FsSmPw07RNfVGDFniKVqD8eAuYnhFztk0+uZVYD4xGezUckb2wTbzFpu +lUA/NhoWfCyV44TDR5fy23qNXywEhatDU/3nMmSJpBVy4y7J6BQVCl/fbyuKIOqu +0OVP+FvANSO46twA9+38hI+/nPuVwtbBvg1aLBMbLZ3Egi2uozokYFYL22JYNGJo +XORQgR66Sdrvfhiug+F5xmldCg== -----END CERTIFICATE REQUEST----- diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index ab4a2d0d3..b4073eccb 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -153,24 +153,44 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, mbedtls_x509_san_list san_ip; mbedtls_x509_san_list san_dns; mbedtls_x509_san_list san_uri; + mbedtls_x509_san_list san_mail; + mbedtls_x509_san_list san_dn; mbedtls_x509_san_list *san_list = NULL; - const char san_ip_name[] = { 0x7f, 0x01, 0x01, 0x00 }; // 127.1.1.0 + mbedtls_asn1_named_data *ext_san_dirname = NULL; + + const char san_ip_name[] = { 0x7f, 0x00, 0x00, 0x01 }; // 127.0.0.1 const char *san_dns_name = "example.com"; - const char *san_uri_name = "http://pki.example.com/"; + const char *san_dn_name = "C=UK,O=Mbed TLS,CN=Mbed TLS directoryName SAN"; + const char *san_mail_name = "mail@example.com"; + const char *san_uri_name = "http://pki.example.com"; + + san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME; + san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name; + san_mail.node.san.unstructured_name.len = strlen(san_mail_name); + san_mail.next = NULL; + + san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; + san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name; + san_dns.node.san.unstructured_name.len = strlen(san_dns_name); + san_dns.next = &san_mail; + + san_dn.node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; + TEST_ASSERT(mbedtls_x509_string_to_names(&ext_san_dirname, + san_dn_name) == 0); + san_dn.node.san.directory_name = *ext_san_dirname; + san_dn.next = &san_dns; + + san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS; + san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name; + san_ip.node.san.unstructured_name.len = sizeof(san_ip_name); + san_ip.next = &san_dn; san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name; san_uri.node.san.unstructured_name.len = strlen(san_uri_name); - san_uri.next = NULL; - san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name; - san_ip.node.san.unstructured_name.len = sizeof(san_ip_name); - san_ip.next = &san_uri; - san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; - san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name; - san_dns.node.san.unstructured_name.len = strlen(san_dns_name); - san_dns.next = &san_ip; - san_list = &san_dns; + san_uri.next = &san_ip; + + san_list = &san_uri; memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); From c508dc29f6610f00359c782d235179021610d1ab Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 7 Jul 2023 08:20:02 -0400 Subject: [PATCH 081/339] Unify csr and crt san writing functions Signed-off-by: Andrzej Kurek --- include/mbedtls/x509.h | 3 + library/CMakeLists.txt | 1 + library/Makefile | 1 + library/x509write.c | 186 ++++++++++++++++++++++++++++++++++++++++ library/x509write_crt.c | 141 +----------------------------- library/x509write_csr.c | 142 +----------------------------- 6 files changed, 193 insertions(+), 281 deletions(-) create mode 100644 library/x509write.c diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 7c9a76184..3d94ec043 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -525,6 +525,9 @@ int mbedtls_x509_info_cert_type(char **buf, size_t *size, int mbedtls_x509_info_key_usage(char **buf, size_t *size, unsigned int key_usage); +int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions, + const mbedtls_x509_san_list *san_list); + /** * \brief This function parses a CN string as an IP address. * diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 8e70c4635..895805ff4 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -98,6 +98,7 @@ set(src_x509 x509_crl.c x509_crt.c x509_csr.c + x509write.c x509write_crt.c x509write_csr.c ) diff --git a/library/Makefile b/library/Makefile index fafcdda8f..8bddd7d1b 100644 --- a/library/Makefile +++ b/library/Makefile @@ -166,6 +166,7 @@ OBJS_X509= \ x509_crl.o \ x509_crt.o \ x509_csr.o \ + x509write.o \ x509write_crt.o \ x509write_csr.o \ pkcs7.o \ diff --git a/library/x509write.c b/library/x509write.c new file mode 100644 index 000000000..cd3c7394d --- /dev/null +++ b/library/x509write.c @@ -0,0 +1,186 @@ +/* + * X.509 internal, common functions for writing + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "common.h" +#if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C) + +#include "mbedtls/x509_crt.h" +#include "mbedtls/asn1write.h" +#include "mbedtls/error.h" +#include "mbedtls/oid.h" +#include "mbedtls/platform.h" +#include "mbedtls/platform_util.h" +#include "mbedtls/md.h" + +#include +#include + +#if defined(MBEDTLS_PEM_WRITE_C) +#include "mbedtls/pem.h" +#endif /* MBEDTLS_PEM_WRITE_C */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "psa/crypto.h" +#include "mbedtls/psa_util.h" +#include "md_psa.h" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#define CHECK_OVERFLOW_ADD(a, b) \ + do \ + { \ + if (a > SIZE_MAX - (b)) \ + { \ + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \ + } \ + a += b; \ + } while (0) + +int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions, + const mbedtls_x509_san_list *san_list) +{ + int ret = 0; + const mbedtls_x509_san_list *cur; + unsigned char *buf; + unsigned char *p; + size_t len; + size_t buflen = 0; + + /* Determine the maximum size of the SubjectAltName list */ + for (cur = san_list; cur != NULL; cur = cur->next) { + /* Calculate size of the required buffer */ + switch (cur->node.type) { + case MBEDTLS_X509_SAN_DNS_NAME: + case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: + case MBEDTLS_X509_SAN_IP_ADDRESS: + case MBEDTLS_X509_SAN_RFC822_NAME: + /* length of value for each name entry, + * maximum 4 bytes for the length field, + * 1 byte for the tag/type. + */ + CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); + CHECK_OVERFLOW_ADD(buflen, 4 + 1); + break; + case MBEDTLS_X509_SAN_DIRECTORY_NAME: + { + const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; + while (chunk != NULL) { + // Max 4 bytes for length, +1 for tag, + // additional 4 max for length, +1 for tag. + // See x509_write_name for more information. + CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1); + CHECK_OVERFLOW_ADD(buflen, chunk->oid.len); + CHECK_OVERFLOW_ADD(buflen, chunk->val.len); + chunk = chunk->next; + } + CHECK_OVERFLOW_ADD(buflen, 4 + 1); + break; + } + default: + /* Not supported - return. */ + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + } + } + + /* Add the extra length field and tag */ + CHECK_OVERFLOW_ADD(buflen, 4 + 1); + + /* Allocate buffer */ + buf = mbedtls_calloc(1, buflen); + if (buf == NULL) { + return MBEDTLS_ERR_ASN1_ALLOC_FAILED; + } + p = buf + buflen; + + /* Write ASN.1-based structure */ + cur = san_list; + len = 0; + while (cur != NULL) { + size_t single_san_len = 0; + switch (cur->node.type) { + case MBEDTLS_X509_SAN_DNS_NAME: + case MBEDTLS_X509_SAN_RFC822_NAME: + case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: + case MBEDTLS_X509_SAN_IP_ADDRESS: + { + const unsigned char *unstructured_name = + (const unsigned char *) cur->node.san.unstructured_name.p; + size_t unstructured_name_len = cur->node.san.unstructured_name.len; + + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_raw_buffer( + &p, buf, + unstructured_name, unstructured_name_len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len( + &p, buf, unstructured_name_len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_tag( + &p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type)); + } + break; + case MBEDTLS_X509_SAN_DIRECTORY_NAME: + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_x509_write_names(&p, buf, + (mbedtls_asn1_named_data *) & + cur->node + .san.directory_name)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_len(&p, buf, single_san_len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_tag(&p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_X509_SAN_DIRECTORY_NAME)); + break; + default: + /* Error out on an unsupported SAN */ + ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + goto cleanup; + } + cur = cur->next; + /* check for overflow */ + if (len > SIZE_MAX - single_san_len) { + ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; + goto cleanup; + } + len += single_san_len; + } + + MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, + mbedtls_asn1_write_tag(&p, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + ret = mbedtls_x509_set_extension(extensions, + MBEDTLS_OID_SUBJECT_ALT_NAME, + MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME), + 0, + buf + buflen - len, len); + + /* If we exceeded the allocated buffer it means that maximum size of the SubjectAltName list + * was incorrectly calculated and memory is corrupted. */ + if (p < buf) { + ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } +cleanup: + mbedtls_free(buf); + return ret; +} + +#endif /* MBEDTLS_X509_CSR_WRITE_C || MBEDTLS_X509_CRT_WRITE_C */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index a6dc22c5f..b1d0ca0f9 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -48,16 +48,6 @@ #include "md_psa.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#define CHECK_OVERFLOW_ADD(a, b) \ - do \ - { \ - if (a > SIZE_MAX - (b)) \ - { \ - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \ - } \ - a += b; \ - } while (0) - void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) { memset(ctx, 0, sizeof(mbedtls_x509write_cert)); @@ -166,136 +156,7 @@ int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, const mbedtls_x509_san_list *san_list) { - int ret = 0; - const mbedtls_x509_san_list *cur; - unsigned char *buf; - unsigned char *p; - size_t len; - size_t buflen = 0; - - /* Determine the maximum size of the SubjectAltName list */ - for (cur = san_list; cur != NULL; cur = cur->next) { - /* Calculate size of the required buffer */ - switch (cur->node.type) { - case MBEDTLS_X509_SAN_DNS_NAME: - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - case MBEDTLS_X509_SAN_IP_ADDRESS: - case MBEDTLS_X509_SAN_RFC822_NAME: - /* length of value for each name entry, - * maximum 4 bytes for the length field, - * 1 byte for the tag/type. - */ - CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - break; - case MBEDTLS_X509_SAN_DIRECTORY_NAME: - { - const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; - while (chunk != NULL) { - // Max 4 bytes for length, +1 for tag, - // additional 4 max for length, +1 for tag. - // See x509_write_name for more information. - CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1); - CHECK_OVERFLOW_ADD(buflen, chunk->oid.len); - CHECK_OVERFLOW_ADD(buflen, chunk->val.len); - chunk = chunk->next; - } - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - break; - } - default: - /* Not supported - return. */ - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - } - - /* Add the extra length field and tag */ - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - - /* Allocate buffer */ - buf = mbedtls_calloc(1, buflen); - if (buf == NULL) { - return MBEDTLS_ERR_ASN1_ALLOC_FAILED; - } - p = buf + buflen; - - /* Write ASN.1-based structure */ - cur = san_list; - len = 0; - while (cur != NULL) { - size_t single_san_len = 0; - switch (cur->node.type) { - case MBEDTLS_X509_SAN_DNS_NAME: - case MBEDTLS_X509_SAN_RFC822_NAME: - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - case MBEDTLS_X509_SAN_IP_ADDRESS: - { - const unsigned char *unstructured_name = - (const unsigned char *) cur->node.san.unstructured_name.p; - size_t unstructured_name_len = cur->node.san.unstructured_name.len; - - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_raw_buffer( - &p, buf, - unstructured_name, unstructured_name_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len( - &p, buf, unstructured_name_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_tag( - &p, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type)); - } - break; - case MBEDTLS_X509_SAN_DIRECTORY_NAME: - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_x509_write_names(&p, buf, - (mbedtls_asn1_named_data *) & - cur->node - .san.directory_name)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_len(&p, buf, single_san_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_tag(&p, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_X509_SAN_DIRECTORY_NAME)); - break; - default: - /* Error out on an unsupported SAN */ - ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - goto cleanup; - } - cur = cur->next; - /* check for overflow */ - if (len > SIZE_MAX - single_san_len) { - ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; - goto cleanup; - } - len += single_san_len; - } - - MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, - mbedtls_asn1_write_tag(&p, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - ret = mbedtls_x509write_crt_set_extension( - ctx, - MBEDTLS_OID_SUBJECT_ALT_NAME, - MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME), - 0, - buf + buflen - len, - len); - - /* If we exceeded the allocated buffer it means that maximum size of the SubjectAltName list - * was incorrectly calculated and memory is corrupted. */ - if (p < buf) { - ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } -cleanup: - mbedtls_free(buf); - return ret; + return mbedtls_x509_write_set_san_common(&ctx->extensions, san_list); } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 76473c486..f07a822f9 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -48,16 +48,6 @@ #include "mbedtls/platform.h" -#define CHECK_OVERFLOW_ADD(a, b) \ - do \ - { \ - if (a > SIZE_MAX - (b)) \ - { \ - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \ - } \ - a += b; \ - } while (0) - void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx) { memset(ctx, 0, sizeof(mbedtls_x509write_csr)); @@ -99,137 +89,7 @@ int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ctx, const mbedtls_x509_san_list *san_list) { - int ret = 0; - const mbedtls_x509_san_list *cur; - unsigned char *buf; - unsigned char *p; - size_t len; - size_t buflen = 0; - - /* Determine the maximum size of the SubjectAltName list */ - for (cur = san_list; cur != NULL; cur = cur->next) { - /* Calculate size of the required buffer */ - switch (cur->node.type) { - case MBEDTLS_X509_SAN_DNS_NAME: - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - case MBEDTLS_X509_SAN_IP_ADDRESS: - case MBEDTLS_X509_SAN_RFC822_NAME: - /* length of value for each name entry, - * maximum 4 bytes for the length field, - * 1 byte for the tag/type. - */ - CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - break; - case MBEDTLS_X509_SAN_DIRECTORY_NAME: - { - const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; - while (chunk != NULL) { - // Max 4 bytes for length, +1 for tag, - // additional 4 max for length, +1 for tag. - // See x509_write_name for more information. - CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1); - CHECK_OVERFLOW_ADD(buflen, chunk->oid.len); - CHECK_OVERFLOW_ADD(buflen, chunk->val.len); - chunk = chunk->next; - } - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - break; - } - default: - /* Not supported - return. */ - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - } - - /* Add the extra length field and tag */ - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - - /* Allocate buffer */ - buf = mbedtls_calloc(1, buflen); - if (buf == NULL) { - return MBEDTLS_ERR_ASN1_ALLOC_FAILED; - } - p = buf + buflen; - - /* Write ASN.1-based structure */ - cur = san_list; - len = 0; - while (cur != NULL) { - size_t single_san_len = 0; - switch (cur->node.type) { - case MBEDTLS_X509_SAN_DNS_NAME: - case MBEDTLS_X509_SAN_RFC822_NAME: - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - case MBEDTLS_X509_SAN_IP_ADDRESS: - { - const unsigned char *unstructured_name = - (const unsigned char *) cur->node.san.unstructured_name.p; - size_t unstructured_name_len = cur->node.san.unstructured_name.len; - - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_raw_buffer( - &p, buf, - unstructured_name, unstructured_name_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len( - &p, buf, unstructured_name_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_tag( - &p, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type)); - } - break; - case MBEDTLS_X509_SAN_DIRECTORY_NAME: - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_x509_write_names(&p, buf, - (mbedtls_asn1_named_data *) & - cur->node - .san.directory_name)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_len(&p, buf, single_san_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_tag(&p, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_X509_SAN_DIRECTORY_NAME)); - break; - default: - /* Error out on an unsupported SAN */ - ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - goto cleanup; - } - cur = cur->next; - /* check for overflow */ - if (len > SIZE_MAX - single_san_len) { - ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; - goto cleanup; - } - len += single_san_len; - } - - MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, - mbedtls_asn1_write_tag(&p, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - ret = mbedtls_x509write_csr_set_extension( - ctx, - MBEDTLS_OID_SUBJECT_ALT_NAME, - MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME), - 0, - buf + buflen - len, - len); - - /* If we exceeded the allocated buffer it means that maximum size of the SubjectAltName list - * was incorrectly calculated and memory is corrupted. */ - if (p < buf) { - ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } - -cleanup: - mbedtls_free(buf); - return ret; + return mbedtls_x509_write_set_san_common(&ctx->extensions, san_list); } int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage) From b8c784cdbacf4ac40e1cc0149356b3e72ec84346 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 7 Jul 2023 08:24:46 -0400 Subject: [PATCH 082/339] Changelog entry Signed-off-by: Andrzej Kurek --- ChangeLog.d/add-rfc822-directoryname-csr-gen.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/add-rfc822-directoryname-csr-gen.txt diff --git a/ChangeLog.d/add-rfc822-directoryname-csr-gen.txt b/ChangeLog.d/add-rfc822-directoryname-csr-gen.txt new file mode 100644 index 000000000..ff8693c40 --- /dev/null +++ b/ChangeLog.d/add-rfc822-directoryname-csr-gen.txt @@ -0,0 +1,3 @@ +Features + * Add a possibility to generate CSR's with RCF822 and directoryName subtype + of subjectAltName extension in x509 certificates. From 6d5f4946e6d13787bb2f99119c257c0dd63a1cc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 Jul 2023 12:00:49 +0200 Subject: [PATCH 083/339] Add docs/driver-only-builds.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/driver-only-builds.md | 78 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 docs/driver-only-builds.md diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md new file mode 100644 index 000000000..42651d087 --- /dev/null +++ b/docs/driver-only-builds.md @@ -0,0 +1,78 @@ +This document explains how to create builds of Mbed TLS where some +cryptographic mechanisms are provided only by PSA drivers (that is, no +built-in implementation of those algorithms), from a user's perspective. + +This is useful to save code size for people who are using either a hardware +accelerator, or an alternative software implementation that's more +aggressively optimized for code size than the default one in Mbed TLS. + +General considerations +---------------------- + +This document assumes that you already have a working driver. +Otherwise, please see the [PSA driver example and +guide](psa-driver-example-and-guide.md) for information on writing a +driver. + +In order to have some mechanism provided only by a driver, you'll want +the following compile-time configuration options enabled: +- `MBEDTLS_PSA_CRYPTO_C` (enabled by default) - this enables PSA Crypto. +- `MBEDTLS_USE_PSA_CRYPTO` (disabled by default) - this makes PK, X.509 and + TLS use PSA Crypto. You need to enable this if you're using PK, X.509 or TLS +and want them to have access to the algorithms provided by your driver. (See +[the dedicated document](use-psa-crypto.md) for details.) +- `MBEDTLS_PSA_CRYPTO_CONFIG` (disabled by default) - this enables + configuration of cryptographic algorithms using `PSA_WANT` macros in +`include/psa/crypto_config.h`. See [Conditional inclusion of cryptographic +mechanism through the PSA API in Mbed +TLS](proposed/psa-conditional-inclusion-c.md) for details. + +In addition, for each mechanism you want provided only by your driver: +- Define the corresponding `PSA_WANT` macro in `psa/crypto_config.h` - this + means the algorithm will be available in the PSA Crypto API. +- Define the corresponding `MBEDTLS_PSA_ACCEL` in your build (could be in + `psa/crypto_config.h` or your compiler's command line). This informs the PSA +code that an accelerator is available for this. +- Undefine / comment out the corresponding `MBEDTLS_xxx_C` macro in + `mbedtls/mbedtls_config.h`. This ensures the built-in implementation is not +included in the build. + +For example, if you want SHA-256 to be provided only by a driver, you'll want +`PSA_WANT_ALG_SHA_256` and `MBEDTLS_PSA_ACCEL_SHA_256` defined, and +`MBEDTLS_SHA256_C` undefined. + +In addition to these compile-time considerations, at runtime you'll need to +make sure you call `psa_crypto_init()` before any function that uses the +mechanisms provided only by drivers. Note that this is already a requirement +for any use of the PSA Crypto API, as well as for use of the PK, X.509 and TLS +modules when `MBEDTLS_USE_PSA_CRYPTO` is enabled, so in most cases your +application will already be doing this. + +Mechanisms covered +------------------ + +For now, only two families are supported: +- hashes: SHA-3, SHA-2, SHA-1, MD5, etc. +- elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types. + +Supported means that when those are provided only by drivers, everything +(including PK, X.509 and TLS if `MBEDTLS_USE_PSA_CRYPTO` is enabled) should +work in the same way as if the mechanisms where built-in, except as documented +in the "Limitations" sub-sections of the sections dedicated to each family +below. + +In the near future (end of 2023), we are planning to also add support for +ciphers (AES) and AEADs (GCM, CCM, ChachaPoly). + +Currently (mid-2023) we don't have plans to extend this to RSA of FFDH. If +you're interested in driver-only support for those, please let us know. + +Hashes +------ + +TODO + +Elliptic-curve cryptography (ECC) +--------------------------------- + +TODO From 7a82e27a10c26c8916ca4bd80b65fc4714158c8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 Jul 2023 16:43:56 +0200 Subject: [PATCH 084/339] Add documentation on driver-only ECC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Just one part left for later. Signed-off-by: Manuel Pégourié-Gonnard --- docs/driver-only-builds.md | 70 +++++++++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 42651d087..f50463cd0 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -75,4 +75,72 @@ TODO Elliptic-curve cryptography (ECC) --------------------------------- -TODO +Note: things are still evolving. This section describes the situation right +after #7452 has been merged. It will be updated again in #7757 when bignum is +done. + +It is possible to have most ECC operations provided only by a driver: +- the ECDH, ECDSA and EC J-PAKE algorithms; +- key import, export, and random generation. + +More precisely: +- you can enable `PSA_WANT_ALG_ECDH` without `MBEDTLS_ECDH_C` provided + `MBEDTLS_PSA_ACCEL_ALG_ECDH` is enabled; +- you can enable `PSA_WANT_ALG_ECDSA` without `MBEDTLS_ECDSA_C` provided + `MBEDTLS_PSA_ACCEL_ALG_ECDSA` is enabled; +- you can enable `PSA_WANT_ALG_JPAKE` without `MBEDTLS_ECJPAKE_C` provided + `MBEDTLS_PSA_ACCEL_ALG_JPAKE` is enabled. + +In addition, if none of `MBEDTLS_ECDH_C`, `MBEDTLS_ECDSA_C`, +`MBEDTLS_ECJPAKE_C` is enabled, you can enable: +- `PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY`; +- `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC`; +- `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT`; +- `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT`; +- `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE`; +without `MBEDTLS_ECP_C` provided the corresponding +`MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx` are enabled. + +[Coming soon] If `MBEDTLS_ECP_C` is disabled and `ecp.c` is fully removed (see +"Limitations regarding fully removing `ecp.c`" below), and you're not using +RSA or FFDH, then you can also disable `MBEDTLS_BIGNUM_C` for further code +size saving. + +### Limitations regarding fully removing `ecp.c` + +A limited subset of `ecp.c` will still be automatically re-enabled if any of +the following is enabled: +- `MBEDTLS_PK_PARSE_EC_COMPRESSED` - support for parsing ECC keys where the + public part is in compressed format; +- `MBEDTLS_PK_PARSE_EC_EXTENDED` - support for parsing ECC keys where the + curve is identified not by name, but by explicit parameters; +- `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE` - support for deterministic + derivation of an ECC keypair with `psa_key_derivation_output_key()`. + +Note: when one of the above options is enabled, you can still `MBEDTLS_ECP_C` +in `mbedtls_config.h`, and it will still result in some code size savings, but +not as much as when none of these are enabled, as a subset of `ecp.c` will +still be included in the build in order to support these. + +We do have plans to support each of these with `ecp.c` fully removed in the +future, however no established timeline. If you're interested, please let us +know, so we can take it into consideration in our planning. + +### Limitations regarding restartable / interruptible ECC operations + +At the moment, the is not driver support for interruptible operations +(see `psa_sign_hash_start()` + `psa_sign_hash_complete()` etc.) so as a +consequence these are not supported in builds without `MBEDTLS_ECDSA_C`. + +Similarly, there is no PSA support for interruptible ECDH operations so these +are not supported without `ECDH_C`. See also limitations regarding +restartable operations with `MBEDTLS_USE_PSA_CRYPTO` in [its +documentation](use-psa-crypto.md). + +Again, we have plans to support this in the future but not established +timeline, please let us know if you're interested. + +### Limitations regarding the selection of curves + +TODO: apparently we don't really support having some curves built-in and +others driver-only... investigate and describe the situation. See also #7899. From d38ee855eb7f2e911a985f27119ea0f7bfd82721 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 Jul 2023 16:56:16 +0200 Subject: [PATCH 085/339] Add ChangeLog entry for PK_OPAQUE extensions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/extend-pk-opaque-ecc.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/extend-pk-opaque-ecc.txt diff --git a/ChangeLog.d/extend-pk-opaque-ecc.txt b/ChangeLog.d/extend-pk-opaque-ecc.txt new file mode 100644 index 000000000..ad5bdc096 --- /dev/null +++ b/ChangeLog.d/extend-pk-opaque-ecc.txt @@ -0,0 +1,6 @@ +Features + * Support for "opaque" (PSA-held) ECC keys in the PK module has been + extended: it is now possible to use mbedtls_pk_write_key_der(), + mbedtls_pk_write_key_pem(), mbedtls_pk_check_pair(), and + mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes + allow it). From a787c0f986bed745ebd544d220d3d094e03fa71c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 Jul 2023 17:01:22 +0200 Subject: [PATCH 086/339] Add Changelog for driver-only ECC so far MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/{driver-only-ecdh.txt => driver-only-ecc.txt} | 3 +++ 1 file changed, 3 insertions(+) rename ChangeLog.d/{driver-only-ecdh.txt => driver-only-ecc.txt} (65%) diff --git a/ChangeLog.d/driver-only-ecdh.txt b/ChangeLog.d/driver-only-ecc.txt similarity index 65% rename from ChangeLog.d/driver-only-ecdh.txt rename to ChangeLog.d/driver-only-ecc.txt index 1aeed64fe..ca23db9ef 100644 --- a/ChangeLog.d/driver-only-ecdh.txt +++ b/ChangeLog.d/driver-only-ecc.txt @@ -5,3 +5,6 @@ Features MBEDTLS_USE_PSA_CRYPTO. Restartable/interruptible ECDHE operations in TLS 1.2 (ECDHE-ECDSA key exchange) are not supported in those builds yet, as PSA does not have an API for restartable ECDH yet. + * When all of ECDH, ECDSA and EC J-PAKE are either disabled or provided by + a driver, it is possible to disable MBEDTLS_ECP_C and still get support + for ECC keys and algorithms in PSA. See docs/driver-only-builds.txt. From 00dc4063e2f543e3a37cf8682c3eda0801fae354 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 5 Jul 2023 18:48:43 +0200 Subject: [PATCH 087/339] ssl: add new helpers for TLS 1.2/1.3 ECDH(E) key exchanges Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 17b8ff789..5958b9dd0 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -364,6 +364,19 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif +/* TLS 1.2 key exchanges using ECDH(E)*/ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED +#endif + +/* TLS 1.2 or 1.3 key exchanges using ECDH(E) */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED +#endif + typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; #define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ From 7aeec54094b832a1e202c94a36280f5adac4a7c6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 5 Jul 2023 18:57:21 +0200 Subject: [PATCH 088/339] tls: replace ECDH_C guards with new helpers Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 2 +- library/ssl_ciphersuites.c | 6 ++++-- library/ssl_client.c | 3 ++- library/ssl_misc.h | 6 ++++-- library/ssl_tls.c | 9 ++++++--- library/ssl_tls12_client.c | 28 ++++++++++++++++------------ library/ssl_tls12_server.c | 16 +++++++++------- 7 files changed, 42 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4b73b41a1..2f46778bf 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -42,7 +42,7 @@ #include "mbedtls/md.h" -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) #include "mbedtls/ecdh.h" #endif diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 793ec6a1c..f4a087987 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -2021,7 +2021,8 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersu #endif /* MBEDTLS_PK_C */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) { @@ -2038,7 +2039,8 @@ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) return 0; } } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || + * MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) diff --git a/library/ssl_client.c b/library/ssl_client.c index 9acc44f68..dc2b650b4 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -374,7 +374,8 @@ static int ssl_write_client_hello_cipher_suites( } #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ + (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) *tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info); #endif diff --git a/library/ssl_misc.h b/library/ssl_misc.h index cc893b4c6..8062ef6bf 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -751,9 +751,11 @@ struct mbedtls_ssl_handshake_params { mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ #endif -#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ -#endif /* MBEDTLS_ECDH_C && !MBEDTLS_USE_PSA_CRYPTO */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO && + MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED */ #if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_ALG_FFDH) #if (MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH >= MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b97d4eecf..fedbb9589 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -987,7 +987,8 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) #if defined(MBEDTLS_DHM_C) mbedtls_dhm_init(&handshake->dhm_ctx); #endif -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) mbedtls_ecdh_init(&handshake->ecdh_ctx); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -4132,7 +4133,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_DHM_C) mbedtls_dhm_free(&handshake->dhm_ctx); #endif -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) mbedtls_ecdh_free(&handshake->ecdh_ctx); #endif @@ -4158,7 +4160,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ + defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* explicit void pointer cast for buggy MS compiler */ mbedtls_free((void *) handshake->curves_tls_id); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 0d5e77787..a53ea03cd 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -99,7 +99,8 @@ static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_RENEGOTIATION */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -130,8 +131,8 @@ static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, return 0; } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || + MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -547,7 +548,8 @@ int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, p += ext_len; #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (uses_ec) { if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end, @@ -815,7 +817,8 @@ static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, @@ -837,9 +840,10 @@ static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, while (list_size > 0) { if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || p[0] == MBEDTLS_ECP_PF_COMPRESSED) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) ssl->handshake->ecdh_ctx.point_format = p[0]; -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_ECDH_C */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, @@ -858,8 +862,8 @@ static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || + MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -1542,8 +1546,8 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: MBEDTLS_SSL_DEBUG_MSG(3, ("found supported_point_formats extension")); @@ -1554,7 +1558,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) } break; -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index c49c97fe8..e052e364c 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -273,9 +273,10 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, while (list_size > 0) { if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || p[0] == MBEDTLS_ECP_PF_COMPRESSED) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) ssl->handshake->ecdh_ctx.point_format = p[0]; -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_ECDH_C */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, @@ -1892,8 +1893,8 @@ static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen) @@ -1920,7 +1921,8 @@ static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, *olen = 6; } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C || + MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, @@ -2349,8 +2351,8 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) ext_len += olen; #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) const mbedtls_ssl_ciphersuite_t *suite = mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite); if (suite != NULL && mbedtls_ssl_ciphersuite_uses_ec(suite)) { From c2232eadfbddc47f09f776b314cf48f384f3fb59 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 5 Jul 2023 18:57:52 +0200 Subject: [PATCH 089/339] tls: replace PK_CAN_ECDH guards with new helpers Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 5 ----- library/ssl_misc.h | 3 ++- library/ssl_tls12_server.c | 17 ++++++++++------- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index cdd3882cd..171fb85e5 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -197,11 +197,6 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_CAN_ECDSA_SOME #endif -#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \ - (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) -#define MBEDTLS_PK_CAN_ECDH -#endif - /* Internal helper to define which fields in the pk_context structure below * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) * format. It should be noticed that this only affect how data is stored, not diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8062ef6bf..4ab97185e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -794,7 +794,8 @@ struct mbedtls_ssl_handshake_params { #endif #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ + defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */ #endif diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index e052e364c..426365d3b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -148,7 +148,8 @@ static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, return 0; } -#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ + defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * Function for parsing a supported groups (TLS 1.3) or supported elliptic @@ -292,8 +293,8 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, return 0; } -#endif /* MBEDTLS_PK_CAN_ECDH || MBEDTLS_PK_CAN_ECDSA_SOME || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED || + MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -836,7 +837,8 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, #endif -#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ + defined(MBEDTLS_PK_CAN_ECDSA_SOME) if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && (ssl->handshake->curves_tls_id == NULL || ssl->handshake->curves_tls_id[0] == 0)) { @@ -1379,7 +1381,8 @@ read_record_header: break; #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ + defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension")); @@ -1399,8 +1402,8 @@ read_record_header: return ret; } break; -#endif /* MBEDTLS_PK_CAN_ECDH || MBEDTLS_PK_CAN_ECDSA_SOME || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED || \ + MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: From b302efc8d9dd029d93f7c9192317356f3d1b9138 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Jul 2023 09:28:37 +0200 Subject: [PATCH 090/339] debug: replace ECDH_C symbol with key exchange one Signed-off-by: Valerio Setti --- include/mbedtls/debug.h | 2 +- library/debug.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 74f5d5560..01d2901d9 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -280,7 +280,7 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_x509_crt *crt); #endif -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) typedef enum { MBEDTLS_DEBUG_ECDH_Q, MBEDTLS_DEBUG_ECDH_QP, diff --git a/library/debug.c b/library/debug.c index 0f0292915..8c33f8281 100644 --- a/library/debug.c +++ b/library/debug.c @@ -397,7 +397,7 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -443,6 +443,6 @@ void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, } #endif } -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED */ #endif /* MBEDTLS_DEBUG_C */ From e87915b66f78d579dfc88aa754d93e88d5411307 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Jul 2023 12:47:43 +0200 Subject: [PATCH 091/339] ssl: update new symbols to include also FFDH Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 5958b9dd0..9c07c5448 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -371,10 +371,18 @@ typedef enum { #endif /* TLS 1.2 or 1.3 key exchanges using ECDH(E) */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)) && \ + !defined(PSA_WANT_ALG_FFDH) +#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED +#endif + +/* TLS 1.2 or 1.3 DH key exchanges: ECDH(E) or FFDH */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED +#define MBEDTLS_KEY_EXCHANGE_SOME_DH_ANY_ENABLED #endif typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; From a15078b784678cc94c1ceff9da4d9acfa29d2fd3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Jul 2023 14:52:45 +0200 Subject: [PATCH 092/339] pk: do not duplicate internal symbols for ECDH/ECDSA capabilities Signed-off-by: Valerio Setti --- include/mbedtls/build_info.h | 29 ++++++++++++++++++++++ include/mbedtls/check_config.h | 45 ++++++++-------------------------- include/mbedtls/pk.h | 26 -------------------- 3 files changed, 39 insertions(+), 61 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 471706351..012cd703d 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -161,6 +161,35 @@ #define MBEDTLS_PK_PARSE_EC_COMPRESSED #endif +/* PK module can achieve ECDH and ECDSA functionalities by means of either + * software implementations (ECDH_C and ECDSA_C) or through a PSA driver. The + * following defines are meant to list these capabilities in a general way + * which abstracts how they are implemented under the hood. */ +#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \ + (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) +#define MBEDTLS_PK_CAN_ECDH +#endif + +#if !defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_PK_CAN_ECDSA_SIGN +#define MBEDTLS_PK_CAN_ECDSA_VERIFY +#endif /* MBEDTLS_ECDSA_C */ +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(PSA_WANT_ALG_ECDSA) +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) +#define MBEDTLS_PK_CAN_ECDSA_SIGN +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#define MBEDTLS_PK_CAN_ECDSA_VERIFY +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* PSA_WANT_ALG_ECDSA */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN) +#define MBEDTLS_PK_CAN_ECDSA_SOME +#endif + /* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT * is defined as well to include all PSA code. */ diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 51223a081..900e80e53 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -275,19 +275,6 @@ #error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites" #endif -/* Helper for ECDSA dependencies, will be undefined at the end of the file */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if (defined(PSA_WANT_ALG_ECDSA) || \ - defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) && \ - defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PK_HAVE_ECDSA -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_PK_HAVE_ECDSA -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* Helper for JPAKE dependencies, will be undefined at the end of the file */ #if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) @@ -299,17 +286,6 @@ #endif #endif /* MBEDTLS_USE_PSA_CRYPTO */ -/* Helper for ECDH dependencies, will be undefined at the end of the file */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PK_HAVE_ECDH -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECDH_C) -#define MBEDTLS_PK_HAVE_ECDH -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* Helper for curve SECP256R1 */ #if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(PSA_WANT_ECC_SECP_R1_256) @@ -322,14 +298,14 @@ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_HAVE_ECDH) || \ - !defined(MBEDTLS_PK_HAVE_ECDSA) || \ + ( !defined(MBEDTLS_PK_CAN_ECDH) || \ + !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_HAVE_ECDH) || !defined(MBEDTLS_RSA_C) || \ + ( !defined(MBEDTLS_PK_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" #endif @@ -339,7 +315,7 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ - !defined(MBEDTLS_PK_HAVE_ECDH) + !defined(MBEDTLS_PK_CAN_ECDH) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" #endif @@ -350,14 +326,14 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_HAVE_ECDH) || !defined(MBEDTLS_RSA_C) || \ + ( !defined(MBEDTLS_PK_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_HAVE_ECDH) || \ - !defined(MBEDTLS_PK_HAVE_ECDSA) || \ + ( !defined(MBEDTLS_PK_CAN_ECDH) || \ + !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif @@ -814,8 +790,9 @@ #endif #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && defined(MBEDTLS_X509_CRT_PARSE_C) && \ - ( defined(MBEDTLS_PK_HAVE_ECDSA) || defined(MBEDTLS_PKCS1_V21) ) ) +#if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ + defined(MBEDTLS_X509_CRT_PARSE_C) && \ + ( defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || defined(MBEDTLS_PKCS1_V21) ) ) #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" #endif #endif @@ -1129,9 +1106,7 @@ #endif /* Undefine helper symbols */ -#undef MBEDTLS_PK_HAVE_ECDSA #undef MBEDTLS_PK_HAVE_JPAKE -#undef MBEDTLS_PK_HAVE_ECDH #undef MBEDTLS_MD_HAVE_SHA256 #undef MBEDTLS_MD_HAVE_SHA384 #undef MBEDTLS_MD_HAVE_SHA512 diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 171fb85e5..39ae38c1c 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -171,32 +171,6 @@ typedef struct mbedtls_pk_rsassa_pss_options { #endif #endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */ -/** - * \brief The following defines are meant to list ECDSA capabilities of the - * PK module in a general way (without any reference to how this - * is achieved, which can be either through PSA driver or - * MBEDTLS_ECDSA_C) - */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_PK_CAN_ECDSA_SIGN -#define MBEDTLS_PK_CAN_ECDSA_VERIFY -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(PSA_WANT_ALG_ECDSA) -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PK_CAN_ECDSA_SIGN -#endif -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#define MBEDTLS_PK_CAN_ECDSA_VERIFY -#endif -#endif /* PSA_WANT_ALG_ECDSA */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN) -#define MBEDTLS_PK_CAN_ECDSA_SOME -#endif - /* Internal helper to define which fields in the pk_context structure below * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) * format. It should be noticed that this only affect how data is stored, not From ed365e66bb4392480d4848a71d4a649e6952fdda Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 15:02:27 +0200 Subject: [PATCH 093/339] ssl: improve/fix definitions for internal helpers Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 9c07c5448..7df3ec329 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -364,25 +364,28 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif -/* TLS 1.2 key exchanges using ECDH(E)*/ +/* TLS 1.2 key exchanges using ECDH or ECDHE*/ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif -/* TLS 1.2 or 1.3 key exchanges using ECDH(E) */ +/* TLS 1.3 key exchanges using ECDH or ECDHE */ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ + defined(PSA_WANT_ALG_ECDH) +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED +#endif + +/* TLS 1.2 or 1.3 key exchanges using ECDH or ECDHE */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)) && \ - !defined(PSA_WANT_ALG_FFDH) + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED #endif -/* TLS 1.2 or 1.3 DH key exchanges: ECDH(E) or FFDH */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_DH_ANY_ENABLED +/* TLS 1.2 XXDH key exchanges: ECDH or ECDHE or FFDH */ +#if (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)) +#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED #endif typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; From 0a0d0d552784a89d745a34024faae5dc654337b0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 15:12:45 +0200 Subject: [PATCH 094/339] ssl: keep all helper definitions in ssl_ciphersuites.h Signed-off-by: Valerio Setti --- include/mbedtls/build_info.h | 10 ---------- include/mbedtls/ssl_ciphersuites.h | 23 ++++++++++++++++++----- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 012cd703d..ff7008873 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -251,16 +251,6 @@ #undef MBEDTLS_SSL_EARLY_DATA #endif -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED -#endif - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 7df3ec329..4941e7ea5 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -346,11 +346,6 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -#define MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED -#endif - /* Key exchanges using DHE */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) @@ -370,6 +365,24 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif +/* TLS 1.3 PSK key exchanges */ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED +#endif + +/* TLS 1.2 or 1.3 key exchanges with PSK */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) +#define MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED +#endif + +/* TLS 1.3 ephemeral key exchanges */ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED +#endif + /* TLS 1.3 key exchanges using ECDH or ECDHE */ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_ECDH) From 3d237b5ff145663a864ad0ae16bc2b62a5a655c9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 16:00:20 +0200 Subject: [PATCH 095/339] ssl_misc: fix guards for PSA data used in XXDH key exchanges Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 5 +++++ library/ssl_misc.h | 6 ++---- library/ssl_tls.c | 6 ++---- library/ssl_tls13_client.c | 10 +++++----- library/ssl_tls13_generic.c | 7 +++---- library/ssl_tls13_server.c | 12 ++++++------ 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 4941e7ea5..5696d9a4b 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -401,6 +401,11 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED #endif +#if (defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED) && defined(MBEDTLS_USE_PSA_CRYPTO)) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED +#endif + typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; #define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4ab97185e..96d268e43 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -769,16 +769,14 @@ struct mbedtls_ssl_handshake_params { #define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH #endif -#if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ - (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) psa_key_type_t xxdh_psa_type; size_t xxdh_bits; mbedtls_svc_key_id_t xxdh_psa_privkey; uint8_t xxdh_psa_privkey_is_external; unsigned char xxdh_psa_peerkey[SSL_XXDH_PSA_PEERKEY_SIZE]; size_t xxdh_psa_peerkey_len; -#endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) && - (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fedbb9589..0139e55cd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4219,13 +4219,11 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) mbedtls_ssl_buffering_free(ssl); #endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ - (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) if (handshake->xxdh_psa_privkey_is_external == 0) { psa_destroy_key(handshake->xxdh_psa_privkey); } -#endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) && - (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_transform_free(handshake->transform_handshake); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 8b261d647..aafc47d3b 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -35,7 +35,7 @@ #include "ssl_debug_helpers.h" #include "md_psa.h" -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -194,7 +194,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -211,7 +211,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return 0; } else -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } @@ -503,7 +503,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || mbedtls_ssl_tls13_named_group_is_ffdh(group)) { MBEDTLS_SSL_DEBUG_MSG(2, @@ -513,7 +513,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } else { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 665ea7155..5e9140a47 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -39,8 +39,7 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ - defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -1497,7 +1496,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) return ret; } -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1626,7 +1625,7 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( return 0; } -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ /* RFC 8446 section 4.2 * diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 196d09a72..66ac54937 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -837,7 +837,7 @@ static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, #define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) /* * ssl_tls13_parse_key_shares_ext() verifies whether the information in the * extension is correct and stores the first acceptable key share and its @@ -940,7 +940,7 @@ static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, } return 0; } -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, @@ -1563,7 +1563,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, break; #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/ -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension")); @@ -1588,7 +1588,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } break; -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: /* Already parsed */ @@ -1913,7 +1913,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, *out_len = 0; -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) || mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) { ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( @@ -1925,7 +1925,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ if (0 /* Other kinds of KEMs */) { } else { ((void) ssl); From 6eb005435cd61806bacf70e5ad4000a51eacc48a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 17:04:24 +0200 Subject: [PATCH 096/339] tls: fix guards for legacy ECDH contexts Signed-off-by: Valerio Setti --- library/ssl_misc.h | 4 ++-- library/ssl_tls.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 96d268e43..2b0b7f15e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -752,10 +752,10 @@ struct mbedtls_ssl_handshake_params { #endif #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ #endif /* !MBEDTLS_USE_PSA_CRYPTO && - MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED */ + MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ #if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_ALG_FFDH) #if (MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH >= MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0139e55cd..a21b3fb1d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -988,7 +988,7 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) mbedtls_dhm_init(&handshake->dhm_ctx); #endif #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) mbedtls_ecdh_init(&handshake->ecdh_ctx); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -4134,7 +4134,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) mbedtls_dhm_free(&handshake->dhm_ctx); #endif #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) mbedtls_ecdh_free(&handshake->ecdh_ctx); #endif From aa7cbd619c670f665822b1859fcf52432a478a84 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 17:22:17 +0200 Subject: [PATCH 097/339] build_info: replace PK_CAN_ECDH with CAN_ECDH and fix comments Signed-off-by: Valerio Setti --- include/mbedtls/build_info.h | 12 +++++++----- include/mbedtls/check_config.h | 10 +++++----- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index ff7008873..bc5cad832 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -161,15 +161,17 @@ #define MBEDTLS_PK_PARSE_EC_COMPRESSED #endif -/* PK module can achieve ECDH and ECDSA functionalities by means of either - * software implementations (ECDH_C and ECDSA_C) or through a PSA driver. The - * following defines are meant to list these capabilities in a general way - * which abstracts how they are implemented under the hood. */ +/* Helper symbol to state that there is support for ECDH, either through + * library implementation (ECDH_C) or through PSA. */ #if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \ (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) -#define MBEDTLS_PK_CAN_ECDH +#define MBEDTLS_CAN_ECDH #endif +/* PK module can achieve ECDSA functionalities by means of either software + * implementations (ECDSA_C) or through a PSA driver. The following defines + * are meant to list these capabilities in a general way which abstracts how + * they are implemented under the hood. */ #if !defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_ECDSA_C) #define MBEDTLS_PK_CAN_ECDSA_SIGN diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 900e80e53..4c250430f 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -298,14 +298,14 @@ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_CAN_ECDH) || \ + ( !defined(MBEDTLS_CAN_ECDH) || \ !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ + ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" #endif @@ -315,7 +315,7 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ - !defined(MBEDTLS_PK_CAN_ECDH) + !defined(MBEDTLS_CAN_ECDH) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" #endif @@ -326,13 +326,13 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ + ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_CAN_ECDH) || \ + ( !defined(MBEDTLS_CAN_ECDH) || \ !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" From bdb41dd46d87700b3e5fc3e1db7e9923d9fda6e5 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 10 Jul 2023 08:09:50 -0400 Subject: [PATCH 098/339] Add missing resource deallocation in tests Signed-off-by: Andrzej Kurek --- tests/suites/test_suite_x509write.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index b4073eccb..a0b1dc135 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -264,6 +264,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); exit: + mbedtls_asn1_free_named_data_list(&ext_san_dirname); mbedtls_x509write_csr_free(&req); mbedtls_pk_free(&key); MD_OR_USE_PSA_DONE(); From 312b6df38ae874258bb9fe3d02952d5b59a25bb2 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 10 Jul 2023 08:45:30 -0400 Subject: [PATCH 099/339] Add a missing guard in cert_req.c IP parsing requires x509_CRT_PARSE_C Signed-off-by: Andrzej Kurek --- programs/x509/cert_req.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 17de9def7..558d8cc73 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -23,10 +23,10 @@ /* md.h is included this early since MD_CAN_XXX macros are defined there. */ #include "mbedtls/md.h" -#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ +#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_PEM_WRITE_C) + !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) int main(void) { mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or " From da403b749e443908e9c930f459c76033c32d60ad Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 14:31:39 +0200 Subject: [PATCH 100/339] =?UTF-8?q?tls:=20use=20already=20existing=20symbo?= =?UTF-8?q?ls=20to=20size=20the=20buffer=20for=20XXD=E1=B8=A6=20peer=20key?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Valerio Setti --- library/ssl_misc.h | 14 +------------- library/ssl_tls12_client.c | 16 +++------------- 2 files changed, 4 insertions(+), 26 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2b0b7f15e..c08f5e1a8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -757,24 +757,12 @@ struct mbedtls_ssl_handshake_params { #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ -#if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_ALG_FFDH) -#if (MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH >= MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH) -#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH -#else -#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#endif -#elif defined(PSA_WANT_ALG_ECDH) -#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#else -#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) psa_key_type_t xxdh_psa_type; size_t xxdh_bits; mbedtls_svc_key_id_t xxdh_psa_privkey; uint8_t xxdh_psa_privkey_is_external; - unsigned char xxdh_psa_peerkey[SSL_XXDH_PSA_PEERKEY_SIZE]; + unsigned char xxdh_psa_peerkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; size_t xxdh_psa_peerkey_len; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index a53ea03cd..957488109 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1774,19 +1774,9 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_DECODE_ERROR; } - /* When FFDH is enabled, the array handshake->xxdh_psa_peer_key size takes into account - the sizes of the FFDH keys which are at least 2048 bits. - The size of the array is thus greater than 256 bytes which is greater than any - possible value of ecpoint_len (type uint8_t) and the check below can be skipped.*/ -#if !defined(PSA_WANT_ALG_FFDH) - if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } -#else - MBEDTLS_STATIC_ASSERT(sizeof(handshake->xxdh_psa_peerkey) >= UINT8_MAX, - "peer key buffer too small"); -#endif - + /* xxdh_psa_peerkey is sized after maximum supported FFDH public key. + * PSA_VENDOR_FFDH_MAX_KEY_BITS is always larger than EC public key, so + * we can skip the buffer size check before the memcpy-ing data into it. */ memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len); handshake->xxdh_psa_peerkey_len = ecpoint_len; *p += ecpoint_len; From c97775162ec82841e1884a787a29731cbeb22b24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Jul 2023 11:11:20 +0200 Subject: [PATCH 101/339] Fix inaccurate information about FFDH MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/driver-only-builds.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index f50463cd0..1c4998240 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -51,9 +51,10 @@ application will already be doing this. Mechanisms covered ------------------ -For now, only two families are supported: +For now, only the following (families of) mechanisms are supported: - hashes: SHA-3, SHA-2, SHA-1, MD5, etc. - elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types. +- finite-field Diffie-Hellman: FFDH algorithm, DH key types. Supported means that when those are provided only by drivers, everything (including PK, X.509 and TLS if `MBEDTLS_USE_PSA_CRYPTO` is enabled) should @@ -64,8 +65,8 @@ below. In the near future (end of 2023), we are planning to also add support for ciphers (AES) and AEADs (GCM, CCM, ChachaPoly). -Currently (mid-2023) we don't have plans to extend this to RSA of FFDH. If -you're interested in driver-only support for those, please let us know. +Currently (mid-2023) we don't have plans to extend this to RSA. If +you're interested in driver-only support for RSA, please let us know. Hashes ------ @@ -144,3 +145,8 @@ timeline, please let us know if you're interested. TODO: apparently we don't really support having some curves built-in and others driver-only... investigate and describe the situation. See also #7899. + +Finite-field Diffie-Hellman +--------------------------- + +TODO From 1937cf8143bb9465b2d696aafbb93526d4f1e98c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Jul 2023 11:14:15 +0200 Subject: [PATCH 102/339] Improve wording & fix a typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/driver-only-builds.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 1c4998240..7263cfade 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -118,10 +118,11 @@ the following is enabled: - `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE` - support for deterministic derivation of an ECC keypair with `psa_key_derivation_output_key()`. -Note: when one of the above options is enabled, you can still `MBEDTLS_ECP_C` -in `mbedtls_config.h`, and it will still result in some code size savings, but -not as much as when none of these are enabled, as a subset of `ecp.c` will -still be included in the build in order to support these. +Note: when any of the above options is enabled, a subset of `ecp.c` will +automatically be included in the build in order to support it. Therefore +you can still disable `MBEDTLS_ECP_C` in `mbedtls_config.h` and this will +result in some code size savings, but not as much as when none of the +above features are enabled. We do have plans to support each of these with `ecp.c` fully removed in the future, however no established timeline. If you're interested, please let us @@ -129,7 +130,7 @@ know, so we can take it into consideration in our planning. ### Limitations regarding restartable / interruptible ECC operations -At the moment, the is not driver support for interruptible operations +At the moment, there is not driver support for interruptible operations (see `psa_sign_hash_start()` + `psa_sign_hash_complete()` etc.) so as a consequence these are not supported in builds without `MBEDTLS_ECDSA_C`. From ffc3c48e4e8f85401ebd83424af3c9f496b8e3ce Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 11 Jul 2023 12:01:04 +0800 Subject: [PATCH 103/339] Remove getter functions of PAKE if no PAKE algorithms are required Signed-off-by: Yanray Wang --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a2a67556d..b8bab3651 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7629,6 +7629,7 @@ exit: return status; } +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t psa_crypto_driver_pake_get_password_len( const psa_crypto_driver_pake_inputs_t *inputs, size_t *password_len) @@ -7735,7 +7736,6 @@ psa_status_t psa_crypto_driver_pake_get_cipher_suite( return PSA_SUCCESS; } -#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) From f6d4dfb7456cb55d28769626f97be3a9750c71a6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 10:55:12 +0200 Subject: [PATCH 104/339] library: replace PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY symbols with proper ones Signed-off-by: Valerio Setti --- include/mbedtls/config_psa.h | 8 -------- library/check_crypto_config.h | 8 ++++---- library/pk_wrap.c | 14 +++++++------- library/pk_wrap.h | 4 ++-- library/psa_crypto.c | 4 ++-- library/psa_util.c | 2 +- 6 files changed, 16 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 8f535a5ef..a42489eca 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -1027,14 +1027,6 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 #endif -/* Temporary internal migration helpers */ -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ - defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ - defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ - defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -#define MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY -#endif - /* Temporary internal migration helpers */ #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) || \ defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \ diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h index eb3ace5c1..b7d87fe07 100644 --- a/library/check_crypto_config.h +++ b/library/check_crypto_config.h @@ -60,25 +60,25 @@ #endif #if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \ - !(defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ + !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)) #error "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites" #endif #if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \ - !(defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ + !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)) #error "PSA_WANT_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites" #endif #if defined(PSA_WANT_ALG_RSA_OAEP) && \ - !(defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ + !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)) #error "PSA_WANT_ALG_RSA_OAEP defined, but not all prerequisites" #endif #if defined(PSA_WANT_ALG_RSA_PSS) && \ - !(defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ + !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)) #error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites" #endif diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 3fe2c3e0d..4781151a1 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -97,7 +97,7 @@ int mbedtls_pk_error_from_psa(psa_status_t status) } #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) + defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) int mbedtls_pk_error_from_psa_rsa(psa_status_t status) { switch (status) { @@ -134,7 +134,7 @@ int mbedtls_pk_error_from_psa_rsa(psa_status_t status) return MBEDTLS_ERR_ERROR_GENERIC_ERROR; } } -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY */ +#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ #endif /* MBEDTLS_PSA_CRYPTO_C */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1725,7 +1725,7 @@ static int rsa_opaque_can_do(mbedtls_pk_type_t type) type == MBEDTLS_PK_RSASSA_PSS; } -#if defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) static int rsa_opaque_decrypt(mbedtls_pk_context *pk, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, @@ -1747,7 +1747,7 @@ static int rsa_opaque_decrypt(mbedtls_pk_context *pk, return 0; } -#endif /* MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ static int rsa_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, @@ -1817,11 +1817,11 @@ const mbedtls_pk_info_t mbedtls_rsa_opaque_info = { .rs_alloc_func = NULL, .rs_free_func = NULL, #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ -#if defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) .decrypt_func = rsa_opaque_decrypt, -#else /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ +#else /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ .decrypt_func = NULL, -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ .encrypt_func = NULL, .check_pair_func = NULL, .ctx_alloc_func = NULL, diff --git a/library/pk_wrap.h b/library/pk_wrap.h index 6f755ed97..b1e02180a 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -150,9 +150,9 @@ int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_ecdsa(psa_status_t status); int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa(psa_status_t status); #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) + defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_rsa(psa_status_t status); -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY */ +#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_RSA_C) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a2a67556d..381b6fc69 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7346,7 +7346,7 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( return status; } } else -#if defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) if (PSA_KEY_TYPE_IS_RSA(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) { return PSA_ERROR_NOT_SUPPORTED; @@ -7358,7 +7358,7 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( return PSA_ERROR_NOT_SUPPORTED; } } else -#endif /* defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) */ +#endif /* defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) */ #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) if (PSA_KEY_TYPE_IS_ECC(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { diff --git a/library/psa_util.c b/library/psa_util.c index ef623168f..e07598b89 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -85,7 +85,7 @@ const mbedtls_error_pair_t psa_to_ssl_errors[] = #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) + defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) const mbedtls_error_pair_t psa_to_pk_rsa_errors[] = { { PSA_SUCCESS, 0 }, From b2bcedbf9ae97f0373031836ac641a6e454a6571 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 11:24:00 +0200 Subject: [PATCH 105/339] library: replace MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY Signed-off-by: Valerio Setti --- include/mbedtls/config_psa.h | 8 ------ library/psa_crypto.c | 28 +++++++++++-------- library/psa_crypto_rsa.c | 17 ++++++----- .../src/drivers/test_driver_key_management.c | 16 +++++------ 4 files changed, 34 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index a42489eca..cb9c53381 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -1035,14 +1035,6 @@ extern "C" { #define MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY #endif -/* Temporary internal migration helpers */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY -#endif - /* Temporary internal migration helpers */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 381b6fc69..805e812da 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -712,7 +712,7 @@ psa_status_t psa_import_key_into_slot( } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_RSA(type)) { return mbedtls_psa_rsa_import_key(attributes, @@ -721,7 +721,7 @@ psa_status_t psa_import_key_into_slot( key_buffer_length, bits); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ } @@ -1249,7 +1249,7 @@ exit: return overall_status; } -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) static psa_status_t psa_get_rsa_public_exponent( const mbedtls_rsa_context *rsa, @@ -1291,7 +1291,7 @@ exit: } return mbedtls_to_psa_error(ret); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ /** Retrieve all the publicly-accessible attributes of a key. @@ -1322,7 +1322,8 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ switch (slot->attr.type) { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) case PSA_KEY_TYPE_RSA_KEY_PAIR: case PSA_KEY_TYPE_RSA_PUBLIC_KEY: @@ -1348,7 +1349,8 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, mbedtls_free(rsa); } break; -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || +#endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ default: /* Nothing else to do. */ @@ -1478,7 +1480,7 @@ psa_status_t psa_export_public_key_internal( key_buffer, key_buffer_size, data, data_size, data_length); } else if (PSA_KEY_TYPE_IS_RSA(type)) { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_export_public_key(attributes, key_buffer, @@ -1489,7 +1491,7 @@ psa_status_t psa_export_public_key_internal( #else /* We don't know how to convert a private RSA key to public. */ return PSA_ERROR_NOT_SUPPORTED; -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ } else if (PSA_KEY_TYPE_IS_ECC(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ @@ -1954,7 +1956,8 @@ static psa_status_t psa_validate_optional_attributes( } if (attributes->domain_parameters_size != 0) { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_RSA(slot->attr.type)) { mbedtls_rsa_context *rsa = NULL; @@ -1995,7 +1998,8 @@ rsa_exit: return mbedtls_to_psa_error(ret); } } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || +#endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ { return PSA_ERROR_INVALID_ARGUMENT; @@ -7406,7 +7410,7 @@ psa_status_t psa_generate_key_internal( #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */ } else -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) && \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && \ defined(MBEDTLS_GENPRIME) if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { return mbedtls_psa_rsa_generate_key(attributes, @@ -7414,7 +7418,7 @@ psa_status_t psa_generate_key_internal( key_buffer_size, key_buffer_length); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) * defined(MBEDTLS_GENPRIME) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 4e11b368c..22b5f4cdf 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -43,7 +43,7 @@ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) /* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes @@ -123,12 +123,11 @@ exit: * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - psa_status_t mbedtls_psa_rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, @@ -165,7 +164,11 @@ exit: return status; } +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type, mbedtls_rsa_context *rsa, uint8_t *data, @@ -235,10 +238,10 @@ psa_status_t mbedtls_psa_rsa_export_public_key( return status; } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) && \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && \ defined(MBEDTLS_GENPRIME) static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters, size_t domain_parameters_size, @@ -301,7 +304,7 @@ psa_status_t mbedtls_psa_rsa_generate_key( return status; } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) * defined(MBEDTLS_GENPRIME) */ /****************************************************************/ diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 0ebce5747..1996651ff 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -234,11 +234,11 @@ psa_status_t mbedtls_test_transparent_generate_key( #endif } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) return libtestdriver1_mbedtls_psa_rsa_generate_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) return mbedtls_psa_rsa_generate_key( attributes, key, key_size, key_length); #endif @@ -307,14 +307,14 @@ psa_status_t mbedtls_test_transparent_import_key( #endif } else if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_rsa_import_key( (const libtestdriver1_psa_key_attributes_t *) attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_import_key( attributes, @@ -426,7 +426,7 @@ psa_status_t mbedtls_test_opaque_import_key( data, data_length, key_buffer_temp, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) status = mbedtls_psa_rsa_import_key( attributes, @@ -576,13 +576,13 @@ psa_status_t mbedtls_test_transparent_export_public_key( #endif } else if (PSA_KEY_TYPE_IS_RSA(key_type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_rsa_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_export_public_key( attributes, @@ -660,7 +660,7 @@ psa_status_t mbedtls_test_opaque_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer_temp, *data_length, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) status = mbedtls_psa_rsa_export_public_key( attributes, From acab57b6b444b3ea1823ba9af42813c169dbfe87 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 12:04:48 +0200 Subject: [PATCH 106/339] test: replace RSA_KEY_PAIR_LEGACY with proper symbols Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 320 +++++++++--------- tests/suites/test_suite_psa_crypto.function | 2 +- ...test_suite_psa_crypto_driver_wrappers.data | 42 +-- .../suites/test_suite_psa_crypto_entropy.data | 4 +- .../test_suite_psa_crypto_metadata.data | 2 +- .../test_suite_psa_crypto_op_fail.misc.data | 2 +- .../test_suite_psa_crypto_persistent_key.data | 24 +- 7 files changed, 198 insertions(+), 198 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 450dbd40b..40ea62c42 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -81,31 +81,31 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export RSA keypair: good, 1024-bit -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (+1 byte) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:1:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2-1) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:609:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:610:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2+1) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:611:PSA_SUCCESS:1 PSA import/export RSA keypair: export buffer too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export RSA keypair: trailing garbage ignored -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_SUCCESS:0 PSA import/export RSA public key: good, 1024-bit, opaque @@ -133,39 +133,39 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_C import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export RSA keypair: good, 1024-bit, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (+1 byte), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2-1), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:609:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:610:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2+1), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:611:PSA_SUCCESS:1 PSA import/export RSA keypair: export buffer too small, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export RSA keypair: trailing garbage ignored, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_SUCCESS:0 PSA import RSA keypair: truncated -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT PSA import RSA keypair: public key -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT import_with_data:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT PSA import RSA public key: key pair @@ -173,7 +173,7 @@ depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_INVALID_ARGUMENT PSA import RSA keypair: valid key but EC -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT import_with_data:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT PSA import/export-public RSA public key: good, 1024-bit @@ -181,7 +181,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA keypair: good, 1024-bit -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA public key: buffer too small @@ -189,7 +189,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA keypair: buffer too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA public key: good, 1024-bit, opaque @@ -197,7 +197,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_C import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA keypair: good, 1024-bit, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA public key: buffer too small, opaque @@ -205,7 +205,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_C import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA keypair: buffer too small, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export RSA public key: 1016-bit (good) @@ -213,7 +213,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1016:0:PSA_SUCCESS:1 PSA import/export RSA keypair: 1016-bit (good) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1016:0:PSA_SUCCESS:1 PSA import/export RSA public key: 1016-bit (good), opaque @@ -221,7 +221,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_C import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1 PSA import/export RSA keypair: 1016-bit (good), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1 PSA import RSA public key: 1022-bit (not supported) @@ -361,11 +361,11 @@ depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:256:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: policy forbids export (crypt) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:1024:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: policy forbids export (sign) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export EC secp224r1 key pair: good, opaque @@ -489,11 +489,11 @@ depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:PSA_CRY import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: policy forbids export (crypt), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: policy forbids export (sign), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1 # Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS @@ -503,7 +503,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDT import_export:"2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d4947664d413047435371475349623344514542415155414134474e4144434269514b4267514376425830356275685074312f6274634b7850482f6c706c53710a69714a4843315165346636777353306c7835635255784a4a34524b574b41517475376242494e46454e5354765441357548596c57377249486576456a536433750a355553447641624378686c497a514b7941756557727232553036664c2b466e43775947634d6b79344b357a545474346d4f69712f2f6b637a384865476e6f5a670a3939614454615539615137336d46397277774944415141420a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a00":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 PSA import/export RSA keypair: import PEM -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PEM_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PEM_PARSE_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 PSA import/export FFDH RFC7919 2048 key pair: good @@ -1024,43 +1024,43 @@ depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_ERROR_NOT_PERMITTED PSA key policy: asymmetric encryption, encrypt | decrypt -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT PSA key policy: asymmetric encryption, wrong algorithm (v1.5/OAEP) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA key policy: asymmetric encryption, wrong algorithm (OAEP with different hash) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA key policy: asymmetric encryption, alg=0 in policy -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT PSA key policy: asymmetric encryption, ANY_HASH in policy is not meaningful -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA key policy: asymmetric encryption, encrypt but not decrypt -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT PSA key policy: asymmetric encryption, decrypt but not encrypt -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT PSA key policy: asymmetric encryption, neither encrypt nor decrypt -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT PSA key policy: asymmetric signature, sign | verify hash, PKCS#1v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, sign | verify hash, PKCS#1v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, sign | verify hash, ECDSA SHA-256 @@ -1068,31 +1068,31 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAI asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, sign, key usage extension -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA key policy: asymmetric signature, verify, key usage extension -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, sign | verify, key usage extension -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, wrong alg family (PSS std/any salt) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, wrong alg family (PSS any/std salt) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, wrong alg family (RSA v15/PSS) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, wildcard in policy, wrong alg family -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, wildcard in policy, ECDSA SHA-256 @@ -1100,51 +1100,51 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAI asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, wrong hash algorithm -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, alg=0 in policy -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, sign but not verify -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA key policy: asymmetric signature, verify but not sign -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: asymmetric signature, neither sign nor verify -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:0 PSA key policy: msg asymmetric signature, sign | verify -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: msg asymmetric signature, wrong alg family (PSS std/any salt) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: msg asymmetric signature, wrong alg family (PSS any/std salt) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: msg asymmetric signature, wrong alg family (RSA v15/PSS) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: msg asymmetric signature, wildcard in policy, wrong alg family -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: msg asymmetric signature, wildcard in policy, ECDSA SHA-256 @@ -1152,23 +1152,23 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAI asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: msg asymmetric signature, wildcard in policy, PKCS#1v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: msg asymmetric signature, wrong hash algorithm -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: msg asymmetric signature, alg=0 in policy -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: msg asymmetric signature, sign but not verify -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_SIGN_MESSAGE PSA key policy: msg asymmetric signature, verify but not sign -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_VERIFY_MESSAGE PSA key policy: derive via HKDF, permitted @@ -1283,39 +1283,39 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 Copy key: RSA key pair, same usage flags -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, extended usage flags -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, fewer usage flags -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, more usage flags -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #0 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #1 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in target -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source and target -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0 Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH @@ -1379,39 +1379,39 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 Copy key: RSA key pair, same usage flags, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, extended usage flags, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, fewer usage flags, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, more usage flags, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #0, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #1, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in target, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source and target, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0 Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, opaque @@ -1562,19 +1562,19 @@ depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0 Copy fail: RSA, incompatible target policy (source wildcard) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: RSA, incompatible target policy (target wildcard) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: RSA, incompatible target policy (source and target wildcard) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: RSA, ANY_HASH is not meaningful with OAEP -depends_on:PSA_WANT_ALG_RSA_OAEP:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: incorrect type in attributes @@ -2230,7 +2230,7 @@ depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256 cipher_bad_key:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" PSA cipher: incorrect key type (RSA) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT cipher_bad_key:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24" PSA cipher: incorrect key type (ECC Family Sep R1) @@ -4213,7 +4213,7 @@ depends_on:PSA_WANT_ALG_CHACHA20_POLY1305 aead_multipart_state_test:PSA_KEY_TYPE_CHACHA20:"0000000000000000000000000000000000000000000000000000000000000000":PSA_ALG_CHACHA20_POLY1305:"000102030405060708090A0B":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128 PSA signature size: RSA public key, 1024 bits, PKCS#1 v1.5 raw @@ -4221,35 +4221,35 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY signature_size:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128 PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):128 PSA signature size: RSA keypair, 1024 bits, PSS -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):128 PSA signature size: RSA keypair, 1024 bits, PSS-any-salt -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):128 PSA signature size: RSA keypair, 1023 bits, PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128 PSA signature size: RSA keypair, 1025 bits, PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1025:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:129 PSA import/exercise RSA keypair, PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA import/exercise RSA keypair, PSS-SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) PSA import/exercise RSA keypair, PSS-any-salt-SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) PSA import/exercise RSA public key, PKCS#1 v1.5 raw @@ -4285,11 +4285,11 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF import_and_exercise_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256) PSA sign hash: RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_hash_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a" PSA sign hash: RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_hash_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA sign hash: deterministic ECDSA SECP256R1 SHA-256 @@ -4329,19 +4329,19 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":0 PSA sign hash: RSA PKCS#1 v1.5 SHA-256, wrong hash size -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: RSA PKCS#1 v1.5, invalid hash (wildcard) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: RSA PKCS#1 v1.5 raw, input too large -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: RSA PKCS#1 v1.5 SHA-256, output buffer too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL PSA sign hash: RSA PSS SHA-256, wrong hash length (0 bytes) @@ -4353,11 +4353,11 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLI sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"":127:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: RSA PSS SHA-256, wrong hash length (129 bytes) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":127:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: RSA PSS-any-salt SHA-256, wrong hash length (129 bytes) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":127:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: deterministic ECDSA SECP256R1 SHA-256, output buffer too small @@ -4365,7 +4365,7 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL PSA sign hash: RSA PKCS#1 v1.5 SHA-256, empty output buffer -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":0:PSA_ERROR_BUFFER_TOO_SMALL PSA sign hash: deterministic ECDSA SECP256R1 SHA-256, empty output buffer @@ -4437,19 +4437,19 @@ depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:0 PSA sign/verify hash: RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263" PSA sign/verify hash: RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" PSA sign/verify hash: RSA PSS SHA-256, 32 bytes (hash size) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" PSA sign/verify hash: RSA PSS-any-salt SHA-256, 32 bytes (hash size) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-256 @@ -4529,7 +4529,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA verify hash with keypair: RSA PKCS#1 v1.5 SHA-256, good signature -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong hash length @@ -4749,7 +4749,7 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAI interruptible_signverify_hash_ops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign message: RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_message_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA sign message: deterministic ECDSA SECP256R1 SHA-256 @@ -4765,23 +4765,23 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":"3548ea85eb66d756ae90fd64a3104b5b9a17aa282f8722409762e9da4811ec5d3060a97d3450b4bc484cd21ac588f563c4873843506fed8609b7d093db0e9a2496c36995ee74c906528af6898feb502f45bfb1e9ccf371416c68d32bb5ebc1b6" PSA sign message: RSA PKCS#1 v1.5, invalid hash (wildcard) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"616263":128:PSA_ERROR_INVALID_ARGUMENT PSA sign message: RSA PKCS#1 v1.5, invalid hash algorithm (0) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(0):"616263":128:PSA_ERROR_INVALID_ARGUMENT PSA sign message: RSA PKCS#1 v1.5 SHA-256, output buffer too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":127:PSA_ERROR_BUFFER_TOO_SMALL PSA sign message: RSA PKCS#1 v1.5 SHA-256, empty output buffer -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":0:PSA_ERROR_BUFFER_TOO_SMALL PSA sign message: RSA PKCS#1 v1.5 without hash -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":0:PSA_ERROR_INVALID_ARGUMENT PSA sign message: RSA PKCS#1 v1.5 SHA-256, invalid key type @@ -4821,31 +4821,31 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_ sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"616263":96:PSA_ERROR_INVALID_ARGUMENT PSA sign/verify message: RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263" PSA sign/verify message: RSA PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263" PSA sign/verify message: RSA PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"616263" PSA sign/verify message: RSA PSS SHA-256, 0 bytes -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"" PSA sign/verify message: RSA PSS SHA-256, 32 bytes -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" PSA sign/verify message: RSA PSS SHA-256, 128 bytes -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" PSA sign/verify message: RSA PSS SHA-256, 129 bytes -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256 @@ -4893,7 +4893,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA verify message with keypair: RSA PKCS#1 v1.5 SHA-256, good signature -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA verify message: RSA-1024 PSS SHA-256, slen=0 (bad) @@ -5021,11 +5021,11 @@ depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBL asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"746869730069730061006c6162656c00":128:PSA_SUCCESS PSA encrypt: RSA PKCS#1 v1.5, key pair -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS PSA encrypt: RSA OAEP-SHA-256, key pair -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS PSA encrypt: RSA PKCS#1 v1.5, input too large @@ -5049,87 +5049,87 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_AES asymmetric_encrypt:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396e":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":0:PSA_ERROR_INVALID_ARGUMENT PSA encrypt-decrypt: RSA PKCS#1 v1.5 vector #1 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"" PSA encrypt-decrypt: RSA PKCS#1 v1.5 vector #2 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff":"" PSA encrypt-decrypt: RSA OAEP-SHA-256 -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"" PSA encrypt-decrypt: RSA OAEP-SHA-256, with label -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00" PSA encrypt-decrypt: RSA OAEP-SHA-384 -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_ALG_SHA_384 asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"" PSA decrypt: RSA PKCS#1 v1.5: good #1 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" PSA decrypt: RSA PKCS#1 v1.5: good #2 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff" PSA decrypt: RSA PKCS#1 v1.5, 0 bytes, output too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":0:PSA_ERROR_BUFFER_TOO_SMALL PSA decrypt: RSA PKCS#1 v1.5, 0 bytes, good -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:"1b4c1d06439b99f886048b8544607b5e8e5ac6828ad9d0b7ad4ec0b314a4d8052f8bbeab6c85dbddff0b90cc76395a7a0c4f9cc29cd7be20be0b38ff611800d6":"":"" PSA decrypt: RSA OAEP-SHA-256, 0 bytes -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3d3146b1c982004273a9ebb9b063e6ae53b1a85bfc802324bcdd04faa0f7211fb2bdeea40358095554df9c250866c7361e738f0d270eaa27738e87928c5e31815506346727900ff03cef0be6f9dd6bba63ce89074e8194fe68b5a5739422d4f138bbbb61f49b76cf1f18def2c993e3113b08c191ea1da0feb94f8fd9b30109a1":"":"" PSA decrypt: RSA OAEP-SHA-256, 0 bytes, with label -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"14e57648fbbd3c2c195d71fcb9b6c332e2ad9e3402aa701e7270b05775e9ddd025e2330d7b84e67866524c67f9c38b11e4679e28a38574b47f8d218a1a04a7466754d6ea7f959ab1f5b85d066d3f90076e8219f66653f7b78a9789d76213505b4e75ec28081608ed2f1ea1238e3eeab011ce4ec147327cd0ca029c2818133cb6":"746869730069730061006c6162656c00":"" PSA decrypt: RSA OAEP-SHA-256, 30 bytes -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"":"74686973206973206e6f2073717565616d697368206f7373696672616765" PSA decrypt: RSA OAEP-SHA-256, 30 bytes, with label -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c00":"74686973206973206e6f2073717565616d697368206f7373696672616765" PSA decrypt: RSA OAEP-SHA-384, 30 bytes -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_ALG_SHA_384 asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0df6750b8fed749359c016887d2cf097cc512c065526a91a7ee9b345a1bfff833737e7326e54d03f6bb65971962885a7661a16858d53ea55821052f4c7798d395b5c5495332fd4174451a1a437f36c27f446b96f309ff1cb6837274aa8ae2b51a8a479d736d25b8d2ca8ab96fe589553a3e52818b7df75544eb5469977b29aa4":"":"74686973206973206e6f2073717565616d697368206f7373696672616765" PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (should be empty) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"00":128:PSA_ERROR_INVALID_PADDING PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (empty) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"":128:PSA_ERROR_INVALID_PADDING PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (same length) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c01":128:PSA_ERROR_INVALID_PADDING PSA decrypt: RSA PKCS#1 v1.5, invalid padding -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46873":"":128:PSA_ERROR_INVALID_PADDING PSA decrypt: RSA PKCS#1 v1.5: salt not allowed -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee":128:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA OAEP-SHA-256, invalid padding -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75428":"":128:PSA_ERROR_INVALID_PADDING PSA decrypt: invalid algorithm -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_SHA_256:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA PKCS#1 v1.5, invalid key type (RSA public key) @@ -5145,19 +5145,19 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_AES asymmetric_decrypt_fail:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396e":PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396e":"":16:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA PKCS#1 v1.5, input too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA PKCS#1 v1.5, input too large -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA OAEP-SHA-256, input too small -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA OAEP-SHA-256, input too large -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT Crypto derivation operation object initializers zero properly @@ -6984,44 +6984,44 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 0 bits: invalid -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: RSA, 1022 bits: not supported -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: RSA, 1023 bits: not supported -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: RSA, maximum size exceeded -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: ECC, SECP256R1, good @@ -7113,7 +7113,7 @@ depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY PSA generate persistent key: RSA, 1024 bits, exportable -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_GENPRIME:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY PSA generate persistent key: ECC, SECP256R1, exportable diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 83a03b3b6..dddfa0c7f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9634,7 +9634,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_GENPRIME */ +/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_GENPRIME */ void generate_key_rsa(int bits_arg, data_t *e_arg, int expected_status_arg) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index dd839342a..54558f0f0 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -15,35 +15,35 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC sign_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS sign_hash transparent driver: in driver RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_SUCCESS sign_hash transparent driver: fallback RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_SUCCESS sign_hash transparent driver: error RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_ERROR_GENERIC_ERROR sign_hash transparent driver: fake RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":1:PSA_SUCCESS sign_hash transparent driver: in driver RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_hash transparent driver: fallback RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_hash transparent driver: error RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_ERROR_GENERIC_ERROR sign_hash transparent driver: fake RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":1:PSA_SUCCESS verify_hash transparent driver: in driver ECDSA SECP256R1 SHA-256 @@ -71,27 +71,27 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_ verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Key Pair RSA PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_SUCCESS verify_hash transparent driver: fallback Key Pair RSA PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_SUCCESS verify_hash transparent driver: error Key Pair RSA PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Key Pair RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_hash transparent driver: fallback Key Pair RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_hash transparent driver: error Key Pair RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Public Key RSA PKCS#1 v1.5 SHA-256 @@ -147,19 +147,19 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC sign_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS sign_message transparent driver: calculate in driver RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_message transparent driver: fallback RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_message transparent driver: error RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_ERROR_GENERIC_ERROR sign_message transparent driver: fake RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":1:PSA_SUCCESS verify_message transparent driver: calculate in driver ECDSA SECP256R1 SHA-256 @@ -187,15 +187,15 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_ verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR verify_message transparent driver: calculate in driver RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_message transparent driver: fallback RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_message transparent driver: error RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR verify_message transparent driver: calculate in driver Public Key RSA PKCS#1 v1.5 SHA-256 diff --git a/tests/suites/test_suite_psa_crypto_entropy.data b/tests/suites/test_suite_psa_crypto_entropy.data index 328d381be..68a7f984e 100644 --- a/tests/suites/test_suite_psa_crypto_entropy.data +++ b/tests/suites/test_suite_psa_crypto_entropy.data @@ -18,11 +18,11 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY external_rng_failure_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):32 PSA external RNG failure: RSA-PSS -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS external_rng_failure_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):32 PSA external RNG failure: RSA PKCS#1v1.5 (software implementation) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN external_rng_failure_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:32 PSA validate entropy injection: good, minimum size diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index a41d83ad8..fef0bab39 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -378,7 +378,7 @@ depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY key_type:PSA_KEY_TYPE_RSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_RSA Key type: RSA key pair -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT key_type:PSA_KEY_TYPE_RSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_RSA ECC key family: SECP K1 diff --git a/tests/suites/test_suite_psa_crypto_op_fail.misc.data b/tests/suites/test_suite_psa_crypto_op_fail.misc.data index cb0ffc6f8..7158f2dcb 100644 --- a/tests/suites/test_suite_psa_crypto_op_fail.misc.data +++ b/tests/suites/test_suite_psa_crypto_op_fail.misc.data @@ -11,5 +11,5 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES sign_fail:PSA_KEY_TYPE_AES:"48657265006973206b6579a064617461":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_INVALID_ARGUMENT PSA sign RSA_PSS(SHA_256): RSA_PSS not enabled, key pair -depends_on:!PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY +depends_on:!PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_NOT_SUPPORTED diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index 0ab3f8c55..3a35505e3 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -42,35 +42,35 @@ Save larger than maximum-size persistent raw key save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTED Persistent key destroy -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C persistent_key_destroy:2:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" Persistent key destroy after restart -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C persistent_key_destroy:17:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" Persistent key import (RSA) -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS Persistent key import with restart (RSA) -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS Persistent key import (RSA) invalid key id (VENDOR_MIN) -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C persistent_key_import:256:PSA_KEY_ID_VENDOR_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT Persistent key import (RSA) invalid key id (VOLATILE_MIN) -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C persistent_key_import:256:PSA_KEY_ID_VOLATILE_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT Persistent key import (RSA) invalid key id (VENDOR_MAX) -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C persistent_key_import:256:PSA_KEY_ID_VENDOR_MAX:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT Persistent key import garbage data, should fail -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT import/export persistent raw key: 1 byte @@ -81,7 +81,7 @@ depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:0 import/export persistent key RSA keypair: good, 1024-bit -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:0 import/export persistent raw key file not exist: 1 byte @@ -92,7 +92,7 @@ depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:1 import/export persistent key RSA keypair file not exist: 1024-bit -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:1 import/export-persistent symmetric key: 16 bytes @@ -107,7 +107,7 @@ depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:0 import/export persistent key RSA keypair with restart: good, 1024-bit -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:0 import/export persistent raw key file not exist with restart: 1 byte @@ -118,7 +118,7 @@ depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:1 import/export persistent key RSA keypair file not exist with restart: 1024-bit -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:1 import/export-persistent symmetric key with restart: 16 bytes From 42796e25cf249e1ebf6f3c6635b0b5f3e6d9d739 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 12:24:34 +0200 Subject: [PATCH 107/339] generate_psa_tests: fix automatically generated tests for RSA Signed-off-by: Valerio Setti --- tests/scripts/generate_psa_tests.py | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index a77ece691..f5d83c6fb 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -121,19 +121,15 @@ def tweak_key_pair_dependency(dep: str, usage: str): symbols according to the required usage. """ ret_list = list() - # Note: this LEGACY replacement for RSA is temporary and it's going to be - # aligned with ECC one in #7772. - if dep.endswith('RSA_KEY_PAIR'): - ret_list.append(re.sub(r'RSA_KEY_PAIR\Z', r'RSA_KEY_PAIR_LEGACY', dep)) - elif dep.endswith('ECC_KEY_PAIR'): + if dep.endswith('KEY_PAIR'): if usage == "BASIC": # BASIC automatically includes IMPORT and EXPORT for test purposes (see # config_psa.h). - ret_list.append(re.sub(r'ECC_KEY_PAIR', r'ECC_KEY_PAIR_BASIC', dep)) - ret_list.append(re.sub(r'ECC_KEY_PAIR', r'ECC_KEY_PAIR_IMPORT', dep)) - ret_list.append(re.sub(r'ECC_KEY_PAIR', r'ECC_KEY_PAIR_EXPORT', dep)) + ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_BASIC', dep)) + ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_IMPORT', dep)) + ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_EXPORT', dep)) elif usage == "GENERATE": - ret_list.append(re.sub(r'ECC_KEY_PAIR', r'ECC_KEY_PAIR_GENERATE', dep)) + ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_GENERATE', dep)) else: # No replacement to do in this case ret_list.append(dep) From a9a3c5581e1918bf7b91fd026b0a08fad5b50413 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 15:02:16 +0200 Subject: [PATCH 108/339] config_psa: enable GENPRIME when BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE Signed-off-by: Valerio Setti --- include/mbedtls/config_psa.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index cb9c53381..d81c4db80 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -838,6 +838,7 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 +#define MBEDTLS_GENPRIME #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 From 0d5c5e5a385ab3fe6c7f54335b7776dc43af9c4b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 16:21:00 +0200 Subject: [PATCH 109/339] config_psa: enable KEY_PAIR_[IMPORT/EXPORT] as soon as BASIC is enabled Signed-off-by: Valerio Setti --- include/mbedtls/config_psa.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index d81c4db80..4c27333cd 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -1028,6 +1028,18 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 #endif +/* See description above */ +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 +#endif + +/* See description above */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 +#endif + /* Temporary internal migration helpers */ #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) || \ defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \ From 76df8c1900340bfdbc5ef12f9f3bfda2a4da3f0f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Jul 2023 14:11:28 +0200 Subject: [PATCH 110/339] psa: remove redundant GENPRIME when RSA_KEY_PAIR_GENERATE is defined Signed-off-by: Valerio Setti --- library/psa_crypto.c | 6 ++---- library/psa_crypto_rsa.c | 6 ++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 805e812da..bfb368588 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7410,16 +7410,14 @@ psa_status_t psa_generate_key_internal( #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */ } else -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && \ - defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { return mbedtls_psa_rsa_generate_key(attributes, key_buffer, key_buffer_size, key_buffer_length); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) - * defined(MBEDTLS_GENPRIME) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) if (PSA_KEY_TYPE_IS_ECC(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 22b5f4cdf..534c71603 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -241,8 +241,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key( #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && \ - defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters, size_t domain_parameters_size, int *exponent) @@ -304,8 +303,7 @@ psa_status_t mbedtls_psa_rsa_generate_key( return status; } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) - * defined(MBEDTLS_GENPRIME) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) */ /****************************************************************/ /* Sign/verify hashes */ From 980383421a73c48fe09dc5ca568aa6070ab4b0eb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Jul 2023 16:30:24 +0200 Subject: [PATCH 111/339] config_psa: enable KEY_PAIR_GENERATE only when GENPRIME is defined Signed-off-by: Valerio Setti --- include/mbedtls/config_psa.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 4c27333cd..611d5aba3 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -834,15 +834,16 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 #define PSA_WANT_ALG_RSA_PSS 1 #endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_GENPRIME) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 +#endif /* MBEDTLS_GENPRIME */ #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 -#define MBEDTLS_GENPRIME #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 #endif /* MBEDTLS_RSA_C */ From 7e6aaa1ea5ada707710fc5ccaf826e9a68839e8d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Jul 2023 16:59:21 +0200 Subject: [PATCH 112/339] psa: fix missed LEGACY symbols caused by the rebase Signed-off-by: Valerio Setti --- library/psa_util.c | 2 +- library/psa_util_internal.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index e07598b89..3d43b5877 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -40,7 +40,7 @@ #include #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) + defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) #include #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ diff --git a/library/psa_util_internal.h b/library/psa_util_internal.h index 18bdc9e1d..4a36dbf88 100644 --- a/library/psa_util_internal.h +++ b/library/psa_util_internal.h @@ -73,7 +73,7 @@ extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) + defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8]; #endif From 044a98aaa3a43d576eda090fef3c5ecc43738c4b Mon Sep 17 00:00:00 2001 From: Marek Jansta Date: Wed, 12 Jul 2023 17:15:38 +0200 Subject: [PATCH 113/339] Updated changelog Signed-off-by: Marek Jansta --- ChangeLog.d/x509-ec-algorithm-identifier-fix.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt index cd216da36..c1de491e6 100644 --- a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt +++ b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt @@ -1,4 +1,4 @@ Bugfix - * Fix x509 certificate generation to conform to RFCs when using ECC key. - The certificate was rejected by some crypto frameworks. + * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when + using ECC key. The certificate was rejected by some crypto frameworks. Fixes #2924. From a02b36886cdc97f7e1615380cddafcbe273616de Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 14 Jul 2023 13:43:39 +0100 Subject: [PATCH 114/339] Fix gcc warnings when -Wredundant-decls set Signed-off-by: Dave Rodgman --- include/mbedtls/constant_time.h | 8 ++++++++ library/constant_time_internal.h | 13 ++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/constant_time.h b/include/mbedtls/constant_time.h index 91a9e7fc3..2d33adc88 100644 --- a/include/mbedtls/constant_time.h +++ b/include/mbedtls/constant_time.h @@ -23,6 +23,10 @@ #include +#ifdef __GNUC__ + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wredundant-decls" +#endif /** Constant-time buffer comparison without branches. * @@ -43,4 +47,8 @@ int mbedtls_ct_memcmp(const void *a, const void *b, size_t n); +#ifdef __GNUC__ + #pragma GCC diagnostic pop +#endif + #endif /* MBEDTLS_CONSTANT_TIME_H */ diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 966075816..f0fde6a71 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -92,9 +92,16 @@ typedef int32_t mbedtls_ct_int_t; /* constant_time_impl.h contains all the static inline implementations, * so that constant_time_internal.h is more readable. + * + * gcc generates warnings about duplicate declarations, so disable this + * warning. */ -#include "constant_time_impl.h" +#ifdef __GNUC__ + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wredundant-decls" +#endif +#include "constant_time_impl.h" /* ============================================================================ * Boolean operations @@ -473,4 +480,8 @@ int mbedtls_ct_memcmp(const void *a, const void *b, size_t n); +#ifdef __GNUC__ + #pragma GCC diagnostic pop +#endif + #endif /* MBEDTLS_CONSTANT_TIME_INTERNAL_H */ From fba559822f6438629f45ae878f6eb75e870677ee Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 14 Jul 2023 13:44:22 +0100 Subject: [PATCH 115/339] Ensure constant values not known to compiler Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index f0fde6a71..79927c1f1 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -74,21 +74,21 @@ typedef size_t mbedtls_ct_condition_t; typedef size_t mbedtls_ct_uint_t; typedef ptrdiff_t mbedtls_ct_int_t; -#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) SIZE_MAX) +#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(SIZE_MAX)) #elif (SIZE_MAX > 0xffffffff) || defined(MBEDTLS_HAVE_INT64) /* 32-bit < pointer size <= 64-bit, or 64-bit MPI */ typedef uint64_t mbedtls_ct_condition_t; typedef uint64_t mbedtls_ct_uint_t; typedef int64_t mbedtls_ct_int_t; -#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) UINT64_MAX) +#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(UINT64_MAX)) #else /* Pointer size <= 32-bit, and no 64-bit MPIs */ typedef uint32_t mbedtls_ct_condition_t; typedef uint32_t mbedtls_ct_uint_t; typedef int32_t mbedtls_ct_int_t; -#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) UINT32_MAX) +#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(UINT32_MAX)) #endif -#define MBEDTLS_CT_FALSE ((mbedtls_ct_condition_t) 0) +#define MBEDTLS_CT_FALSE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(0)) /* constant_time_impl.h contains all the static inline implementations, * so that constant_time_internal.h is more readable. From 8b52b88b6d5ce7a6bcaf73b2861a9871b9eea2b2 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 13 Jul 2023 13:12:40 +0100 Subject: [PATCH 116/339] Add type casts in ssl library Signed-off-by: Agathiyan Bragadeesh --- library/ssl_ciphersuites.c | 2 +- library/ssl_msg.c | 15 ++++++++++----- library/ssl_tls.c | 16 ++++++++-------- library/ssl_tls12_client.c | 6 ++++-- library/ssl_tls12_server.c | 15 ++++++++++----- 5 files changed, 33 insertions(+), 21 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 793ec6a1c..b83347222 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1931,7 +1931,7 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui return key_bits; #else const mbedtls_cipher_info_t * const cipher_info = - mbedtls_cipher_info_from_type(info->cipher); + mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher); return mbedtls_cipher_info_get_key_bitlen(cipher_info); #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index e9050230b..be197366b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3602,8 +3602,9 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, */ rec->ver[0] = buf[rec_hdr_version_offset + 0]; rec->ver[1] = buf[rec_hdr_version_offset + 1]; - tls_version = mbedtls_ssl_read_version(buf + rec_hdr_version_offset, - ssl->conf->transport); + tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version( + buf + rec_hdr_version_offset, + ssl->conf->transport); if (tls_version > ssl->conf->max_tls_version) { MBEDTLS_SSL_DEBUG_MSG(1, ("TLS version mismatch: got %u, expected max %u", @@ -5849,15 +5850,19 @@ static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, void mbedtls_ssl_write_version(unsigned char version[2], int transport, mbedtls_ssl_protocol_version tls_version) { + uint16_t tls_version_formatted; #if defined(MBEDTLS_SSL_PROTO_DTLS) if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - tls_version = + tls_version_formatted = ~(tls_version - (tls_version == 0x0302 ? 0x0202 : 0x0201)); - } + } else #else ((void) transport); #endif - MBEDTLS_PUT_UINT16_BE(tls_version, version, 0); + { + tls_version_formatted = (uint16_t) tls_version; + } + MBEDTLS_PUT_UINT16_BE(tls_version_formatted, version, 0); } uint16_t mbedtls_ssl_read_version(const unsigned char version[2], diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8d90075a4..86f8ac83b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2436,7 +2436,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( } #else const mbedtls_cipher_info_t *cipher = - mbedtls_cipher_info_from_type(suite->cipher); + mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) suite->cipher); if (cipher != NULL) { base_mode = mbedtls_ssl_get_base_mode( @@ -3116,12 +3116,12 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl #if !defined(MBEDTLS_DEPRECATED_REMOVED) void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor) { - conf->max_tls_version = (major << 8) | minor; + conf->max_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); } void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor) { - conf->min_tls_version = (major << 8) | minor; + conf->min_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); } #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -3749,7 +3749,7 @@ static int ssl_session_load(mbedtls_ssl_session *session, if (1 > (size_t) (end - p)) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - session->tls_version = 0x0300 | *p++; + session->tls_version = (mbedtls_ssl_protocol_version) (0x0300 | *p++); /* Dispatch according to TLS version. */ remaining_len = (end - p); @@ -3852,7 +3852,7 @@ int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_CLI_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { MBEDTLS_SSL_DEBUG_MSG(2, ("client state: %s", - mbedtls_ssl_states_str(ssl->state))); + mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state))); switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: @@ -6534,7 +6534,7 @@ int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl) /* Set PRF, calc_verify and calc_finished function pointers */ ret = ssl_set_handshake_prfs(ssl->handshake, - ciphersuite_info->mac); + (mbedtls_md_type_t) ciphersuite_info->mac); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "ssl_set_handshake_prfs", ret); return ret; @@ -8210,7 +8210,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, goto end; } #else - cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher); + cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) ciphersuite_info->cipher); if (cipher_info == NULL) { MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found", ciphersuite_info->cipher)); @@ -8226,7 +8226,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } #else - md_info = mbedtls_md_info_from_type(ciphersuite_info->mac); + md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ciphersuite_info->mac); if (md_info == NULL) { MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md info for %u not found", (unsigned) ciphersuite_info->mac)); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index e4f38212f..49a17a933 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1271,7 +1271,8 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) buf += mbedtls_ssl_hs_hdr_len(ssl); MBEDTLS_SSL_DEBUG_BUF(3, "server hello, version", buf, 2); - ssl->tls_version = mbedtls_ssl_read_version(buf, ssl->conf->transport); + ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf, + ssl->conf->transport); ssl->session_negotiate->tls_version = ssl->tls_version; if (ssl->tls_version < ssl->conf->min_tls_version || @@ -3141,7 +3142,8 @@ ecdh_calc_secret: #if !defined(MBEDTLS_USE_PSA_CRYPTO) if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - ciphersuite_info->key_exchange)) != 0) { + (mbedtls_key_exchange_type_t) ciphersuite_info-> + key_exchange)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); return ret; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index bebc5d904..5983ddeea 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1166,7 +1166,8 @@ read_record_header: */ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, version", buf, 2); - ssl->tls_version = mbedtls_ssl_read_version(buf, ssl->conf->transport); + ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf, + ssl->conf->transport); ssl->session_negotiate->tls_version = ssl->tls_version; if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) { @@ -3798,7 +3799,8 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) #if !defined(MBEDTLS_USE_PSA_CRYPTO) if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - ciphersuite_info->key_exchange)) != 0) { + (mbedtls_key_exchange_type_t) ciphersuite_info-> + key_exchange)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); return ret; } @@ -3830,7 +3832,8 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) #if !defined(MBEDTLS_USE_PSA_CRYPTO) if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - ciphersuite_info->key_exchange)) != 0) { + (mbedtls_key_exchange_type_t) ciphersuite_info-> + key_exchange)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); return ret; } @@ -3871,7 +3874,8 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); #else if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - ciphersuite_info->key_exchange)) != 0) { + (mbedtls_key_exchange_type_t) ciphersuite_info-> + key_exchange)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); return ret; } @@ -3971,7 +3975,8 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_DEBUG_ECDH_QP); if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - ciphersuite_info->key_exchange)) != 0) { + (mbedtls_key_exchange_type_t) ciphersuite_info-> + key_exchange)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); return ret; } From be3ad4aed34a51f52e9e0860e917461590acf004 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 14 Jul 2023 17:29:43 +0100 Subject: [PATCH 117/339] Add type casts in psa_exercise_key Signed-off-by: Agathiyan Bragadeesh --- tests/src/psa_exercise_key.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 7f93496e7..d9228f442 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -692,7 +692,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED), 0); - TEST_EQUAL(len, end - p); + TEST_EQUAL(len, (uintptr_t) end - (uintptr_t) p); if (!mbedtls_test_asn1_skip_integer(&p, end, 0, 0, 0)) { goto exit; } @@ -722,7 +722,7 @@ int mbedtls_test_psa_exported_key_sanity_check( if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { goto exit; } - TEST_EQUAL(p - end, 0); + TEST_EQUAL((uintptr_t) p - (uintptr_t) end, 0); TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); } else @@ -748,14 +748,14 @@ int mbedtls_test_psa_exported_key_sanity_check( MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED), 0); - TEST_EQUAL(len, end - p); + TEST_EQUAL(len, (uintptr_t) end - (uintptr_t) p); if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) { goto exit; } if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) { goto exit; } - TEST_EQUAL(p - end, 0); + TEST_EQUAL((uintptr_t) p - (uintptr_t) end, 0); TEST_ASSERT(exported_length <= From 01ed84a1f3a4e21e97cf3469b127376bfeb08166 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 13 Jul 2023 11:42:41 +0100 Subject: [PATCH 118/339] Add type casts in rsa.c Signed-off-by: Agathiyan Bragadeesh --- library/rsa.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 8126ae9cf..6a74befe9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1266,13 +1266,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, /* maskedDB: Apply dbMask to DB */ if ((ret = mgf_mask(output + hlen + 1, olen - hlen - 1, output + 1, hlen, - ctx->hash_id)) != 0) { + (mbedtls_md_type_t) ctx->hash_id)) != 0) { return ret; } /* maskedSeed: Apply seedMask to seed */ if ((ret = mgf_mask(output + 1, hlen, output + hlen + 1, olen - hlen - 1, - ctx->hash_id)) != 0) { + (mbedtls_md_type_t) ctx->hash_id)) != 0) { return ret; } @@ -1420,10 +1420,10 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, */ /* seed: Apply seedMask to maskedSeed */ if ((ret = mgf_mask(buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1, - ctx->hash_id)) != 0 || + (mbedtls_md_type_t) ctx->hash_id)) != 0 || /* DB: Apply dbMask to maskedDB */ (ret = mgf_mask(buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, - ctx->hash_id)) != 0) { + (mbedtls_md_type_t) ctx->hash_id)) != 0) { goto cleanup; } @@ -1649,7 +1649,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, p += slen; /* Generate H = Hash( M' ) */ - ret = hash_mprime(hash, hashlen, salt, slen, p, ctx->hash_id); + ret = hash_mprime(hash, hashlen, salt, slen, p, (mbedtls_md_type_t) ctx->hash_id); if (ret != 0) { return ret; } @@ -1661,7 +1661,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, /* maskedDB: Apply dbMask to DB */ ret = mgf_mask(sig + offset, olen - hlen - 1 - offset, p, hlen, - ctx->hash_id); + (mbedtls_md_type_t) ctx->hash_id); if (ret != 0) { return ret; } From 2f017a8356c7e91c1bfb9f8bd551f84206faf00d Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 12 Jul 2023 11:21:54 +0100 Subject: [PATCH 119/339] Add enum casts in ssl_helpers.c Signed-off-by: Agathiyan Bragadeesh --- tests/src/test_helpers/ssl_helpers.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index e8bbc78d1..12218634e 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1020,10 +1020,10 @@ static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version); if (conf->max_tls_version > ciphersuite_info->max_tls_version) { - conf->max_tls_version = ciphersuite_info->max_tls_version; + conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; } if (conf->min_tls_version < ciphersuite_info->min_tls_version) { - conf->min_tls_version = ciphersuite_info->min_tls_version; + conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; } mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); @@ -1140,7 +1140,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, maclen = 0; /* Pick cipher */ - cipher_info = mbedtls_cipher_info_from_type(cipher_type); + cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); CHK(cipher_info != NULL); CHK(cipher_info->iv_size <= 16); CHK(cipher_info->key_bitlen % 8 == 0); @@ -1198,10 +1198,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, if (cipher_info->mode == MBEDTLS_MODE_CBC || cipher_info->mode == MBEDTLS_MODE_STREAM) { #if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id); + mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); CHK(md_info != NULL); #endif - maclen = mbedtls_md_get_size_from_type(hash_id); + maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id); CHK(maclen != 0); /* Pick hash keys */ CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); From 10b6775aeb127a844ea676477ed768b978b6d051 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 12 Jul 2023 11:19:17 +0100 Subject: [PATCH 120/339] Add enum type casts in lmots.c and lms.c The IAR compiler throws an error when trying to assign an int to an enum so these casts have been added. Signed-off-by: Agathiyan Bragadeesh --- library/lmots.c | 6 ++++-- library/lms.c | 12 ++++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/library/lmots.c b/library/lmots.c index 4ef2c5178..e30511b0c 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -438,8 +438,10 @@ int mbedtls_lmots_import_public_key(mbedtls_lmots_public_t *ctx, } ctx->params.type = - mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN, - key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET); + (mbedtls_lmots_algorithm_type_t) mbedtls_lms_network_bytes_to_unsigned_int( + MBEDTLS_LMOTS_TYPE_LEN, + key + + MBEDTLS_LMOTS_SIG_TYPE_OFFSET); if (key_len != MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type)) { return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; diff --git a/library/lms.c b/library/lms.c index 823ce09f8..0469a592b 100644 --- a/library/lms.c +++ b/library/lms.c @@ -249,8 +249,10 @@ int mbedtls_lms_import_public_key(mbedtls_lms_public_t *ctx, mbedtls_lms_algorithm_type_t type; mbedtls_lmots_algorithm_type_t otstype; - type = mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMS_TYPE_LEN, - key + PUBLIC_KEY_TYPE_OFFSET); + type = (mbedtls_lms_algorithm_type_t) mbedtls_lms_network_bytes_to_unsigned_int( + MBEDTLS_LMS_TYPE_LEN, + key + + PUBLIC_KEY_TYPE_OFFSET); if (type != MBEDTLS_LMS_SHA256_M32_H10) { return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; } @@ -260,8 +262,10 @@ int mbedtls_lms_import_public_key(mbedtls_lms_public_t *ctx, return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; } - otstype = mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN, - key + PUBLIC_KEY_OTSTYPE_OFFSET); + otstype = (mbedtls_lmots_algorithm_type_t) mbedtls_lms_network_bytes_to_unsigned_int( + MBEDTLS_LMOTS_TYPE_LEN, + key + + PUBLIC_KEY_OTSTYPE_OFFSET); if (otstype != MBEDTLS_LMOTS_SHA256_N32_W8) { return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; } From ca8c61b81519176b5287548b0e789e97f8ca2802 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Mon, 17 Jul 2023 15:17:40 +0100 Subject: [PATCH 121/339] Provide and use internal function mbedtls_zeroize_and_free() Signed-off-by: Tom Cosgrove --- library/bignum_mod.c | 9 +++------ library/bignum_mod_raw.c | 6 ++---- library/cipher.c | 6 ++---- library/common.h | 12 ++++++++++++ library/dhm.c | 6 ++---- library/lms.c | 6 ++---- library/md.c | 3 +-- library/pem.c | 15 +++++---------- library/pk_wrap.c | 3 +-- library/pkparse.c | 12 ++++-------- library/platform_util.c | 9 +++++++++ library/psa_crypto.c | 24 ++++++++---------------- library/psa_crypto_pake.c | 3 +-- library/psa_crypto_storage.c | 11 +++-------- library/rsa.c | 12 ++++-------- library/ssl_cache.c | 6 ++---- library/ssl_msg.c | 3 +-- library/ssl_tls.c | 34 +++++++++++----------------------- library/ssl_tls12_client.c | 6 ++---- library/ssl_tls13_keys.c | 3 +-- library/x509_crl.c | 9 +++------ library/x509_crt.c | 6 ++---- library/x509_csr.c | 6 ++---- 23 files changed, 83 insertions(+), 127 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 84f3896d4..4d6782972 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -80,9 +80,8 @@ void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N) switch (N->int_rep) { case MBEDTLS_MPI_MOD_REP_MONTGOMERY: if (N->rep.mont.rr != NULL) { - mbedtls_platform_zeroize((mbedtls_mpi_uint *) N->rep.mont.rr, + mbedtls_zeroize_and_free((mbedtls_mpi_uint *) N->rep.mont.rr, N->limbs * sizeof(mbedtls_mpi_uint)); - mbedtls_free((mbedtls_mpi_uint *) N->rep.mont.rr); N->rep.mont.rr = NULL; } N->rep.mont.mm = 0; @@ -295,9 +294,8 @@ int mbedtls_mpi_mod_inv(mbedtls_mpi_mod_residue *X, break; } - mbedtls_platform_zeroize(working_memory, + mbedtls_zeroize_and_free(working_memory, working_limbs * sizeof(mbedtls_mpi_uint)); - mbedtls_free(working_memory); return ret; } @@ -399,8 +397,7 @@ cleanup: if (N->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY && working_memory != NULL) { - mbedtls_platform_zeroize(working_memory, working_memory_len); - mbedtls_free(working_memory); + mbedtls_zeroize_and_free(working_memory, working_memory_len); } return ret; diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index bf72c1825..eff562739 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -253,8 +253,7 @@ int mbedtls_mpi_mod_raw_to_mont_rep(mbedtls_mpi_uint *X, mbedtls_mpi_core_to_mont_rep(X, X, N->p, N->limbs, N->rep.mont.mm, N->rep.mont.rr, T); - mbedtls_platform_zeroize(T, t_limbs * ciL); - mbedtls_free(T); + mbedtls_zeroize_and_free(T, t_limbs * ciL); return 0; } @@ -270,8 +269,7 @@ int mbedtls_mpi_mod_raw_from_mont_rep(mbedtls_mpi_uint *X, mbedtls_mpi_core_from_mont_rep(X, X, N->p, N->limbs, N->rep.mont.mm, T); - mbedtls_platform_zeroize(T, t_limbs * ciL); - mbedtls_free(T); + mbedtls_zeroize_and_free(T, t_limbs * ciL); return 0; } diff --git a/library/cipher.c b/library/cipher.c index 490326a6b..de7f8378e 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -231,8 +231,7 @@ void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx) (void) psa_destroy_key(cipher_psa->slot); } - mbedtls_platform_zeroize(cipher_psa, sizeof(*cipher_psa)); - mbedtls_free(cipher_psa); + mbedtls_zeroize_and_free(cipher_psa, sizeof(*cipher_psa)); } mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t)); @@ -242,9 +241,8 @@ void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx) #if defined(MBEDTLS_CMAC_C) if (ctx->cmac_ctx) { - mbedtls_platform_zeroize(ctx->cmac_ctx, + mbedtls_zeroize_and_free(ctx->cmac_ctx, sizeof(mbedtls_cmac_context_t)); - mbedtls_free(ctx->cmac_ctx); } #endif diff --git a/library/common.h b/library/common.h index 839b7d119..ce92238c8 100644 --- a/library/common.h +++ b/library/common.h @@ -114,6 +114,18 @@ extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const cha */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS +/** + * \brief Securely zeroize a buffer then free it. + * + * Exactly the same as consecutive calls to + * \c mbedtls_platform_zeroize() and \c mbedtls_free(), but has a + * code size savings, and potential for optimisation in the future. + * + * \param buf Buffer to be zeroized then freed. May be \c NULL. + * \param len Length of the buffer in bytes + */ +void mbedtls_zeroize_and_free(void *buf, size_t len); + /** Return an offset into a buffer. * * This is just the addition of an offset to a pointer, except that this diff --git a/library/dhm.c b/library/dhm.c index 94137a264..174137d54 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -617,8 +617,7 @@ static int load_file(const char *path, unsigned char **buf, size_t *n) if (fread(*buf, 1, *n, f) != *n) { fclose(f); - mbedtls_platform_zeroize(*buf, *n + 1); - mbedtls_free(*buf); + mbedtls_zeroize_and_free(*buf, *n + 1); return MBEDTLS_ERR_DHM_FILE_IO_ERROR; } @@ -649,8 +648,7 @@ int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path) ret = mbedtls_dhm_parse_dhm(dhm, buf, n); - mbedtls_platform_zeroize(buf, n); - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, n); return ret; } diff --git a/library/lms.c b/library/lms.c index 4a42f679a..c647730f5 100644 --- a/library/lms.c +++ b/library/lms.c @@ -537,9 +537,8 @@ static int get_merkle_path(mbedtls_lms_private_t *ctx, ret = 0; exit: - mbedtls_platform_zeroize(tree, node_bytes * + mbedtls_zeroize_and_free(tree, node_bytes * MERKLE_TREE_NODE_AM(ctx->params.type)); - mbedtls_free(tree); return ret; } @@ -700,9 +699,8 @@ int mbedtls_lms_calculate_public_key(mbedtls_lms_public_t *ctx, ret = 0; exit: - mbedtls_platform_zeroize(tree, node_bytes * + mbedtls_zeroize_and_free(tree, node_bytes * MERKLE_TREE_NODE_AM(priv_ctx->params.type)); - mbedtls_free(tree); return ret; } diff --git a/library/md.c b/library/md.c index 964d4bd30..8c0393bc7 100644 --- a/library/md.c +++ b/library/md.c @@ -346,9 +346,8 @@ void mbedtls_md_free(mbedtls_md_context_t *ctx) #if defined(MBEDTLS_MD_C) if (ctx->hmac_ctx != NULL) { - mbedtls_platform_zeroize(ctx->hmac_ctx, + mbedtls_zeroize_and_free(ctx->hmac_ctx, 2 * ctx->md_info->block_size); - mbedtls_free(ctx->hmac_ctx); } #endif diff --git a/library/pem.c b/library/pem.c index 056c98c77..bd269dda7 100644 --- a/library/pem.c +++ b/library/pem.c @@ -406,16 +406,14 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const } if ((ret = mbedtls_base64_decode(buf, len, &len, s1, s2 - s1)) != 0) { - mbedtls_platform_zeroize(buf, len); - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, len); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); } if (enc != 0) { #if defined(PEM_RFC1421) if (pwd == NULL) { - mbedtls_platform_zeroize(buf, len); - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, len); return MBEDTLS_ERR_PEM_PASSWORD_REQUIRED; } @@ -451,13 +449,11 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const * Use that as a heuristic to try to detect password mismatches. */ if (len <= 2 || buf[0] != 0x30 || buf[1] > 0x83) { - mbedtls_platform_zeroize(buf, len); - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, len); return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH; } #else - mbedtls_platform_zeroize(buf, len); - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, len); return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; #endif /* PEM_RFC1421 */ } @@ -471,8 +467,7 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const void mbedtls_pem_free(mbedtls_pem_context *ctx) { if (ctx->buf != NULL) { - mbedtls_platform_zeroize(ctx->buf, ctx->buflen); - mbedtls_free(ctx->buf); + mbedtls_zeroize_and_free(ctx->buf, ctx->buflen); } mbedtls_free(ctx->info); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 3fe2c3e0d..a4dc6556d 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1637,8 +1637,7 @@ static void *rsa_alt_alloc_wrap(void) static void rsa_alt_free_wrap(void *ctx) { - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_rsa_alt_context)); - mbedtls_free(ctx); + mbedtls_zeroize_and_free(ctx, sizeof(mbedtls_rsa_alt_context)); } const mbedtls_pk_info_t mbedtls_rsa_alt_info = { diff --git a/library/pkparse.c b/library/pkparse.c index fa0570c07..f03ace261 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -107,8 +107,7 @@ int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n) if (fread(*buf, 1, *n, f) != *n) { fclose(f); - mbedtls_platform_zeroize(*buf, *n); - mbedtls_free(*buf); + mbedtls_zeroize_and_free(*buf, *n); return MBEDTLS_ERR_PK_FILE_IO_ERROR; } @@ -146,8 +145,7 @@ int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx, (const unsigned char *) pwd, strlen(pwd), f_rng, p_rng); } - mbedtls_platform_zeroize(buf, n); - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, n); return ret; } @@ -167,8 +165,7 @@ int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path) ret = mbedtls_pk_parse_public_key(ctx, buf, n); - mbedtls_platform_zeroize(buf, n); - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, n); return ret; } @@ -1686,8 +1683,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, ret = pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen, pwd, pwdlen, f_rng, p_rng); - mbedtls_platform_zeroize(key_copy, keylen); - mbedtls_free(key_copy); + mbedtls_zeroize_and_free(key_copy, keylen); } if (ret == 0) { diff --git a/library/platform_util.c b/library/platform_util.c index c67b80dea..4a9a7491c 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -129,6 +129,15 @@ void mbedtls_platform_zeroize(void *buf, size_t len) } #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ +void mbedtls_zeroize_and_free(void *buf, size_t len) +{ + if (buf != NULL) { + mbedtls_platform_zeroize(buf, len); + } + + mbedtls_free(buf); +} + #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) #include #if !defined(_WIN32) && (defined(unix) || \ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a2a67556d..df7057b0f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5148,27 +5148,23 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */ PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { if (operation->ctx.tls12_prf.secret != NULL) { - mbedtls_platform_zeroize(operation->ctx.tls12_prf.secret, + mbedtls_zeroize_and_free(operation->ctx.tls12_prf.secret, operation->ctx.tls12_prf.secret_length); - mbedtls_free(operation->ctx.tls12_prf.secret); } if (operation->ctx.tls12_prf.seed != NULL) { - mbedtls_platform_zeroize(operation->ctx.tls12_prf.seed, + mbedtls_zeroize_and_free(operation->ctx.tls12_prf.seed, operation->ctx.tls12_prf.seed_length); - mbedtls_free(operation->ctx.tls12_prf.seed); } if (operation->ctx.tls12_prf.label != NULL) { - mbedtls_platform_zeroize(operation->ctx.tls12_prf.label, + mbedtls_zeroize_and_free(operation->ctx.tls12_prf.label, operation->ctx.tls12_prf.label_length); - mbedtls_free(operation->ctx.tls12_prf.label); } #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if (operation->ctx.tls12_prf.other_secret != NULL) { - mbedtls_platform_zeroize(operation->ctx.tls12_prf.other_secret, + mbedtls_zeroize_and_free(operation->ctx.tls12_prf.other_secret, operation->ctx.tls12_prf.other_secret_length); - mbedtls_free(operation->ctx.tls12_prf.other_secret); } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ status = PSA_SUCCESS; @@ -5187,9 +5183,8 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { if (operation->ctx.pbkdf2.salt != NULL) { - mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, + mbedtls_zeroize_and_free(operation->ctx.pbkdf2.salt, operation->ctx.pbkdf2.salt_length); - mbedtls_free(operation->ctx.pbkdf2.salt); } status = PSA_SUCCESS; @@ -6549,8 +6544,7 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key( status = psa_tls12_prf_set_key(prf, pms, cur - pms); - mbedtls_platform_zeroize(pms, pms_len); - mbedtls_free(pms); + mbedtls_zeroize_and_free(pms, pms_len); return status; } @@ -7988,8 +7982,7 @@ static psa_status_t psa_pake_complete_inputs( status = psa_driver_wrapper_pake_setup(operation, &inputs); /* Driver is responsible for creating its own copy of the password. */ - mbedtls_platform_zeroize(inputs.password, inputs.password_len); - mbedtls_free(inputs.password); + mbedtls_zeroize_and_free(inputs.password, inputs.password_len); /* User and peer are translated to role. */ mbedtls_free(inputs.user); @@ -8290,9 +8283,8 @@ psa_status_t psa_pake_abort( if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { if (operation->data.inputs.password != NULL) { - mbedtls_platform_zeroize(operation->data.inputs.password, + mbedtls_zeroize_and_free(operation->data.inputs.password, operation->data.inputs.password_len); - mbedtls_free(operation->data.inputs.password); } if (operation->data.inputs.user != NULL) { mbedtls_free(operation->data.inputs.user); diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index c2e7dba24..caba5a115 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -559,8 +559,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) { - mbedtls_platform_zeroize(operation->password, operation->password_len); - mbedtls_free(operation->password); + mbedtls_zeroize_and_free(operation->password, operation->password_len); operation->password = NULL; operation->password_len = 0; diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index a8ed93753..574d4b05e 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -354,18 +354,14 @@ psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr, status = psa_crypto_storage_store(attr->id, storage_data, storage_data_length); - mbedtls_platform_zeroize(storage_data, storage_data_length); - mbedtls_free(storage_data); + mbedtls_zeroize_and_free(storage_data, storage_data_length); return status; } void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length) { - if (key_data != NULL) { - mbedtls_platform_zeroize(key_data, key_data_length); - } - mbedtls_free(key_data); + mbedtls_zeroize_and_free(key_data, key_data_length); } psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr, @@ -403,8 +399,7 @@ psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr, } exit: - mbedtls_platform_zeroize(loaded_data, storage_data_length); - mbedtls_free(loaded_data); + mbedtls_zeroize_and_free(loaded_data, storage_data_length); return status; } diff --git a/library/rsa.c b/library/rsa.c index 8126ae9cf..970a56bd0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1905,10 +1905,8 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx, memcpy(sig, sig_try, ctx->len); cleanup: - mbedtls_platform_zeroize(sig_try, ctx->len); - mbedtls_platform_zeroize(verif, ctx->len); - mbedtls_free(sig_try); - mbedtls_free(verif); + mbedtls_zeroize_and_free(sig_try, ctx->len); + mbedtls_zeroize_and_free(verif, ctx->len); if (ret != 0) { memset(sig, '!', ctx->len); @@ -2152,13 +2150,11 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx, cleanup: if (encoded != NULL) { - mbedtls_platform_zeroize(encoded, sig_len); - mbedtls_free(encoded); + mbedtls_zeroize_and_free(encoded, sig_len); } if (encoded_expected != NULL) { - mbedtls_platform_zeroize(encoded_expected, sig_len); - mbedtls_free(encoded_expected); + mbedtls_zeroize_and_free(encoded_expected, sig_len); } return ret; diff --git a/library/ssl_cache.c b/library/ssl_cache.c index e29b0bcd2..1c285ec3c 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -131,8 +131,7 @@ static void ssl_cache_entry_zeroize(mbedtls_ssl_cache_entry *entry) /* zeroize and free session structure */ if (entry->session != NULL) { - mbedtls_platform_zeroize(entry->session, entry->session_len); - mbedtls_free(entry->session); + mbedtls_zeroize_and_free(entry->session, entry->session_len); } /* zeroize the whole entry structure */ @@ -324,8 +323,7 @@ exit: #endif if (session_serialized != NULL) { - mbedtls_platform_zeroize(session_serialized, session_serialized_len); - mbedtls_free(session_serialized); + mbedtls_zeroize_and_free(session_serialized, session_serialized_len); session_serialized = NULL; } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 2aba17b57..1a314a87f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5829,8 +5829,7 @@ static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, if (hs_buf->is_valid == 1) { hs->buffering.total_bytes_buffered -= hs_buf->data_len; - mbedtls_platform_zeroize(hs_buf->data, hs_buf->data_len); - mbedtls_free(hs_buf->data); + mbedtls_zeroize_and_free(hs_buf->data, hs_buf->data_len); memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); } } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d18b80a72..24a103f82 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -327,8 +327,7 @@ static int resize_buffer(unsigned char **buffer, size_t len_new, size_t *len_old * lost, are done outside of this function. */ memcpy(resized_buffer, *buffer, (len_new < *len_old) ? len_new : *len_old); - mbedtls_platform_zeroize(*buffer, *len_old); - mbedtls_free(*buffer); + mbedtls_zeroize_and_free(*buffer, *len_old); *buffer = resized_buffer; *len_old = len_new; @@ -2123,9 +2122,7 @@ static void ssl_conf_remove_psk(mbedtls_ssl_config *conf) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ if (conf->psk != NULL) { - mbedtls_platform_zeroize(conf->psk, conf->psk_len); - - mbedtls_free(conf->psk); + mbedtls_zeroize_and_free(conf->psk, conf->psk_len); conf->psk = NULL; conf->psk_len = 0; } @@ -2217,9 +2214,8 @@ static void ssl_remove_psk(mbedtls_ssl_context *ssl) } #else if (ssl->handshake->psk != NULL) { - mbedtls_platform_zeroize(ssl->handshake->psk, + mbedtls_zeroize_and_free(ssl->handshake->psk, ssl->handshake->psk_len); - mbedtls_free(ssl->handshake->psk); ssl->handshake->psk_len = 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -2975,8 +2971,7 @@ int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) * so we can free it safely */ if (ssl->hostname != NULL) { - mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname)); - mbedtls_free(ssl->hostname); + mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); } /* Passing NULL as hostname shall clear the old one */ @@ -4177,8 +4172,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) } #else if (handshake->psk != NULL) { - mbedtls_platform_zeroize(handshake->psk, handshake->psk_len); - mbedtls_free(handshake->psk); + mbedtls_zeroize_and_free(handshake->psk, handshake->psk_len); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ @@ -4851,8 +4845,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl) size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; #endif - mbedtls_platform_zeroize(ssl->out_buf, out_buf_len); - mbedtls_free(ssl->out_buf); + mbedtls_zeroize_and_free(ssl->out_buf, out_buf_len); ssl->out_buf = NULL; } @@ -4863,8 +4856,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl) size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - mbedtls_platform_zeroize(ssl->in_buf, in_buf_len); - mbedtls_free(ssl->in_buf); + mbedtls_zeroize_and_free(ssl->in_buf, in_buf_len); ssl->in_buf = NULL; } @@ -4898,8 +4890,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_CRT_PARSE_C) if (ssl->hostname != NULL) { - mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname)); - mbedtls_free(ssl->hostname); + mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); } #endif @@ -5382,15 +5373,13 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ if (conf->psk != NULL) { - mbedtls_platform_zeroize(conf->psk, conf->psk_len); - mbedtls_free(conf->psk); + mbedtls_zeroize_and_free(conf->psk, conf->psk_len); conf->psk = NULL; conf->psk_len = 0; } if (conf->psk_identity != NULL) { - mbedtls_platform_zeroize(conf->psk_identity, conf->psk_identity_len); - mbedtls_free(conf->psk_identity); + mbedtls_zeroize_and_free(conf->psk_identity, conf->psk_identity_len); conf->psk_identity = NULL; conf->psk_identity_len = 0; } @@ -9549,9 +9538,8 @@ int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, /* Now it's clear that we will overwrite the old hostname, * so we can free it safely */ if (session->hostname != NULL) { - mbedtls_platform_zeroize(session->hostname, + mbedtls_zeroize_and_free(session->hostname, strlen(session->hostname)); - mbedtls_free(session->hostname); } /* Passing NULL as hostname shall clear the old one */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 4d8442eca..5a98165d0 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -3459,16 +3459,14 @@ static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl) } if (ssl->session != NULL && ssl->session->ticket != NULL) { - mbedtls_platform_zeroize(ssl->session->ticket, + mbedtls_zeroize_and_free(ssl->session->ticket, ssl->session->ticket_len); - mbedtls_free(ssl->session->ticket); ssl->session->ticket = NULL; ssl->session->ticket_len = 0; } - mbedtls_platform_zeroize(ssl->session_negotiate->ticket, + mbedtls_zeroize_and_free(ssl->session_negotiate->ticket, ssl->session_negotiate->ticket_len); - mbedtls_free(ssl->session_negotiate->ticket); ssl->session_negotiate->ticket = NULL; ssl->session_negotiate->ticket_len = 0; diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 18997e96b..afd84a974 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1559,8 +1559,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) cleanup: if (shared_secret != NULL) { - mbedtls_platform_zeroize(shared_secret, shared_secret_len); - mbedtls_free(shared_secret); + mbedtls_zeroize_and_free(shared_secret, shared_secret_len); } return ret; diff --git a/library/x509_crl.c b/library/x509_crl.c index f6442030d..79ace8fa0 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -587,8 +587,7 @@ int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path) ret = mbedtls_x509_crl_parse(chain, buf, n); - mbedtls_platform_zeroize(buf, n); - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, n); return ret; } @@ -704,14 +703,12 @@ void mbedtls_x509_crl_free(mbedtls_x509_crl *crl) while (entry_cur != NULL) { entry_prv = entry_cur; entry_cur = entry_cur->next; - mbedtls_platform_zeroize(entry_prv, + mbedtls_zeroize_and_free(entry_prv, sizeof(mbedtls_x509_crl_entry)); - mbedtls_free(entry_prv); } if (crl_cur->raw.p != NULL) { - mbedtls_platform_zeroize(crl_cur->raw.p, crl_cur->raw.len); - mbedtls_free(crl_cur->raw.p); + mbedtls_zeroize_and_free(crl_cur->raw.p, crl_cur->raw.len); } crl_prv = crl_cur; diff --git a/library/x509_crt.c b/library/x509_crt.c index 30e9668b2..b40bad2f4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1526,8 +1526,7 @@ int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path) ret = mbedtls_x509_crt_parse(chain, buf, n); - mbedtls_platform_zeroize(buf, n); - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, n); return ret; } @@ -3258,8 +3257,7 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next); if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { - mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len); - mbedtls_free(cert_cur->raw.p); + mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len); } cert_prv = cert_cur; diff --git a/library/x509_csr.c b/library/x509_csr.c index cd117cbd4..0b2bb6f3b 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -460,8 +460,7 @@ int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path) ret = mbedtls_x509_csr_parse(csr, buf, n); - mbedtls_platform_zeroize(buf, n); - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, n); return ret; } @@ -578,8 +577,7 @@ void mbedtls_x509_csr_free(mbedtls_x509_csr *csr) mbedtls_asn1_sequence_free(csr->subject_alt_names.next); if (csr->raw.p != NULL) { - mbedtls_platform_zeroize(csr->raw.p, csr->raw.len); - mbedtls_free(csr->raw.p); + mbedtls_zeroize_and_free(csr->raw.p, csr->raw.len); } mbedtls_platform_zeroize(csr, sizeof(mbedtls_x509_csr)); From 387bfa5b84a3bafac56a57f2bc0396767556d099 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 17 Jul 2023 17:01:33 +0100 Subject: [PATCH 122/339] Add cast in psa_crypto Signed-off-by: Agathiyan Bragadeesh --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2b9c8a29f..d8ccb8a5a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7960,7 +7960,7 @@ static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_s } else { return PSA_JPAKE_STEP_INVALID; } - return key_share_step + stage->step - PSA_PAKE_STEP_KEY_SHARE; + return (psa_crypto_driver_pake_step_t) (key_share_step + stage->step - PSA_PAKE_STEP_KEY_SHARE); } #endif /* PSA_WANT_ALG_JPAKE */ From 2d310deace082ab51a9bad3b368bcb4c8989cfc6 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 17 Jul 2023 18:27:03 +0100 Subject: [PATCH 123/339] Add cast in test macros.h Signed-off-by: Agathiyan Bragadeesh --- tests/include/test/macros.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index ae84ec236..c61f4fde6 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -73,7 +73,7 @@ #define TEST_EQUAL(expr1, expr2) \ do { \ if (!mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \ - expr1, expr2)) \ + (unsigned long long) (expr1), (unsigned long long) (expr2))) \ goto exit; \ } while (0) From fb22c27f1dba59a56a1fa2f033f53fa1fad106bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Jul 2023 10:40:56 +0200 Subject: [PATCH 124/339] Misc wording fixes and improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/driver-only-builds.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 7263cfade..a55bbc569 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -30,9 +30,9 @@ TLS](proposed/psa-conditional-inclusion-c.md) for details. In addition, for each mechanism you want provided only by your driver: - Define the corresponding `PSA_WANT` macro in `psa/crypto_config.h` - this means the algorithm will be available in the PSA Crypto API. -- Define the corresponding `MBEDTLS_PSA_ACCEL` in your build (could be in - `psa/crypto_config.h` or your compiler's command line). This informs the PSA -code that an accelerator is available for this. +- Define the corresponding `MBEDTLS_PSA_ACCEL` in your build. This could be + defined in `psa/crypto_config.h` or your compiler's command line. This +informs the PSA code that an accelerator is available for this mechanism. - Undefine / comment out the corresponding `MBEDTLS_xxx_C` macro in `mbedtls/mbedtls_config.h`. This ensures the built-in implementation is not included in the build. @@ -43,10 +43,10 @@ For example, if you want SHA-256 to be provided only by a driver, you'll want In addition to these compile-time considerations, at runtime you'll need to make sure you call `psa_crypto_init()` before any function that uses the -mechanisms provided only by drivers. Note that this is already a requirement -for any use of the PSA Crypto API, as well as for use of the PK, X.509 and TLS -modules when `MBEDTLS_USE_PSA_CRYPTO` is enabled, so in most cases your -application will already be doing this. +driver-only mechanisms. Note that this is already a requirement for any use of +the PSA Crypto API, as well as for use of the PK, X.509 and TLS modules when +`MBEDTLS_USE_PSA_CRYPTO` is enabled, so in most cases your application will +already be doing this. Mechanisms covered ------------------ @@ -93,7 +93,7 @@ More precisely: `MBEDTLS_PSA_ACCEL_ALG_JPAKE` is enabled. In addition, if none of `MBEDTLS_ECDH_C`, `MBEDTLS_ECDSA_C`, -`MBEDTLS_ECJPAKE_C` is enabled, you can enable: +`MBEDTLS_ECJPAKE_C` are enabled, you can enable: - `PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY`; - `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC`; - `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT`; @@ -125,8 +125,8 @@ result in some code size savings, but not as much as when none of the above features are enabled. We do have plans to support each of these with `ecp.c` fully removed in the -future, however no established timeline. If you're interested, please let us -know, so we can take it into consideration in our planning. +future, however there is no established timeline. If you're interested, please +let us know, so we can take it into consideration in our planning. ### Limitations regarding restartable / interruptible ECC operations @@ -139,7 +139,7 @@ are not supported without `ECDH_C`. See also limitations regarding restartable operations with `MBEDTLS_USE_PSA_CRYPTO` in [its documentation](use-psa-crypto.md). -Again, we have plans to support this in the future but not established +Again, we have plans to support this in the future but not with an established timeline, please let us know if you're interested. ### Limitations regarding the selection of curves From ebb40bc3367ad19c52a192d0e967492553a36fb9 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 14 Jul 2023 17:28:27 +0100 Subject: [PATCH 125/339] Add ASSERT_FALSE macro for tests Signed-off-by: Agathiyan Bragadeesh --- tests/include/test/macros.h | 10 ++++++++++ tests/src/psa_exercise_key.c | 8 ++++---- tests/src/test_helpers/ssl_helpers.c | 4 ++-- tests/suites/test_suite_alignment.function | 2 +- tests/suites/test_suite_asn1write.function | 2 +- tests/suites/test_suite_psa_crypto.function | 6 +++--- .../test_suite_psa_crypto_driver_wrappers.function | 4 ++-- .../test_suite_psa_crypto_se_driver_hal.function | 2 +- .../test_suite_psa_crypto_slot_management.function | 2 +- tests/suites/test_suite_shax.function | 4 ++-- 10 files changed, 27 insertions(+), 17 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index ae84ec236..4d8802909 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -61,6 +61,16 @@ } \ } while (0) +/** This macro asserts fails the test with given output message. + * + * \param MESSAGE The message to be outputed on assertion + */ +#define ASSERT_FALSE(MESSAGE) \ + do { \ + mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \ + goto exit; \ + } while (0) \ + /** Evaluate two integer expressions and fail the test case if they have * different values. * diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 7f93496e7..fb4a2ce14 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -309,7 +309,7 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, hash_alg = KNOWN_SUPPORTED_HASH_ALG; alg ^= PSA_ALG_ANY_HASH ^ hash_alg; #else - TEST_ASSERT(!"No hash algorithm for hash-and-sign testing"); + ASSERT_FALSE("No hash algorithm for hash-and-sign testing"); #endif } @@ -438,7 +438,7 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length)); } else { - TEST_ASSERT(!"Key derivation algorithm not supported"); + ASSERT_FALSE("Key derivation algorithm not supported"); } if (capacity != SIZE_MAX) { @@ -798,7 +798,7 @@ int mbedtls_test_psa_exported_key_sanity_check( PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); } else { (void) exported; - TEST_ASSERT(!"Sanity check not implemented for this key type"); + ASSERT_FALSE("Sanity check not implemented for this key type"); } #if defined(MBEDTLS_DES_C) @@ -943,7 +943,7 @@ int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) { ok = exercise_key_agreement_key(key, usage, alg); } else { - TEST_ASSERT(!"No code to exercise this category of algorithm"); + ASSERT_FALSE("No code to exercise this category of algorithm"); } ok = ok && exercise_export_key(key, usage); diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index e8bbc78d1..fd13451c1 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1753,8 +1753,8 @@ static int check_ssl_version( break; default: - TEST_ASSERT( - !"Version check not implemented for this protocol version"); + ASSERT_FALSE( + "Version check not implemented for this protocol version"); } return 1; diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function index b9ceb5905..96aef8163 100644 --- a/tests/suites/test_suite_alignment.function +++ b/tests/suites/test_suite_alignment.function @@ -121,7 +121,7 @@ void mbedtls_byteswap(char *input_str, int size, char *expected_str) r = MBEDTLS_BSWAP64(input); break; default: - TEST_ASSERT(!"size must be 16, 32 or 64"); + ASSERT_FALSE("size must be 16, 32 or 64"); } TEST_EQUAL(r, expected); diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index ce0d0f388..28803b62b 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -316,7 +316,7 @@ void mbedtls_asn1_write_algorithm_identifier(data_t *oid, buf_complete[data_len + 2] = (unsigned char) (expected_params_len >> 8); buf_complete[data_len + 3] = (unsigned char) (expected_params_len); } else { - TEST_ASSERT(!"Bad test data: invalid length of ASN.1 element"); + ASSERT_FALSE("Bad test data: invalid length of ASN.1 element"); } unsigned char *p = buf_complete; TEST_EQUAL(mbedtls_asn1_get_alg(&p, end_complete, diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 83a03b3b6..eb496033e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -8780,7 +8780,7 @@ void derive_output(int alg_arg, } break; default: - TEST_ASSERT(!"default case not supported"); + ASSERT_FALSE("default case not supported"); break; } break; @@ -8830,7 +8830,7 @@ void derive_output(int alg_arg, key_agreement_peer_key->len), statuses[i]); break; default: - TEST_ASSERT(!"default case not supported"); + ASSERT_FALSE("default case not supported"); break; } @@ -9822,7 +9822,7 @@ void persistent_key_load_key_from_storage(data_t *data, break; default: - TEST_ASSERT(!"generation_method not implemented in test"); + ASSERT_FALSE("generation_method not implemented in test"); break; } psa_reset_key_attributes(&attributes); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 87f7b37d7..026592e8f 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -465,7 +465,7 @@ static int sanity_check_rsa_encryption_result( TEST_EQUAL(buf[0], 0x00); /* The rest is too hard to check */ } else { - TEST_ASSERT(!"Encryption result sanity check not implemented for RSA algorithm"); + ASSERT_FALSE("Encryption result sanity check not implemented for RSA algorithm"); } #endif /* MBEDTLS_BIGNUM_C */ @@ -2754,7 +2754,7 @@ void asymmetric_encrypt(int alg_arg, { (void) modulus; (void) private_exponent; - TEST_ASSERT(!"Encryption sanity checks not implemented for this key type"); + ASSERT_FALSE("Encryption sanity checks not implemented for this key type"); } } } diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index bb6b0e417..08ab13bf1 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -1328,7 +1328,7 @@ void sign_verify(int flow, key_management.p_export_public = ram_export_public; break; default: - TEST_ASSERT(!"unsupported flow (should be SIGN_IN_xxx)"); + ASSERT_FALSE("unsupported flow (should be SIGN_IN_xxx)"); break; } asymmetric.p_verify = ram_verify; diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index e3bb0d34f..c3f3f53ac 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -775,7 +775,7 @@ void invalid_handle(int handle_construction, mbedtls_svc_key_id_make(0, PSA_KEY_ID_VENDOR_MAX + 1); break; default: - TEST_ASSERT(!"unknown handle construction"); + ASSERT_FALSE("unknown handle construction"); } /* Attempt to use the invalid handle. */ diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 326cc79e6..6320855fd 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -275,14 +275,14 @@ void sha3_reuse(data_t *input1, data_t *hash1, case 32: type1 = MBEDTLS_SHA3_256; break; case 48: type1 = MBEDTLS_SHA3_384; break; case 64: type1 = MBEDTLS_SHA3_512; break; - default: TEST_ASSERT(!"hash1->len validity"); break; + default: ASSERT_FALSE("hash1->len validity"); break; } switch (hash2->len) { case 28: type2 = MBEDTLS_SHA3_224; break; case 32: type2 = MBEDTLS_SHA3_256; break; case 48: type2 = MBEDTLS_SHA3_384; break; case 64: type2 = MBEDTLS_SHA3_512; break; - default: TEST_ASSERT(!"hash2->len validity"); break; + default: ASSERT_FALSE("hash2->len validity"); break; } /* Round 1 */ From dc28a5a10537da96d2e0da524c3490f7305bb16f Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 18 Jul 2023 11:45:28 +0100 Subject: [PATCH 126/339] Rename ASSERT_FALSE to TEST_FAIL Signed-off-by: Agathiyan Bragadeesh --- tests/include/test/macros.h | 2 +- tests/src/psa_exercise_key.c | 8 ++++---- tests/src/test_helpers/ssl_helpers.c | 2 +- tests/suites/test_suite_alignment.function | 2 +- tests/suites/test_suite_asn1write.function | 2 +- tests/suites/test_suite_psa_crypto.function | 6 +++--- .../suites/test_suite_psa_crypto_driver_wrappers.function | 4 ++-- tests/suites/test_suite_psa_crypto_se_driver_hal.function | 2 +- .../suites/test_suite_psa_crypto_slot_management.function | 2 +- tests/suites/test_suite_shax.function | 4 ++-- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 4d8802909..6ddcb4c85 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -65,7 +65,7 @@ * * \param MESSAGE The message to be outputed on assertion */ -#define ASSERT_FALSE(MESSAGE) \ +#define TEST_FAIL(MESSAGE) \ do { \ mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \ goto exit; \ diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index fb4a2ce14..c32eca843 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -309,7 +309,7 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, hash_alg = KNOWN_SUPPORTED_HASH_ALG; alg ^= PSA_ALG_ANY_HASH ^ hash_alg; #else - ASSERT_FALSE("No hash algorithm for hash-and-sign testing"); + TEST_FAIL("No hash algorithm for hash-and-sign testing"); #endif } @@ -438,7 +438,7 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length)); } else { - ASSERT_FALSE("Key derivation algorithm not supported"); + TEST_FAIL("Key derivation algorithm not supported"); } if (capacity != SIZE_MAX) { @@ -798,7 +798,7 @@ int mbedtls_test_psa_exported_key_sanity_check( PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); } else { (void) exported; - ASSERT_FALSE("Sanity check not implemented for this key type"); + TEST_FAIL("Sanity check not implemented for this key type"); } #if defined(MBEDTLS_DES_C) @@ -943,7 +943,7 @@ int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) { ok = exercise_key_agreement_key(key, usage, alg); } else { - ASSERT_FALSE("No code to exercise this category of algorithm"); + TEST_FAIL("No code to exercise this category of algorithm"); } ok = ok && exercise_export_key(key, usage); diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index fd13451c1..f1eb1a02e 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1753,7 +1753,7 @@ static int check_ssl_version( break; default: - ASSERT_FALSE( + TEST_FAIL( "Version check not implemented for this protocol version"); } diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function index 96aef8163..e5ccd7539 100644 --- a/tests/suites/test_suite_alignment.function +++ b/tests/suites/test_suite_alignment.function @@ -121,7 +121,7 @@ void mbedtls_byteswap(char *input_str, int size, char *expected_str) r = MBEDTLS_BSWAP64(input); break; default: - ASSERT_FALSE("size must be 16, 32 or 64"); + TEST_FAIL("size must be 16, 32 or 64"); } TEST_EQUAL(r, expected); diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index 28803b62b..3d08920ba 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -316,7 +316,7 @@ void mbedtls_asn1_write_algorithm_identifier(data_t *oid, buf_complete[data_len + 2] = (unsigned char) (expected_params_len >> 8); buf_complete[data_len + 3] = (unsigned char) (expected_params_len); } else { - ASSERT_FALSE("Bad test data: invalid length of ASN.1 element"); + TEST_FAIL("Bad test data: invalid length of ASN.1 element"); } unsigned char *p = buf_complete; TEST_EQUAL(mbedtls_asn1_get_alg(&p, end_complete, diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index eb496033e..8fb328c2d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -8780,7 +8780,7 @@ void derive_output(int alg_arg, } break; default: - ASSERT_FALSE("default case not supported"); + TEST_FAIL("default case not supported"); break; } break; @@ -8830,7 +8830,7 @@ void derive_output(int alg_arg, key_agreement_peer_key->len), statuses[i]); break; default: - ASSERT_FALSE("default case not supported"); + TEST_FAIL("default case not supported"); break; } @@ -9822,7 +9822,7 @@ void persistent_key_load_key_from_storage(data_t *data, break; default: - ASSERT_FALSE("generation_method not implemented in test"); + TEST_FAIL("generation_method not implemented in test"); break; } psa_reset_key_attributes(&attributes); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 026592e8f..2b1fad1d1 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -465,7 +465,7 @@ static int sanity_check_rsa_encryption_result( TEST_EQUAL(buf[0], 0x00); /* The rest is too hard to check */ } else { - ASSERT_FALSE("Encryption result sanity check not implemented for RSA algorithm"); + TEST_FAIL("Encryption result sanity check not implemented for RSA algorithm"); } #endif /* MBEDTLS_BIGNUM_C */ @@ -2754,7 +2754,7 @@ void asymmetric_encrypt(int alg_arg, { (void) modulus; (void) private_exponent; - ASSERT_FALSE("Encryption sanity checks not implemented for this key type"); + TEST_FAIL("Encryption sanity checks not implemented for this key type"); } } } diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 08ab13bf1..5c9fc2760 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -1328,7 +1328,7 @@ void sign_verify(int flow, key_management.p_export_public = ram_export_public; break; default: - ASSERT_FALSE("unsupported flow (should be SIGN_IN_xxx)"); + TEST_FAIL("unsupported flow (should be SIGN_IN_xxx)"); break; } asymmetric.p_verify = ram_verify; diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index c3f3f53ac..905be03ea 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -775,7 +775,7 @@ void invalid_handle(int handle_construction, mbedtls_svc_key_id_make(0, PSA_KEY_ID_VENDOR_MAX + 1); break; default: - ASSERT_FALSE("unknown handle construction"); + TEST_FAIL("unknown handle construction"); } /* Attempt to use the invalid handle. */ diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 6320855fd..f68c3e95a 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -275,14 +275,14 @@ void sha3_reuse(data_t *input1, data_t *hash1, case 32: type1 = MBEDTLS_SHA3_256; break; case 48: type1 = MBEDTLS_SHA3_384; break; case 64: type1 = MBEDTLS_SHA3_512; break; - default: ASSERT_FALSE("hash1->len validity"); break; + default: TEST_FAIL("hash1->len validity"); break; } switch (hash2->len) { case 28: type2 = MBEDTLS_SHA3_224; break; case 32: type2 = MBEDTLS_SHA3_256; break; case 48: type2 = MBEDTLS_SHA3_384; break; case 64: type2 = MBEDTLS_SHA3_512; break; - default: ASSERT_FALSE("hash2->len validity"); break; + default: TEST_FAIL("hash2->len validity"); break; } /* Round 1 */ From 3a11bb82131c266018486b50c004f409497992b2 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 18 Jul 2023 16:26:29 +0100 Subject: [PATCH 127/339] Better wording around passing NULL to mbedtls_zeroize_and_free() Signed-off-by: Tom Cosgrove --- library/common.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/common.h b/library/common.h index ce92238c8..b68089e18 100644 --- a/library/common.h +++ b/library/common.h @@ -117,11 +117,13 @@ extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const cha /** * \brief Securely zeroize a buffer then free it. * - * Exactly the same as consecutive calls to - * \c mbedtls_platform_zeroize() and \c mbedtls_free(), but has a + * Similar to making consecutive calls to + * \c mbedtls_platform_zeroize() and \c mbedtls_free(), but has * code size savings, and potential for optimisation in the future. * - * \param buf Buffer to be zeroized then freed. May be \c NULL. + * Guaranteed to be a no-op if \p buf is \c NULL and \p len is 0. + * + * \param buf Buffer to be zeroized then freed. * \param len Length of the buffer in bytes */ void mbedtls_zeroize_and_free(void *buf, size_t len); From 46259f670fb7942fe0003e6c22e817f4eb4382b6 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 18 Jul 2023 16:44:14 +0100 Subject: [PATCH 128/339] Internal function mbedtls_mpi_zeroize() can be mbedtls_mpi_zeroize_and_free() Signed-off-by: Tom Cosgrove --- library/bignum.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 36effaf8d..70081de09 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -55,9 +55,9 @@ MBEDTLS_INTERNAL_VALIDATE(cond) /* Implementation that should never be optimized out by the compiler */ -static void mbedtls_mpi_zeroize(mbedtls_mpi_uint *v, size_t n) +static void mbedtls_mpi_zeroize_and_free(mbedtls_mpi_uint *v, size_t n) { - mbedtls_platform_zeroize(v, ciL * n); + mbedtls_zeroize_and_free(v, ciL * n); } /* @@ -82,8 +82,7 @@ void mbedtls_mpi_free(mbedtls_mpi *X) } if (X->p != NULL) { - mbedtls_mpi_zeroize(X->p, X->n); - mbedtls_free(X->p); + mbedtls_mpi_zeroize_and_free(X->p, X->n); } X->s = 1; @@ -110,8 +109,7 @@ int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs) if (X->p != NULL) { memcpy(p, X->p, X->n * ciL); - mbedtls_mpi_zeroize(X->p, X->n); - mbedtls_free(X->p); + mbedtls_mpi_zeroize_and_free(X->p, X->n); } X->n = nblimbs; @@ -158,8 +156,7 @@ int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs) if (X->p != NULL) { memcpy(p, X->p, i * ciL); - mbedtls_mpi_zeroize(X->p, X->n); - mbedtls_free(X->p); + mbedtls_mpi_zeroize_and_free(X->p, X->n); } X->n = i; From 65cd8519f72cecb88eff6a68c355185e9769fbe5 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 20 Jul 2023 16:46:01 +0100 Subject: [PATCH 129/339] For tests, rename ASSERT_COMPARE() to TEST_BUFFERS_EQUAL() Signed-off-by: Tom Cosgrove --- tests/include/test/macros.h | 16 +- tests/suites/test_suite_aes.function | 4 +- tests/suites/test_suite_aria.function | 16 +- tests/suites/test_suite_asn1write.function | 12 +- tests/suites/test_suite_bignum_core.function | 90 +++++----- tests/suites/test_suite_bignum_mod.function | 22 +-- .../suites/test_suite_bignum_mod_raw.function | 84 ++++----- .../suites/test_suite_bignum_random.function | 12 +- tests/suites/test_suite_ccm.function | 26 +-- tests/suites/test_suite_chacha20.function | 6 +- tests/suites/test_suite_cipher.function | 2 +- tests/suites/test_suite_common.function | 12 +- .../suites/test_suite_constant_time.function | 6 +- .../test_suite_constant_time_hmac.function | 2 +- tests/suites/test_suite_ecp.function | 22 +-- tests/suites/test_suite_gcm.function | 20 +-- tests/suites/test_suite_hkdf.function | 6 +- tests/suites/test_suite_lmots.function | 4 +- tests/suites/test_suite_lms.function | 4 +- tests/suites/test_suite_md.function | 20 +-- tests/suites/test_suite_mps.function | 164 +++++++++--------- tests/suites/test_suite_pkcs12.function | 2 +- tests/suites/test_suite_pkcs1_v21.function | 8 +- tests/suites/test_suite_pkparse.function | 2 +- tests/suites/test_suite_pkwrite.function | 8 +- .../test_suite_platform_printf.function | 6 +- tests/suites/test_suite_poly1305.function | 8 +- tests/suites/test_suite_psa_crypto.function | 86 ++++----- ..._suite_psa_crypto_driver_wrappers.function | 58 +++---- .../test_suite_psa_crypto_hash.function | 6 +- .../test_suite_psa_crypto_pake.function | 8 +- ...t_suite_psa_crypto_persistent_key.function | 6 +- ...st_suite_psa_crypto_se_driver_hal.function | 4 +- ..._suite_psa_crypto_slot_management.function | 18 +- ...t_suite_psa_crypto_storage_format.function | 4 +- tests/suites/test_suite_psa_its.function | 10 +- tests/suites/test_suite_shax.function | 10 +- tests/suites/test_suite_ssl.function | 38 ++-- tests/suites/test_suite_x509parse.function | 2 +- 39 files changed, 418 insertions(+), 416 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index ae84ec236..f67cfcc1b 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -166,14 +166,16 @@ * \param size2 Size of the second buffer in bytes. * This expression may be evaluated multiple times. */ -#define ASSERT_COMPARE(p1, size1, p2, size2) \ - do \ - { \ +#define TEST_BUFFERS_EQUAL(p1, size1, p2, size2) \ + do { \ TEST_EQUAL((size1), (size2)); \ - if ((size1) != 0) \ - TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \ - } \ - while (0) + if ((size1) != 0) { \ + TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \ + } \ + } while (0) + +/* For backwards compatibility */ +#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_BUFFERS_EQUAL(p1, size1, p2, size2) /** * \brief This macro tests the expression passed to it and skips the diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 363a5fd27..37d7f64aa 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -38,13 +38,13 @@ static int test_copy(const data_t *key, // Encrypt with copied context TEST_ASSERT(mbedtls_aes_crypt_ecb(enc, MBEDTLS_AES_ENCRYPT, plaintext, output) == 0); - ASSERT_COMPARE(ciphertext, 16, output, 16); + TEST_BUFFERS_EQUAL(ciphertext, 16, output, 16); mbedtls_aes_free(enc); // Decrypt with copied context TEST_ASSERT(mbedtls_aes_crypt_ecb(dec, MBEDTLS_AES_DECRYPT, ciphertext, output) == 0); - ASSERT_COMPARE(plaintext, 16, output, 16); + TEST_BUFFERS_EQUAL(plaintext, 16, output, 16); mbedtls_aes_free(dec); return 1; diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 9e4db2cb6..9e6d9b9d5 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -77,7 +77,7 @@ void aria_encrypt_ecb(data_t *key_str, data_t *src_str, output + i) == 0); } - ASSERT_COMPARE(output, expected_output->len, + TEST_BUFFERS_EQUAL(output, expected_output->len, expected_output->x, expected_output->len); } @@ -105,7 +105,7 @@ void aria_decrypt_ecb(data_t *key_str, data_t *src_str, output + i) == 0); } - ASSERT_COMPARE(output, expected_output->len, + TEST_BUFFERS_EQUAL(output, expected_output->len, expected_output->x, expected_output->len); } @@ -130,7 +130,7 @@ void aria_encrypt_cbc(data_t *key_str, data_t *iv_str, src_str->len, iv_str->x, src_str->x, output) == cbc_result); if (cbc_result == 0) { - ASSERT_COMPARE(output, expected_output->len, + TEST_BUFFERS_EQUAL(output, expected_output->len, expected_output->x, expected_output->len); } @@ -155,7 +155,7 @@ void aria_decrypt_cbc(data_t *key_str, data_t *iv_str, src_str->len, iv_str->x, src_str->x, output) == cbc_result); if (cbc_result == 0) { - ASSERT_COMPARE(output, expected_output->len, + TEST_BUFFERS_EQUAL(output, expected_output->len, expected_output->x, expected_output->len); } @@ -182,7 +182,7 @@ void aria_encrypt_cfb128(data_t *key_str, data_t *iv_str, iv_str->x, src_str->x, output) == result); - ASSERT_COMPARE(output, expected_output->len, + TEST_BUFFERS_EQUAL(output, expected_output->len, expected_output->x, expected_output->len); exit: @@ -208,7 +208,7 @@ void aria_decrypt_cfb128(data_t *key_str, data_t *iv_str, iv_str->x, src_str->x, output) == result); - ASSERT_COMPARE(output, expected_output->len, + TEST_BUFFERS_EQUAL(output, expected_output->len, expected_output->x, expected_output->len); exit: @@ -234,7 +234,7 @@ void aria_encrypt_ctr(data_t *key_str, data_t *iv_str, iv_str->x, blk, src_str->x, output) == result); - ASSERT_COMPARE(output, expected_output->len, + TEST_BUFFERS_EQUAL(output, expected_output->len, expected_output->x, expected_output->len); exit: @@ -260,7 +260,7 @@ void aria_decrypt_ctr(data_t *key_str, data_t *iv_str, iv_str->x, blk, src_str->x, output) == result); - ASSERT_COMPARE(output, expected_output->len, + TEST_BUFFERS_EQUAL(output, expected_output->len, expected_output->x, expected_output->len); exit: diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index ce0d0f388..0e3b5dfc8 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -37,7 +37,7 @@ int generic_write_finish_step(generic_write_data_t *data, TEST_EQUAL(ret, data->end - data->p); TEST_ASSERT(data->p >= data->start); TEST_ASSERT(data->p <= data->end); - ASSERT_COMPARE(data->p, (size_t) (data->end - data->p), + TEST_BUFFERS_EQUAL(data->p, (size_t) (data->end - data->p), expected->x, expected->len); } ok = 1; @@ -322,7 +322,7 @@ void mbedtls_asn1_write_algorithm_identifier(data_t *oid, TEST_EQUAL(mbedtls_asn1_get_alg(&p, end_complete, &alg, ¶ms), 0); TEST_EQUAL(alg.tag, MBEDTLS_ASN1_OID); - ASSERT_COMPARE(alg.p, alg.len, oid->x, oid->len); + TEST_BUFFERS_EQUAL(alg.p, alg.len, oid->x, oid->len); TEST_EQUAL(params.tag, expected_params_tag); TEST_EQUAL(params.len, expected_params_len); mbedtls_free(buf_complete); @@ -440,7 +440,7 @@ void test_asn1_write_bitstrings(data_t *bitstring, int bits, mbedtls_asn1_bitstring read = { 0, 0, NULL }; TEST_EQUAL(mbedtls_asn1_get_bitstring(&data.p, data.end, &read), 0); - ASSERT_COMPARE(read.p, read.len, + TEST_BUFFERS_EQUAL(read.p, read.len, masked_bitstring, byte_length); TEST_EQUAL(read.unused_bits, 8 * byte_length - value_bits); } @@ -545,7 +545,7 @@ void store_named_data_val_found(int old_len, int new_len) TEST_ASSERT(found == head); if (new_val != NULL) { - ASSERT_COMPARE(found->val.p, found->val.len, + TEST_BUFFERS_EQUAL(found->val.p, found->val.len, new_val, (size_t) new_len); } if (new_len == 0) { @@ -580,14 +580,14 @@ void store_named_data_val_new(int new_len, int set_new_val) TEST_ASSERT(found != NULL); TEST_ASSERT(found == head); TEST_ASSERT(found->oid.p != oid); - ASSERT_COMPARE(found->oid.p, found->oid.len, oid, oid_len); + TEST_BUFFERS_EQUAL(found->oid.p, found->oid.len, oid, oid_len); if (new_len == 0) { TEST_ASSERT(found->val.p == NULL); } else if (new_val == NULL) { TEST_ASSERT(found->val.p != NULL); } else { TEST_ASSERT(found->val.p != new_val); - ASSERT_COMPARE(found->val.p, found->val.len, + TEST_BUFFERS_EQUAL(found->val.p, found->val.len, new_val, (size_t) new_len); } diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index 81a3a4531..f132c3467 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -34,45 +34,45 @@ static int mpi_core_verify_add(mbedtls_mpi_uint *A, /* A + B => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add(X, A, B, limbs)); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); /* A + B; alias output and first operand => correct result and carry */ memcpy(X, A, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_add(X, X, B, limbs)); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); /* A + B; alias output and second operand => correct result and carry */ memcpy(X, B, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_add(X, A, X, limbs)); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); if (memcmp(A, B, bytes) == 0) { /* A == B, so test where A and B are aliased */ /* A + A => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add(X, A, A, limbs)); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); /* A + A, output aliased to both operands => correct result and carry */ memcpy(X, A, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_add(X, X, X, limbs)); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); } else { /* A != B, so test B + A */ /* B + A => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add(X, B, A, limbs)); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); /* B + A; alias output and first operand => correct result and carry */ memcpy(X, B, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_add(X, X, A, limbs)); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); /* B + A; alias output and second operand => correct result and carry */ memcpy(X, A, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_add(X, B, X, limbs)); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); } ret = 1; @@ -111,11 +111,11 @@ static int mpi_core_verify_add_if(mbedtls_mpi_uint *A, /* cond = 0 => X unchanged, no carry */ memcpy(X, A, bytes); TEST_EQUAL(0, mbedtls_mpi_core_add_if(X, B, limbs, 0)); - ASSERT_COMPARE(X, bytes, A, bytes); + TEST_BUFFERS_EQUAL(X, bytes, A, bytes); /* cond = 1 => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add_if(X, B, limbs, 1)); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); if (memcmp(A, B, bytes) == 0) { /* A == B, so test where A and B are aliased */ @@ -123,22 +123,22 @@ static int mpi_core_verify_add_if(mbedtls_mpi_uint *A, /* cond = 0 => X unchanged, no carry */ memcpy(X, B, bytes); TEST_EQUAL(0, mbedtls_mpi_core_add_if(X, X, limbs, 0)); - ASSERT_COMPARE(X, bytes, B, bytes); + TEST_BUFFERS_EQUAL(X, bytes, B, bytes); /* cond = 1 => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add_if(X, X, limbs, 1)); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); } else { /* A != B, so test B + A */ /* cond = 0 => d unchanged, no carry */ memcpy(X, B, bytes); TEST_EQUAL(0, mbedtls_mpi_core_add_if(X, A, limbs, 0)); - ASSERT_COMPARE(X, bytes, B, bytes); + TEST_BUFFERS_EQUAL(X, bytes, B, bytes); /* cond = 1 => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add_if(X, A, limbs, 1)); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); } ret = 1; @@ -458,10 +458,10 @@ void mpi_core_cond_assign(char *input_X, TEST_CF_PUBLIC(X, bytes); TEST_CF_PUBLIC(Y, bytes); - ASSERT_COMPARE(X, copy_bytes, Y, copy_bytes); + TEST_BUFFERS_EQUAL(X, copy_bytes, Y, copy_bytes); TEST_ASSERT(memcmp(X, Y, bytes) != 0); } else { - ASSERT_COMPARE(X, bytes, Y, bytes); + TEST_BUFFERS_EQUAL(X, bytes, Y, bytes); } exit: @@ -508,8 +508,8 @@ void mpi_core_cond_swap(char *input_X, TEST_CF_PUBLIC(X, bytes); TEST_CF_PUBLIC(Y, bytes); - ASSERT_COMPARE(X, bytes, tmp_X, bytes); - ASSERT_COMPARE(Y, bytes, tmp_Y, bytes); + TEST_BUFFERS_EQUAL(X, bytes, tmp_X, bytes); + TEST_BUFFERS_EQUAL(Y, bytes, tmp_Y, bytes); /* condition is true */ TEST_CF_SECRET(X, bytes); @@ -523,15 +523,15 @@ void mpi_core_cond_swap(char *input_X, /* Check if the given length is copied even it is smaller than the length of the given MPIs. */ if (copy_limbs < limbs) { - ASSERT_COMPARE(X, copy_bytes, tmp_Y, copy_bytes); - ASSERT_COMPARE(Y, copy_bytes, tmp_X, copy_bytes); + TEST_BUFFERS_EQUAL(X, copy_bytes, tmp_Y, copy_bytes); + TEST_BUFFERS_EQUAL(Y, copy_bytes, tmp_X, copy_bytes); TEST_ASSERT(memcmp(X, tmp_X, bytes) != 0); TEST_ASSERT(memcmp(X, tmp_Y, bytes) != 0); TEST_ASSERT(memcmp(Y, tmp_X, bytes) != 0); TEST_ASSERT(memcmp(Y, tmp_Y, bytes) != 0); } else { - ASSERT_COMPARE(X, bytes, tmp_Y, bytes); - ASSERT_COMPARE(Y, bytes, tmp_X, bytes); + TEST_BUFFERS_EQUAL(X, bytes, tmp_Y, bytes); + TEST_BUFFERS_EQUAL(Y, bytes, tmp_X, bytes); } exit: @@ -554,7 +554,7 @@ void mpi_core_shift_r(char *input, int count, char *result) TEST_EQUAL(limbs, n); mbedtls_mpi_core_shift_r(X, limbs, count); - ASSERT_COMPARE(X, limbs * ciL, Y, limbs * ciL); + TEST_BUFFERS_EQUAL(X, limbs * ciL, Y, limbs * ciL); exit: mbedtls_free(X); @@ -574,7 +574,7 @@ void mpi_core_shift_l(char *input, int count, char *result) TEST_EQUAL(limbs, n); mbedtls_mpi_core_shift_l(X, limbs, count); - ASSERT_COMPARE(X, limbs * ciL, Y, limbs * ciL); + TEST_BUFFERS_EQUAL(X, limbs * ciL, Y, limbs * ciL); exit: mbedtls_free(X); @@ -664,7 +664,7 @@ void mpi_core_sub(char *input_A, char *input_B, TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, a, b, limbs)); /* 1b) r = a - b => we should get the correct result */ - ASSERT_COMPARE(r, bytes, x, bytes); + TEST_BUFFERS_EQUAL(r, bytes, x, bytes); /* 2 and 3 test "r may be aliased to a or b" */ /* 2a) r = a; r -= b => we should get the correct carry (use r to avoid clobbering a) */ @@ -672,20 +672,20 @@ void mpi_core_sub(char *input_A, char *input_B, TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, r, b, limbs)); /* 2b) r -= b => we should get the correct result */ - ASSERT_COMPARE(r, bytes, x, bytes); + TEST_BUFFERS_EQUAL(r, bytes, x, bytes); /* 3a) r = b; r = a - r => we should get the correct carry (use r to avoid clobbering b) */ memcpy(r, b, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, a, r, limbs)); /* 3b) r = a - b => we should get the correct result */ - ASSERT_COMPARE(r, bytes, x, bytes); + TEST_BUFFERS_EQUAL(r, bytes, x, bytes); /* 4 tests "r may be aliased to [...] both" */ if (A.n == B.n && memcmp(A.p, B.p, bytes) == 0) { memcpy(r, b, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, r, r, limbs)); - ASSERT_COMPARE(r, bytes, x, bytes); + TEST_BUFFERS_EQUAL(r, bytes, x, bytes); } exit: @@ -774,13 +774,13 @@ void mpi_core_mla(char *input_A, char *input_B, char *input_S, TEST_EQUAL(mbedtls_mpi_core_mla(a, limbs, B.p, B.n, *S.p), *cy->p); /* 1b) A += B * s => we should get the correct result */ - ASSERT_COMPARE(a, bytes, x, bytes); + TEST_BUFFERS_EQUAL(a, bytes, x, bytes); if (A.n == B.n && memcmp(A.p, B.p, bytes) == 0) { /* Check when A and B are aliased */ memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint)); TEST_EQUAL(mbedtls_mpi_core_mla(a, limbs, a, limbs, *S.p), *cy->p); - ASSERT_COMPARE(a, bytes, x, bytes); + TEST_BUFFERS_EQUAL(a, bytes, x, bytes); } exit: @@ -890,14 +890,14 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4, mbedtls_mpi_core_montmul(R.p, A.p, B.p, B.n, N.p, N.n, mm, T.p); size_t bytes = N.n * sizeof(mbedtls_mpi_uint); - ASSERT_COMPARE(R.p, bytes, X->p, bytes); + TEST_BUFFERS_EQUAL(R.p, bytes, X->p, bytes); /* The output (R, above) may be aliased to A - use R to save the value of A */ memcpy(R.p, A.p, bytes); mbedtls_mpi_core_montmul(A.p, A.p, B.p, B.n, N.p, N.n, mm, T.p); - ASSERT_COMPARE(A.p, bytes, X->p, bytes); + TEST_BUFFERS_EQUAL(A.p, bytes, X->p, bytes); memcpy(A.p, R.p, bytes); /* restore A */ @@ -906,7 +906,7 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4, memcpy(R.p, N.p, bytes); mbedtls_mpi_core_montmul(N.p, A.p, B.p, B.n, N.p, N.n, mm, T.p); - ASSERT_COMPARE(N.p, bytes, X->p, bytes); + TEST_BUFFERS_EQUAL(N.p, bytes, X->p, bytes); memcpy(N.p, R.p, bytes); @@ -917,7 +917,7 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4, * don't bother with yet another test with only A and B aliased */ mbedtls_mpi_core_montmul(B.p, B.p, B.p, B.n, N.p, N.n, mm, T.p); - ASSERT_COMPARE(B.p, bytes, X->p, bytes); + TEST_BUFFERS_EQUAL(B.p, bytes, X->p, bytes); memcpy(B.p, A.p, bytes); /* restore B from equal value A */ } @@ -925,7 +925,7 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4, /* The output may be aliased to B - last test, so we don't save B */ mbedtls_mpi_core_montmul(B.p, A.p, B.p, B.n, N.p, N.n, mm, T.p); - ASSERT_COMPARE(B.p, bytes, X->p, bytes); + TEST_BUFFERS_EQUAL(B.p, bytes, X->p, bytes); } exit: @@ -1046,7 +1046,7 @@ void mpi_core_ct_uint_table_lookup(int bitlen, int window_size) TEST_CF_PUBLIC(dest, limbs * sizeof(*dest)); TEST_CF_PUBLIC(table, count * limbs * sizeof(*table)); - ASSERT_COMPARE(dest, limbs * sizeof(*dest), + TEST_BUFFERS_EQUAL(dest, limbs * sizeof(*dest), current, limbs * sizeof(*current)); TEST_CF_PUBLIC(&i, sizeof(i)); } @@ -1143,24 +1143,24 @@ void mpi_core_mul(char *input_A, /* 1. X = A * B - result should be correct, A and B unchanged */ mbedtls_mpi_core_mul(X, A, A_limbs, B, B_limbs); - ASSERT_COMPARE(X, X_bytes, R, X_bytes); - ASSERT_COMPARE(A, A_bytes, A_orig, A_bytes); - ASSERT_COMPARE(B, B_bytes, B_orig, B_bytes); + TEST_BUFFERS_EQUAL(X, X_bytes, R, X_bytes); + TEST_BUFFERS_EQUAL(A, A_bytes, A_orig, A_bytes); + TEST_BUFFERS_EQUAL(B, B_bytes, B_orig, B_bytes); /* 2. A == B: alias A and B - result should be correct, A and B unchanged */ if (A_bytes == B_bytes && memcmp(A, B, A_bytes) == 0) { memset(X, '!', X_bytes); mbedtls_mpi_core_mul(X, A, A_limbs, A, A_limbs); - ASSERT_COMPARE(X, X_bytes, R, X_bytes); - ASSERT_COMPARE(A, A_bytes, A_orig, A_bytes); + TEST_BUFFERS_EQUAL(X, X_bytes, R, X_bytes); + TEST_BUFFERS_EQUAL(A, A_bytes, A_orig, A_bytes); } /* 3. X = B * A - result should be correct, A and B unchanged */ else { memset(X, '!', X_bytes); mbedtls_mpi_core_mul(X, B, B_limbs, A, A_limbs); - ASSERT_COMPARE(X, X_bytes, R, X_bytes); - ASSERT_COMPARE(A, A_bytes, A_orig, A_bytes); - ASSERT_COMPARE(B, B_bytes, B_orig, B_bytes); + TEST_BUFFERS_EQUAL(X, X_bytes, R, X_bytes); + TEST_BUFFERS_EQUAL(A, A_bytes, A_orig, A_bytes); + TEST_BUFFERS_EQUAL(B, B_bytes, B_orig, B_bytes); } exit: @@ -1280,7 +1280,7 @@ void mpi_core_sub_int(char *input_A, char *input_B, ASSERT_ALLOC(R, limbs); #define TEST_COMPARE_CORE_MPIS(A, B, limbs) \ - ASSERT_COMPARE(A, (limbs) * sizeof(mbedtls_mpi_uint), B, (limbs) * sizeof(mbedtls_mpi_uint)) + TEST_BUFFERS_EQUAL(A, (limbs) * sizeof(mbedtls_mpi_uint), B, (limbs) * sizeof(mbedtls_mpi_uint)) /* 1. R = A - b. Result and borrow should be correct */ TEST_EQUAL(mbedtls_mpi_core_sub_int(R, A, B[0], limbs), borrow); diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 4edc0b90e..8f0b6732a 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -7,7 +7,7 @@ #include "test/constant_flow.h" #define TEST_COMPARE_MPI_RESIDUES(a, b) \ - ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \ + TEST_BUFFERS_EQUAL((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \ (b).p, (b).limbs * sizeof(mbedtls_mpi_uint)) static int test_read_residue(mbedtls_mpi_mod_residue *r, @@ -128,42 +128,42 @@ void mpi_mod_mul(char *input_A, TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rB, &m), 0); - ASSERT_COMPARE(rX.p, bytes, rR.p, bytes); + TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); /* alias X to A */ memcpy(rX.p, rA.p, bytes); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rB, &m), 0); - ASSERT_COMPARE(rX.p, bytes, rR.p, bytes); + TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); /* alias X to B */ memcpy(rX.p, rB.p, bytes); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rX, &m), 0); - ASSERT_COMPARE(rX.p, bytes, rR.p, bytes); + TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); /* A == B: alias A and B */ if (memcmp(rA.p, rB.p, bytes) == 0) { TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA, &m), 0); - ASSERT_COMPARE(rX.p, bytes, rR.p, bytes); + TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); /* X, A, B all aliased together */ memcpy(rX.p, rA.p, bytes); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rX, &m), 0); - ASSERT_COMPARE(rX.p, bytes, rR.p, bytes); + TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); } /* A != B: test B * A */ else { TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rB, &rA, &m), 0); - ASSERT_COMPARE(rX.p, bytes, rR.p, bytes); + TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); /* B * A: alias X to A */ memcpy(rX.p, rA.p, bytes); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rB, &rX, &m), 0); - ASSERT_COMPARE(rX.p, bytes, rR.p, bytes); + TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); /* B + A: alias X to B */ memcpy(rX.p, rB.p, bytes); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rA, &m), 0); - ASSERT_COMPARE(rX.p, bytes, rR.p, bytes); + TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); } exit: @@ -702,7 +702,7 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian) TEST_EQUAL(0, mbedtls_mpi_mod_write(&r, &m, obuf, obuf_sizes[i], endian)); /* Make sure that writing didn't corrupt the value of r */ - ASSERT_COMPARE(r.p, r.limbs, r_copy.p, r_copy.limbs); + TEST_BUFFERS_EQUAL(r.p, r.limbs, r_copy.p, r_copy.limbs); /* Set up reference output for checking the result */ ASSERT_ALLOC(ref_buf, obuf_sizes[i]); @@ -723,7 +723,7 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian) } /* Check the result */ - ASSERT_COMPARE(obuf, obuf_sizes[i], ref_buf, obuf_sizes[i]); + TEST_BUFFERS_EQUAL(obuf, obuf_sizes[i], ref_buf, obuf_sizes[i]); mbedtls_free(ref_buf); ref_buf = NULL; diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index b67ac51df..ec4a7b5cf 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -161,10 +161,10 @@ void mpi_mod_raw_cond_assign(char *input_X, /* Check if the given length is copied even it is smaller than the length of the given MPIs. */ if (copy_limbs < limbs) { - ASSERT_COMPARE(X, copy_bytes, Y, copy_bytes); + TEST_BUFFERS_EQUAL(X, copy_bytes, Y, copy_bytes); TEST_ASSERT(memcmp(X, Y, bytes) != 0); } else { - ASSERT_COMPARE(X, bytes, Y, bytes); + TEST_BUFFERS_EQUAL(X, bytes, Y, bytes); } exit: @@ -223,8 +223,8 @@ void mpi_mod_raw_cond_swap(char *input_X, TEST_CF_PUBLIC(X, bytes); TEST_CF_PUBLIC(Y, bytes); - ASSERT_COMPARE(X, bytes, tmp_X, bytes); - ASSERT_COMPARE(Y, bytes, tmp_Y, bytes); + TEST_BUFFERS_EQUAL(X, bytes, tmp_X, bytes); + TEST_BUFFERS_EQUAL(Y, bytes, tmp_Y, bytes); /* condition is true */ TEST_CF_SECRET(X, bytes); @@ -238,15 +238,15 @@ void mpi_mod_raw_cond_swap(char *input_X, /* Check if the given length is copied even it is smaller than the length of the given MPIs. */ if (copy_limbs < limbs) { - ASSERT_COMPARE(X, copy_bytes, tmp_Y, copy_bytes); - ASSERT_COMPARE(Y, copy_bytes, tmp_X, copy_bytes); + TEST_BUFFERS_EQUAL(X, copy_bytes, tmp_Y, copy_bytes); + TEST_BUFFERS_EQUAL(Y, copy_bytes, tmp_X, copy_bytes); TEST_ASSERT(memcmp(X, tmp_X, bytes) != 0); TEST_ASSERT(memcmp(X, tmp_Y, bytes) != 0); TEST_ASSERT(memcmp(Y, tmp_X, bytes) != 0); TEST_ASSERT(memcmp(Y, tmp_Y, bytes) != 0); } else { - ASSERT_COMPARE(X, bytes, tmp_Y, bytes); - ASSERT_COMPARE(Y, bytes, tmp_X, bytes); + TEST_BUFFERS_EQUAL(X, bytes, tmp_Y, bytes); + TEST_BUFFERS_EQUAL(Y, bytes, tmp_X, bytes); } exit: @@ -297,27 +297,27 @@ void mpi_mod_raw_sub(char *input_A, &m, N, limbs), 0); mbedtls_mpi_mod_raw_sub(X, A, B, &m); - ASSERT_COMPARE(X, bytes, res, bytes); + TEST_BUFFERS_EQUAL(X, bytes, res, bytes); /* alias X to A */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_sub(X, X, B, &m); - ASSERT_COMPARE(X, bytes, res, bytes); + TEST_BUFFERS_EQUAL(X, bytes, res, bytes); /* alias X to B */ memcpy(X, B, bytes); mbedtls_mpi_mod_raw_sub(X, A, X, &m); - ASSERT_COMPARE(X, bytes, res, bytes); + TEST_BUFFERS_EQUAL(X, bytes, res, bytes); /* A == B: alias A and B */ if (memcmp(A, B, bytes) == 0) { mbedtls_mpi_mod_raw_sub(X, A, A, &m); - ASSERT_COMPARE(X, bytes, res, bytes); + TEST_BUFFERS_EQUAL(X, bytes, res, bytes); /* X, A, B all aliased together */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_sub(X, X, X, &m); - ASSERT_COMPARE(X, bytes, res, bytes); + TEST_BUFFERS_EQUAL(X, bytes, res, bytes); } exit: mbedtls_free(A); @@ -367,7 +367,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N, &m, N, limbs), 0); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); - ASSERT_COMPARE(X, bytes, res, bytes); + TEST_BUFFERS_EQUAL(X, bytes, res, bytes); exit: mbedtls_free(X); @@ -420,42 +420,42 @@ void mpi_mod_raw_mul(char *input_A, ASSERT_ALLOC(T, limbs_T); mbedtls_mpi_mod_raw_mul(X, A, B, &m, T); - ASSERT_COMPARE(X, bytes, R, bytes); + TEST_BUFFERS_EQUAL(X, bytes, R, bytes); /* alias X to A */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_mul(X, X, B, &m, T); - ASSERT_COMPARE(X, bytes, R, bytes); + TEST_BUFFERS_EQUAL(X, bytes, R, bytes); /* alias X to B */ memcpy(X, B, bytes); mbedtls_mpi_mod_raw_mul(X, A, X, &m, T); - ASSERT_COMPARE(X, bytes, R, bytes); + TEST_BUFFERS_EQUAL(X, bytes, R, bytes); /* A == B: alias A and B */ if (memcmp(A, B, bytes) == 0) { mbedtls_mpi_mod_raw_mul(X, A, A, &m, T); - ASSERT_COMPARE(X, bytes, R, bytes); + TEST_BUFFERS_EQUAL(X, bytes, R, bytes); /* X, A, B all aliased together */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_mul(X, X, X, &m, T); - ASSERT_COMPARE(X, bytes, R, bytes); + TEST_BUFFERS_EQUAL(X, bytes, R, bytes); } /* A != B: test B * A */ else { mbedtls_mpi_mod_raw_mul(X, B, A, &m, T); - ASSERT_COMPARE(X, bytes, R, bytes); + TEST_BUFFERS_EQUAL(X, bytes, R, bytes); /* B * A: alias X to A */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_mul(X, B, X, &m, T); - ASSERT_COMPARE(X, bytes, R, bytes); + TEST_BUFFERS_EQUAL(X, bytes, R, bytes); /* B + A: alias X to B */ memcpy(X, B, bytes); mbedtls_mpi_mod_raw_mul(X, X, A, &m, T); - ASSERT_COMPARE(X, bytes, R, bytes); + TEST_BUFFERS_EQUAL(X, bytes, R, bytes); } exit: @@ -578,45 +578,45 @@ void mpi_mod_raw_add(char *input_N, /* A + B => Correct result */ mbedtls_mpi_mod_raw_add(X, A, B, &m); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); /* A + B: alias X to A => Correct result */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_add(X, X, B, &m); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); /* A + B: alias X to B => Correct result */ memcpy(X, B, bytes); mbedtls_mpi_mod_raw_add(X, A, X, &m); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); if (memcmp(A, B, bytes) == 0) { /* A == B: alias A and B */ /* A + A => Correct result */ mbedtls_mpi_mod_raw_add(X, A, A, &m); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); /* A + A: X, A, B all aliased together => Correct result */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_add(X, X, X, &m); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); } else { /* A != B: test B + A */ /* B + A => Correct result */ mbedtls_mpi_mod_raw_add(X, B, A, &m); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); /* B + A: alias X to A => Correct result */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_add(X, B, X, &m); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); /* B + A: alias X to B => Correct result */ memcpy(X, B, bytes); mbedtls_mpi_mod_raw_add(X, X, A, &m); - ASSERT_COMPARE(X, bytes, S, bytes); + TEST_BUFFERS_EQUAL(X, bytes, S, bytes); } exit: @@ -647,7 +647,7 @@ void mpi_mod_raw_canonical_to_modulus_rep(const char *input_N, int rep, TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X)); TEST_EQUAL(0, mbedtls_mpi_mod_raw_canonical_to_modulus_rep(A, &N)); - ASSERT_COMPARE(A, A_limbs * sizeof(mbedtls_mpi_uint), + TEST_BUFFERS_EQUAL(A, A_limbs * sizeof(mbedtls_mpi_uint), X, X_limbs * sizeof(mbedtls_mpi_uint)); exit: @@ -674,7 +674,7 @@ void mpi_mod_raw_modulus_to_canonical_rep(const char *input_N, int rep, TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X)); TEST_EQUAL(0, mbedtls_mpi_mod_raw_modulus_to_canonical_rep(A, &N)); - ASSERT_COMPARE(A, A_limbs * sizeof(mbedtls_mpi_uint), + TEST_BUFFERS_EQUAL(A, A_limbs * sizeof(mbedtls_mpi_uint), X, X_limbs * sizeof(mbedtls_mpi_uint)); exit: @@ -723,20 +723,20 @@ void mpi_mod_raw_to_mont_rep(char *input_N, char *input_A, char *input_X) mbedtls_mpi_core_to_mont_rep(R, A, N, n_limbs, m.rep.mont.mm, m.rep.mont.rr, T); /* Test that the low-level function gives the required value */ - ASSERT_COMPARE(R, bytes, X, bytes); + TEST_BUFFERS_EQUAL(R, bytes, X, bytes); /* Test when output is aliased to input */ memcpy(R, A, bytes); mbedtls_mpi_core_to_mont_rep(R, R, N, n_limbs, m.rep.mont.mm, m.rep.mont.rr, T); - ASSERT_COMPARE(R, bytes, X, bytes); + TEST_BUFFERS_EQUAL(R, bytes, X, bytes); /* 2. Test higher-level cannonical to Montgomery conversion */ TEST_EQUAL(0, mbedtls_mpi_mod_raw_to_mont_rep(A, &m)); /* The result matches expected value */ - ASSERT_COMPARE(A, bytes, X, bytes); + TEST_BUFFERS_EQUAL(A, bytes, X, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); @@ -787,20 +787,20 @@ void mpi_mod_raw_from_mont_rep(char *input_N, char *input_A, char *input_X) mbedtls_mpi_core_from_mont_rep(R, A, N, n_limbs, m.rep.mont.mm, T); /* Test that the low-level function gives the required value */ - ASSERT_COMPARE(R, bytes, X, bytes); + TEST_BUFFERS_EQUAL(R, bytes, X, bytes); /* Test when output is aliased to input */ memcpy(R, A, bytes); mbedtls_mpi_core_from_mont_rep(R, R, N, n_limbs, m.rep.mont.mm, T); - ASSERT_COMPARE(R, bytes, X, bytes); + TEST_BUFFERS_EQUAL(R, bytes, X, bytes); /* 2. Test higher-level Montgomery to cannonical conversion */ TEST_EQUAL(0, mbedtls_mpi_mod_raw_from_mont_rep(A, &m)); /* The result matches expected value */ - ASSERT_COMPARE(A, bytes, X, bytes); + TEST_BUFFERS_EQUAL(A, bytes, X, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); @@ -841,19 +841,19 @@ void mpi_mod_raw_neg(char *input_N, char *input_A, char *input_X) /* Neg( A == 0 ) => Zero result */ mbedtls_mpi_mod_raw_neg(R, Z, &m); - ASSERT_COMPARE(R, bytes, Z, bytes); + TEST_BUFFERS_EQUAL(R, bytes, Z, bytes); /* Neg( A == N ) => Zero result */ mbedtls_mpi_mod_raw_neg(R, N, &m); - ASSERT_COMPARE(R, bytes, Z, bytes); + TEST_BUFFERS_EQUAL(R, bytes, Z, bytes); /* Neg( A ) => Correct result */ mbedtls_mpi_mod_raw_neg(R, A, &m); - ASSERT_COMPARE(R, bytes, X, bytes); + TEST_BUFFERS_EQUAL(R, bytes, X, bytes); /* Neg( A ): alias A to R => Correct result */ mbedtls_mpi_mod_raw_neg(A, A, &m); - ASSERT_COMPARE(A, bytes, X, bytes); + TEST_BUFFERS_EQUAL(A, bytes, X, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); mbedtls_free(N); diff --git a/tests/suites/test_suite_bignum_random.function b/tests/suites/test_suite_bignum_random.function index 34221a796..c7d277f95 100644 --- a/tests/suites/test_suite_bignum_random.function +++ b/tests/suites/test_suite_bignum_random.function @@ -174,7 +174,7 @@ void mpi_legacy_random_values(int min, char *max_hex) * same number, with the same limb count. */ TEST_EQUAL(core_ret, legacy_ret); if (core_ret == 0) { - ASSERT_COMPARE(R_core, limbs * ciL, + TEST_BUFFERS_EQUAL(R_core, limbs * ciL, R_legacy.p, R_legacy.n * ciL); } @@ -182,7 +182,7 @@ void mpi_legacy_random_values(int min, char *max_hex) /* This may theoretically fail on rare platforms with padding in * the structure! If this is a problem in practice, change to a * field-by-field comparison. */ - ASSERT_COMPARE(&rnd_core, sizeof(rnd_core), + TEST_BUFFERS_EQUAL(&rnd_core, sizeof(rnd_core), &rnd_legacy, sizeof(rnd_legacy)); exit: @@ -237,11 +237,11 @@ void mpi_mod_random_values(int min, char *max_hex, int rep) if (core_ret == 0) { TEST_EQUAL(mbedtls_mpi_mod_raw_modulus_to_canonical_rep(R_mod_raw, &N), 0); - ASSERT_COMPARE(R_core, N.limbs * ciL, + TEST_BUFFERS_EQUAL(R_core, N.limbs * ciL, R_mod_raw, N.limbs * ciL); TEST_EQUAL(mbedtls_mpi_mod_raw_modulus_to_canonical_rep(R_mod_digits, &N), 0); - ASSERT_COMPARE(R_core, N.limbs * ciL, + TEST_BUFFERS_EQUAL(R_core, N.limbs * ciL, R_mod_digits, N.limbs * ciL); } @@ -249,9 +249,9 @@ void mpi_mod_random_values(int min, char *max_hex, int rep) /* This may theoretically fail on rare platforms with padding in * the structure! If this is a problem in practice, change to a * field-by-field comparison. */ - ASSERT_COMPARE(&rnd_core, sizeof(rnd_core), + TEST_BUFFERS_EQUAL(&rnd_core, sizeof(rnd_core), &rnd_mod_raw, sizeof(rnd_mod_raw)); - ASSERT_COMPARE(&rnd_core, sizeof(rnd_core), + TEST_BUFFERS_EQUAL(&rnd_core, sizeof(rnd_core), &rnd_mod, sizeof(rnd_mod)); exit: diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 8c5e6abb5..0da923fdd 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -36,7 +36,7 @@ static int check_multipart(mbedtls_ccm_context *ctx, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen)); TEST_EQUAL(n1, olen); - ASSERT_COMPARE(output, olen, expected_output->x, n1); + TEST_BUFFERS_EQUAL(output, olen, expected_output->x, n1); mbedtls_free(output); output = NULL; @@ -44,13 +44,13 @@ static int check_multipart(mbedtls_ccm_context *ctx, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen)); TEST_EQUAL(n2, olen); - ASSERT_COMPARE(output, olen, expected_output->x + n1, n2); + TEST_BUFFERS_EQUAL(output, olen, expected_output->x + n1, n2); mbedtls_free(output); output = NULL; ASSERT_ALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len)); - ASSERT_COMPARE(output, tag->len, tag->x, tag->len); + TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); mbedtls_free(output); output = NULL; @@ -204,8 +204,8 @@ void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key, TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len, io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0); - ASSERT_COMPARE(io_msg_buf, msg->len, result->x, msg->len); - ASSERT_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); + TEST_BUFFERS_EQUAL(io_msg_buf, msg->len, result->x, msg->len); + TEST_BUFFERS_EQUAL(tag_buf, expected_tag_len, expected_tag, expected_tag_len); /* Prepare data_t structures for multipart testing */ const data_t encrypted_expected = { .x = result->x, @@ -249,7 +249,7 @@ void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key, ASSERT_ALLOC(output, msg->len); TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); TEST_EQUAL(result->len, olen); - ASSERT_COMPARE(output, olen, result->x, result->len); + TEST_BUFFERS_EQUAL(output, olen, result->x, result->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0)); exit: @@ -285,7 +285,7 @@ void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key, result); if (result == 0) { - ASSERT_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len); + TEST_BUFFERS_EQUAL(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len); /* Prepare data_t structures for multipart testing */ const data_t encrypted = { .x = msg->x, @@ -372,8 +372,8 @@ void mbedtls_ccm_star_encrypt_and_tag(int cipher_id, add->x, add->len, io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), output_ret); - ASSERT_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len); - ASSERT_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); + TEST_BUFFERS_EQUAL(io_msg_buf, msg->len, expected_result->x, msg->len); + TEST_BUFFERS_EQUAL(tag_buf, expected_tag_len, expected_tag, expected_tag_len); if (output_ret == 0) { const data_t iv_data = { .x = iv, @@ -450,7 +450,7 @@ void mbedtls_ccm_star_auth_decrypt(int cipher_id, add->x, add->len, io_msg_buf, io_msg_buf, expected_tag, expected_tag_len), output_ret); - ASSERT_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len); + TEST_BUFFERS_EQUAL(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len); if (output_ret == 0) { const data_t iv_data = { .x = iv, @@ -504,13 +504,13 @@ void mbedtls_ccm_skip_ad(int cipher_id, int mode, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen)); TEST_EQUAL(result->len, olen); - ASSERT_COMPARE(output, olen, result->x, result->len); + TEST_BUFFERS_EQUAL(output, olen, result->x, result->len); mbedtls_free(output); output = NULL; ASSERT_ALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); - ASSERT_COMPARE(output, tag->len, tag->x, tag->len); + TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); mbedtls_free(output); output = NULL; @@ -538,7 +538,7 @@ void mbedtls_ccm_skip_update(int cipher_id, int mode, ASSERT_ALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); - ASSERT_COMPARE(output, tag->len, tag->x, tag->len); + TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); mbedtls_free(output); output = NULL; diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index 1a7e6768e..1838cdc7d 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -29,7 +29,7 @@ void chacha20_crypt(data_t *key_str, TEST_ASSERT(mbedtls_chacha20_crypt(key_str->x, nonce_str->x, counter, src_str->len, src_str->x, output) == 0); - ASSERT_COMPARE(output, expected_output_str->len, + TEST_BUFFERS_EQUAL(output, expected_output_str->len, expected_output_str->x, expected_output_str->len); /* @@ -44,7 +44,7 @@ void chacha20_crypt(data_t *key_str, memset(output, 0x00, sizeof(output)); TEST_ASSERT(mbedtls_chacha20_update(&ctx, src_str->len, src_str->x, output) == 0); - ASSERT_COMPARE(output, expected_output_str->len, + TEST_BUFFERS_EQUAL(output, expected_output_str->len, expected_output_str->x, expected_output_str->len); /* @@ -60,7 +60,7 @@ void chacha20_crypt(data_t *key_str, TEST_ASSERT(mbedtls_chacha20_update(&ctx, src_str->len - 1, src_str->x + 1, output + 1) == 0); - ASSERT_COMPARE(output, expected_output_str->len, + TEST_BUFFERS_EQUAL(output, expected_output_str->len, expected_output_str->x, expected_output_str->len); mbedtls_chacha20_free(&ctx); diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index aa2849bc8..b9675fbed 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -950,7 +950,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len)); } else { TEST_ASSERT(ret == 0); - ASSERT_COMPARE(decrypt_buf, outlen, clear->x, clear->len); + TEST_BUFFERS_EQUAL(decrypt_buf, outlen, clear->x, clear->len); } mbedtls_free(decrypt_buf); diff --git a/tests/suites/test_suite_common.function b/tests/suites/test_suite_common.function index dd0b2d540..5fd64066d 100644 --- a/tests/suites/test_suite_common.function +++ b/tests/suites/test_suite_common.function @@ -28,7 +28,7 @@ void mbedtls_xor(int len) r1[i] = a[i] ^ b[i]; } mbedtls_xor(r2, a, b, n); - ASSERT_COMPARE(r1, n, r2, n); + TEST_BUFFERS_EQUAL(r1, n, r2, n); /* Test r == a */ fill_arrays(a, b, r1, r2, n); @@ -36,7 +36,7 @@ void mbedtls_xor(int len) r1[i] = r1[i] ^ b[i]; } mbedtls_xor(r2, r2, b, n); - ASSERT_COMPARE(r1, n, r2, n); + TEST_BUFFERS_EQUAL(r1, n, r2, n); /* Test r == b */ fill_arrays(a, b, r1, r2, n); @@ -44,7 +44,7 @@ void mbedtls_xor(int len) r1[i] = a[i] ^ r1[i]; } mbedtls_xor(r2, a, r2, n); - ASSERT_COMPARE(r1, n, r2, n); + TEST_BUFFERS_EQUAL(r1, n, r2, n); /* Test a == b */ fill_arrays(a, b, r1, r2, n); @@ -52,7 +52,7 @@ void mbedtls_xor(int len) r1[i] = a[i] ^ a[i]; } mbedtls_xor(r2, a, a, n); - ASSERT_COMPARE(r1, n, r2, n); + TEST_BUFFERS_EQUAL(r1, n, r2, n); /* Test a == b == r */ fill_arrays(a, b, r1, r2, n); @@ -60,7 +60,7 @@ void mbedtls_xor(int len) r1[i] = r1[i] ^ r1[i]; } mbedtls_xor(r2, r2, r2, n); - ASSERT_COMPARE(r1, n, r2, n); + TEST_BUFFERS_EQUAL(r1, n, r2, n); /* Test non-word-aligned buffers, for all combinations of alignedness */ for (int i = 0; i < 7; i++) { @@ -71,7 +71,7 @@ void mbedtls_xor(int len) r1[j + r_off] = a[j + a_off] ^ b[j + b_off]; } mbedtls_xor(r2 + r_off, a + a_off, b + b_off, n); - ASSERT_COMPARE(r1 + r_off, n, r2 + r_off, n); + TEST_BUFFERS_EQUAL(r1 + r_off, n, r2 + r_off, n); } exit: mbedtls_free(a); diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index a2bf3967f..9802d9976 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -91,7 +91,7 @@ void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset) TEST_CF_PUBLIC(&one, sizeof(one)); TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq)); - ASSERT_COMPARE(expected, size, result + offset, size); + TEST_BUFFERS_EQUAL(expected, size, result + offset, size); for (int i = 0; i < size + offset; i++) { src[i] = 1; @@ -109,7 +109,7 @@ void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset) TEST_CF_PUBLIC(&one, sizeof(one)); TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq)); - ASSERT_COMPARE(expected, size, result, size); + TEST_BUFFERS_EQUAL(expected, size, result, size); exit: mbedtls_free(src); mbedtls_free(result); @@ -140,7 +140,7 @@ void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len) TEST_CF_PUBLIC(&secret, sizeof(secret)); TEST_CF_PUBLIC(dst, len); - ASSERT_COMPARE(dst, len, src + secret, len); + TEST_BUFFERS_EQUAL(dst, len, src + secret, len); } exit: diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 9ee372b5f..8e8839f9b 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -133,7 +133,7 @@ void ssl_cf_hmac(int hash) TEST_EQUAL(0, mbedtls_md_hmac_reset(&ref_ctx)); /* Compare */ - ASSERT_COMPARE(out, out_len, ref_out, out_len); + TEST_BUFFERS_EQUAL(out, out_len, ref_out, out_len); #endif /* MBEDTLS_USE_PSA_CRYPTO */ } diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 1b8a84c9f..100572f85 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -538,7 +538,7 @@ void ecp_muladd(int id, &len, actual_result, sizeof(actual_result))); TEST_ASSERT(len <= MBEDTLS_ECP_MAX_PT_LEN); - ASSERT_COMPARE(expected_result->x, expected_result->len, + TEST_BUFFERS_EQUAL(expected_result->x, expected_result->len, actual_result, len); exit: @@ -1061,7 +1061,7 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica ret = mbedtls_ecp_write_key(&key, buf, in_key->len); TEST_ASSERT(ret == 0); - ASSERT_COMPARE(in_key->x, in_key->len, + TEST_BUFFERS_EQUAL(in_key->x, in_key->len, buf, in_key->len); } else { unsigned char export1[MBEDTLS_ECP_MAX_BYTES]; @@ -1076,7 +1076,7 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica ret = mbedtls_ecp_write_key(&key2, export2, in_key->len); TEST_ASSERT(ret == 0); - ASSERT_COMPARE(export1, in_key->len, + TEST_BUFFERS_EQUAL(export1, in_key->len, export2, in_key->len); } } @@ -1123,7 +1123,7 @@ void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected) * (can be enforced by checking these bits). * - Other bits must be random (by testing with different RNG outputs, * we validate that those bits are indeed influenced by the RNG). */ - ASSERT_COMPARE(expected->x, expected->len, + TEST_BUFFERS_EQUAL(expected->x, expected->len, actual, expected->len); } @@ -1379,7 +1379,7 @@ void ecp_mod_p_generic_raw(int curve_id, TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); - ASSERT_COMPARE(X, bytes, res, bytes); + TEST_BUFFERS_EQUAL(X, bytes, res, bytes); exit: mbedtls_free(X); @@ -1420,7 +1420,7 @@ void ecp_mod_setup(char *input_A, int id, int ctype, int iret) } /* Compare output byte-by-byte */ - ASSERT_COMPARE(p, bytes, m.p, bytes); + TEST_BUFFERS_EQUAL(p, bytes, m.p, bytes); /* Test for user free-ing allocated memory */ mbedtls_mpi_mod_modulus_free(&m); @@ -1472,10 +1472,10 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype) limbs * ciL, MBEDTLS_MPI_MOD_EXT_REP_LE), 0); - ASSERT_COMPARE(bufx, ciL, one, ciL); + TEST_BUFFERS_EQUAL(bufx, ciL, one, ciL); /*Borrow the buffer of A to compare the left lims with 0 */ memset(A, 0, limbs * ciL); - ASSERT_COMPARE(&bufx[1], (limbs - 1) * ciL, A, (limbs - 1) * ciL); + TEST_BUFFERS_EQUAL(&bufx[1], (limbs - 1) * ciL, A, (limbs - 1) * ciL); exit: mbedtls_mpi_mod_modulus_free(&m); @@ -1527,7 +1527,7 @@ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype) TEST_EQUAL(0, mbedtls_mpi_mod_sub(&rS, &rS, &rB, &m)); /* Compare difference with rA byte-by-byte */ - ASSERT_COMPARE(rA.p, bytes, rS.p, bytes); + TEST_BUFFERS_EQUAL(rA.p, bytes, rS.p, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); @@ -1577,7 +1577,7 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); TEST_EQUAL(limbs, rX.limbs); - ASSERT_COMPARE(rA.p, bytes, rX.p, bytes); + TEST_BUFFERS_EQUAL(rA.p, bytes, rX.p, bytes); memset(bufx, 0x00, bytes); memset(rX_raw, 0x00, bytes); @@ -1591,7 +1591,7 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) MBEDTLS_MPI_MOD_EXT_REP_BE)); TEST_EQUAL(limbs, rX.limbs); - ASSERT_COMPARE(rA.p, bytes, rX.p, bytes); + TEST_BUFFERS_EQUAL(rA.p, bytes, rX.p, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index fd68abf4f..532743187 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -37,7 +37,7 @@ static int check_multipart(mbedtls_gcm_context *ctx, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, n1, output, n1, &olen)); TEST_EQUAL(n1, olen); - ASSERT_COMPARE(output, olen, expected_output->x, n1); + TEST_BUFFERS_EQUAL(output, olen, expected_output->x, n1); mbedtls_free(output); output = NULL; @@ -45,14 +45,14 @@ static int check_multipart(mbedtls_gcm_context *ctx, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x + n1, n2, output, n2, &olen)); TEST_EQUAL(n2, olen); - ASSERT_COMPARE(output, olen, expected_output->x + n1, n2); + TEST_BUFFERS_EQUAL(output, olen, expected_output->x + n1, n2); mbedtls_free(output); output = NULL; ASSERT_ALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); - ASSERT_COMPARE(output, tag->len, tag->x, tag->len); + TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); mbedtls_free(output); output = NULL; @@ -91,14 +91,14 @@ static void check_cipher_with_empty_ad(mbedtls_gcm_context *ctx, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, input->len, output, input->len, &olen)); TEST_EQUAL(input->len, olen); - ASSERT_COMPARE(output, olen, expected_output->x, input->len); + TEST_BUFFERS_EQUAL(output, olen, expected_output->x, input->len); mbedtls_free(output); output = NULL; ASSERT_ALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); - ASSERT_COMPARE(output, tag->len, tag->x, tag->len); + TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); exit: mbedtls_free(output); @@ -128,7 +128,7 @@ static void check_empty_cipher_with_ad(mbedtls_gcm_context *ctx, TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output_tag, tag->len)); TEST_EQUAL(0, olen); - ASSERT_COMPARE(output_tag, tag->len, tag->x, tag->len); + TEST_BUFFERS_EQUAL(output_tag, tag->len, tag->x, tag->len); exit: mbedtls_free(output_tag); @@ -147,7 +147,7 @@ static void check_no_cipher_no_ad(mbedtls_gcm_context *ctx, ASSERT_ALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); - ASSERT_COMPARE(output, tag->len, tag->x, tag->len); + TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); exit: mbedtls_free(output); @@ -212,8 +212,8 @@ void gcm_encrypt_and_tag(int cipher_id, data_t *key_str, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output) == 0); - ASSERT_COMPARE(output, src_str->len, dst->x, dst->len); - ASSERT_COMPARE(tag_output, tag_len, tag->x, tag->len); + TEST_BUFFERS_EQUAL(output, src_str->len, dst->x, dst->len); + TEST_BUFFERS_EQUAL(tag_output, tag_len, tag->x, tag->len); for (n1 = 0; n1 <= src_str->len; n1 += 1) { for (n1_add = 0; n1_add <= add_str->len; n1_add += 1) { @@ -269,7 +269,7 @@ void gcm_decrypt_and_verify(int cipher_id, data_t *key_str, TEST_ASSERT(ret == MBEDTLS_ERR_GCM_AUTH_FAILED); } else { TEST_ASSERT(ret == 0); - ASSERT_COMPARE(output, src_str->len, pt_result->x, pt_result->len); + TEST_BUFFERS_EQUAL(output, src_str->len, pt_result->x, pt_result->len); for (n1 = 0; n1 <= src_str->len; n1 += 1) { for (n1_add = 0; n1_add <= add_str->len; n1_add += 1) { diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index ce8edcf91..dda0c0255 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -26,7 +26,7 @@ void test_hkdf(int md_alg, data_t *ikm, data_t *salt, data_t *info, info->x, info->len, okm, expected_okm->len); TEST_ASSERT(ret == 0); - ASSERT_COMPARE(okm, expected_okm->len, + TEST_BUFFERS_EQUAL(okm, expected_okm->len, expected_okm->x, expected_okm->len); exit: @@ -56,7 +56,7 @@ void test_hkdf_extract(int md_alg, ikm->x, ikm->len, output_prk); TEST_ASSERT(ret == 0); - ASSERT_COMPARE(output_prk, output_prk_len, prk->x, prk->len); + TEST_BUFFERS_EQUAL(output_prk, output_prk_len, prk->x, prk->len); exit: mbedtls_free(output_prk); @@ -88,7 +88,7 @@ void test_hkdf_expand(int md_alg, info->x, info->len, output_okm, OKM_LEN); TEST_ASSERT(ret == 0); - ASSERT_COMPARE(output_okm, okm->len, okm->x, okm->len); + TEST_BUFFERS_EQUAL(output_okm, okm->len, okm->x, okm->len); exit: mbedtls_free(output_okm); diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function index 8f06ee5a4..c4abdcbe4 100644 --- a/tests/suites/test_suite_lmots.function +++ b/tests/suites/test_suite_lmots.function @@ -162,7 +162,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) TEST_EQUAL(exported_pub_key_size, MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)); - ASSERT_COMPARE(pub_key->x, pub_key->len, + TEST_BUFFERS_EQUAL(pub_key->x, pub_key->len, exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; @@ -183,7 +183,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) exported_pub_key_buf_size, &exported_pub_key_size), 0); - ASSERT_COMPARE(pub_key->x, pub_key->len, + TEST_BUFFERS_EQUAL(pub_key->x, pub_key->len, exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function index bfc3e062b..b975c2672 100644 --- a/tests/suites/test_suite_lms.function +++ b/tests/suites/test_suite_lms.function @@ -164,7 +164,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) TEST_EQUAL(exported_pub_key_size, MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10)); - ASSERT_COMPARE(pub_key->x, pub_key->len, + TEST_BUFFERS_EQUAL(pub_key->x, pub_key->len, exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; @@ -185,7 +185,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) exported_pub_key_buf_size, &exported_pub_key_size), 0); - ASSERT_COMPARE(pub_key->x, pub_key->len, + TEST_BUFFERS_EQUAL(pub_key->x, pub_key->len, exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index e3f0e15db..63d5d0ae8 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -185,7 +185,7 @@ void md_text(int md_type, char *text_src_string, data_t *hash) TEST_EQUAL(0, mbedtls_md(md_info, src, src_len, output)); - ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); exit: MD_PSA_DONE(); @@ -206,7 +206,7 @@ void md_hex(int md_type, data_t *src_str, data_t *hash) TEST_EQUAL(0, mbedtls_md(md_info, src_str->x, src_str->len, output)); - ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); exit: MD_PSA_DONE(); @@ -248,14 +248,14 @@ void md_text_multi(int md_type, char *text_src_string, TEST_EQUAL(0, mbedtls_md_update(&ctx, src + halfway, src_len - halfway)); TEST_EQUAL(0, mbedtls_md_finish(&ctx, output)); - ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); /* Test clone */ memset(output, 0x00, sizeof(output)); TEST_EQUAL(0, mbedtls_md_update(&ctx_copy, src + halfway, src_len - halfway)); TEST_EQUAL(0, mbedtls_md_finish(&ctx_copy, output)); - ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); exit: mbedtls_md_free(&ctx); @@ -295,14 +295,14 @@ void md_hex_multi(int md_type, data_t *src_str, data_t *hash) TEST_EQUAL(0, mbedtls_md_update(&ctx, src_str->x + halfway, src_str->len - halfway)); TEST_EQUAL(0, mbedtls_md_finish(&ctx, output)); - ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); /* Test clone */ memset(output, 0x00, sizeof(output)); TEST_EQUAL(0, mbedtls_md_update(&ctx_copy, src_str->x + halfway, src_str->len - halfway)); TEST_EQUAL(0, mbedtls_md_finish(&ctx_copy, output)); - ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); exit: mbedtls_md_free(&ctx); @@ -328,7 +328,7 @@ void mbedtls_md_hmac(int md_type, int trunc_size, TEST_EQUAL(0, mbedtls_md_hmac(md_info, key_str->x, key_str->len, src_str->x, src_str->len, output)); - ASSERT_COMPARE(output, trunc_size, hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, trunc_size, hash->x, hash->len); exit: MD_PSA_DONE(); @@ -363,7 +363,7 @@ void md_hmac_multi(int md_type, int trunc_size, data_t *key_str, TEST_EQUAL(0, mbedtls_md_hmac_update(&ctx, src_str->x + halfway, src_str->len - halfway)); TEST_EQUAL(0, mbedtls_md_hmac_finish(&ctx, output)); - ASSERT_COMPARE(output, trunc_size, hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, trunc_size, hash->x, hash->len); /* Test again, for reset() */ memset(output, 0x00, sizeof(output)); @@ -373,7 +373,7 @@ void md_hmac_multi(int md_type, int trunc_size, data_t *key_str, TEST_EQUAL(0, mbedtls_md_hmac_update(&ctx, src_str->x + halfway, src_str->len - halfway)); TEST_EQUAL(0, mbedtls_md_hmac_finish(&ctx, output)); - ASSERT_COMPARE(output, trunc_size, hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, trunc_size, hash->x, hash->len); exit: mbedtls_md_free(&ctx); @@ -395,7 +395,7 @@ void mbedtls_md_file(int md_type, char *filename, TEST_EQUAL(0, mbedtls_md_file(md_info, filename, output)); - ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); exit: MD_PSA_DONE(); diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function index 6d9a8a81a..9dfb83b40 100644 --- a/tests/suites/test_suite_mps.function +++ b/tests/suites/test_suite_mps.function @@ -60,7 +60,7 @@ void mbedtls_mps_reader_no_pausing_single_step_single_round(int with_acc) /* Consumption (upper layer) */ /* Consume exactly what's available */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 100, bufA, 100); + TEST_BUFFERS_EQUAL(tmp, 100, bufA, 100); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup (lower layer) */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0); @@ -108,14 +108,14 @@ void mbedtls_mps_reader_no_pausing_single_step_multiple_rounds(int with_acc) /* Consumption (upper layer) */ /* Consume exactly what's available */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 100, bufA, 100); + TEST_BUFFERS_EQUAL(tmp, 100, bufA, 100); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Preparation */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); /* Consumption */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 100, bufB, 100); + TEST_BUFFERS_EQUAL(tmp, 100, bufB, 100); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup (lower layer) */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); @@ -162,11 +162,11 @@ void mbedtls_mps_reader_no_pausing_multiple_steps_single_round(int with_acc) TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, buf, 10); + TEST_BUFFERS_EQUAL(tmp, 10, buf, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 70, buf + 10, 70); + TEST_BUFFERS_EQUAL(tmp, 70, buf + 10, 70); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0); - ASSERT_COMPARE(tmp, tmp_len, buf + 80, 20); + TEST_BUFFERS_EQUAL(tmp, tmp_len, buf + 80, 20); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup (lower layer) */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); @@ -202,18 +202,18 @@ void mbedtls_mps_reader_no_pausing_multiple_steps_multiple_rounds(int with_acc) TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 70, bufA + 10, 70); + TEST_BUFFERS_EQUAL(tmp, 70, bufA + 10, 70); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0); - ASSERT_COMPARE(tmp, tmp_len, bufA + 80, 20); + TEST_BUFFERS_EQUAL(tmp, tmp_len, bufA + 80, 20); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Preparation */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); /* Consumption */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 100, bufB, 100); + TEST_BUFFERS_EQUAL(tmp, 100, bufB, 100); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); @@ -243,7 +243,7 @@ void mbedtls_mps_reader_pausing_needed_disabled() TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 50, buf, 50); + TEST_BUFFERS_EQUAL(tmp, 50, buf, 50); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -284,10 +284,10 @@ void mbedtls_mps_reader_pausing_needed_buffer_too_small() TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 50, buf, 50); + TEST_BUFFERS_EQUAL(tmp, 50, buf, 50); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, buf + 50, 10); + TEST_BUFFERS_EQUAL(tmp, 10, buf + 50, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); /* Wrapup (lower layer) */ @@ -295,7 +295,7 @@ void mbedtls_mps_reader_pausing_needed_buffer_too_small() MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, &tmp_len) == 0); - ASSERT_COMPARE(tmp, tmp_len, buf + 50, 50); + TEST_BUFFERS_EQUAL(tmp, tmp_len, buf + 50, 50); mbedtls_mps_reader_free(&rd); } @@ -325,7 +325,7 @@ void mbedtls_mps_reader_reclaim_overflow() TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 50, buf, 50); + TEST_BUFFERS_EQUAL(tmp, 50, buf, 50); /* Excess request */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, (mbedtls_mps_size_t) -1, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -376,10 +376,10 @@ void mbedtls_mps_reader_pausing(int option) /* Consumption (upper layer) */ /* Ask for more than what's available. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 80, bufA, 80); + TEST_BUFFERS_EQUAL(tmp, 80, bufA, 80); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 80, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); switch (option) { case 0: /* Single uncommitted fetch at pausing */ case 1: @@ -400,50 +400,50 @@ void mbedtls_mps_reader_pausing(int option) switch (option) { case 0: /* Single fetch at pausing, re-fetch with commit. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 90, 10); - ASSERT_COMPARE(tmp + 10, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); + TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); break; case 1: /* Single fetch at pausing, re-fetch without commit. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 90, 10); - ASSERT_COMPARE(tmp + 10, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); + TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); break; case 2: /* Multiple fetches at pausing, repeat without commit. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 80, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 90, 10); - ASSERT_COMPARE(tmp + 10, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); + TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); break; case 3: /* Multiple fetches at pausing, repeat with commit 1. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 80, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 90, 10); - ASSERT_COMPARE(tmp + 10, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); + TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); break; case 4: /* Multiple fetches at pausing, repeat with commit 2. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 80, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 90, 10); - ASSERT_COMPARE(tmp + 10, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); + TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); break; case 5: /* Multiple fetches at pausing, repeat with commit 3. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 80, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 90, 10); - ASSERT_COMPARE(tmp + 10, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); + TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); break; @@ -453,7 +453,7 @@ void mbedtls_mps_reader_pausing(int option) /* In all cases, fetch the rest of the second buffer. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 90, bufB + 10, 90); + TEST_BUFFERS_EQUAL(tmp, 90, bufB + 10, 90); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup */ @@ -498,7 +498,7 @@ void mbedtls_mps_reader_pausing_multiple_feeds(int option) /* Consumption (upper layer) */ /* Ask for more than what's available. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 80, bufA, 80); + TEST_BUFFERS_EQUAL(tmp, 80, bufA, 80); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* 20 left, ask for 70 -> 50 overhead */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == @@ -538,8 +538,8 @@ void mbedtls_mps_reader_pausing_multiple_feeds(int option) /* Consumption */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 20, bufA + 80, 20); - ASSERT_COMPARE(tmp + 20, 50, bufB, 50); + TEST_BUFFERS_EQUAL(tmp, 20, bufA + 80, 20); + TEST_BUFFERS_EQUAL(tmp + 20, 50, bufB, 50); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 1000, &tmp, &fetch_len) == 0); switch (option) { case 0: @@ -591,14 +591,14 @@ void mbedtls_mps_reader_reclaim_data_left(int option) /* Fetch (but not commit) the entire buffer. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf), &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 100, buf, 100); + TEST_BUFFERS_EQUAL(tmp, 100, buf, 100); break; case 1: /* Fetch (but not commit) parts of the buffer. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); + TEST_BUFFERS_EQUAL(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); break; case 2: @@ -606,11 +606,11 @@ void mbedtls_mps_reader_reclaim_data_left(int option) * fetch but not commit the rest of the buffer. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); + TEST_BUFFERS_EQUAL(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, sizeof(buf) / 2, + TEST_BUFFERS_EQUAL(tmp, sizeof(buf) / 2, buf + sizeof(buf) / 2, sizeof(buf) / 2); break; @@ -646,16 +646,16 @@ void mbedtls_mps_reader_reclaim_data_left_retry() TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 50, buf, 50); + TEST_BUFFERS_EQUAL(tmp, 50, buf, 50); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 50, buf + 50, 50); + TEST_BUFFERS_EQUAL(tmp, 50, buf + 50, 50); /* Preparation */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == MBEDTLS_ERR_MPS_READER_DATA_LEFT); /* Consumption */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 50, buf + 50, 50); + TEST_BUFFERS_EQUAL(tmp, 50, buf + 50, 50); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); @@ -699,10 +699,10 @@ void mbedtls_mps_reader_multiple_pausing(int option) /* Consumption (upper layer) */ /* Ask for more than what's available. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 80, bufA, 80); + TEST_BUFFERS_EQUAL(tmp, 80, bufA, 80); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 80, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -717,10 +717,10 @@ void mbedtls_mps_reader_multiple_pausing(int option) /* Consume */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, &tmp_len) == 0); - ASSERT_COMPARE(tmp, tmp_len, bufA + 80, 10); + TEST_BUFFERS_EQUAL(tmp, tmp_len, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 90, 10); - ASSERT_COMPARE(tmp + 10, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); + TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -731,18 +731,18 @@ void mbedtls_mps_reader_multiple_pausing(int option) /* Consume */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufB + 10, 10); - ASSERT_COMPARE(tmp + 10, 10, bufC, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufB + 10, 10); + TEST_BUFFERS_EQUAL(tmp + 10, 10, bufC, 10); break; case 1: /* Fetch same chunks, commit afterwards, and * then exceed bounds of new buffer; accumulator * not large enough. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 80, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 90, 10); - ASSERT_COMPARE(tmp + 10, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); + TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 51, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -756,10 +756,10 @@ void mbedtls_mps_reader_multiple_pausing(int option) * then exceed bounds of new buffer; accumulator * large enough. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 80, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 90, 10); - ASSERT_COMPARE(tmp + 10, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); + TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -769,19 +769,19 @@ void mbedtls_mps_reader_multiple_pausing(int option) /* Consume */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 20, bufA + 80, 20); - ASSERT_COMPARE(tmp + 20, 20, bufB, 20); - ASSERT_COMPARE(tmp + 40, 10, bufC, 10); + TEST_BUFFERS_EQUAL(tmp, 20, bufA + 80, 20); + TEST_BUFFERS_EQUAL(tmp + 20, 20, bufB, 20); + TEST_BUFFERS_EQUAL(tmp + 40, 10, bufC, 10); break; case 3: /* Fetch same chunks, don't commit afterwards, and * then exceed bounds of new buffer; accumulator * not large enough. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 80, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 10, bufA + 90, 10); - ASSERT_COMPARE(tmp + 10, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); + TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 21, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -1005,16 +1005,16 @@ void mbedtls_reader_inconsistent_usage(int option) case 0: /* Ask for buffered data in a single chunk, no commit */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 20, bufA + 80, 20); - ASSERT_COMPARE(tmp + 20, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 20, bufA + 80, 20); + TEST_BUFFERS_EQUAL(tmp + 20, 10, bufB, 10); success = 1; break; case 1: /* Ask for buffered data in a single chunk, with commit */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 20, bufA + 80, 20); - ASSERT_COMPARE(tmp + 20, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 20, bufA + 80, 20); + TEST_BUFFERS_EQUAL(tmp + 20, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); success = 1; break; @@ -1035,7 +1035,7 @@ void mbedtls_reader_inconsistent_usage(int option) /* Asking for buffered data in different * chunks than before CAN fail. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 15, bufA + 80, 15); + TEST_BUFFERS_EQUAL(tmp, 15, bufA + 80, 15); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS); break; @@ -1044,10 +1044,10 @@ void mbedtls_reader_inconsistent_usage(int option) /* Asking for buffered data different chunks * than before NEED NOT fail - no commits */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 15, bufA + 80, 15); + TEST_BUFFERS_EQUAL(tmp, 15, bufA + 80, 15); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 5, bufA + 95, 5); - ASSERT_COMPARE(tmp + 5, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 5, bufA + 95, 5); + TEST_BUFFERS_EQUAL(tmp + 5, 10, bufB, 10); success = 1; break; @@ -1055,11 +1055,11 @@ void mbedtls_reader_inconsistent_usage(int option) /* Asking for buffered data different chunks * than before NEED NOT fail - intermediate commit */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 15, bufA + 80, 15); + TEST_BUFFERS_EQUAL(tmp, 15, bufA + 80, 15); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 5, bufA + 95, 5); - ASSERT_COMPARE(tmp + 5, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 5, bufA + 95, 5); + TEST_BUFFERS_EQUAL(tmp + 5, 10, bufB, 10); success = 1; break; @@ -1067,10 +1067,10 @@ void mbedtls_reader_inconsistent_usage(int option) /* Asking for buffered data different chunks * than before NEED NOT fail - end commit */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 15, bufA + 80, 15); + TEST_BUFFERS_EQUAL(tmp, 15, bufA + 80, 15); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 5, bufA + 95, 5); - ASSERT_COMPARE(tmp + 5, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 5, bufA + 95, 5); + TEST_BUFFERS_EQUAL(tmp + 5, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); success = 1; break; @@ -1079,11 +1079,11 @@ void mbedtls_reader_inconsistent_usage(int option) /* Asking for buffered data different chunks * than before NEED NOT fail - intermediate & end commit */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 15, bufA + 80, 15); + TEST_BUFFERS_EQUAL(tmp, 15, bufA + 80, 15); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - ASSERT_COMPARE(tmp, 5, bufA + 95, 5); - ASSERT_COMPARE(tmp + 5, 10, bufB, 10); + TEST_BUFFERS_EQUAL(tmp, 5, bufA + 95, 5); + TEST_BUFFERS_EQUAL(tmp + 5, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); success = 1; break; @@ -1096,7 +1096,7 @@ void mbedtls_reader_inconsistent_usage(int option) if (success == 1) { /* In all succeeding cases, fetch the rest of the second buffer. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 90, bufB + 10, 90); + TEST_BUFFERS_EQUAL(tmp, 90, bufB + 10, 90); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup */ @@ -1131,7 +1131,7 @@ void mbedtls_mps_reader_feed_empty() /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - ASSERT_COMPARE(tmp, 100, buf, 100); + TEST_BUFFERS_EQUAL(tmp, 100, buf, 100); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup */ diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function index 3ac1a778a..98259eb37 100644 --- a/tests/suites/test_suite_pkcs12.function +++ b/tests/suites/test_suite_pkcs12.function @@ -59,7 +59,7 @@ void pkcs12_derive_key(int md_type, int key_size_arg, TEST_EQUAL(ret, expected_status); if (expected_status == 0) { - ASSERT_COMPARE(expected_output->x, expected_output->len, + TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, output_data, key_size); } diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index c803f9769..987518058 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -48,7 +48,7 @@ void pkcs1_rsaes_oaep_encrypt(int mod, data_t *input_N, data_t *input_E, message_str->x, output) == result); if (result == 0) { - ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len); + TEST_BUFFERS_EQUAL(output, ctx.len, result_str->x, result_str->len); } exit: @@ -110,7 +110,7 @@ void pkcs1_rsaes_oaep_decrypt(int mod, data_t *input_P, data_t *input_Q, output, sizeof(output)) == result); if (result == 0) { - ASSERT_COMPARE(output, output_len, result_str->x, result_str->len); + TEST_BUFFERS_EQUAL(output, output_len, result_str->x, result_str->len); } } @@ -167,7 +167,7 @@ void pkcs1_rsassa_pss_sign(int mod, data_t *input_P, data_t *input_Q, &ctx, &mbedtls_test_rnd_buffer_rand, &info, digest, hash_digest->len, hash_digest->x, output) == result); if (result == 0) { - ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len); + TEST_BUFFERS_EQUAL(output, ctx.len, result_str->x, result_str->len); } info.buf = rnd_buf->x; @@ -179,7 +179,7 @@ void pkcs1_rsassa_pss_sign(int mod, data_t *input_P, data_t *input_Q, digest, hash_digest->len, hash_digest->x, fixed_salt_length, output) == result); if (result == 0) { - ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len); + TEST_BUFFERS_EQUAL(output, ctx.len, result_str->x, result_str->len); } exit: diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index df139c60f..649695171 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -175,7 +175,7 @@ void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output) output_key_len = mbedtls_pk_write_key_der(&pk, output_key, output_key_len); TEST_ASSERT(output_key_len > 0); - ASSERT_COMPARE(exp_output->x, exp_output->len, output_key, output_key_len); + TEST_BUFFERS_EQUAL(exp_output->x, exp_output->len, output_key, output_key_len); exit: if (output_key != NULL) { diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 4820fbd43..13a2727cd 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -113,7 +113,7 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key, is_der), 0); - ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len); + TEST_BUFFERS_EQUAL(start_buf, buf_len, check_buf, check_buf_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Verify that pk_write works also for opaque private keys */ @@ -128,7 +128,7 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key, is_der), 0); - ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len); + TEST_BUFFERS_EQUAL(start_buf, buf_len, check_buf, check_buf_len); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -190,7 +190,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, derived_key_len), pub_key_len); - ASSERT_COMPARE(derived_key_raw, derived_key_len, + TEST_BUFFERS_EQUAL(derived_key_raw, derived_key_len, pub_key_raw, pub_key_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -203,7 +203,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, derived_key_len), pub_key_len); - ASSERT_COMPARE(derived_key_raw, derived_key_len, + TEST_BUFFERS_EQUAL(derived_key_raw, derived_key_len, pub_key_raw, pub_key_len); #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/tests/suites/test_suite_platform_printf.function b/tests/suites/test_suite_platform_printf.function index 3c816fe33..e687eb1b7 100644 --- a/tests/suites/test_suite_platform_printf.function +++ b/tests/suites/test_suite_platform_printf.function @@ -34,7 +34,7 @@ void printf_int(char *format, /* any format expecting one int argument, e.g. "%d /* Nominal case: buffer just large enough */ ASSERT_ALLOC(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, x)); - ASSERT_COMPARE(result, n + 1, output, n + 1); + TEST_BUFFERS_EQUAL(result, n + 1, output, n + 1); mbedtls_free(output); output = NULL; @@ -59,7 +59,7 @@ void printf_long_max(const char *format, /* "%lx" or longer type */ ASSERT_ALLOC(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, value)); - ASSERT_COMPARE(expected, n + 1, output, n + 1); + TEST_BUFFERS_EQUAL(expected, n + 1, output, n + 1); mbedtls_free(output); output = NULL; @@ -79,7 +79,7 @@ void printf_char2(char *format, /* "%c%c" */ /* Nominal case: buffer just large enough */ ASSERT_ALLOC(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, arg1, arg2)); - ASSERT_COMPARE(result, n + 1, output, n + 1); + TEST_BUFFERS_EQUAL(result, n + 1, output, n + 1); mbedtls_free(output); output = NULL; diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index fffa89f6f..f74c5445b 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -22,7 +22,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) TEST_ASSERT(mbedtls_poly1305_mac(key->x, src_str->x, src_str->len, mac) == 0); - ASSERT_COMPARE(mac, expected_mac->len, + TEST_BUFFERS_EQUAL(mac, expected_mac->len, expected_mac->x, expected_mac->len); /* @@ -36,7 +36,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0); - ASSERT_COMPARE(mac, expected_mac->len, + TEST_BUFFERS_EQUAL(mac, expected_mac->len, expected_mac->x, expected_mac->len); /* @@ -53,7 +53,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0); - ASSERT_COMPARE(mac, expected_mac->len, + TEST_BUFFERS_EQUAL(mac, expected_mac->len, expected_mac->x, expected_mac->len); } @@ -69,7 +69,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0); - ASSERT_COMPARE(mac, expected_mac->len, + TEST_BUFFERS_EQUAL(mac, expected_mac->len, expected_mac->x, expected_mac->len); } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index a4c8138f4..3d401b1eb 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -583,7 +583,7 @@ static int aead_multipart_internal_func(int key_type_arg, data_t *key_data, } - ASSERT_COMPARE(expected_output->x, expected_output->len, + TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, output_data, output_length); @@ -692,7 +692,7 @@ static int mac_multipart_internal_func(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_mac_sign_finish(&operation, mac, PSA_MAC_MAX_SIZE, &mac_len)); - ASSERT_COMPARE(expected_output->x, expected_output->len, + TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, mac, mac_len); } @@ -1574,7 +1574,7 @@ void import_export(data_t *data, } if (canonical_input) { - ASSERT_COMPARE(data->x, data->len, exported, exported_length); + TEST_BUFFERS_EQUAL(data->x, data->len, exported, exported_length); } else { mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; PSA_ASSERT(psa_import_key(&attributes, exported, exported_length, @@ -1583,7 +1583,7 @@ void import_export(data_t *data, reexported, export_size, &reexported_length)); - ASSERT_COMPARE(exported, exported_length, + TEST_BUFFERS_EQUAL(exported, exported_length, reexported, reexported_length); PSA_ASSERT(psa_destroy_key(key2)); } @@ -1657,7 +1657,7 @@ void import_export_public_key(data_t *data, PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, bits)); TEST_LE_U(expected_public_key->len, PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); - ASSERT_COMPARE(expected_public_key->x, expected_public_key->len, + TEST_BUFFERS_EQUAL(expected_public_key->x, expected_public_key->len, exported, exported_length); } exit: @@ -2501,7 +2501,7 @@ void copy_success(int source_usage_arg, ASSERT_ALLOC(export_buffer, material->len); PSA_ASSERT(psa_export_key(target_key, export_buffer, material->len, &length)); - ASSERT_COMPARE(material->x, material->len, + TEST_BUFFERS_EQUAL(material->x, material->len, export_buffer, length); } @@ -2760,7 +2760,7 @@ void hash_compute_compare(int alg_arg, data_t *input, output, PSA_HASH_LENGTH(alg), &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); - ASSERT_COMPARE(output, output_length, + TEST_BUFFERS_EQUAL(output, output_length, expected_output->x, expected_output->len); /* Compute with tight buffer, multi-part */ @@ -2770,7 +2770,7 @@ void hash_compute_compare(int alg_arg, data_t *input, PSA_HASH_LENGTH(alg), &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); - ASSERT_COMPARE(output, output_length, + TEST_BUFFERS_EQUAL(output, output_length, expected_output->x, expected_output->len); /* Compute with larger buffer, one-shot */ @@ -2778,7 +2778,7 @@ void hash_compute_compare(int alg_arg, data_t *input, output, sizeof(output), &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); - ASSERT_COMPARE(output, output_length, + TEST_BUFFERS_EQUAL(output, output_length, expected_output->x, expected_output->len); /* Compute with larger buffer, multi-part */ @@ -2787,7 +2787,7 @@ void hash_compute_compare(int alg_arg, data_t *input, PSA_ASSERT(psa_hash_finish(&operation, output, sizeof(output), &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); - ASSERT_COMPARE(output, output_length, + TEST_BUFFERS_EQUAL(output, output_length, expected_output->x, expected_output->len); /* Compare with correct hash, one-shot */ @@ -3392,7 +3392,7 @@ void mac_sign(int key_type_arg, actual_mac, output_size, &mac_length), expected_status); if (expected_status == PSA_SUCCESS) { - ASSERT_COMPARE(expected_mac->x, expected_mac->len, + TEST_BUFFERS_EQUAL(expected_mac->x, expected_mac->len, actual_mac, mac_length); } @@ -3411,7 +3411,7 @@ void mac_sign(int key_type_arg, PSA_ASSERT(psa_mac_abort(&operation)); if (expected_status == PSA_SUCCESS) { - ASSERT_COMPARE(expected_mac->x, expected_mac->len, + TEST_BUFFERS_EQUAL(expected_mac->x, expected_mac->len, actual_mac, mac_length); } mbedtls_free(actual_mac); @@ -3962,7 +3962,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, output_buffer_size - output_length, &length)); output_length += length; - ASSERT_COMPARE(ciphertext->x, ciphertext->len, + TEST_BUFFERS_EQUAL(ciphertext->x, ciphertext->len, output, output_length); /* Multipart encryption */ @@ -3980,7 +3980,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, output_buffer_size - output_length, &length)); output_length += length; - ASSERT_COMPARE(plaintext->x, plaintext->len, + TEST_BUFFERS_EQUAL(plaintext->x, plaintext->len, output, output_length); /* One-shot encryption */ @@ -3988,7 +3988,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, PSA_ASSERT(psa_cipher_encrypt(key, alg, plaintext->x, plaintext->len, output, output_buffer_size, &output_length)); - ASSERT_COMPARE(ciphertext->x, ciphertext->len, + TEST_BUFFERS_EQUAL(ciphertext->x, ciphertext->len, output, output_length); /* One-shot decryption */ @@ -3996,7 +3996,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, PSA_ASSERT(psa_cipher_decrypt(key, alg, ciphertext->x, ciphertext->len, output, output_buffer_size, &output_length)); - ASSERT_COMPARE(plaintext->x, plaintext->len, + TEST_BUFFERS_EQUAL(plaintext->x, plaintext->len, output, output_length); exit: @@ -4116,7 +4116,7 @@ void cipher_encrypt_validation(int alg_arg, output2_length += function_output_length; PSA_ASSERT(psa_cipher_abort(&operation)); - ASSERT_COMPARE(output1 + iv_size, output1_length - iv_size, + TEST_BUFFERS_EQUAL(output1 + iv_size, output1_length - iv_size, output2, output2_length); exit: @@ -4215,7 +4215,7 @@ void cipher_encrypt_multipart(int alg_arg, int key_type_arg, if (expected_status == PSA_SUCCESS) { PSA_ASSERT(psa_cipher_abort(&operation)); - ASSERT_COMPARE(expected_output->x, expected_output->len, + TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, output, total_output_length); } @@ -4315,7 +4315,7 @@ void cipher_decrypt_multipart(int alg_arg, int key_type_arg, if (expected_status == PSA_SUCCESS) { PSA_ASSERT(psa_cipher_abort(&operation)); - ASSERT_COMPARE(expected_output->x, expected_output->len, + TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, output, total_output_length); } @@ -4472,7 +4472,7 @@ void cipher_decrypt(int alg_arg, TEST_LE_U(output_length, PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_buffer_size)); - ASSERT_COMPARE(expected_output->x, expected_output->len, + TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, output, output_length); exit: mbedtls_free(input); @@ -4529,7 +4529,7 @@ void cipher_verify_output(int alg_arg, TEST_LE_U(output2_length, PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(output1_length)); - ASSERT_COMPARE(input->x, input->len, output2, output2_length); + TEST_BUFFERS_EQUAL(input->x, input->len, output2, output2_length); exit: mbedtls_free(output1); @@ -4669,7 +4669,7 @@ void cipher_verify_output_multipart(int alg_arg, PSA_ASSERT(psa_cipher_abort(&operation2)); - ASSERT_COMPARE(input->x, input->len, output2, output2_length); + TEST_BUFFERS_EQUAL(input->x, input->len, output2, output2_length); exit: psa_cipher_abort(&operation1); @@ -4764,7 +4764,7 @@ void aead_encrypt_decrypt(int key_type_arg, data_t *key_data, &output_length2), expected_result); - ASSERT_COMPARE(input_data->x, input_data->len, + TEST_BUFFERS_EQUAL(input_data->x, input_data->len, output_data2, output_length2); } @@ -4831,7 +4831,7 @@ void aead_encrypt(int key_type_arg, data_t *key_data, } PSA_ASSERT(status); - ASSERT_COMPARE(expected_result->x, expected_result->len, + TEST_BUFFERS_EQUAL(expected_result->x, expected_result->len, output_data, output_length); exit: @@ -4904,7 +4904,7 @@ void aead_decrypt(int key_type_arg, data_t *key_data, TEST_EQUAL(status, expected_result); if (expected_result == PSA_SUCCESS) { - ASSERT_COMPARE(expected_data->x, expected_data->len, + TEST_BUFFERS_EQUAL(expected_data->x, expected_data->len, output_data, output_length); } @@ -6491,7 +6491,7 @@ void sign_hash_deterministic(int key_type_arg, data_t *key_data, signature, signature_size, &signature_length)); /* Verify that the signature is what is expected. */ - ASSERT_COMPARE(output_data->x, output_data->len, + TEST_BUFFERS_EQUAL(output_data->x, output_data->len, signature, signature_length); exit: @@ -6614,7 +6614,7 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, TEST_LE_U(num_completes, max_completes); /* Verify that the signature is what is expected. */ - ASSERT_COMPARE(output_data->x, output_data->len, + TEST_BUFFERS_EQUAL(output_data->x, output_data->len, signature, signature_length); PSA_ASSERT(psa_sign_hash_abort(&operation)); @@ -7912,7 +7912,7 @@ void sign_message_deterministic(int key_type_arg, signature, signature_size, &signature_length)); - ASSERT_COMPARE(output_data->x, output_data->len, + TEST_BUFFERS_EQUAL(output_data->x, output_data->len, signature, signature_length); exit: @@ -8250,7 +8250,7 @@ void asymmetric_encrypt_decrypt(int key_type_arg, label->x, label->len, output2, output2_size, &output2_length)); - ASSERT_COMPARE(input_data->x, input_data->len, + TEST_BUFFERS_EQUAL(input_data->x, input_data->len, output2, output2_length); exit: @@ -8307,7 +8307,7 @@ void asymmetric_decrypt(int key_type_arg, output, output_size, &output_length)); - ASSERT_COMPARE(expected_data->x, expected_data->len, + TEST_BUFFERS_EQUAL(expected_data->x, expected_data->len, output, output_length); /* If the label is empty, the test framework puts a non-null pointer @@ -8323,7 +8323,7 @@ void asymmetric_decrypt(int key_type_arg, output, output_size, &output_length)); - ASSERT_COMPARE(expected_data->x, expected_data->len, + TEST_BUFFERS_EQUAL(expected_data->x, expected_data->len, output, output_length); } @@ -8892,7 +8892,7 @@ void derive_output(int alg_arg, /* Success. Check the read data. */ PSA_ASSERT(status); if (output_sizes[i] != 0) { - ASSERT_COMPARE(output_buffer, output_sizes[i], + TEST_BUFFERS_EQUAL(output_buffer, output_sizes[i], expected_outputs[i], output_sizes[i]); } /* Check the operation status. */ @@ -9015,7 +9015,7 @@ void derive_ecjpake_to_pms(data_t *input, int expected_input_status_arg, TEST_EQUAL(status, expected_output_status); if (expected_output->len != 0 && expected_output_status == PSA_SUCCESS) { - ASSERT_COMPARE(output_buffer, expected_output->len, expected_output->x, + TEST_BUFFERS_EQUAL(output_buffer, expected_output->len, expected_output->x, expected_output->len); } @@ -9167,7 +9167,7 @@ void derive_key_export(int alg_arg, TEST_EQUAL(length, bytes2); /* Compare the outputs from the two runs. */ - ASSERT_COMPARE(output_buffer, bytes1 + bytes2, + TEST_BUFFERS_EQUAL(output_buffer, bytes1 + bytes2, export_buffer, capacity); exit: @@ -9228,7 +9228,7 @@ void derive_key_type(int alg_arg, PSA_ASSERT(psa_export_key(derived_key, export_buffer, export_buffer_size, &export_length)); - ASSERT_COMPARE(export_buffer, export_length, + TEST_BUFFERS_EQUAL(export_buffer, export_length, expected_export->x, expected_export->len); exit: @@ -9378,7 +9378,7 @@ void raw_key_agreement(int alg_arg, peer_key_data->x, peer_key_data->len, output, expected_output->len, &output_length)); - ASSERT_COMPARE(output, output_length, + TEST_BUFFERS_EQUAL(output, output_length, expected_output->x, expected_output->len); mbedtls_free(output); output = NULL; @@ -9390,7 +9390,7 @@ void raw_key_agreement(int alg_arg, peer_key_data->x, peer_key_data->len, output, expected_output->len + 1, &output_length)); - ASSERT_COMPARE(output, output_length, + TEST_BUFFERS_EQUAL(output, output_length, expected_output->x, expected_output->len); mbedtls_free(output); output = NULL; @@ -9513,13 +9513,13 @@ void key_agreement_output(int alg_arg, PSA_ASSERT(psa_key_derivation_output_bytes(&operation, actual_output, expected_output1->len)); - ASSERT_COMPARE(actual_output, expected_output1->len, + TEST_BUFFERS_EQUAL(actual_output, expected_output1->len, expected_output1->x, expected_output1->len); if (expected_output2->len != 0) { PSA_ASSERT(psa_key_derivation_output_bytes(&operation, actual_output, expected_output2->len)); - ASSERT_COMPARE(actual_output, expected_output2->len, + TEST_BUFFERS_EQUAL(actual_output, expected_output2->len, expected_output2->x, expected_output2->len); } @@ -9688,7 +9688,7 @@ void generate_key_rsa(int bits_arg, if (is_default_public_exponent) { TEST_EQUAL(e_read_length, 0); } else { - ASSERT_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len); + TEST_BUFFERS_EQUAL(e_read_buffer, e_read_length, e_arg->x, e_arg->len); } /* Do something with the key according to its type and permitted usage. */ @@ -9724,7 +9724,7 @@ void generate_key_rsa(int bits_arg, TEST_EQUAL(p[1], 0); TEST_EQUAL(p[2], 1); } else { - ASSERT_COMPARE(p, len, e_arg->x, e_arg->len); + TEST_BUFFERS_EQUAL(p, len, e_arg->x, e_arg->len); } } @@ -9833,7 +9833,7 @@ void persistent_key_load_key_from_storage(data_t *data, first_export, export_size, &first_exported_length)); if (generation_method == IMPORT_KEY) { - ASSERT_COMPARE(data->x, data->len, + TEST_BUFFERS_EQUAL(data->x, data->len, first_export, first_exported_length); } } @@ -9860,7 +9860,7 @@ void persistent_key_load_key_from_storage(data_t *data, PSA_ASSERT(psa_export_key(key, second_export, export_size, &second_exported_length)); - ASSERT_COMPARE(first_export, first_exported_length, + TEST_BUFFERS_EQUAL(first_export, first_exported_length, second_export, second_exported_length); } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index fa83ad380..2ddcf07ed 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -460,7 +460,7 @@ static int sanity_check_rsa_encryption_result( TEST_EQUAL(buf[0], 0x00); TEST_EQUAL(buf[1], 0x02); TEST_EQUAL(buf[length - input_data->len - 1], 0x00); - ASSERT_COMPARE(buf + length - input_data->len, input_data->len, + TEST_BUFFERS_EQUAL(buf + length - input_data->len, input_data->len, input_data->x, input_data->len); } else if (PSA_ALG_IS_RSA_OAEP(alg)) { TEST_EQUAL(buf[0], 0x00); @@ -546,7 +546,7 @@ void sign_hash(int key_type_arg, &signature_length); TEST_EQUAL(actual_status, expected_status); if (expected_status == PSA_SUCCESS) { - ASSERT_COMPARE(signature, signature_length, + TEST_BUFFERS_EQUAL(signature, signature_length, expected_output->x, expected_output->len); } TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 1); @@ -673,7 +673,7 @@ void sign_message(int key_type_arg, &signature_length); TEST_EQUAL(actual_status, expected_status); if (expected_status == PSA_SUCCESS) { - ASSERT_COMPARE(signature, signature_length, + TEST_BUFFERS_EQUAL(signature, signature_length, expected_output->x, expected_output->len); } /* In the builtin algorithm the driver is called twice. */ @@ -795,7 +795,7 @@ void generate_ec_key(int force_status_arg, psa_export_key(key, actual_output, sizeof(actual_output), &actual_output_length); if (fake_output->len > 0) { - ASSERT_COMPARE(actual_output, actual_output_length, + TEST_BUFFERS_EQUAL(actual_output, actual_output_length, expected_output, expected_output_length); } else { size_t zeroes = 0; @@ -927,7 +927,7 @@ void export_key(int force_status_arg, } if (actual_status == PSA_SUCCESS) { - ASSERT_COMPARE(actual_output, actual_output_length, + TEST_BUFFERS_EQUAL(actual_output, actual_output_length, expected_output_ptr, expected_output_length); } exit: @@ -1006,7 +1006,7 @@ void key_agreement(int alg_arg, TEST_EQUAL(mbedtls_test_driver_key_agreement_hooks.hits, 1); if (actual_status == PSA_SUCCESS) { - ASSERT_COMPARE(actual_output, actual_output_length, + TEST_BUFFERS_EQUAL(actual_output, actual_output_length, expected_output_ptr, expected_output_length); } mbedtls_free(actual_output); @@ -1093,7 +1093,7 @@ void cipher_encrypt_validation(int alg_arg, PSA_ASSERT(psa_cipher_abort(&operation)); // driver function should've been called as part of the finish() core routine TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); - ASSERT_COMPARE(output1 + iv_size, output1_length - iv_size, + TEST_BUFFERS_EQUAL(output1 + iv_size, output1_length - iv_size, output2, output2_length); exit: @@ -1221,7 +1221,7 @@ void cipher_encrypt_multipart(int alg_arg, PSA_ASSERT(psa_cipher_abort(&operation)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); - ASSERT_COMPARE(expected_output->x, expected_output->len, + TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, output, total_output_length); } @@ -1350,7 +1350,7 @@ void cipher_decrypt_multipart(int alg_arg, PSA_ASSERT(psa_cipher_abort(&operation)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); - ASSERT_COMPARE(expected_output->x, expected_output->len, + TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, output, total_output_length); } @@ -1422,7 +1422,7 @@ void cipher_decrypt(int alg_arg, TEST_EQUAL(status, expected_status); if (expected_status == PSA_SUCCESS) { - ASSERT_COMPARE(expected_output->x, expected_output->len, + TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, output, output_length); } @@ -1707,7 +1707,7 @@ void aead_encrypt(int key_type_arg, data_t *key_data, PSA_SUCCESS : forced_status); if (status == PSA_SUCCESS) { - ASSERT_COMPARE(expected_result->x, expected_result->len, + TEST_BUFFERS_EQUAL(expected_result->x, expected_result->len, output_data, output_length); } @@ -1770,7 +1770,7 @@ void aead_decrypt(int key_type_arg, data_t *key_data, PSA_SUCCESS : forced_status); if (status == PSA_SUCCESS) { - ASSERT_COMPARE(expected_data->x, expected_data->len, + TEST_BUFFERS_EQUAL(expected_data->x, expected_data->len, output_data, output_length); } @@ -1839,7 +1839,7 @@ void mac_sign(int key_type_arg, TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); if (forced_status == PSA_SUCCESS) { - ASSERT_COMPARE(expected_mac->x, expected_mac->len, + TEST_BUFFERS_EQUAL(expected_mac->x, expected_mac->len, actual_mac, mac_length); } @@ -1957,7 +1957,7 @@ void mac_sign_multipart(int key_type_arg, } if (forced_status == PSA_SUCCESS) { - ASSERT_COMPARE(expected_mac->x, expected_mac->len, + TEST_BUFFERS_EQUAL(expected_mac->x, expected_mac->len, actual_mac, mac_length); } @@ -2159,7 +2159,7 @@ void builtin_key_export(int builtin_key_id_arg, if (expected_status == PSA_SUCCESS) { PSA_ASSERT(actual_status); TEST_EQUAL(output_size, expected_output->len); - ASSERT_COMPARE(output_buffer, output_size, + TEST_BUFFERS_EQUAL(output_buffer, output_size, expected_output->x, expected_output->len); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); @@ -2210,7 +2210,7 @@ void builtin_pubkey_export(int builtin_key_id_arg, if (expected_status == PSA_SUCCESS) { PSA_ASSERT(actual_status); TEST_EQUAL(output_size, expected_output->len); - ASSERT_COMPARE(output_buffer, output_size, + TEST_BUFFERS_EQUAL(output_buffer, output_size, expected_output->x, expected_output->len); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); @@ -2257,7 +2257,7 @@ void hash_compute(int alg_arg, TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); if (expected_status == PSA_SUCCESS) { - ASSERT_COMPARE(output, output_length, hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, output_length, hash->x, hash->len); } exit: @@ -2305,7 +2305,7 @@ void hash_multipart_setup(int alg_arg, forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); - ASSERT_COMPARE(output, output_length, hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, output_length, hash->x, hash->len); } exit: @@ -2362,7 +2362,7 @@ void hash_multipart_update(int alg_arg, TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); - ASSERT_COMPARE(output, output_length, hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, output_length, hash->x, hash->len); } exit: @@ -2416,7 +2416,7 @@ void hash_multipart_finish(int alg_arg, TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); if (forced_status == PSA_SUCCESS) { - ASSERT_COMPARE(output, output_length, hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, output_length, hash->x, hash->len); } exit: @@ -2476,7 +2476,7 @@ void hash_clone(int alg_arg, TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 3); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); - ASSERT_COMPARE(output, output_length, hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, output_length, hash->x, hash->len); } exit: @@ -2560,7 +2560,7 @@ void asymmetric_encrypt_decrypt(int alg_arg, if (expected_status_encrypt == PSA_SUCCESS) { if (fake_output_encrypt->len > 0) { - ASSERT_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, + TEST_BUFFERS_EQUAL(fake_output_encrypt->x, fake_output_encrypt->len, output, output_length); } else { mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = @@ -2587,10 +2587,10 @@ void asymmetric_encrypt_decrypt(int alg_arg, &output2_length), expected_status_decrypt); if (expected_status_decrypt == PSA_SUCCESS) { if (fake_output_decrypt->len > 0) { - ASSERT_COMPARE(fake_output_decrypt->x, fake_output_decrypt->len, + TEST_BUFFERS_EQUAL(fake_output_decrypt->x, fake_output_decrypt->len, output2, output2_length); } else { - ASSERT_COMPARE(input_data->x, input_data->len, + TEST_BUFFERS_EQUAL(input_data->x, input_data->len, output2, output2_length); } } @@ -2664,7 +2664,7 @@ void asymmetric_decrypt(int alg_arg, &output_length), expected_status_decrypt); if (expected_status_decrypt == PSA_SUCCESS) { TEST_EQUAL(output_length, expected_output_data->len); - ASSERT_COMPARE(expected_output_data->x, expected_output_data->len, + TEST_BUFFERS_EQUAL(expected_output_data->x, expected_output_data->len, output, output_length); } exit: @@ -2738,7 +2738,7 @@ void asymmetric_encrypt(int alg_arg, if (expected_status_encrypt == PSA_SUCCESS) { if (fake_output_encrypt->len > 0) { TEST_EQUAL(fake_output_encrypt->len, output_length); - ASSERT_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, + TEST_BUFFERS_EQUAL(fake_output_encrypt->x, fake_output_encrypt->len, output, output_length); } else { /* Perform sanity checks on the output */ @@ -2873,11 +2873,11 @@ void aead_encrypt_setup(int key_type_arg, data_t *key_data, forced_status == PSA_SUCCESS ? 1 : 0); /* Compare output_data and expected_ciphertext */ - ASSERT_COMPARE(expected_ciphertext->x, expected_ciphertext->len, + TEST_BUFFERS_EQUAL(expected_ciphertext->x, expected_ciphertext->len, output_data, output_length + finish_output_length); /* Compare tag and expected_tag */ - ASSERT_COMPARE(expected_tag->x, expected_tag->len, tag_buffer, tag_length); + TEST_BUFFERS_EQUAL(expected_tag->x, expected_tag->len, tag_buffer, tag_length); } exit: @@ -2979,7 +2979,7 @@ void aead_decrypt_setup(int key_type_arg, data_t *key_data, TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, forced_status == PSA_SUCCESS ? 1 : 0); - ASSERT_COMPARE(expected_result->x, expected_result->len, + TEST_BUFFERS_EQUAL(expected_result->x, expected_result->len, output_data, output_length + verify_output_length); } diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index f12541d68..fce293a9b 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -25,7 +25,7 @@ void hash_finish(int alg_arg, data_t *input, data_t *expected_hash) PSA_ASSERT(psa_hash_finish(&operation, actual_hash, sizeof(actual_hash), &actual_hash_length)); - ASSERT_COMPARE(expected_hash->x, expected_hash->len, + TEST_BUFFERS_EQUAL(expected_hash->x, expected_hash->len, actual_hash, actual_hash_length); exit: @@ -83,13 +83,13 @@ void hash_multi_part(int alg_arg, data_t *input, data_t *expected_hash) PSA_ASSERT(psa_hash_finish(&operation, actual_hash, sizeof(actual_hash), &actual_hash_length)); - ASSERT_COMPARE(expected_hash->x, expected_hash->len, + TEST_BUFFERS_EQUAL(expected_hash->x, expected_hash->len, actual_hash, actual_hash_length); PSA_ASSERT(psa_hash_finish(&operation2, actual_hash, sizeof(actual_hash), &actual_hash_length)); - ASSERT_COMPARE(expected_hash->x, expected_hash->len, + TEST_BUFFERS_EQUAL(expected_hash->x, expected_hash->len, actual_hash, actual_hash_length); } while (len++ != input->len); diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index f04d56fdb..c3ff888ab 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -1031,7 +1031,7 @@ void pake_input_getters_password() &buffer_len_ret), PSA_SUCCESS); - ASSERT_COMPARE(password_ret, buffer_len_ret, password, strlen(password)); + TEST_BUFFERS_EQUAL(password_ret, buffer_len_ret, password, strlen(password)); exit: PSA_ASSERT(psa_destroy_key(key)); PSA_ASSERT(psa_pake_abort(&operation)); @@ -1064,7 +1064,7 @@ void pake_input_getters_cipher_suite() TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret), PSA_SUCCESS); - ASSERT_COMPARE(&cipher_suite_ret, sizeof(cipher_suite_ret), + TEST_BUFFERS_EQUAL(&cipher_suite_ret, sizeof(cipher_suite_ret), &cipher_suite, sizeof(cipher_suite)); exit: @@ -1128,7 +1128,7 @@ void pake_input_getters_user() &buffer_len_ret), PSA_SUCCESS); - ASSERT_COMPARE(user_ret, buffer_len_ret, user, user_len); + TEST_BUFFERS_EQUAL(user_ret, buffer_len_ret, user, user_len); } exit: PSA_ASSERT(psa_pake_abort(&operation)); @@ -1191,7 +1191,7 @@ void pake_input_getters_peer() &buffer_len_ret), PSA_SUCCESS); - ASSERT_COMPARE(peer_ret, buffer_len_ret, peer, peer_len); + TEST_BUFFERS_EQUAL(peer_ret, buffer_len_ret, peer, peer_len); } exit: PSA_ASSERT(psa_pake_abort(&operation)); diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 23535df32..52c6047c5 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -66,7 +66,7 @@ void format_storage_data_check(data_t *key_data, &attributes.core, file_data); - ASSERT_COMPARE(expected_file_data->x, expected_file_data->len, + TEST_BUFFERS_EQUAL(expected_file_data->x, expected_file_data->len, file_data, file_data_length); exit: @@ -111,7 +111,7 @@ void parse_storage_data_check(data_t *file_data, (uint32_t) expected_key_alg); TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), (uint32_t) expected_key_alg2); - ASSERT_COMPARE(expected_key_data->x, expected_key_data->len, + TEST_BUFFERS_EQUAL(expected_key_data->x, expected_key_data->len, key_data, key_data_length); exit: @@ -307,7 +307,7 @@ void import_export_persistent_key(data_t *data, int type_arg, PSA_ASSERT(psa_export_key(key_id, exported, export_size, &exported_length)); - ASSERT_COMPARE(data->x, data->len, exported, exported_length); + TEST_BUFFERS_EQUAL(data->x, data->len, exported, exported_length); /* Destroy the key */ PSA_ASSERT(psa_destroy_key(key_id)); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index bb6b0e417..aa455e520 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -607,7 +607,7 @@ static int check_persistent_data(psa_key_location_t location, PSA_ASSERT(psa_its_get_info(uid, &info)); ASSERT_ALLOC(loaded, info.size); PSA_ASSERT(psa_its_get(uid, 0, info.size, loaded, NULL)); - ASSERT_COMPARE(expected_data, size, loaded, info.size); + TEST_BUFFERS_EQUAL(expected_data, size, loaded, info.size); ok = 1; exit: @@ -965,7 +965,7 @@ void key_creation_import_export(int lifetime_arg, int min_slot, int restart) PSA_ASSERT(psa_export_key(returned_id, exported, sizeof(exported), &exported_length)); - ASSERT_COMPARE(key_material, sizeof(key_material), + TEST_BUFFERS_EQUAL(key_material, sizeof(key_material), exported, exported_length); PSA_ASSERT(psa_destroy_key(returned_id)); diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index e3bb0d34f..92f44e941 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -307,7 +307,7 @@ void persistent_slot_lifecycle(int lifetime_arg, int owner_id_arg, int id_arg, if (usage_flags & PSA_KEY_USAGE_EXPORT) { PSA_ASSERT(psa_export_key(id, reexported, key_data->len, &reexported_length)); - ASSERT_COMPARE(key_data->x, key_data->len, + TEST_BUFFERS_EQUAL(key_data->x, key_data->len, reexported, reexported_length); } else { TEST_EQUAL(psa_export_key(id, reexported, @@ -402,7 +402,7 @@ void create_existent(int lifetime_arg, int owner_id_arg, int id_arg, PSA_ASSERT(psa_export_key(id, reexported, sizeof(reexported), &reexported_length)); - ASSERT_COMPARE(material1, sizeof(material1), + TEST_BUFFERS_EQUAL(material1, sizeof(material1), reexported, reexported_length); PSA_ASSERT(psa_close_key(id)); @@ -578,7 +578,7 @@ void copy_across_lifetimes(int source_lifetime_arg, int source_owner_id_arg, ASSERT_ALLOC(export_buffer, material->len); PSA_ASSERT(psa_export_key(returned_target_id, export_buffer, material->len, &length)); - ASSERT_COMPARE(material->x, material->len, + TEST_BUFFERS_EQUAL(material->x, material->len, export_buffer, length); } else { size_t length; @@ -692,7 +692,7 @@ void copy_to_occupied(int source_lifetime_arg, int source_id_arg, ASSERT_ALLOC(export_buffer, target_material->len); PSA_ASSERT(psa_export_key(returned_target_id, export_buffer, target_material->len, &length)); - ASSERT_COMPARE(target_material->x, target_material->len, + TEST_BUFFERS_EQUAL(target_material->x, target_material->len, export_buffer, length); } @@ -840,7 +840,7 @@ void many_transient_keys(int max_keys_arg) PSA_ASSERT(psa_export_key(keys[i], exported, sizeof(exported), &exported_length)); - ASSERT_COMPARE(exported, exported_length, + TEST_BUFFERS_EQUAL(exported, exported_length, (uint8_t *) &i, sizeof(i)); } PSA_ASSERT(psa_close_key(keys[i - 1])); @@ -917,7 +917,7 @@ void key_slot_eviction_to_import_new_key(int lifetime_arg) PSA_ASSERT(psa_export_key(key, exported, sizeof(exported), &exported_length)); - ASSERT_COMPARE(exported, exported_length, + TEST_BUFFERS_EQUAL(exported, exported_length, (uint8_t *) &i, sizeof(i)); PSA_ASSERT(psa_destroy_key(key)); } @@ -988,7 +988,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() exported, sizeof(exported), &exported_length)); i = MBEDTLS_PSA_KEY_SLOT_COUNT - 1; - ASSERT_COMPARE(exported, exported_length, (uint8_t *) &i, sizeof(i)); + TEST_BUFFERS_EQUAL(exported, exported_length, (uint8_t *) &i, sizeof(i)); PSA_ASSERT(psa_destroy_key(keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1])); /* @@ -1016,7 +1016,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() PSA_ASSERT(psa_export_key(keys[i], exported, sizeof(exported), &exported_length)); - ASSERT_COMPARE(exported, exported_length, + TEST_BUFFERS_EQUAL(exported, exported_length, (uint8_t *) &i, sizeof(i)); PSA_ASSERT(psa_destroy_key(keys[i])); } @@ -1028,7 +1028,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() PSA_ASSERT(psa_export_key(persistent_key, exported, sizeof(exported), &exported_length)); - ASSERT_COMPARE(exported, exported_length, + TEST_BUFFERS_EQUAL(exported, exported_length, (uint8_t *) &persistent_key, sizeof(persistent_key)); exit: /* diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function index 8434fc1c6..0a6fd28d4 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tests/suites/test_suite_psa_crypto_storage_format.function @@ -39,7 +39,7 @@ static int test_written_key(const psa_key_attributes_t *attributes, ASSERT_ALLOC(actual_representation, storage_info.size); PSA_ASSERT(psa_its_get(uid, 0, storage_info.size, actual_representation, &length)); - ASSERT_COMPARE(expected_representation->x, expected_representation->len, + TEST_BUFFERS_EQUAL(expected_representation->x, expected_representation->len, actual_representation, length); ok = 1; @@ -263,7 +263,7 @@ static int test_read_key(const psa_key_attributes_t *expected_attributes, PSA_ASSERT(psa_export_key(key_id, exported_material, expected_material->len, &length)); - ASSERT_COMPARE(expected_material->x, expected_material->len, + TEST_BUFFERS_EQUAL(expected_material->x, expected_material->len, exported_material, length); } diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index 7864b9c88..0ad6febeb 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -100,7 +100,7 @@ void set_get_remove(int uid_arg, int flags_arg, data_t *data) TEST_ASSERT(info.size == data->len); TEST_ASSERT(info.flags == flags); PSA_ASSERT(psa_its_get(uid, 0, data->len, buffer, &ret_len)); - ASSERT_COMPARE(data->x, data->len, buffer, ret_len); + TEST_BUFFERS_EQUAL(data->x, data->len, buffer, ret_len); PSA_ASSERT(psa_its_remove(uid)); @@ -129,7 +129,7 @@ void set_overwrite(int uid_arg, TEST_ASSERT(info.size == data1->len); TEST_ASSERT(info.flags == flags1); PSA_ASSERT(psa_its_get(uid, 0, data1->len, buffer, &ret_len)); - ASSERT_COMPARE(data1->x, data1->len, buffer, ret_len); + TEST_BUFFERS_EQUAL(data1->x, data1->len, buffer, ret_len); PSA_ASSERT(psa_its_set_wrap(uid, data2->len, data2->x, flags2)); PSA_ASSERT(psa_its_get_info(uid, &info)); @@ -137,7 +137,7 @@ void set_overwrite(int uid_arg, TEST_ASSERT(info.flags == flags2); ret_len = 0; PSA_ASSERT(psa_its_get(uid, 0, data2->len, buffer, &ret_len)); - ASSERT_COMPARE(data2->x, data2->len, buffer, ret_len); + TEST_BUFFERS_EQUAL(data2->x, data2->len, buffer, ret_len); PSA_ASSERT(psa_its_remove(uid)); @@ -167,7 +167,7 @@ void set_multiple(int first_id, int count) mbedtls_snprintf(stored, sizeof(stored), "Content of file 0x%08lx", (unsigned long) uid); PSA_ASSERT(psa_its_get(uid, 0, sizeof(stored), retrieved, &ret_len)); - ASSERT_COMPARE(retrieved, ret_len, + TEST_BUFFERS_EQUAL(retrieved, ret_len, stored, sizeof(stored)); PSA_ASSERT(psa_its_remove(uid)); TEST_ASSERT(psa_its_get(uid, 0, 0, NULL, NULL) == @@ -223,7 +223,7 @@ void get_at(int uid_arg, data_t *data, status = psa_its_get(uid, offset, length_arg, buffer, &ret_len); TEST_ASSERT(status == (psa_status_t) expected_status); if (status == PSA_SUCCESS) { - ASSERT_COMPARE(data->x + offset, (size_t) length_arg, + TEST_BUFFERS_EQUAL(data->x + offset, (size_t) length_arg, buffer, ret_len); } for (i = 0; i < 16; i++) { diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 326cc79e6..594d1000d 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -159,7 +159,7 @@ void mbedtls_sha3(int family, data_t *in, data_t *hash) TEST_ASSERT(mbedtls_sha3(family, in->x, in->len, output, hash->len) == 0); - ASSERT_COMPARE(output, hash->len, hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, hash->len, hash->x, hash->len); exit: mbedtls_free(output); @@ -204,7 +204,7 @@ void mbedtls_sha3_multi(int family, data_t *in, data_t *hash) TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, hash->len) == 0); - ASSERT_COMPARE(output, hash->len, hash->x, hash->len); + TEST_BUFFERS_EQUAL(output, hash->len, hash->x, hash->len); exit: mbedtls_free(output); @@ -253,7 +253,7 @@ void sha3_streaming(int type, data_t *input) mbedtls_sha3_finish(&ctx, hash, hash_length); mbedtls_sha3_free(&ctx); - ASSERT_COMPARE(hash, hash_length, reference_hash, hash_length); + TEST_BUFFERS_EQUAL(hash, hash_length, reference_hash, hash_length); } exit: @@ -289,13 +289,13 @@ void sha3_reuse(data_t *input1, data_t *hash1, TEST_ASSERT(mbedtls_sha3_starts(&ctx, type1) == 0); TEST_ASSERT(mbedtls_sha3_update(&ctx, input1->x, input1->len) == 0); TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, sizeof(output)) == 0); - ASSERT_COMPARE(output, hash1->len, hash1->x, hash1->len); + TEST_BUFFERS_EQUAL(output, hash1->len, hash1->x, hash1->len); /* Round 2 */ TEST_ASSERT(mbedtls_sha3_starts(&ctx, type2) == 0); TEST_ASSERT(mbedtls_sha3_update(&ctx, input2->x, input2->len) == 0); TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, sizeof(output)) == 0); - ASSERT_COMPARE(output, hash2->len, hash2->x, hash2->len); + TEST_BUFFERS_EQUAL(output, hash2->len, hash2->x, hash2->len); exit: mbedtls_sha3_free(&ctx); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 82298849b..1f2db773a 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1728,7 +1728,7 @@ void ssl_tls13_hkdf_expand_label(int hash_alg, ctx->x, ctx->len, dst, desired_length) == 0); - ASSERT_COMPARE(dst, (size_t) desired_length, + TEST_BUFFERS_EQUAL(dst, (size_t) desired_length, expected->x, (size_t) expected->len); exit: @@ -1768,19 +1768,19 @@ void ssl_tls13_traffic_key_generation(int hash_alg, desired_key_len, desired_iv_len, &keys) == 0); - ASSERT_COMPARE(keys.client_write_key, + TEST_BUFFERS_EQUAL(keys.client_write_key, keys.key_len, expected_client_write_key->x, (size_t) desired_key_len); - ASSERT_COMPARE(keys.server_write_key, + TEST_BUFFERS_EQUAL(keys.server_write_key, keys.key_len, expected_server_write_key->x, (size_t) desired_key_len); - ASSERT_COMPARE(keys.client_write_iv, + TEST_BUFFERS_EQUAL(keys.client_write_iv, keys.iv_len, expected_client_write_iv->x, (size_t) desired_iv_len); - ASSERT_COMPARE(keys.server_write_iv, + TEST_BUFFERS_EQUAL(keys.server_write_iv, keys.iv_len, expected_server_write_iv->x, (size_t) desired_iv_len); @@ -1827,7 +1827,7 @@ void ssl_tls13_derive_secret(int hash_alg, already_hashed, dst, desired_length) == 0); - ASSERT_COMPARE(dst, desired_length, + TEST_BUFFERS_EQUAL(dst, desired_length, expected->x, desired_length); exit: @@ -1859,9 +1859,9 @@ void ssl_tls13_derive_early_secrets(int hash_alg, alg, secret->x, transcript->x, transcript->len, &secrets) == 0); - ASSERT_COMPARE(secrets.client_early_traffic_secret, hash_len, + TEST_BUFFERS_EQUAL(secrets.client_early_traffic_secret, hash_len, traffic_expected->x, traffic_expected->len); - ASSERT_COMPARE(secrets.early_exporter_master_secret, hash_len, + TEST_BUFFERS_EQUAL(secrets.early_exporter_master_secret, hash_len, exporter_expected->x, exporter_expected->len); exit: @@ -1893,9 +1893,9 @@ void ssl_tls13_derive_handshake_secrets(int hash_alg, alg, secret->x, transcript->x, transcript->len, &secrets) == 0); - ASSERT_COMPARE(secrets.client_handshake_traffic_secret, hash_len, + TEST_BUFFERS_EQUAL(secrets.client_handshake_traffic_secret, hash_len, client_expected->x, client_expected->len); - ASSERT_COMPARE(secrets.server_handshake_traffic_secret, hash_len, + TEST_BUFFERS_EQUAL(secrets.server_handshake_traffic_secret, hash_len, server_expected->x, server_expected->len); exit: @@ -1929,11 +1929,11 @@ void ssl_tls13_derive_application_secrets(int hash_alg, alg, secret->x, transcript->x, transcript->len, &secrets) == 0); - ASSERT_COMPARE(secrets.client_application_traffic_secret_N, hash_len, + TEST_BUFFERS_EQUAL(secrets.client_application_traffic_secret_N, hash_len, client_expected->x, client_expected->len); - ASSERT_COMPARE(secrets.server_application_traffic_secret_N, hash_len, + TEST_BUFFERS_EQUAL(secrets.server_application_traffic_secret_N, hash_len, server_expected->x, server_expected->len); - ASSERT_COMPARE(secrets.exporter_master_secret, hash_len, + TEST_BUFFERS_EQUAL(secrets.exporter_master_secret, hash_len, exporter_expected->x, exporter_expected->len); exit: @@ -1963,7 +1963,7 @@ void ssl_tls13_derive_resumption_secrets(int hash_alg, alg, secret->x, transcript->x, transcript->len, &secrets) == 0); - ASSERT_COMPARE(secrets.resumption_master_secret, hash_len, + TEST_BUFFERS_EQUAL(secrets.resumption_master_secret, hash_len, resumption_expected->x, resumption_expected->len); exit: @@ -1997,7 +1997,7 @@ void ssl_tls13_create_psk_binder(int hash_alg, transcript->x, binder) == 0); - ASSERT_COMPARE(binder, hash_len, + TEST_BUFFERS_EQUAL(binder, hash_len, binder_expected->x, binder_expected->len); exit: @@ -2090,12 +2090,12 @@ void ssl_tls13_record_protection(int ciphersuite, NULL, NULL) == 0); if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { - ASSERT_COMPARE(rec.buf + rec.data_offset, rec.data_len, + TEST_BUFFERS_EQUAL(rec.buf + rec.data_offset, rec.data_len, ciphertext->x, ciphertext->len); } TEST_ASSERT(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec) == 0); - ASSERT_COMPARE(rec.buf + rec.data_offset, rec.data_len, + TEST_BUFFERS_EQUAL(rec.buf + rec.data_offset, rec.data_len, plaintext->x, plaintext->len); exit: @@ -2122,7 +2122,7 @@ void ssl_tls13_key_evolution(int hash_alg, input->len ? input->x : NULL, input->len, secret_new) == 0); - ASSERT_COMPARE(secret_new, (size_t) expected->len, + TEST_BUFFERS_EQUAL(secret_new, (size_t) expected->len, expected->x, (size_t) expected->len); exit: @@ -3326,7 +3326,7 @@ void cid_sanity() == 0); TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_ENABLED); - ASSERT_COMPARE(own_cid, own_cid_len, test_cid, own_cid_len); + TEST_BUFFERS_EQUAL(own_cid, own_cid_len, test_cid, own_cid_len); /* Test disabling works. */ TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL, diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 7a2bbefd9..f702adf61 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -447,7 +447,7 @@ void x509_crt_parse_cn_inet_pton(const char *cn, data_t *exp, int ref_ret) TEST_EQUAL(addrlen, (size_t) ref_ret); if (addrlen) { - ASSERT_COMPARE(exp->x, exp->len, addr, addrlen); + TEST_BUFFERS_EQUAL(exp->x, exp->len, addr, addrlen); } } /* END_CASE */ From f9ffd11e7a8d366cf7a6ea4aee07684b1f7d876a Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 20 Jul 2023 16:48:18 +0100 Subject: [PATCH 130/339] For tests, rename ASSERT_ALLOC() to TEST_CALLOC_OR_FAIL() Signed-off-by: Tom Cosgrove --- tests/include/test/macros.h | 22 +-- tests/src/psa_exercise_key.c | 10 +- tests/src/test_helpers/ssl_helpers.c | 8 +- tests/suites/test_suite_aes.function | 24 +-- tests/suites/test_suite_asn1parse.function | 12 +- tests/suites/test_suite_asn1write.function | 10 +- tests/suites/test_suite_bignum_core.function | 46 ++--- tests/suites/test_suite_bignum_mod.function | 30 ++-- .../suites/test_suite_bignum_mod_raw.function | 34 ++-- .../suites/test_suite_bignum_random.function | 20 +-- tests/suites/test_suite_ccm.function | 44 ++--- tests/suites/test_suite_cipher.function | 12 +- tests/suites/test_suite_common.function | 8 +- .../suites/test_suite_constant_time.function | 14 +- .../test_suite_constant_time_hmac.function | 4 +- tests/suites/test_suite_ecp.function | 16 +- tests/suites/test_suite_gcm.function | 16 +- tests/suites/test_suite_hkdf.function | 10 +- tests/suites/test_suite_lmots.function | 8 +- tests/suites/test_suite_lms.function | 8 +- tests/suites/test_suite_mps.function | 8 +- tests/suites/test_suite_pkcs12.function | 2 +- tests/suites/test_suite_pkcs7.function | 12 +- tests/suites/test_suite_pkparse.function | 2 +- tests/suites/test_suite_pkwrite.function | 4 +- .../test_suite_platform_printf.function | 8 +- tests/suites/test_suite_psa_crypto.function | 170 +++++++++--------- ..._suite_psa_crypto_driver_wrappers.function | 70 ++++---- .../test_suite_psa_crypto_entropy.function | 6 +- .../test_suite_psa_crypto_init.function | 2 +- .../test_suite_psa_crypto_pake.function | 6 +- ...t_suite_psa_crypto_persistent_key.function | 6 +- ...st_suite_psa_crypto_se_driver_hal.function | 2 +- ..._suite_psa_crypto_slot_management.function | 10 +- ...t_suite_psa_crypto_storage_format.function | 4 +- tests/suites/test_suite_psa_its.function | 6 +- tests/suites/test_suite_random.function | 2 +- tests/suites/test_suite_shax.function | 4 +- tests/suites/test_suite_ssl.function | 10 +- tests/suites/test_suite_x509parse.function | 4 +- 40 files changed, 347 insertions(+), 347 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index f67cfcc1b..9ed7d2f76 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -123,18 +123,18 @@ * This expression may be evaluated multiple times. * */ -#define ASSERT_ALLOC(pointer, length) \ - do \ - { \ - TEST_ASSERT((pointer) == NULL); \ - if ((length) != 0) \ - { \ - (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ +#define TEST_CALLOC_OR_FAIL(pointer, length) \ + do { \ + TEST_ASSERT((pointer) == NULL); \ + if ((length) != 0) { \ + (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ (length)); \ - TEST_ASSERT((pointer) != NULL); \ - } \ - } \ - while (0) + TEST_ASSERT((pointer) != NULL); \ + } \ + } while (0) + +/* For backwards compatibility */ +#define ASSERT_ALLOC(pointer, length) TEST_CALLOC_OR_FAIL(pointer, length) /** Allocate memory dynamically. If the allocation fails, skip the test case. * diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 7f93496e7..48029b491 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -506,7 +506,7 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( key_bits = psa_get_key_bits(&attributes); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - ASSERT_ALLOC(public_key, public_key_length); + TEST_CALLOC_OR_FAIL(public_key, public_key_length); PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length, &public_key_length)); @@ -548,7 +548,7 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( key_bits = psa_get_key_bits(&attributes); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - ASSERT_ALLOC(public_key, public_key_length); + TEST_CALLOC_OR_FAIL(public_key, public_key_length); PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length, &public_key_length)); @@ -838,7 +838,7 @@ static int exercise_export_key(mbedtls_svc_key_id_t key, exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type(&attributes), psa_get_key_bits(&attributes)); - ASSERT_ALLOC(exported, exported_size); + TEST_CALLOC_OR_FAIL(exported, exported_size); if ((usage & PSA_KEY_USAGE_EXPORT) == 0 && !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) { @@ -881,7 +881,7 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key) exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type(&attributes), psa_get_key_bits(&attributes)); - ASSERT_ALLOC(exported, exported_size); + TEST_CALLOC_OR_FAIL(exported, exported_size); TEST_EQUAL(psa_export_public_key(key, exported, exported_size, &exported_length), @@ -894,7 +894,7 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key) psa_get_key_type(&attributes)); exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, psa_get_key_bits(&attributes)); - ASSERT_ALLOC(exported, exported_size); + TEST_CALLOC_OR_FAIL(exported, exported_size); PSA_ASSERT(psa_export_public_key(key, exported, exported_size, diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 761d87787..f70b89a00 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -91,7 +91,7 @@ void mbedtls_test_init_handshake_options( opts->resize_buffers = 1; #if defined(MBEDTLS_SSL_CACHE_C) opts->cache = NULL; - ASSERT_ALLOC(opts->cache, 1); + TEST_CALLOC_OR_FAIL(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); #if defined(MBEDTLS_HAVE_TIME) TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache), @@ -627,9 +627,9 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, } cert = &(ep->cert); - ASSERT_ALLOC(cert->ca_cert, 1); - ASSERT_ALLOC(cert->cert, 1); - ASSERT_ALLOC(cert->pkey, 1); + TEST_CALLOC_OR_FAIL(cert->ca_cert, 1); + TEST_CALLOC_OR_FAIL(cert->cert, 1); + TEST_CALLOC_OR_FAIL(cert->pkey, 1); mbedtls_x509_crt_init(cert->ca_cert); mbedtls_x509_crt_init(cert->cert); diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 37d7f64aa..d30cef0e8 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -545,9 +545,9 @@ void aes_ecb_copy_context(data_t *key) struct align1 *dec1 = NULL; /* All peak alignment */ - ASSERT_ALLOC(src0, 1); - ASSERT_ALLOC(enc0, 1); - ASSERT_ALLOC(dec0, 1); + TEST_CALLOC_OR_FAIL(src0, 1); + TEST_CALLOC_OR_FAIL(enc0, 1); + TEST_CALLOC_OR_FAIL(dec0, 1); if (!test_copy(key, &src0->ctx, &enc0->ctx, &dec0->ctx)) { goto exit; } @@ -559,9 +559,9 @@ void aes_ecb_copy_context(data_t *key) dec0 = NULL; /* Original shifted */ - ASSERT_ALLOC(src1, 1); - ASSERT_ALLOC(enc0, 1); - ASSERT_ALLOC(dec0, 1); + TEST_CALLOC_OR_FAIL(src1, 1); + TEST_CALLOC_OR_FAIL(enc0, 1); + TEST_CALLOC_OR_FAIL(dec0, 1); if (!test_copy(key, &src1->ctx, &enc0->ctx, &dec0->ctx)) { goto exit; } @@ -573,9 +573,9 @@ void aes_ecb_copy_context(data_t *key) dec0 = NULL; /* Copies shifted */ - ASSERT_ALLOC(src0, 1); - ASSERT_ALLOC(enc1, 1); - ASSERT_ALLOC(dec1, 1); + TEST_CALLOC_OR_FAIL(src0, 1); + TEST_CALLOC_OR_FAIL(enc1, 1); + TEST_CALLOC_OR_FAIL(dec1, 1); if (!test_copy(key, &src0->ctx, &enc1->ctx, &dec1->ctx)) { goto exit; } @@ -587,9 +587,9 @@ void aes_ecb_copy_context(data_t *key) dec1 = NULL; /* Source and copies shifted */ - ASSERT_ALLOC(src1, 1); - ASSERT_ALLOC(enc1, 1); - ASSERT_ALLOC(dec1, 1); + TEST_CALLOC_OR_FAIL(src1, 1); + TEST_CALLOC_OR_FAIL(enc1, 1); + TEST_CALLOC_OR_FAIL(dec1, 1); if (!test_copy(key, &src1->ctx, &enc1->ctx, &dec1->ctx)) { goto exit; } diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function index e1a26b732..01a2271ef 100644 --- a/tests/suites/test_suite_asn1parse.function +++ b/tests/suites/test_suite_asn1parse.function @@ -135,7 +135,7 @@ int get_len_step(const data_t *input, size_t buffer_size, /* Allocate a new buffer of exactly the length to parse each time. * This gives memory sanitizers a chance to catch buffer overreads. */ if (buffer_size == 0) { - ASSERT_ALLOC(buf, 1); + TEST_CALLOC_OR_FAIL(buf, 1); end = buf + 1; p = end; } else { @@ -247,7 +247,7 @@ void parse_prefixes(const data_t *input, mbedtls_test_set_step(buffer_size); /* Allocate a new buffer of exactly the length to parse each time. * This gives memory sanitizers a chance to catch buffer overreads. */ - ASSERT_ALLOC(buf, buffer_size); + TEST_CALLOC_OR_FAIL(buf, buffer_size); memcpy(buf, input->x, buffer_size); p = buf; ret = nested_parse(&p, buf + buffer_size); @@ -506,7 +506,7 @@ void get_mpi_too_large() mbedtls_mpi_init(&actual_mpi); - ASSERT_ALLOC(buf, size); + TEST_CALLOC_OR_FAIL(buf, size); buf[0] = 0x02; /* tag: INTEGER */ buf[1] = 0x84; /* 4-octet length */ buf[2] = (too_many_octets >> 24) & 0xff; @@ -729,10 +729,10 @@ void free_named_data(int with_oid, int with_val, int with_next) { { 0x06, 0, NULL }, { 0, 0, NULL }, NULL, 0 }; if (with_oid) { - ASSERT_ALLOC(head.oid.p, 1); + TEST_CALLOC_OR_FAIL(head.oid.p, 1); } if (with_val) { - ASSERT_ALLOC(head.val.p, 1); + TEST_CALLOC_OR_FAIL(head.val.p, 1); } if (with_next) { head.next = &next; @@ -758,7 +758,7 @@ void free_named_data_list(int length) for (i = 0; i < length; i++) { mbedtls_asn1_named_data *new = NULL; - ASSERT_ALLOC(new, 1); + TEST_CALLOC_OR_FAIL(new, 1); new->next = head; head = new; } diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index 0e3b5dfc8..5d20ff8a9 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -17,7 +17,7 @@ int generic_write_start_step(generic_write_data_t *data) mbedtls_test_set_step(data->size); mbedtls_free(data->output); data->output = NULL; - ASSERT_ALLOC(data->output, data->size == 0 ? 1 : data->size); + TEST_CALLOC_OR_FAIL(data->output, data->size == 0 ? 1 : data->size); data->end = data->output + data->size; data->p = data->end; data->start = data->end - data->size; @@ -296,7 +296,7 @@ void mbedtls_asn1_write_algorithm_identifier(data_t *oid, size_t len_complete = data_len + par_len; unsigned char expected_params_tag; size_t expected_params_len; - ASSERT_ALLOC(buf_complete, len_complete); + TEST_CALLOC_OR_FAIL(buf_complete, len_complete); unsigned char *end_complete = buf_complete + len_complete; memcpy(buf_complete, data.p, data_len); if (par_len == 0) { @@ -404,7 +404,7 @@ void test_asn1_write_bitstrings(data_t *bitstring, int bits, TEST_ASSERT(bitstring->len >= byte_length); #if defined(MBEDTLS_ASN1_PARSE_C) - ASSERT_ALLOC(masked_bitstring, byte_length); + TEST_CALLOC_OR_FAIL(masked_bitstring, byte_length); if (byte_length != 0) { memcpy(masked_bitstring, bitstring->x, byte_length); if (bits % 8 != 0) { @@ -477,7 +477,7 @@ void store_named_data_find(data_t *oid0, data_t *oid1, } pointers[ARRAY_LENGTH(nd)] = NULL; for (i = 0; i < ARRAY_LENGTH(nd); i++) { - ASSERT_ALLOC(nd[i].oid.p, oid[i]->len); + TEST_CALLOC_OR_FAIL(nd[i].oid.p, oid[i]->len); memcpy(nd[i].oid.p, oid[i]->x, oid[i]->len); nd[i].oid.len = oid[i]->len; nd[i].next = pointers[i+1]; @@ -529,7 +529,7 @@ void store_named_data_val_found(int old_len, int new_len) unsigned char *new_val = (unsigned char *) "new value"; if (old_len != 0) { - ASSERT_ALLOC(nd.val.p, (size_t) old_len); + TEST_CALLOC_OR_FAIL(nd.val.p, (size_t) old_len); old_val = nd.val.p; nd.val.len = old_len; memset(old_val, 'x', old_len); diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index f132c3467..5f64240a4 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -493,10 +493,10 @@ void mpi_core_cond_swap(char *input_X, TEST_EQUAL(limbs_X, limbs_Y); TEST_ASSERT(copy_limbs <= limbs); - ASSERT_ALLOC(X, limbs); + TEST_CALLOC_OR_FAIL(X, limbs); memcpy(X, tmp_X, bytes); - ASSERT_ALLOC(Y, limbs); + TEST_CALLOC_OR_FAIL(Y, limbs); memcpy(Y, tmp_Y, bytes); /* condition is false */ @@ -601,7 +601,7 @@ void mpi_core_add_and_add_if(char *input_A, char *input_B, TEST_EQUAL(A_limbs, S_limbs); size_t limbs = A_limbs; - ASSERT_ALLOC(X, limbs); + TEST_CALLOC_OR_FAIL(X, limbs); TEST_ASSERT(mpi_core_verify_add(A, B, limbs, S, carry, X)); TEST_ASSERT(mpi_core_verify_add_if(A, B, limbs, S, carry, X)); @@ -646,15 +646,15 @@ void mpi_core_sub(char *input_A, char *input_B, /* Now let's get arrays of mbedtls_mpi_uints, rather than MPI structures */ - /* ASSERT_ALLOC() uses calloc() under the hood, so these do get zeroed */ - ASSERT_ALLOC(a, bytes); - ASSERT_ALLOC(b, bytes); - ASSERT_ALLOC(x, bytes); - ASSERT_ALLOC(r, bytes); + /* TEST_CALLOC_OR_FAIL() uses calloc() under the hood, so these do get zeroed */ + TEST_CALLOC_OR_FAIL(a, bytes); + TEST_CALLOC_OR_FAIL(b, bytes); + TEST_CALLOC_OR_FAIL(x, bytes); + TEST_CALLOC_OR_FAIL(r, bytes); /* Populate the arrays. As the mbedtls_mpi_uint[]s in mbedtls_mpis (and as * processed by mbedtls_mpi_core_sub()) are little endian, we can just - * copy what we have as long as MSBs are 0 (which they are from ASSERT_ALLOC()) + * copy what we have as long as MSBs are 0 (which they are from TEST_CALLOC_OR_FAIL()) */ memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint)); memcpy(b, B.p, B.n * sizeof(mbedtls_mpi_uint)); @@ -759,13 +759,13 @@ void mpi_core_mla(char *input_A, char *input_B, char *input_S, /* Now let's get arrays of mbedtls_mpi_uints, rather than MPI structures */ - /* ASSERT_ALLOC() uses calloc() under the hood, so these do get zeroed */ - ASSERT_ALLOC(a, bytes); - ASSERT_ALLOC(x, bytes); + /* TEST_CALLOC_OR_FAIL() uses calloc() under the hood, so these do get zeroed */ + TEST_CALLOC_OR_FAIL(a, bytes); + TEST_CALLOC_OR_FAIL(x, bytes); /* Populate the arrays. As the mbedtls_mpi_uint[]s in mbedtls_mpis (and as * processed by mbedtls_mpi_core_mla()) are little endian, we can just - * copy what we have as long as MSBs are 0 (which they are from ASSERT_ALLOC()). + * copy what we have as long as MSBs are 0 (which they are from TEST_CALLOC_OR_FAIL()). */ memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint)); memcpy(x, X->p, X->n * sizeof(mbedtls_mpi_uint)); @@ -1017,8 +1017,8 @@ void mpi_core_ct_uint_table_lookup(int bitlen, int window_size) mbedtls_mpi_uint *table = NULL; mbedtls_mpi_uint *dest = NULL; - ASSERT_ALLOC(table, limbs * count); - ASSERT_ALLOC(dest, limbs); + TEST_CALLOC_OR_FAIL(table, limbs * count); + TEST_CALLOC_OR_FAIL(dest, limbs); /* * Fill the table with a unique counter so that differences are easily @@ -1070,7 +1070,7 @@ void mpi_core_fill_random(int wanted_bytes_arg, int extra_rng_bytes, int ret; /* Prepare an RNG with known output, limited to rng_bytes. */ - ASSERT_ALLOC(rnd_data, rng_bytes); + TEST_CALLOC_OR_FAIL(rnd_data, rng_bytes); TEST_EQUAL(0, mbedtls_test_rnd_std_rand(NULL, rnd_data, rng_bytes)); rnd_info.buf = rnd_data; @@ -1078,7 +1078,7 @@ void mpi_core_fill_random(int wanted_bytes_arg, int extra_rng_bytes, * extra_limbs may be negative but the total limb count must be positive. * Fill the MPI with the byte value in before. */ TEST_LE_U(1, X_limbs); - ASSERT_ALLOC(X, X_limbs); + TEST_CALLOC_OR_FAIL(X, X_limbs); memset(X, before, X_limbs * sizeof(*X)); ret = mbedtls_mpi_core_fill_random(X, X_limbs, wanted_bytes, @@ -1128,14 +1128,14 @@ void mpi_core_mul(char *input_A, const size_t X_limbs = A_limbs + B_limbs; const size_t X_bytes = X_limbs * sizeof(mbedtls_mpi_uint); - ASSERT_ALLOC(X, X_limbs); + TEST_CALLOC_OR_FAIL(X, X_limbs); const size_t A_bytes = A_limbs * sizeof(mbedtls_mpi_uint); - ASSERT_ALLOC(A_orig, A_limbs); + TEST_CALLOC_OR_FAIL(A_orig, A_limbs); memcpy(A_orig, A, A_bytes); const size_t B_bytes = B_limbs * sizeof(mbedtls_mpi_uint); - ASSERT_ALLOC(B_orig, B_limbs); + TEST_CALLOC_OR_FAIL(B_orig, B_limbs); memcpy(B_orig, B, B_bytes); /* Set result to something that is unlikely to be correct */ @@ -1195,7 +1195,7 @@ void mpi_core_exp_mod(char *input_N, char *input_A, TEST_EQUAL(0, mbedtls_test_read_mpi_core(&E, &E_limbs, input_E)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &N_limbs, input_N)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X)); - ASSERT_ALLOC(Y, N_limbs); + TEST_CALLOC_OR_FAIL(Y, N_limbs); TEST_EQUAL(A_limbs, N_limbs); TEST_EQUAL(X_limbs, N_limbs); @@ -1227,7 +1227,7 @@ void mpi_core_exp_mod(char *input_N, char *input_A, TEST_LE_U(mbedtls_mpi_core_montmul_working_limbs(N_limbs), working_limbs); - ASSERT_ALLOC(T, working_limbs); + TEST_CALLOC_OR_FAIL(T, working_limbs); mbedtls_mpi_core_exp_mod(Y, A, N, N_limbs, E, E_limbs, R2, T); @@ -1277,7 +1277,7 @@ void mpi_core_sub_int(char *input_A, char *input_B, TEST_EQUAL(A_limbs, X_limbs); size_t limbs = A_limbs; - ASSERT_ALLOC(R, limbs); + TEST_CALLOC_OR_FAIL(R, limbs); #define TEST_COMPARE_CORE_MPIS(A, B, limbs) \ TEST_BUFFERS_EQUAL(A, (limbs) * sizeof(mbedtls_mpi_uint), B, (limbs) * sizeof(mbedtls_mpi_uint)) diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 8f0b6732a..1f2407827 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -123,7 +123,7 @@ void mpi_mod_mul(char *input_A, TEST_EQUAL(rB.limbs, limbs); TEST_EQUAL(rR.limbs, limbs); - ASSERT_ALLOC(X, limbs); + TEST_CALLOC_OR_FAIL(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0); @@ -206,7 +206,7 @@ void mpi_mod_mul_neg(char *input_A, const size_t limbs = m.limbs; - ASSERT_ALLOC(X, limbs); + TEST_CALLOC_OR_FAIL(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0); rX.limbs = rR.limbs; @@ -259,7 +259,7 @@ void mpi_mod_sub(char *input_N, if (expected_ret == 0) { /* Negative test with too many limbs in output */ - ASSERT_ALLOC(X_raw, limbs + 1); + TEST_CALLOC_OR_FAIL(X_raw, limbs + 1); x.p = X_raw; x.limbs = limbs + 1; @@ -271,7 +271,7 @@ void mpi_mod_sub(char *input_N, /* Negative test with too few limbs in output */ if (limbs > 1) { - ASSERT_ALLOC(X_raw, limbs - 1); + TEST_CALLOC_OR_FAIL(X_raw, limbs - 1); x.p = X_raw; x.limbs = limbs - 1; @@ -286,7 +286,7 @@ void mpi_mod_sub(char *input_N, * manually-written test cases with expected_ret != 0. */ } - ASSERT_ALLOC(X_raw, limbs); + TEST_CALLOC_OR_FAIL(X_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &m, X_raw, limbs)); @@ -358,7 +358,7 @@ void mpi_mod_inv_mont(char *input_N, size_t limbs = N.limbs; size_t bytes = limbs * sizeof(*X_raw); - ASSERT_ALLOC(X_raw, limbs); + TEST_CALLOC_OR_FAIL(X_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &N, X_raw, limbs)); @@ -408,7 +408,7 @@ void mpi_mod_inv_non_mont(char *input_N, size_t limbs = N.limbs; size_t bytes = limbs * sizeof(*X_raw); - ASSERT_ALLOC(X_raw, limbs); + TEST_CALLOC_OR_FAIL(X_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &N, X_raw, limbs)); @@ -462,7 +462,7 @@ void mpi_mod_add(char *input_N, if (expected_ret == 0) { /* Negative test with too many limbs in output */ - ASSERT_ALLOC(X_raw, limbs + 1); + TEST_CALLOC_OR_FAIL(X_raw, limbs + 1); x.p = X_raw; x.limbs = limbs + 1; @@ -474,7 +474,7 @@ void mpi_mod_add(char *input_N, /* Negative test with too few limbs in output */ if (limbs > 1) { - ASSERT_ALLOC(X_raw, limbs - 1); + TEST_CALLOC_OR_FAIL(X_raw, limbs - 1); x.p = X_raw; x.limbs = limbs - 1; @@ -490,7 +490,7 @@ void mpi_mod_add(char *input_N, } /* Allocate correct number of limbs for X_raw */ - ASSERT_ALLOC(X_raw, limbs); + TEST_CALLOC_OR_FAIL(X_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &m, X_raw, limbs)); @@ -582,7 +582,7 @@ void mpi_mod_io_neg(char *input_N, data_t *buf, int ret) size_t n_limbs; TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N)); size_t r_limbs = n_limbs; - ASSERT_ALLOC(R, r_limbs); + TEST_CALLOC_OR_FAIL(R, r_limbs); /* modulus->p == NULL || residue->p == NULL ( m has not been set-up ) */ TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, @@ -658,8 +658,8 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian) a_bytes = input_A->len; /* Allocate the memory for intermediate data structures */ - ASSERT_ALLOC(R, n_bytes); - ASSERT_ALLOC(R_COPY, n_bytes); + TEST_CALLOC_OR_FAIL(R, n_bytes); + TEST_CALLOC_OR_FAIL(R_COPY, n_bytes); /* Test that input's size is not greater to modulo's */ TEST_LE_U(a_bytes, n_bytes); @@ -698,14 +698,14 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian) obuf_sizes[2] = a_bytes + 8; for (size_t i = 0; i < obuf_sizes_len; i++) { - ASSERT_ALLOC(obuf, obuf_sizes[i]); + TEST_CALLOC_OR_FAIL(obuf, obuf_sizes[i]); TEST_EQUAL(0, mbedtls_mpi_mod_write(&r, &m, obuf, obuf_sizes[i], endian)); /* Make sure that writing didn't corrupt the value of r */ TEST_BUFFERS_EQUAL(r.p, r.limbs, r_copy.p, r_copy.limbs); /* Set up reference output for checking the result */ - ASSERT_ALLOC(ref_buf, obuf_sizes[i]); + TEST_CALLOC_OR_FAIL(ref_buf, obuf_sizes[i]); switch (endian) { case MBEDTLS_MPI_MOD_EXT_REP_LE: memcpy(ref_buf, input_A->x, a_bytes_trimmed); diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index ec4a7b5cf..3f13cc263 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -133,7 +133,7 @@ void mpi_mod_raw_cond_assign(char *input_X, TEST_EQUAL(limbs_X, limbs_Y); TEST_ASSERT(copy_limbs <= limbs); - ASSERT_ALLOC(buff_m, copy_limbs); + TEST_CALLOC_OR_FAIL(buff_m, copy_limbs); memset(buff_m, 0xFF, copy_limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( &m, buff_m, copy_limbs), 0); @@ -203,15 +203,15 @@ void mpi_mod_raw_cond_swap(char *input_X, TEST_EQUAL(limbs_X, limbs_Y); TEST_ASSERT(copy_limbs <= limbs); - ASSERT_ALLOC(buff_m, copy_limbs); + TEST_CALLOC_OR_FAIL(buff_m, copy_limbs); memset(buff_m, 0xFF, copy_limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( &m, buff_m, copy_limbs), 0); - ASSERT_ALLOC(X, limbs); + TEST_CALLOC_OR_FAIL(X, limbs); memcpy(X, tmp_X, bytes); - ASSERT_ALLOC(Y, bytes); + TEST_CALLOC_OR_FAIL(Y, bytes); memcpy(Y, tmp_Y, bytes); /* condition is false */ @@ -291,7 +291,7 @@ void mpi_mod_raw_sub(char *input_A, TEST_EQUAL(limbs_B, limbs); TEST_EQUAL(limbs_res, limbs); - ASSERT_ALLOC(X, limbs); + TEST_CALLOC_OR_FAIL(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( &m, N, limbs), 0); @@ -356,7 +356,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N, TEST_EQUAL(limbs_X, limbs); TEST_EQUAL(limbs_res, limbs); - ASSERT_ALLOC(tmp, limbs); + TEST_CALLOC_OR_FAIL(tmp, limbs); memcpy(tmp, X, bytes); /* Check that 0 <= X < 2N */ @@ -411,13 +411,13 @@ void mpi_mod_raw_mul(char *input_A, TEST_EQUAL(limbs_B, limbs); TEST_EQUAL(limbs_R, limbs); - ASSERT_ALLOC(X, limbs); + TEST_CALLOC_OR_FAIL(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( &m, N, limbs), 0); const size_t limbs_T = limbs * 2 + 1; - ASSERT_ALLOC(T, limbs_T); + TEST_CALLOC_OR_FAIL(T, limbs_T); mbedtls_mpi_mod_raw_mul(X, A, B, &m, T); TEST_BUFFERS_EQUAL(X, bytes, R, bytes); @@ -489,7 +489,7 @@ void mpi_mod_raw_inv_prime(char *input_N, char *input_A, char *input_X) TEST_EQUAL(0, mbedtls_test_read_mpi_core(&A, &A_limbs, input_A)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &N_limbs, input_N)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X)); - ASSERT_ALLOC(Y, N_limbs); + TEST_CALLOC_OR_FAIL(Y, N_limbs); TEST_EQUAL(A_limbs, N_limbs); TEST_EQUAL(X_limbs, N_limbs); @@ -519,7 +519,7 @@ void mpi_mod_raw_inv_prime(char *input_N, char *input_A, char *input_X) TEST_LE_U(mbedtls_mpi_core_montmul_working_limbs(N_limbs), working_limbs); - ASSERT_ALLOC(T, working_limbs); + TEST_CALLOC_OR_FAIL(T, working_limbs); mbedtls_mpi_mod_raw_inv_prime(Y, A, N, N_limbs, R2, T); @@ -571,7 +571,7 @@ void mpi_mod_raw_add(char *input_N, TEST_EQUAL(B_limbs, limbs); TEST_EQUAL(S_limbs, limbs); - ASSERT_ALLOC(X, limbs); + TEST_CALLOC_OR_FAIL(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( &m, N, limbs), 0); @@ -718,8 +718,8 @@ void mpi_mod_raw_to_mont_rep(char *input_N, char *input_A, char *input_X) /* It has separate output, and requires temporary working storage */ size_t temp_limbs = mbedtls_mpi_core_montmul_working_limbs(limbs); - ASSERT_ALLOC(T, temp_limbs); - ASSERT_ALLOC(R, limbs); + TEST_CALLOC_OR_FAIL(T, temp_limbs); + TEST_CALLOC_OR_FAIL(R, limbs); mbedtls_mpi_core_to_mont_rep(R, A, N, n_limbs, m.rep.mont.mm, m.rep.mont.rr, T); /* Test that the low-level function gives the required value */ @@ -782,8 +782,8 @@ void mpi_mod_raw_from_mont_rep(char *input_N, char *input_A, char *input_X) /* It has separate output, and requires temporary working storage */ size_t temp_limbs = mbedtls_mpi_core_montmul_working_limbs(limbs); - ASSERT_ALLOC(T, temp_limbs); - ASSERT_ALLOC(R, limbs); + TEST_CALLOC_OR_FAIL(T, temp_limbs); + TEST_CALLOC_OR_FAIL(R, limbs); mbedtls_mpi_core_from_mont_rep(R, A, N, n_limbs, m.rep.mont.mm, T); /* Test that the low-level function gives the required value */ @@ -834,8 +834,8 @@ void mpi_mod_raw_neg(char *input_N, char *input_A, char *input_X) TEST_EQUAL(x_limbs, n_limbs); bytes = n_limbs * sizeof(mbedtls_mpi_uint); - ASSERT_ALLOC(R, n_limbs); - ASSERT_ALLOC(Z, n_limbs); + TEST_CALLOC_OR_FAIL(R, n_limbs); + TEST_CALLOC_OR_FAIL(Z, n_limbs); TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); diff --git a/tests/suites/test_suite_bignum_random.function b/tests/suites/test_suite_bignum_random.function index c7d277f95..534fdb8e6 100644 --- a/tests/suites/test_suite_bignum_random.function +++ b/tests/suites/test_suite_bignum_random.function @@ -124,9 +124,9 @@ void mpi_core_random_basic(int min, char *bound_bytes, int expected_ret) TEST_EQUAL(0, mbedtls_test_read_mpi_core(&upper_bound, &limbs, bound_bytes)); - ASSERT_ALLOC(lower_bound, limbs); + TEST_CALLOC_OR_FAIL(lower_bound, limbs); lower_bound[0] = min; - ASSERT_ALLOC(result, limbs); + TEST_CALLOC_OR_FAIL(result, limbs); TEST_EQUAL(expected_ret, mbedtls_mpi_core_random(result, min, upper_bound, limbs, @@ -159,7 +159,7 @@ void mpi_legacy_random_values(int min, char *max_hex) TEST_EQUAL(0, mbedtls_test_read_mpi(&max_legacy, max_hex)); size_t limbs = max_legacy.n; - ASSERT_ALLOC(R_core, limbs); + TEST_CALLOC_OR_FAIL(R_core, limbs); /* Call the legacy function and the core function with the same random * stream. */ @@ -209,9 +209,9 @@ void mpi_mod_random_values(int min, char *max_hex, int rep) mbedtls_mpi_mod_modulus_init(&N); TEST_EQUAL(mbedtls_test_read_mpi_modulus(&N, max_hex, rep), 0); - ASSERT_ALLOC(R_core, N.limbs); - ASSERT_ALLOC(R_mod_raw, N.limbs); - ASSERT_ALLOC(R_mod_digits, N.limbs); + TEST_CALLOC_OR_FAIL(R_core, N.limbs); + TEST_CALLOC_OR_FAIL(R_mod_raw, N.limbs); + TEST_CALLOC_OR_FAIL(R_mod_digits, N.limbs); TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&R_mod, &N, R_mod_digits, N.limbs), 0); @@ -287,7 +287,7 @@ void mpi_random_many(int min, char *bound_hex, int iterations) TEST_EQUAL(0, mbedtls_test_read_mpi_core(&upper_bound, &limbs, bound_hex)); - ASSERT_ALLOC(result, limbs); + TEST_CALLOC_OR_FAIL(result, limbs); n_bits = mbedtls_mpi_core_bitlen(upper_bound, limbs); /* Consider a bound "small" if it's less than 2^5. This value is chosen @@ -302,7 +302,7 @@ void mpi_random_many(int min, char *bound_hex, int iterations) full_stats = 0; stats_len = n_bits; } - ASSERT_ALLOC(stats, stats_len); + TEST_CALLOC_OR_FAIL(stats, stats_len); for (i = 0; i < (size_t) iterations; i++) { mbedtls_test_set_step(i); @@ -340,7 +340,7 @@ void mpi_random_many(int min, char *bound_hex, int iterations) } } else { bound_bytes.len = limbs * sizeof(mbedtls_mpi_uint); - ASSERT_ALLOC(bound_bytes.x, bound_bytes.len); + TEST_CALLOC_OR_FAIL(bound_bytes.x, bound_bytes.len); mbedtls_mpi_core_write_be(upper_bound, limbs, bound_bytes.x, bound_bytes.len); int statistically_safe_all_the_way = @@ -416,7 +416,7 @@ void mpi_mod_random_validation(int min, char *bound_hex, MBEDTLS_MPI_MOD_REP_OPT_RED), 0); size_t result_limbs = N.limbs + result_limbs_delta; - ASSERT_ALLOC(result_digits, result_limbs); + TEST_CALLOC_OR_FAIL(result_digits, result_limbs); /* Build a reside that might not match the modulus, to test that * the library function rejects that as expected. */ mbedtls_mpi_mod_residue result = { result_digits, result_limbs }; diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 0da923fdd..482c6f6a0 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -32,7 +32,7 @@ static int check_multipart(mbedtls_ccm_context *ctx, /* Allocate a tight buffer for each update call. This way, if the function * tries to write beyond the advertised required buffer size, this will * count as an overflow for memory sanitizers and static checkers. */ - ASSERT_ALLOC(output, n1); + TEST_CALLOC_OR_FAIL(output, n1); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen)); TEST_EQUAL(n1, olen); @@ -40,7 +40,7 @@ static int check_multipart(mbedtls_ccm_context *ctx, mbedtls_free(output); output = NULL; - ASSERT_ALLOC(output, n2); + TEST_CALLOC_OR_FAIL(output, n2); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen)); TEST_EQUAL(n2, olen); @@ -48,7 +48,7 @@ static int check_multipart(mbedtls_ccm_context *ctx, mbedtls_free(output); output = NULL; - ASSERT_ALLOC(output, tag->len); + TEST_CALLOC_OR_FAIL(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len)); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); mbedtls_free(output); @@ -190,13 +190,13 @@ void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key, const uint8_t *expected_tag = result->x + msg->len; /* Prepare input/output message buffer */ - ASSERT_ALLOC(io_msg_buf, msg->len); + TEST_CALLOC_OR_FAIL(io_msg_buf, msg->len); if (msg->len != 0) { memcpy(io_msg_buf, msg->x, msg->len); } /* Prepare tag buffer */ - ASSERT_ALLOC(tag_buf, expected_tag_len); + TEST_CALLOC_OR_FAIL(tag_buf, expected_tag_len); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); @@ -246,7 +246,7 @@ void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key, TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0)); - ASSERT_ALLOC(output, msg->len); + TEST_CALLOC_OR_FAIL(output, msg->len); TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); TEST_EQUAL(result->len, olen); TEST_BUFFERS_EQUAL(output, olen, result->x, result->len); @@ -272,7 +272,7 @@ void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key, /* Prepare input/output message buffer */ uint8_t *io_msg_buf = NULL; - ASSERT_ALLOC(io_msg_buf, expected_msg_len); + TEST_CALLOC_OR_FAIL(io_msg_buf, expected_msg_len); if (expected_msg_len) { memcpy(io_msg_buf, msg->x, expected_msg_len); } @@ -344,16 +344,16 @@ void mbedtls_ccm_star_encrypt_and_tag(int cipher_id, } /* Prepare input/output message buffer */ - ASSERT_ALLOC(io_msg_buf, msg->len); + TEST_CALLOC_OR_FAIL(io_msg_buf, msg->len); if (msg->len) { memcpy(io_msg_buf, msg->x, msg->len); } /* Prepare tag buffer */ if (expected_tag_len == 0) { - ASSERT_ALLOC(tag_buf, 16); + TEST_CALLOC_OR_FAIL(tag_buf, 16); } else { - ASSERT_ALLOC(tag_buf, expected_tag_len); + TEST_CALLOC_OR_FAIL(tag_buf, expected_tag_len); } /* Calculate iv */ @@ -429,7 +429,7 @@ void mbedtls_ccm_star_auth_decrypt(int cipher_id, /* Prepare input/output message buffer */ uint8_t *io_msg_buf = NULL; - ASSERT_ALLOC(io_msg_buf, expected_msg_len); + TEST_CALLOC_OR_FAIL(io_msg_buf, expected_msg_len); if (expected_msg_len) { memcpy(io_msg_buf, msg->x, expected_msg_len); } @@ -500,7 +500,7 @@ void mbedtls_ccm_skip_ad(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len)); - ASSERT_ALLOC(output, result->len); + TEST_CALLOC_OR_FAIL(output, result->len); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen)); TEST_EQUAL(result->len, olen); @@ -508,7 +508,7 @@ void mbedtls_ccm_skip_ad(int cipher_id, int mode, mbedtls_free(output); output = NULL; - ASSERT_ALLOC(output, tag->len); + TEST_CALLOC_OR_FAIL(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); mbedtls_free(output); @@ -536,7 +536,7 @@ void mbedtls_ccm_skip_update(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - ASSERT_ALLOC(output, tag->len); + TEST_CALLOC_OR_FAIL(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); mbedtls_free(output); @@ -607,7 +607,7 @@ void mbedtls_ccm_unexpected_text(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - ASSERT_ALLOC(output, msg->len); + TEST_CALLOC_OR_FAIL(output, msg->len); olen = 0xdeadbeef; TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); @@ -633,7 +633,7 @@ void mbedtls_ccm_incomplete_ad(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1)); - ASSERT_ALLOC(output, 16); + TEST_CALLOC_OR_FAIL(output, 16); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); exit: @@ -713,7 +713,7 @@ void mbedtls_ccm_overflow_update(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - ASSERT_ALLOC(output, msg->len); + TEST_CALLOC_OR_FAIL(output, msg->len); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); exit: @@ -740,13 +740,13 @@ void mbedtls_ccm_incomplete_update(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - ASSERT_ALLOC(output, msg->len); + TEST_CALLOC_OR_FAIL(output, msg->len); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen)); mbedtls_free(output); output = NULL; - ASSERT_ALLOC(output, 16); + TEST_CALLOC_OR_FAIL(output, 16); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); exit: @@ -774,7 +774,7 @@ void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - ASSERT_ALLOC(output, msg->len); + TEST_CALLOC_OR_FAIL(output, msg->len); // pass full text TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); // pass 1 extra byte @@ -809,7 +809,7 @@ void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - ASSERT_ALLOC(output, msg->len + 1); + TEST_CALLOC_OR_FAIL(output, msg->len + 1); // pass incomplete text TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen)); // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) @@ -836,7 +836,7 @@ void mbedtls_ccm_instant_finish(int cipher_id, int mode, // They are not a part of this test TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16)); - ASSERT_ALLOC(output, 16); + TEST_CALLOC_OR_FAIL(output, 16); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); exit: diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index b9675fbed..54ee2ea11 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -583,7 +583,7 @@ void dec_empty_buf(int cipher, iv_len = 12; } - ASSERT_ALLOC(iv, iv_len); + TEST_CALLOC_OR_FAIL(iv, iv_len); memset(iv, 0, iv_len); TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info)); @@ -905,7 +905,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, * (we need the tag appended to the ciphertext) */ cipher_plus_tag_len = cipher->len + tag->len; - ASSERT_ALLOC(cipher_plus_tag, cipher_plus_tag_len); + TEST_CALLOC_OR_FAIL(cipher_plus_tag, cipher_plus_tag_len); memcpy(cipher_plus_tag, cipher->x, cipher->len); memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len); @@ -923,7 +923,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, * Try decrypting to a buffer that's 1B too small */ if (decrypt_buf_len != 0) { - ASSERT_ALLOC(decrypt_buf, decrypt_buf_len - 1); + TEST_CALLOC_OR_FAIL(decrypt_buf, decrypt_buf_len - 1); outlen = 0; ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, @@ -938,7 +938,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, /* * Authenticate and decrypt, and check result */ - ASSERT_ALLOC(decrypt_buf, decrypt_buf_len); + TEST_CALLOC_OR_FAIL(decrypt_buf, decrypt_buf_len); outlen = 0; ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, @@ -981,7 +981,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, /* * Try encrypting with an output buffer that's 1B too small */ - ASSERT_ALLOC(encrypt_buf, encrypt_buf_len - 1); + TEST_CALLOC_OR_FAIL(encrypt_buf, encrypt_buf_len - 1); outlen = 0; ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, @@ -995,7 +995,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, /* * Encrypt and check the result */ - ASSERT_ALLOC(encrypt_buf, encrypt_buf_len); + TEST_CALLOC_OR_FAIL(encrypt_buf, encrypt_buf_len); outlen = 0; ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, diff --git a/tests/suites/test_suite_common.function b/tests/suites/test_suite_common.function index 5fd64066d..e8c5c6965 100644 --- a/tests/suites/test_suite_common.function +++ b/tests/suites/test_suite_common.function @@ -17,10 +17,10 @@ void mbedtls_xor(int len) { size_t n = (size_t) len; unsigned char *a = NULL, *b = NULL, *r1 = NULL, *r2 = NULL; - ASSERT_ALLOC(a, n + 1); - ASSERT_ALLOC(b, n + 1); - ASSERT_ALLOC(r1, n + 1); - ASSERT_ALLOC(r2, n + 1); + TEST_CALLOC_OR_FAIL(a, n + 1); + TEST_CALLOC_OR_FAIL(b, n + 1); + TEST_CALLOC_OR_FAIL(r1, n + 1); + TEST_CALLOC_OR_FAIL(r2, n + 1); /* Test non-overlapping */ fill_arrays(a, b, r1, r2, n); diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index 9802d9976..074be3103 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -29,8 +29,8 @@ void mbedtls_ct_memcmp_null() void mbedtls_ct_memcmp(int same, int size, int offset) { uint8_t *a = NULL, *b = NULL; - ASSERT_ALLOC(a, size + offset); - ASSERT_ALLOC(b, size + offset); + TEST_CALLOC_OR_FAIL(a, size + offset); + TEST_CALLOC_OR_FAIL(b, size + offset); TEST_CF_SECRET(a + offset, size); TEST_CF_SECRET(b + offset, size); @@ -70,9 +70,9 @@ exit: void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset) { uint8_t *src = NULL, *result = NULL, *expected = NULL; - ASSERT_ALLOC(src, size + offset); - ASSERT_ALLOC(result, size + offset); - ASSERT_ALLOC(expected, size + offset); + TEST_CALLOC_OR_FAIL(src, size + offset); + TEST_CALLOC_OR_FAIL(result, size + offset); + TEST_CALLOC_OR_FAIL(expected, size + offset); for (int i = 0; i < size + offset; i++) { src[i] = 1; @@ -125,8 +125,8 @@ void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len) size_t src_len = offset_max + len; size_t secret; - ASSERT_ALLOC(dst, len); - ASSERT_ALLOC(src, src_len); + TEST_CALLOC_OR_FAIL(dst, len); + TEST_CALLOC_OR_FAIL(src, src_len); /* Fill src in a way that we can detect if we copied the right bytes */ mbedtls_test_rnd_std_rand(NULL, src, src_len); diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 8e8839f9b..b51128f79 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -58,7 +58,7 @@ void ssl_cf_hmac(int hash) #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Use allocated out buffer to catch overwrites */ - ASSERT_ALLOC(out, out_len); + TEST_CALLOC_OR_FAIL(out, out_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Set up dummy key */ @@ -85,7 +85,7 @@ void ssl_cf_hmac(int hash) mbedtls_test_set_step(max_in_len * 10000); /* Use allocated in buffer to catch overreads */ - ASSERT_ALLOC(data, max_in_len); + TEST_CALLOC_OR_FAIL(data, max_in_len); min_in_len = max_in_len > 255 ? max_in_len - 255 : 0; for (in_len = min_in_len; in_len <= max_in_len; in_len++) { diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 100572f85..f530774b8 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1101,7 +1101,7 @@ void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected) rnd_info.fallback_f_rng = NULL; rnd_info.fallback_p_rng = NULL; - ASSERT_ALLOC(actual, expected->len); + TEST_CALLOC_OR_FAIL(actual, expected->len); ret = mbedtls_ecp_gen_privkey_mx(bits, &d, mbedtls_test_rnd_buffer_rand, &rnd_info); @@ -1456,10 +1456,10 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype) /* Test for limb sizes */ TEST_EQUAL(m.limbs, limbs); - ASSERT_ALLOC(A_inverse, limbs); + TEST_CALLOC_OR_FAIL(A_inverse, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA_inverse, &m, A_inverse, limbs)); - ASSERT_ALLOC(rX_raw, limbs); + TEST_CALLOC_OR_FAIL(rX_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); /* Get inverse of A mode m, and multiply it with itself, @@ -1467,7 +1467,7 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype) TEST_EQUAL(0, mbedtls_mpi_mod_inv(&rA_inverse, &rA, &m)); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA_inverse, &m), 0); - ASSERT_ALLOC(bufx, limbs); + TEST_CALLOC_OR_FAIL(bufx, limbs); TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx, limbs * ciL, MBEDTLS_MPI_MOD_EXT_REP_LE), 0); @@ -1515,7 +1515,7 @@ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype) TEST_EQUAL(m.limbs, p_A_limbs); bytes = p_A_limbs * ciL; - ASSERT_ALLOC(p_S, p_A_limbs); + TEST_CALLOC_OR_FAIL(p_S, p_A_limbs); TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rA, &m, p_A, p_A_limbs), 0); TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rB, &m, p_B, p_B_limbs), 0); @@ -1562,11 +1562,11 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) /* Test for limb sizes */ TEST_EQUAL(m.limbs, limbs); - ASSERT_ALLOC(rX_raw, limbs); + TEST_CALLOC_OR_FAIL(rX_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); bytes = limbs * ciL; - ASSERT_ALLOC(bufx, limbs); + TEST_CALLOC_OR_FAIL(bufx, limbs); /* Write source mod residue to a buffer, then read it back to * the destination mod residue, compare the two mod residues. * Firstly test little endian write and read */ @@ -1616,7 +1616,7 @@ void ecp_mod_random(int id, int ctype) limbs = m.limbs; - ASSERT_ALLOC(rX_raw, limbs); + TEST_CALLOC_OR_FAIL(rX_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); TEST_EQUAL(0, mbedtls_mpi_mod_random(&rX, 1, &m, diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 532743187..ea72b872d 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -33,7 +33,7 @@ static int check_multipart(mbedtls_gcm_context *ctx, /* Allocate a tight buffer for each update call. This way, if the function * tries to write beyond the advertised required buffer size, this will * count as an overflow for memory sanitizers and static checkers. */ - ASSERT_ALLOC(output, n1); + TEST_CALLOC_OR_FAIL(output, n1); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, n1, output, n1, &olen)); TEST_EQUAL(n1, olen); @@ -41,7 +41,7 @@ static int check_multipart(mbedtls_gcm_context *ctx, mbedtls_free(output); output = NULL; - ASSERT_ALLOC(output, n2); + TEST_CALLOC_OR_FAIL(output, n2); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x + n1, n2, output, n2, &olen)); TEST_EQUAL(n2, olen); @@ -49,7 +49,7 @@ static int check_multipart(mbedtls_gcm_context *ctx, mbedtls_free(output); output = NULL; - ASSERT_ALLOC(output, tag->len); + TEST_CALLOC_OR_FAIL(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); @@ -87,7 +87,7 @@ static void check_cipher_with_empty_ad(mbedtls_gcm_context *ctx, /* Allocate a tight buffer for each update call. This way, if the function * tries to write beyond the advertised required buffer size, this will * count as an overflow for memory sanitizers and static checkers. */ - ASSERT_ALLOC(output, input->len); + TEST_CALLOC_OR_FAIL(output, input->len); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, input->len, output, input->len, &olen)); TEST_EQUAL(input->len, olen); @@ -95,7 +95,7 @@ static void check_cipher_with_empty_ad(mbedtls_gcm_context *ctx, mbedtls_free(output); output = NULL; - ASSERT_ALLOC(output, tag->len); + TEST_CALLOC_OR_FAIL(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); @@ -124,7 +124,7 @@ static void check_empty_cipher_with_ad(mbedtls_gcm_context *ctx, TEST_EQUAL(0, olen); } - ASSERT_ALLOC(output_tag, tag->len); + TEST_CALLOC_OR_FAIL(output_tag, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output_tag, tag->len)); TEST_EQUAL(0, olen); @@ -144,7 +144,7 @@ static void check_no_cipher_no_ad(mbedtls_gcm_context *ctx, TEST_EQUAL(0, mbedtls_gcm_starts(ctx, mode, iv->x, iv->len)); - ASSERT_ALLOC(output, tag->len); + TEST_CALLOC_OR_FAIL(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); @@ -448,7 +448,7 @@ void gcm_update_output_buffer_too_small(int cipher_id, int mode, TEST_EQUAL(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8), 0); TEST_EQUAL(0, mbedtls_gcm_starts(&ctx, mode, iv->x, iv->len)); - ASSERT_ALLOC(output, output_len); + TEST_CALLOC_OR_FAIL(output, output_len); TEST_EQUAL(MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL, mbedtls_gcm_update(&ctx, input->x, input->len, output, output_len, &olen)); diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index dda0c0255..cbca94bd5 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -50,7 +50,7 @@ void test_hkdf_extract(int md_alg, TEST_ASSERT(md != NULL); output_prk_len = mbedtls_md_get_size(md); - ASSERT_ALLOC(output_prk, output_prk_len); + TEST_CALLOC_OR_FAIL(output_prk, output_prk_len); ret = mbedtls_hkdf_extract(md, salt->x, salt->len, ikm->x, ikm->len, output_prk); @@ -79,7 +79,7 @@ void test_hkdf_expand(int md_alg, const mbedtls_md_info_t *md = mbedtls_md_info_from_type(md_alg); TEST_ASSERT(md != NULL); - ASSERT_ALLOC(output_okm, OKM_LEN); + TEST_CALLOC_OR_FAIL(output_okm, OKM_LEN); TEST_ASSERT(prk->len == mbedtls_md_get_size(md)); TEST_ASSERT(okm->len < OKM_LEN); @@ -110,7 +110,7 @@ void test_hkdf_extract_ret(int hash_len, int ret) fake_md_info.type = MBEDTLS_MD_NONE; fake_md_info.size = hash_len; - ASSERT_ALLOC(prk, MBEDTLS_MD_MAX_SIZE); + TEST_CALLOC_OR_FAIL(prk, MBEDTLS_MD_MAX_SIZE); salt_len = 0; ikm_len = 0; @@ -140,11 +140,11 @@ void test_hkdf_expand_ret(int hash_len, int prk_len, int okm_len, int ret) info_len = 0; if (prk_len > 0) { - ASSERT_ALLOC(prk, prk_len); + TEST_CALLOC_OR_FAIL(prk, prk_len); } if (okm_len > 0) { - ASSERT_ALLOC(okm, okm_len); + TEST_CALLOC_OR_FAIL(okm, okm_len); } output_ret = mbedtls_hkdf_expand(&fake_md_info, prk, prk_len, diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function index c4abdcbe4..ece42a2a1 100644 --- a/tests/suites/test_suite_lmots.function +++ b/tests/suites/test_suite_lmots.function @@ -122,7 +122,7 @@ void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key, continue; } - ASSERT_ALLOC(tmp_sig, size); + TEST_CALLOC_OR_FAIL(tmp_sig, size); if (tmp_sig != NULL) { memcpy(tmp_sig, sig->x, MIN(size, sig->len)); } @@ -154,7 +154,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) if (expected_import_rc == 0) { exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8); - ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, @@ -169,7 +169,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) /* Export into too-small buffer should fail */ exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) - 1; - ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, NULL), MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL); @@ -178,7 +178,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) /* Export into too-large buffer should succeed */ exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) + 1; - ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, &exported_pub_key_size), diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function index b975c2672..211e4664f 100644 --- a/tests/suites/test_suite_lms.function +++ b/tests/suites/test_suite_lms.function @@ -124,7 +124,7 @@ void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key, continue; } - ASSERT_ALLOC(tmp_sig, size); + TEST_CALLOC_OR_FAIL(tmp_sig, size); if (tmp_sig != NULL) { memcpy(tmp_sig, sig->x, MIN(size, sig->len)); } @@ -156,7 +156,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) if (expected_import_rc == 0) { exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10); - ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, @@ -171,7 +171,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) /* Export into too-small buffer should fail */ exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10) - 1; - ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, NULL), MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL); @@ -180,7 +180,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) /* Export into too-large buffer should succeed */ exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10) + 1; - ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, &exported_pub_key_size), diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function index 9dfb83b40..a16a34de9 100644 --- a/tests/suites/test_suite_mps.function +++ b/tests/suites/test_suite_mps.function @@ -844,15 +844,15 @@ void mbedtls_mps_reader_random_usage(int num_out_chunks, mbedtls_mps_reader rd; if (acc_size > 0) { - ASSERT_ALLOC(acc, acc_size); + TEST_CALLOC_OR_FAIL(acc, acc_size); } /* This probably needs to be changed because we want * our tests to be deterministic. */ // srand( time( NULL ) ); - ASSERT_ALLOC(outgoing, num_out_chunks * max_chunk_size); - ASSERT_ALLOC(incoming, num_out_chunks * max_chunk_size); + TEST_CALLOC_OR_FAIL(outgoing, num_out_chunks * max_chunk_size); + TEST_CALLOC_OR_FAIL(incoming, num_out_chunks * max_chunk_size); mbedtls_mps_reader_init(&rd, acc, acc_size); @@ -884,7 +884,7 @@ void mbedtls_mps_reader_random_usage(int num_out_chunks, } tmp_size = (rand() % max_chunk_size) + 1; - ASSERT_ALLOC(tmp, tmp_size); + TEST_CALLOC_OR_FAIL(tmp, tmp_size); TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, tmp, tmp_size) == 0); ret = mbedtls_mps_reader_feed(&rd, tmp, tmp_size); diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function index 98259eb37..5dd057004 100644 --- a/tests/suites/test_suite_pkcs12.function +++ b/tests/suites/test_suite_pkcs12.function @@ -44,7 +44,7 @@ void pkcs12_derive_key(int md_type, int key_size_arg, salt_len = salt_arg->len; - ASSERT_ALLOC(output_data, key_size); + TEST_CALLOC_OR_FAIL(output_data, key_size); int ret = mbedtls_pkcs12_derivation(output_data, key_size, diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 35855225b..28d54c957 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -85,8 +85,8 @@ void pkcs7_verify(char *pkcs7_file, } } - ASSERT_ALLOC(crts, n_crts); - ASSERT_ALLOC(crt_files_arr, n_crts); + TEST_CALLOC_OR_FAIL(crts, n_crts); + TEST_CALLOC_OR_FAIL(crt_files_arr, n_crts); for (i = 0; i < strlen(crt_files); i++) { for (k = i; k < strlen(crt_files); k++) { @@ -94,7 +94,7 @@ void pkcs7_verify(char *pkcs7_file, break; } } - ASSERT_ALLOC(crt_files_arr[cnt], (k-i)+1); + TEST_CALLOC_OR_FAIL(crt_files_arr[cnt], (k-i)+1); crt_files_arr[cnt][k-i] = '\0'; memcpy(crt_files_arr[cnt++], crt_files + i, k-i); i = k; @@ -102,7 +102,7 @@ void pkcs7_verify(char *pkcs7_file, mbedtls_pkcs7_init(&pkcs7); for (i = 0; i < n_crts; i++) { - ASSERT_ALLOC(crts[i], 1); + TEST_CALLOC_OR_FAIL(crts[i], 1); mbedtls_x509_crt_init(crts[i]); } @@ -127,7 +127,7 @@ void pkcs7_verify(char *pkcs7_file, datalen = st.st_size; /* Special-case for zero-length input so that data will be non-NULL */ - ASSERT_ALLOC(data, datalen == 0 ? 1 : datalen); + TEST_CALLOC_OR_FAIL(data, datalen == 0 ? 1 : datalen); buflen = fread((void *) data, sizeof(unsigned char), datalen, file); TEST_EQUAL(buflen, datalen); @@ -135,7 +135,7 @@ void pkcs7_verify(char *pkcs7_file, if (do_hash_alg) { md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg); - ASSERT_ALLOC(hash, mbedtls_md_get_size(md_info)); + TEST_CALLOC_OR_FAIL(hash, mbedtls_md_get_size(md_info)); res = mbedtls_md(md_info, data, datalen, hash); TEST_EQUAL(res, 0); diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 649695171..813166e2d 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -169,7 +169,7 @@ void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output) mbedtls_test_rnd_std_rand, NULL), 0); output_key_len = input_key->len; - ASSERT_ALLOC(output_key, output_key_len); + TEST_CALLOC_OR_FAIL(output_key, output_key_len); /* output_key_len is updated with the real amount of data written to * output_key buffer. */ output_key_len = mbedtls_pk_write_key_der(&pk, output_key, output_key_len); diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 13a2727cd..784501da8 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -99,7 +99,7 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) } TEST_ASSERT(check_buf_len > 0); - ASSERT_ALLOC(buf, check_buf_len); + TEST_CALLOC_OR_FAIL(buf, check_buf_len); if (is_public_key) { TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0); @@ -185,7 +185,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) &pub_key_len), 0); derived_key_len = pub_key_len; - ASSERT_ALLOC(derived_key_raw, derived_key_len); + TEST_CALLOC_OR_FAIL(derived_key_raw, derived_key_len); TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, derived_key_len), pub_key_len); diff --git a/tests/suites/test_suite_platform_printf.function b/tests/suites/test_suite_platform_printf.function index e687eb1b7..14fa60436 100644 --- a/tests/suites/test_suite_platform_printf.function +++ b/tests/suites/test_suite_platform_printf.function @@ -32,7 +32,7 @@ void printf_int(char *format, /* any format expecting one int argument, e.g. "%d const size_t n = strlen(result); /* Nominal case: buffer just large enough */ - ASSERT_ALLOC(output, n + 1); + TEST_CALLOC_OR_FAIL(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, x)); TEST_BUFFERS_EQUAL(result, n + 1, output, n + 1); mbedtls_free(output); @@ -53,11 +53,11 @@ void printf_long_max(const char *format, /* "%lx" or longer type */ const size_t n = sizeof(value) * 2; /* We assume that long has no padding bits! */ - ASSERT_ALLOC(expected, n + 1); + TEST_CALLOC_OR_FAIL(expected, n + 1); expected[0] = '7'; memset(expected + 1, 'f', sizeof(value) * 2 - 1); - ASSERT_ALLOC(output, n + 1); + TEST_CALLOC_OR_FAIL(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, value)); TEST_BUFFERS_EQUAL(expected, n + 1, output, n + 1); mbedtls_free(output); @@ -77,7 +77,7 @@ void printf_char2(char *format, /* "%c%c" */ const size_t n = strlen(result); /* Nominal case: buffer just large enough */ - ASSERT_ALLOC(output, n + 1); + TEST_CALLOC_OR_FAIL(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, arg1, arg2)); TEST_BUFFERS_EQUAL(result, n + 1, output, n + 1); mbedtls_free(output); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 3d401b1eb..ef5312250 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -429,7 +429,7 @@ static int aead_multipart_internal_func(int key_type_arg, data_t *key_data, data_true_size = input_data->len - tag_length; } - ASSERT_ALLOC(output_data, output_size); + TEST_CALLOC_OR_FAIL(output_data, output_size); if (is_encrypt) { final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); @@ -439,7 +439,7 @@ static int aead_multipart_internal_func(int key_type_arg, data_t *key_data, TEST_LE_U(final_output_size, PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE); } - ASSERT_ALLOC(final_data, final_output_size); + TEST_CALLOC_OR_FAIL(final_data, final_output_size); if (is_encrypt) { status = psa_aead_encrypt_setup(&operation, key, alg); @@ -502,7 +502,7 @@ static int aead_multipart_internal_func(int key_type_arg, data_t *key_data, part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, (size_t) data_part_len); - ASSERT_ALLOC(part_data, part_data_size); + TEST_CALLOC_OR_FAIL(part_data, part_data_size); for (part_offset = 0, part_count = 0; part_offset < data_true_size; @@ -744,8 +744,8 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, psa_status_t expected_status = PSA_SUCCESS; psa_status_t status; - ASSERT_ALLOC(buffer0, buffer_length); - ASSERT_ALLOC(buffer1, buffer_length); + TEST_CALLOC_OR_FAIL(buffer0, buffer_length); + TEST_CALLOC_OR_FAIL(buffer1, buffer_length); switch (round) { case 1: @@ -1472,7 +1472,7 @@ void import_rsa_made_up(int bits_arg, int keypair, int expected_status_arg) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT(psa_crypto_init()); - ASSERT_ALLOC(buffer, buffer_size); + TEST_CALLOC_OR_FAIL(buffer, buffer_size); TEST_ASSERT((ret = construct_fake_rsa_key(buffer, buffer_size, &p, bits, keypair)) >= 0); @@ -1519,9 +1519,9 @@ void import_export(data_t *data, psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; export_size = (ptrdiff_t) data->len + export_size_delta; - ASSERT_ALLOC(exported, export_size); + TEST_CALLOC_OR_FAIL(exported, export_size); if (!canonical_input) { - ASSERT_ALLOC(reexported, export_size); + TEST_CALLOC_OR_FAIL(reexported, export_size); } PSA_ASSERT(psa_crypto_init()); @@ -1641,7 +1641,7 @@ void import_export_public_key(data_t *data, PSA_ASSERT(psa_import_key(&attributes, data->x, data->len, &key)); /* Export the public key */ - ASSERT_ALLOC(exported, export_size); + TEST_CALLOC_OR_FAIL(exported, export_size); status = psa_export_public_key(key, exported, export_size, &exported_length); @@ -1938,8 +1938,8 @@ void cipher_key_policy(int policy_usage_arg, output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, exercise_alg, input_buffer_size); - ASSERT_ALLOC(input, input_buffer_size); - ASSERT_ALLOC(output, output_buffer_size); + TEST_CALLOC_OR_FAIL(input, input_buffer_size); + TEST_CALLOC_OR_FAIL(output, output_buffer_size); PSA_ASSERT(psa_crypto_init()); @@ -2128,7 +2128,7 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, key_bits = psa_get_key_bits(&attributes); buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, exercise_alg); - ASSERT_ALLOC(buffer, buffer_length); + TEST_CALLOC_OR_FAIL(buffer, buffer_length); status = psa_asymmetric_encrypt(key, exercise_alg, NULL, 0, @@ -2498,7 +2498,7 @@ void copy_success(int source_usage_arg, psa_get_key_enrollment_algorithm(&target_attributes)); if (expected_usage & PSA_KEY_USAGE_EXPORT) { size_t length; - ASSERT_ALLOC(export_buffer, material->len); + TEST_CALLOC_OR_FAIL(export_buffer, material->len); PSA_ASSERT(psa_export_key(target_key, export_buffer, material->len, &length)); TEST_BUFFERS_EQUAL(material->x, material->len, @@ -2626,7 +2626,7 @@ void hash_setup(int alg_arg, /* Hash Setup, one-shot */ output_size = PSA_HASH_LENGTH(alg); - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); status = psa_hash_compute(alg, NULL, 0, output, output_size, &output_length); @@ -2669,7 +2669,7 @@ void hash_compute_fail(int alg_arg, data_t *input, psa_status_t expected_status = expected_status_arg; psa_status_t status; - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); PSA_ASSERT(psa_crypto_init()); @@ -3384,7 +3384,7 @@ void mac_sign(int key_type_arg, PSA_ERROR_BUFFER_TOO_SMALL); mbedtls_test_set_step(output_size); - ASSERT_ALLOC(actual_mac, output_size); + TEST_CALLOC_OR_FAIL(actual_mac, output_size); /* Calculate the MAC, one-shot case. */ TEST_EQUAL(psa_mac_compute(key, alg, @@ -3480,7 +3480,7 @@ void mac_verify(int key_type_arg, PSA_ERROR_INVALID_SIGNATURE); /* Test a MAC that's too long, one-shot case. */ - ASSERT_ALLOC(perturbed_mac, expected_mac->len + 1); + TEST_CALLOC_OR_FAIL(perturbed_mac, expected_mac->len + 1); memcpy(perturbed_mac, expected_mac->x, expected_mac->len); TEST_EQUAL(psa_mac_verify(key, alg, input->x, input->len, @@ -3810,7 +3810,7 @@ void cipher_encrypt_fail(int alg_arg, output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); - ASSERT_ALLOC(output, output_buffer_size); + TEST_CALLOC_OR_FAIL(output, output_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -3869,7 +3869,7 @@ void cipher_encrypt_validate_iv_length(int alg, int key_type, data_t *key_data, unsigned char *output = NULL; output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); - ASSERT_ALLOC(output, output_buffer_size); + TEST_CALLOC_OR_FAIL(output, output_buffer_size); PSA_ASSERT(psa_crypto_init()); @@ -3927,7 +3927,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, &key)); output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext->len); - ASSERT_ALLOC(output, output_buffer_size); + TEST_CALLOC_OR_FAIL(output, output_buffer_size); /* set_iv() is not allowed */ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); @@ -4077,8 +4077,8 @@ void cipher_encrypt_validation(int alg_arg, output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); - ASSERT_ALLOC(output1, output1_buffer_size); - ASSERT_ALLOC(output2, output2_buffer_size); + TEST_CALLOC_OR_FAIL(output1, output1_buffer_size); + TEST_CALLOC_OR_FAIL(output2, output2_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -4169,7 +4169,7 @@ void cipher_encrypt_multipart(int alg_arg, int key_type_arg, output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); - ASSERT_ALLOC(output, output_buffer_size); + TEST_CALLOC_OR_FAIL(output, output_buffer_size); TEST_LE_U(first_part_size, input->len); PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size, @@ -4268,7 +4268,7 @@ void cipher_decrypt_multipart(int alg_arg, int key_type_arg, output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); - ASSERT_ALLOC(output, output_buffer_size); + TEST_CALLOC_OR_FAIL(output, output_buffer_size); TEST_LE_U(first_part_size, input->len); PSA_ASSERT(psa_cipher_update(&operation, @@ -4364,13 +4364,13 @@ void cipher_decrypt_fail(int alg_arg, /* Allocate input buffer and copy the iv and the plaintext */ input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); if (input_buffer_size > 0) { - ASSERT_ALLOC(input, input_buffer_size); + TEST_CALLOC_OR_FAIL(input, input_buffer_size); memcpy(input, iv->x, iv->len); memcpy(input + iv->len, input_arg->x, input_arg->len); } output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); - ASSERT_ALLOC(output, output_buffer_size); + TEST_CALLOC_OR_FAIL(output, output_buffer_size); /* Decrypt, one-short */ status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output, @@ -4383,7 +4383,7 @@ void cipher_decrypt_fail(int alg_arg, output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_arg->len) + PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); - ASSERT_ALLOC(output_multi, output_buffer_size); + TEST_CALLOC_OR_FAIL(output_multi, output_buffer_size); if (iv->len > 0) { status = psa_cipher_set_iv(&operation, iv->x, iv->len); @@ -4454,13 +4454,13 @@ void cipher_decrypt(int alg_arg, /* Allocate input buffer and copy the iv and the plaintext */ input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); if (input_buffer_size > 0) { - ASSERT_ALLOC(input, input_buffer_size); + TEST_CALLOC_OR_FAIL(input, input_buffer_size); memcpy(input, iv->x, iv->len); memcpy(input + iv->len, input_arg->x, input_arg->len); } output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); - ASSERT_ALLOC(output, output_buffer_size); + TEST_CALLOC_OR_FAIL(output, output_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -4508,7 +4508,7 @@ void cipher_verify_output(int alg_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); - ASSERT_ALLOC(output1, output1_size); + TEST_CALLOC_OR_FAIL(output1, output1_size); PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, output1_size, @@ -4519,7 +4519,7 @@ void cipher_verify_output(int alg_arg, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len)); output2_size = output1_length; - ASSERT_ALLOC(output2, output2_size); + TEST_CALLOC_OR_FAIL(output2, output2_size); PSA_ASSERT(psa_cipher_decrypt(key, alg, output1, output1_length, output2, output2_size, @@ -4585,7 +4585,7 @@ void cipher_verify_output_multipart(int alg_arg, output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); TEST_LE_U(output1_buffer_size, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len)); - ASSERT_ALLOC(output1, output1_buffer_size); + TEST_CALLOC_OR_FAIL(output1, output1_buffer_size); TEST_LE_U(first_part_size, input->len); @@ -4628,7 +4628,7 @@ void cipher_verify_output_multipart(int alg_arg, PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, output1_length)); TEST_LE_U(output2_buffer_size, PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(output1_length)); - ASSERT_ALLOC(output2, output2_buffer_size); + TEST_CALLOC_OR_FAIL(output2, output2_buffer_size); if (iv_length > 0) { PSA_ASSERT(psa_cipher_set_iv(&operation2, @@ -4724,7 +4724,7 @@ void aead_encrypt_decrypt(int key_type_arg, data_t *key_data, TEST_LE_U(output_size, PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); } - ASSERT_ALLOC(output_data, output_size); + TEST_CALLOC_OR_FAIL(output_data, output_size); status = psa_aead_encrypt(key, alg, nonce->x, nonce->len, @@ -4745,7 +4745,7 @@ void aead_encrypt_decrypt(int key_type_arg, data_t *key_data, TEST_EQUAL(status, expected_result); if (PSA_SUCCESS == expected_result) { - ASSERT_ALLOC(output_data2, output_length); + TEST_CALLOC_OR_FAIL(output_data2, output_length); /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE * should be exact. */ @@ -4813,7 +4813,7 @@ void aead_encrypt(int key_type_arg, data_t *key_data, PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); TEST_LE_U(output_size, PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); - ASSERT_ALLOC(output_data, output_size); + TEST_CALLOC_OR_FAIL(output_data, output_size); status = psa_aead_encrypt(key, alg, nonce->x, nonce->len, @@ -4883,7 +4883,7 @@ void aead_decrypt(int key_type_arg, data_t *key_data, TEST_LE_U(output_size, PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(input_data->len)); } - ASSERT_ALLOC(output_data, output_size); + TEST_CALLOC_OR_FAIL(output_data, output_size); status = psa_aead_decrypt(key, alg, nonce->x, nonce->len, @@ -5142,13 +5142,13 @@ void aead_multipart_generate_nonce(int key_type_arg, data_t *key_data, output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); TEST_LE_U(ciphertext_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE); - ASSERT_ALLOC(ciphertext, ciphertext_size); + TEST_CALLOC_OR_FAIL(ciphertext, ciphertext_size); status = psa_aead_encrypt_setup(&operation, key, alg); @@ -5245,13 +5245,13 @@ void aead_multipart_set_nonce(int key_type_arg, data_t *key_data, output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); TEST_LE_U(ciphertext_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE); - ASSERT_ALLOC(ciphertext, ciphertext_size); + TEST_CALLOC_OR_FAIL(ciphertext, ciphertext_size); status = psa_aead_encrypt_setup(&operation, key, alg); @@ -5268,12 +5268,12 @@ void aead_multipart_set_nonce(int key_type_arg, data_t *key_data, /* -1 == zero length and valid buffer, 0 = zero length and NULL buffer. */ if (nonce_length_arg == -1) { /* Arbitrary size buffer, to test zero length valid buffer. */ - ASSERT_ALLOC(nonce_buffer, 4); + TEST_CALLOC_OR_FAIL(nonce_buffer, 4); nonce_length = 0; } else { /* If length is zero, then this will return NULL. */ nonce_length = (size_t) nonce_length_arg; - ASSERT_ALLOC(nonce_buffer, nonce_length); + TEST_CALLOC_OR_FAIL(nonce_buffer, nonce_length); if (nonce_buffer) { for (index = 0; index < nonce_length - 1; ++index) { @@ -5362,11 +5362,11 @@ void aead_multipart_update_buffer_test(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_get_key_attributes(key, &attributes)); - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); - ASSERT_ALLOC(ciphertext, ciphertext_size); + TEST_CALLOC_OR_FAIL(ciphertext, ciphertext_size); status = psa_aead_encrypt_setup(&operation, key, alg); @@ -5449,11 +5449,11 @@ void aead_multipart_finish_buffer_test(int key_type_arg, data_t *key_data, ciphertext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); - ASSERT_ALLOC(ciphertext, ciphertext_size); + TEST_CALLOC_OR_FAIL(ciphertext, ciphertext_size); - ASSERT_ALLOC(finish_ciphertext, finish_ciphertext_size); + TEST_CALLOC_OR_FAIL(finish_ciphertext, finish_ciphertext_size); - ASSERT_ALLOC(tag_buffer, tag_size); + TEST_CALLOC_OR_FAIL(tag_buffer, tag_size); status = psa_aead_encrypt_setup(&operation, key, alg); @@ -5538,11 +5538,11 @@ void aead_multipart_verify(int key_type_arg, data_t *key_data, plaintext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); - ASSERT_ALLOC(plaintext, plaintext_size); + TEST_CALLOC_OR_FAIL(plaintext, plaintext_size); verify_plaintext_size = PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg); - ASSERT_ALLOC(finish_plaintext, verify_plaintext_size); + TEST_CALLOC_OR_FAIL(finish_plaintext, verify_plaintext_size); status = psa_aead_decrypt_setup(&operation, key, alg); @@ -5679,13 +5679,13 @@ void aead_multipart_state_test(int key_type_arg, data_t *key_data, output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); - ASSERT_ALLOC(output_data, output_size); + TEST_CALLOC_OR_FAIL(output_data, output_size); finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); TEST_LE_U(finish_output_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE); - ASSERT_ALLOC(final_data, finish_output_size); + TEST_CALLOC_OR_FAIL(final_data, finish_output_size); /* Test all operations error without calling setup first. */ @@ -6483,7 +6483,7 @@ void sign_hash_deterministic(int key_type_arg, data_t *key_data, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); /* Perform the signature. */ PSA_ASSERT(psa_sign_hash(key, alg, @@ -6566,7 +6566,7 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); psa_interruptible_set_max_ops(max_ops); @@ -6651,7 +6651,7 @@ void sign_hash_fail(int key_type_arg, data_t *key_data, size_t signature_length = 0xdeadbeef; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); PSA_ASSERT(psa_crypto_init()); @@ -6731,7 +6731,7 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, psa_sign_hash_interruptible_operation_t operation = psa_sign_hash_interruptible_operation_init(); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); PSA_ASSERT(psa_crypto_init()); @@ -6859,7 +6859,7 @@ void sign_verify_hash(int key_type_arg, data_t *key_data, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); /* Perform the signature. */ PSA_ASSERT(psa_sign_hash(key, alg, @@ -6962,7 +6962,7 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); psa_interruptible_set_max_ops(max_ops); @@ -7444,7 +7444,7 @@ void interruptible_signverify_hash_state_test(int key_type_arg, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); @@ -7600,7 +7600,7 @@ void interruptible_signverify_hash_edgecase_tests(int key_type_arg, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); /* --- Change function inputs mid run, to cause an error (sign only, * verify passes all inputs to start. --- */ @@ -7731,7 +7731,7 @@ void interruptible_signverify_hash_ops_tests(int key_type_arg, TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); /* Check that default max ops gets set if we don't set it. */ PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, @@ -7905,7 +7905,7 @@ void sign_message_deterministic(int key_type_arg, signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); PSA_ASSERT(psa_sign_message(key, alg, input_data->x, input_data->len, @@ -7943,7 +7943,7 @@ void sign_message_fail(int key_type_arg, size_t signature_length = 0xdeadbeef; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); PSA_ASSERT(psa_crypto_init()); @@ -8003,7 +8003,7 @@ void sign_verify_message(int key_type_arg, signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); PSA_ASSERT(psa_sign_message(key, alg, input_data->x, input_data->len, @@ -8143,7 +8143,7 @@ void asymmetric_encrypt(int key_type_arg, output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); TEST_LE_U(output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); /* Encrypt the input */ actual_status = psa_asymmetric_encrypt(key, alg, @@ -8225,13 +8225,13 @@ void asymmetric_encrypt_decrypt(int key_type_arg, output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); TEST_LE_U(output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); output2_size = input_data->len; TEST_LE_U(output2_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)); TEST_LE_U(output2_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); - ASSERT_ALLOC(output2, output2_size); + TEST_CALLOC_OR_FAIL(output2, output2_size); /* We test encryption by checking that encrypt-then-decrypt gives back * the original plaintext because of the non-optional random @@ -8299,7 +8299,7 @@ void asymmetric_decrypt(int key_type_arg, /* Determine the maximum ciphertext length */ output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg); TEST_LE_U(output_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); PSA_ASSERT(psa_asymmetric_decrypt(key, alg, input_data->x, input_data->len, @@ -8354,7 +8354,7 @@ void asymmetric_decrypt_fail(int key_type_arg, psa_status_t expected_status = expected_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); PSA_ASSERT(psa_crypto_init()); @@ -8722,7 +8722,7 @@ void derive_output(int alg_arg, expected_outputs[i] = NULL; } } - ASSERT_ALLOC(output_buffer, output_buffer_size); + TEST_CALLOC_OR_FAIL(output_buffer, output_buffer_size); PSA_ASSERT(psa_crypto_init()); /* Extraction phase. */ @@ -8995,7 +8995,7 @@ void derive_ecjpake_to_pms(data_t *input, int expected_input_status_arg, psa_status_t expected_capacity_status = (psa_status_t) expected_capacity_status_arg; psa_status_t expected_output_status = (psa_status_t) expected_output_status_arg; - ASSERT_ALLOC(output_buffer, expected_output->len); + TEST_CALLOC_OR_FAIL(output_buffer, expected_output->len); PSA_ASSERT(psa_crypto_init()); PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); @@ -9116,8 +9116,8 @@ void derive_key_export(int alg_arg, psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; size_t length; - ASSERT_ALLOC(output_buffer, capacity); - ASSERT_ALLOC(export_buffer, capacity); + TEST_CALLOC_OR_FAIL(output_buffer, capacity); + TEST_CALLOC_OR_FAIL(export_buffer, capacity); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE); @@ -9201,7 +9201,7 @@ void derive_key_type(int alg_arg, psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; size_t export_length; - ASSERT_ALLOC(export_buffer, export_buffer_size); + TEST_CALLOC_OR_FAIL(export_buffer, export_buffer_size); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE); @@ -9373,7 +9373,7 @@ void raw_key_agreement(int alg_arg, PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); /* Good case with exact output size */ - ASSERT_ALLOC(output, expected_output->len); + TEST_CALLOC_OR_FAIL(output, expected_output->len); PSA_ASSERT(psa_raw_key_agreement(alg, our_key, peer_key_data->x, peer_key_data->len, output, expected_output->len, @@ -9385,7 +9385,7 @@ void raw_key_agreement(int alg_arg, output_length = ~0; /* Larger buffer */ - ASSERT_ALLOC(output, expected_output->len + 1); + TEST_CALLOC_OR_FAIL(output, expected_output->len + 1); PSA_ASSERT(psa_raw_key_agreement(alg, our_key, peer_key_data->x, peer_key_data->len, output, expected_output->len + 1, @@ -9397,7 +9397,7 @@ void raw_key_agreement(int alg_arg, output_length = ~0; /* Buffer too small */ - ASSERT_ALLOC(output, expected_output->len - 1); + TEST_CALLOC_OR_FAIL(output, expected_output->len - 1); TEST_EQUAL(psa_raw_key_agreement(alg, our_key, peer_key_data->x, peer_key_data->len, output, expected_output->len - 1, @@ -9486,7 +9486,7 @@ void key_agreement_output(int alg_arg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *actual_output = NULL; - ASSERT_ALLOC(actual_output, MAX(expected_output1->len, + TEST_CALLOC_OR_FAIL(actual_output, MAX(expected_output1->len, expected_output2->len)); PSA_ASSERT(psa_crypto_init()); @@ -9542,8 +9542,8 @@ void generate_random(int bytes_arg) TEST_ASSERT(bytes_arg >= 0); - ASSERT_ALLOC(output, bytes); - ASSERT_ALLOC(changed, bytes); + TEST_CALLOC_OR_FAIL(output, bytes); + TEST_CALLOC_OR_FAIL(changed, bytes); PSA_ASSERT(psa_crypto_init()); @@ -9661,8 +9661,8 @@ void generate_key_rsa(int bits_arg, is_default_public_exponent = 1; e_read_size = 0; } - ASSERT_ALLOC(e_read_buffer, e_read_size); - ASSERT_ALLOC(exported, exported_size); + TEST_CALLOC_OR_FAIL(e_read_buffer, e_read_size); + TEST_CALLOC_OR_FAIL(exported, exported_size); PSA_ASSERT(psa_crypto_init()); @@ -9764,8 +9764,8 @@ void persistent_key_load_key_from_storage(data_t *data, size_t second_exported_length; if (usage_flags & PSA_KEY_USAGE_EXPORT) { - ASSERT_ALLOC(first_export, export_size); - ASSERT_ALLOC(second_export, export_size); + TEST_CALLOC_OR_FAIL(first_export, export_size); + TEST_CALLOC_OR_FAIL(second_export, export_size); } PSA_ASSERT(psa_crypto_init()); @@ -9912,7 +9912,7 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, size_t buf_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg, PSA_PAKE_STEP_KEY_SHARE); - ASSERT_ALLOC(output_buffer, buf_size); + TEST_CALLOC_OR_FAIL(output_buffer, buf_size); if (pw_data->len > 0) { psa_set_key_usage_flags(&attributes, key_usage_pw); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 2ddcf07ed..e83d2ae59 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -49,8 +49,8 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; psa_status_t status; - ASSERT_ALLOC(buffer0, buffer_length); - ASSERT_ALLOC(buffer1, buffer_length); + TEST_CALLOC_OR_FAIL(buffer0, buffer_length); + TEST_CALLOC_OR_FAIL(buffer1, buffer_length); switch (round) { case 1: @@ -538,7 +538,7 @@ void sign_hash(int key_type_arg, TEST_ASSERT(signature_size != 0); TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); actual_status = psa_sign_hash(key, alg, data_input->x, data_input->len, @@ -665,7 +665,7 @@ void sign_message(int key_type_arg, TEST_ASSERT(signature_size != 0); TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); actual_status = psa_sign_message(key, alg, data_input->x, data_input->len, @@ -997,7 +997,7 @@ void key_agreement(int alg_arg, mbedtls_test_driver_key_agreement_hooks.hits = 0; mbedtls_test_driver_key_agreement_hooks.forced_status = force_status; - ASSERT_ALLOC(actual_output, expected_output->len); + TEST_CALLOC_OR_FAIL(actual_output, expected_output->len); actual_status = psa_raw_key_agreement(alg, our_key, peer_key_data->x, peer_key_data->len, actual_output, expected_output->len, @@ -1053,8 +1053,8 @@ void cipher_encrypt_validation(int alg_arg, output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); - ASSERT_ALLOC(output1, output1_buffer_size); - ASSERT_ALLOC(output2, output2_buffer_size); + TEST_CALLOC_OR_FAIL(output1, output1_buffer_size); + TEST_CALLOC_OR_FAIL(output2, output2_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -1171,7 +1171,7 @@ void cipher_encrypt_multipart(int alg_arg, output_buffer_size = ((size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); - ASSERT_ALLOC(output, output_buffer_size); + TEST_CALLOC_OR_FAIL(output, output_buffer_size); if (mock_output_arg) { mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; @@ -1299,7 +1299,7 @@ void cipher_decrypt_multipart(int alg_arg, output_buffer_size = ((size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); - ASSERT_ALLOC(output, output_buffer_size); + TEST_CALLOC_OR_FAIL(output, output_buffer_size); if (mock_output_arg) { mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; @@ -1398,13 +1398,13 @@ void cipher_decrypt(int alg_arg, /* Allocate input buffer and copy the iv and the plaintext */ input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); if (input_buffer_size > 0) { - ASSERT_ALLOC(input, input_buffer_size); + TEST_CALLOC_OR_FAIL(input, input_buffer_size); memcpy(input, iv->x, iv->len); memcpy(input + iv->len, input_arg->x, input_arg->len); } output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); - ASSERT_ALLOC(output, output_buffer_size); + TEST_CALLOC_OR_FAIL(output, output_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -1451,7 +1451,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); - ASSERT_ALLOC(output, input->len + 16); + TEST_CALLOC_OR_FAIL(output, input->len + 16); output_buffer_size = input->len + 16; PSA_ASSERT(psa_crypto_init()); @@ -1691,7 +1691,7 @@ void aead_encrypt(int key_type_arg, data_t *key_data, PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); TEST_ASSERT(output_size <= PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); - ASSERT_ALLOC(output_data, output_size); + TEST_CALLOC_OR_FAIL(output_data, output_size); mbedtls_test_driver_aead_hooks.forced_status = forced_status; status = psa_aead_encrypt(key, alg, @@ -1753,7 +1753,7 @@ void aead_decrypt(int key_type_arg, data_t *key_data, output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg); - ASSERT_ALLOC(output_data, output_size); + TEST_CALLOC_OR_FAIL(output_data, output_size); mbedtls_test_driver_aead_hooks.forced_status = forced_status; status = psa_aead_decrypt(key, alg, @@ -1816,7 +1816,7 @@ void mac_sign(int key_type_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); - ASSERT_ALLOC(actual_mac, mac_buffer_size); + TEST_CALLOC_OR_FAIL(actual_mac, mac_buffer_size); mbedtls_test_driver_mac_hooks.forced_status = forced_status; /* @@ -1891,7 +1891,7 @@ void mac_sign_multipart(int key_type_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); - ASSERT_ALLOC(actual_mac, mac_buffer_size); + TEST_CALLOC_OR_FAIL(actual_mac, mac_buffer_size); mbedtls_test_driver_mac_hooks.forced_status = forced_status; /* @@ -2152,7 +2152,7 @@ void builtin_key_export(int builtin_key_id_arg, psa_status_t actual_status; PSA_ASSERT(psa_crypto_init()); - ASSERT_ALLOC(output_buffer, expected_output->len); + TEST_CALLOC_OR_FAIL(output_buffer, expected_output->len); actual_status = psa_export_key(key, output_buffer, expected_output->len, &output_size); @@ -2203,7 +2203,7 @@ void builtin_pubkey_export(int builtin_key_id_arg, psa_status_t actual_status; PSA_ASSERT(psa_crypto_init()); - ASSERT_ALLOC(output_buffer, expected_output->len); + TEST_CALLOC_OR_FAIL(output_buffer, expected_output->len); actual_status = psa_export_public_key(key, output_buffer, expected_output->len, &output_size); @@ -2244,7 +2244,7 @@ void hash_compute(int alg_arg, PSA_ASSERT(psa_crypto_init()); - ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); + TEST_CALLOC_OR_FAIL(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); @@ -2282,7 +2282,7 @@ void hash_multipart_setup(int alg_arg, PSA_ASSERT(psa_crypto_init()); - ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); + TEST_CALLOC_OR_FAIL(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); @@ -2329,7 +2329,7 @@ void hash_multipart_update(int alg_arg, PSA_ASSERT(psa_crypto_init()); - ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); + TEST_CALLOC_OR_FAIL(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); @@ -2385,7 +2385,7 @@ void hash_multipart_finish(int alg_arg, size_t output_length; PSA_ASSERT(psa_crypto_init()); - ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); + TEST_CALLOC_OR_FAIL(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); @@ -2440,7 +2440,7 @@ void hash_clone(int alg_arg, size_t output_length; PSA_ASSERT(psa_crypto_init()); - ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); + TEST_CALLOC_OR_FAIL(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); @@ -2539,11 +2539,11 @@ void asymmetric_encrypt_decrypt(int alg_arg, mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_encrypt->len; output_size = fake_output_encrypt->len; - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); } else { output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); TEST_ASSERT(output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); } /* We test encryption by checking that encrypt-then-decrypt gives back @@ -2571,13 +2571,13 @@ void asymmetric_encrypt_decrypt(int alg_arg, mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_decrypt->len; output2_size = fake_output_decrypt->len; - ASSERT_ALLOC(output2, output2_size); + TEST_CALLOC_OR_FAIL(output2, output2_size); } else { output2_size = input_data->len; TEST_ASSERT(output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)); TEST_ASSERT(output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); - ASSERT_ALLOC(output2, output2_size); + TEST_CALLOC_OR_FAIL(output2, output2_size); } TEST_EQUAL(psa_asymmetric_decrypt(key, alg, @@ -2651,10 +2651,10 @@ void asymmetric_decrypt(int alg_arg, mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_decrypt->len; output_size = fake_output_decrypt->len; - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); } else { output_size = expected_output_data->len; - ASSERT_ALLOC(output, expected_output_data->len); + TEST_CALLOC_OR_FAIL(output, expected_output_data->len); } TEST_EQUAL(psa_asymmetric_decrypt(key, alg, @@ -2724,10 +2724,10 @@ void asymmetric_encrypt(int alg_arg, mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_encrypt->len; output_size = fake_output_encrypt->len; - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); } else { output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); - ASSERT_ALLOC(output, output_size); + TEST_CALLOC_OR_FAIL(output, output_size); } TEST_EQUAL(psa_asymmetric_encrypt(key, alg, @@ -2824,7 +2824,7 @@ void aead_encrypt_setup(int key_type_arg, data_t *key_data, PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); TEST_ASSERT(output_size <= PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); - ASSERT_ALLOC(output_data, output_size); + TEST_CALLOC_OR_FAIL(output_data, output_size); status = psa_aead_encrypt_setup(&operation, key, alg); @@ -2926,7 +2926,7 @@ void aead_decrypt_setup(int key_type_arg, data_t *key_data, output_size = input_ciphertext->len; - ASSERT_ALLOC(output_data, output_size); + TEST_CALLOC_OR_FAIL(output_data, output_size); mbedtls_test_driver_aead_hooks.forced_status = forced_status; @@ -3016,12 +3016,12 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st PSA_PAKE_STEP_KEY_SHARE); int in_driver = (forced_status_setup_arg == PSA_SUCCESS); - ASSERT_ALLOC(input_buffer, + TEST_CALLOC_OR_FAIL(input_buffer, PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE)); memset(input_buffer, 0xAA, size_key_share); - ASSERT_ALLOC(output_buffer, + TEST_CALLOC_OR_FAIL(output_buffer, PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE)); memset(output_buffer, 0x55, output_size); diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function index 1bb9efb9c..9e3f0a075 100644 --- a/tests/suites/test_suite_psa_crypto_entropy.function +++ b/tests/suites/test_suite_psa_crypto_entropy.function @@ -86,8 +86,8 @@ void external_rng_failure_sign(int key_type, data_t *key_data, int alg, size_t signature_size = PSA_SIGNATURE_MAX_SIZE; size_t signature_length; - ASSERT_ALLOC(input, input_size); - ASSERT_ALLOC(signature, signature_size); + TEST_CALLOC_OR_FAIL(input, input_size); + TEST_CALLOC_OR_FAIL(signature, signature_size); PSA_ASSERT(psa_crypto_init()); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, @@ -135,7 +135,7 @@ void validate_entropy_seed_injection(int seed_length_a, } else { seed_size = seed_length_b; } - ASSERT_ALLOC(seed, seed_size); + TEST_CALLOC_OR_FAIL(seed, seed_size); /* fill seed with some data */ for (i = 0; i < seed_size; ++i) { seed[i] = i; diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index 6e1305e60..3debd7959 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -267,7 +267,7 @@ void entropy_from_nv_seed(int seed_size_arg, uint8_t *seed = NULL; size_t seed_size = seed_size_arg; - ASSERT_ALLOC(seed, seed_size); + TEST_CALLOC_OR_FAIL(seed, seed_size); TEST_ASSERT(mbedtls_nv_seed_write(seed, seed_size) >= 0); custom_entropy_sources_mask = ENTROPY_SOURCE_NV_SEED; diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index c3ff888ab..e260761ae 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -137,8 +137,8 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; psa_status_t status; - ASSERT_ALLOC(buffer0, buffer_length); - ASSERT_ALLOC(buffer1, buffer_length); + TEST_CALLOC_OR_FAIL(buffer0, buffer_length); + TEST_CALLOC_OR_FAIL(buffer1, buffer_length); switch (round) { case PAKE_ROUND_ONE: @@ -617,7 +617,7 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, size_t buf_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg, PSA_PAKE_STEP_KEY_SHARE); - ASSERT_ALLOC(output_buffer, buf_size); + TEST_CALLOC_OR_FAIL(output_buffer, buf_size); psa_set_key_usage_flags(&attributes, key_usage_pw); psa_set_key_algorithm(&attributes, alg); diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 52c6047c5..6d3c4d44d 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -61,7 +61,7 @@ void format_storage_data_check(data_t *key_data, psa_set_key_algorithm(&attributes, key_alg); psa_set_key_enrollment_algorithm(&attributes, key_alg2); - ASSERT_ALLOC(file_data, file_data_length); + TEST_CALLOC_OR_FAIL(file_data, file_data_length); psa_format_key_data_for_storage(key_data->x, key_data->len, &attributes.core, file_data); @@ -127,7 +127,7 @@ void save_large_persistent_key(int data_length_arg, int expected_status) size_t data_length = data_length_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - ASSERT_ALLOC(data, data_length); + TEST_CALLOC_OR_FAIL(data, data_length); PSA_ASSERT(psa_crypto_init()); @@ -267,7 +267,7 @@ void import_export_persistent_key(data_t *data, int type_arg, size_t exported_length; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - ASSERT_ALLOC(exported, export_size); + TEST_CALLOC_OR_FAIL(exported, export_size); PSA_ASSERT(psa_crypto_init()); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index aa455e520..4eaf434b6 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -605,7 +605,7 @@ static int check_persistent_data(psa_key_location_t location, int ok = 0; PSA_ASSERT(psa_its_get_info(uid, &info)); - ASSERT_ALLOC(loaded, info.size); + TEST_CALLOC_OR_FAIL(loaded, info.size); PSA_ASSERT(psa_its_get(uid, 0, info.size, loaded, NULL)); TEST_BUFFERS_EQUAL(expected_data, size, loaded, info.size); ok = 1; diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 92f44e941..57492b99e 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -303,7 +303,7 @@ void persistent_slot_lifecycle(int lifetime_arg, int owner_id_arg, int id_arg, psa_get_key_type(&read_attributes)); TEST_EQUAL(psa_get_key_bits(&attributes), psa_get_key_bits(&read_attributes)); - ASSERT_ALLOC(reexported, key_data->len); + TEST_CALLOC_OR_FAIL(reexported, key_data->len); if (usage_flags & PSA_KEY_USAGE_EXPORT) { PSA_ASSERT(psa_export_key(id, reexported, key_data->len, &reexported_length)); @@ -575,7 +575,7 @@ void copy_across_lifetimes(int source_lifetime_arg, int source_owner_id_arg, psa_get_key_enrollment_algorithm(&target_attributes)); if (expected_usage & PSA_KEY_USAGE_EXPORT) { size_t length; - ASSERT_ALLOC(export_buffer, material->len); + TEST_CALLOC_OR_FAIL(export_buffer, material->len); PSA_ASSERT(psa_export_key(returned_target_id, export_buffer, material->len, &length)); TEST_BUFFERS_EQUAL(material->x, material->len, @@ -689,7 +689,7 @@ void copy_to_occupied(int source_lifetime_arg, int source_id_arg, psa_get_key_algorithm(&attributes2)); if (target_usage & PSA_KEY_USAGE_EXPORT) { size_t length; - ASSERT_ALLOC(export_buffer, target_material->len); + TEST_CALLOC_OR_FAIL(export_buffer, target_material->len); PSA_ASSERT(psa_export_key(returned_target_id, export_buffer, target_material->len, &length)); TEST_BUFFERS_EQUAL(target_material->x, target_material->len, @@ -813,7 +813,7 @@ void many_transient_keys(int max_keys_arg) uint8_t exported[sizeof(size_t)]; size_t exported_length; - ASSERT_ALLOC(keys, max_keys); + TEST_CALLOC_OR_FAIL(keys, max_keys); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); @@ -942,7 +942,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() TEST_ASSERT(MBEDTLS_PSA_KEY_SLOT_COUNT >= 1); - ASSERT_ALLOC(keys, MBEDTLS_PSA_KEY_SLOT_COUNT); + TEST_CALLOC_OR_FAIL(keys, MBEDTLS_PSA_KEY_SLOT_COUNT); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function index 0a6fd28d4..1099ba205 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tests/suites/test_suite_psa_crypto_storage_format.function @@ -36,7 +36,7 @@ static int test_written_key(const psa_key_attributes_t *attributes, /* Check that the key is represented as expected. */ PSA_ASSERT(psa_its_get_info(uid, &storage_info)); TEST_EQUAL(storage_info.size, expected_representation->len); - ASSERT_ALLOC(actual_representation, storage_info.size); + TEST_CALLOC_OR_FAIL(actual_representation, storage_info.size); PSA_ASSERT(psa_its_get(uid, 0, storage_info.size, actual_representation, &length)); TEST_BUFFERS_EQUAL(expected_representation->x, expected_representation->len, @@ -259,7 +259,7 @@ static int test_read_key(const psa_key_attributes_t *expected_attributes, TEST_EQUAL(psa_get_key_enrollment_algorithm(expected_attributes), psa_get_key_enrollment_algorithm(&actual_attributes)); if (can_export(expected_attributes)) { - ASSERT_ALLOC(exported_material, expected_material->len); + TEST_CALLOC_OR_FAIL(exported_material, expected_material->len); PSA_ASSERT(psa_export_key(key_id, exported_material, expected_material->len, &length)); diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index 0ad6febeb..28e7cdec5 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -92,7 +92,7 @@ void set_get_remove(int uid_arg, int flags_arg, data_t *data) unsigned char *buffer = NULL; size_t ret_len = 0; - ASSERT_ALLOC(buffer, data->len); + TEST_CALLOC_OR_FAIL(buffer, data->len); PSA_ASSERT(psa_its_set_wrap(uid, data->len, data->x, flags)); @@ -122,7 +122,7 @@ void set_overwrite(int uid_arg, unsigned char *buffer = NULL; size_t ret_len = 0; - ASSERT_ALLOC(buffer, MAX(data1->len, data2->len)); + TEST_CALLOC_OR_FAIL(buffer, MAX(data1->len, data2->len)); PSA_ASSERT(psa_its_set_wrap(uid, data1->len, data1->x, flags1)); PSA_ASSERT(psa_its_get_info(uid, &info)); @@ -214,7 +214,7 @@ void get_at(int uid_arg, data_t *data, size_t i; size_t ret_len = 0; - ASSERT_ALLOC(buffer, length + 16); + TEST_CALLOC_OR_FAIL(buffer, length + 16); trailer = buffer + length; memset(trailer, '-', 16); diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function index 0df92b044..147f5440c 100644 --- a/tests/suites/test_suite_random.function +++ b/tests/suites/test_suite_random.function @@ -169,7 +169,7 @@ void mbedtls_psa_get_random_length(int n) unsigned char *output = NULL; PSA_ASSERT(psa_crypto_init()); - ASSERT_ALLOC(output, n); + TEST_CALLOC_OR_FAIL(output, n); TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, output, n)); diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 594d1000d..668f0dc92 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -155,7 +155,7 @@ void mbedtls_sha3(int family, data_t *in, data_t *hash) { unsigned char *output = NULL; - ASSERT_ALLOC(output, hash->len); + TEST_CALLOC_OR_FAIL(output, hash->len); TEST_ASSERT(mbedtls_sha3(family, in->x, in->len, output, hash->len) == 0); @@ -193,7 +193,7 @@ void mbedtls_sha3_multi(int family, data_t *in, data_t *hash) mbedtls_sha3_context ctx; const unsigned int block_size = 256; - ASSERT_ALLOC(output, hash->len); + TEST_CALLOC_OR_FAIL(output, hash->len); mbedtls_sha3_init(&ctx); mbedtls_sha3_starts(&ctx, family); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 1f2db773a..f71a3de19 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -152,7 +152,7 @@ void test_callback_buffer(int size, int put1, int put1_ret, if (input_len == 0) { input_len = 1; } - ASSERT_ALLOC(input, input_len); + TEST_CALLOC_OR_FAIL(input, input_len); output_len = 0; for (j = 0; j < ROUNDS; j++) { @@ -166,7 +166,7 @@ void test_callback_buffer(int size, int put1, int put1_ret, if (output_len == 0) { output_len = 1; } - ASSERT_ALLOC(output, output_len); + TEST_CALLOC_OR_FAIL(output, output_len); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ @@ -1543,8 +1543,8 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, + plaintext_len + t0.maclen + padlen + 1; - ASSERT_ALLOC(buf, buflen); - ASSERT_ALLOC(buf_save, buflen); + TEST_CALLOC_OR_FAIL(buf, buflen); + TEST_CALLOC_OR_FAIL(buf_save, buflen); /* Prepare a dummy record header */ memset(rec.ctr, 0, sizeof(rec.ctr)); @@ -2064,7 +2064,7 @@ void ssl_tls13_record_protection(int ciphersuite, /* Make sure we have enough space in the buffer even if * we use more padding than the KAT. */ buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; - ASSERT_ALLOC(buf, buf_len); + TEST_CALLOC_OR_FAIL(buf, buf_len); rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */ diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f702adf61..da042cf21 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -944,7 +944,7 @@ void mbedtls_x509_dn_get_next(char *name_str, c = buf + sizeof(buf); // Additional size required for trailing space out_size = strlen(expected_oids) + 2; - ASSERT_ALLOC(out, out_size); + TEST_CALLOC_OR_FAIL(out, out_size); TEST_EQUAL(mbedtls_x509_string_to_names(&names, name_str), 0); @@ -979,7 +979,7 @@ void mbedtls_x509_dn_get_next(char *name_str, out = NULL; out_size = strlen(exp_dn_gets) + 1; - ASSERT_ALLOC(out, out_size); + TEST_CALLOC_OR_FAIL(out, out_size); TEST_LE_S(0, mbedtls_x509_dn_gets((char *) out, out_size, &parsed)); TEST_EQUAL(strcmp((char *) out, exp_dn_gets), 0); From 412a813ad4d890528390411ae31574cae45a8cfb Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 20 Jul 2023 16:55:14 +0100 Subject: [PATCH 131/339] For tests, rename ASSERT_ALLOC_WEAK() to TEST_CALLOC_OR_SKIP() Signed-off-by: Tom Cosgrove --- tests/include/test/macros.h | 24 ++++++++++----------- tests/suites/test_suite_asn1parse.function | 2 +- tests/suites/test_suite_ccm.function | 2 +- tests/suites/test_suite_psa_crypto.function | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 9ed7d2f76..c94dd976d 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -138,21 +138,21 @@ /** Allocate memory dynamically. If the allocation fails, skip the test case. * - * This macro behaves like #ASSERT_ALLOC, except that if the allocation + * This macro behaves like #TEST_CALLOC_OR_FAIL, except that if the allocation * fails, it marks the test as skipped rather than failed. */ -#define ASSERT_ALLOC_WEAK(pointer, length) \ - do \ - { \ - TEST_ASSERT((pointer) == NULL); \ - if ((length) != 0) \ - { \ - (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ +#define TEST_CALLOC_OR_SKIP(pointer, length) \ + do { \ + TEST_ASSERT((pointer) == NULL); \ + if ((length) != 0) { \ + (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ (length)); \ - TEST_ASSUME((pointer) != NULL); \ - } \ - } \ - while (0) + TEST_ASSUME((pointer) != NULL); \ + } \ + } while (0) + +/* For backwards compatibility */ +#define ASSERT_ALLOC_WEAK(pointer, length) TEST_CALLOC_OR_SKIP(pointer, length) /** Compare two buffers and fail the test case if they differ. * diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function index 01a2271ef..a43e44f15 100644 --- a/tests/suites/test_suite_asn1parse.function +++ b/tests/suites/test_suite_asn1parse.function @@ -139,7 +139,7 @@ int get_len_step(const data_t *input, size_t buffer_size, end = buf + 1; p = end; } else { - ASSERT_ALLOC_WEAK(buf, buffer_size); + TEST_CALLOC_OR_SKIP(buf, buffer_size); if (buffer_size > input->len) { memcpy(buf, input->x, input->len); memset(buf + input->len, 'A', buffer_size - input->len); diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 482c6f6a0..610f2ba46 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -107,7 +107,7 @@ void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res) mbedtls_ccm_init(&ctx); - ASSERT_ALLOC_WEAK(add, add_len); + TEST_CALLOC_OR_SKIP(add, add_len); memset(key, 0, sizeof(key)); memset(msg, 0, sizeof(msg)); memset(iv, 0, sizeof(iv)); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ef5312250..422eba50d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1410,7 +1410,7 @@ void import_large_key(int type_arg, int byte_size_arg, /* Skip the test case if the target running the test cannot * accommodate large keys due to heap size constraints */ - ASSERT_ALLOC_WEAK(buffer, buffer_size); + TEST_CALLOC_OR_SKIP(buffer, buffer_size); memset(buffer, 'K', byte_size); PSA_ASSERT(psa_crypto_init()); From dc2ea2705b6e7804cdae3b0cf1250d927e989d7e Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 13 Jun 2023 10:50:35 +0000 Subject: [PATCH 132/339] Clone the ecp_curve.c file as ecp_curve_new.c Use macro guard MBEDTLS_ECP_WITH_MPI_UINT/STRUCT to enable either c file Signed-off-by: Xiaokang Qian --- library/ecp_curves.c | 5 +- library/ecp_curves_new.c | 5979 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 5983 insertions(+), 1 deletion(-) create mode 100644 library/ecp_curves_new.c diff --git a/library/ecp_curves.c b/library/ecp_curves.c index e3b3376c1..4ab74dc6f 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -18,6 +18,9 @@ */ #include "common.h" +#include "ecp_invasive.h" + +#if defined(MBEDTLS_ECP_WITH_MPI_STRUCT) #if defined(MBEDTLS_ECP_LIGHT) @@ -32,7 +35,6 @@ #include "bn_mul.h" #include "bignum_core.h" -#include "ecp_invasive.h" #include @@ -6039,3 +6041,4 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #endif /* MBEDTLS_TEST_HOOKS */ #endif /* !MBEDTLS_ECP_ALT */ #endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_ECP_WITH_MPI_STRUCT */ diff --git a/library/ecp_curves_new.c b/library/ecp_curves_new.c new file mode 100644 index 000000000..648853d5b --- /dev/null +++ b/library/ecp_curves_new.c @@ -0,0 +1,5979 @@ +/* + * Elliptic curves over GF(p): curve-specific data and functions + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" +#include "ecp_invasive.h" + +#if defined(MBEDTLS_ECP_WITH_MPI_UINT) +#if defined(MBEDTLS_ECP_LIGHT) + +#include "mbedtls/ecp.h" +#include "mbedtls/platform.h" +#include "mbedtls/platform_util.h" +#include "mbedtls/error.h" + +#include "mbedtls/platform.h" + +#include "bn_mul.h" +#include "bignum_core.h" + +#include + +#if !defined(MBEDTLS_ECP_ALT) + +/* Parameter validation macros based on platform_util.h */ +#define ECP_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA) +#define ECP_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) + +#define ECP_MPI_INIT(s, n, p) { s, (n), (mbedtls_mpi_uint *) (p) } + +#define ECP_MPI_INIT_ARRAY(x) \ + ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x) + +#define ECP_POINT_INIT_XY_Z0(x, y) { \ + ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 0, NULL) } +#define ECP_POINT_INIT_XY_Z1(x, y) { \ + ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 1, mpi_one) } + +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +/* For these curves, we build the group parameters dynamically. */ +#define ECP_LOAD_GROUP +static mbedtls_mpi_uint mpi_one[] = { 1 }; +#endif + +/* + * Note: the constants are in little-endian order + * to be directly usable in MPIs + */ + +/* + * Domain parameters for secp192r1 + */ +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +static const mbedtls_mpi_uint secp192r1_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), +}; +static const mbedtls_mpi_uint secp192r1_b[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64), +}; +static const mbedtls_mpi_uint secp192r1_gx[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18), +}; +static const mbedtls_mpi_uint secp192r1_gy[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63), + MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07), +}; +static const mbedtls_mpi_uint secp192r1_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14), + MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), +}; +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +static const mbedtls_mpi_uint secp192r1_T_0_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18), +}; +static const mbedtls_mpi_uint secp192r1_T_0_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63), + MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07), +}; +static const mbedtls_mpi_uint secp192r1_T_1_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x9E, 0xE3, 0x60, 0x59, 0xD1, 0xC4, 0xC2), + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBD, 0x22, 0xD7, 0x2D, 0x07, 0xBD, 0xB6), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x2A, 0xCF, 0x33, 0xF0, 0xBE, 0xD1, 0xED), +}; +static const mbedtls_mpi_uint secp192r1_T_1_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x71, 0x4B, 0xA8, 0xED, 0x7E, 0xC9, 0x1A), + MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x2A, 0xF6, 0xDF, 0x0E, 0xE8, 0x4C, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x35, 0xF7, 0x8A, 0xC3, 0xEC, 0xDE, 0x1E), +}; +static const mbedtls_mpi_uint secp192r1_T_2_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x67, 0xC2, 0x1D, 0x32, 0x8F, 0x10, 0xFB), + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x2D, 0x17, 0xF3, 0xE4, 0xFE, 0xD8, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x45, 0x10, 0x70, 0x2C, 0x3E, 0x52, 0x3E), +}; +static const mbedtls_mpi_uint secp192r1_T_2_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xF1, 0x04, 0x5D, 0xEE, 0xD4, 0x56, 0xE6), + MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xB7, 0x38, 0x27, 0x61, 0xAA, 0x81, 0x87), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x37, 0xD7, 0x0E, 0x29, 0x0E, 0x11, 0x14), +}; +static const mbedtls_mpi_uint secp192r1_T_3_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x35, 0x52, 0xC6, 0x31, 0xB7, 0x27, 0xF5), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xD4, 0x15, 0x98, 0x0F, 0xE7, 0xF3, 0x6A), + MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x31, 0x70, 0x35, 0x09, 0xA0, 0x2B, 0xC2), +}; +static const mbedtls_mpi_uint secp192r1_T_3_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x75, 0xA7, 0x4C, 0x88, 0xCF, 0x5B, 0xE4), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x17, 0x48, 0x8D, 0xF2, 0xF0, 0x86, 0xED), + MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xCF, 0xFE, 0x6B, 0xB0, 0xA5, 0x06, 0xAB), +}; +static const mbedtls_mpi_uint secp192r1_T_4_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x6A, 0xDC, 0x9A, 0x6D, 0x7B, 0x47, 0x2E), + MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xFC, 0x51, 0x12, 0x62, 0x66, 0x0B, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x40, 0x93, 0xA0, 0xB5, 0x5A, 0x58, 0xD7), +}; +static const mbedtls_mpi_uint secp192r1_T_4_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xCB, 0xAF, 0xDC, 0x0B, 0xA1, 0x26, 0xFB), + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x36, 0x9D, 0xA3, 0xD7, 0x3B, 0xAD, 0x39), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x3B, 0x05, 0x9A, 0xA8, 0xAA, 0x69, 0xB2), +}; +static const mbedtls_mpi_uint secp192r1_T_5_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xD9, 0xD1, 0x4D, 0x4A, 0x6E, 0x96, 0x1E), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x66, 0x32, 0x39, 0xC6, 0x57, 0x7D, 0xE6), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xA0, 0x36, 0xC2, 0x45, 0xF9, 0x00, 0x62), +}; +static const mbedtls_mpi_uint secp192r1_T_5_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xEF, 0x59, 0x46, 0xDC, 0x60, 0xD9, 0x8F), + MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xB0, 0xE9, 0x41, 0xA4, 0x87, 0x76, 0x89), + MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xD4, 0x0E, 0xB2, 0xFA, 0x16, 0x56, 0xDC), +}; +static const mbedtls_mpi_uint secp192r1_T_6_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x62, 0xD2, 0xB1, 0x34, 0xB2, 0xF1, 0x06), + MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xED, 0x55, 0xC5, 0x47, 0xB5, 0x07, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xF6, 0x2F, 0x94, 0xC3, 0xDD, 0x54, 0x2F), +}; +static const mbedtls_mpi_uint secp192r1_T_6_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xA6, 0xD4, 0x8C, 0xA9, 0xCE, 0x4D, 0x2E), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x4B, 0x46, 0xCC, 0xB2, 0x55, 0xC8, 0xB2), + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xAE, 0x31, 0xED, 0x89, 0x65, 0x59, 0x55), +}; +static const mbedtls_mpi_uint secp192r1_T_7_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x0A, 0xD1, 0x1A, 0xC5, 0xF6, 0xEA, 0x43), + MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xFC, 0x0C, 0x1A, 0xFB, 0xA0, 0xC8, 0x70), + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xFD, 0x53, 0x6F, 0x6D, 0xBF, 0xBA, 0xAF), +}; +static const mbedtls_mpi_uint secp192r1_T_7_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xB0, 0x7D, 0x83, 0x96, 0xE3, 0xCB, 0x9D), + MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x6E, 0x55, 0x2C, 0x20, 0x53, 0x2F, 0x46), + MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x66, 0x00, 0x17, 0x08, 0xFE, 0xAC, 0x31), +}; +static const mbedtls_mpi_uint secp192r1_T_8_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x12, 0x97, 0x3A, 0xC7, 0x57, 0x45, 0xCD), + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x25, 0x99, 0x00, 0xF6, 0x97, 0xB4, 0x64), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x74, 0xE6, 0xE6, 0xA3, 0xDF, 0x9C, 0xCC), +}; +static const mbedtls_mpi_uint secp192r1_T_8_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xF4, 0x76, 0xD5, 0x5F, 0x2A, 0xFD, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x80, 0x7E, 0x3E, 0xE5, 0xE8, 0xD6, 0x63), + MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xAD, 0x1E, 0x70, 0x79, 0x3E, 0x3D, 0x83), +}; +static const mbedtls_mpi_uint secp192r1_T_9_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x15, 0xBB, 0xB3, 0x42, 0x6A, 0xA1, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x58, 0xCB, 0x43, 0x25, 0x00, 0x14, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x4E, 0x93, 0x11, 0xE0, 0x32, 0x54, 0x98), +}; +static const mbedtls_mpi_uint secp192r1_T_9_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x52, 0xA2, 0xB4, 0x57, 0x32, 0xB9, 0x11), + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x43, 0xA1, 0xB1, 0xFB, 0x01, 0xE1, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xFB, 0x5A, 0x11, 0xB8, 0xC2, 0x03, 0xE5), +}; +static const mbedtls_mpi_uint secp192r1_T_10_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x2B, 0x71, 0x26, 0x4E, 0x7C, 0xC5, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xF5, 0xD3, 0xA8, 0xE4, 0x95, 0x48, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xAE, 0xD9, 0x5D, 0x9F, 0x6A, 0x22, 0xAD), +}; +static const mbedtls_mpi_uint secp192r1_T_10_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xCC, 0xA3, 0x4D, 0xA0, 0x1C, 0x34, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x3C, 0x62, 0xF8, 0x5E, 0xA6, 0x58, 0x7D), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x6E, 0x66, 0x8A, 0x3D, 0x17, 0xFF, 0x0F), +}; +static const mbedtls_mpi_uint secp192r1_T_11_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xCD, 0xA8, 0xDD, 0xD1, 0x20, 0x5C, 0xEA), + MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xFE, 0x17, 0xE2, 0xCF, 0xEA, 0x63, 0xDE), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x51, 0xC9, 0x16, 0xDE, 0xB4, 0xB2, 0xDD), +}; +static const mbedtls_mpi_uint secp192r1_T_11_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBE, 0x12, 0xD7, 0xA3, 0x0A, 0x50, 0x33), + MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x87, 0xC5, 0x8A, 0x76, 0x57, 0x07, 0x60), + MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x1F, 0xC6, 0x1B, 0x66, 0xC4, 0x3D, 0x8A), +}; +static const mbedtls_mpi_uint secp192r1_T_12_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xA4, 0x85, 0x13, 0x8F, 0xA7, 0x35, 0x19), + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x0D, 0xFD, 0xFF, 0x1B, 0xD1, 0xD6, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x7A, 0xD0, 0xC3, 0xB4, 0xEF, 0x39, 0x66), +}; +static const mbedtls_mpi_uint secp192r1_T_12_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xFE, 0xA5, 0x9C, 0x34, 0x30, 0x49, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xC5, 0x39, 0x26, 0x06, 0xE3, 0x01, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x2B, 0x66, 0xFC, 0x95, 0x5F, 0x35, 0xF7), +}; +static const mbedtls_mpi_uint secp192r1_T_13_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xCF, 0x54, 0x63, 0x99, 0x57, 0x05, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x6F, 0x00, 0x5F, 0x65, 0x08, 0x47, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x2A, 0x90, 0x6D, 0x67, 0xC6, 0xBC, 0x45), +}; +static const mbedtls_mpi_uint secp192r1_T_13_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x4D, 0x88, 0x0A, 0x35, 0x9E, 0x33, 0x9C), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x17, 0x0C, 0xF8, 0xE1, 0x7A, 0x49, 0x02), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x44, 0x06, 0x8F, 0x0B, 0x70, 0x2F, 0x71), +}; +static const mbedtls_mpi_uint secp192r1_T_14_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x4B, 0xCB, 0xF9, 0x8E, 0x6A, 0xDA, 0x1B), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x43, 0xA1, 0x3F, 0xCE, 0x17, 0xD2, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x0D, 0xD2, 0x6C, 0x82, 0x37, 0xE5, 0xFC), +}; +static const mbedtls_mpi_uint secp192r1_T_14_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x3C, 0xF4, 0x92, 0xB4, 0x8A, 0x95, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x96, 0xF1, 0x0A, 0x34, 0x2F, 0x74, 0x7E), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xA1, 0xAA, 0xBA, 0x86, 0x77, 0x4F, 0xA2), +}; +static const mbedtls_mpi_uint secp192r1_T_15_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x7F, 0xEF, 0x60, 0x50, 0x80, 0xD7, 0xD4), + MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0xAC, 0xC9, 0xFE, 0xEC, 0x0A, 0x1A, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x2F, 0xBE, 0x91, 0xD7, 0xB7, 0x38, 0x48), +}; +static const mbedtls_mpi_uint secp192r1_T_15_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xAE, 0x85, 0x98, 0xFE, 0x05, 0x7F, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBE, 0xFD, 0x11, 0x31, 0x3D, 0x14, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x75, 0xE8, 0x30, 0x01, 0xCB, 0x9B, 0x1C), +}; +static const mbedtls_ecp_point secp192r1_T[16] = { + ECP_POINT_INIT_XY_Z1(secp192r1_T_0_X, secp192r1_T_0_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_1_X, secp192r1_T_1_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_2_X, secp192r1_T_2_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_3_X, secp192r1_T_3_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_4_X, secp192r1_T_4_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_5_X, secp192r1_T_5_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_6_X, secp192r1_T_6_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_7_X, secp192r1_T_7_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_8_X, secp192r1_T_8_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_9_X, secp192r1_T_9_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_10_X, secp192r1_T_10_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_11_X, secp192r1_T_11_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_12_X, secp192r1_T_12_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_13_X, secp192r1_T_13_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_14_X, secp192r1_T_14_Y), + ECP_POINT_INIT_XY_Z0(secp192r1_T_15_X, secp192r1_T_15_Y), +}; +#else +#define secp192r1_T NULL +#endif +#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ + +/* + * Domain parameters for secp224r1 + */ +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +static const mbedtls_mpi_uint secp224r1_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_b[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C), + MBEDTLS_BYTES_TO_T_UINT_4(0x85, 0x0A, 0x05, 0xB4), +}; +static const mbedtls_mpi_uint secp224r1_gx[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34), + MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_4(0xBD, 0x0C, 0x0E, 0xB7), +}; +static const mbedtls_mpi_uint secp224r1_gy[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_4(0x88, 0x63, 0x37, 0xBD), +}; +static const mbedtls_mpi_uint secp224r1_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF), +}; +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +static const mbedtls_mpi_uint secp224r1_T_0_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34), + MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x0C, 0x0E, 0xB7, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_0_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x63, 0x37, 0xBD, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_1_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xF9, 0xB8, 0xD0, 0x3D, 0xD2, 0xD3, 0xFA), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xFD, 0x99, 0x26, 0x19, 0xFE, 0x13, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x0E, 0x4C, 0x48, 0x7C, 0xA2, 0x17, 0x01), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA3, 0x13, 0x57, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_1_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x16, 0x5C, 0x8F, 0xAA, 0xED, 0x0F, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xC5, 0x43, 0x34, 0x93, 0x05, 0x2A, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE3, 0x6C, 0xCA, 0xC6, 0x14, 0xC2, 0x25), + MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x43, 0x6C, 0xD7, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_2_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x5A, 0x98, 0x1E, 0xC8, 0xA5, 0x42, 0xA3), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x49, 0x56, 0x78, 0xF8, 0xEF, 0xED, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0xBB, 0x64, 0xB6, 0x4C, 0x54, 0x5F, 0xD1), + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x0C, 0x33, 0xCC, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_2_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x79, 0xCB, 0x2E, 0x08, 0xFF, 0xD8, 0xE6), + MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x1F, 0xD4, 0xD7, 0x57, 0xE9, 0x39, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xD6, 0x3B, 0x0A, 0x1C, 0x87, 0xB7, 0x6A), + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x30, 0xD8, 0x05, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_3_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x79, 0x74, 0x9A, 0xE6, 0xBB, 0xC2, 0xC2), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x5B, 0xA6, 0x67, 0xC1, 0x91, 0xE7, 0x64), + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xDF, 0x38, 0x82, 0x19, 0x2C, 0x4C, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x2E, 0x39, 0xC5, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_3_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x36, 0x78, 0x4E, 0xAE, 0x5B, 0x02, 0x76), + MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xF6, 0x8B, 0xF8, 0xF4, 0x92, 0x6B, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x4D, 0x71, 0x35, 0xE7, 0x0C, 0x2C, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xA5, 0x1F, 0xAE, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_4_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x1C, 0x4B, 0xDF, 0x5B, 0xF2, 0x51, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x74, 0xB1, 0x5A, 0xC6, 0x0F, 0x0E, 0x61), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x24, 0x09, 0x62, 0xAF, 0xFC, 0xDB, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xE1, 0x80, 0x55, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_4_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x82, 0xFE, 0xAD, 0xC3, 0xE5, 0xCF, 0xD8), + MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xA2, 0x62, 0x17, 0x76, 0xF0, 0x5A, 0xFA), + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xB8, 0xE5, 0xAC, 0xB7, 0x66, 0x38, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xFD, 0x86, 0x05, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_5_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xD3, 0x0C, 0x3C, 0xD1, 0x66, 0xB0, 0xF1), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x59, 0xB4, 0x8D, 0x90, 0x10, 0xB7, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x47, 0x9B, 0xE6, 0x55, 0x8A, 0xE4, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x49, 0xDB, 0x78, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_5_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x97, 0xED, 0xDE, 0xFF, 0xB3, 0xDF, 0x48), + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xB9, 0x83, 0xB7, 0xEB, 0xBE, 0x40, 0x8D), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xD3, 0xD3, 0xCD, 0x0E, 0x82, 0x79, 0x3D), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x83, 0x1B, 0xF0, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_6_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x22, 0xBB, 0x54, 0xD3, 0x31, 0x56, 0xFC), + MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x36, 0xE5, 0xE0, 0x89, 0x96, 0x8E, 0x71), + MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xEF, 0x0A, 0xED, 0xD0, 0x11, 0x4A, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x00, 0x57, 0x27, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_6_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xCA, 0x3D, 0xF7, 0x64, 0x9B, 0x6E, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xE3, 0x70, 0x6B, 0x41, 0xD7, 0xED, 0x8F), + MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x44, 0x44, 0x80, 0xCE, 0x13, 0x37, 0x92), + MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x73, 0x80, 0x79, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_7_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x4D, 0x70, 0x7D, 0x31, 0x0F, 0x1C, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x35, 0x88, 0x47, 0xC4, 0x24, 0x78, 0x3F), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xF0, 0xCD, 0x91, 0x81, 0xB3, 0xDE, 0xB6), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xCE, 0xC6, 0xF7, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_7_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x9C, 0x2D, 0xE8, 0xD2, 0x00, 0x8F, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x5E, 0x7C, 0x0E, 0x0C, 0x6E, 0x58, 0x02), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x81, 0x21, 0xCE, 0x43, 0xF4, 0x24, 0x3D), + MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0xBC, 0xF0, 0xF4, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_8_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x10, 0xC2, 0x74, 0x4A, 0x8F, 0x8A, 0xCF), + MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x67, 0xF4, 0x2B, 0x38, 0x2B, 0x35, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xE7, 0x0C, 0xA9, 0xFA, 0x77, 0x5C, 0xBD), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x33, 0x19, 0x2B, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_8_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x3E, 0x96, 0x22, 0x53, 0xE1, 0xE9, 0xBE), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x13, 0xBC, 0xA1, 0x16, 0xEC, 0x01, 0x1A), + MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x00, 0xC9, 0x7A, 0xC3, 0x73, 0xA5, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xF4, 0x5E, 0xC1, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_9_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x95, 0xD6, 0xD9, 0x32, 0x30, 0x2B, 0xD0), + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x42, 0x09, 0x05, 0x61, 0x2A, 0x7E, 0x82), + MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x84, 0xA2, 0x05, 0x88, 0x64, 0x65, 0xF9), + MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x2D, 0x90, 0xB3, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_9_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xE7, 0x2E, 0x85, 0x55, 0x80, 0x7C, 0x79), + MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xC1, 0xAC, 0x78, 0xB4, 0xAF, 0xFB, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xC3, 0x28, 0x8E, 0x79, 0x18, 0x1F, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x46, 0xCF, 0x49, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_10_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x5F, 0xA8, 0x6C, 0x46, 0x83, 0x43, 0xFA), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xA9, 0x93, 0x11, 0xB6, 0x07, 0x57, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x2A, 0x9D, 0x03, 0x89, 0x7E, 0xD7, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x8C, 0x62, 0xCF, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_10_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x2C, 0x13, 0x59, 0xCC, 0xFA, 0x84, 0x9E), + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xB9, 0x48, 0xBC, 0x57, 0xC7, 0xB3, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x0A, 0x38, 0x24, 0x2E, 0x3A, 0x28, 0x25), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x0A, 0x43, 0xB8, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_11_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x25, 0xAB, 0xC1, 0xEE, 0x70, 0x3C, 0xE1), + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xDB, 0x45, 0x1D, 0x4A, 0x80, 0x75, 0x35), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1F, 0x4D, 0x2D, 0x9A, 0x05, 0xF4, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x10, 0xF0, 0x5A, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_11_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x95, 0xE1, 0xDC, 0x15, 0x86, 0xC3, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xDC, 0x27, 0xD1, 0x56, 0xA1, 0x14, 0x0D), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x0B, 0xD6, 0x77, 0x4E, 0x44, 0xA2, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x42, 0x71, 0x1F, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_12_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x86, 0xB2, 0xB0, 0xC8, 0x2F, 0x7B, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xEF, 0xCB, 0xDB, 0xBC, 0x9E, 0x3B, 0xC5), + MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x03, 0x86, 0xDD, 0x5B, 0xF5, 0x8D, 0x46), + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x95, 0x79, 0xD6, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_12_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x32, 0x14, 0xDA, 0x9B, 0x4F, 0x07, 0x39), + MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x3E, 0xFB, 0x06, 0xEE, 0xA7, 0x40, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x1F, 0xDF, 0x71, 0x61, 0xFD, 0x8B, 0xBE), + MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x8B, 0xAB, 0x8B, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_13_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x34, 0xB3, 0xB4, 0xBC, 0x9F, 0xB0, 0x5E), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x58, 0x48, 0xA8, 0x77, 0xBB, 0x13, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xC6, 0xF7, 0x34, 0xCC, 0x89, 0x21, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x33, 0xDD, 0x1F, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_13_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x81, 0xEF, 0xA4, 0xF2, 0x10, 0x0B, 0xCD), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xF7, 0x6E, 0x72, 0x4A, 0xDF, 0xDD, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x23, 0x0A, 0x53, 0x03, 0x16, 0x62, 0xD2), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x76, 0xFD, 0x3C, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_14_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x14, 0xA1, 0xFA, 0xA0, 0x18, 0xBE, 0x07), + MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x2A, 0xE1, 0xD7, 0xB0, 0x6C, 0xA0, 0xDE), + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xC0, 0xB0, 0xC6, 0x63, 0x24, 0xCD, 0x4E), + MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x38, 0x2C, 0xB1, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_14_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xCD, 0x7D, 0x20, 0x0C, 0xFE, 0xAC, 0xC3), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x97, 0x9F, 0xA2, 0xB6, 0x45, 0xF7, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x99, 0xF3, 0xD2, 0x20, 0x02, 0xEB, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x18, 0x5B, 0x7B, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_15_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xDD, 0x77, 0x91, 0x60, 0xEA, 0xFD, 0xD3), + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xD3, 0xB5, 0xD6, 0x90, 0x17, 0x0E, 0x1A), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xF4, 0x28, 0xC1, 0xF2, 0x53, 0xF6, 0x63), + MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x58, 0xDC, 0x61, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224r1_T_15_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x20, 0x01, 0xFB, 0xF1, 0xBD, 0x5F, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x7F, 0x06, 0xDA, 0x11, 0xCB, 0xBA, 0xA6), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x41, 0x00, 0xA4, 0x1B, 0x30, 0x33, 0x79), + MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xFF, 0x27, 0xCA, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_ecp_point secp224r1_T[16] = { + ECP_POINT_INIT_XY_Z1(secp224r1_T_0_X, secp224r1_T_0_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_1_X, secp224r1_T_1_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_2_X, secp224r1_T_2_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_3_X, secp224r1_T_3_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_4_X, secp224r1_T_4_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_5_X, secp224r1_T_5_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_6_X, secp224r1_T_6_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_7_X, secp224r1_T_7_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_8_X, secp224r1_T_8_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_9_X, secp224r1_T_9_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_10_X, secp224r1_T_10_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_11_X, secp224r1_T_11_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_12_X, secp224r1_T_12_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_13_X, secp224r1_T_13_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_14_X, secp224r1_T_14_Y), + ECP_POINT_INIT_XY_Z0(secp224r1_T_15_X, secp224r1_T_15_Y), +}; +#else +#define secp224r1_T NULL +#endif +#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ + +/* + * Domain parameters for secp256r1 + */ +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +static const mbedtls_mpi_uint secp256r1_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), +}; +static const mbedtls_mpi_uint secp256r1_b[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A), +}; +static const mbedtls_mpi_uint secp256r1_gx[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B), +}; +static const mbedtls_mpi_uint secp256r1_gy[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F), +}; +static const mbedtls_mpi_uint secp256r1_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3), + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), +}; +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +static const mbedtls_mpi_uint secp256r1_T_0_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B), +}; +static const mbedtls_mpi_uint secp256r1_T_0_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F), +}; +static const mbedtls_mpi_uint secp256r1_T_1_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xC8, 0xBA, 0x04, 0xB7, 0x4B, 0xD2, 0xF7), + MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xC6, 0x23, 0x3A, 0xA0, 0x09, 0x3A, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x9D, 0x4C, 0xF9, 0x58, 0x23, 0xCC, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0xED, 0x7B, 0x29, 0x87, 0x0F, 0xFA, 0x3C), +}; +static const mbedtls_mpi_uint secp256r1_T_1_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x69, 0xF2, 0x40, 0x0B, 0xA3, 0x98, 0xCE), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xA8, 0x48, 0x02, 0x0D, 0x1C, 0x12, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xAF, 0x09, 0x83, 0x80, 0xAA, 0x58, 0xA7), + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x12, 0xBE, 0x70, 0x94, 0x76, 0xE3, 0xE4), +}; +static const mbedtls_mpi_uint secp256r1_T_2_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x7D, 0xEF, 0x86, 0xFF, 0xE3, 0x37, 0xDD), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x86, 0x8B, 0x08, 0x27, 0x7C, 0xD7, 0xF6), + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x54, 0x4C, 0x25, 0x4F, 0x9A, 0xFE, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xFD, 0xF0, 0x6D, 0x37, 0x03, 0x69, 0xD6), +}; +static const mbedtls_mpi_uint secp256r1_T_2_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xD5, 0xDA, 0xAD, 0x92, 0x49, 0xF0, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x73, 0x43, 0x9E, 0xAF, 0xA7, 0xD1, 0xF3), + MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x41, 0x07, 0xDF, 0x78, 0x95, 0x3E, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x3D, 0xD1, 0xE6, 0x3C, 0xA5, 0xE2, 0x20), +}; +static const mbedtls_mpi_uint secp256r1_T_3_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x6A, 0x5D, 0x52, 0x35, 0xD7, 0xBF, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xA2, 0xBE, 0x96, 0xF4, 0xF8, 0x02, 0xC3), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x20, 0x49, 0x54, 0xEA, 0xB3, 0x82, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0xDB, 0xEA, 0x02, 0xD1, 0x75, 0x1C, 0x62), +}; +static const mbedtls_mpi_uint secp256r1_T_3_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x85, 0xF4, 0x9E, 0x4C, 0xDC, 0x39, 0x89), + MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x6D, 0xC4, 0x57, 0xD8, 0x03, 0x5D, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x7F, 0x2D, 0x52, 0x6F, 0xC9, 0xDA, 0x4F), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x64, 0xFA, 0xB4, 0xFE, 0xA4, 0xC4, 0xD7), +}; +static const mbedtls_mpi_uint secp256r1_T_4_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x37, 0xB9, 0xC0, 0xAA, 0x59, 0xC6, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x58, 0xD9, 0xED, 0x58, 0x99, 0x65, 0xF7), + MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x7D, 0x26, 0x8C, 0x4A, 0xF9, 0x05, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x73, 0x9A, 0xC9, 0xE7, 0x46, 0xDC, 0x00), +}; +static const mbedtls_mpi_uint secp256r1_T_4_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xD0, 0x55, 0xDF, 0x00, 0x0A, 0xF5, 0x4A), + MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xBF, 0x56, 0x81, 0x2D, 0x20, 0xEB, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xC1, 0x28, 0x52, 0xAB, 0xE3, 0xD1, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x34, 0x79, 0x45, 0x57, 0xA5, 0x12, 0x03), +}; +static const mbedtls_mpi_uint secp256r1_T_5_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xCF, 0xB8, 0x7E, 0xF7, 0x92, 0x96, 0x8D), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x01, 0x8C, 0x0D, 0x23, 0xF2, 0xE3, 0x05), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x2E, 0xE3, 0x84, 0x52, 0x7A, 0x34, 0x76), + MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xA1, 0xB0, 0x15, 0x90, 0xE2, 0x53, 0x3C), +}; +static const mbedtls_mpi_uint secp256r1_T_5_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x98, 0xE7, 0xFA, 0xA5, 0x7D, 0x8B, 0x53), + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x35, 0xD2, 0x00, 0xD1, 0x1B, 0x9F, 0x1B), + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x69, 0x08, 0x9A, 0x72, 0xF0, 0xA9, 0x11), + MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0xFE, 0x0E, 0x14, 0xDA, 0x7C, 0x0E, 0xD3), +}; +static const mbedtls_mpi_uint secp256r1_T_6_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xF6, 0xE8, 0xF8, 0x87, 0xF7, 0xFC, 0x6D), + MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xBE, 0x7F, 0x3F, 0x7A, 0x2B, 0xD7, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x32, 0xF2, 0x2D, 0x94, 0x6D, 0x42, 0xFD), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x9A, 0xE3, 0x5F, 0x42, 0xBB, 0x84, 0xED), +}; +static const mbedtls_mpi_uint secp256r1_T_6_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x95, 0x29, 0x73, 0xA1, 0x67, 0x3E, 0x02), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x30, 0x54, 0x35, 0x8E, 0x0A, 0xDD, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xD7, 0xA1, 0x97, 0x61, 0x3B, 0xF8, 0x0C), + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x33, 0x3C, 0x58, 0x55, 0x34, 0x23, 0xA3), +}; +static const mbedtls_mpi_uint secp256r1_T_7_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x5D, 0x16, 0x5F, 0x7B, 0xBC, 0xBB, 0xCE), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xEE, 0x4E, 0x8A, 0xC1, 0x51, 0xCC, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x0D, 0x4D, 0x1B, 0x53, 0x23, 0x1D, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x2A, 0x38, 0x66, 0x52, 0x84, 0xE1, 0x95), +}; +static const mbedtls_mpi_uint secp256r1_T_7_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x9B, 0x83, 0x0A, 0x81, 0x4F, 0xAD, 0xAC), + MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xFF, 0x42, 0x41, 0x6E, 0xA9, 0xA2, 0xA0), + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xA1, 0x4F, 0x1F, 0x89, 0x82, 0xAA, 0x3E), + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xB8, 0x0F, 0x6B, 0x8F, 0x8C, 0xD6, 0x68), +}; +static const mbedtls_mpi_uint secp256r1_T_8_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0xB3, 0xBB, 0x51, 0x69, 0xA2, 0x11, 0x93), + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x4F, 0x0F, 0x8D, 0xBD, 0x26, 0x0F, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xCB, 0xEC, 0x6B, 0x34, 0xC3, 0x3D, 0x9D), + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x5D, 0x1E, 0x10, 0xD5, 0x44, 0xE2, 0x54), +}; +static const mbedtls_mpi_uint secp256r1_T_8_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x9E, 0xB1, 0xF1, 0x6E, 0x4C, 0xAD, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xE3, 0xC2, 0x58, 0xC0, 0xFB, 0x34, 0x43), + MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x9C, 0xDF, 0x35, 0x07, 0x41, 0xBD, 0x19), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x6E, 0x10, 0xEC, 0x0E, 0xEC, 0xBB, 0xD6), +}; +static const mbedtls_mpi_uint secp256r1_T_9_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xCF, 0xEF, 0x3F, 0x83, 0x1A, 0x88, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x29, 0xB5, 0xB9, 0xE0, 0xC9, 0xA3, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x46, 0x1E, 0x77, 0xCD, 0x7E, 0xB3, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x21, 0xD0, 0xD4, 0xA3, 0x16, 0x08, 0xEE), +}; +static const mbedtls_mpi_uint secp256r1_T_9_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0xCA, 0xA8, 0xB3, 0xBF, 0x29, 0x99, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xF2, 0x05, 0xC1, 0xCF, 0x5D, 0x91, 0x48), + MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x01, 0x49, 0xDB, 0x82, 0xDF, 0x5F, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x06, 0x90, 0xAD, 0xE3, 0x38, 0xA4, 0xC4), +}; +static const mbedtls_mpi_uint secp256r1_T_10_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xD2, 0x3A, 0xE8, 0x03, 0xC5, 0x6D, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x35, 0xD0, 0xAE, 0x1D, 0x7A, 0x9F, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x1E, 0xD2, 0xCB, 0xAC, 0x88, 0x27, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xB9, 0x9C, 0xE0, 0x31, 0xDD, 0x99, 0x86), +}; +static const mbedtls_mpi_uint secp256r1_T_10_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xF9, 0x9B, 0x32, 0x96, 0x41, 0x58, 0x38), + MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x5A, 0x2A, 0xB8, 0x96, 0x0E, 0xB2, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x78, 0x2C, 0xC7, 0x08, 0x99, 0x19, 0x24), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x59, 0x28, 0xE9, 0x84, 0x54, 0xE6, 0x16), +}; +static const mbedtls_mpi_uint secp256r1_T_11_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x38, 0x30, 0xDB, 0x70, 0x2C, 0x0A, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x5C, 0x9D, 0xE9, 0xD5, 0x46, 0x0B, 0x5F), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x0B, 0x60, 0x4B, 0x37, 0x7D, 0xB9, 0xC9), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x24, 0xF3, 0x3D, 0x79, 0x7F, 0x6C, 0x18), +}; +static const mbedtls_mpi_uint secp256r1_T_11_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x7F, 0xE5, 0x1C, 0x4F, 0x60, 0x24, 0xF7, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xD8, 0xE2, 0x91, 0x7F, 0x89, 0x49, 0x92), + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xA7, 0x2E, 0x8D, 0x6A, 0xB3, 0x39, 0x81), + MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x89, 0xB5, 0x9A, 0xB8, 0x8D, 0x42, 0x9C), +}; +static const mbedtls_mpi_uint secp256r1_T_12_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0x45, 0xE6, 0x4B, 0x3F, 0x4F, 0x1E, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x65, 0x5E, 0x59, 0x22, 0xCC, 0x72, 0x5F), + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x93, 0x1A, 0x27, 0x1E, 0x34, 0xC5, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xF2, 0xA5, 0x58, 0x5C, 0x15, 0x2E, 0xC6), +}; +static const mbedtls_mpi_uint secp256r1_T_12_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x7F, 0xBA, 0x58, 0x5A, 0x84, 0x6F, 0x5F), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xA6, 0x36, 0x7E, 0xDC, 0xF7, 0xE1, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x4D, 0xAA, 0xEE, 0x57, 0x76, 0x3A, 0xD3), + MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x7E, 0x26, 0x18, 0x22, 0x23, 0x9F, 0xFF), +}; +static const mbedtls_mpi_uint secp256r1_T_13_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x4C, 0x64, 0xC7, 0x55, 0x02, 0x3F, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x02, 0x90, 0xBB, 0xC3, 0xEC, 0x30, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x6F, 0x64, 0xF4, 0x16, 0x69, 0x48, 0xA4), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x44, 0x9C, 0x95, 0x0C, 0x7D, 0x67, 0x5E), +}; +static const mbedtls_mpi_uint secp256r1_T_13_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x91, 0x8B, 0xD8, 0xD0, 0xD7, 0xE7, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xF9, 0x48, 0x62, 0x6F, 0xA8, 0x93, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x3A, 0x99, 0x02, 0xD5, 0x0B, 0x3D, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xD3, 0x00, 0x31, 0xE6, 0x0C, 0x9F, 0x44), +}; +static const mbedtls_mpi_uint secp256r1_T_14_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xB2, 0xAA, 0xFD, 0x88, 0x15, 0xDF, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0x35, 0x27, 0x31, 0x44, 0xCD, 0xC0, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xF8, 0x91, 0xA5, 0x71, 0x94, 0x84, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xCB, 0xD0, 0x93, 0xE9, 0x88, 0xDA, 0xE4), +}; +static const mbedtls_mpi_uint secp256r1_T_14_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xC6, 0x39, 0x16, 0x5D, 0xA3, 0x1E, 0x6D), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x07, 0x37, 0x26, 0x36, 0x2A, 0xFE, 0x60), + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xBC, 0xF3, 0xD0, 0xDE, 0x50, 0xFC, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x2E, 0x06, 0x10, 0x15, 0x4D, 0xFA, 0xF7), +}; +static const mbedtls_mpi_uint secp256r1_T_15_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x65, 0x69, 0x5B, 0x66, 0xA2, 0x75, 0x2E), + MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x16, 0x00, 0x5A, 0xB0, 0x30, 0x25, 0x1A), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xFB, 0x86, 0x42, 0x80, 0xC1, 0xC4, 0x76), + MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x1D, 0x83, 0x8E, 0x94, 0x01, 0x5F, 0x82), +}; +static const mbedtls_mpi_uint secp256r1_T_15_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x37, 0x70, 0xEF, 0x1F, 0xA1, 0xF0, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x10, 0x5B, 0xCE, 0xC4, 0x9B, 0x6F, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x11, 0x11, 0x24, 0x4F, 0x4C, 0x79, 0x61), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x3A, 0x72, 0xBC, 0xFE, 0x72, 0x58, 0x43), +}; +static const mbedtls_ecp_point secp256r1_T[16] = { + ECP_POINT_INIT_XY_Z1(secp256r1_T_0_X, secp256r1_T_0_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_1_X, secp256r1_T_1_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_2_X, secp256r1_T_2_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_3_X, secp256r1_T_3_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_4_X, secp256r1_T_4_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_5_X, secp256r1_T_5_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_6_X, secp256r1_T_6_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_7_X, secp256r1_T_7_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_8_X, secp256r1_T_8_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_9_X, secp256r1_T_9_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_10_X, secp256r1_T_10_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_11_X, secp256r1_T_11_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_12_X, secp256r1_T_12_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_13_X, secp256r1_T_13_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_14_X, secp256r1_T_14_Y), + ECP_POINT_INIT_XY_Z0(secp256r1_T_15_X, secp256r1_T_15_Y), +}; +#else +#define secp256r1_T NULL +#endif + +#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + +/* + * Domain parameters for secp384r1 + */ +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +static const mbedtls_mpi_uint secp384r1_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), +}; +static const mbedtls_mpi_uint secp384r1_b[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3), +}; +static const mbedtls_mpi_uint secp384r1_gx[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA), +}; +static const mbedtls_mpi_uint secp384r1_gy[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36), +}; +static const mbedtls_mpi_uint secp384r1_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), +}; +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +static const mbedtls_mpi_uint secp384r1_T_0_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA), +}; +static const mbedtls_mpi_uint secp384r1_T_0_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36), +}; +static const mbedtls_mpi_uint secp384r1_T_1_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x92, 0x00, 0x2C, 0x78, 0xDB, 0x1F, 0x37), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xF3, 0xEB, 0xB7, 0x06, 0xF7, 0xB6, 0xBC), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xBC, 0x2C, 0xCF, 0xD8, 0xED, 0x53, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x75, 0x7B, 0xA3, 0xAB, 0xC3, 0x2C, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x9D, 0x78, 0x41, 0xF6, 0x76, 0x84, 0xAC), + MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x56, 0xE8, 0x52, 0xB3, 0xCB, 0xA8, 0xBD), +}; +static const mbedtls_mpi_uint secp384r1_T_1_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xF2, 0xAE, 0xA4, 0xB6, 0x89, 0x1B, 0xDA), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x0F, 0xCE, 0x1C, 0x7C, 0xF6, 0x50, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xEB, 0x90, 0xE6, 0x4D, 0xC7, 0xD4, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x49, 0x2D, 0x8A, 0x01, 0x99, 0x60, 0x94), + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x80, 0x9B, 0x9B, 0x6A, 0xB0, 0x07, 0xD9), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xA2, 0xEE, 0x59, 0xBE, 0x95, 0xBC, 0x23), +}; +static const mbedtls_mpi_uint secp384r1_T_2_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x9D, 0x56, 0xAE, 0x59, 0xFB, 0x1F, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xAC, 0x91, 0x80, 0x87, 0xA8, 0x6E, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x08, 0xA7, 0x08, 0x94, 0x32, 0xFC, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x29, 0x9E, 0x84, 0xF4, 0xE5, 0x6E, 0x7E), + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x21, 0xB9, 0x50, 0x24, 0xF8, 0x9C, 0xC7), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x04, 0x01, 0xC2, 0xFB, 0x77, 0x3E, 0xDE), +}; +static const mbedtls_mpi_uint secp384r1_T_2_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x38, 0xEE, 0xE3, 0xC7, 0x9D, 0xEC, 0xA6), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x88, 0xCF, 0x43, 0xFA, 0x92, 0x5E, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xCA, 0x43, 0xF8, 0x3B, 0x49, 0x7E, 0x75), + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xE7, 0xEB, 0x17, 0x45, 0x86, 0xC2, 0xE1), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x69, 0x57, 0x32, 0xE0, 0x9C, 0xD1, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x10, 0xB8, 0x4D, 0xB8, 0xF4, 0x0D, 0xE3), +}; +static const mbedtls_mpi_uint secp384r1_T_3_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0xDC, 0x9A, 0xB2, 0x79, 0x39, 0x27, 0x16), + MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x71, 0xE4, 0x3B, 0x4D, 0x60, 0x0C, 0xA3), + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xBD, 0x19, 0x40, 0xFA, 0x19, 0x2A, 0x5A), + MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xF8, 0x1E, 0x43, 0xA1, 0x50, 0x8D, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x18, 0x7C, 0x41, 0xFA, 0x7C, 0x1B, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x59, 0x24, 0xC4, 0xE9, 0xB7, 0xD3, 0xAD), +}; +static const mbedtls_mpi_uint secp384r1_T_3_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x01, 0x3D, 0x63, 0x54, 0x45, 0x6F, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xB2, 0x19, 0xA3, 0x86, 0x1D, 0x42, 0x34), + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x02, 0x87, 0x18, 0x92, 0x52, 0x1A, 0x71), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x18, 0xB1, 0x5D, 0x18, 0x1B, 0x37, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x74, 0x61, 0xBA, 0x18, 0xAF, 0x40, 0x30), + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x7D, 0x3C, 0x52, 0x0F, 0x07, 0xB0, 0x6F), +}; +static const mbedtls_mpi_uint secp384r1_T_4_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x39, 0x13, 0xAA, 0x60, 0x15, 0x99, 0x30), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x00, 0xCB, 0xC6, 0xB1, 0xDB, 0x97, 0x90), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xFA, 0x60, 0xB8, 0x24, 0xE4, 0x7D, 0xD3), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x75, 0xB3, 0x70, 0xB2, 0x83, 0xB1, 0x9B), + MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xE3, 0x6C, 0xCD, 0x33, 0x62, 0x7A, 0x56), + MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x30, 0xDC, 0x0F, 0x9F, 0xBB, 0xB8, 0xAA), +}; +static const mbedtls_mpi_uint secp384r1_T_4_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD5, 0x0A, 0x60, 0x81, 0xB9, 0xC5, 0x16), + MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xAA, 0x2F, 0xD6, 0xF2, 0x73, 0xDF, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x7B, 0x74, 0xC9, 0xB3, 0x5B, 0x95, 0x6D), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x04, 0xEB, 0x15, 0xC8, 0x5F, 0x00, 0xF6), + MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x50, 0x20, 0x28, 0xD1, 0x01, 0xAF, 0xF0), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x4F, 0x31, 0x81, 0x2F, 0x94, 0x48), +}; +static const mbedtls_mpi_uint secp384r1_T_5_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2F, 0xD8, 0xB6, 0x63, 0x7C, 0xE9, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x8C, 0xB9, 0x14, 0xD9, 0x37, 0x63, 0xDE), + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x02, 0xB8, 0x46, 0xAD, 0xCE, 0x7B, 0x38), + MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x47, 0x2D, 0x66, 0xA7, 0xE9, 0x33, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xF9, 0x93, 0x94, 0xA8, 0x48, 0xB3, 0x4F), + MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x4A, 0xAC, 0x51, 0x08, 0x72, 0x2F, 0x1A), +}; +static const mbedtls_mpi_uint secp384r1_T_5_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0xAD, 0xA0, 0xF9, 0x81, 0xE1, 0x78, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x9A, 0x63, 0xD8, 0xBA, 0x79, 0x1A, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x31, 0x7B, 0x7A, 0x5A, 0x5D, 0x7D, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x96, 0x12, 0x4B, 0x19, 0x09, 0xE0, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x8A, 0x57, 0xEE, 0x4E, 0x6E, 0x7E, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x9D, 0x69, 0xDC, 0xB3, 0xDA, 0xD8, 0x08), +}; +static const mbedtls_mpi_uint secp384r1_T_6_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x49, 0x03, 0x03, 0x33, 0x6F, 0x28, 0x4A), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xDB, 0xA7, 0x05, 0x8C, 0xF3, 0x4D, 0xFB), + MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x92, 0xB1, 0xA8, 0xEC, 0x0D, 0x64, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0xFC, 0xFD, 0xD0, 0x4B, 0x88, 0x1B, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x9C, 0x51, 0x69, 0xCE, 0x71, 0x73, 0xF5), + MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x5A, 0x14, 0x23, 0x1A, 0x46, 0x63, 0x5F), +}; +static const mbedtls_mpi_uint secp384r1_T_6_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x4C, 0x70, 0x44, 0x18, 0xCD, 0xEF, 0xED), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x49, 0xDD, 0x64, 0x7E, 0x7E, 0x4D, 0x92), + MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x32, 0x7C, 0x09, 0xD0, 0x3F, 0xD6, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE0, 0x4F, 0x65, 0x0C, 0x7A, 0x54, 0x3E), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xFA, 0xFB, 0x4A, 0xB4, 0x79, 0x5A, 0x8C), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x5D, 0x1B, 0x2B, 0xDA, 0xBC, 0x9A, 0x74), +}; +static const mbedtls_mpi_uint secp384r1_T_7_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xAC, 0x56, 0xF7, 0x5F, 0x51, 0x68, 0x0B), + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xE0, 0x1D, 0xBC, 0x13, 0x4E, 0xAC, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xF5, 0xC5, 0xE6, 0xD2, 0x88, 0xBA, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x0E, 0x28, 0x23, 0x58, 0x67, 0xFA, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x80, 0x4B, 0xD8, 0xC4, 0xDF, 0x15, 0xE4), + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x0E, 0x58, 0xE6, 0x2C, 0x59, 0xC2, 0x03), +}; +static const mbedtls_mpi_uint secp384r1_T_7_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x26, 0x27, 0x99, 0x16, 0x2B, 0x22, 0x0B), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xF3, 0x8F, 0xC3, 0x2A, 0x9B, 0xFC, 0x38), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x2E, 0x83, 0x3D, 0xFE, 0x9E, 0x3C, 0x1B), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x57, 0xCD, 0x2D, 0xC1, 0x49, 0x38, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x42, 0x8B, 0x33, 0x89, 0x1F, 0xEA, 0x01), + MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x1D, 0x13, 0xD7, 0x50, 0xBB, 0x3E, 0xEB), +}; +static const mbedtls_mpi_uint secp384r1_T_8_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x9A, 0x52, 0xD2, 0x54, 0x7C, 0x97, 0xF2), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x33, 0x6E, 0xED, 0xD9, 0x87, 0x50, 0xC5), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x35, 0x7E, 0x16, 0x40, 0x15, 0x83, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x2B, 0xA4, 0xAB, 0x03, 0x91, 0xEA, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x47, 0x39, 0xEF, 0x05, 0x59, 0xD0, 0x90), + MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x24, 0x0D, 0x76, 0x11, 0x53, 0x08, 0xAF), +}; +static const mbedtls_mpi_uint secp384r1_T_8_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x2F, 0xDD, 0xBD, 0x50, 0x48, 0xB1, 0xE5), + MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x1C, 0x84, 0x55, 0x78, 0x14, 0xEB, 0xF6), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x5E, 0x3E, 0xA6, 0xAF, 0xF6, 0xC7, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x11, 0xE2, 0x65, 0xCA, 0x41, 0x95, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x83, 0xD8, 0xE6, 0x4D, 0x22, 0x06, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x7F, 0x25, 0x2A, 0xAA, 0x28, 0x46, 0x97), +}; +static const mbedtls_mpi_uint secp384r1_T_9_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xDB, 0x15, 0x56, 0x84, 0xCB, 0xC0, 0x56), + MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xDB, 0x0E, 0x08, 0xC9, 0xF5, 0xD4, 0x9E), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x62, 0xD0, 0x1A, 0x7C, 0x13, 0xD5, 0x07), + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xAD, 0x53, 0xE0, 0x32, 0x21, 0xA0, 0xC0), + MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x38, 0x81, 0x21, 0x23, 0x0E, 0xD2, 0xBB), + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x51, 0x05, 0xD0, 0x1E, 0x82, 0xA9, 0x71), +}; +static const mbedtls_mpi_uint secp384r1_T_9_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xC3, 0x27, 0xBF, 0xC6, 0xAA, 0xB7, 0xB9), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x65, 0x45, 0xDF, 0xB9, 0x46, 0x17, 0x46), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x38, 0x3F, 0xB2, 0xB1, 0x5D, 0xCA, 0x1C), + MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x29, 0x6C, 0x63, 0xE9, 0xD7, 0x48, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xF1, 0xD7, 0x99, 0x8C, 0xC2, 0x05, 0x99), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE6, 0x5E, 0x82, 0x6D, 0xE5, 0x7E, 0xD5), +}; +static const mbedtls_mpi_uint secp384r1_T_10_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x61, 0xFA, 0x7D, 0x01, 0xDB, 0xB6, 0x63), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xC6, 0x58, 0x39, 0xF4, 0xC6, 0x82, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x5A, 0x7A, 0x80, 0x08, 0xCD, 0xAA, 0xD8), + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x8C, 0xC6, 0x3F, 0x3C, 0xA5, 0x68, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xF5, 0xD5, 0x17, 0xAE, 0x36, 0xD8, 0x8A), + MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xAD, 0x92, 0xC5, 0x57, 0x6C, 0xDA, 0x91), +}; +static const mbedtls_mpi_uint secp384r1_T_10_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x67, 0x17, 0xC0, 0x40, 0x78, 0x8C, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x9F, 0xF4, 0xAA, 0xDA, 0x5C, 0x7E, 0xB2), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xDB, 0x42, 0x3E, 0x72, 0x64, 0xA0, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xF9, 0x41, 0x17, 0x43, 0xE3, 0xE8, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xDD, 0xCC, 0x43, 0x7E, 0x16, 0x05, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x4B, 0xCF, 0x48, 0x8F, 0x41, 0x90, 0xE5), +}; +static const mbedtls_mpi_uint secp384r1_T_11_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x0C, 0x6B, 0x9D, 0x22, 0x04, 0xBC, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x63, 0x79, 0x2F, 0x6A, 0x0E, 0x8A, 0xDE), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x67, 0x3F, 0x02, 0xB8, 0x91, 0x7F, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x14, 0x64, 0xA0, 0x33, 0xF4, 0x6B, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x44, 0x71, 0x87, 0xB8, 0x88, 0x3F, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x2B, 0x85, 0x05, 0xC5, 0x44, 0x53, 0x15), +}; +static const mbedtls_mpi_uint secp384r1_T_11_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x2B, 0xFE, 0xD1, 0x1C, 0x73, 0xE3, 0x2E), + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x33, 0xA1, 0xD3, 0x69, 0x1C, 0x9D, 0xD2), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x5A, 0xBA, 0xB6, 0xAE, 0x1B, 0x94, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x74, 0x90, 0x5C, 0x57, 0xB0, 0x3A, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x2F, 0x93, 0x20, 0x24, 0x54, 0x1D, 0x8D), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x78, 0x9D, 0x71, 0x67, 0x5D, 0x49, 0x98), +}; +static const mbedtls_mpi_uint secp384r1_T_12_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xC8, 0x0E, 0x11, 0x8D, 0xE0, 0x8F, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x7F, 0x79, 0x6C, 0x5F, 0xB7, 0xBC, 0xB1), + MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xE1, 0x83, 0x3C, 0x12, 0xBB, 0xEE, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xC2, 0xC4, 0x1B, 0x41, 0x71, 0xB9, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0xEE, 0xBB, 0x1D, 0x89, 0x50, 0x88, 0xF2), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x1C, 0x55, 0x74, 0xEB, 0xDE, 0x92, 0x3F), +}; +static const mbedtls_mpi_uint secp384r1_T_12_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x38, 0x92, 0x06, 0x19, 0xD0, 0xB3, 0xB2), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x99, 0x26, 0xA3, 0x5F, 0xE2, 0xC1, 0x81), + MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xFC, 0xFD, 0xC3, 0xB6, 0x26, 0x24, 0x8F), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xAD, 0xE7, 0x49, 0xB7, 0x64, 0x4B, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x4E, 0x95, 0xAD, 0x07, 0xFE, 0xB6, 0x30), + MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x15, 0xE7, 0x2D, 0x19, 0xA9, 0x08, 0x10), +}; +static const mbedtls_mpi_uint secp384r1_T_13_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xBD, 0xAC, 0x0A, 0x3F, 0x6B, 0xFF, 0xFA), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xE4, 0x74, 0x14, 0xD9, 0x70, 0x1D, 0x71), + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xB0, 0x71, 0xBB, 0xD8, 0x18, 0x96, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0xB8, 0x19, 0x90, 0x80, 0xB5, 0xEE, 0x01), + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x21, 0x20, 0xA6, 0x17, 0x48, 0x03, 0x6F), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x1D, 0xBB, 0x6D, 0x94, 0x20, 0x34, 0xF1), +}; +static const mbedtls_mpi_uint secp384r1_T_13_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x82, 0x67, 0x4B, 0x8E, 0x4E, 0xBE, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xDA, 0x77, 0xF8, 0x23, 0x55, 0x2B, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x02, 0xDE, 0x25, 0x35, 0x2D, 0x74, 0x51), + MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x0C, 0xB8, 0x0B, 0x39, 0xBA, 0xAD, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x0E, 0x28, 0x4D, 0xE1, 0x3D, 0xE4, 0x1B), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xEC, 0x0A, 0xD4, 0xB8, 0xC4, 0x8D, 0xB0), +}; +static const mbedtls_mpi_uint secp384r1_T_14_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x68, 0xCE, 0xC2, 0x55, 0x4D, 0x0C, 0x6D), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x20, 0x93, 0x32, 0x90, 0xD6, 0xAE, 0x47), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x78, 0xAB, 0x43, 0x9E, 0xEB, 0x73, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x97, 0xC3, 0x83, 0xA6, 0x3C, 0xF1, 0xBF), + MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x25, 0x25, 0x66, 0x08, 0x26, 0xFA, 0x4B), + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xFB, 0x44, 0x5D, 0x82, 0xEC, 0x3B, 0xAC), +}; +static const mbedtls_mpi_uint secp384r1_T_14_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x90, 0xEA, 0xB5, 0x04, 0x99, 0xD0, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0xF2, 0x22, 0xA0, 0xEB, 0xFD, 0x45, 0x87), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA4, 0x81, 0x32, 0xFC, 0xFA, 0xEE, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xBB, 0xA4, 0x6A, 0x77, 0x41, 0x5C, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x1E, 0xAA, 0x4F, 0xF0, 0x10, 0xB3, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x74, 0x13, 0x14, 0x9E, 0x90, 0xD7, 0xE6), +}; +static const mbedtls_mpi_uint secp384r1_T_15_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0xBD, 0x70, 0x4F, 0xA8, 0xD1, 0x06, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x4E, 0x2E, 0x68, 0xFC, 0x35, 0xFA, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x53, 0x75, 0xED, 0xF2, 0x5F, 0xC2, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x87, 0x6B, 0x9F, 0x05, 0xE2, 0x22, 0x93), + MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x1A, 0xA8, 0xB7, 0x03, 0x9E, 0x6D, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xD0, 0x69, 0x88, 0xA8, 0x39, 0x9E, 0x3A), +}; +static const mbedtls_mpi_uint secp384r1_T_15_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xEF, 0x68, 0xFE, 0xEC, 0x24, 0x08, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x06, 0x4B, 0x92, 0x0D, 0xB7, 0x34, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF4, 0xDD, 0x1A, 0xA0, 0x4A, 0xE4, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x63, 0x4F, 0x4F, 0xCE, 0xBB, 0xD6, 0xD3), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xEE, 0x8D, 0xDF, 0x3F, 0x73, 0xB7, 0xAC), + MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x06, 0xB6, 0x80, 0x4D, 0x81, 0xD9, 0x53), +}; +static const mbedtls_mpi_uint secp384r1_T_16_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xF5, 0x13, 0xDF, 0x13, 0x19, 0x97, 0x94), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xF9, 0xB3, 0x33, 0x66, 0x82, 0x21, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xFC, 0x39, 0x16, 0x23, 0x43, 0x76, 0x0E), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x48, 0x25, 0xA1, 0x64, 0x95, 0x1C, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xAC, 0x15, 0x57, 0xD9, 0xDE, 0xA0, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x5F, 0xB8, 0x3D, 0x48, 0x91, 0x24, 0xCC), +}; +static const mbedtls_mpi_uint secp384r1_T_16_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xF2, 0xC8, 0x54, 0xD1, 0x32, 0xBD, 0xC4), + MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x3B, 0xF0, 0xAA, 0x9D, 0xD8, 0xF4, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xC3, 0xBB, 0x6C, 0x66, 0xAC, 0x25, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x25, 0x10, 0xB2, 0xE1, 0x41, 0xDE, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xE8, 0x30, 0xB8, 0x37, 0xBC, 0x2A, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x57, 0x01, 0x4A, 0x1E, 0x78, 0x9F, 0x85), +}; +static const mbedtls_mpi_uint secp384r1_T_17_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x19, 0xCD, 0x12, 0x0B, 0x51, 0x4F, 0x56), + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x4B, 0x3D, 0x24, 0xA4, 0x16, 0x59, 0x05), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xEB, 0xD3, 0x59, 0x2E, 0x75, 0x7C, 0x01), + MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xB9, 0xB4, 0xA5, 0xD9, 0x2E, 0x29, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x16, 0x05, 0x75, 0x02, 0xB3, 0x06, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x7C, 0x9F, 0x79, 0x91, 0xF1, 0x4F, 0x23), +}; +static const mbedtls_mpi_uint secp384r1_T_17_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x98, 0x7C, 0x84, 0xE1, 0xFF, 0x30, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xE2, 0xC2, 0x5F, 0x55, 0x40, 0xBD, 0xCD), + MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x65, 0x87, 0x3F, 0xC4, 0xC2, 0x24, 0x57), + MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x30, 0x0A, 0x60, 0x15, 0xD1, 0x24, 0x48), + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x99, 0xD9, 0xB6, 0xAE, 0xB1, 0xAF, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x80, 0xEE, 0xA2, 0x0F, 0x74, 0xB9, 0xF3), +}; +static const mbedtls_mpi_uint secp384r1_T_18_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xE6, 0x0F, 0x37, 0xC1, 0x10, 0x99, 0x1E), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xAD, 0x9D, 0x5D, 0x80, 0x01, 0xA6, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x0F, 0x10, 0x2A, 0x9D, 0x20, 0x38, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x60, 0xCB, 0xCE, 0x5A, 0xA0, 0xA7, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xCF, 0x14, 0xDF, 0xBF, 0xE5, 0x74, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x12, 0x1A, 0xDD, 0x59, 0x02, 0x5D, 0xC6), +}; +static const mbedtls_mpi_uint secp384r1_T_18_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC9, 0xF8, 0xF5, 0xB6, 0x13, 0x4D, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x45, 0xB1, 0x93, 0xB3, 0xA2, 0x79, 0xDC), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xF6, 0xCF, 0xF7, 0xE6, 0x29, 0x9C, 0xCC), + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x50, 0x65, 0x80, 0xBC, 0x59, 0x0A, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xF0, 0x24, 0x35, 0xA2, 0x46, 0xF0, 0x0C), + MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x26, 0xC0, 0x9D, 0x61, 0x56, 0x62, 0x67), +}; +static const mbedtls_mpi_uint secp384r1_T_19_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xBB, 0xC2, 0x24, 0x43, 0x2E, 0x37, 0x54), + MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xF7, 0xCE, 0x35, 0xFC, 0x77, 0xF3, 0x3F), + MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x34, 0x96, 0xD5, 0x4A, 0x76, 0x9D, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x3B, 0x0F, 0xEA, 0xA8, 0x12, 0x0B, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x3F, 0x5D, 0x2D, 0x1C, 0xD4, 0x9E, 0xFB), + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x2E, 0xDD, 0xC7, 0x6E, 0xAB, 0xAF, 0xDC), +}; +static const mbedtls_mpi_uint secp384r1_T_19_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xB2, 0x7B, 0x0C, 0x9A, 0x83, 0x8E, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x51, 0x90, 0x92, 0x79, 0x32, 0x19, 0xC3), + MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x89, 0xF9, 0xD0, 0xCF, 0x2C, 0xA5, 0x8F), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x50, 0x21, 0xDE, 0x50, 0x41, 0x9D, 0x81), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x7D, 0x2B, 0x9E, 0x9D, 0x95, 0xA8, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA5, 0x20, 0x87, 0x88, 0x97, 0x5F, 0xAA), +}; +static const mbedtls_mpi_uint secp384r1_T_20_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x59, 0xB4, 0x66, 0x7E, 0xE8, 0x5A, 0x60), + MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x5C, 0x7E, 0xB2, 0xAD, 0xD9, 0xC9, 0xDA), + MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x97, 0x49, 0xA3, 0x13, 0x83, 0x07, 0x2E), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x26, 0xC7, 0x13, 0x35, 0x0D, 0xB0, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x60, 0xAB, 0xFA, 0x4B, 0x93, 0x18, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x2D, 0x1C, 0x31, 0x4C, 0xE4, 0x61, 0xAE), +}; +static const mbedtls_mpi_uint secp384r1_T_20_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x4D, 0x1E, 0x51, 0x59, 0x6E, 0x91, 0xC5), + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x54, 0x4D, 0x51, 0xED, 0x36, 0xCC, 0x60), + MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xA8, 0x56, 0xC7, 0x78, 0x27, 0x33, 0xC5), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB7, 0x95, 0xC9, 0x8B, 0xC8, 0x6A, 0xBC), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xE9, 0x13, 0x96, 0xB3, 0xE1, 0xF9, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x46, 0xB0, 0x5E, 0xC3, 0x94, 0x03, 0x05), +}; +static const mbedtls_mpi_uint secp384r1_T_21_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x5B, 0x29, 0x30, 0x41, 0x1A, 0x9E, 0xB6), + MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xCA, 0x83, 0x31, 0x5B, 0xA7, 0xCB, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x41, 0x50, 0x44, 0x4D, 0x64, 0x31, 0x89), + MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x84, 0xC2, 0x5D, 0x97, 0xA5, 0x3C, 0x18), + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x0F, 0xA5, 0xFD, 0x8E, 0x5A, 0x47, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x58, 0x02, 0x2D, 0x40, 0xB1, 0x0B, 0xBA), +}; +static const mbedtls_mpi_uint secp384r1_T_21_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x33, 0x8C, 0x67, 0xCE, 0x23, 0x43, 0x99), + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x53, 0x47, 0x72, 0x44, 0x1F, 0x5B, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xC1, 0xD9, 0xA4, 0x50, 0x88, 0x63, 0x18), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xF2, 0x75, 0x69, 0x73, 0x00, 0xC4, 0x31), + MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x90, 0x1D, 0xDF, 0x1A, 0x00, 0xD8, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xB1, 0x89, 0x48, 0xA8, 0x70, 0x62, 0xEF), +}; +static const mbedtls_mpi_uint secp384r1_T_22_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x8A, 0x55, 0x50, 0x7B, 0xEF, 0x8A, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x1B, 0x23, 0x48, 0x23, 0x63, 0x91, 0xB6), + MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x04, 0x54, 0x3C, 0x24, 0x9B, 0xC7, 0x9A), + MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x38, 0xC3, 0x84, 0xFB, 0xFF, 0x9F, 0x49), + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x2A, 0xE0, 0x6D, 0x68, 0x8A, 0x5C, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x93, 0x53, 0x85, 0xA1, 0x0D, 0xAF, 0x63), +}; +static const mbedtls_mpi_uint secp384r1_T_22_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x88, 0x95, 0x4C, 0x0B, 0xD0, 0x06, 0x51), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xAF, 0x8D, 0x49, 0xA2, 0xC8, 0xB4, 0xE0), + MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x76, 0x53, 0x09, 0x88, 0x43, 0x87, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xA4, 0x77, 0x3F, 0x5E, 0x21, 0xB4, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x9E, 0x86, 0x64, 0xCC, 0x91, 0xC1, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x17, 0x56, 0xCB, 0xC3, 0x7D, 0x5B, 0xB1), +}; +static const mbedtls_mpi_uint secp384r1_T_23_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x74, 0x9F, 0xB5, 0x91, 0x21, 0xB1, 0x1C), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xED, 0xE1, 0x11, 0xEF, 0x45, 0xAF, 0xC1), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x31, 0xBE, 0xB2, 0xBC, 0x72, 0x65, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x4B, 0x8C, 0x77, 0xCE, 0x1E, 0x42, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xC9, 0xAA, 0xB9, 0xD9, 0x86, 0x99, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x23, 0x80, 0xC6, 0x4E, 0x35, 0x0B, 0x6D), +}; +static const mbedtls_mpi_uint secp384r1_T_23_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xD8, 0xA2, 0x0A, 0x39, 0x32, 0x1D, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xC8, 0x86, 0xF1, 0x12, 0x9A, 0x4A, 0x05), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xF1, 0x7C, 0xAA, 0x70, 0x8E, 0xBC, 0x01), + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x01, 0x47, 0x8F, 0xDD, 0x8B, 0xA5, 0xC8), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x08, 0x21, 0xF4, 0xAB, 0xC7, 0xF5, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x76, 0xA5, 0x95, 0xC4, 0x0F, 0x88, 0x1D), +}; +static const mbedtls_mpi_uint secp384r1_T_24_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x42, 0x2A, 0x52, 0xCD, 0x75, 0x51, 0x49), + MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x36, 0xE5, 0x04, 0x2B, 0x44, 0xC6, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xEE, 0x16, 0x13, 0x07, 0x83, 0xB5, 0x30), + MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x59, 0xC6, 0xA2, 0x19, 0x05, 0xD3, 0xC6), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x8B, 0xA8, 0x16, 0x09, 0xB7, 0xEA, 0xD6), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xEE, 0x14, 0xAF, 0xB5, 0xFD, 0xD0, 0xEF), +}; +static const mbedtls_mpi_uint secp384r1_T_24_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x7C, 0xCA, 0x71, 0x3E, 0x6E, 0x66, 0x75), + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x31, 0x0E, 0x3F, 0xE5, 0x91, 0xC4, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x3D, 0xC2, 0x3E, 0x95, 0x37, 0x58, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x1F, 0x02, 0x03, 0xF3, 0xEF, 0xEE, 0x66), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x5B, 0x1A, 0xFC, 0x38, 0xCD, 0xE8, 0x24), + MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x57, 0x42, 0x85, 0xC6, 0x21, 0x68, 0x71), +}; +static const mbedtls_mpi_uint secp384r1_T_25_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xA2, 0x4A, 0x66, 0xB1, 0x0A, 0xE6, 0xC0), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x0C, 0x94, 0x9D, 0x5E, 0x99, 0xB2, 0xCE), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x03, 0x40, 0xCA, 0xB2, 0xB3, 0x30, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x78, 0x48, 0x27, 0x34, 0x1E, 0xE2, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x72, 0x5B, 0xAC, 0xC1, 0x6D, 0xE3, 0x82), + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAB, 0x46, 0xCB, 0xEA, 0x5E, 0x4B, 0x0B), +}; +static const mbedtls_mpi_uint secp384r1_T_25_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x08, 0xAD, 0x4E, 0x51, 0x9F, 0x2A, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5C, 0x7D, 0x4C, 0xD6, 0xCF, 0xDD, 0x02), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x76, 0x26, 0xE0, 0x8B, 0x10, 0xD9, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xA7, 0x23, 0x4E, 0x5F, 0xD2, 0x42, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xE5, 0xA4, 0xEC, 0x77, 0x21, 0x34, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x14, 0x65, 0xEA, 0x4A, 0x85, 0xC3, 0x2F), +}; +static const mbedtls_mpi_uint secp384r1_T_26_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xD8, 0x40, 0x27, 0x73, 0x15, 0x7E, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xBB, 0x53, 0x7E, 0x0F, 0x40, 0xC8, 0xD4), + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x37, 0x19, 0x73, 0xEF, 0x5A, 0x5E, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x73, 0x2B, 0x49, 0x7E, 0xAC, 0x97, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xB2, 0xC3, 0x1E, 0x0E, 0xE7, 0xD2, 0x21), + MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x08, 0xD6, 0xDD, 0xAC, 0x21, 0xD6, 0x3E), +}; +static const mbedtls_mpi_uint secp384r1_T_26_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x26, 0xBE, 0x6D, 0x6D, 0xF2, 0x38, 0x3F), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x6C, 0x31, 0xA7, 0x49, 0x50, 0x3A, 0x89), + MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x99, 0xC6, 0xF5, 0xD2, 0xC2, 0x30, 0x5A), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE4, 0xF6, 0x8B, 0x8B, 0x97, 0xE9, 0xB2), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x21, 0xB7, 0x0D, 0xFC, 0x15, 0x54, 0x0B), + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x83, 0x1C, 0xA4, 0xCD, 0x6B, 0x9D, 0xF2), +}; +static const mbedtls_mpi_uint secp384r1_T_27_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xE8, 0x4C, 0x48, 0xE4, 0xAA, 0x69, 0x93), + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x7A, 0x27, 0xFC, 0x37, 0x96, 0x1A, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0xE7, 0x30, 0xA5, 0xCF, 0x13, 0x46, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xD8, 0xAF, 0x74, 0x23, 0x4D, 0x56, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x3D, 0x44, 0x14, 0x1B, 0x97, 0x83, 0xF0), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x47, 0xD7, 0x5F, 0xFD, 0x98, 0x38, 0xF7), +}; +static const mbedtls_mpi_uint secp384r1_T_27_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x73, 0x64, 0x36, 0xFD, 0x7B, 0xC1, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x5D, 0x32, 0xD2, 0x47, 0x94, 0x89, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xE9, 0x30, 0xAC, 0x06, 0xC8, 0x65, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x6C, 0xB9, 0x1B, 0xF7, 0x61, 0x49, 0x53), + MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xFF, 0x32, 0x43, 0x80, 0xDA, 0xA6, 0xB1), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF8, 0x04, 0x01, 0x95, 0x35, 0xCE, 0x21), +}; +static const mbedtls_mpi_uint secp384r1_T_28_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x06, 0x46, 0x0D, 0x51, 0xE2, 0xD8, 0xAC), + MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x57, 0x1D, 0x6F, 0x79, 0xA0, 0xCD, 0xA6), + MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0xFB, 0x36, 0xCA, 0xAD, 0xF5, 0x9E, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x7A, 0x1D, 0x9E, 0x1D, 0x95, 0x48, 0xDC), + MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x26, 0xA5, 0xB7, 0x15, 0x2C, 0xC2, 0xC6), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x42, 0x72, 0xAA, 0x11, 0xDC, 0xC9, 0xB6), +}; +static const mbedtls_mpi_uint secp384r1_T_28_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x6C, 0x64, 0xA7, 0x62, 0x3C, 0xAB, 0xD4), + MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x6A, 0x44, 0xD8, 0x60, 0xC0, 0xA8, 0x80), + MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x76, 0x58, 0x12, 0x57, 0x3C, 0x89, 0x46), + MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x4F, 0x83, 0xCE, 0xCB, 0xB8, 0xD0, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x84, 0x04, 0xB0, 0xAD, 0xEB, 0xFA, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xA4, 0xC3, 0x41, 0x44, 0x4E, 0x65, 0x3E), +}; +static const mbedtls_mpi_uint secp384r1_T_29_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x16, 0xA9, 0x1C, 0xE7, 0x65, 0x20, 0xC1), + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x53, 0x32, 0xF8, 0xC0, 0xA6, 0xBD, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xF0, 0xE6, 0x57, 0x31, 0xCC, 0x26, 0x6F), + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xE3, 0x54, 0x1C, 0x34, 0xD3, 0x17, 0xBC), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xAE, 0xED, 0xFB, 0xCD, 0xE7, 0x1E, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x16, 0x1C, 0x34, 0x40, 0x00, 0x1F, 0xB6), +}; +static const mbedtls_mpi_uint secp384r1_T_29_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x32, 0x00, 0xC2, 0xD4, 0x3B, 0x1A, 0x09), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xE0, 0x99, 0x8F, 0x0C, 0x4A, 0x16, 0x44), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x73, 0x18, 0x1B, 0xD4, 0x94, 0x29, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xA4, 0x2D, 0xB1, 0x9D, 0x74, 0x32, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xF4, 0xB1, 0x0C, 0x37, 0x62, 0x8B, 0x66), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xFF, 0xDA, 0xE2, 0x35, 0xA3, 0xB6, 0x42), +}; +static const mbedtls_mpi_uint secp384r1_T_30_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x49, 0x99, 0x65, 0xC5, 0xED, 0x16, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x42, 0x9A, 0xF3, 0xA7, 0x4E, 0x6F, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x0A, 0x7E, 0xC0, 0xD7, 0x4E, 0x07, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x7A, 0x31, 0x69, 0xA6, 0xB9, 0x15, 0x34), + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xE0, 0x72, 0xA4, 0x3F, 0xB9, 0xF8, 0x0C), + MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x75, 0x32, 0x85, 0xA2, 0xDE, 0x37, 0x12), +}; +static const mbedtls_mpi_uint secp384r1_T_30_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xC0, 0x0D, 0xCF, 0x25, 0x41, 0xA4, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xFC, 0xB2, 0x48, 0xC3, 0x85, 0x83, 0x4B), + MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xBE, 0x0B, 0x58, 0x2D, 0x7A, 0x9A, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xF3, 0x81, 0x18, 0x1B, 0x74, 0x4F, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x43, 0xA3, 0x0A, 0x16, 0x8B, 0xA3, 0x1E), + MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x18, 0x81, 0x7B, 0x8D, 0xA2, 0x35, 0x77), +}; +static const mbedtls_mpi_uint secp384r1_T_31_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xC4, 0x3F, 0x2C, 0xE7, 0x5F, 0x99, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x2B, 0xB7, 0xB6, 0xAD, 0x5A, 0x56, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x00, 0xA4, 0x48, 0xC8, 0xE8, 0xBA, 0xBF), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xA1, 0xB5, 0x13, 0x5A, 0xCD, 0x99, 0x9C), + MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x95, 0xAD, 0xFC, 0xE2, 0x7E, 0xE7, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x6B, 0xD1, 0x34, 0x99, 0x53, 0x63, 0x0B), +}; +static const mbedtls_mpi_uint secp384r1_T_31_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x8A, 0x77, 0x5D, 0x2B, 0xAB, 0x01, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x85, 0xD0, 0xD5, 0x49, 0x83, 0x4D, 0x60), + MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xC6, 0x91, 0x30, 0x3B, 0x00, 0xAF, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xAE, 0x61, 0x07, 0xE1, 0xB6, 0xE2, 0xC9), + MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x43, 0x41, 0xFE, 0x9B, 0xB6, 0xF0, 0xA5), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x97, 0xAE, 0xAD, 0x89, 0x88, 0x9E, 0x41), +}; +static const mbedtls_ecp_point secp384r1_T[32] = { + ECP_POINT_INIT_XY_Z1(secp384r1_T_0_X, secp384r1_T_0_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_1_X, secp384r1_T_1_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_2_X, secp384r1_T_2_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_3_X, secp384r1_T_3_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_4_X, secp384r1_T_4_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_5_X, secp384r1_T_5_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_6_X, secp384r1_T_6_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_7_X, secp384r1_T_7_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_8_X, secp384r1_T_8_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_9_X, secp384r1_T_9_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_10_X, secp384r1_T_10_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_11_X, secp384r1_T_11_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_12_X, secp384r1_T_12_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_13_X, secp384r1_T_13_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_14_X, secp384r1_T_14_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_15_X, secp384r1_T_15_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_16_X, secp384r1_T_16_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_17_X, secp384r1_T_17_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_18_X, secp384r1_T_18_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_19_X, secp384r1_T_19_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_20_X, secp384r1_T_20_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_21_X, secp384r1_T_21_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_22_X, secp384r1_T_22_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_23_X, secp384r1_T_23_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_24_X, secp384r1_T_24_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_25_X, secp384r1_T_25_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_26_X, secp384r1_T_26_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_27_X, secp384r1_T_27_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_28_X, secp384r1_T_28_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_29_X, secp384r1_T_29_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_30_X, secp384r1_T_30_Y), + ECP_POINT_INIT_XY_Z0(secp384r1_T_31_X, secp384r1_T_31_Y), +}; +#else +#define secp384r1_T NULL +#endif + +#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +/* + * Domain parameters for secp521r1 + */ +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +static const mbedtls_mpi_uint secp521r1_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01), +}; +static const mbedtls_mpi_uint secp521r1_b[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56), + MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92), + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95), + MBEDTLS_BYTES_TO_T_UINT_2(0x51, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_gx[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33), + MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85), + MBEDTLS_BYTES_TO_T_UINT_2(0xC6, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_gy[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39), + MBEDTLS_BYTES_TO_T_UINT_2(0x18, 0x01), +}; +static const mbedtls_mpi_uint secp521r1_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01), +}; +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +static const mbedtls_mpi_uint secp521r1_T_0_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33), + MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_0_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39), + MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_1_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xB1, 0x2D, 0xEB, 0x27, 0x2F, 0xE8, 0xDA), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x4B, 0x44, 0x25, 0xDB, 0x5C, 0x5F, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x85, 0x28, 0x78, 0x2E, 0x75, 0x34, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x57, 0x0F, 0x73, 0x78, 0x7A, 0xE3, 0x53), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD8, 0xEC, 0xDC, 0xDA, 0x04, 0xAD, 0xAB), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x8A, 0x09, 0xF3, 0x58, 0x79, 0xD8, 0x29), + MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x03, 0xCB, 0x50, 0x1A, 0x7F, 0x56, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xA6, 0x78, 0x38, 0x85, 0x67, 0x0B, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_1_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xD5, 0xD2, 0x22, 0xC4, 0x00, 0x3B, 0xBA), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x93, 0x0E, 0x7B, 0x85, 0x51, 0xC3, 0x06), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA6, 0x5F, 0x54, 0x49, 0x02, 0x81, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xE9, 0x6B, 0x3A, 0x92, 0xE7, 0x72, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x5F, 0x28, 0x9E, 0x91, 0x27, 0x88, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x28, 0x31, 0xB3, 0x84, 0xCA, 0x12, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xF9, 0xAC, 0x22, 0x10, 0x0A, 0x64, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xC6, 0x33, 0x1F, 0x69, 0x19, 0x18, 0xBF), + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_2_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x48, 0xB8, 0xC7, 0x37, 0x5A, 0x00, 0x36), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xCC, 0x32, 0xE0, 0xEE, 0x03, 0xC2, 0xBA), + MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x29, 0xC2, 0xE4, 0x6E, 0x24, 0x20, 0x8D), + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x6B, 0x7F, 0x7B, 0xF9, 0xB0, 0xB8, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x7B, 0x3C, 0xE1, 0x19, 0xA1, 0x23, 0x02), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE3, 0xC2, 0x53, 0xC0, 0x07, 0x13, 0xA9), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFE, 0x36, 0x35, 0x9F, 0x5E, 0x59, 0xCE), + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x55, 0x89, 0x84, 0xBC, 0xEF, 0xA2, 0xC2), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_2_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x1A, 0x08, 0x67, 0xB4, 0xE7, 0x22, 0xED), + MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x26, 0xDF, 0x81, 0x3C, 0x5F, 0x1C, 0xDA), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x4D, 0xD0, 0x0A, 0x48, 0x06, 0xF4, 0x48), + MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x18, 0x39, 0xF7, 0xD1, 0x20, 0x77, 0x8D), + MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x8F, 0x44, 0x13, 0xCB, 0x78, 0x11, 0x11), + MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xE2, 0x49, 0xEA, 0x43, 0x79, 0x08, 0x39), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xD1, 0xD8, 0x73, 0x2C, 0x71, 0x2F, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xE5, 0xE7, 0xF4, 0x46, 0xAB, 0x20, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_3_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x0B, 0xB9, 0x71, 0x1A, 0x27, 0xB7, 0xA7), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xA2, 0x2C, 0xD1, 0xDA, 0xBC, 0xC1, 0xBD), + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xA3, 0x10, 0x1F, 0x90, 0xF2, 0xA5, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xFB, 0x20, 0xF4, 0xC0, 0x70, 0xC0, 0xF5), + MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xA7, 0x99, 0xF0, 0xA5, 0xD3, 0x09, 0xDD), + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0xE8, 0x14, 0x39, 0xBE, 0xCB, 0x60, 0xAF), + MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xD6, 0x14, 0xA9, 0xC9, 0x20, 0xC3, 0xEA), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA8, 0x5B, 0xFD, 0x2D, 0x96, 0xBC, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_3_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x04, 0x45, 0xBE, 0xCE, 0x75, 0x95, 0xF6), + MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xDA, 0x58, 0x49, 0x35, 0x09, 0x8D, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xF0, 0xC0, 0x36, 0xF2, 0xA6, 0x2D, 0x14), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFC, 0x3D, 0xA8, 0xFB, 0x3C, 0xD2, 0x51), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x4D, 0x71, 0x09, 0x18, 0x42, 0xF0, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xC1, 0xCE, 0x9E, 0x6A, 0x49, 0x60, 0x12), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xB1, 0x00, 0xF7, 0xA1, 0x7A, 0x31, 0xB4), + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xC3, 0x86, 0xCD, 0x20, 0x4A, 0x17, 0x86), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_4_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xAB, 0x8B, 0x47, 0x8D, 0xAA, 0xA6, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x97, 0xF0, 0xBC, 0x2D, 0xDC, 0x9D, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x86, 0xB0, 0x74, 0xB2, 0xF4, 0xF6, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBD, 0xAC, 0xE3, 0x8F, 0x43, 0x5C, 0xB1), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xC3, 0xE2, 0x6E, 0x25, 0x49, 0xCD, 0x0B), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x5E, 0x08, 0xB3, 0xB9, 0xAC, 0x5F, 0xD1), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xB7, 0xD1, 0xF4, 0xDC, 0x19, 0xE9, 0xC8), + MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xE4, 0xFA, 0xE1, 0x36, 0x3E, 0xED, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_4_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x67, 0x92, 0x84, 0x6E, 0x48, 0x03, 0x51), + MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x95, 0xEF, 0x8F, 0xB2, 0x82, 0x6B, 0x1C), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFA, 0xB9, 0x55, 0x23, 0xFE, 0x09, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x79, 0x85, 0x4B, 0x0E, 0xD4, 0x35, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x27, 0x45, 0x81, 0xE0, 0x88, 0x52, 0xAD), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x63, 0xA2, 0x4B, 0xBC, 0x5D, 0xB1, 0x92), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x8C, 0x83, 0xD9, 0x3E, 0xD3, 0x42, 0xDA), + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x03, 0x3A, 0x31, 0xBA, 0xE9, 0x3A, 0xD1), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_5_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x10, 0xCD, 0x2D, 0x00, 0xFE, 0x32, 0xA7), + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x6E, 0x1F, 0xDA, 0xF8, 0x6F, 0x4D, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x79, 0x7D, 0x09, 0xE5, 0xD3, 0x03, 0x21), + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xC3, 0xBE, 0xDF, 0x07, 0x65, 0x49, 0xCC), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x57, 0x33, 0xEF, 0xAE, 0x4F, 0x04, 0x27), + MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0xE9, 0x9B, 0xFE, 0xBF, 0xE6, 0x85, 0xF6), + MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xBA, 0xAA, 0x06, 0xC4, 0xC6, 0xB8, 0x57), + MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x83, 0x01, 0xA9, 0xF6, 0x51, 0xE7, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_5_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xA6, 0x15, 0x8E, 0xAB, 0x1F, 0x10, 0x87), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x08, 0x27, 0x1A, 0xA1, 0x21, 0xAD, 0xF5), + MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x09, 0x90, 0x6E, 0x50, 0x90, 0x9A, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x9A, 0xFE, 0xD7, 0xA1, 0xF5, 0xA2, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x7D, 0xE3, 0xDC, 0x21, 0xFB, 0xA4, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xBF, 0x07, 0xFF, 0x45, 0xDF, 0x51, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x5C, 0x34, 0x02, 0x62, 0x9B, 0x08, 0x12), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xCE, 0x9A, 0x6A, 0xEC, 0x75, 0xF6, 0x46), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_6_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x59, 0xF4, 0x78, 0x3C, 0x60, 0xB1, 0x4A), + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x37, 0x84, 0x6A, 0xDC, 0xF2, 0x9A, 0x7D), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x9A, 0x9A, 0x15, 0x36, 0xE0, 0x2B, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x38, 0x9C, 0x50, 0x3D, 0x1E, 0x37, 0x82), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x79, 0xF0, 0x92, 0xF2, 0x8B, 0x18, 0x82), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xE0, 0x82, 0x1E, 0x80, 0x82, 0x4B, 0xD7), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xBB, 0x59, 0x6B, 0x8A, 0x77, 0x41, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xF9, 0xD4, 0xB8, 0x4A, 0x82, 0xCF, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_6_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x8C, 0xC8, 0x9B, 0x72, 0x9E, 0xF7, 0xF9), + MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xCE, 0xE9, 0x77, 0x0A, 0x19, 0x59, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xA1, 0x41, 0x6A, 0x72, 0x4B, 0xB4, 0xDC), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x35, 0x43, 0xE2, 0x8C, 0xBE, 0x0D, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xEB, 0xAD, 0xF3, 0xA9, 0xA6, 0x68, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x2F, 0xE2, 0x48, 0x0C, 0xDB, 0x1F, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x1E, 0x60, 0x9B, 0x2A, 0xD2, 0xC1, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x64, 0xB5, 0xD2, 0xF6, 0xF6, 0x6E, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_7_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x3D, 0x30, 0x78, 0x10, 0x18, 0x41, 0x51), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x1D, 0x1C, 0xE0, 0x6D, 0x83, 0xD1, 0x93), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x03, 0x0B, 0xF5, 0x2F, 0x6C, 0x04, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x3E, 0xD5, 0xFC, 0x31, 0x5B, 0x3A, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x82, 0x2F, 0xFB, 0xFE, 0xF8, 0x76, 0x39), + MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x26, 0xDA, 0x9C, 0x36, 0xF5, 0x93, 0xD1), + MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xE7, 0x6E, 0xD2, 0x7D, 0x81, 0x09, 0xC6), + MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x03, 0xF9, 0x58, 0x48, 0x24, 0xA2, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_7_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x79, 0x0C, 0x8E, 0x6B, 0x95, 0xF3, 0xC4), + MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x10, 0x5C, 0x87, 0x03, 0x39, 0xCF, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xF0, 0xF7, 0xC1, 0x07, 0xA4, 0xF4, 0x3F), + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xE8, 0x02, 0x89, 0x65, 0xC4, 0x72, 0x36), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x88, 0xEA, 0x96, 0x67, 0x0B, 0x5D, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x75, 0x60, 0xA8, 0xBD, 0x74, 0xDF, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xE5, 0x71, 0x50, 0x67, 0xD0, 0xD2, 0xE6), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xFC, 0xE5, 0xC7, 0x77, 0xB0, 0x7F, 0x8C), + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_8_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x86, 0x69, 0xCD, 0x0D, 0x9A, 0xBD, 0x66), + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x17, 0xBC, 0xBB, 0x59, 0x85, 0x7D, 0x0E), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xA8, 0x76, 0xAC, 0x80, 0xA9, 0x72, 0xE0), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x78, 0xC1, 0xE2, 0x4D, 0xAF, 0xF9, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x97, 0x8E, 0x74, 0xC4, 0x4B, 0xB2, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD8, 0xF6, 0xF3, 0xAF, 0x2F, 0x52, 0xE5), + MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x57, 0xF4, 0xCE, 0xEE, 0x43, 0xED, 0x60), + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x46, 0x38, 0xDE, 0x20, 0xFD, 0x59, 0x18), + MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_8_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x18, 0xE8, 0x58, 0xB9, 0x76, 0x2C, 0xE6), + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x54, 0xE4, 0xFE, 0xC7, 0xBC, 0x31, 0x37), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xF8, 0x89, 0xEE, 0x70, 0xB5, 0xB0, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x22, 0x26, 0x9A, 0x53, 0xB9, 0x38, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xA7, 0x19, 0x8C, 0x74, 0x7E, 0x88, 0x46), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xDA, 0x0A, 0xE8, 0xDA, 0xA5, 0xBE, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x5C, 0xF7, 0xB1, 0x0C, 0x72, 0xFB, 0x09), + MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xE2, 0x23, 0xE7, 0x46, 0xB7, 0xE0, 0x91), + MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_9_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x36, 0xBC, 0xBD, 0x48, 0x11, 0x8E, 0x72), + MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xBB, 0xA1, 0xF7, 0x0B, 0x9E, 0xBF, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x28, 0xE1, 0xA2, 0x8F, 0xFC, 0xFC, 0xD6), + MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xFE, 0x19, 0x0A, 0xE5, 0xE7, 0x69, 0x39), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xCD, 0x12, 0xF5, 0xBE, 0xD3, 0x04, 0xF1), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xA8, 0x0D, 0x81, 0x59, 0xC4, 0x79, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xF3, 0x4B, 0x92, 0x65, 0xC3, 0x31, 0xAD), + MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xB5, 0x4F, 0x4D, 0x91, 0xD4, 0xE2, 0xB2), + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_9_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x09, 0x41, 0x79, 0x1D, 0x4D, 0x0D, 0x33), + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x31, 0x18, 0xBA, 0xA0, 0xF2, 0x6E, 0x7E), + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x5B, 0x4D, 0x4F, 0xAF, 0xC9, 0x8C, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x99, 0x9C, 0x06, 0x68, 0xDE, 0xD8, 0x29), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x04, 0xE1, 0xB5, 0x9D, 0x00, 0xBC, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x95, 0x92, 0x8D, 0x72, 0xD3, 0x37, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x4B, 0x27, 0xA2, 0xE8, 0xA4, 0x26, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x45, 0x9C, 0xA9, 0xCB, 0x9F, 0xBA, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_10_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x7E, 0x1B, 0x64, 0xF4, 0xE8, 0xA5, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x20, 0xA9, 0xCA, 0xF3, 0x89, 0xE5, 0xE1), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xED, 0xFC, 0xAB, 0xD9, 0x0A, 0xB9, 0x07), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x6F, 0x46, 0x7C, 0xCD, 0x78, 0xFF, 0x05), + MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xAB, 0x71, 0x5A, 0x94, 0xAB, 0x20, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x2E, 0xEE, 0x87, 0x57, 0x1F, 0xAD, 0xD3), + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x4C, 0x3D, 0xFB, 0x7E, 0xA1, 0x8B, 0x07), + MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xCF, 0x07, 0x86, 0xBA, 0x53, 0x37, 0xCF), + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_10_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x26, 0xB2, 0xB9, 0xE2, 0x91, 0xE3, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xC9, 0x54, 0x84, 0x08, 0x3D, 0x0B, 0xD2), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA8, 0x77, 0x2F, 0x64, 0x45, 0x99, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x96, 0x16, 0x1F, 0xDB, 0x96, 0x28, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x2B, 0x8D, 0xFF, 0xA2, 0x4F, 0x55, 0xD3), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xE6, 0x48, 0xBD, 0x99, 0x3D, 0x12, 0x57), + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x84, 0x59, 0xDA, 0xB9, 0xB6, 0x66, 0x12), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x78, 0x41, 0x92, 0xDF, 0xF4, 0x3F, 0x63), + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_11_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x86, 0x6F, 0x4F, 0xBF, 0x67, 0xDF, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x2B, 0x1E, 0x5F, 0x00, 0xEA, 0xF6, 0x56), + MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xB9, 0x6A, 0x89, 0xD8, 0xC0, 0xD7, 0xA7), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x9A, 0x32, 0x23, 0xA0, 0x02, 0x91, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x7F, 0x6A, 0x15, 0x64, 0x6A, 0x8B, 0xBB), + MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x57, 0x82, 0x58, 0xA9, 0x56, 0xB5, 0xFB), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x50, 0x92, 0x60, 0xCC, 0x81, 0x24, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x3D, 0xAD, 0xDA, 0xD9, 0x51, 0x3E, 0x57), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_11_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xFE, 0x8F, 0xB0, 0x0B, 0xDE, 0x2E, 0x7E), + MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xD2, 0xBE, 0xEF, 0xAC, 0x76, 0x71, 0xA3), + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xE8, 0x72, 0x0B, 0xAC, 0xFE, 0xCA, 0x5A), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x5B, 0xC7, 0xFC, 0xE3, 0x3C, 0x7C, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x04, 0xA7, 0xB9, 0x9B, 0x93, 0xC0, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x48, 0x4B, 0x8E, 0x32, 0xC5, 0xF0, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x42, 0x07, 0xC1, 0xF2, 0xF1, 0x72, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x37, 0x54, 0x9C, 0x88, 0xD2, 0x62, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_12_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x19, 0x8A, 0x89, 0x58, 0xA2, 0x0F, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xCC, 0x4C, 0x97, 0x30, 0x66, 0x34, 0x26), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x6A, 0x1E, 0x1F, 0xDB, 0xC9, 0x5E, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x4D, 0x49, 0xFF, 0x9B, 0x9C, 0xAC, 0x9B), + MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xE4, 0x4B, 0xF2, 0xD4, 0x1A, 0xD2, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xDA, 0xE8, 0x61, 0x9F, 0xC8, 0x49, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xCB, 0xF2, 0x2D, 0x85, 0xF6, 0x8D, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xC5, 0xCD, 0x2C, 0x79, 0xC6, 0x0E, 0x4F), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_12_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x1D, 0x55, 0x0F, 0xF8, 0x22, 0x9F, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x56, 0xBA, 0xE7, 0x57, 0x32, 0xEC, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x9A, 0xC6, 0x4C, 0x09, 0xC4, 0x52, 0x3F), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x1E, 0x6F, 0xF4, 0x7D, 0x27, 0xDD, 0xAF), + MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x11, 0x16, 0xEC, 0x79, 0x83, 0xAD, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x4E, 0x92, 0x1F, 0x19, 0x7D, 0x65, 0xDC), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xFF, 0x78, 0x15, 0x45, 0x63, 0x32, 0xE4), + MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x91, 0xD0, 0x78, 0x58, 0xDA, 0x50, 0x47), + MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_13_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xDE, 0x40, 0xF6, 0x41, 0xB4, 0x3B, 0x95), + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x8D, 0xE0, 0xE1, 0xA9, 0xF0, 0x35, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xD4, 0xBA, 0x7B, 0xCC, 0x1B, 0x3A, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x5A, 0x2E, 0x74, 0x47, 0x14, 0xC3, 0x4D), + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xF0, 0x8B, 0x06, 0x15, 0x8E, 0x0E, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xD2, 0xEB, 0x97, 0x50, 0x7D, 0x31, 0xFC), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x93, 0x4C, 0xDB, 0x97, 0x79, 0x44, 0xF5), + MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xA2, 0xA0, 0x0B, 0xC8, 0x3A, 0x8A, 0xF9), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_13_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x50, 0x92, 0x9E, 0x24, 0x1F, 0xCB, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x16, 0xC9, 0xC5, 0x3D, 0x5A, 0xAF, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xE3, 0x97, 0xE4, 0xA8, 0x50, 0xF6, 0x7E), + MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x57, 0x97, 0x42, 0x78, 0x92, 0x49, 0x0D), + MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xEB, 0x62, 0x24, 0xFB, 0x8F, 0x32, 0xCF), + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x0C, 0x36, 0x6E, 0x8F, 0xE8, 0xE8, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xD3, 0x7C, 0xC7, 0x8D, 0x3F, 0x5C, 0xE1), + MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x64, 0x6A, 0x73, 0x10, 0x79, 0xB8, 0x5A), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_14_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xF9, 0xEF, 0xA5, 0x20, 0x4A, 0x5C, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xF3, 0xF4, 0x49, 0x5B, 0x73, 0xAA, 0x1B), + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xF2, 0xEA, 0x0F, 0x00, 0xAD, 0x53, 0xAB), + MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xB8, 0x66, 0xED, 0xC4, 0x2B, 0x4C, 0x35), + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x2F, 0xC1, 0x9A, 0x37, 0xD2, 0x7F, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xA7, 0x81, 0x38, 0x64, 0xC9, 0x37, 0x38), + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x3B, 0x6C, 0x9F, 0x5B, 0xD9, 0x8B, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x14, 0xD9, 0x08, 0xD8, 0xD2, 0x7E, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_14_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x71, 0xE6, 0x3D, 0xD1, 0xB0, 0xE7, 0xCD), + MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x81, 0x23, 0xEC, 0x2D, 0x42, 0x45, 0xE6), + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x5B, 0x44, 0x6B, 0x89, 0x03, 0x67, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x27, 0xAE, 0x80, 0x5A, 0x33, 0xBE, 0x11), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xB6, 0x64, 0x1A, 0xDF, 0xD3, 0x85, 0x91), + MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x8C, 0x22, 0xBA, 0xD0, 0xBD, 0xCC, 0xA0), + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x3C, 0x01, 0x3A, 0xFF, 0x9D, 0xC7, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xC7, 0x64, 0xB4, 0x59, 0x4E, 0x9F, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_15_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x34, 0x0A, 0x41, 0x94, 0xA8, 0xF2, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xD4, 0xE4, 0xF0, 0x97, 0x45, 0x6D, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x1F, 0x4D, 0x6D, 0xFE, 0xA0, 0xC4, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x28, 0x5C, 0x40, 0xBB, 0x65, 0xD4, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xA8, 0x87, 0x35, 0x20, 0x3A, 0x89, 0x44), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFD, 0x4F, 0xAB, 0x2D, 0xD1, 0xD0, 0xC0), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xE8, 0x00, 0xFC, 0x69, 0x52, 0xF8, 0xD5), + MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x9A, 0x99, 0xE1, 0xDC, 0x9C, 0x3F, 0xD9), + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_15_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x08, 0x98, 0xD9, 0xCA, 0x73, 0xD5, 0xA9), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x2C, 0xE0, 0xA7, 0x3E, 0x91, 0xD7, 0x87), + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x04, 0xB0, 0x54, 0x09, 0xF4, 0x72, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xEE, 0x28, 0xCC, 0xE8, 0x50, 0x78, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x91, 0x03, 0x76, 0xDB, 0x68, 0x24, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xE0, 0x56, 0xB2, 0x5D, 0x12, 0xD3, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x42, 0x59, 0x8B, 0xDF, 0x67, 0xB5, 0xBE), + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xCC, 0xE5, 0x31, 0x53, 0x7A, 0x46, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_16_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x8D, 0x59, 0xB5, 0x1B, 0x0F, 0xF4, 0xAF), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x2F, 0xD1, 0x2C, 0xE0, 0xD8, 0x04, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF4, 0xD7, 0xBA, 0xB0, 0xA3, 0x7E, 0xC9), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x08, 0x51, 0x56, 0xA6, 0x76, 0x67, 0x33), + MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x17, 0x63, 0xFE, 0x56, 0xD0, 0xD9, 0x71), + MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xF6, 0xC3, 0x14, 0x47, 0xC5, 0xA7, 0x31), + MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x4C, 0x80, 0xF6, 0xA2, 0x57, 0xA7, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xB3, 0x7B, 0xF8, 0x2F, 0xE1, 0x3E, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_16_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0xF4, 0xF9, 0x6B, 0x7B, 0x90, 0xDF, 0x30), + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x82, 0xEF, 0x62, 0xA1, 0x4C, 0x53, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x99, 0x76, 0x01, 0xBA, 0x8D, 0x0F, 0x54), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xF4, 0x58, 0x73, 0x56, 0xFE, 0xDD, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xCE, 0xF9, 0xE8, 0xA1, 0x34, 0xC3, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x5F, 0xDC, 0x6A, 0x3D, 0xD8, 0x7F, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xF4, 0x51, 0xB8, 0xB8, 0xC1, 0xD7, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x7D, 0x58, 0xD1, 0xD4, 0x1B, 0x4D, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_17_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x95, 0xDF, 0x00, 0xD8, 0x21, 0xDE, 0x94), + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x47, 0x3C, 0xC3, 0xB2, 0x01, 0x53, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x17, 0x43, 0x23, 0xBD, 0xCA, 0x71, 0xF2), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xBA, 0x0F, 0x4F, 0xDC, 0x41, 0x54, 0xBE), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x39, 0x26, 0x70, 0x53, 0x32, 0x18, 0x11), + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x46, 0x07, 0x97, 0x3A, 0x57, 0xE0, 0x01), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x92, 0x4F, 0xCE, 0xDF, 0x25, 0x80, 0x26), + MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x6F, 0x9A, 0x03, 0x05, 0x4B, 0xD1, 0x47), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_17_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x01, 0x72, 0x30, 0x90, 0x17, 0x51, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xFB, 0x41, 0x65, 0x5C, 0xB4, 0x2D, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xCD, 0xCD, 0xAA, 0x41, 0xCC, 0xBB, 0x07), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xCE, 0x08, 0x0A, 0x63, 0xE9, 0xA2, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA8, 0x21, 0x7F, 0x7A, 0x5B, 0x9B, 0x81), + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x6B, 0x89, 0x44, 0x0A, 0x7F, 0x85, 0x5F), + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xDE, 0x7C, 0x19, 0x5C, 0x65, 0x26, 0x61), + MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xAC, 0x62, 0x29, 0x4A, 0xF1, 0xD0, 0x81), + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_18_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x00, 0x40, 0x87, 0xEB, 0xA9, 0x58, 0x56), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x51, 0x0B, 0xFF, 0x56, 0x35, 0x51, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xAC, 0x08, 0x94, 0x71, 0xDA, 0xEC, 0x99), + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x4D, 0xC5, 0x7B, 0x31, 0x8B, 0x8D, 0x5E), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x05, 0xF1, 0x3E, 0x9E, 0x8F, 0x17, 0x8F), + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x9C, 0x4B, 0x62, 0x94, 0xAD, 0x49, 0xFC), + MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xC9, 0xC6, 0x8F, 0xFD, 0x33, 0x44, 0x34), + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x96, 0x17, 0x7F, 0x42, 0xBE, 0xF7, 0x0D), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_18_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x29, 0x39, 0x13, 0x08, 0x8D, 0x91, 0x47), + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x79, 0xF9, 0x2F, 0xA9, 0x0A, 0xCF, 0xD6), + MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x87, 0x7A, 0xA3, 0x19, 0xAB, 0x55, 0xAD), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x0B, 0x01, 0xC5, 0x56, 0x19, 0x9D, 0x9E), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xDE, 0x82, 0x3B, 0xEA, 0xD3, 0x0B, 0x8C), + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x6B, 0xC7, 0xF3, 0x0F, 0x82, 0x87, 0x6C), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x2E, 0x23, 0xF2, 0x39, 0x9D, 0x49, 0x70), + MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0xDE, 0xAF, 0x7A, 0xEE, 0xB0, 0xDA, 0x70), + MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_19_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x4E, 0x2A, 0x50, 0xFD, 0x8E, 0xC0, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x0F, 0x7C, 0x76, 0x63, 0xD8, 0x89, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x2D, 0xB9, 0x4E, 0xF4, 0xEE, 0x85, 0xCF), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x95, 0x5C, 0x96, 0x5D, 0xAA, 0x59, 0x0B), + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xDB, 0xD2, 0x68, 0x8E, 0x5A, 0x94, 0x60), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x02, 0xBF, 0x77, 0x9F, 0xB9, 0x4C, 0xC9), + MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xDC, 0xC0, 0xCF, 0x81, 0x1E, 0xC4, 0x6C), + MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xCC, 0x37, 0x86, 0xDC, 0xE2, 0x64, 0x72), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_19_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x30, 0xB1, 0x59, 0x20, 0x9D, 0x98, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x0C, 0x9D, 0xF8, 0x20, 0xDC, 0x90, 0xBA), + MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xA0, 0xF4, 0xE7, 0x3E, 0x9C, 0x9E, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x25, 0xA2, 0xB0, 0x54, 0xCD, 0x2E, 0x33), + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD9, 0x42, 0xB0, 0x80, 0xB0, 0xA3, 0x38), + MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xFE, 0x9D, 0x8D, 0x40, 0xFF, 0x27, 0x6D), + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x9D, 0xA6, 0x88, 0x3A, 0x8B, 0x6F, 0x14), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x39, 0xEE, 0x1F, 0x3F, 0xB1, 0x4F, 0x63), + MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_20_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xD7, 0x9E, 0xFF, 0xD2, 0x35, 0x67, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x4F, 0x15, 0x5D, 0xE3, 0xE8, 0x53, 0x86), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xF7, 0x24, 0x98, 0xA2, 0xCB, 0x11, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x2E, 0x25, 0xE1, 0x94, 0xC5, 0xA3, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x82, 0x6E, 0xBA, 0xE7, 0x43, 0x25, 0xB0), + MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x65, 0xB4, 0x49, 0x73, 0x18, 0x35, 0x54), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x5B, 0xBC, 0x62, 0x86, 0x4C, 0xC1, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xF2, 0x95, 0xA2, 0xBB, 0xA2, 0x35, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_20_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x59, 0x62, 0xB0, 0x4B, 0x1E, 0xB4, 0xD8), + MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x55, 0xCE, 0xB0, 0x69, 0xBA, 0x63, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0x69, 0x86, 0xDB, 0x34, 0x7D, 0x68, 0x64), + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x06, 0xCA, 0x55, 0x44, 0x36, 0x2B, 0xBA), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xD4, 0xC4, 0x3D, 0xCD, 0x9E, 0x69, 0xA4), + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x44, 0xE4, 0xBF, 0x31, 0xE6, 0x40, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x4F, 0xFA, 0x75, 0xE3, 0xFB, 0x97, 0x0E), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xC0, 0xBD, 0x1C, 0x48, 0xB0, 0x26, 0xD0), + MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_21_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x7B, 0x32, 0xFA, 0xF2, 0x6D, 0x84, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x21, 0x03, 0x1D, 0x0D, 0x22, 0x55, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xF9, 0x42, 0x03, 0x9C, 0xC2, 0xCB, 0xBA), + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xA1, 0x96, 0xD9, 0x9D, 0x11, 0x6F, 0xBE), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x40, 0x57, 0xEB, 0x40, 0x2D, 0xC0, 0x11), + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x96, 0xBB, 0x4F, 0x2F, 0x23, 0xA8, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x29, 0x85, 0x21, 0xA5, 0x50, 0x62, 0x06), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x7D, 0x92, 0xCF, 0x87, 0x0C, 0x22, 0xF9), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_21_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x0E, 0xA5, 0x32, 0x5B, 0xDF, 0x9C, 0xD5), + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x96, 0x37, 0x2C, 0x88, 0x35, 0x30, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xB4, 0x69, 0xFF, 0xEB, 0xC6, 0x94, 0x08), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x55, 0x60, 0xAD, 0xAA, 0x58, 0x14, 0x88), + MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xFF, 0xF2, 0xB2, 0xD5, 0xA7, 0xD9, 0x27), + MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xAE, 0x54, 0xD2, 0x60, 0x31, 0xF3, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x92, 0x83, 0xE3, 0xF1, 0x42, 0x83, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xD2, 0xC8, 0xB7, 0x76, 0x45, 0x7F, 0x7D), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_22_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x11, 0xA4, 0xFB, 0x7A, 0x01, 0xBC, 0xC8), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x27, 0x73, 0x8D, 0x02, 0x91, 0x27, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x62, 0xF6, 0xDD, 0x6B, 0xFA, 0x5B, 0xB9), + MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xCA, 0xA2, 0x44, 0x2C, 0xF0, 0x28, 0xD8), + MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xF1, 0x7A, 0xA2, 0x42, 0x4C, 0x50, 0xC6), + MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x83, 0x3E, 0x50, 0xAB, 0x9C, 0xF7, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xED, 0x78, 0xCB, 0x76, 0x69, 0xDA, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x01, 0x1E, 0x43, 0x27, 0x47, 0x6E, 0xDA), + MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_22_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x4F, 0x54, 0xB9, 0x3E, 0xBD, 0xD5, 0x44), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x35, 0x40, 0x69, 0x7F, 0x74, 0x9D, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x06, 0x6F, 0x67, 0x68, 0x2B, 0x4D, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x65, 0x41, 0xFC, 0x7C, 0x1E, 0xE8, 0xC8), + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x79, 0x37, 0xAF, 0xFD, 0xD2, 0xDA, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xA8, 0x69, 0x56, 0x62, 0xA4, 0xE4, 0xA3), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x71, 0x73, 0x21, 0x8A, 0x17, 0x81, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x55, 0x8F, 0x7B, 0xB8, 0xAF, 0xF7, 0x86), + MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_23_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xD1, 0xBD, 0xBE, 0x8C, 0xBC, 0x60, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xA6, 0x57, 0x8C, 0xAE, 0x5C, 0x19, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x43, 0xE4, 0xD9, 0xD8, 0x7B, 0xE7, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xB9, 0xE4, 0x85, 0x7C, 0x2E, 0xFC, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x2E, 0x01, 0x2A, 0x6D, 0x56, 0xBE, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x0C, 0x25, 0x9B, 0xAE, 0x86, 0x37, 0x43), + MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x22, 0xB3, 0xCB, 0x99, 0x66, 0xB7, 0x9E), + MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xF7, 0x90, 0xF0, 0x1B, 0x09, 0x27, 0xF7), + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_23_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x16, 0x08, 0xEF, 0x39, 0x64, 0x49, 0x31), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xA0, 0xE3, 0x97, 0xA9, 0x07, 0x54, 0x26), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xFF, 0xE2, 0x00, 0x07, 0x21, 0x88, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xFD, 0x59, 0x53, 0x05, 0x6C, 0x42, 0x27), + MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xF7, 0x39, 0x5C, 0x82, 0x36, 0xE8, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x83, 0xA8, 0xE2, 0xA8, 0x43, 0x07, 0x38), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xAF, 0x2B, 0x79, 0xED, 0xD8, 0x39, 0x87), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x20, 0x91, 0x7A, 0xC4, 0x07, 0xEF, 0x6C), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_24_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x10, 0x2F, 0xAA, 0x0C, 0x94, 0x0E, 0x5A), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x81, 0x87, 0x41, 0x23, 0xEB, 0x55, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x53, 0xCC, 0x79, 0xB6, 0xEB, 0x6C, 0xCC), + MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x77, 0x73, 0x9D, 0xFC, 0x64, 0x6F, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x40, 0xE3, 0x6D, 0x1C, 0x16, 0x71, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xF4, 0x1B, 0xFF, 0x1C, 0x2F, 0xA5, 0xD7), + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x0E, 0x0B, 0x11, 0xF4, 0x8D, 0x93, 0xAF), + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xC5, 0x64, 0x6F, 0x24, 0x19, 0xF2, 0x9B), + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_24_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xB3, 0xAF, 0xA5, 0x0E, 0x4F, 0x5E, 0xE1), + MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x77, 0xCA, 0xF2, 0x6D, 0xC5, 0xF6, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x18, 0x8E, 0x33, 0x68, 0x6C, 0xE8, 0xE0), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x8B, 0x80, 0x90, 0x19, 0x7F, 0x90, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x80, 0x6B, 0x68, 0xE2, 0x7D, 0xD4, 0xD0), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xC1, 0x67, 0xB3, 0x72, 0xCB, 0xBF, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xD5, 0xD3, 0x1D, 0x14, 0x58, 0x0A, 0x80), + MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x7A, 0x65, 0x98, 0xB3, 0x07, 0x4B, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_25_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x87, 0x0F, 0x5F, 0xCF, 0xA2, 0x01, 0x08), + MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xC9, 0xC8, 0x6E, 0x35, 0x87, 0xA5, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x3E, 0x91, 0xA0, 0xAB, 0x24, 0x1E, 0xF2), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xBC, 0x02, 0x35, 0x70, 0xC1, 0x5F, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x59, 0xA0, 0x50, 0x04, 0x80, 0x52, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x56, 0x6E, 0x42, 0x8F, 0x8C, 0x91, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xA2, 0xCB, 0xA5, 0xDE, 0x14, 0x24, 0x38), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xCB, 0x74, 0x28, 0xE6, 0xA7, 0xE7, 0xC3), + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_25_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x73, 0xA8, 0x8F, 0x9E, 0x0E, 0x63, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x1B, 0x77, 0xC7, 0xC1, 0x38, 0xF9, 0xDC), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x3C, 0xCF, 0xA8, 0x7A, 0xD7, 0xF3, 0xC4), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x5F, 0x9A, 0xC9, 0xAD, 0xE9, 0x1A, 0x93), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xCF, 0x2B, 0x5E, 0xD5, 0x81, 0x95, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x88, 0x75, 0x29, 0x1F, 0xC7, 0xC7, 0xD0), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA9, 0x5A, 0x4D, 0x63, 0x95, 0xF9, 0x4E), + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xCD, 0x04, 0x8F, 0xCD, 0x91, 0xDE, 0xC6), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_26_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xD4, 0xFD, 0x25, 0x11, 0x99, 0x6E, 0xEA), + MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x83, 0x01, 0x3D, 0xFB, 0x56, 0xA5, 0x4E), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x3A, 0xDC, 0x74, 0xC2, 0xD7, 0xCF, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xBD, 0xF1, 0xDD, 0xA3, 0x07, 0x03, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xBE, 0xE9, 0x2E, 0x58, 0x84, 0x66, 0xFC), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x20, 0x78, 0x37, 0x79, 0x0B, 0xA6, 0x64), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xF2, 0xAC, 0x65, 0xC8, 0xC9, 0x2F, 0x61), + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x93, 0xE5, 0x0D, 0x0C, 0xC6, 0xB8, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_26_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xAD, 0x5C, 0x19, 0x12, 0x61, 0x0E, 0x25), + MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x4F, 0x0B, 0x1F, 0x49, 0x7E, 0xCD, 0x81), + MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2E, 0x30, 0x61, 0xDB, 0x08, 0x68, 0x9B), + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x78, 0xAF, 0xB3, 0x08, 0xC1, 0x69, 0xE5), + MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x5F, 0x5D, 0xC1, 0x57, 0x6F, 0xD8, 0x34), + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0xD3, 0x6A, 0xF7, 0xFD, 0x86, 0xE5, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x63, 0xBD, 0x70, 0x7B, 0x47, 0xE8, 0x6D), + MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x62, 0xC8, 0x7E, 0x9D, 0x11, 0x2B, 0xA5), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_27_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x84, 0xFD, 0xD5, 0x9A, 0x56, 0x7F, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xBB, 0xA4, 0x6F, 0x12, 0x6E, 0x4D, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x08, 0xA1, 0x82, 0x9C, 0x62, 0x74, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x58, 0x22, 0x05, 0x1D, 0x15, 0x35, 0x79), + MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x88, 0xCF, 0x5C, 0x05, 0x78, 0xFB, 0x94), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x6B, 0x2F, 0x79, 0x09, 0x73, 0x67, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA0, 0x80, 0xD8, 0xE8, 0xEC, 0xFB, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xE7, 0x0B, 0xB7, 0x81, 0x48, 0x7B, 0xD9), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_27_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x53, 0xA9, 0xED, 0x61, 0x92, 0xD7, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x49, 0xD9, 0x5D, 0x9B, 0x4E, 0x89, 0x35), + MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x12, 0xEB, 0x9A, 0xC9, 0xCB, 0xC1, 0x95), + MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xDC, 0x95, 0x16, 0xFE, 0x29, 0x70, 0x01), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x33, 0xB1, 0xD6, 0x78, 0xB9, 0xE2, 0x36), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xCE, 0x88, 0xC3, 0xFD, 0x7A, 0x6B, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x1E, 0x50, 0x1E, 0xAF, 0xB1, 0x25, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xE7, 0xD7, 0xD5, 0xBD, 0x7A, 0x12, 0xF9), + MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_28_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xAA, 0xA2, 0x80, 0x5D, 0x8F, 0xCD, 0xC8), + MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x39, 0x79, 0x64, 0xA1, 0x67, 0x3C, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xC7, 0x49, 0xFF, 0x7F, 0xAC, 0xAB, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x54, 0x3E, 0x83, 0xF0, 0x3D, 0xBC, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x92, 0x4A, 0x38, 0x42, 0x8A, 0xAB, 0xF6), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x0B, 0x4F, 0xEE, 0x9E, 0x92, 0xA5, 0xBE), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xDD, 0x19, 0x96, 0xF2, 0xF0, 0x6B, 0x2E), + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xFC, 0xDD, 0xB2, 0x8A, 0xE5, 0x4C, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_28_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x06, 0x49, 0xAC, 0x99, 0x7E, 0xF8, 0x12), + MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xC8, 0x01, 0x51, 0xEA, 0xF6, 0x52, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x89, 0x66, 0x2B, 0x1F, 0x9B, 0x2A, 0xA3), + MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x0F, 0x95, 0x07, 0x2B, 0x6C, 0x6E, 0x9E), + MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xC3, 0xB4, 0xBB, 0x91, 0x1F, 0xA3, 0x72), + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x6E, 0x54, 0x28, 0x7B, 0x9C, 0x79, 0x2E), + MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x45, 0xFF, 0xA6, 0xDA, 0xA2, 0x83, 0x71), + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xDE, 0x8F, 0x17, 0x37, 0x82, 0xCB, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_29_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x94, 0x3F, 0x26, 0xC9, 0x1D, 0xD9, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x97, 0x28, 0x20, 0xCD, 0xC1, 0xF3, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xC9, 0xB5, 0x60, 0x9B, 0x1E, 0xDC, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xB9, 0x5B, 0x7D, 0xA0, 0xB2, 0x8C, 0xF0), + MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xD1, 0x42, 0xE6, 0x39, 0x33, 0x6D, 0xBB), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xC0, 0xFC, 0xD2, 0x14, 0x5D, 0x3E, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x4A, 0x3E, 0x40, 0x16, 0x93, 0x15, 0xCF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x24, 0xC1, 0x27, 0x27, 0xE5, 0x4B, 0xD8), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_29_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x50, 0xD8, 0xBC, 0xC1, 0x46, 0x22, 0xBB), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x0E, 0x60, 0xA1, 0xB3, 0x50, 0xD4, 0x86), + MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xB1, 0x26, 0xB6, 0x6D, 0x47, 0x5A, 0x6F), + MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0xAC, 0x11, 0x35, 0x3E, 0xB9, 0xF4, 0x01), + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x97, 0xFA, 0xBB, 0x6B, 0x39, 0x13, 0xD8), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x7B, 0x34, 0x12, 0x75, 0x8E, 0x9B, 0xC6), + MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x9E, 0xCD, 0x29, 0xB6, 0xEF, 0x8D, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xAC, 0xE9, 0x25, 0x27, 0xBB, 0x78, 0x47), + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_30_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x7A, 0xA8, 0xD3, 0xE3, 0x66, 0xE5, 0x66), + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x4C, 0xC4, 0x2C, 0x76, 0x81, 0x50, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x71, 0x08, 0xB8, 0x52, 0x7C, 0xAF, 0xDC), + MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x59, 0x24, 0xDD, 0xFB, 0x2F, 0xD0, 0xDA), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xCD, 0x56, 0xE9, 0xAC, 0x91, 0xE6, 0xB9), + MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x64, 0x20, 0xC6, 0x9F, 0xE4, 0xEF, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x2C, 0x8F, 0x8C, 0x97, 0xF6, 0x22, 0xC3), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF4, 0x88, 0xAA, 0xA8, 0xD7, 0xA5, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_30_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x6C, 0xAE, 0x83, 0xB1, 0x55, 0x55, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x67, 0x84, 0x47, 0x7C, 0x83, 0x5C, 0x89), + MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x10, 0x4D, 0xDD, 0x30, 0x60, 0xB0, 0xE6), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xA7, 0x36, 0x76, 0x24, 0x32, 0x9F, 0x9D), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x42, 0x81, 0xFB, 0xA4, 0x2E, 0x13, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x94, 0x91, 0xFF, 0x99, 0xA0, 0x09, 0x61), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x83, 0xA1, 0x76, 0xAF, 0x37, 0x5C, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xA8, 0x04, 0x86, 0xC4, 0xA9, 0x79, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_31_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x8C, 0xC2, 0x34, 0xFB, 0x83, 0x28, 0x27), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x03, 0x7D, 0x5E, 0x9E, 0x0E, 0xB0, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x02, 0x46, 0x7F, 0xB9, 0xAC, 0xBB, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xED, 0x48, 0xC2, 0x96, 0x4D, 0x56, 0x27), + MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xB5, 0xC5, 0xD1, 0xE6, 0x1C, 0x7E, 0x9B), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x2E, 0x18, 0x71, 0x2D, 0x7B, 0xD7, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x46, 0x9D, 0xDE, 0xAA, 0x78, 0x8E, 0xB1), + MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xD7, 0x69, 0x2E, 0xE1, 0xD9, 0x48, 0xDE), + MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp521r1_T_31_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xFF, 0x9E, 0x09, 0x22, 0x22, 0xE6, 0x8D), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x14, 0x28, 0x13, 0x1B, 0x62, 0x12, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x7F, 0x67, 0x03, 0xB0, 0xC0, 0xF3, 0x05), + MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xC3, 0x0F, 0xFB, 0x25, 0x48, 0x3E, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x6E, 0x53, 0x98, 0x36, 0xB3, 0xD3, 0x94), + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x81, 0x54, 0x22, 0xA4, 0xCC, 0xC1, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xBA, 0xFC, 0xA9, 0xDF, 0x68, 0x86, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x92, 0x0E, 0xC3, 0xF2, 0x58, 0xE8, 0x51), + MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_ecp_point secp521r1_T[32] = { + ECP_POINT_INIT_XY_Z1(secp521r1_T_0_X, secp521r1_T_0_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_1_X, secp521r1_T_1_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_2_X, secp521r1_T_2_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_3_X, secp521r1_T_3_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_4_X, secp521r1_T_4_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_5_X, secp521r1_T_5_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_6_X, secp521r1_T_6_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_7_X, secp521r1_T_7_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_8_X, secp521r1_T_8_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_9_X, secp521r1_T_9_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_10_X, secp521r1_T_10_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_11_X, secp521r1_T_11_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_12_X, secp521r1_T_12_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_13_X, secp521r1_T_13_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_14_X, secp521r1_T_14_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_15_X, secp521r1_T_15_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_16_X, secp521r1_T_16_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_17_X, secp521r1_T_17_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_18_X, secp521r1_T_18_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_19_X, secp521r1_T_19_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_20_X, secp521r1_T_20_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_21_X, secp521r1_T_21_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_22_X, secp521r1_T_22_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_23_X, secp521r1_T_23_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_24_X, secp521r1_T_24_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_25_X, secp521r1_T_25_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_26_X, secp521r1_T_26_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_27_X, secp521r1_T_27_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_28_X, secp521r1_T_28_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_29_X, secp521r1_T_29_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_30_X, secp521r1_T_30_Y), + ECP_POINT_INIT_XY_Z0(secp521r1_T_31_X, secp521r1_T_31_Y), +}; +#else +#define secp521r1_T NULL +#endif +#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) +static const mbedtls_mpi_uint secp192k1_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), +}; +static const mbedtls_mpi_uint secp192k1_a[] = { + MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00), +}; +static const mbedtls_mpi_uint secp192k1_b[] = { + MBEDTLS_BYTES_TO_T_UINT_2(0x03, 0x00), +}; +static const mbedtls_mpi_uint secp192k1_gx[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB), +}; +static const mbedtls_mpi_uint secp192k1_gy[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B), +}; +static const mbedtls_mpi_uint secp192k1_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), +}; + +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +static const mbedtls_mpi_uint secp192k1_T_0_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB), +}; +static const mbedtls_mpi_uint secp192k1_T_0_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B), +}; +static const mbedtls_mpi_uint secp192k1_T_1_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x77, 0x3D, 0x0D, 0x85, 0x48, 0xA8, 0xA9), + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x07, 0xDF, 0x1D, 0xB3, 0xB3, 0x01, 0x54), + MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x86, 0xF6, 0xAF, 0x19, 0x2A, 0x88, 0x2E), +}; +static const mbedtls_mpi_uint secp192k1_T_1_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x90, 0xB6, 0x2F, 0x48, 0x36, 0x4C, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x11, 0x14, 0xA6, 0xCB, 0xBA, 0x15, 0xD9), + MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0xB0, 0xF2, 0xD4, 0xC9, 0xDA, 0xBA, 0xD7), +}; +static const mbedtls_mpi_uint secp192k1_T_2_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xC1, 0x9C, 0xE6, 0xBB, 0xFB, 0xCF, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x19, 0xAC, 0x5A, 0xC9, 0x8A, 0x1C, 0x75), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xF6, 0x76, 0x86, 0x89, 0x27, 0x8D, 0x28), +}; +static const mbedtls_mpi_uint secp192k1_T_2_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xE0, 0x6F, 0x34, 0xBA, 0x5E, 0xD3, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xDC, 0xA6, 0x87, 0xC9, 0x9D, 0xC0, 0x82), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x11, 0x7E, 0xD6, 0xF7, 0x33, 0xFC, 0xE4), +}; +static const mbedtls_mpi_uint secp192k1_T_3_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x37, 0x3E, 0xC0, 0x7F, 0x62, 0xE7, 0x54), + MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x3B, 0x69, 0x9D, 0x44, 0xBC, 0x82, 0x99), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x84, 0xB3, 0x5F, 0x2B, 0xA5, 0x9E, 0x2C), +}; +static const mbedtls_mpi_uint secp192k1_T_3_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x95, 0xEB, 0x4C, 0x04, 0xB4, 0xF4, 0x75), + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xAD, 0x4B, 0xD5, 0x9A, 0xEB, 0xC4, 0x4E), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xB1, 0xC5, 0x59, 0xE3, 0xD5, 0x16, 0x2A), +}; +static const mbedtls_mpi_uint secp192k1_T_4_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x2A, 0xCC, 0xAC, 0xD0, 0xEE, 0x50, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x83, 0xE0, 0x5B, 0x14, 0x44, 0x52, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x15, 0x2D, 0x78, 0xF6, 0x51, 0x32, 0xCF), +}; +static const mbedtls_mpi_uint secp192k1_T_4_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x36, 0x9B, 0xDD, 0xF8, 0xDD, 0xEF, 0xB2), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xB1, 0x6A, 0x2B, 0xAF, 0xEB, 0x2B, 0xB1), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x87, 0x7A, 0x66, 0x5D, 0x5B, 0xDF, 0x8F), +}; +static const mbedtls_mpi_uint secp192k1_T_5_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x45, 0xE5, 0x81, 0x9B, 0xEB, 0x37, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x29, 0xE2, 0x20, 0x64, 0x23, 0x6B, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x1D, 0x41, 0xE1, 0x9B, 0x61, 0x7B, 0xD9), +}; +static const mbedtls_mpi_uint secp192k1_T_5_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x57, 0xA3, 0x0A, 0x13, 0xE4, 0x59, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x6E, 0x4A, 0x48, 0x84, 0x90, 0xAC, 0xC7), + MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xB8, 0xF5, 0xF3, 0xDE, 0xA0, 0xA1, 0x1D), +}; +static const mbedtls_mpi_uint secp192k1_T_6_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x32, 0x81, 0xA9, 0x91, 0x5A, 0x4E, 0x33), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xA8, 0x90, 0xBE, 0x0F, 0xEC, 0xC0, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x30, 0xD7, 0x08, 0xAE, 0xC4, 0x3A, 0xA5), +}; +static const mbedtls_mpi_uint secp192k1_T_6_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x55, 0xE3, 0x76, 0xB3, 0x64, 0x74, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x75, 0xD4, 0xDB, 0x98, 0xD7, 0x39, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xEB, 0x8A, 0xAB, 0x16, 0xD9, 0xD4, 0x0B), +}; +static const mbedtls_mpi_uint secp192k1_T_7_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xBE, 0xF9, 0xC7, 0xC7, 0xBA, 0xF3, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x85, 0x59, 0xF3, 0x60, 0x41, 0x02, 0xD2), + MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x1C, 0x4A, 0xA4, 0xC7, 0xED, 0x66, 0xBC), +}; +static const mbedtls_mpi_uint secp192k1_T_7_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x9C, 0x2E, 0x46, 0x52, 0x18, 0x87, 0x14), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x35, 0x5A, 0x75, 0xAC, 0x4D, 0x75, 0x91), + MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x2F, 0xAC, 0xFC, 0xBC, 0xE6, 0x93, 0x5E), +}; +static const mbedtls_mpi_uint secp192k1_T_8_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x4D, 0xC9, 0x18, 0xE9, 0x00, 0xEB, 0x33), + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x69, 0x72, 0x07, 0x5A, 0x59, 0xA8, 0x26), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x65, 0x83, 0x20, 0x10, 0xF9, 0x69, 0x82), +}; +static const mbedtls_mpi_uint secp192k1_T_8_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x56, 0x7F, 0x9F, 0xBF, 0x46, 0x0C, 0x7E), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xCF, 0xF0, 0xDC, 0xDF, 0x2D, 0xE6, 0xE5), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xF0, 0x72, 0x3A, 0x7A, 0x03, 0xE5, 0x22), +}; +static const mbedtls_mpi_uint secp192k1_T_9_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xAA, 0x57, 0x13, 0x37, 0xA7, 0x2C, 0xD4), + MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xAC, 0xA2, 0x23, 0xF9, 0x84, 0x60, 0xD3), + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xEB, 0x51, 0x70, 0x64, 0x78, 0xCA, 0x05), +}; +static const mbedtls_mpi_uint secp192k1_T_9_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xCC, 0x30, 0x62, 0x93, 0x46, 0x13, 0xE9), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x26, 0xCC, 0x6C, 0x3D, 0x5C, 0xDA, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xAA, 0xB8, 0x03, 0xA4, 0x1A, 0x00, 0x96), +}; +static const mbedtls_mpi_uint secp192k1_T_10_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x9D, 0xE6, 0xCC, 0x4E, 0x2E, 0xC2, 0xD5), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xC3, 0x8A, 0xAE, 0x6F, 0x40, 0x05, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x8F, 0x4A, 0x4D, 0x35, 0xD3, 0x50, 0x9D), +}; +static const mbedtls_mpi_uint secp192k1_T_10_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xFD, 0x98, 0xAB, 0xC7, 0x03, 0xB4, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x40, 0xD2, 0x9F, 0xCA, 0xD0, 0x53, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x84, 0x00, 0x6F, 0xC8, 0xAD, 0xED, 0x8D), +}; +static const mbedtls_mpi_uint secp192k1_T_11_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xD3, 0x57, 0xD7, 0xC3, 0x07, 0xBD, 0xD7), + MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xBA, 0x47, 0x1D, 0x3D, 0xEF, 0x98, 0x6C), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xC0, 0x6C, 0x7F, 0x12, 0xEE, 0x9F, 0x67), +}; +static const mbedtls_mpi_uint secp192k1_T_11_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x02, 0xDA, 0x79, 0xAA, 0xC9, 0x27, 0xC4), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x79, 0xC7, 0x71, 0x84, 0xCB, 0xE5, 0x5A), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x37, 0x06, 0xBA, 0xB5, 0xD5, 0x18, 0x4C), +}; +static const mbedtls_mpi_uint secp192k1_T_12_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x65, 0x72, 0x6C, 0xF2, 0x63, 0x27, 0x6A), + MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xBC, 0x71, 0xDF, 0x75, 0xF8, 0x98, 0x4D), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x70, 0x9B, 0xDC, 0xE7, 0x18, 0x71, 0xFF), +}; +static const mbedtls_mpi_uint secp192k1_T_12_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x5B, 0x9F, 0x00, 0x5A, 0xB6, 0x80, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xE0, 0xBB, 0xFC, 0x5E, 0x78, 0x9C, 0x89), + MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x03, 0x68, 0x83, 0x3D, 0x2E, 0x4C, 0xDD), +}; +static const mbedtls_mpi_uint secp192k1_T_13_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x49, 0x23, 0xA8, 0xCB, 0x3B, 0x1A, 0xF6), + MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x3D, 0xA7, 0x46, 0xCF, 0x75, 0xB6, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xFD, 0x30, 0x01, 0xB6, 0xEF, 0xF9, 0xE8), +}; +static const mbedtls_mpi_uint secp192k1_T_13_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xFA, 0xDA, 0xB8, 0x29, 0x42, 0xC9, 0xC7), + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xD7, 0xA0, 0xE6, 0x6B, 0x86, 0x61, 0x39), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0xE9, 0xD3, 0x37, 0xD8, 0xE7, 0x35, 0xA9), +}; +static const mbedtls_mpi_uint secp192k1_T_14_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC8, 0x8E, 0xB1, 0xCB, 0xB1, 0xB5, 0x4D), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xD7, 0x46, 0x7D, 0xAF, 0xE2, 0xDC, 0xBB), + MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x46, 0xE7, 0xD8, 0x76, 0x31, 0x90, 0x76), +}; +static const mbedtls_mpi_uint secp192k1_T_14_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD3, 0xF4, 0x74, 0xE1, 0x67, 0xD8, 0x66), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x70, 0x3C, 0xC8, 0xAF, 0x5F, 0xF4, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x4E, 0xED, 0x5C, 0x43, 0xB3, 0x16, 0x35), +}; +static const mbedtls_mpi_uint secp192k1_T_15_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAE, 0xD1, 0xDD, 0x31, 0x14, 0xD3, 0xF0), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x14, 0x06, 0x13, 0x12, 0x1C, 0x81, 0xF5), + MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xF9, 0x0C, 0x91, 0xF7, 0x67, 0x59, 0x63), +}; +static const mbedtls_mpi_uint secp192k1_T_15_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x91, 0xE2, 0xF4, 0x9D, 0xEB, 0x88, 0x87), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x82, 0x30, 0x9C, 0xAE, 0x18, 0x4D, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x79, 0xCF, 0x17, 0xA5, 0x1E, 0xE8, 0xC8), +}; +static const mbedtls_ecp_point secp192k1_T[16] = { + ECP_POINT_INIT_XY_Z1(secp192k1_T_0_X, secp192k1_T_0_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_1_X, secp192k1_T_1_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_2_X, secp192k1_T_2_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_3_X, secp192k1_T_3_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_4_X, secp192k1_T_4_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_5_X, secp192k1_T_5_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_6_X, secp192k1_T_6_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_7_X, secp192k1_T_7_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_8_X, secp192k1_T_8_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_9_X, secp192k1_T_9_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_10_X, secp192k1_T_10_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_11_X, secp192k1_T_11_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_12_X, secp192k1_T_12_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_13_X, secp192k1_T_13_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_14_X, secp192k1_T_14_Y), + ECP_POINT_INIT_XY_Z0(secp192k1_T_15_X, secp192k1_T_15_Y), +}; +#else +#define secp192k1_T NULL +#endif + +#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +static const mbedtls_mpi_uint secp224k1_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF), +}; +static const mbedtls_mpi_uint secp224k1_a[] = { + MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_b[] = { + MBEDTLS_BYTES_TO_T_UINT_2(0x05, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_gx[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D), + MBEDTLS_BYTES_TO_T_UINT_4(0x33, 0x5B, 0x45, 0xA1), +}; +static const mbedtls_mpi_uint secp224k1_gy[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_4(0xED, 0x9F, 0x08, 0x7E), +}; +static const mbedtls_mpi_uint secp224k1_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00), +}; + +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +static const mbedtls_mpi_uint secp224k1_T_0_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D), + MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x5B, 0x45, 0xA1, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_0_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x9F, 0x08, 0x7E, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_1_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x6C, 0x22, 0x22, 0x40, 0x89, 0xAE, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x92, 0xE1, 0x87, 0x56, 0x35, 0xAF, 0x9B), + MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xAF, 0x08, 0x35, 0x27, 0xEA, 0x04, 0xED), + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x53, 0xFD, 0xCF, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_1_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xD0, 0x9F, 0x8D, 0xF3, 0x63, 0x54, 0x30), + MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xDB, 0x0F, 0x61, 0x54, 0x26, 0xD1, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x21, 0xF7, 0x1B, 0xB5, 0x1D, 0xF6, 0x7E), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x05, 0xDA, 0x8F, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_2_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x26, 0x73, 0xBC, 0xE4, 0x29, 0x62, 0x56), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x95, 0x17, 0x8B, 0xC3, 0x9B, 0xAC, 0xCC), + MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xDB, 0x77, 0xDF, 0xDD, 0x13, 0x04, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0xFC, 0x22, 0x93, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_2_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x65, 0xF1, 0x5A, 0x37, 0xEF, 0x79, 0xAD), + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x01, 0x37, 0xAC, 0x9A, 0x5B, 0x51, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x75, 0x13, 0xA9, 0x4A, 0xAD, 0xFE, 0x9B), + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x82, 0x6F, 0x66, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_3_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x5E, 0xF0, 0x40, 0xC3, 0xA6, 0xE2, 0x1E), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x9A, 0x6F, 0xCF, 0x11, 0x26, 0x66, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x73, 0xA8, 0xCF, 0x2B, 0x12, 0x36, 0x37), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xB3, 0x0A, 0x58, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_3_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x79, 0x00, 0x55, 0x04, 0x34, 0x90, 0x1A), + MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x54, 0x1C, 0xC2, 0x45, 0x0C, 0x1B, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x19, 0xAB, 0xA8, 0xFC, 0x73, 0xDC, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0xFB, 0x93, 0xCE, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_4_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x75, 0xD0, 0x66, 0x95, 0x86, 0xCA, 0x66), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xEA, 0x29, 0x16, 0x6A, 0x38, 0xDF, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA2, 0x36, 0x2F, 0xDC, 0xBB, 0x5E, 0xF7), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x89, 0x59, 0x49, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_4_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xA3, 0x99, 0x9D, 0xB8, 0x77, 0x9D, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x93, 0x43, 0x47, 0xC6, 0x5C, 0xF9, 0xFD), + MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x00, 0x79, 0x42, 0x64, 0xB8, 0x25, 0x3E), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x54, 0xB4, 0x33, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_5_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x0C, 0x42, 0x90, 0x83, 0x0B, 0x31, 0x5F), + MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x2E, 0xAE, 0xC8, 0xC7, 0x5F, 0xD2, 0x70), + MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xBC, 0xAD, 0x41, 0xE7, 0x32, 0x3A, 0x81), + MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x97, 0x52, 0x83, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_5_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x13, 0x7A, 0xBD, 0xAE, 0x94, 0x60, 0xFD), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x9B, 0x95, 0xB4, 0x6E, 0x68, 0xB2, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x49, 0xBE, 0x51, 0xFE, 0x66, 0x15, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x37, 0xE4, 0xFE, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_6_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x9B, 0xEE, 0x64, 0xC9, 0x1B, 0xBD, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x5F, 0x34, 0xA9, 0x0B, 0xB7, 0x25, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x13, 0xB1, 0x38, 0xFB, 0x9D, 0x78, 0xED), + MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xE7, 0x1B, 0xFA, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_6_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xB3, 0xB7, 0x44, 0x92, 0x6B, 0x00, 0x82), + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x82, 0x44, 0x3E, 0x18, 0x1A, 0x58, 0x6A), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xF8, 0xC0, 0xE4, 0xEE, 0xC1, 0xBF, 0x44), + MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x32, 0x27, 0xB2, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_7_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x9A, 0x42, 0x62, 0x8B, 0x26, 0x54, 0x21), + MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x85, 0x74, 0xA0, 0x79, 0xA8, 0xEE, 0xBE), + MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x36, 0x60, 0xB3, 0x28, 0x4D, 0x55, 0xBE), + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x27, 0x82, 0x29, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_7_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0xFC, 0x73, 0x77, 0xAF, 0x5C, 0xAC, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xED, 0xE5, 0xF6, 0x1D, 0xA8, 0x67, 0x43), + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xDE, 0x33, 0x1C, 0xF1, 0x80, 0x73, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE2, 0xDE, 0x3C, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_8_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x3E, 0x6B, 0xFE, 0xF0, 0x04, 0x28, 0x01), + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xB2, 0x14, 0x9D, 0x18, 0x11, 0x7D, 0x9D), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC4, 0xD6, 0x2E, 0x6E, 0x57, 0x4D, 0xE1), + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x55, 0x1B, 0xDE, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_8_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xF7, 0x17, 0xBC, 0x45, 0xAB, 0x16, 0xAB), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xB0, 0xEF, 0x61, 0xE3, 0x20, 0x7C, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x85, 0x41, 0x4D, 0xF1, 0x7E, 0x4D, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xC2, 0x9B, 0x5E, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_9_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x2E, 0x49, 0x3D, 0x3E, 0x4B, 0xD3, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x2B, 0x9D, 0xD5, 0x27, 0xFA, 0xCA, 0xE0), + MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0xB3, 0x6A, 0xE0, 0x79, 0x14, 0x28, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x1E, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_9_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x44, 0x56, 0xCD, 0xFC, 0x9F, 0x09, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x8C, 0x59, 0xA4, 0x64, 0x2A, 0x3A, 0xED), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xA0, 0xB5, 0x86, 0x4E, 0x69, 0xDA, 0x06), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x8B, 0x11, 0x38, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_10_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x17, 0x16, 0x12, 0x17, 0xDC, 0x00, 0x7E), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x76, 0x24, 0x6C, 0x97, 0x2C, 0xB5, 0xF9), + MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x71, 0xE3, 0xB0, 0xBB, 0x4E, 0x50, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0x48, 0x26, 0xD5, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_10_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x5F, 0x28, 0xF6, 0x01, 0x5A, 0x60, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x95, 0xFE, 0xD0, 0xAD, 0x15, 0xD4, 0xD9), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x5B, 0x7A, 0xFD, 0x80, 0xF7, 0x9F, 0x64), + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xBC, 0x1B, 0xDF, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_11_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xE6, 0xDF, 0x14, 0x29, 0xF4, 0xD4, 0x14), + MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x12, 0xDD, 0xEC, 0x5B, 0x8A, 0x59, 0xE5), + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x92, 0x3E, 0x35, 0x08, 0xE9, 0xCF, 0x0E), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x35, 0x29, 0x97, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_11_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xDB, 0xD6, 0x6A, 0xC5, 0x43, 0xA4, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x33, 0x50, 0x61, 0x70, 0xA1, 0xE9, 0xCE), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x15, 0x6E, 0x5F, 0x01, 0x0C, 0x8C, 0xFA), + MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xA1, 0x9A, 0x9D, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_12_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xC6, 0xF7, 0xE2, 0x4A, 0xCD, 0x9B, 0x61), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x4D, 0x5A, 0xB8, 0xE2, 0x6D, 0xA6, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x3F, 0xB6, 0x17, 0xE3, 0x2C, 0x6F, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xA4, 0x59, 0x51, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_12_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x4F, 0x7C, 0x49, 0xCD, 0x6E, 0xEB, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xC9, 0x1F, 0xB7, 0x4D, 0x98, 0xC7, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xFD, 0x98, 0x20, 0x95, 0xBB, 0x20, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xF2, 0x73, 0x92, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_13_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xEF, 0xFB, 0x30, 0xFA, 0x12, 0x1A, 0xB0), + MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x4C, 0x24, 0xB4, 0x5B, 0xC9, 0x4C, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xDD, 0x5E, 0x84, 0x95, 0x4D, 0x26, 0xED), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xFA, 0xF9, 0x3A, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_13_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xA3, 0x2E, 0x7A, 0xDC, 0xA7, 0x53, 0xA9), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x9F, 0x81, 0x84, 0xB2, 0x0D, 0xFE, 0x31), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x89, 0x1B, 0x77, 0x0C, 0x89, 0x71, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0x7F, 0xB2, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_14_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xE9, 0x2C, 0x79, 0xA6, 0x3C, 0xAD, 0x93), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xE0, 0x23, 0x02, 0x86, 0x0F, 0x77, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x93, 0x6D, 0xE9, 0xF9, 0x3C, 0xBE, 0xB9), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xE7, 0x24, 0x92, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_14_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x3C, 0x5B, 0x4B, 0x1B, 0x25, 0x37, 0xD6), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xE8, 0x38, 0x1B, 0xA1, 0x5A, 0x2E, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x19, 0xFD, 0xF4, 0x78, 0x01, 0x6B, 0x44), + MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x69, 0x37, 0x4F, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_15_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xE2, 0xBF, 0xD3, 0xEC, 0x95, 0x9C, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x7B, 0xFC, 0xD5, 0xD3, 0x25, 0x5E, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x55, 0x09, 0xA2, 0x58, 0x6A, 0xC9, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xCC, 0x3B, 0xD9, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_mpi_uint secp224k1_T_15_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x08, 0x65, 0x5E, 0xCB, 0xAB, 0x48, 0xC8), + MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x79, 0x8B, 0xC0, 0x11, 0xC0, 0x69, 0x38), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xE8, 0x8C, 0x4C, 0xC5, 0x28, 0xE4, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x1F, 0x34, 0x5C, 0x00, 0x00, 0x00, 0x00), +}; +static const mbedtls_ecp_point secp224k1_T[16] = { + ECP_POINT_INIT_XY_Z1(secp224k1_T_0_X, secp224k1_T_0_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_1_X, secp224k1_T_1_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_2_X, secp224k1_T_2_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_3_X, secp224k1_T_3_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_4_X, secp224k1_T_4_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_5_X, secp224k1_T_5_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_6_X, secp224k1_T_6_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_7_X, secp224k1_T_7_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_8_X, secp224k1_T_8_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_9_X, secp224k1_T_9_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_10_X, secp224k1_T_10_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_11_X, secp224k1_T_11_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_12_X, secp224k1_T_12_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_13_X, secp224k1_T_13_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_14_X, secp224k1_T_14_Y), + ECP_POINT_INIT_XY_Z0(secp224k1_T_15_X, secp224k1_T_15_Y), +}; +#else +#define secp224k1_T NULL +#endif +#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +static const mbedtls_mpi_uint secp256k1_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), +}; +static const mbedtls_mpi_uint secp256k1_a[] = { + MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00), +}; +static const mbedtls_mpi_uint secp256k1_b[] = { + MBEDTLS_BYTES_TO_T_UINT_2(0x07, 0x00), +}; +static const mbedtls_mpi_uint secp256k1_gx[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79), +}; +static const mbedtls_mpi_uint secp256k1_gy[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD), + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48), +}; +static const mbedtls_mpi_uint secp256k1_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF), + MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA), + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), +}; + +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +static const mbedtls_mpi_uint secp256k1_T_0_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79), +}; +static const mbedtls_mpi_uint secp256k1_T_0_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD), + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48), +}; +static const mbedtls_mpi_uint secp256k1_T_1_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xEE, 0xD7, 0x1E, 0x67, 0x86, 0x32, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x73, 0xB1, 0xA9, 0xD5, 0xCC, 0x27, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x0E, 0x11, 0x01, 0x71, 0xFE, 0x92, 0x73), + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x28, 0x63, 0x6D, 0x72, 0x09, 0xA6, 0xC0), +}; +static const mbedtls_mpi_uint secp256k1_T_1_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0x69, 0xDC, 0x3E, 0x2C, 0x75, 0xC3), + MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xB7, 0x3F, 0x30, 0x26, 0x3C, 0xDF, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xBE, 0xB9, 0x5D, 0x0E, 0xE8, 0x5E, 0x14), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xC3, 0x05, 0xD6, 0xB7, 0xD5, 0x24, 0xFC), +}; +static const mbedtls_mpi_uint secp256k1_T_2_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xCF, 0x7B, 0xDC, 0xCD, 0xC3, 0x39, 0x9D), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xDA, 0xB9, 0xE5, 0x64, 0xA7, 0x47, 0x91), + MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x46, 0xA8, 0x61, 0xF6, 0x23, 0xEB, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xC1, 0xFF, 0xE4, 0x55, 0xD5, 0xC2, 0xBF), +}; +static const mbedtls_mpi_uint secp256k1_T_2_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xBE, 0xB9, 0x59, 0x24, 0x13, 0x4A, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x45, 0x12, 0xDE, 0xBA, 0x4F, 0xEF, 0x56), + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x08, 0xBF, 0xC1, 0x66, 0xAA, 0x0A, 0xBC), + MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xFE, 0x30, 0x55, 0x31, 0x86, 0xA7, 0xB4), +}; +static const mbedtls_mpi_uint secp256k1_T_3_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xBF, 0x18, 0x81, 0x67, 0x27, 0x42, 0xBD), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x05, 0x83, 0xA4, 0xDD, 0x57, 0xD3, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x63, 0xAB, 0xE4, 0x90, 0x70, 0xD0, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x5D, 0xFD, 0xA0, 0xEF, 0xCF, 0x1C, 0x54), +}; +static const mbedtls_mpi_uint secp256k1_T_3_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x80, 0xE4, 0xF6, 0x09, 0xBC, 0x57, 0x90), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x9F, 0x6E, 0x88, 0x54, 0x6E, 0x51, 0xF2), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x5F, 0x85, 0xFB, 0x84, 0x3E, 0x4A, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x19, 0xF5, 0x55, 0xC9, 0x07, 0xD8, 0xCE), +}; +static const mbedtls_mpi_uint secp256k1_T_4_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xB4, 0xC3, 0xD9, 0x5C, 0xA0, 0xD4, 0x90), + MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x30, 0xAF, 0x59, 0x9B, 0xF8, 0x04, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xA6, 0xFD, 0x66, 0x7B, 0xC3, 0x39, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xBF, 0xF0, 0xC2, 0xE9, 0x71, 0xA4, 0x9E), +}; +static const mbedtls_mpi_uint secp256k1_T_4_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x2D, 0xB9, 0x88, 0x28, 0xF1, 0xBE, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xF3, 0x1A, 0x0E, 0xB9, 0x01, 0x66, 0x34), + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xA7, 0xA4, 0xF4, 0x05, 0xD0, 0xAA, 0x53), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x39, 0x1E, 0x47, 0xE5, 0x68, 0xC8, 0xC0), +}; +static const mbedtls_mpi_uint secp256k1_T_5_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xB9, 0xFC, 0xE0, 0x33, 0x8A, 0x7D, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x93, 0xA5, 0x53, 0x55, 0x16, 0xB4, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x5F, 0xEA, 0x9B, 0x29, 0x52, 0x71, 0xDA), + MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xF0, 0x24, 0xB8, 0x7D, 0xB7, 0xA0, 0x9B), +}; +static const mbedtls_mpi_uint secp256k1_T_5_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x00, 0x27, 0xB2, 0xDF, 0x73, 0xA2, 0xE0), + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x2E, 0x4D, 0x7C, 0xDE, 0x7A, 0x23, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x65, 0x60, 0xC7, 0x97, 0x1E, 0xA4, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x13, 0x5B, 0x77, 0x59, 0xCB, 0x36, 0xE1), +}; +static const mbedtls_mpi_uint secp256k1_T_6_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xBC, 0x9F, 0x9E, 0x2D, 0x53, 0x2A, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x5F, 0x64, 0x9F, 0x1A, 0x19, 0xE6, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x7B, 0x39, 0xD2, 0xDB, 0x85, 0x84, 0xD5), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xC7, 0x0D, 0x58, 0x6E, 0x3F, 0x52, 0x15), +}; +static const mbedtls_mpi_uint secp256k1_T_6_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x68, 0x19, 0x0B, 0x68, 0xC9, 0x1E, 0xFB), + MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x4E, 0x21, 0x49, 0x3D, 0x55, 0xCC, 0x25), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xF9, 0x25, 0x45, 0x54, 0x45, 0xB1, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xB3, 0xF7, 0xCD, 0x80, 0xA4, 0x04, 0x05), +}; +static const mbedtls_mpi_uint secp256k1_T_7_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x1E, 0x88, 0xC4, 0xAA, 0x18, 0x7E, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xAC, 0xD9, 0xB2, 0xA1, 0xC0, 0x71, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xA2, 0xF1, 0x15, 0xA6, 0x5F, 0x6C, 0x86), + MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x5B, 0x05, 0xBC, 0xB7, 0xC6, 0x4E, 0x72), +}; +static const mbedtls_mpi_uint secp256k1_T_7_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x80, 0xF8, 0x5C, 0x20, 0x2A, 0xE1, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x48, 0x2E, 0x68, 0x82, 0x7F, 0xEB, 0x5F), + MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x3B, 0x25, 0xDB, 0x32, 0x4D, 0x88, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x6E, 0xA6, 0xB6, 0x6D, 0x62, 0x78, 0x22), +}; +static const mbedtls_mpi_uint secp256k1_T_8_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x4D, 0x3E, 0x86, 0x58, 0xC3, 0xEB, 0xBA), + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x89, 0x33, 0x18, 0x21, 0x1D, 0x9B, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x9D, 0xFF, 0xC3, 0x79, 0xC1, 0x88, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xD4, 0x48, 0x53, 0xE8, 0xAD, 0x21, 0x16), +}; +static const mbedtls_mpi_uint secp256k1_T_8_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x7B, 0xDE, 0xCB, 0xD8, 0x39, 0x17, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xF3, 0x03, 0xF2, 0x5C, 0xBC, 0xC8, 0x8A), + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xAE, 0x4C, 0xB0, 0x16, 0xA4, 0x93, 0x86), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8B, 0x6B, 0xDC, 0xD7, 0x9A, 0x3E, 0x7E), +}; +static const mbedtls_mpi_uint secp256k1_T_9_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x2D, 0x7A, 0xD2, 0x59, 0x05, 0xA2, 0x82), + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x56, 0x09, 0x32, 0xF1, 0xE8, 0xE3, 0x72), + MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xCA, 0xE5, 0x2E, 0xF0, 0xFB, 0x18, 0x19), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x85, 0xA9, 0x23, 0x15, 0x31, 0x1F, 0x0E), +}; +static const mbedtls_mpi_uint secp256k1_T_9_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xE5, 0xB1, 0x86, 0xB9, 0x6E, 0x8D, 0xD3), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x77, 0xFC, 0xC9, 0xA3, 0x3F, 0x89, 0xD2), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x6A, 0xDC, 0x25, 0xB0, 0xC7, 0x41, 0x54), + MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x11, 0x6B, 0xA6, 0x11, 0x62, 0xD4, 0x2D), +}; +static const mbedtls_mpi_uint secp256k1_T_10_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x7D, 0x34, 0xB3, 0x20, 0x7F, 0x37, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xD4, 0x45, 0xE8, 0xC2, 0xE9, 0xC5, 0xEA), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x32, 0x3B, 0x25, 0x7E, 0x79, 0xAF, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xE4, 0x54, 0x71, 0xBE, 0x35, 0x4E, 0xD0), +}; +static const mbedtls_mpi_uint secp256k1_T_10_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x94, 0xDD, 0x8F, 0xB5, 0xC2, 0xDD, 0x75), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x49, 0xE9, 0x1C, 0x2F, 0x08, 0x49, 0xC6), + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xB6, 0x03, 0x88, 0x6F, 0xB8, 0x15, 0x67), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xD3, 0x1C, 0xF3, 0xA5, 0xEB, 0x79, 0x01), +}; +static const mbedtls_mpi_uint secp256k1_T_11_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xF9, 0x43, 0x88, 0x89, 0x0D, 0x06, 0xEA), + MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x2D, 0xF5, 0x98, 0x32, 0xF6, 0xB1, 0x05), + MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x73, 0x8F, 0x2B, 0x50, 0x27, 0x0A, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xE3, 0xBD, 0x16, 0x05, 0xC8, 0x93, 0x12), +}; +static const mbedtls_mpi_uint secp256k1_T_11_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x6A, 0xF7, 0xE3, 0x3D, 0xDE, 0x5F, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xA3, 0x9C, 0x22, 0x3C, 0x33, 0x36, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x24, 0x4C, 0x69, 0x45, 0x78, 0x14, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xF8, 0xD4, 0xBF, 0xB8, 0xC0, 0xA1, 0x25), +}; +static const mbedtls_mpi_uint secp256k1_T_12_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x88, 0xE1, 0x91, 0x03, 0xEB, 0xB3, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x11, 0xA1, 0xEF, 0x14, 0x0D, 0xC4, 0x7D), + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xD4, 0x0D, 0x1D, 0x96, 0x33, 0x5C, 0x19), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x45, 0x2A, 0x1A, 0xE6, 0x57, 0x04, 0x9B), +}; +static const mbedtls_mpi_uint secp256k1_T_12_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xB5, 0xA7, 0x80, 0xE9, 0x93, 0x97, 0x8D), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xB9, 0x7C, 0xA0, 0xC9, 0x57, 0x26, 0x43), + MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0xEF, 0x56, 0xDA, 0x66, 0xF6, 0x1B, 0x9A), + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x89, 0x6B, 0x91, 0xE0, 0xA9, 0x65, 0x2B), +}; +static const mbedtls_mpi_uint secp256k1_T_13_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x98, 0x96, 0x9B, 0x06, 0x7D, 0x5E, 0x5A), + MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xFA, 0xC1, 0x5F, 0x19, 0x37, 0x94, 0x9D), + MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xBE, 0x6B, 0x1A, 0x05, 0xE4, 0xBF, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xCD, 0x5D, 0x35, 0xB4, 0x51, 0xF7, 0x64), +}; +static const mbedtls_mpi_uint secp256k1_T_13_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xEF, 0x96, 0xDB, 0xF2, 0x61, 0x63, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x04, 0x88, 0xC9, 0x9F, 0x1B, 0x94, 0xB9), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x30, 0x79, 0x7E, 0x24, 0xE7, 0x5F, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xB8, 0x90, 0xB7, 0x94, 0x25, 0xBB, 0x0F), +}; +static const mbedtls_mpi_uint secp256k1_T_14_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x79, 0xEA, 0xAD, 0xC0, 0x6D, 0x18, 0x57), + MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xA4, 0x58, 0x2A, 0x8D, 0x95, 0xB3, 0xE6), + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC4, 0xC2, 0x12, 0x0D, 0x79, 0xE2, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x6F, 0xBE, 0x97, 0x4D, 0xA4, 0x20, 0x07), +}; +static const mbedtls_mpi_uint secp256k1_T_14_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x31, 0x71, 0xC6, 0xA6, 0x91, 0xEB, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x9B, 0xA8, 0x4A, 0xE7, 0x77, 0xE1, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x06, 0xD3, 0x3D, 0x94, 0x30, 0xEF, 0x8C), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xDF, 0xCA, 0xFA, 0xF5, 0x28, 0xF8, 0xC9), +}; +static const mbedtls_mpi_uint secp256k1_T_15_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xE1, 0x32, 0xFD, 0x3E, 0x81, 0xF8, 0x11), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xF2, 0x4B, 0x1D, 0x19, 0xC9, 0x0F, 0xCC), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xB1, 0x8A, 0x22, 0x8B, 0x05, 0x6B, 0x56), + MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x21, 0xEF, 0x30, 0xEC, 0x09, 0x2A, 0x89), +}; +static const mbedtls_mpi_uint secp256k1_T_15_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x84, 0x4A, 0x46, 0x07, 0x6C, 0x3C, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x18, 0x3A, 0xF4, 0xCC, 0xF5, 0xB2, 0xF2), + MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x8F, 0xCD, 0x0A, 0x9C, 0xF4, 0xBD, 0x95), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x89, 0x7F, 0x8A, 0xB1, 0x52, 0x3A, 0xAB), +}; +static const mbedtls_ecp_point secp256k1_T[16] = { + ECP_POINT_INIT_XY_Z1(secp256k1_T_0_X, secp256k1_T_0_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_1_X, secp256k1_T_1_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_2_X, secp256k1_T_2_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_3_X, secp256k1_T_3_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_4_X, secp256k1_T_4_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_5_X, secp256k1_T_5_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_6_X, secp256k1_T_6_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_7_X, secp256k1_T_7_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_8_X, secp256k1_T_8_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_9_X, secp256k1_T_9_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_10_X, secp256k1_T_10_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_11_X, secp256k1_T_11_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_12_X, secp256k1_T_12_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_13_X, secp256k1_T_13_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_14_X, secp256k1_T_14_Y), + ECP_POINT_INIT_XY_Z0(secp256k1_T_15_X, secp256k1_T_15_Y), +}; +#else +#define secp256k1_T NULL +#endif +#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ + +/* + * Domain parameters for brainpoolP256r1 (RFC 5639 3.4) + */ +#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) +static const mbedtls_mpi_uint brainpoolP256r1_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9), +}; +static const mbedtls_mpi_uint brainpoolP256r1_a[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D), +}; +static const mbedtls_mpi_uint brainpoolP256r1_b[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95), + MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3), + MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26), +}; +static const mbedtls_mpi_uint brainpoolP256r1_gx[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B), +}; +static const mbedtls_mpi_uint brainpoolP256r1_gy[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54), +}; +static const mbedtls_mpi_uint brainpoolP256r1_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90), + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9), +}; + +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +static const mbedtls_mpi_uint brainpoolP256r1_T_0_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_0_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_1_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xA2, 0xED, 0x52, 0xC9, 0x8C, 0xE3, 0xA5), + MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0xC9, 0xC4, 0x87, 0x3F, 0x93, 0x7A, 0xD1), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x12, 0x53, 0x61, 0x3E, 0x76, 0x08, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x8C, 0x74, 0xF4, 0x08, 0xC3, 0x76, 0x80), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_1_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xDD, 0x09, 0xA6, 0xED, 0xEE, 0xC4, 0x38), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xD9, 0xBE, 0x4B, 0xA5, 0xB7, 0x2B, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x20, 0x12, 0xCA, 0x0A, 0x38, 0x24, 0xAB), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x72, 0x71, 0x90, 0x7A, 0x2E, 0xB7, 0x23), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_2_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0xA1, 0x93, 0x10, 0x2A, 0x51, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x10, 0x11, 0x12, 0xBC, 0xB0, 0xB6, 0x93), + MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x58, 0xD7, 0x0A, 0x84, 0x05, 0xA3, 0x9C), + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x8E, 0x95, 0x61, 0xD3, 0x0B, 0xDF, 0x36), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_2_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x92, 0x12, 0x0F, 0x5E, 0x87, 0x70, 0x1B), + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0xE9, 0x9B, 0xEB, 0x3A, 0xFB, 0xCF, 0xC4), + MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0x92, 0xB9, 0xF7, 0x45, 0xD3, 0x06, 0xB6), + MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x28, 0x65, 0xE1, 0xC5, 0x6C, 0x57, 0x18), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_3_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x0E, 0x77, 0x01, 0x81, 0x9E, 0x38, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xF0, 0xD5, 0xA5, 0x91, 0x2B, 0xDF, 0xC0), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xEE, 0xB6, 0x25, 0xD6, 0x98, 0xDE, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xA1, 0x55, 0x63, 0x39, 0xEB, 0xB5, 0x47), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_3_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xD6, 0xB8, 0xE3, 0x13, 0xED, 0x7F, 0xA3), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xE8, 0xAE, 0x36, 0xB8, 0xCD, 0x19, 0x02), + MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x82, 0x83, 0x7A, 0x7B, 0x46, 0x56, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x60, 0x46, 0x15, 0x5A, 0xAC, 0x99, 0x30), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_4_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x61, 0x50, 0xC6, 0xFF, 0x10, 0x7D, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x51, 0xDF, 0xA9, 0x7D, 0x78, 0x26, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x15, 0x9A, 0xF7, 0x01, 0xC1, 0xBB, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x0F, 0xE6, 0x2A, 0xBD, 0x4A, 0x9E, 0x87), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_4_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xF8, 0xD1, 0x77, 0xD2, 0x49, 0xB3, 0xDD), + MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x86, 0xFB, 0x9E, 0x1F, 0x5A, 0x60, 0x47), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xC4, 0x8D, 0xCD, 0x86, 0x61, 0x2F, 0xF9), + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xF6, 0xB9, 0xAC, 0x37, 0x9D, 0xE9, 0x28), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_5_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x77, 0xAA, 0x97, 0x9C, 0x0B, 0x04, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xA6, 0x60, 0x81, 0xCE, 0x25, 0x13, 0x3E), + MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x00, 0xF3, 0xBB, 0x82, 0x99, 0x95, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x5A, 0xCE, 0x90, 0x71, 0x38, 0x2F, 0x10), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_5_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x1A, 0xC0, 0x84, 0x27, 0xD6, 0x9D, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x37, 0x52, 0x16, 0x13, 0x0E, 0xCE, 0x92), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xBF, 0x5A, 0xDB, 0xDB, 0x6E, 0x1E, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xB7, 0x5E, 0xF9, 0x86, 0xDD, 0x8A, 0x5C), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_6_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xAB, 0x5C, 0x8D, 0x1D, 0xF2, 0x2D, 0x1E), + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC5, 0xF8, 0xF7, 0x1D, 0x96, 0x0B, 0x4D), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x4C, 0xA7, 0x45, 0x20, 0x6A, 0x1E, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x5D, 0xEF, 0xDE, 0xEE, 0x39, 0x44, 0x19), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_6_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x2F, 0x6D, 0x52, 0xC9, 0x58, 0x60, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xC9, 0x62, 0xCB, 0x38, 0x3C, 0x55, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xA5, 0x09, 0x10, 0x88, 0xDB, 0xE3, 0xBD), + MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xE0, 0x3C, 0xCE, 0x06, 0x0B, 0x4B, 0x5D), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_7_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x1D, 0xB4, 0x10, 0x76, 0x8F, 0xBA, 0x09), + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x70, 0x5A, 0x07, 0xF5, 0x1A, 0x74, 0xC7), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xE9, 0x94, 0xA8, 0xC0, 0xD5, 0x4A, 0x4A), + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x6D, 0xD4, 0xE8, 0x9B, 0xE9, 0x6D, 0x0E), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_7_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x00, 0x32, 0x41, 0x57, 0x84, 0x89, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xC7, 0x14, 0xEC, 0xE9, 0x27, 0xFF, 0xF3), + MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x67, 0x9E, 0xFB, 0xB6, 0xB8, 0x96, 0xF3), + MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x4A, 0xE3, 0x97, 0x4B, 0x58, 0xDE, 0x30), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_8_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x1E, 0x5C, 0xF5, 0x7F, 0xD5, 0xD4, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x08, 0x7A, 0xF1, 0xBD, 0x89, 0xC7, 0x1E), + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xF9, 0x11, 0x1B, 0xF5, 0x3C, 0x6D, 0x8C), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x50, 0xE5, 0x69, 0x1D, 0x59, 0xFC, 0x0C), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_8_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x2F, 0xF8, 0x3F, 0xEC, 0x55, 0x99, 0x57), + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xA7, 0x29, 0x90, 0x43, 0x81, 0x31, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x18, 0x44, 0x50, 0x5D, 0x76, 0xCB, 0xDD), + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xC5, 0x5B, 0x9A, 0x03, 0xE6, 0x17, 0x39), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_9_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x89, 0xFC, 0x55, 0x94, 0x91, 0x6A, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x46, 0x35, 0xF2, 0x3A, 0x42, 0x08, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xD2, 0x76, 0x49, 0x42, 0x87, 0xD3, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xEA, 0xA0, 0x52, 0xF1, 0x6A, 0x30, 0x57), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_9_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xB2, 0x57, 0xA3, 0x8A, 0x4D, 0x1B, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xA3, 0x99, 0x94, 0xB5, 0x3D, 0x64, 0x09), + MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xC3, 0xD7, 0x53, 0xF6, 0x49, 0x1C, 0x60), + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x23, 0x41, 0x4D, 0xFB, 0x7A, 0x5C, 0x53), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_10_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xB8, 0x15, 0x65, 0x5C, 0x85, 0x94, 0xD7), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x37, 0xC7, 0xF8, 0x7E, 0xAE, 0x6C, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xD8, 0x11, 0x54, 0x98, 0x44, 0xE3, 0xF1), + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x4D, 0xA6, 0x4B, 0x28, 0xF2, 0x57, 0x9E), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_10_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xD0, 0xEB, 0x1E, 0xAA, 0x30, 0xD3, 0x6A), + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x9B, 0x4D, 0xA7, 0x73, 0x6E, 0xB6, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x47, 0xF6, 0xED, 0x37, 0xEF, 0x71, 0x4D), + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xB5, 0x49, 0x61, 0x5E, 0x45, 0xF6, 0x4A), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_11_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x0E, 0xB3, 0x84, 0x3A, 0x63, 0x72, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x53, 0x5C, 0xA7, 0xC6, 0x2E, 0xAB, 0x9E), + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x0F, 0x8F, 0x87, 0x50, 0x28, 0xB4, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x98, 0x4A, 0x98, 0x31, 0x86, 0xCA, 0x51), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_11_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xC9, 0xE2, 0xFD, 0x5D, 0x1F, 0xE8, 0xC2), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x90, 0x91, 0xC4, 0x84, 0xF0, 0xBA, 0xC5), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5A, 0xB3, 0x4E, 0xFB, 0xE0, 0x57, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x0B, 0x90, 0xA6, 0xFD, 0x9D, 0x8E, 0x02), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_12_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x41, 0x8F, 0x31, 0xFA, 0x5A, 0xF6, 0x33), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xE9, 0xE3, 0xF6, 0xE0, 0x4A, 0xE7, 0xD2), + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x4E, 0xCD, 0xA2, 0x22, 0x14, 0xD4, 0x12), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xED, 0x21, 0xB7, 0x0F, 0x53, 0x10, 0x17), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_12_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x06, 0x24, 0x2C, 0x4E, 0xD1, 0x1E, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x3F, 0xC1, 0x9F, 0xAB, 0xF0, 0x37, 0x95), + MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x5E, 0x12, 0xCE, 0x83, 0x1B, 0x2A, 0x18), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x65, 0xCF, 0xE8, 0x5C, 0xA5, 0xA2, 0x70), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_13_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x86, 0x76, 0x3A, 0x94, 0xF6, 0x1D, 0xC1), + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xDA, 0xC9, 0xA6, 0x29, 0x93, 0x15, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x61, 0x6A, 0x7D, 0xC7, 0xA9, 0xF3, 0x76), + MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x03, 0x71, 0xA2, 0x15, 0xCE, 0x50, 0x72), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_13_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xD0, 0xA8, 0x1E, 0x91, 0xC4, 0x4F, 0x24), + MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x4B, 0x7E, 0xD7, 0x71, 0x58, 0x7E, 0x1E), + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x45, 0xAF, 0x2A, 0x18, 0x93, 0x95, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x8F, 0xC7, 0xFA, 0x4C, 0x7A, 0x86, 0x54), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_14_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xAF, 0x68, 0x3A, 0x23, 0xC1, 0x2E, 0xBF), + MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x50, 0x11, 0x67, 0x39, 0xB9, 0xAF, 0x48), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x86, 0xAA, 0x1E, 0x88, 0x21, 0x29, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x28, 0xA4, 0x9D, 0x89, 0xA9, 0x9A, 0x10), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_14_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBA, 0x04, 0x67, 0xB7, 0x01, 0x40, 0x38), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xE9, 0x09, 0xA3, 0xCA, 0xA6, 0x37, 0xF6), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x97, 0xA8, 0xB6, 0x3C, 0xEE, 0x90, 0x3D), + MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xED, 0xC4, 0xF7, 0xC3, 0x95, 0xEC, 0x85), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_15_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x84, 0xBD, 0xEB, 0xD5, 0x64, 0xBB, 0x9D), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x9B, 0xE2, 0x28, 0x50, 0xC2, 0x72, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xF2, 0x74, 0xD1, 0x26, 0xBF, 0x32, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xCB, 0xAF, 0x72, 0xDB, 0x6D, 0x30, 0x98), +}; +static const mbedtls_mpi_uint brainpoolP256r1_T_15_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x50, 0x85, 0xF4, 0x2B, 0x48, 0xC1, 0xAD), + MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x28, 0xBB, 0x11, 0xBA, 0x5B, 0x22, 0x6C), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xA1, 0xE5, 0x5C, 0xC9, 0x1D, 0x44, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xE8, 0xE6, 0x6F, 0xBB, 0xC1, 0x81, 0x7F), +}; +static const mbedtls_ecp_point brainpoolP256r1_T[16] = { + ECP_POINT_INIT_XY_Z1(brainpoolP256r1_T_0_X, brainpoolP256r1_T_0_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_1_X, brainpoolP256r1_T_1_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_2_X, brainpoolP256r1_T_2_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_3_X, brainpoolP256r1_T_3_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_4_X, brainpoolP256r1_T_4_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_5_X, brainpoolP256r1_T_5_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_6_X, brainpoolP256r1_T_6_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_7_X, brainpoolP256r1_T_7_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_8_X, brainpoolP256r1_T_8_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_9_X, brainpoolP256r1_T_9_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_10_X, brainpoolP256r1_T_10_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_11_X, brainpoolP256r1_T_11_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_12_X, brainpoolP256r1_T_12_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_13_X, brainpoolP256r1_T_13_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_14_X, brainpoolP256r1_T_14_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_15_X, brainpoolP256r1_T_15_Y), +}; +#else +#define brainpoolP256r1_T NULL +#endif + +#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ + +/* + * Domain parameters for brainpoolP384r1 (RFC 5639 3.6) + */ +#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) +static const mbedtls_mpi_uint brainpoolP384r1_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC), + MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C), +}; +static const mbedtls_mpi_uint brainpoolP384r1_a[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A), + MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B), +}; +static const mbedtls_mpi_uint brainpoolP384r1_b[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E), + MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04), +}; +static const mbedtls_mpi_uint brainpoolP384r1_gx[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88), + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D), +}; +static const mbedtls_mpi_uint brainpoolP384r1_gy[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A), +}; +static const mbedtls_mpi_uint brainpoolP384r1_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C), +}; + +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +static const mbedtls_mpi_uint brainpoolP384r1_T_0_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88), + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_0_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_1_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0xD8, 0x8A, 0x54, 0x41, 0xD6, 0x6B, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x3B, 0xF1, 0x22, 0xFD, 0x2D, 0x4B, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x55, 0xE3, 0x33, 0xF0, 0x73, 0x52, 0x5A), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x3F, 0x30, 0x26, 0xCA, 0x7F, 0x52, 0xA3), + MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x6E, 0x17, 0x9B, 0xD5, 0x2A, 0x4A, 0x31), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xDA, 0x6B, 0xE5, 0x03, 0x07, 0x1D, 0x2E), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_1_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x7A, 0xAF, 0x98, 0xE3, 0xA4, 0xF6, 0x19), + MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x7D, 0xFE, 0x51, 0x40, 0x3B, 0x47, 0xD2), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x88, 0xEC, 0xC4, 0xE2, 0x8F, 0xCB, 0xA4), + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xE2, 0x88, 0x2D, 0x4E, 0x50, 0xEB, 0x9A), + MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x54, 0x94, 0x5E, 0xF4, 0x7F, 0x3A, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x07, 0x1C, 0xE1, 0xBD, 0x0F, 0xF8, 0x63), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_2_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x92, 0x28, 0x2E, 0x32, 0x04, 0xB1, 0x4D), + MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x82, 0x44, 0x43, 0x76, 0x0D, 0x55, 0xBF), + MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xE3, 0xFF, 0x89, 0x46, 0xDE, 0x4E, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x22, 0xBB, 0x67, 0x1A, 0x81, 0xEE, 0x27), + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x54, 0xE2, 0x7A, 0xAE, 0xDA, 0x2C, 0xD0), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x9A, 0x90, 0xAA, 0x6E, 0x8B, 0xCC, 0x5F), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_2_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x40, 0xAC, 0xED, 0x7D, 0x37, 0x87, 0xAC), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xF8, 0xB1, 0x80, 0x4C, 0x8C, 0x04, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x98, 0x2C, 0xAD, 0x30, 0x69, 0x35, 0xC0), + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x2E, 0x00, 0x2F, 0x44, 0x8C, 0xF0, 0xC0), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x58, 0x07, 0xD7, 0xCD, 0x60, 0xA1, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xFB, 0x7B, 0x03, 0x05, 0x5E, 0x79, 0x73), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_3_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x17, 0xCE, 0x38, 0x4B, 0x5E, 0x5B, 0xC8), + MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x0E, 0x0A, 0x61, 0x9D, 0x7C, 0x62, 0x08), + MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xF0, 0x98, 0x71, 0x7F, 0x17, 0x26, 0xD7), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xD3, 0xFA, 0x3C, 0xF0, 0x70, 0x07, 0x82), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x47, 0x5C, 0x09, 0x43, 0xB7, 0x65, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xA9, 0xA7, 0x3E, 0xFA, 0xF3, 0xEC, 0x22), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_3_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x78, 0x22, 0x2B, 0x58, 0x71, 0xFA, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x30, 0xCE, 0x6A, 0xB3, 0xB0, 0x4F, 0x83), + MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x95, 0x20, 0xA9, 0x23, 0xC2, 0x65, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xCF, 0x03, 0x5B, 0x8A, 0x80, 0x44, 0xBB), + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xF8, 0x91, 0xF7, 0xD5, 0xED, 0xEA, 0x81), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x5B, 0x16, 0x10, 0x25, 0xAC, 0x2A, 0x17), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_4_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xEC, 0xDC, 0xC4, 0x7B, 0x8C, 0x6B, 0xE9), + MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xBB, 0x1C, 0xD3, 0x5A, 0xEE, 0xD9, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x5D, 0x30, 0x5E, 0xF7, 0xB2, 0x41, 0x9D), + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xCE, 0x0F, 0x1A, 0xC6, 0x41, 0x64, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x18, 0xE1, 0xE3, 0x82, 0x15, 0x66, 0x4B), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xE2, 0x24, 0x04, 0x72, 0x39, 0xA0, 0x7C), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_4_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x51, 0xA2, 0x58, 0x88, 0x62, 0xE1, 0x02), + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xD2, 0x65, 0x14, 0xE9, 0x4C, 0x82, 0x30), + MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xE1, 0xAC, 0x87, 0xAE, 0x31, 0x1A, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x4F, 0x96, 0x1E, 0x85, 0x7A, 0xC3, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x86, 0xBB, 0xF0, 0xC0, 0x9D, 0x08, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x53, 0x03, 0x09, 0x80, 0x91, 0xEF, 0x68), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_5_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xD7, 0xAF, 0x6F, 0x69, 0x7B, 0x88, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x13, 0xE4, 0x30, 0xA2, 0x47, 0xB5, 0xC1), + MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xD2, 0xC0, 0xDD, 0x8A, 0x1C, 0x3C, 0xF2), + MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x8C, 0xB3, 0x4C, 0xBA, 0x8B, 0x6D, 0xCF), + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0xC7, 0xA1, 0xA8, 0x6E, 0x3C, 0x4F, 0xF1), + MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x4A, 0x97, 0xC8, 0x03, 0x6F, 0x01, 0x82), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_5_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x18, 0x12, 0xA9, 0x39, 0xD5, 0x22, 0x26), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xA7, 0xC0, 0xBD, 0x9D, 0x8D, 0x78, 0x38), + MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xB3, 0xD0, 0x7F, 0xDF, 0xD0, 0x30, 0xDE), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x25, 0x73, 0x96, 0xEC, 0xA8, 0x1D, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xD1, 0x65, 0x66, 0xDC, 0xD9, 0xCF, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xED, 0x7B, 0x37, 0xAD, 0xE2, 0xBE, 0x2D), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_6_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x79, 0x42, 0x6A, 0x07, 0x66, 0xB1, 0xBD), + MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x53, 0x62, 0x65, 0x92, 0x09, 0x4C, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xAF, 0xC3, 0x03, 0xF6, 0xF4, 0x2D, 0x9B), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xCA, 0x41, 0xD9, 0xA2, 0x69, 0x9B, 0xC9), + MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xB2, 0xA6, 0x8D, 0xE1, 0xAA, 0x61, 0x76), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xBA, 0x4D, 0x12, 0xB6, 0xBE, 0xF3, 0x7E), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_6_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xD9, 0x92, 0x22, 0x07, 0xCE, 0xC9, 0x26), + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xA1, 0x7C, 0x91, 0xDB, 0x32, 0xF7, 0xE5), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x49, 0x4B, 0x6D, 0xFB, 0xD9, 0x70, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xFB, 0x4E, 0x4C, 0x5E, 0x66, 0x81, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xB3, 0xE1, 0x00, 0xB7, 0xD9, 0xCC, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x36, 0x8B, 0xC4, 0x39, 0x20, 0xFD, 0x30), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_7_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x1F, 0x60, 0x03, 0xBB, 0xD7, 0x60, 0x57), + MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x3C, 0x62, 0xDD, 0x71, 0x95, 0xE9, 0x61), + MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x5B, 0x7A, 0x5F, 0x68, 0x81, 0xC5, 0x90), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xB5, 0xB9, 0x98, 0x42, 0x28, 0xA5), + MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x29, 0x8E, 0x11, 0x49, 0xB4, 0xD7, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x3E, 0xD2, 0x30, 0xA1, 0xBA, 0xCA, 0x03), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_7_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x37, 0x64, 0x44, 0x2F, 0x03, 0xE5, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x42, 0xBC, 0xFF, 0xA2, 0x1A, 0x5F, 0x06), + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x04, 0xAB, 0x04, 0xE0, 0x24, 0xAD, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x45, 0x17, 0x67, 0x1F, 0x3E, 0x53, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x0F, 0xB3, 0x1B, 0x57, 0x54, 0xC2, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xD3, 0xF8, 0xC4, 0x1B, 0x9B, 0xFA, 0x30), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_8_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x90, 0xFD, 0xFB, 0xCA, 0x49, 0x38, 0x4E), + MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xCF, 0xC6, 0xDD, 0xF0, 0xFF, 0x8C, 0x11), + MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x69, 0x9D, 0xBD, 0x5F, 0x33, 0xE9, 0xB4), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x19, 0x82, 0x3D, 0xAC, 0x1C, 0x40, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC7, 0x02, 0x46, 0x14, 0x77, 0x00, 0xBE), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x05, 0xF2, 0x77, 0x3A, 0x66, 0x5C, 0x39), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_8_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xE6, 0x17, 0xDE, 0xB2, 0xA1, 0xE5, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x71, 0xEC, 0x9D, 0xD8, 0xF5, 0xD4, 0x66), + MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xC6, 0x42, 0x5E, 0xE7, 0x18, 0xBA, 0xD0), + MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x21, 0x68, 0x5A, 0x26, 0xFB, 0xD7, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x00, 0x5C, 0xBA, 0x8A, 0x34, 0xEC, 0x75), + MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x9C, 0x3C, 0xAF, 0x53, 0xE8, 0x65, 0x35), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_9_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xEF, 0x28, 0xDC, 0x67, 0x05, 0xC8, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x78, 0xC3, 0x85, 0x49, 0xA0, 0xBC, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x3E, 0x2D, 0xA0, 0xCF, 0xD4, 0x7A, 0xF5), + MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x93, 0xFE, 0x60, 0xB3, 0x6E, 0x99, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xAD, 0x04, 0xE7, 0x49, 0xAF, 0x5E, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x7A, 0xED, 0xA6, 0x9E, 0x18, 0x09, 0x31), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_9_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x05, 0x94, 0x44, 0xDC, 0xB8, 0x85, 0x94), + MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xB7, 0x37, 0xC2, 0x50, 0x75, 0x15, 0xDA), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xC6, 0x0F, 0xB2, 0xA9, 0x91, 0x3E, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x81, 0xAD, 0x25, 0xA1, 0x26, 0x73, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xF1, 0xD1, 0x61, 0x7C, 0x76, 0x8F, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xDB, 0x4A, 0xFF, 0x14, 0xA7, 0x48, 0x0B), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_10_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x73, 0xC6, 0xC2, 0xCC, 0xF1, 0x57, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xED, 0x73, 0x27, 0x70, 0x82, 0xB6, 0x5E), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xBA, 0xAC, 0x3A, 0xCF, 0xF4, 0xEA, 0xA6), + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xD6, 0xB1, 0x8F, 0x0E, 0x08, 0x2C, 0x5E), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xE3, 0x8F, 0x2F, 0x0E, 0xA1, 0xF3, 0x07), + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xF5, 0x7C, 0x9B, 0x29, 0x0A, 0xF6, 0x28), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_10_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xEE, 0x17, 0x47, 0x34, 0x15, 0xA3, 0xAF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xBE, 0x88, 0x48, 0xE7, 0xA2, 0xBB, 0xDE), + MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xAD, 0xDC, 0x65, 0x61, 0x37, 0x0F, 0xC1), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x67, 0xAD, 0xA2, 0x3A, 0x1C, 0x91, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x07, 0x0C, 0x3A, 0x41, 0x6E, 0x13, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0xBD, 0x7E, 0xED, 0xAA, 0x14, 0xDD, 0x61), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_11_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xDC, 0x20, 0x01, 0x72, 0x11, 0x48, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xC4, 0x7B, 0xF8, 0x62, 0x3D, 0xF0, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xC2, 0x3D, 0x2E, 0x52, 0xA3, 0x4A, 0x89), + MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE2, 0x53, 0x46, 0x5E, 0x21, 0xF8, 0xCE), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xC7, 0x8F, 0xA9, 0x26, 0x42, 0x32, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xA6, 0xA0, 0x8D, 0x4B, 0x9A, 0x19, 0x03), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_11_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xAB, 0x6D, 0x1E, 0xFB, 0xEE, 0x60, 0x0C), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x56, 0x3C, 0xC5, 0x5D, 0x10, 0x79, 0x1C), + MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xBC, 0x41, 0x9F, 0x71, 0xEF, 0x02, 0xF9), + MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x36, 0xC4, 0xD0, 0x88, 0x9B, 0x32, 0xFC), + MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xD4, 0x5D, 0x17, 0x39, 0xE6, 0x22, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x26, 0x01, 0xCE, 0xBE, 0x4A, 0x9C, 0x27), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_12_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x6D, 0x11, 0xCA, 0x6C, 0x5A, 0x93, 0x0C), + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x96, 0x26, 0xAF, 0x2F, 0xE4, 0x30, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xC1, 0x4C, 0xC6, 0x30, 0x1F, 0x5C, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xB3, 0xE8, 0xFC, 0x35, 0xEB, 0x63, 0x6C), + MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x1D, 0xCA, 0xFC, 0x50, 0x36, 0x4B, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x0E, 0x23, 0x5B, 0xAF, 0xEB, 0x2D, 0x31), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_12_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x88, 0xB6, 0xD7, 0x74, 0x4A, 0x23, 0xB6), + MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x66, 0xE2, 0xBB, 0x29, 0xA6, 0x4F, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x6F, 0x7E, 0x68, 0x6E, 0xA0, 0x14, 0x94), + MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x73, 0xD4, 0xE8, 0xAB, 0x5B, 0xF6, 0x0D), + MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xE0, 0x3C, 0x24, 0x00, 0x95, 0xE9, 0xAD), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x0D, 0x4F, 0x81, 0xD0, 0xF2, 0x3F, 0x00), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_13_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x1D, 0xCD, 0x78, 0x39, 0xC4, 0x6B, 0xD9), + MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x45, 0xC7, 0xB8, 0x2F, 0xAA, 0x5D, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x8C, 0x6E, 0xA3, 0x24, 0xB2, 0xDB, 0x4B), + MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x2D, 0xD9, 0xF1, 0xC7, 0x9B, 0x8A, 0xAF), + MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xE1, 0x2C, 0xB9, 0x40, 0x37, 0x91, 0x75), + MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x2C, 0xB5, 0x23, 0x03, 0x2B, 0xAF, 0x2F), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_13_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x9D, 0x5A, 0x20, 0x10, 0xA9, 0x84, 0xDA), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x30, 0x89, 0x20, 0x13, 0xE9, 0xB2, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x6E, 0x52, 0xEB, 0x03, 0x18, 0x1F, 0xA6), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x9E, 0x1C, 0x35, 0x87, 0x92, 0x69, 0xC7), + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0xC9, 0x88, 0xAF, 0xC6, 0x6C, 0x83, 0x72), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xD5, 0x7A, 0x54, 0x34, 0x99, 0xB6, 0x6F), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_14_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0xAD, 0x45, 0x9B, 0x4B, 0x41, 0x4D, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x5D, 0xAB, 0x7F, 0x35, 0x34, 0xE9, 0x29), + MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0xBE, 0x78, 0x34, 0x44, 0xF3, 0x4A, 0x87), + MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xDE, 0xE3, 0xC4, 0xEE, 0x0B, 0xF9, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x86, 0x16, 0x48, 0x32, 0xB8, 0x74, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xEE, 0x7C, 0xBA, 0xBD, 0x81, 0xE3, 0x55), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_14_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x6A, 0xFA, 0x84, 0xDA, 0xB8, 0xD5, 0x14), + MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x9F, 0x8A, 0xD5, 0x1B, 0x2E, 0x1A, 0x0B), + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0C, 0x61, 0xE2, 0xFF, 0x5B, 0xE6, 0xD5), + MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x62, 0xC1, 0x87, 0x53, 0x1B, 0x92, 0xA3), + MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x90, 0x00, 0xD1, 0x6A, 0x0C, 0x0E, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x2E, 0xB5, 0x3B, 0x44, 0xB5, 0xA0, 0x78), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_15_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x5D, 0x02, 0x58, 0xB5, 0xBE, 0x45, 0x14), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xEF, 0x8E, 0x90, 0x4D, 0x2A, 0x32, 0xAC), + MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x99, 0x75, 0x5C, 0x0A, 0x33, 0x8F, 0x36), + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x6C, 0x95, 0xD4, 0x1F, 0xF3, 0xEB, 0xDA), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xE4, 0x4C, 0x91, 0x20, 0xF3, 0x25, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x95, 0xEB, 0x29, 0x6F, 0x20, 0x34, 0x81), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_15_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x15, 0xE5, 0x13, 0x7E, 0x64, 0x8B, 0xAD), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xBC, 0x0D, 0x18, 0x7E, 0x37, 0x9E, 0xFA), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x82, 0x20, 0xF7, 0x2D, 0x7A, 0x77, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x29, 0xA2, 0xDB, 0x7A, 0xE6, 0x6F, 0xA5), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xC6, 0x50, 0x5C, 0xBC, 0xE6, 0x4F, 0xBD), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x9F, 0xD5, 0xE8, 0xC5, 0x3D, 0xB7, 0x30), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_16_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x03, 0x55, 0x10, 0xDB, 0xA6, 0x8B, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x17, 0xAE, 0x78, 0xC9, 0x1D, 0x43, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x35, 0x49, 0xD4, 0x47, 0x84, 0x8D, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x95, 0x2F, 0xEA, 0xBC, 0xB4, 0x18, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x48, 0xAE, 0x89, 0xF5, 0x65, 0x3D, 0x89), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xF2, 0x2B, 0x20, 0xD1, 0x75, 0x50, 0x63), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_16_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xE6, 0x5C, 0x2C, 0xE0, 0x7D, 0xDF, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x07, 0x3E, 0xCE, 0x9F, 0x18, 0xB6, 0x05), + MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0xF8, 0xF0, 0xD5, 0xFA, 0x42, 0x1D, 0x6D), + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x6C, 0x1D, 0x03, 0xC9, 0x0E, 0x2B, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x18, 0x52, 0xA5, 0xB4, 0x63, 0xE1, 0x06), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0xD9, 0xC4, 0xFD, 0x16, 0x60, 0x54), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_17_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x7D, 0xDE, 0xDF, 0x4B, 0x4A, 0xB0, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x4E, 0x8C, 0x94, 0xC1, 0xE2, 0x85, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xF0, 0xEA, 0xB5, 0x9B, 0x70, 0xEF, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xC2, 0x39, 0x5D, 0xF3, 0x2C, 0xD9, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x1C, 0x2E, 0xCC, 0x2F, 0x54, 0x87, 0x80), + MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x72, 0xC7, 0xB5, 0x50, 0xA3, 0x84, 0x77), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_17_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xD1, 0xAF, 0xA9, 0xB4, 0x8B, 0x5D, 0xFA), + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xF6, 0x52, 0x8A, 0xC3, 0x56, 0xA5, 0x5E), + MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x52, 0xFF, 0xEA, 0x05, 0x42, 0x77, 0x83), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x08, 0x90, 0x72, 0x86, 0xC4, 0xC3, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x15, 0xF8, 0xF1, 0x16, 0x67, 0xC6, 0xD5), + MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x87, 0xAC, 0x8F, 0x71, 0xEC, 0x83, 0x81), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_18_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xE1, 0xE6, 0x2D, 0x0E, 0x11, 0xA1, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xE2, 0xA8, 0x32, 0xE6, 0xE3, 0x83, 0xD1), + MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x56, 0xE5, 0xCD, 0xB7, 0x2B, 0x67, 0x6F), + MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xED, 0xC9, 0x65, 0x6D, 0x87, 0xE1, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x8E, 0xFD, 0x9A, 0x53, 0x0E, 0xFA, 0xA3), + MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x4C, 0x4A, 0xE2, 0x23, 0x84, 0xFA, 0x01), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_18_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFE, 0x49, 0x81, 0xD1, 0x3E, 0xF4, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x72, 0xE0, 0xEF, 0x0D, 0xB8, 0x3E, 0x6F), + MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x00, 0x0F, 0x5F, 0xCE, 0x60, 0x72, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xCC, 0xD8, 0x03, 0x07, 0x6E, 0x5A, 0xCD), + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x3A, 0x35, 0x50, 0x4E, 0x1F, 0xCA, 0x5F), + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xEA, 0x88, 0x55, 0xBD, 0x6E, 0x05, 0x7F), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_19_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x6D, 0xF1, 0x97, 0xA6, 0x69, 0x39, 0x24), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x41, 0x99, 0xFF, 0x3B, 0xA1, 0x26, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x2F, 0x95, 0x80, 0x12, 0x4A, 0x1B, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xBF, 0x51, 0xAA, 0xAE, 0x2D, 0xDA, 0xCF), + MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x1C, 0xB3, 0x52, 0x36, 0x49, 0xD4, 0x86), + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xC1, 0x1F, 0x3A, 0xD3, 0x3E, 0x5C, 0x1A), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_19_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x51, 0xF7, 0x2B, 0xC8, 0xA9, 0xA7, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x4E, 0x7F, 0x98, 0x41, 0x66, 0xB0, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x1D, 0xC0, 0x42, 0xCD, 0xF8, 0xC3, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x41, 0x91, 0x7D, 0xCC, 0x8B, 0xCC, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xAE, 0x76, 0xED, 0x56, 0x18, 0xC5, 0xAB), + MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x6A, 0x06, 0xA3, 0x7F, 0x65, 0x10, 0x1F), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_20_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xEC, 0x3C, 0x05, 0x05, 0xCA, 0xF6, 0xED), + MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0xCD, 0x02, 0x51, 0x12, 0x16, 0x3C, 0x63), + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xEB, 0xB3, 0x43, 0x7B, 0xDD, 0xB2, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x59, 0x90, 0x41, 0xDB, 0xE4, 0xF5, 0x91), + MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x0E, 0x18, 0x2A, 0x5A, 0x83, 0x7C, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x37, 0xA1, 0x0D, 0xF1, 0x2F, 0x63, 0x79), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_20_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xC0, 0xFA, 0x6F, 0x1F, 0x67, 0xCF, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x34, 0x45, 0xBB, 0xF4, 0xF9, 0x9B, 0x89), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x69, 0xFE, 0x67, 0x1D, 0x64, 0x8F, 0xB9), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x39, 0xBF, 0xD8, 0xB3, 0xC7, 0xAD, 0x8A), + MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x93, 0xFF, 0xF3, 0x28, 0xFA, 0x39, 0xF6), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xF9, 0xC3, 0x85, 0x26, 0x7A, 0x88, 0x89), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_21_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xD5, 0x79, 0xD8, 0x11, 0xDE, 0xEB, 0x4E), + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x46, 0xA4, 0x6A, 0xDA, 0x74, 0x34, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xBD, 0xD3, 0xF5, 0x14, 0xEE, 0xFE, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x4C, 0xA3, 0x71, 0x43, 0x65, 0xF8, 0x94), + MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x6C, 0x35, 0xFA, 0x90, 0x25, 0xD8, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x34, 0x84, 0x96, 0xA1, 0x43, 0x03, 0x4D), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_21_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x3B, 0x3B, 0x2F, 0xCA, 0x59, 0xF2, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x48, 0x24, 0x74, 0xD8, 0x72, 0x90, 0xA3), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x42, 0x74, 0x8C, 0x6F, 0x52, 0x19, 0x3D), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x9E, 0x41, 0x63, 0x68, 0x78, 0x4C, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x94, 0xB6, 0x6B, 0x38, 0x52, 0xA8, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x30, 0x25, 0x93, 0xA1, 0x6F, 0x6E, 0x68), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_22_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x2F, 0x4B, 0x64, 0x79, 0x50, 0xFF, 0x01), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x36, 0xED, 0x57, 0x39, 0x3B, 0xE7, 0xF3), + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x85, 0xEA, 0x35, 0xD6, 0xC0, 0xA0, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x89, 0x3A, 0xCC, 0x22, 0x1C, 0x46, 0x02), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x7A, 0xB0, 0xA1, 0x1B, 0x69, 0x62, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xB8, 0x8A, 0x6C, 0x18, 0x85, 0x0D, 0x88), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_22_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xB6, 0x50, 0xE9, 0x4E, 0x7F, 0xE8, 0x07), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x5B, 0x5C, 0xD1, 0x4B, 0x11, 0x9A, 0xD8), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x25, 0x56, 0x74, 0x51, 0x9C, 0xEC, 0x9C), + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x7F, 0xB6, 0x8A, 0xCB, 0x3A, 0x10, 0x6A), + MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x33, 0x07, 0x01, 0xE9, 0x49, 0x59, 0xE6), + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xA5, 0x2E, 0xF2, 0xBA, 0x32, 0x63, 0x44), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_23_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x06, 0x0B, 0xA5, 0x44, 0x27, 0x7F, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x74, 0xAC, 0x0F, 0xCC, 0x4F, 0x13, 0x61), + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xB1, 0xBF, 0x97, 0x49, 0xA5, 0x1C, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x64, 0x68, 0x7B, 0x0F, 0xCC, 0x77, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x39, 0xF9, 0x4E, 0x84, 0x9C, 0xF6, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xCF, 0x6D, 0xE2, 0xA1, 0x2D, 0xF9, 0x2B), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_23_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xC4, 0x90, 0x57, 0x31, 0x01, 0x05, 0x5E), + MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x1E, 0xBB, 0xBF, 0x98, 0xA4, 0x7C, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xE3, 0xA0, 0xB2, 0xCD, 0x39, 0x9A, 0x3F), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x34, 0x60, 0x7A, 0x89, 0x98, 0xB5, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0x20, 0x3D, 0x3A, 0x04, 0x8F, 0x5A, 0xAC), + MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x26, 0xB6, 0x49, 0x09, 0x9C, 0x0F, 0x59), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_24_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x66, 0xD2, 0x38, 0x2A, 0x62, 0x81, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xC8, 0x20, 0x5E, 0x28, 0xA3, 0x81, 0xA7), + MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x31, 0xA4, 0xF1, 0xEA, 0x7D, 0x87, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x2C, 0x99, 0x09, 0x6F, 0x63, 0xEB, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x76, 0xDA, 0x1A, 0x06, 0xBE, 0xDE, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x09, 0x2E, 0x75, 0x39, 0x30, 0x2D, 0x42), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_24_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x9B, 0xC1, 0x5A, 0x17, 0xC3, 0x8C, 0x31), + MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x8D, 0x94, 0x4D, 0x3D, 0xAB, 0x60, 0xD4), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFD, 0x1E, 0x0F, 0x43, 0xAE, 0x9D, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0xF2, 0xF3, 0x20, 0x1B, 0xAA, 0xB7, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x5B, 0xA4, 0xF4, 0x90, 0x3B, 0xE3, 0x71), + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x78, 0x72, 0xBD, 0x65, 0x09, 0x0B, 0x01), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_25_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x37, 0x2A, 0x6C, 0x16, 0x4F, 0x64, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xCE, 0xA3, 0x90, 0xB4, 0x9A, 0xBC, 0xF7), + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x38, 0x55, 0x63, 0x1D, 0x3A, 0x6E, 0x18), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xB4, 0xAA, 0x99, 0x22, 0x45, 0x89, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x7C, 0x8C, 0xA6, 0x3D, 0xA7, 0x3E, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x06, 0x42, 0xDC, 0xA6, 0xE3, 0xC6, 0x12), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_25_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x8C, 0x3D, 0x5D, 0x47, 0x31, 0x7C, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x85, 0xEE, 0x46, 0x7E, 0x13, 0x04, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x3C, 0x8B, 0x43, 0x2E, 0x74, 0xF5, 0xF6), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x88, 0x8E, 0x07, 0x29, 0x08, 0x03, 0x26), + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x9B, 0x89, 0xEB, 0x08, 0xE8, 0x43, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x07, 0x67, 0xFD, 0xD9, 0x73, 0x6F, 0x18), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_26_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xEB, 0x21, 0x8D, 0x98, 0x43, 0x74, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xCC, 0x14, 0xD8, 0x08, 0xBB, 0xA6, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x98, 0xF2, 0x6A, 0x18, 0xC3, 0xDD, 0x9E), + MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x38, 0x91, 0xA0, 0x03, 0xF2, 0x04, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xAF, 0xE8, 0xFD, 0xFB, 0x13, 0x70, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x93, 0x87, 0x98, 0x4A, 0xE0, 0x00, 0x12), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_26_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x2E, 0x69, 0x9C, 0xA2, 0x2D, 0x03, 0x3F), + MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xFE, 0xF3, 0xB9, 0xC1, 0x85, 0x2A, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xFD, 0x86, 0xB1, 0xCD, 0xBF, 0x41, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xD8, 0x9A, 0x21, 0xF3, 0xFE, 0xCB, 0xF1), + MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x78, 0x04, 0x60, 0xB7, 0xA9, 0xA2, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1E, 0x66, 0x2A, 0x54, 0x51, 0xBD, 0x8B), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_27_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x16, 0x36, 0xEF, 0x61, 0x2D, 0xEE, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x5F, 0x88, 0xA0, 0x13, 0x12, 0xF7, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xC6, 0xAD, 0x4A, 0x4A, 0x07, 0x01, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x74, 0xB1, 0x4F, 0xEB, 0xBD, 0xD5, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xF9, 0x71, 0xA2, 0x06, 0x4F, 0xD7, 0xBC), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x8B, 0x4D, 0x48, 0xE0, 0x98, 0xFB, 0x6A), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_27_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0xBA, 0x10, 0xA3, 0x0D, 0x52, 0xAC, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xD0, 0xE0, 0x36, 0xE6, 0x07, 0x3A, 0x30), + MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x80, 0xF0, 0xAA, 0x49, 0x22, 0x4B, 0xDD), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xC7, 0xAB, 0x1C, 0x89, 0xCD, 0x24, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x2A, 0xFC, 0xB3, 0x6D, 0x45, 0x96, 0x49), + MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xE4, 0xDB, 0x52, 0x3F, 0xC4, 0xB4, 0x19), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_28_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xCC, 0xC8, 0x7F, 0xBB, 0x6B, 0x87, 0x47), + MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x21, 0x3C, 0x69, 0x7D, 0x38, 0x57, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x4C, 0x18, 0x3C, 0x53, 0xA5, 0x48, 0x6D), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xC3, 0x64, 0x45, 0xDB, 0xC4, 0x6D, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xCC, 0xD1, 0xBB, 0x17, 0xB8, 0x34, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x69, 0x71, 0xFA, 0xA0, 0x28, 0x4A, 0x3D), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_28_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xE8, 0x9E, 0x39, 0xEA, 0x8D, 0x38, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x9C, 0xBB, 0xCD, 0x80, 0x1A, 0xEE, 0xB7), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA0, 0x45, 0xBF, 0xD9, 0x22, 0x11, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x7C, 0x5C, 0xD9, 0xC0, 0x9F, 0x69, 0xF5), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x8A, 0xA6, 0x79, 0x4E, 0x35, 0xB9, 0xD5), + MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x8B, 0x9A, 0x3E, 0xA1, 0xB8, 0x28, 0x10), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_29_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x2F, 0xEF, 0xBB, 0xA9, 0x72, 0x7F, 0xEA), + MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x34, 0xB7, 0x12, 0xB9, 0xE7, 0xC3, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x1D, 0xD9, 0x42, 0x77, 0x0C, 0x71, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x01, 0x59, 0xA7, 0x56, 0x03, 0x91, 0x8D), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x91, 0x99, 0x33, 0x30, 0x3E, 0xEF, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xC9, 0x5A, 0x9A, 0x54, 0x66, 0xF1, 0x70), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_29_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x2C, 0xB7, 0x6E, 0x71, 0x7D, 0x35, 0x30), + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x0D, 0xEF, 0xD1, 0x2D, 0x99, 0x63, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x31, 0xAF, 0x2D, 0xC9, 0xC6, 0xC2, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xC0, 0xDF, 0x80, 0x54, 0xC4, 0xAC, 0xF3), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x6B, 0xA0, 0x84, 0x96, 0xF7, 0x31, 0xC8), + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0xE2, 0x7C, 0x7A, 0x41, 0x45, 0x75, 0x6A), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_30_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xEE, 0x58, 0x31, 0xE8, 0x68, 0xD6, 0x76), + MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x2E, 0x48, 0xB7, 0x09, 0x9F, 0xD4, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xA9, 0x5C, 0xE7, 0x64, 0x43, 0x5D, 0xC9), + MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x58, 0x9F, 0x50, 0xAB, 0x68, 0xFF, 0x6D), + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x88, 0x2D, 0xBA, 0x12, 0xBF, 0x8D, 0x7D), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xDF, 0x6F, 0xB3, 0x75, 0xA4, 0x55, 0x73), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_30_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x17, 0x92, 0x39, 0xB7, 0x13, 0x37, 0x6F), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x43, 0x71, 0xA7, 0xCA, 0x17, 0x1B, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xB9, 0xB0, 0x78, 0xEF, 0xA0, 0xDA, 0x83), + MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x84, 0xF2, 0x0F, 0x85, 0xA2, 0xB6, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x65, 0x2E, 0x6E, 0x45, 0xB9, 0x4C, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x6A, 0x8C, 0x2B, 0x77, 0x96, 0x36, 0x22), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_31_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x7A, 0x13, 0x4A, 0x97, 0x63, 0x02, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x1E, 0x06, 0x03, 0x8F, 0xB9, 0xEE, 0x64), + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0xEE, 0x8B, 0x89, 0xA9, 0x70, 0xDB, 0xCE), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x7B, 0x81, 0xC9, 0x70, 0x8D, 0x62, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xDA, 0x46, 0xF8, 0xF9, 0x3A, 0xBE, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x9C, 0x7A, 0x97, 0x62, 0xEB, 0xFA, 0x0F), +}; +static const mbedtls_mpi_uint brainpoolP384r1_T_31_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x03, 0x3D, 0x3C, 0x46, 0x27, 0x9E, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x08, 0x1C, 0xD5, 0x25, 0xAF, 0xE9, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x69, 0xDC, 0x59, 0xF4, 0x8A, 0x7C, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x9A, 0x7A, 0x99, 0x21, 0x0C, 0x4E, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xCE, 0x85, 0x5F, 0xAC, 0xAA, 0x82, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x57, 0x69, 0x90, 0x76, 0xF3, 0x53, 0x3F), +}; +static const mbedtls_ecp_point brainpoolP384r1_T[32] = { + ECP_POINT_INIT_XY_Z1(brainpoolP384r1_T_0_X, brainpoolP384r1_T_0_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_1_X, brainpoolP384r1_T_1_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_2_X, brainpoolP384r1_T_2_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_3_X, brainpoolP384r1_T_3_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_4_X, brainpoolP384r1_T_4_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_5_X, brainpoolP384r1_T_5_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_6_X, brainpoolP384r1_T_6_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_7_X, brainpoolP384r1_T_7_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_8_X, brainpoolP384r1_T_8_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_9_X, brainpoolP384r1_T_9_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_10_X, brainpoolP384r1_T_10_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_11_X, brainpoolP384r1_T_11_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_12_X, brainpoolP384r1_T_12_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_13_X, brainpoolP384r1_T_13_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_14_X, brainpoolP384r1_T_14_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_15_X, brainpoolP384r1_T_15_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_16_X, brainpoolP384r1_T_16_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_17_X, brainpoolP384r1_T_17_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_18_X, brainpoolP384r1_T_18_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_19_X, brainpoolP384r1_T_19_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_20_X, brainpoolP384r1_T_20_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_21_X, brainpoolP384r1_T_21_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_22_X, brainpoolP384r1_T_22_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_23_X, brainpoolP384r1_T_23_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_24_X, brainpoolP384r1_T_24_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_25_X, brainpoolP384r1_T_25_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_26_X, brainpoolP384r1_T_26_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_27_X, brainpoolP384r1_T_27_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_28_X, brainpoolP384r1_T_28_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_29_X, brainpoolP384r1_T_29_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_30_X, brainpoolP384r1_T_30_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_31_X, brainpoolP384r1_T_31_Y), +}; +#else +#define brainpoolP384r1_T NULL +#endif + +#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ + +/* + * Domain parameters for brainpoolP512r1 (RFC 5639 3.7) + */ +#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) +static const mbedtls_mpi_uint brainpoolP512r1_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6), + MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F), + MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA), +}; +static const mbedtls_mpi_uint brainpoolP512r1_a[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94), + MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78), +}; +static const mbedtls_mpi_uint brainpoolP512r1_b[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA), + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D), +}; +static const mbedtls_mpi_uint brainpoolP512r1_gx[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81), +}; +static const mbedtls_mpi_uint brainpoolP512r1_gy[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0), + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2), + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0), + MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D), +}; +static const mbedtls_mpi_uint brainpoolP512r1_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6), + MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F), + MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA), +}; + +#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +static const mbedtls_mpi_uint brainpoolP512r1_T_0_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_0_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0), + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2), + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0), + MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_1_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xE9, 0x6B, 0x8C, 0x6F, 0x9D, 0x88, 0x43), + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x4F, 0x86, 0x96, 0xA7, 0x56, 0xD1, 0x37), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xAB, 0xFA, 0xEE, 0xA7, 0xF5, 0x0E, 0xA6), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x40, 0xEF, 0x9E, 0x6D, 0xD6, 0x32, 0x33), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xED, 0x56, 0x14, 0x57, 0x1A, 0x8D, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xED, 0x4D, 0x3A, 0xFA, 0x71, 0x75, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xC5, 0x76, 0x1C, 0x14, 0xBE, 0xB5, 0xCD), + MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x5A, 0xCB, 0xE7, 0x36, 0x1D, 0x52, 0x1C), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_1_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x8D, 0x7A, 0xEB, 0xA3, 0x8B, 0xD5, 0xB0), + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xA3, 0x41, 0xF8, 0xAC, 0x9E, 0xAB, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xE3, 0x65, 0x0D, 0x1C, 0xFE, 0x09, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xCA, 0x13, 0x3F, 0xC5, 0xF9, 0x7E, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x5D, 0x63, 0x28, 0xA6, 0x89, 0xD3, 0x91), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x95, 0x3F, 0x7A, 0x82, 0xD4, 0x77, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xBB, 0x92, 0x32, 0x00, 0xF4, 0x66, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x58, 0x31, 0xD1, 0x17, 0x9F, 0x2A, 0x22), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_2_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x36, 0xA9, 0xCD, 0x80, 0xA5, 0x2D, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x44, 0xAB, 0xCE, 0x71, 0xFF, 0x0C, 0x9B), + MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x24, 0x58, 0x35, 0x5A, 0x21, 0x32, 0x93), + MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0xA6, 0x28, 0xF8, 0x7A, 0x97, 0xAE, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xE7, 0x08, 0xFA, 0x47, 0xC9, 0x55, 0x09), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xAC, 0x2E, 0x84, 0xA4, 0xF5, 0x52, 0xC4), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x58, 0x05, 0x9D, 0xA7, 0xC8, 0x71, 0xBF), + MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x92, 0xB4, 0x92, 0xC1, 0x92, 0xEC, 0x6B), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_2_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x48, 0x2D, 0x79, 0x5E, 0x58, 0xE5, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x85, 0x26, 0xEC, 0xE9, 0x6E, 0xD4, 0x06), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x68, 0x26, 0x87, 0x38, 0xA2, 0xD2, 0x0B), + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x17, 0x60, 0xCE, 0x75, 0xF8, 0xA5, 0x6F), + MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x51, 0xDB, 0xA9, 0xAE, 0x87, 0xF1, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x49, 0x92, 0x3B, 0x19, 0x96, 0xF5, 0xB0), + MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0xD5, 0x52, 0x52, 0x8C, 0xCE, 0xFD, 0xFA), + MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x18, 0x0A, 0xE6, 0xF6, 0xAE, 0x08, 0x41), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_3_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x2B, 0xD8, 0x54, 0xCE, 0xB0, 0x57, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xB0, 0xF8, 0x9E, 0x03, 0x03, 0x3C, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x0E, 0x29, 0x29, 0x00, 0xF3, 0x70, 0xBF), + MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x33, 0x99, 0x0E, 0x00, 0x5D, 0xFE, 0x4B), + MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2D, 0xF2, 0x59, 0x32, 0xCF, 0x03, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xC9, 0x72, 0xAE, 0x0C, 0xEF, 0xD1, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x5A, 0x27, 0xBF, 0x2F, 0x45, 0xF9, 0x51), + MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xBE, 0xE5, 0x2C, 0xFF, 0x5B, 0x1E, 0x88), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_3_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xAC, 0xBB, 0xD8, 0x83, 0xC2, 0x46, 0xF6), + MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xDC, 0xCE, 0x15, 0xB4, 0xEF, 0xCF, 0x46), + MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xDB, 0x5E, 0x94, 0x31, 0x0B, 0xB2, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xB9, 0xE3, 0xE3, 0x11, 0x71, 0x41, 0x1E), + MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xE3, 0x01, 0xB7, 0x7D, 0xBC, 0x65, 0xBE), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x07, 0x65, 0x87, 0xA7, 0xE8, 0x48, 0xE3), + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x48, 0x8F, 0xD4, 0x30, 0x8E, 0xB4, 0x6C), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xE0, 0x73, 0xBE, 0x1E, 0xBF, 0x56, 0x36), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_4_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x0E, 0x5E, 0x87, 0xC5, 0xAB, 0x0E, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xF9, 0x5F, 0x80, 0x24, 0x4C, 0x2A, 0xF1), + MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x15, 0x21, 0x54, 0x92, 0x84, 0x8D, 0x6A), + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x8A, 0x47, 0x74, 0xDC, 0x42, 0xB1, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xF7, 0x30, 0xFD, 0xC1, 0x9B, 0x0C, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x6C, 0xCC, 0xDF, 0xC5, 0xE3, 0xA9, 0xD5), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x67, 0x59, 0x10, 0x5C, 0x51, 0x54, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x37, 0xFB, 0x6E, 0xB0, 0x78, 0x63, 0x8E), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_4_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xEF, 0xC4, 0x39, 0x20, 0xF1, 0x46, 0x66), + MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x62, 0xAE, 0xFF, 0x10, 0xE4, 0xE2, 0xE9), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x5C, 0xF5, 0x2E, 0x22, 0x89, 0xE5, 0x82), + MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x0C, 0x29, 0xA8, 0x62, 0xAE, 0xDB, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x9E, 0x0F, 0xCA, 0x87, 0x2A, 0x6F, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xDC, 0x9B, 0x9F, 0x65, 0xD4, 0xAD, 0x27), + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xC3, 0x08, 0x0F, 0xCF, 0x67, 0xE9, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x5C, 0xD7, 0xFF, 0x41, 0x9C, 0xCB, 0x26), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_5_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x25, 0x05, 0x12, 0xAD, 0x73, 0x63, 0x90), + MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x99, 0x07, 0x86, 0x57, 0xE7, 0x94, 0xB1), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x4B, 0xA5, 0xBF, 0x18, 0xA9, 0xEF, 0x6A), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x4C, 0xC4, 0x09, 0xF2, 0x2F, 0x0C, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x3A, 0x04, 0xEA, 0x89, 0x6C, 0x91, 0xB9), + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0x3A, 0xE7, 0xA3, 0xEC, 0x24, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xA1, 0x26, 0x21, 0x04, 0xE3, 0xB9, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x71, 0x4B, 0x7B, 0xC2, 0x89, 0xCD, 0xA2), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_5_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xB9, 0xA8, 0x9D, 0xFD, 0x00, 0x3A, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x41, 0x6C, 0xBB, 0x5A, 0xCA, 0x1F, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xD7, 0xE2, 0x6C, 0x6B, 0xA7, 0x48, 0xC9), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x19, 0xAD, 0xA7, 0xC1, 0x7E, 0x4F, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xF7, 0x19, 0x3C, 0x06, 0x74, 0x2C, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x23, 0x4F, 0x0C, 0x09, 0xB0, 0x80, 0x4A), + MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x74, 0x34, 0x08, 0x44, 0x7E, 0xA3, 0xDD), + MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xCC, 0x8D, 0x12, 0x6E, 0xE1, 0x3D, 0x0B), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_6_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x18, 0xB1, 0x71, 0x02, 0x93, 0xC2, 0xA4), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x89, 0x40, 0xE2, 0x1F, 0xE7, 0x5E, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x8E, 0xAE, 0x89, 0x01, 0xD4, 0x0C, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xDA, 0x58, 0x70, 0x24, 0xF2, 0xE4, 0x5F), + MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0xC7, 0x1D, 0xD6, 0x4A, 0x6F, 0x66, 0x4F), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x1D, 0x7E, 0x4A, 0x2C, 0xCA, 0xEC, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x06, 0x7F, 0xA8, 0x99, 0xE4, 0xD3, 0x4E), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x1D, 0x5A, 0xDF, 0x5E, 0x58, 0x36, 0x49), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_6_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xB9, 0x32, 0x69, 0x1F, 0x72, 0x2A, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x73, 0xE2, 0x03, 0x39, 0x35, 0xAA, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x5E, 0x5D, 0x48, 0xEF, 0xAE, 0x30, 0xF5), + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x7F, 0x60, 0x19, 0xAF, 0xEC, 0x9D, 0xFC), + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xD9, 0x19, 0xE4, 0x1B, 0x56, 0x15, 0x5F), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xD7, 0x33, 0x59, 0x1F, 0x43, 0x59, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xCE, 0xEE, 0xCA, 0xA4, 0x7F, 0x63, 0xD4), + MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x40, 0xC0, 0xF6, 0x19, 0x89, 0x43, 0x20), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_7_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x92, 0xEA, 0x07, 0x65, 0x79, 0x86, 0xD3), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xB7, 0x13, 0x75, 0xD3, 0xC5, 0x0A, 0xC9), + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x9E, 0xFA, 0xE1, 0x1F, 0x0C, 0xF9, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x8C, 0xED, 0x5C, 0x21, 0xE9, 0x09, 0xDD), + MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x4D, 0xD8, 0x18, 0xC4, 0xF6, 0x36, 0x39), + MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xC9, 0xAC, 0x5C, 0xFA, 0x69, 0xA4, 0xA0), + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x8C, 0x94, 0x1C, 0x7B, 0x71, 0x36, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xBD, 0x46, 0xCE, 0xB7, 0x1D, 0x9C, 0x5E), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_7_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD6, 0x96, 0x4B, 0xA6, 0x47, 0xEB, 0xE5), + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0xF1, 0x5F, 0x15, 0xDE, 0x99, 0x6F, 0x66), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xBD, 0xE5, 0x04, 0xB8, 0xE6, 0xC0, 0x0B), + MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xD3, 0xF0, 0x04, 0x00, 0xE4, 0x05, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xF3, 0x06, 0xA3, 0x1A, 0xFF, 0xEA, 0x73), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x32, 0xAA, 0x99, 0x33, 0x09, 0xB6, 0x34), + MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xEF, 0xFC, 0x61, 0x10, 0x42, 0x31, 0x94), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF1, 0xF4, 0x33, 0xCF, 0x28, 0x90, 0x9C), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_8_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xDE, 0xF9, 0x88, 0x87, 0x7B, 0xEB, 0xC9), + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xB8, 0xDA, 0xFA, 0xDA, 0x3D, 0xA6, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xF0, 0x62, 0x82, 0x53, 0x32, 0x55, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xA5, 0x32, 0x4A, 0x19, 0x11, 0x9C, 0x10), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xB3, 0x27, 0xE9, 0x75, 0x90, 0x05, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x1C, 0x90, 0x48, 0x77, 0x01, 0x85, 0x1B), + MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xD6, 0x9B, 0x84, 0xA8, 0xD7, 0xC5, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x7A, 0xCB, 0xB3, 0x11, 0x46, 0xD7, 0x99), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_8_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x23, 0xBF, 0x75, 0x75, 0xA1, 0x95, 0x90), + MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x66, 0x5D, 0x34, 0x13, 0xA9, 0x03, 0xBE), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x80, 0x9D, 0x5F, 0xD2, 0x44, 0xE1, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x5D, 0xBD, 0xA8, 0xBF, 0xB4, 0x25, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x99, 0x1F, 0x53, 0xF1, 0x57, 0xDB, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x7C, 0xE5, 0xC5, 0x51, 0x0B, 0x4C, 0x9B), + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0xB0, 0x1A, 0x9C, 0x16, 0xB0, 0x32, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xE3, 0xCF, 0xDD, 0x48, 0xB4, 0x7B, 0x33), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_9_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xDD, 0x9E, 0x3C, 0x98, 0x0E, 0x77, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xAB, 0x01, 0xD3, 0x87, 0x74, 0x25, 0x4A), + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xA3, 0xE3, 0x76, 0x43, 0x87, 0x12, 0xBD), + MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0xB1, 0x3B, 0x60, 0x66, 0xEB, 0x98, 0x54), + MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x78, 0xC8, 0xD7, 0x4E, 0x75, 0xCA, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xDF, 0x71, 0x19, 0xE7, 0x07, 0x36, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xC9, 0xA8, 0x5F, 0x91, 0xBF, 0x47, 0xB2), + MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x96, 0x58, 0x96, 0x18, 0xB6, 0xFA, 0x01), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_9_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x2D, 0xA9, 0x9B, 0x86, 0xDB, 0x0C, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x0B, 0x2D, 0x56, 0x4A, 0xD3, 0x93, 0x8A), + MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x15, 0xE2, 0x65, 0x12, 0x86, 0x0E, 0xB2), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x41, 0x4D, 0xC1, 0xCB, 0xE4, 0xC3, 0xD7), + MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x53, 0x10, 0xCA, 0xA3, 0xAC, 0x83, 0x26), + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x01, 0x22, 0x96, 0x10, 0xAD, 0x69, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x46, 0x4E, 0xD8, 0xEA, 0xD6, 0x9D, 0xF3), + MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x2F, 0x7F, 0x62, 0x62, 0x80, 0xD0, 0x14), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_10_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xDA, 0x00, 0x63, 0x09, 0xBD, 0x6A, 0x83), + MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xD4, 0x6E, 0x48, 0x05, 0xB7, 0xF7, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x4D, 0xD7, 0x00, 0x4A, 0x15, 0x27, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x15, 0xAA, 0x37, 0x27, 0x34, 0x18, 0x24), + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x20, 0x2C, 0x84, 0x1B, 0x88, 0xBA, 0x05), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x09, 0xD6, 0x04, 0xA2, 0x60, 0x84, 0x72), + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x04, 0x94, 0x08, 0xD4, 0xED, 0x47, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xF3, 0xE4, 0x3E, 0xB9, 0x5B, 0x35, 0x42), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_10_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0xD8, 0xB6, 0x80, 0xD6, 0xF1, 0x30, 0xDD), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x14, 0xA6, 0x85, 0xEE, 0xA7, 0xD8, 0x61), + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x49, 0x2A, 0x1E, 0x7C, 0xE9, 0x2D, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x87, 0x56, 0x91, 0x03, 0x77, 0x4D, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x52, 0xD4, 0xAA, 0xF7, 0xFA, 0xB0, 0xC5), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x5D, 0x11, 0x39, 0xB1, 0xE7, 0x76, 0xAD), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x13, 0xBC, 0x37, 0x5D, 0x74, 0xCD, 0xC2), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x48, 0x14, 0x23, 0x30, 0xF8, 0x46, 0x37), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_11_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x27, 0xB0, 0xD9, 0xB2, 0x74, 0xB4, 0xC0), + MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xA6, 0xB9, 0x6F, 0x9F, 0x64, 0x36, 0x92), + MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x2B, 0x78, 0x40, 0x05, 0x2B, 0x7B, 0xA9), + MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x68, 0x3A, 0xB6, 0x4A, 0xE2, 0xDB, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x33, 0xD7, 0x34, 0x8B, 0x25, 0x45, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xCE, 0xA8, 0xC9, 0x01, 0xFB, 0x0E, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xF9, 0x51, 0x4C, 0x12, 0x9F, 0x60, 0xE4), + MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x85, 0xBD, 0x30, 0x37, 0x84, 0x39, 0x44), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_11_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x33, 0xAF, 0x2E, 0xB8, 0x2E, 0xCC, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xB1, 0x73, 0x59, 0x4E, 0x0C, 0x09, 0x4A), + MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x24, 0x89, 0x81, 0x12, 0xFF, 0xBB, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x37, 0x1A, 0x66, 0xEE, 0xED, 0xB6, 0x9B), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xBD, 0x04, 0x20, 0x5D, 0xFB, 0xBF, 0x95), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xF8, 0x34, 0xA3, 0xFF, 0x45, 0xDE, 0x92), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x18, 0x73, 0xF1, 0x32, 0x25, 0x58, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xC1, 0x14, 0xE3, 0x9E, 0x40, 0x0F, 0x12), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_12_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0x9D, 0x9C, 0x00, 0xF7, 0x56, 0x19), + MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xBA, 0x87, 0xF9, 0x15, 0x0C, 0x66, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x1F, 0xC1, 0x28, 0xB0, 0x47, 0x0D, 0xF5), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xCA, 0x27, 0xEE, 0x4B, 0x23, 0x2B, 0x89), + MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0xB5, 0x68, 0xC8, 0x17, 0x5D, 0xC3, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x02, 0x08, 0xEE, 0x20, 0x9D, 0xEA, 0x64), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x14, 0x50, 0xD4, 0x7D, 0x5F, 0xCF, 0xA0), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xFA, 0xF8, 0xA7, 0xC6, 0xDC, 0x14, 0x8C), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_12_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xBD, 0x0A, 0x1A, 0x18, 0x98, 0xDC, 0xB0), + MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x63, 0x02, 0xB7, 0xD5, 0x5B, 0x5A, 0xC6), + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xB1, 0xD7, 0x4B, 0x15, 0x39, 0x61, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x32, 0xE1, 0x9E, 0x70, 0x1B, 0xCE, 0x51), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD8, 0x18, 0x83, 0x52, 0x9B, 0x6D, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x55, 0x56, 0x19, 0x34, 0xA4, 0xEA, 0xFC), + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xA9, 0x55, 0x80, 0xE3, 0x15, 0x36, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x06, 0xC8, 0x1D, 0x17, 0x0D, 0xAD, 0x16), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_13_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0xD6, 0xF0, 0xCC, 0xF3, 0x63, 0x53, 0xD2), + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x5A, 0xDC, 0x46, 0xBD, 0x0D, 0xAD, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x2F, 0x11, 0x60, 0x15, 0x51, 0x4A, 0xEA), + MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xE3, 0x93, 0x38, 0xD5, 0x83, 0xAA, 0x0D), + MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xA6, 0xCC, 0xB1, 0xFD, 0xBB, 0x1A, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x54, 0xC8, 0x54, 0x6F, 0x79, 0x1A, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x4A, 0xDA, 0x28, 0x92, 0x97, 0x9D, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x4B, 0xDB, 0xC7, 0x52, 0xC5, 0x66, 0x34), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_13_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x7E, 0x92, 0x53, 0x30, 0x93, 0xFD, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x16, 0x6A, 0xB1, 0x91, 0x0A, 0xB4, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x9D, 0x40, 0x3F, 0xE3, 0xF1, 0x01, 0x46), + MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x0E, 0xD8, 0xED, 0x11, 0x8E, 0x4C, 0xED), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x4A, 0x1B, 0x88, 0xDF, 0x8D, 0x29, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x23, 0x21, 0x11, 0xAB, 0x77, 0x81, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xAF, 0x11, 0xFA, 0xBA, 0x40, 0x63, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x6F, 0x8D, 0x80, 0xDF, 0x67, 0xF5, 0x44), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_14_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x8B, 0xB7, 0x08, 0xF4, 0xD7, 0x2D, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x2B, 0x30, 0x02, 0x45, 0x71, 0x08, 0x49), + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x3A, 0xCA, 0x50, 0xF6, 0xC2, 0x19, 0x8C), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xB9, 0x9B, 0x3E, 0x73, 0x95, 0x1D, 0x49), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x60, 0x59, 0x48, 0xCB, 0xD8, 0xD6, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xB9, 0x6C, 0x89, 0xAB, 0x99, 0xA8, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xA1, 0x8B, 0x4E, 0x06, 0x19, 0xEC, 0x99), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x95, 0x04, 0xCF, 0xD5, 0x94, 0xB3, 0x02), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_14_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x35, 0x93, 0x7C, 0xB3, 0xB8, 0x9E, 0x1B), + MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x45, 0x5C, 0x7E, 0xBF, 0x75, 0x81, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xE8, 0x24, 0xDF, 0xEC, 0x2F, 0x7D, 0xB9), + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x8B, 0xD5, 0x6A, 0x9B, 0xA0, 0xE0, 0x4F), + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xE3, 0x27, 0x82, 0xDE, 0xDD, 0xCA, 0x4B), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x57, 0x56, 0x46, 0x05, 0x06, 0x01, 0x2E), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x35, 0xA7, 0x47, 0xE2, 0x6B, 0x2C, 0x4F), + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x9D, 0x4C, 0xEC, 0x1F, 0x11, 0x75, 0x2B), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_15_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xAA, 0x41, 0xC1, 0xE9, 0x0E, 0xE9, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xCF, 0x9C, 0x4B, 0xE8, 0xED, 0x0A, 0x49), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x73, 0xCA, 0x0C, 0x46, 0x0A, 0x9C, 0xE4), + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xE1, 0x9E, 0xBC, 0xFE, 0x44, 0x63, 0x6D), + MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x43, 0x71, 0xEE, 0xF8, 0xC1, 0x8C, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x4B, 0xF0, 0x69, 0x25, 0xBD, 0x71, 0x1A), + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x9A, 0xFE, 0x82, 0xE7, 0xC1, 0xC1, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x5A, 0x6E, 0x5E, 0x97, 0x6A, 0x35, 0x8D), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_15_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x18, 0x6C, 0x7E, 0xB8, 0x9E, 0x57, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xB9, 0xC1, 0xD0, 0xFE, 0x78, 0xFB, 0x32), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x08, 0xAE, 0x46, 0x34, 0xEA, 0x7A, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1C, 0x56, 0xA9, 0x18, 0x37, 0xD4, 0x9E), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x63, 0xE9, 0x0A, 0xB6, 0x38, 0x3C, 0xC1), + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x4F, 0xA4, 0x6E, 0x85, 0x31, 0x23, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0xAD, 0xC4, 0xC3, 0xB1, 0x4B, 0x1C, 0x82), + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x56, 0x4A, 0x38, 0xB3, 0x6B, 0x6F, 0x2C), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_16_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xC7, 0x19, 0xDE, 0x21, 0xED, 0x89, 0xD0), + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xBE, 0xA6, 0xAE, 0xEB, 0x9D, 0xA7, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x0E, 0x13, 0x1E, 0x86, 0x57, 0xC3, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x4B, 0x30, 0x46, 0x52, 0xC1, 0xEC, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xD5, 0x44, 0x31, 0x96, 0x3B, 0x26, 0x27), + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x68, 0xA8, 0x67, 0x78, 0x39, 0xE8, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x78, 0xB7, 0xDD, 0xF2, 0x58, 0xB6, 0x3D), + MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x3C, 0xB3, 0x26, 0xC4, 0x2C, 0x8C, 0xA5), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_16_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x24, 0xE5, 0x73, 0xEE, 0x9A, 0x02, 0xA9), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x6A, 0x65, 0x60, 0xF3, 0x62, 0xE3, 0xE9), + MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x07, 0x84, 0xE6, 0x3B, 0x46, 0x65, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x8F, 0x0C, 0xB0, 0xE1, 0x04, 0x82, 0x9D), + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x13, 0xBF, 0x3D, 0xA0, 0x48, 0xA2, 0x74), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x26, 0x76, 0x74, 0xAB, 0x0B, 0x29, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x6E, 0x5F, 0x03, 0x34, 0x7C, 0x38, 0xCE), + MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x72, 0xF9, 0x3B, 0x3C, 0xA4, 0xBC, 0x7C), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_17_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xCE, 0x18, 0x80, 0xB8, 0x24, 0x45, 0x81), + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x09, 0x03, 0xB8, 0x06, 0x64, 0xF7, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x26, 0xB1, 0x10, 0x6D, 0x71, 0x12, 0x2E), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x12, 0xC6, 0x6E, 0x1E, 0x6A, 0xC3, 0x80), + MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xD3, 0x0A, 0xDE, 0xD8, 0x6B, 0x04, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x87, 0x5B, 0xAE, 0xDB, 0x3C, 0xC0, 0xC5), + MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0xF5, 0xF9, 0xC1, 0x9A, 0x89, 0xBB, 0x7E), + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x69, 0x72, 0x8B, 0xAE, 0x32, 0x13, 0x11), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_17_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x16, 0x07, 0x50, 0xFA, 0x4C, 0xCF, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x50, 0x21, 0xE9, 0xDE, 0xEC, 0x7E, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x2F, 0xE8, 0x83, 0x30, 0x0B, 0x65, 0x0E), + MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x0B, 0x99, 0xAC, 0xC9, 0xBA, 0x6C, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x59, 0x5A, 0x0D, 0x7B, 0x9E, 0x08, 0xAD), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x91, 0xB2, 0xDC, 0x90, 0xCE, 0x67, 0xED), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x93, 0x60, 0x0C, 0xD7, 0x1F, 0x2F, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x7F, 0x9D, 0x40, 0xF8, 0x78, 0x7A, 0x54), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_18_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x22, 0x95, 0xE8, 0xEF, 0x31, 0x57, 0x35), + MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x88, 0x53, 0xFE, 0xAF, 0x7C, 0x47, 0x14), + MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xCE, 0xCC, 0x79, 0xE8, 0x9F, 0x8C, 0xC4), + MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x16, 0xDD, 0x77, 0x6E, 0x8A, 0x73, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x07, 0x97, 0x21, 0x3B, 0xF8, 0x5F, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xB5, 0xD2, 0x81, 0x84, 0xF0, 0xE7, 0x9F), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x8F, 0x75, 0x09, 0x6A, 0x0E, 0x53, 0xAD), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x4F, 0x70, 0x97, 0xC7, 0xAC, 0x7D, 0x3F), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_18_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x3C, 0x6A, 0xB4, 0x10, 0xA9, 0xC8, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xC5, 0xD6, 0x69, 0x16, 0xB8, 0xAC, 0x25), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x44, 0xDC, 0xEB, 0x48, 0x54, 0x5D, 0x5F), + MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x48, 0x9B, 0xD7, 0x72, 0x69, 0xA4, 0x8A), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x0D, 0x36, 0x9A, 0x66, 0x0B, 0xEC, 0x24), + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xC6, 0xD4, 0xB6, 0x60, 0xE5, 0xC3, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x29, 0x42, 0xE0, 0x9D, 0xFD, 0x7C, 0x3E), + MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x10, 0xBA, 0x55, 0xBC, 0x3B, 0x38, 0x5D), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_19_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x66, 0xFA, 0x05, 0x73, 0x03, 0x1B, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xA4, 0x66, 0x12, 0x96, 0x7B, 0x02, 0x4C), + MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xB5, 0xDE, 0x6D, 0x98, 0xD1, 0xD5, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xF5, 0x44, 0xB8, 0x8E, 0xF6, 0x8C, 0x05), + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x15, 0x2B, 0x72, 0xBC, 0x49, 0xE5, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x44, 0xD7, 0xDF, 0x8F, 0xEB, 0x8D, 0x80), + MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x64, 0x88, 0xAA, 0xB7, 0xE4, 0x70, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x14, 0xBB, 0xE9, 0x9B, 0xB9, 0x65, 0x5D), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_19_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x8E, 0x88, 0xF5, 0xF1, 0xC1, 0x89, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x30, 0x53, 0xE6, 0xFB, 0x2D, 0x82, 0xB4), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xE4, 0xFF, 0xBA, 0x31, 0x79, 0xAB, 0xC2), + MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x09, 0xF7, 0xB7, 0x09, 0x78, 0x4C, 0x90), + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xAE, 0xC2, 0x44, 0xDC, 0x17, 0x78, 0x47), + MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xD4, 0x17, 0x43, 0x19, 0x74, 0x9E, 0x23), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x64, 0x3B, 0x73, 0xA2, 0x99, 0x27, 0x76), + MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x74, 0x36, 0x5F, 0xD3, 0x14, 0xB1, 0x31), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_20_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x07, 0xAB, 0xFD, 0x9B, 0x03, 0xC5, 0xD5), + MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xBE, 0xB0, 0x1D, 0xF2, 0x0C, 0x73, 0x73), + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xE7, 0x7B, 0x87, 0xD3, 0x34, 0xFD, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x25, 0x3D, 0xC7, 0x36, 0x83, 0x53, 0xDC), + MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x7C, 0xCF, 0x63, 0x55, 0x12, 0x11, 0xB0), + MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x34, 0x4D, 0x27, 0x92, 0xAC, 0x18, 0x16), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x42, 0x61, 0x9D, 0x2E, 0xFF, 0x13, 0x16), + MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xDE, 0x92, 0x65, 0x57, 0x0D, 0xBC, 0x0A), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_20_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x7B, 0x6E, 0xC6, 0x2A, 0x21, 0x74, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xA7, 0x53, 0x4D, 0x29, 0x36, 0xEF, 0xE5), + MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xD6, 0x41, 0xC7, 0x99, 0xAD, 0x50, 0x53), + MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xAC, 0x41, 0x9F, 0xFB, 0x4C, 0x86, 0xF1), + MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xBB, 0xE6, 0x25, 0x28, 0xAA, 0xEB, 0x1E), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x04, 0xA2, 0xC3, 0xAA, 0x08, 0x8A, 0xCC), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x2B, 0x5B, 0xE2, 0x8D, 0x76, 0xEA, 0x34), + MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x33, 0xD2, 0x21, 0x4D, 0x62, 0xE3, 0x8E), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_21_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x06, 0x8B, 0x2B, 0xC2, 0xC4, 0xB1, 0xD2), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xF5, 0xA1, 0xC0, 0x03, 0x6A, 0x29, 0x12), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xA9, 0xEF, 0x55, 0xB6, 0x1A, 0x9F, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x54, 0x32, 0xBE, 0x06, 0x43, 0xB5, 0xFD), + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xD6, 0xD9, 0x20, 0x89, 0xBE, 0xD4, 0x1B), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x26, 0x95, 0x10, 0xCE, 0xB4, 0x88, 0x79), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xA6, 0x27, 0xAC, 0x32, 0xBA, 0xBD, 0xC7), + MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xA6, 0xAE, 0x9C, 0x7B, 0xBE, 0xA1, 0x63), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_21_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xCD, 0x4D, 0x3D, 0xDF, 0x96, 0xBB, 0x7D), + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xA7, 0x11, 0x06, 0xCC, 0x0E, 0x31, 0x81), + MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0xE4, 0xF4, 0xAD, 0x7B, 0x5F, 0xF1, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x54, 0xBE, 0xF4, 0x8A, 0x03, 0x47, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x53, 0x00, 0x7F, 0xB0, 0x8A, 0x68, 0xA6), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x16, 0xB1, 0x73, 0x6F, 0x5B, 0x0E, 0xC3), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x32, 0xE3, 0x43, 0x64, 0x75, 0xFB, 0xFB), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x18, 0x55, 0x8A, 0x4E, 0x6E, 0x35, 0x54), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_22_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x97, 0x15, 0x1E, 0xCB, 0xF2, 0x9C, 0xA5), + MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xD1, 0xBB, 0xF3, 0x70, 0xAD, 0x13, 0xAD), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x96, 0xA4, 0xC5, 0x5E, 0xDA, 0xD5, 0x57), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x81, 0xE9, 0x65, 0x66, 0x76, 0x47, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x35, 0x87, 0x06, 0x73, 0xCF, 0x34, 0xD2), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x81, 0x15, 0x42, 0xA2, 0x79, 0x5B, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xA2, 0x7D, 0x09, 0x14, 0x64, 0xC6, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x6D, 0xC4, 0xED, 0xF1, 0xD6, 0xE9, 0x24), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_22_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xD5, 0xBB, 0x25, 0xA3, 0xDD, 0xA3, 0x88), + MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xF2, 0x68, 0x67, 0x39, 0x8F, 0x73, 0x93), + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x76, 0x28, 0x89, 0xAD, 0x32, 0xE0, 0xDF), + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x90, 0xCC, 0x57, 0x58, 0xAA, 0xC9, 0x75), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xD7, 0x43, 0xD2, 0xCE, 0x5E, 0xA0, 0x08), + MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xB0, 0xB8, 0xA4, 0x9E, 0x96, 0x26, 0x86), + MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x61, 0x1D, 0xF3, 0x65, 0x5E, 0x60, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x1E, 0x65, 0xED, 0xCF, 0x07, 0x60, 0x20), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_23_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x30, 0x17, 0x8A, 0x91, 0x88, 0x0A, 0xA4), + MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x7D, 0x18, 0xA4, 0xAC, 0x59, 0xFC, 0x5F), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x31, 0x8B, 0x25, 0x65, 0x39, 0x9A, 0xDC), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x16, 0x4B, 0x68, 0xBA, 0x59, 0x13, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xD3, 0xC5, 0x56, 0xC9, 0x8C, 0x5E), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xC6, 0x9F, 0xF4, 0xE6, 0xF7, 0xB4, 0x01), + MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x7C, 0x03, 0x00, 0x26, 0x9F, 0xD8, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x1D, 0x6E, 0x00, 0xB9, 0x00, 0x6E, 0x93), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_23_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x63, 0xDA, 0x03, 0x2B, 0xD5, 0x0B, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xFC, 0xE2, 0xC8, 0x47, 0xF0, 0xAE, 0xF2), + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x4C, 0xF7, 0x50, 0x0C, 0x48, 0x06, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2B, 0x32, 0x98, 0x0E, 0x7E, 0x61, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x02, 0x27, 0xFE, 0x75, 0x86, 0xDF, 0x24), + MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x30, 0xB1, 0x22, 0x32, 0x1B, 0xFE, 0x24), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x27, 0xF7, 0x78, 0x6F, 0xD7, 0xFD, 0xE4), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x78, 0xCC, 0xEA, 0xC0, 0x50, 0x24, 0x44), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_24_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x2B, 0x4F, 0x7F, 0x58, 0xE6, 0xC2, 0x70), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x43, 0xD5, 0xA7, 0x35, 0x3C, 0x80, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x6D, 0x4B, 0x12, 0x00, 0x7B, 0xE6, 0xA6), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x15, 0xBD, 0xD0, 0x9B, 0xCA, 0xAA, 0x81), + MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xCE, 0x9C, 0xE3, 0x8B, 0x60, 0x7A, 0x53), + MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xDA, 0x4B, 0x03, 0xA7, 0x8D, 0x43, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAF, 0x00, 0x2B, 0x32, 0xF0, 0x22, 0x68), + MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xD9, 0x99, 0x99, 0xBE, 0x43, 0x99, 0x3E), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_24_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x71, 0x41, 0xF4, 0xB5, 0xFD, 0xDD, 0x36), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xE2, 0x20, 0x4C, 0xD1, 0x2E, 0x1F, 0x06), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x43, 0x48, 0x76, 0x8A, 0x49, 0xAC, 0x87), + MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x1A, 0x55, 0xA8, 0xA3, 0xD4, 0x57, 0x75), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xA6, 0x84, 0x39, 0xC9, 0x13, 0xBB, 0x60), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xFA, 0xA9, 0x70, 0xDE, 0x83, 0xDD, 0xC9), + MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xC9, 0xD9, 0x3E, 0x44, 0x91, 0x68, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x9F, 0x85, 0x6D, 0xF7, 0x54, 0x36, 0x82), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_25_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x6B, 0xA6, 0xA3, 0xE5, 0xD4, 0x46, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x3E, 0xDC, 0x84, 0x7C, 0x7B, 0x24, 0x34), + MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xED, 0x7F, 0x86, 0x07, 0x6C, 0x57, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x06, 0xFE, 0x52, 0x12, 0x79, 0x69, 0x56), + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xD1, 0x44, 0x5F, 0x21, 0x3A, 0xC3, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xD9, 0x4A, 0xC0, 0x75, 0xAB, 0x17, 0xAC), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x81, 0x94, 0xB6, 0x80, 0x6B, 0x6F, 0xC3), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBE, 0x8E, 0xA5, 0xAA, 0xBC, 0x1E, 0x3E), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_25_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xC7, 0x85, 0xA6, 0x59, 0x9B, 0xB1, 0x52), + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xCE, 0x40, 0xD1, 0xFB, 0xDF, 0x94, 0xF7), + MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xB8, 0x5E, 0xBF, 0x45, 0xA8, 0x2D, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9C, 0x06, 0x1B, 0xA9, 0x57, 0xB9, 0x79), + MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xE9, 0xCE, 0xA2, 0xD3, 0x74, 0xA1, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x5F, 0x34, 0x78, 0xDB, 0xAE, 0x3A, 0x14), + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x32, 0x84, 0x3E, 0x68, 0x6A, 0x43, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xBC, 0x39, 0x36, 0xA4, 0xC5, 0xBB, 0x11), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_26_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x07, 0xA2, 0xB5, 0xC9, 0x0F, 0x4D, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x1D, 0x67, 0xE6, 0xF1, 0x46, 0xEB, 0x71), + MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x41, 0x23, 0x95, 0xE7, 0xE0, 0x10, 0xDD), + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x69, 0xFE, 0x68, 0x8C, 0xC6, 0x5F, 0xB6), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xB9, 0x2B, 0x3D, 0xD2, 0x4F, 0xD8, 0x1A), + MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x09, 0xF5, 0x5F, 0xCF, 0xF6, 0x91, 0x57), + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x15, 0x42, 0x6B, 0x6D, 0xB5, 0xF3, 0xB6), + MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x56, 0x9D, 0xC5, 0xFF, 0xCA, 0x13, 0x9B), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_26_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x38, 0xE6, 0x23, 0x63, 0x48, 0x3C, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x68, 0x3C, 0xD1, 0x3B, 0xE9, 0x3B, 0x82), + MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x08, 0x54, 0x49, 0xD1, 0x46, 0x45, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x70, 0x52, 0x6E, 0x79, 0xC4, 0x5E, 0x95), + MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xDF, 0xE8, 0x5A, 0x32, 0x81, 0xDA, 0xD3), + MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x2D, 0x94, 0x5B, 0xB5, 0x35, 0x9F, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x12, 0x8D, 0xC3, 0x36, 0x36, 0xB2, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x2F, 0x22, 0x38, 0x5B, 0x18, 0x4C, 0x35), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_27_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC1, 0x22, 0x0E, 0xF0, 0x73, 0x11, 0x05), + MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xAE, 0xA4, 0x56, 0x18, 0x61, 0x66, 0x12), + MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xFB, 0x72, 0x08, 0x84, 0x38, 0x51, 0xB0), + MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x86, 0xA8, 0xB9, 0x31, 0x99, 0x29, 0xC3), + MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xFB, 0xC3, 0x42, 0xB3, 0xC7, 0x6F, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xF8, 0xE1, 0x09, 0xBE, 0x75, 0xB0, 0x22), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x7D, 0xFF, 0xF4, 0x99, 0xFC, 0x13, 0xAB), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x1B, 0x84, 0x81, 0x42, 0x22, 0xC6, 0x3D), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_27_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xE0, 0x37, 0xA4, 0xA0, 0x2F, 0x38, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x3D, 0xB7, 0x40, 0x2F, 0x39, 0x3C, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x3B, 0x8A, 0x51, 0xAE, 0x40, 0x49, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x20, 0x9F, 0xDD, 0xA9, 0xD0, 0x77, 0xC7), + MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x1D, 0x64, 0xDA, 0xA0, 0x53, 0xC7, 0x7D), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x7B, 0x66, 0x55, 0x94, 0xD1, 0x51, 0x44), + MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xA9, 0xB5, 0x5B, 0x38, 0x35, 0x40, 0xC0), + MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC9, 0x0F, 0xF0, 0x73, 0x79, 0x43, 0x61), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_28_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x47, 0x45, 0x69, 0x80, 0x72, 0x72, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x11, 0x99, 0x59, 0xDB, 0x48, 0x80, 0x39), + MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x6E, 0x3D, 0xFC, 0x37, 0x15, 0xF4, 0xBF), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xBB, 0x5B, 0xA6, 0x35, 0x8D, 0x28, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x1A, 0x3B, 0x2C, 0x8F, 0xD3, 0xAA, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x1C, 0x1A, 0xF8, 0x02, 0xD9, 0x7B, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x69, 0xAC, 0xF8, 0x54, 0x31, 0x14, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x8A, 0xE6, 0xDE, 0x58, 0xB9, 0xC4, 0x7A), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_28_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x83, 0x52, 0xFE, 0xF9, 0x7B, 0xE9, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xA2, 0x55, 0x46, 0x15, 0x49, 0xC1, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xBC, 0x5C, 0x91, 0xBD, 0xB9, 0x9C, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xFD, 0xB1, 0x4E, 0x5F, 0x74, 0xEE, 0x53), + MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x8B, 0xD8, 0x8B, 0x17, 0x73, 0x1B, 0x96), + MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x92, 0xD7, 0x67, 0x06, 0xAD, 0x25, 0xCD), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x0F, 0x80, 0x24, 0xE2, 0x27, 0x5F, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x1C, 0xCE, 0xD0, 0x67, 0xCA, 0xD4, 0x0B), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_29_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xF1, 0xDD, 0x33, 0x66, 0xF9, 0x05, 0xD6), + MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xE5, 0x6B, 0x79, 0xBD, 0x48, 0x42, 0xAA), + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x14, 0x52, 0xE3, 0x53, 0xB4, 0x50, 0xD4), + MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x84, 0x6C, 0xCF, 0xDA, 0xB2, 0x20, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xD6, 0x1A, 0xE5, 0xE2, 0x29, 0x70, 0xCE), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x61, 0xFE, 0xBB, 0x21, 0x82, 0xD1, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0xF0, 0x9C, 0x8B, 0x1A, 0x42, 0x30, 0x06), + MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xD6, 0x49, 0x81, 0x92, 0xF1, 0xD0, 0x90), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_29_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x91, 0x93, 0x6A, 0xA6, 0x22, 0xE9, 0xD6), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xDC, 0xC3, 0x69, 0x11, 0x95, 0x7D, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xA3, 0x9D, 0x87, 0x5E, 0x64, 0x41, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x87, 0x5A, 0x15, 0xBD, 0x6E, 0x3C, 0x8D), + MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x8D, 0x50, 0xCC, 0xCF, 0xB7, 0x8F, 0x0B), + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x65, 0xCD, 0x31, 0x30, 0xF1, 0x68, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x5C, 0x66, 0x67, 0x92, 0x30, 0x57, 0x95), + MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x9B, 0x01, 0x3D, 0x20, 0x8B, 0xD1, 0x0D), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_30_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xC0, 0xE6, 0x4F, 0xDE, 0x62, 0xAB, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x48, 0xB3, 0x1C, 0x0F, 0x16, 0x93, 0x45), + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x63, 0xBD, 0x1F, 0x16, 0x50, 0x56, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x06, 0xBC, 0xE9, 0x27, 0x1C, 0x9A, 0x7B), + MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xFE, 0x21, 0xC5, 0x39, 0x55, 0xE1, 0xFD), + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xA8, 0xD0, 0x96, 0x0E, 0xB5, 0xB2, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xE7, 0x4B, 0xF3, 0x11, 0x0C, 0xC9, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x3A, 0xC4, 0x87, 0x71, 0xEE, 0xFA, 0x18), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_30_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x77, 0xEE, 0x81, 0x5E, 0x96, 0xEA, 0x4B), + MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xDF, 0xA9, 0xF4, 0x4F, 0x7C, 0xB2, 0x43), + MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xD4, 0xDF, 0x35, 0x63, 0x47, 0x25, 0x8A), + MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x3D, 0xFF, 0xA4, 0x02, 0xC3, 0x95, 0x11), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x10, 0x78, 0xD1, 0x2B, 0xB7, 0xBE, 0x0E), + MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xE9, 0x57, 0xF9, 0xE0, 0xD8, 0xFC, 0xBC), + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xC4, 0x01, 0xD6, 0xB4, 0xE7, 0x78, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x6C, 0xB9, 0x13, 0xA4, 0xE8, 0x6D, 0x6F), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_31_X[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xB0, 0xC9, 0xCD, 0xBF, 0xA2, 0x1E, 0x63), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x4F, 0x86, 0x22, 0x9B, 0xEA, 0xE8, 0xBB), + MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x46, 0xDF, 0x43, 0xB9, 0x82, 0x2D, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x32, 0xF1, 0x4E, 0x95, 0x41, 0xAE, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x93, 0x26, 0xFC, 0xD3, 0x90, 0xDC, 0xEB), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x05, 0x45, 0xCA, 0xF9, 0x5A, 0x89, 0x93), + MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x82, 0x63, 0x4E, 0x55, 0x1D, 0x3A, 0x08), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x69, 0x52, 0x49, 0xE9, 0xED, 0x57, 0x34), +}; +static const mbedtls_mpi_uint brainpoolP512r1_T_31_Y[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x64, 0xE9, 0xAC, 0x4C, 0x4A, 0xEA, 0x25), + MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xE9, 0x0B, 0x99, 0xE7, 0xF9, 0xA9, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x0C, 0xC1, 0xF4, 0x8D, 0x07, 0xB6, 0xB1), + MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x68, 0xFA, 0x35, 0xE4, 0x9E, 0xAE, 0xD9), + MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x2D, 0x1A, 0x13, 0x8E, 0x02, 0xE2, 0x63), + MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x38, 0x28, 0x86, 0x46, 0x7B, 0x3A, 0xE1), + MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x4C, 0x64, 0x59, 0x0A, 0xF9, 0x02, 0xC4), + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x4F, 0x23, 0xA2, 0xC3, 0xD5, 0xEF, 0x42), +}; +static const mbedtls_ecp_point brainpoolP512r1_T[32] = { + ECP_POINT_INIT_XY_Z1(brainpoolP512r1_T_0_X, brainpoolP512r1_T_0_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_1_X, brainpoolP512r1_T_1_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_2_X, brainpoolP512r1_T_2_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_3_X, brainpoolP512r1_T_3_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_4_X, brainpoolP512r1_T_4_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_5_X, brainpoolP512r1_T_5_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_6_X, brainpoolP512r1_T_6_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_7_X, brainpoolP512r1_T_7_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_8_X, brainpoolP512r1_T_8_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_9_X, brainpoolP512r1_T_9_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_10_X, brainpoolP512r1_T_10_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_11_X, brainpoolP512r1_T_11_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_12_X, brainpoolP512r1_T_12_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_13_X, brainpoolP512r1_T_13_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_14_X, brainpoolP512r1_T_14_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_15_X, brainpoolP512r1_T_15_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_16_X, brainpoolP512r1_T_16_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_17_X, brainpoolP512r1_T_17_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_18_X, brainpoolP512r1_T_18_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_19_X, brainpoolP512r1_T_19_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_20_X, brainpoolP512r1_T_20_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_21_X, brainpoolP512r1_T_21_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_22_X, brainpoolP512r1_T_22_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_23_X, brainpoolP512r1_T_23_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_24_X, brainpoolP512r1_T_24_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_25_X, brainpoolP512r1_T_25_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_26_X, brainpoolP512r1_T_26_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_27_X, brainpoolP512r1_T_27_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_28_X, brainpoolP512r1_T_28_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_29_X, brainpoolP512r1_T_29_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_30_X, brainpoolP512r1_T_30_Y), + ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_31_X, brainpoolP512r1_T_31_Y), +}; +#else +#define brainpoolP512r1_T NULL +#endif +#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ + + +#if defined(ECP_LOAD_GROUP) || defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ + defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +/* + * Create an MPI from embedded constants + * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint)) + */ +static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len) +{ + X->s = 1; + X->n = len / sizeof(mbedtls_mpi_uint); + X->p = (mbedtls_mpi_uint *) p; +} +#endif + +#if defined(ECP_LOAD_GROUP) +/* + * Set an MPI to static value 1 + */ +static inline void ecp_mpi_set1(mbedtls_mpi *X) +{ + X->s = 1; + X->n = 1; + X->p = mpi_one; +} + +/* + * Make group available from embedded constants + */ +static int ecp_group_load(mbedtls_ecp_group *grp, + const mbedtls_mpi_uint *p, size_t plen, + const mbedtls_mpi_uint *a, size_t alen, + const mbedtls_mpi_uint *b, size_t blen, + const mbedtls_mpi_uint *gx, size_t gxlen, + const mbedtls_mpi_uint *gy, size_t gylen, + const mbedtls_mpi_uint *n, size_t nlen, + const mbedtls_ecp_point *T) +{ + ecp_mpi_load(&grp->P, p, plen); + if (a != NULL) { + ecp_mpi_load(&grp->A, a, alen); + } + ecp_mpi_load(&grp->B, b, blen); + ecp_mpi_load(&grp->N, n, nlen); + + ecp_mpi_load(&grp->G.X, gx, gxlen); + ecp_mpi_load(&grp->G.Y, gy, gylen); + ecp_mpi_set1(&grp->G.Z); + + grp->pbits = mbedtls_mpi_bitlen(&grp->P); + grp->nbits = mbedtls_mpi_bitlen(&grp->N); + + grp->h = 1; + + grp->T = (mbedtls_ecp_point *) T; + /* + * Set T_size to 0 to prevent T free by mbedtls_ecp_group_free. + */ + grp->T_size = 0; + + return 0; +} +#endif /* ECP_LOAD_GROUP */ + +#if defined(MBEDTLS_ECP_NIST_OPTIM) +/* Forward declarations */ +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +static int ecp_mod_p192(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); +#endif +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +static int ecp_mod_p224(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs); +#endif +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +static int ecp_mod_p256(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs); +#endif +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +static int ecp_mod_p384(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs); +#endif +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +static int ecp_mod_p521(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); +#endif + +#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; +#else +#define NIST_MODP(P) +#endif /* MBEDTLS_ECP_NIST_OPTIM */ + +/* Additional forward declarations */ +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +static int ecp_mod_p255(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs); +#endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +static int ecp_mod_p448(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *, size_t); +#endif +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) +static int ecp_mod_p192k1(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); +#endif +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +static int ecp_mod_p224k1(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); +#endif +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +static int ecp_mod_p256k1(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); +#endif + +#if defined(ECP_LOAD_GROUP) +#define LOAD_GROUP_A(G) ecp_group_load(grp, \ + G ## _p, sizeof(G ## _p), \ + G ## _a, sizeof(G ## _a), \ + G ## _b, sizeof(G ## _b), \ + G ## _gx, sizeof(G ## _gx), \ + G ## _gy, sizeof(G ## _gy), \ + G ## _n, sizeof(G ## _n), \ + G ## _T \ + ) + +#define LOAD_GROUP(G) ecp_group_load(grp, \ + G ## _p, sizeof(G ## _p), \ + NULL, 0, \ + G ## _b, sizeof(G ## _b), \ + G ## _gx, sizeof(G ## _gx), \ + G ## _gy, sizeof(G ## _gy), \ + G ## _n, sizeof(G ## _n), \ + G ## _T \ + ) +#endif /* ECP_LOAD_GROUP */ + +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +/* Constants used by ecp_use_curve25519() */ +static const mbedtls_mpi_sint curve25519_a24 = 0x01DB42; + +/* P = 2^255 - 19 */ +static const mbedtls_mpi_uint curve25519_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0X7F) +}; + +/* N = 2^252 + 27742317777372353535851937790883648493 */ +static const mbedtls_mpi_uint curve25519_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0XED, 0XD3, 0XF5, 0X5C, 0X1A, 0X63, 0X12, 0X58), + MBEDTLS_BYTES_TO_T_UINT_8(0XD6, 0X9C, 0XF7, 0XA2, 0XDE, 0XF9, 0XDE, 0X14), + MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0x00, 0x00, 0x00, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10) +}; + +/* + * Specialized function for creating the Curve25519 group + */ +static int ecp_use_curve25519(mbedtls_ecp_group *grp) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + /* Actually ( A + 2 ) / 4 */ + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve25519_a24)); + + ecp_mpi_load(&grp->P, curve25519_p, sizeof(curve25519_p)); + + grp->pbits = mbedtls_mpi_bitlen(&grp->P); + + ecp_mpi_load(&grp->N, curve25519_n, sizeof(curve25519_n)); + + /* Y intentionally not set, since we use x/z coordinates. + * This is used as a marker to identify Montgomery curves! */ + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 9)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1)); + mbedtls_mpi_free(&grp->G.Y); + + /* Actually, the required msb for private keys */ + grp->nbits = 254; + +cleanup: + if (ret != 0) { + mbedtls_ecp_group_free(grp); + } + + return ret; +} +#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +/* Constants used by ecp_use_curve448() */ +static const mbedtls_mpi_sint curve448_a24 = 0x98AA; + +/* P = 2^448 - 2^224 - 1 */ +static const mbedtls_mpi_uint curve448_p[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFE, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00) +}; + +/* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */ +static const mbedtls_mpi_uint curve448_n[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0XF3, 0X44, 0X58, 0XAB, 0X92, 0XC2, 0X78, 0X23), + MBEDTLS_BYTES_TO_T_UINT_8(0X55, 0X8F, 0XC5, 0X8D, 0X72, 0XC2, 0X6C, 0X21), + MBEDTLS_BYTES_TO_T_UINT_8(0X90, 0X36, 0XD6, 0XAE, 0X49, 0XDB, 0X4E, 0XC4), + MBEDTLS_BYTES_TO_T_UINT_8(0XE9, 0X23, 0XCA, 0X7C, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), + MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0X3F), + MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00) +}; + +/* + * Specialized function for creating the Curve448 group + */ +static int ecp_use_curve448(mbedtls_ecp_group *grp) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + /* Actually ( A + 2 ) / 4 */ + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve448_a24)); + + ecp_mpi_load(&grp->P, curve448_p, sizeof(curve448_p)); + grp->pbits = mbedtls_mpi_bitlen(&grp->P); + + /* Y intentionally not set, since we use x/z coordinates. + * This is used as a marker to identify Montgomery curves! */ + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 5)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1)); + mbedtls_mpi_free(&grp->G.Y); + + ecp_mpi_load(&grp->N, curve448_n, sizeof(curve448_n)); + + /* Actually, the required msb for private keys */ + grp->nbits = 447; + +cleanup: + if (ret != 0) { + mbedtls_ecp_group_free(grp); + } + + return ret; +} +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + +/* + * Set a group using well-known domain parameters + */ +int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id) +{ + ECP_VALIDATE_RET(grp != NULL); + mbedtls_ecp_group_free(grp); + + mbedtls_ecp_group_init(grp); + + grp->id = id; + + switch (id) { +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) + case MBEDTLS_ECP_DP_SECP192R1: + NIST_MODP(p192); + return LOAD_GROUP(secp192r1); +#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) + case MBEDTLS_ECP_DP_SECP224R1: + NIST_MODP(p224); + return LOAD_GROUP(secp224r1); +#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + case MBEDTLS_ECP_DP_SECP256R1: + NIST_MODP(p256); + return LOAD_GROUP(secp256r1); +#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + case MBEDTLS_ECP_DP_SECP384R1: + NIST_MODP(p384); + return LOAD_GROUP(secp384r1); +#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + case MBEDTLS_ECP_DP_SECP521R1: + NIST_MODP(p521); + return LOAD_GROUP(secp521r1); +#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) + case MBEDTLS_ECP_DP_SECP192K1: + grp->modp = ecp_mod_p192k1; + return LOAD_GROUP_A(secp192k1); +#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) + case MBEDTLS_ECP_DP_SECP224K1: + grp->modp = ecp_mod_p224k1; + return LOAD_GROUP_A(secp224k1); +#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) + case MBEDTLS_ECP_DP_SECP256K1: + grp->modp = ecp_mod_p256k1; + return LOAD_GROUP_A(secp256k1); +#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) + case MBEDTLS_ECP_DP_BP256R1: + return LOAD_GROUP_A(brainpoolP256r1); +#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) + case MBEDTLS_ECP_DP_BP384R1: + return LOAD_GROUP_A(brainpoolP384r1); +#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) + case MBEDTLS_ECP_DP_BP512R1: + return LOAD_GROUP_A(brainpoolP512r1); +#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + case MBEDTLS_ECP_DP_CURVE25519: + grp->modp = ecp_mod_p255; + return ecp_use_curve25519(grp); +#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + case MBEDTLS_ECP_DP_CURVE448: + grp->modp = ecp_mod_p448; + return ecp_use_curve448(grp); +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + + default: + grp->id = MBEDTLS_ECP_DP_NONE; + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } +} + +#if defined(MBEDTLS_ECP_NIST_OPTIM) +/* + * Fast reduction modulo the primes used by the NIST curves. + * + * These functions are critical for speed, but not needed for correct + * operations. So, we make the choice to heavily rely on the internals of our + * bignum library, which creates a tight coupling between these functions and + * our MPI implementation. However, the coupling between the ECP module and + * MPI remains loose, since these functions can be deactivated at will. + */ + +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +/* + * Compared to the way things are presented in FIPS 186-3 D.2, + * we proceed in columns, from right (least significant chunk) to left, + * adding chunks to N in place, and keeping a carry for the next chunk. + * This avoids moving things around in memory, and uselessly adding zeros, + * compared to the more straightforward, line-oriented approach. + * + * For this prime we need to handle data in chunks of 64 bits. + * Since this is always a multiple of our basic mbedtls_mpi_uint, we can + * use a mbedtls_mpi_uint * to designate such a chunk, and small loops to handle it. + */ + +/* Add 64-bit chunks (dst += src) and update carry */ +static inline void add64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry) +{ + unsigned char i; + mbedtls_mpi_uint c = 0; + for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) { + *dst += c; c = (*dst < c); + *dst += *src; c += (*dst < *src); + } + *carry += c; +} + +/* Add carry to a 64-bit chunk and update carry */ +static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry) +{ + unsigned char i; + for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) { + *dst += *carry; + *carry = (*dst < *carry); + } +} + +#define WIDTH 8 / sizeof(mbedtls_mpi_uint) +#define A(i) Np + (i) * WIDTH +#define ADD(i) add64(p, A(i), &c) +#define NEXT p += WIDTH; carry64(p, &c) +#define LAST p += WIDTH; do *p = 0; while (++p < end) +#define RESET last_carry[0] = c; c = 0; p = Np +#define ADD_LAST add64(p, last_carry, &c) + +/* + * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1) + */ +static int ecp_mod_p192(mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * ((192 + biL - 1) / biL); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p192_raw(N->p, expected_width); + +cleanup: + return ret; +} + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn) +{ + mbedtls_mpi_uint c = 0, last_carry[WIDTH] = { 0 }; + mbedtls_mpi_uint *p, *end; + + if (Nn != 2*((192 + biL - 1)/biL)) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + p = Np; + end = p + Nn; + + ADD(3); ADD(5); NEXT; // A0 += A3 + A5 + ADD(3); ADD(4); ADD(5); NEXT; // A1 += A3 + A4 + A5 + ADD(4); ADD(5); // A2 += A4 + A5 + + RESET; + + /* Use the reduction for the carry as well: + * 2^192 * last_carry = 2^64 * last_carry + last_carry mod P192 + * It can generate a carry. */ + ADD_LAST; NEXT; // A0 += last_carry + ADD_LAST; NEXT; // A1 += last_carry + // A2 += carry + + RESET; + + /* Use the reduction for the carry as well: + * 2^192 * last_carry = 2^64 * last_carry + last_carry mod P192 + */ + ADD_LAST; NEXT; // A0 += last_carry + ADD_LAST; NEXT; // A1 += last_carry + // A2 += carry + + LAST; + + return 0; +} + +#undef WIDTH +#undef A +#undef ADD +#undef NEXT +#undef LAST +#undef RESET +#undef ADD_LAST +#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + +/* + * The reader is advised to first understand ecp_mod_p192() since the same + * general structure is used here, but with additional complications: + * (1) chunks of 32 bits, and (2) subtractions. + */ + +/* + * For these primes, we need to handle data in chunks of 32 bits. + * This makes it more complicated if we use 64 bits limbs in MPI, + * which prevents us from using a uniform access method as for p192. + * + * So, we define a mini abstraction layer to access 32 bit chunks, + * load them in 'cur' for work, and store them back from 'cur' when done. + * + * While at it, also define the size of N in terms of 32-bit chunks. + */ +#define LOAD32 cur = A(i); + +#if defined(MBEDTLS_HAVE_INT32) /* 32 bit */ + +#define MAX32 X_limbs +#define A(j) X[j] +#define STORE32 X[i] = (mbedtls_mpi_uint) cur; +#define STORE0 X[i] = 0; + +#else /* 64 bit */ + +#define MAX32 X_limbs * 2 +#define A(j) \ + (j) % 2 ? \ + (uint32_t) (X[(j) / 2] >> 32) : \ + (uint32_t) (X[(j) / 2]) +#define STORE32 \ + if (i % 2) { \ + X[i/2] &= 0x00000000FFFFFFFF; \ + X[i/2] |= (uint64_t) (cur) << 32; \ + } else { \ + X[i/2] &= 0xFFFFFFFF00000000; \ + X[i/2] |= (uint32_t) cur; \ + } + +#define STORE0 \ + if (i % 2) { \ + X[i/2] &= 0x00000000FFFFFFFF; \ + } else { \ + X[i/2] &= 0xFFFFFFFF00000000; \ + } + +#endif + +static inline int8_t extract_carry(int64_t cur) +{ + return (int8_t) (cur >> 32); +} + +#define ADD(j) cur += A(j) +#define SUB(j) cur -= A(j) + +#define ADD_CARRY(cc) cur += (cc) +#define SUB_CARRY(cc) cur -= (cc) + +#define ADD_LAST ADD_CARRY(last_c) +#define SUB_LAST SUB_CARRY(last_c) + +/* + * Helpers for the main 'loop' + */ +#define INIT(b) \ + int8_t c = 0, last_c; \ + int64_t cur; \ + size_t i = 0; \ + LOAD32; + +#define NEXT \ + c = extract_carry(cur); \ + STORE32; i++; LOAD32; \ + ADD_CARRY(c); + +#define RESET \ + c = extract_carry(cur); \ + last_c = c; \ + STORE32; i = 0; LOAD32; \ + c = 0; \ + +#define LAST \ + c = extract_carry(cur); \ + STORE32; i++; \ + if (c != 0) \ + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; \ + while (i < MAX32) { STORE0; i++; } + +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) + +/* + * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) + */ +static int ecp_mod_p224(mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * 224 / biL; + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p224_raw(N->p, expected_width); +cleanup: + return ret; +} + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs) +{ + if (X_limbs != 2 * 224 / biL) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + INIT(224); + + SUB(7); SUB(11); NEXT; // A0 += -A7 - A11 + SUB(8); SUB(12); NEXT; // A1 += -A8 - A12 + SUB(9); SUB(13); NEXT; // A2 += -A9 - A13 + SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 + SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 + SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 + SUB(13); ADD(10); // A6 += -A13 + A10 + + RESET; + + /* Use 2^224 = P + 2^96 - 1 to modulo reduce the final carry */ + SUB_LAST; NEXT; // A0 -= last_c + ; NEXT; // A1 + ; NEXT; // A2 + ADD_LAST; NEXT; // A3 += last_c + ; NEXT; // A4 + ; NEXT; // A5 + // A6 + + /* The carry reduction cannot generate a carry + * (see commit 73e8553 for details)*/ + + LAST; + + return 0; +} + +#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + +/* + * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3) + */ +static int ecp_mod_p256(mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * 256 / biL; + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p256_raw(N->p, expected_width); +cleanup: + return ret; +} + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs) +{ + if (X_limbs != 2 * 256 / biL) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + INIT(256); + + ADD(8); ADD(9); + SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 + + ADD(9); ADD(10); + SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 + + ADD(10); ADD(11); + SUB(13); SUB(14); SUB(15); NEXT; // A2 + + ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); + SUB(15); SUB(8); SUB(9); NEXT; // A3 + + ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); + SUB(9); SUB(10); NEXT; // A4 + + ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); + SUB(10); SUB(11); NEXT; // A5 + + ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); + SUB(8); SUB(9); NEXT; // A6 + + ADD(15); ADD(15); ADD(15); ADD(8); + SUB(10); SUB(11); SUB(12); SUB(13); // A7 + + RESET; + + /* Use 2^224 * (2^32 - 1) + 2^192 + 2^96 - 1 + * to modulo reduce the final carry. */ + ADD_LAST; NEXT; // A0 + ; NEXT; // A1 + ; NEXT; // A2 + SUB_LAST; NEXT; // A3 + ; NEXT; // A4 + ; NEXT; // A5 + SUB_LAST; NEXT; // A6 + ADD_LAST; // A7 + + RESET; + + /* Use 2^224 * (2^32 - 1) + 2^192 + 2^96 - 1 + * to modulo reduce the carry generated by the previous reduction. */ + ADD_LAST; NEXT; // A0 + ; NEXT; // A1 + ; NEXT; // A2 + SUB_LAST; NEXT; // A3 + ; NEXT; // A4 + ; NEXT; // A5 + SUB_LAST; NEXT; // A6 + ADD_LAST; // A7 + + LAST; + + return 0; +} + +#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +/* + * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4) + */ +static int ecp_mod_p384(mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * ((384 + biL - 1) / biL); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p384_raw(N->p, expected_width); +cleanup: + return ret; +} + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs) +{ + if (X_limbs != 2*((384 + biL - 1)/biL)) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + INIT(384); + + ADD(12); ADD(21); ADD(20); + SUB(23); NEXT; // A0 + + ADD(13); ADD(22); ADD(23); + SUB(12); SUB(20); NEXT; // A1 + + ADD(14); ADD(23); + SUB(13); SUB(21); NEXT; // A2 + + ADD(15); ADD(12); ADD(20); ADD(21); + SUB(14); SUB(22); SUB(23); NEXT; // A3 + + ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); + SUB(15); SUB(23); SUB(23); NEXT; // A4 + + ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); + SUB(16); NEXT; // A5 + + ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); + SUB(17); NEXT; // A6 + + ADD(19); ADD(16); ADD(15); ADD(23); + SUB(18); NEXT; // A7 + + ADD(20); ADD(17); ADD(16); + SUB(19); NEXT; // A8 + + ADD(21); ADD(18); ADD(17); + SUB(20); NEXT; // A9 + + ADD(22); ADD(19); ADD(18); + SUB(21); NEXT; // A10 + + ADD(23); ADD(20); ADD(19); + SUB(22); // A11 + + RESET; + + /* Use 2^384 = P + 2^128 + 2^96 - 2^32 + 1 to modulo reduce the final carry */ + ADD_LAST; NEXT; // A0 + SUB_LAST; NEXT; // A1 + ; NEXT; // A2 + ADD_LAST; NEXT; // A3 + ADD_LAST; NEXT; // A4 + ; NEXT; // A5 + ; NEXT; // A6 + ; NEXT; // A7 + ; NEXT; // A8 + ; NEXT; // A9 + ; NEXT; // A10 + // A11 + + RESET; + + ADD_LAST; NEXT; // A0 + SUB_LAST; NEXT; // A1 + ; NEXT; // A2 + ADD_LAST; NEXT; // A3 + ADD_LAST; NEXT; // A4 + ; NEXT; // A5 + ; NEXT; // A6 + ; NEXT; // A7 + ; NEXT; // A8 + ; NEXT; // A9 + ; NEXT; // A10 + // A11 + + LAST; + + return 0; +} +#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#undef LOAD32 +#undef MAX32 +#undef A +#undef STORE32 +#undef STORE0 +#undef ADD +#undef SUB +#undef ADD_CARRY +#undef SUB_CARRY +#undef ADD_LAST +#undef SUB_LAST +#undef INIT +#undef NEXT +#undef RESET +#undef LAST + +#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED || + MBEDTLS_ECP_DP_SECP256R1_ENABLED || + MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +/* Size of p521 in terms of mbedtls_mpi_uint */ +#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) + +/* Bits to keep in the most significant mbedtls_mpi_uint */ +#define P521_MASK 0x01FF + +/* + * Fast quasi-reduction modulo p521 = 2^521 - 1 (FIPS 186-3 D.2.5) + */ +static int ecp_mod_p521(mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * P521_WIDTH; + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p521_raw(N->p, expected_width); +cleanup: + return ret; +} + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) +{ + mbedtls_mpi_uint carry = 0; + + if (X_limbs != 2 * P521_WIDTH || X[2 * P521_WIDTH - 1] != 0) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + /* Step 1: Reduction to P521_WIDTH limbs */ + /* Helper references for bottom part of X */ + mbedtls_mpi_uint *X0 = X; + size_t X0_limbs = P521_WIDTH; + /* Helper references for top part of X */ + mbedtls_mpi_uint *X1 = X + X0_limbs; + size_t X1_limbs = X_limbs - X0_limbs; + /* Split X as X0 + 2^P521_WIDTH X1 and compute X0 + 2^(biL - 9) X1. + * (We are using that 2^P521_WIDTH = 2^(512 + biL) and that + * 2^(512 + biL) X1 = 2^(biL - 9) X1 mod P521.) + * The high order limb of the result will be held in carry and the rest + * in X0 (that is the result will be represented as + * 2^P521_WIDTH carry + X0). + * + * Also, note that the resulting carry is either 0 or 1: + * X0 < 2^P521_WIDTH = 2^(512 + biL) and X1 < 2^(P521_WIDTH-biL) = 2^512 + * therefore + * X0 + 2^(biL - 9) X1 < 2^(512 + biL) + 2^(512 + biL - 9) + * which in turn is less than 2 * 2^(512 + biL). + */ + mbedtls_mpi_uint shift = ((mbedtls_mpi_uint) 1u) << (biL - 9); + carry = mbedtls_mpi_core_mla(X0, X0_limbs, X1, X1_limbs, shift); + /* Set X to X0 (by clearing the top part). */ + memset(X1, 0, X1_limbs * sizeof(mbedtls_mpi_uint)); + + /* Step 2: Reduction modulo P521 + * + * At this point X is reduced to P521_WIDTH limbs. What remains is to add + * the carry (that is 2^P521_WIDTH carry) and to reduce mod P521. */ + + /* 2^P521_WIDTH carry = 2^(512 + biL) carry = 2^(biL - 9) carry mod P521. + * Also, recall that carry is either 0 or 1. */ + mbedtls_mpi_uint addend = carry << (biL - 9); + /* Keep the top 9 bits and reduce the rest, using 2^521 = 1 mod P521. */ + addend += (X[P521_WIDTH - 1] >> 9); + X[P521_WIDTH - 1] &= P521_MASK; + + /* Reuse the top part of X (already zeroed) as a helper array for + * carrying out the addition. */ + mbedtls_mpi_uint *addend_arr = X + P521_WIDTH; + addend_arr[0] = addend; + (void) mbedtls_mpi_core_add(X, X, addend_arr, P521_WIDTH); + /* Both addends were less than P521 therefore X < 2 * P521. (This also means + * that the result fit in P521_WIDTH limbs and there won't be any carry.) */ + + /* Clear the reused part of X. */ + addend_arr[0] = 0; + + return 0; +} + +#undef P521_WIDTH +#undef P521_MASK + +#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + +#endif /* MBEDTLS_ECP_NIST_OPTIM */ + +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + +/* Size of p255 in terms of mbedtls_mpi_uint */ +#define P255_WIDTH (255 / 8 / sizeof(mbedtls_mpi_uint) + 1) + +/* + * Fast quasi-reduction modulo p255 = 2^255 - 19 + * Write N as A0 + 2^256 A1, return A0 + 38 * A1 + */ +static int ecp_mod_p255(mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * P255_WIDTH; + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); +cleanup: + return ret; +} + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) +{ + + if (X_Limbs != 2 * P255_WIDTH) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + mbedtls_mpi_uint *carry = mbedtls_calloc(P255_WIDTH, ciL); + if (carry == NULL) { + return MBEDTLS_ERR_ECP_ALLOC_FAILED; + } + + /* Step 1: Reduction to P255_WIDTH limbs */ + if (X_Limbs > P255_WIDTH) { + /* Helper references for top part of X */ + mbedtls_mpi_uint * const A1 = X + P255_WIDTH; + const size_t A1_limbs = X_Limbs - P255_WIDTH; + + /* X = A0 + 38 * A1, capture carry out */ + *carry = mbedtls_mpi_core_mla(X, P255_WIDTH, A1, A1_limbs, 38); + /* Clear top part */ + memset(A1, 0, sizeof(mbedtls_mpi_uint) * A1_limbs); + } + + /* Step 2: Reduce to <2p + * Split as A0 + 2^255*c, with c a scalar, and compute A0 + 19*c */ + *carry <<= 1; + *carry += (X[P255_WIDTH - 1] >> (biL - 1)); + *carry *= 19; + + /* Clear top bit */ + X[P255_WIDTH - 1] <<= 1; X[P255_WIDTH - 1] >>= 1; + /* Since the top bit for X has been cleared 0 + 0 + Carry + * will not overflow. + * + * Furthermore for 2p = 2^256-38. When a carry propagation on the highest + * limb occurs, X > 2^255 and all the remaining bits on the limb are zero. + * - If X < 2^255 ==> X < 2p + * - If X > 2^255 ==> X < 2^256 - 2^255 < 2p */ + (void) mbedtls_mpi_core_add(X, X, carry, P255_WIDTH); + + mbedtls_free(carry); + return 0; +} +#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + +/* Size of p448 in terms of mbedtls_mpi_uint */ +#define P448_WIDTH (448 / 8 / sizeof(mbedtls_mpi_uint)) + +/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */ +#define DIV_ROUND_UP(X, Y) (((X) + (Y) -1) / (Y)) +#define P224_WIDTH_MIN (28 / sizeof(mbedtls_mpi_uint)) +#define P224_WIDTH_MAX DIV_ROUND_UP(28, sizeof(mbedtls_mpi_uint)) +#define P224_UNUSED_BITS ((P224_WIDTH_MAX * sizeof(mbedtls_mpi_uint) * 8) - 224) + +static int ecp_mod_p448(mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * ((448 + biL - 1) / biL); + + /* This is required as some tests and use cases do not pass in a Bignum of + * the correct size, and expect the growth to be done automatically, which + * will no longer happen. */ + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + + ret = mbedtls_ecp_mod_p448(N->p, N->n); + +cleanup: + return ret; +} + +/* + * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1 + * Write X as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return A0 + A1 + B1 + + * (B0 + B1) * 2^224. This is different to the reference implementation of + * Curve448, which uses its own special 56-bit limbs rather than a generic + * bignum library. We could squeeze some extra speed out on 32-bit machines by + * splitting N up into 32-bit limbs and doing the arithmetic using the limbs + * directly as we do for the NIST primes above, but for 64-bit targets it should + * use half the number of operations if we do the reduction with 224-bit limbs, + * since mpi_core_add will then use 64-bit adds. + */ +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) +{ + size_t i; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if (X_limbs <= P448_WIDTH) { + return 0; + } + + size_t M_limbs = X_limbs - (P448_WIDTH); + const size_t Q_limbs = M_limbs; + + if (M_limbs > P448_WIDTH) { + /* Shouldn't be called with X larger than 2^896! */ + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + /* Extra limb for carry below. */ + M_limbs++; + + mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL); + + if (M == NULL) { + return MBEDTLS_ERR_ECP_ALLOC_FAILED; + } + + mbedtls_mpi_uint *Q = mbedtls_calloc(Q_limbs, ciL); + + if (Q == NULL) { + ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; + goto cleanup; + } + + /* M = A1 */ + memset(M, 0, (M_limbs * ciL)); + + /* Do not copy into the overflow limb, as this would read past the end of + * X. */ + memcpy(M, X + P448_WIDTH, ((M_limbs - 1) * ciL)); + + /* X = A0 */ + for (i = P448_WIDTH; i < X_limbs; i++) { + X[i] = 0; + } + + /* X += A1 - Carry here dealt with by oversize M and X. */ + (void) mbedtls_mpi_core_add(X, X, M, M_limbs); + + /* Q = B1, X += B1 */ + memcpy(Q, M, (Q_limbs * ciL)); + + mbedtls_mpi_core_shift_r(Q, Q_limbs, 224); + + /* No carry here - only max 224 bits */ + (void) mbedtls_mpi_core_add(X, X, Q, Q_limbs); + + /* M = (B0 + B1) * 2^224, X += M */ + if (sizeof(mbedtls_mpi_uint) > 4) { + M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); + } + for (i = P224_WIDTH_MAX; i < M_limbs; ++i) { + M[i] = 0; + } + + (void) mbedtls_mpi_core_add(M, M, Q, Q_limbs); + + /* Shifted carry bit from the addition is dealt with by oversize M */ + mbedtls_mpi_core_shift_l(M, M_limbs, 224); + (void) mbedtls_mpi_core_add(X, X, M, M_limbs); + + ret = 0; + +cleanup: + mbedtls_free(M); + mbedtls_free(Q); + + return ret; +} +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) + +/* + * Fast quasi-reduction modulo P = 2^s - R, + * with R about 33 bits, used by the Koblitz curves. + * + * Write X as A0 + 2^224 A1, return A0 + R * A1. + */ +#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R + +static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X, + size_t X_limbs, + mbedtls_mpi_uint *R, + size_t bits) +{ + int ret = 0; + + /* Determine if A1 is aligned to limb bitsize. If not then the used limbs + * of P, A0 and A1 must be set accordingly and there is a middle limb + * which is shared by A0 and A1 and need to handle accordingly. + */ + size_t shift = bits % biL; + size_t adjust = (shift + biL - 1) / biL; + size_t P_limbs = bits / biL + adjust; + + mbedtls_mpi_uint *A1 = mbedtls_calloc(P_limbs, ciL); + if (A1 == NULL) { + return MBEDTLS_ERR_ECP_ALLOC_FAILED; + } + + /* Create a buffer to store the value of `R * A1` */ + size_t R_limbs = P_KOBLITZ_R; + size_t M_limbs = P_limbs + R_limbs; + mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL); + if (M == NULL) { + ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; + goto cleanup; + } + + mbedtls_mpi_uint mask = 0; + if (adjust != 0) { + mask = ((mbedtls_mpi_uint) 1 << shift) - 1; + } + + /* Two passes are needed to reduce the value of `A0 + R * A1` and then + * we need an additional one to reduce the possible overflow during + * the addition. + */ + for (size_t pass = 0; pass < 3; pass++) { + /* Copy A1 */ + memcpy(A1, X + P_limbs - adjust, P_limbs * ciL); + + /* Shift A1 to be aligned */ + if (shift != 0) { + mbedtls_mpi_core_shift_r(A1, P_limbs, shift); + } + + /* Zeroize the A1 part of the shared limb */ + if (mask != 0) { + X[P_limbs - 1] &= mask; + } + + /* X = A0 + * Zeroize the A1 part of X to keep only the A0 part. + */ + for (size_t i = P_limbs; i < X_limbs; i++) { + X[i] = 0; + } + + /* X = A0 + R * A1 */ + mbedtls_mpi_core_mul(M, A1, P_limbs, R, R_limbs); + (void) mbedtls_mpi_core_add(X, X, M, P_limbs + R_limbs); + + /* Carry can not be generated since R is a 33-bit value and stored in + * 64 bits. The result value of the multiplication is at most + * P length + 33 bits in length and the result value of the addition + * is at most P length + 34 bits in length. So the result of the + * addition always fits in P length + 64 bits. + */ + } + +cleanup: + mbedtls_free(M); + mbedtls_free(A1); + + return ret; +} + +#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) || + MBEDTLS_ECP_DP_SECP224K1_ENABLED) || + MBEDTLS_ECP_DP_SECP256K1_ENABLED) */ + +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) + +/* + * Fast quasi-reduction modulo p192k1 = 2^192 - R, + * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x01000011C9 + */ +static int ecp_mod_p192k1(mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * ((192 + biL - 1) / biL); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p192k1_raw(N->p, expected_width); + +cleanup: + return ret; +} + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) +{ + static mbedtls_mpi_uint Rp[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00) + }; + + if (X_limbs != 2 * ((192 + biL - 1) / biL)) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + return ecp_mod_koblitz(X, X_limbs, Rp, 192); +} + +#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) + +/* + * Fast quasi-reduction modulo p224k1 = 2^224 - R, + * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 + */ +static int ecp_mod_p224k1(mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * 224 / biL; + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p224k1_raw(N->p, expected_width); + +cleanup: + return ret; +} + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) +{ + static mbedtls_mpi_uint Rp[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00) + }; + + if (X_limbs != 2 * 224 / biL) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + return ecp_mod_koblitz(X, X_limbs, Rp, 224); +} + +#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) + +/* + * Fast quasi-reduction modulo p256k1 = 2^256 - R, + * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1 + */ +static int ecp_mod_p256k1(mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * ((256 + biL - 1) / biL); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p256k1_raw(N->p, expected_width); + +cleanup: + return ret; +} + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) +{ + static mbedtls_mpi_uint Rp[] = { + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00) + }; + + if (X_limbs != 2 * ((256 + biL - 1) / biL)) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + return ecp_mod_koblitz(X, X_limbs, Rp, 256); +} + +#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ + +#if defined(MBEDTLS_TEST_HOOKS) +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, + const mbedtls_ecp_group_id id, + const mbedtls_ecp_curve_type ctype) +{ + mbedtls_mpi_uint *p = NULL; + size_t p_limbs; + + if (!(ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE || \ + ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_SCALAR)) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + switch (id) { +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) + case MBEDTLS_ECP_DP_SECP192R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp192r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); + } else { + p = (mbedtls_mpi_uint *) secp192r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) + case MBEDTLS_ECP_DP_SECP224R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp224r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); + } else { + p = (mbedtls_mpi_uint *) secp224r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + case MBEDTLS_ECP_DP_SECP256R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp256r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); + } else { + p = (mbedtls_mpi_uint *) secp256r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + case MBEDTLS_ECP_DP_SECP384R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp384r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); + } else { + p = (mbedtls_mpi_uint *) secp384r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + case MBEDTLS_ECP_DP_SECP521R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp521r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); + } else { + p = (mbedtls_mpi_uint *) secp521r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) + case MBEDTLS_ECP_DP_BP256R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) brainpoolP256r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p)); + } else { + p = (mbedtls_mpi_uint *) brainpoolP256r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) + case MBEDTLS_ECP_DP_BP384R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) brainpoolP384r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p)); + } else { + p = (mbedtls_mpi_uint *) brainpoolP384r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) + case MBEDTLS_ECP_DP_BP512R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) brainpoolP512r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p)); + } else { + p = (mbedtls_mpi_uint *) brainpoolP512r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + case MBEDTLS_ECP_DP_CURVE25519: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) curve25519_p; + p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); + } else { + p = (mbedtls_mpi_uint *) curve25519_n; + p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) + case MBEDTLS_ECP_DP_SECP192K1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp192k1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); + } else { + p = (mbedtls_mpi_uint *) secp192k1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) + case MBEDTLS_ECP_DP_SECP224K1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp224k1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); + } else { + p = (mbedtls_mpi_uint *) secp224k1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) + case MBEDTLS_ECP_DP_SECP256K1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp256k1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); + } else { + p = (mbedtls_mpi_uint *) secp256k1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + case MBEDTLS_ECP_DP_CURVE448: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) curve448_p; + p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); + } else { + p = (mbedtls_mpi_uint *) curve448_n; + p_limbs = CHARS_TO_LIMBS(sizeof(curve448_n)); + } + break; +#endif + + default: + case MBEDTLS_ECP_DP_NONE: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs, + MBEDTLS_MPI_MOD_REP_MONTGOMERY)) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + return 0; +} +#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* !MBEDTLS_ECP_ALT */ +#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_ECP_WITH_MPI_UINT */ From 4d71051145f3c0d2aeaad04cdf1f38262a1ea24a Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 13 Jun 2023 10:57:43 +0000 Subject: [PATCH 133/339] Enable build of ecp_curves_new.c Signed-off-by: Xiaokang Qian --- library/CMakeLists.txt | 1 + library/Makefile | 1 + 2 files changed, 2 insertions(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index f46b83db8..390192730 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -39,6 +39,7 @@ set(src_crypto ecp.c ecp_new.c ecp_curves.c + ecp_curves_new.c entropy.c entropy_poll.c error.c diff --git a/library/Makefile b/library/Makefile index 766343ac8..fdab4f4ba 100644 --- a/library/Makefile +++ b/library/Makefile @@ -104,6 +104,7 @@ OBJS_CRYPTO= \ ecp.o \ ecp_new.o \ ecp_curves.o \ + ecp_curves_new.o \ entropy.o \ entropy_poll.o \ error.o \ From 73d98405b8aad43702661f143a03ba8bc7cb3455 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 12 Jul 2023 03:19:41 +0000 Subject: [PATCH 134/339] Rework the clone of ecp_curves.c Change macro guard rebase ecp_curves_new.c to the latest ecp_curves.c Signed-off-by: Xiaokang Qian --- library/ecp_curves.c | 6 +- library/ecp_curves_new.c | 215 +++++++++++++++++++++++++-------------- 2 files changed, 143 insertions(+), 78 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 4ab74dc6f..8ed1ce08b 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -18,9 +18,8 @@ */ #include "common.h" -#include "ecp_invasive.h" -#if defined(MBEDTLS_ECP_WITH_MPI_STRUCT) +#if !defined(MBEDTLS_ECP_WITH_MPI_UINT) #if defined(MBEDTLS_ECP_LIGHT) @@ -35,6 +34,7 @@ #include "bn_mul.h" #include "bignum_core.h" +#include "ecp_invasive.h" #include @@ -6041,4 +6041,4 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #endif /* MBEDTLS_TEST_HOOKS */ #endif /* !MBEDTLS_ECP_ALT */ #endif /* MBEDTLS_ECP_LIGHT */ -#endif /* MBEDTLS_ECP_WITH_MPI_STRUCT */ +#endif /* MBEDTLS_ECP_WITH_MPI_UINT */ diff --git a/library/ecp_curves_new.c b/library/ecp_curves_new.c index 648853d5b..9a3601625 100644 --- a/library/ecp_curves_new.c +++ b/library/ecp_curves_new.c @@ -18,9 +18,9 @@ */ #include "common.h" -#include "ecp_invasive.h" #if defined(MBEDTLS_ECP_WITH_MPI_UINT) + #if defined(MBEDTLS_ECP_LIGHT) #include "mbedtls/ecp.h" @@ -30,8 +30,11 @@ #include "mbedtls/platform.h" +#include "constant_time_internal.h" + #include "bn_mul.h" #include "bignum_core.h" +#include "ecp_invasive.h" #include @@ -43,15 +46,15 @@ #define ECP_VALIDATE(cond) \ MBEDTLS_INTERNAL_VALIDATE(cond) -#define ECP_MPI_INIT(s, n, p) { s, (n), (mbedtls_mpi_uint *) (p) } +#define ECP_MPI_INIT(_p, _n) { .p = (mbedtls_mpi_uint *) (_p), .s = 1, .n = (_n) } #define ECP_MPI_INIT_ARRAY(x) \ - ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x) + ECP_MPI_INIT(x, sizeof(x) / sizeof(mbedtls_mpi_uint)) #define ECP_POINT_INIT_XY_Z0(x, y) { \ - ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 0, NULL) } + ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(NULL, 0) } #define ECP_POINT_INIT_XY_Z1(x, y) { \ - ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 1, mpi_one) } + ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(mpi_one, 1) } #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ @@ -4511,12 +4514,13 @@ static const mbedtls_ecp_point brainpoolP512r1_T[32] = { defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) /* * Create an MPI from embedded constants - * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint)) + * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint) and + * len < 1048576) */ static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len) { X->s = 1; - X->n = len / sizeof(mbedtls_mpi_uint); + X->n = (unsigned short) (len / sizeof(mbedtls_mpi_uint)); X->p = (mbedtls_mpi_uint *) p; } #endif @@ -4612,7 +4616,7 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs); #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) static int ecp_mod_p448(mbedtls_mpi *); MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *, size_t); +int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *, size_t); #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) static int ecp_mod_p192k1(mbedtls_mpi *); @@ -4921,7 +4925,7 @@ static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry) static int ecp_mod_p192(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((192 + biL - 1) / biL); + size_t expected_width = BITS_TO_LIMBS(192) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p192_raw(N->p, expected_width); @@ -4935,7 +4939,7 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn) mbedtls_mpi_uint c = 0, last_carry[WIDTH] = { 0 }; mbedtls_mpi_uint *p, *end; - if (Nn != 2*((192 + biL - 1)/biL)) { + if (Nn != BITS_TO_LIMBS(192) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5081,7 +5085,7 @@ static inline int8_t extract_carry(int64_t cur) static int ecp_mod_p224(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * 224 / biL; + size_t expected_width = BITS_TO_LIMBS(224) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p224_raw(N->p, expected_width); cleanup: @@ -5091,7 +5095,7 @@ cleanup: MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs) { - if (X_limbs != 2 * 224 / biL) { + if (X_limbs != BITS_TO_LIMBS(224) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5134,7 +5138,7 @@ int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p256(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * 256 / biL; + size_t expected_width = BITS_TO_LIMBS(256) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p256_raw(N->p, expected_width); cleanup: @@ -5144,7 +5148,7 @@ cleanup: MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs) { - if (X_limbs != 2 * 256 / biL) { + if (X_limbs != BITS_TO_LIMBS(256) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5214,7 +5218,7 @@ int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p384(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((384 + biL - 1) / biL); + size_t expected_width = BITS_TO_LIMBS(384) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p384_raw(N->p, expected_width); cleanup: @@ -5224,7 +5228,7 @@ cleanup: MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs) { - if (X_limbs != 2*((384 + biL - 1)/biL)) { + if (X_limbs != BITS_TO_LIMBS(384) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5336,7 +5340,7 @@ int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p521(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * P521_WIDTH; + size_t expected_width = BITS_TO_LIMBS(521) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p521_raw(N->p, expected_width); cleanup: @@ -5348,7 +5352,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) { mbedtls_mpi_uint carry = 0; - if (X_limbs != 2 * P521_WIDTH || X[2 * P521_WIDTH - 1] != 0) { + if (X_limbs != BITS_TO_LIMBS(521) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5422,7 +5426,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p255(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * P255_WIDTH; + size_t expected_width = BITS_TO_LIMBS(255) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); cleanup: @@ -5433,7 +5437,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) { - if (X_Limbs != 2 * P255_WIDTH) { + if (X_Limbs != BITS_TO_LIMBS(255) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5483,21 +5487,22 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) /* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */ #define DIV_ROUND_UP(X, Y) (((X) + (Y) -1) / (Y)) -#define P224_WIDTH_MIN (28 / sizeof(mbedtls_mpi_uint)) -#define P224_WIDTH_MAX DIV_ROUND_UP(28, sizeof(mbedtls_mpi_uint)) +#define P224_SIZE (224 / 8) +#define P224_WIDTH_MIN (P224_SIZE / sizeof(mbedtls_mpi_uint)) +#define P224_WIDTH_MAX DIV_ROUND_UP(P224_SIZE, sizeof(mbedtls_mpi_uint)) #define P224_UNUSED_BITS ((P224_WIDTH_MAX * sizeof(mbedtls_mpi_uint) * 8) - 224) static int ecp_mod_p448(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((448 + biL - 1) / biL); + size_t expected_width = BITS_TO_LIMBS(448) * 2; /* This is required as some tests and use cases do not pass in a Bignum of * the correct size, and expect the growth to be done automatically, which * will no longer happen. */ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p448(N->p, N->n); + ret = mbedtls_ecp_mod_p448_raw(N->p, N->n); cleanup: return ret; @@ -5515,33 +5520,36 @@ cleanup: * since mpi_core_add will then use 64-bit adds. */ MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) +int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs) { - size_t i; + size_t round; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (X_limbs <= P448_WIDTH) { + if (X_limbs != BITS_TO_LIMBS(448) * 2) { return 0; } size_t M_limbs = X_limbs - (P448_WIDTH); - const size_t Q_limbs = M_limbs; if (M_limbs > P448_WIDTH) { /* Shouldn't be called with X larger than 2^896! */ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - /* Extra limb for carry below. */ + /* Both M and Q require an extra limb to catch carries. */ M_limbs++; - mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL); + const size_t Q_limbs = M_limbs; + mbedtls_mpi_uint *M = NULL; + mbedtls_mpi_uint *Q = NULL; + + M = mbedtls_calloc(M_limbs, ciL); if (M == NULL) { return MBEDTLS_ERR_ECP_ALLOC_FAILED; } - mbedtls_mpi_uint *Q = mbedtls_calloc(Q_limbs, ciL); + Q = mbedtls_calloc(Q_limbs, ciL); if (Q == NULL) { ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; @@ -5550,41 +5558,72 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) /* M = A1 */ memset(M, 0, (M_limbs * ciL)); - /* Do not copy into the overflow limb, as this would read past the end of * X. */ memcpy(M, X + P448_WIDTH, ((M_limbs - 1) * ciL)); /* X = A0 */ - for (i = P448_WIDTH; i < X_limbs; i++) { - X[i] = 0; - } + memset(X + P448_WIDTH, 0, ((M_limbs - 1) * ciL)); - /* X += A1 - Carry here dealt with by oversize M and X. */ + /* X = X + M = A0 + A1 */ + /* Carry here fits in oversize X. Oversize M means it will get + * added in, not returned as carry. */ (void) mbedtls_mpi_core_add(X, X, M, M_limbs); - /* Q = B1, X += B1 */ - memcpy(Q, M, (Q_limbs * ciL)); + /* Q = B1 = M >> 224 */ + memcpy(Q, (char *) M + P224_SIZE, P224_SIZE); + memset((char *) Q + P224_SIZE, 0, P224_SIZE); - mbedtls_mpi_core_shift_r(Q, Q_limbs, 224); - - /* No carry here - only max 224 bits */ + /* X = X + Q = (A0 + A1) + B1 + * Oversize Q catches potential carry here when X is already max 448 bits. + */ (void) mbedtls_mpi_core_add(X, X, Q, Q_limbs); - /* M = (B0 + B1) * 2^224, X += M */ - if (sizeof(mbedtls_mpi_uint) > 4) { - M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); - } - for (i = P224_WIDTH_MAX; i < M_limbs; ++i) { - M[i] = 0; - } + /* M = B0 */ +#ifdef MBEDTLS_HAVE_INT64 + M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); + #endif + memset(M + P224_WIDTH_MAX, 0, ((M_limbs - P224_WIDTH_MAX) * ciL)); + /* M = M + Q = B0 + B1 */ (void) mbedtls_mpi_core_add(M, M, Q, Q_limbs); - /* Shifted carry bit from the addition is dealt with by oversize M */ - mbedtls_mpi_core_shift_l(M, M_limbs, 224); + /* M = (B0 + B1) * 2^224 */ + /* Shifted carry bit from the addition fits in oversize M. */ + memmove((char *) M + P224_SIZE, M, P224_SIZE + ciL); + memset(M, 0, P224_SIZE); + + /* X = X + M = (A0 + A1 + B1) + (B0 + B1) * 2^224 */ (void) mbedtls_mpi_core_add(X, X, M, M_limbs); + /* In the second and third rounds A1 and B0 have at most 1 non-zero limb and + * B1=0. + * Using this we need to calculate: + * A0 + A1 + B1 + (B0 + B1) * 2^224 = A0 + A1 + B0 * 2^224. */ + for (round = 0; round < 2; ++round) { + + /* M = A1 */ + memset(M, 0, (M_limbs * ciL)); + memcpy(M, X + P448_WIDTH, ((M_limbs - 1) * ciL)); + + /* X = A0 */ + memset(X + P448_WIDTH, 0, ((M_limbs - 1) * ciL)); + + /* M = A1 + B0 * 2^224 + * We know that only one limb of A1 will be non-zero and that it will be + * limb 0. We also know that B0 is the bottom 224 bits of A1 (which is + * then shifted up 224 bits), so, given M is currently A1 this turns + * into: + * M = M + (M << 224) + * As the single non-zero limb in B0 will be A1 limb 0 shifted up by 224 + * bits, we can just move that into the right place, shifted up + * accordingly.*/ + M[P224_WIDTH_MIN] = M[0] << (224 & (biL - 1)); + + /* X = A0 + (A1 + B0 * 2^224) */ + (void) mbedtls_mpi_core_add(X, X, M, M_limbs); + } + ret = 0; cleanup: @@ -5698,7 +5737,7 @@ cleanup: static int ecp_mod_p192k1(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((192 + biL - 1) / biL); + size_t expected_width = BITS_TO_LIMBS(192) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p192k1_raw(N->p, expected_width); @@ -5714,7 +5753,7 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) 0x01, 0x00, 0x00, 0x00) }; - if (X_limbs != 2 * ((192 + biL - 1) / biL)) { + if (X_limbs != BITS_TO_LIMBS(192) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5732,7 +5771,7 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p224k1(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * 224 / biL; + size_t expected_width = BITS_TO_LIMBS(224) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p224k1_raw(N->p, expected_width); @@ -5748,7 +5787,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) 0x01, 0x00, 0x00, 0x00) }; - if (X_limbs != 2 * 224 / biL) { + if (X_limbs != BITS_TO_LIMBS(224) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5766,7 +5805,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p256k1(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((256 + biL - 1) / biL); + size_t expected_width = BITS_TO_LIMBS(256) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p256k1_raw(N->p, expected_width); @@ -5782,7 +5821,7 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) 0x01, 0x00, 0x00, 0x00) }; - if (X_limbs != 2 * ((256 + biL - 1) / biL)) { + if (X_limbs != BITS_TO_LIMBS(256) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5795,20 +5834,24 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, - const mbedtls_ecp_curve_type ctype) + const mbedtls_ecp_modulus_type ctype) { + mbedtls_mpi_modp_fn modp = NULL; mbedtls_mpi_uint *p = NULL; size_t p_limbs; - if (!(ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE || \ - ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_SCALAR)) { + if (!(ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE || \ + ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_SCALAR)) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } switch (id) { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) case MBEDTLS_ECP_DP_SECP192R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &mbedtls_ecp_mod_p192_raw; +#endif p = (mbedtls_mpi_uint *) secp192r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); } else { @@ -5820,7 +5863,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) case MBEDTLS_ECP_DP_SECP224R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &mbedtls_ecp_mod_p224_raw; +#endif p = (mbedtls_mpi_uint *) secp224r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); } else { @@ -5832,7 +5878,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case MBEDTLS_ECP_DP_SECP256R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &mbedtls_ecp_mod_p256_raw; +#endif p = (mbedtls_mpi_uint *) secp256r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); } else { @@ -5844,7 +5893,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) case MBEDTLS_ECP_DP_SECP384R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &mbedtls_ecp_mod_p384_raw; +#endif p = (mbedtls_mpi_uint *) secp384r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); } else { @@ -5856,7 +5908,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) case MBEDTLS_ECP_DP_SECP521R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &mbedtls_ecp_mod_p521_raw; +#endif p = (mbedtls_mpi_uint *) secp521r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); } else { @@ -5868,7 +5923,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) case MBEDTLS_ECP_DP_BP256R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) brainpoolP256r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p)); } else { @@ -5880,7 +5935,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) case MBEDTLS_ECP_DP_BP384R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) brainpoolP384r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p)); } else { @@ -5892,7 +5947,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) case MBEDTLS_ECP_DP_BP512R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) brainpoolP512r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p)); } else { @@ -5904,7 +5959,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &mbedtls_ecp_mod_p255_raw; p = (mbedtls_mpi_uint *) curve25519_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); } else { @@ -5916,7 +5972,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &mbedtls_ecp_mod_p192k1_raw; p = (mbedtls_mpi_uint *) secp192k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); } else { @@ -5928,7 +5985,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &mbedtls_ecp_mod_p224k1_raw; p = (mbedtls_mpi_uint *) secp224k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); } else { @@ -5940,7 +5998,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &mbedtls_ecp_mod_p256k1_raw; p = (mbedtls_mpi_uint *) secp256k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); } else { @@ -5952,7 +6011,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &mbedtls_ecp_mod_p448_raw; p = (mbedtls_mpi_uint *) curve448_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); } else { @@ -5967,9 +6027,14 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if (modp != NULL) { + if (mbedtls_mpi_mod_optred_modulus_setup(N, p, p_limbs, modp)) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + } else { + if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } } return 0; } From c495845e7af0c7c82af97e53b2eb759ab947a0f5 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 19 Jul 2023 09:11:36 +0000 Subject: [PATCH 135/339] Align ECP_MPI_INIT with mbedtls_mpi struct order in ecp_new.c Signed-off-by: Xiaokang Qian --- library/ecp_new.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ecp_new.c b/library/ecp_new.c index 028a33bfa..0635d5353 100644 --- a/library/ecp_new.c +++ b/library/ecp_new.c @@ -2932,9 +2932,9 @@ int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -#define ECP_MPI_INIT(s, n, p) { s, (n), (mbedtls_mpi_uint *) (p) } +#define ECP_MPI_INIT(_p, _n) { .p = (mbedtls_mpi_uint *) (_p), .s = 1, .n = (_n) } #define ECP_MPI_INIT_ARRAY(x) \ - ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x) + ECP_MPI_INIT(x, sizeof(x) / sizeof(mbedtls_mpi_uint)) /* * Constants for the two points other than 0, 1, -1 (mod p) in * https://cr.yp.to/ecdh.html#validate From 05b2a87ea0717898253ca2d4560b5947c1cbd895 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jul 2023 11:31:13 +0100 Subject: [PATCH 136/339] For tests, rename TEST_CALLOC_OR_FAIL() to just TEST_CALLOC() Signed-off-by: Tom Cosgrove --- tests/include/test/macros.h | 6 +- tests/src/psa_exercise_key.c | 10 +- tests/src/test_helpers/ssl_helpers.c | 8 +- tests/suites/test_suite_aes.function | 24 +-- tests/suites/test_suite_asn1parse.function | 12 +- tests/suites/test_suite_asn1write.function | 10 +- tests/suites/test_suite_bignum_core.function | 46 ++--- tests/suites/test_suite_bignum_mod.function | 30 ++-- .../suites/test_suite_bignum_mod_raw.function | 34 ++-- .../suites/test_suite_bignum_random.function | 20 +-- tests/suites/test_suite_ccm.function | 44 ++--- tests/suites/test_suite_cipher.function | 12 +- tests/suites/test_suite_common.function | 8 +- .../suites/test_suite_constant_time.function | 14 +- .../test_suite_constant_time_hmac.function | 4 +- tests/suites/test_suite_ecp.function | 16 +- tests/suites/test_suite_gcm.function | 16 +- tests/suites/test_suite_hkdf.function | 10 +- tests/suites/test_suite_lmots.function | 8 +- tests/suites/test_suite_lms.function | 8 +- tests/suites/test_suite_mps.function | 8 +- tests/suites/test_suite_pkcs12.function | 2 +- tests/suites/test_suite_pkcs7.function | 12 +- tests/suites/test_suite_pkparse.function | 2 +- tests/suites/test_suite_pkwrite.function | 4 +- .../test_suite_platform_printf.function | 8 +- tests/suites/test_suite_psa_crypto.function | 170 +++++++++--------- ..._suite_psa_crypto_driver_wrappers.function | 70 ++++---- .../test_suite_psa_crypto_entropy.function | 6 +- .../test_suite_psa_crypto_init.function | 2 +- .../test_suite_psa_crypto_pake.function | 6 +- ...t_suite_psa_crypto_persistent_key.function | 6 +- ...st_suite_psa_crypto_se_driver_hal.function | 2 +- ..._suite_psa_crypto_slot_management.function | 10 +- ...t_suite_psa_crypto_storage_format.function | 4 +- tests/suites/test_suite_psa_its.function | 6 +- tests/suites/test_suite_random.function | 2 +- tests/suites/test_suite_shax.function | 4 +- tests/suites/test_suite_ssl.function | 10 +- tests/suites/test_suite_x509parse.function | 4 +- 40 files changed, 339 insertions(+), 339 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index c94dd976d..7c62c7ed7 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -123,7 +123,7 @@ * This expression may be evaluated multiple times. * */ -#define TEST_CALLOC_OR_FAIL(pointer, length) \ +#define TEST_CALLOC(pointer, length) \ do { \ TEST_ASSERT((pointer) == NULL); \ if ((length) != 0) { \ @@ -134,11 +134,11 @@ } while (0) /* For backwards compatibility */ -#define ASSERT_ALLOC(pointer, length) TEST_CALLOC_OR_FAIL(pointer, length) +#define ASSERT_ALLOC(pointer, length) TEST_CALLOC(pointer, length) /** Allocate memory dynamically. If the allocation fails, skip the test case. * - * This macro behaves like #TEST_CALLOC_OR_FAIL, except that if the allocation + * This macro behaves like #TEST_CALLOC, except that if the allocation * fails, it marks the test as skipped rather than failed. */ #define TEST_CALLOC_OR_SKIP(pointer, length) \ diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 48029b491..ef1d261c8 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -506,7 +506,7 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( key_bits = psa_get_key_bits(&attributes); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - TEST_CALLOC_OR_FAIL(public_key, public_key_length); + TEST_CALLOC(public_key, public_key_length); PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length, &public_key_length)); @@ -548,7 +548,7 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( key_bits = psa_get_key_bits(&attributes); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - TEST_CALLOC_OR_FAIL(public_key, public_key_length); + TEST_CALLOC(public_key, public_key_length); PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length, &public_key_length)); @@ -838,7 +838,7 @@ static int exercise_export_key(mbedtls_svc_key_id_t key, exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type(&attributes), psa_get_key_bits(&attributes)); - TEST_CALLOC_OR_FAIL(exported, exported_size); + TEST_CALLOC(exported, exported_size); if ((usage & PSA_KEY_USAGE_EXPORT) == 0 && !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) { @@ -881,7 +881,7 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key) exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type(&attributes), psa_get_key_bits(&attributes)); - TEST_CALLOC_OR_FAIL(exported, exported_size); + TEST_CALLOC(exported, exported_size); TEST_EQUAL(psa_export_public_key(key, exported, exported_size, &exported_length), @@ -894,7 +894,7 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key) psa_get_key_type(&attributes)); exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, psa_get_key_bits(&attributes)); - TEST_CALLOC_OR_FAIL(exported, exported_size); + TEST_CALLOC(exported, exported_size); PSA_ASSERT(psa_export_public_key(key, exported, exported_size, diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index f70b89a00..506d949f4 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -91,7 +91,7 @@ void mbedtls_test_init_handshake_options( opts->resize_buffers = 1; #if defined(MBEDTLS_SSL_CACHE_C) opts->cache = NULL; - TEST_CALLOC_OR_FAIL(opts->cache, 1); + TEST_CALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); #if defined(MBEDTLS_HAVE_TIME) TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache), @@ -627,9 +627,9 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, } cert = &(ep->cert); - TEST_CALLOC_OR_FAIL(cert->ca_cert, 1); - TEST_CALLOC_OR_FAIL(cert->cert, 1); - TEST_CALLOC_OR_FAIL(cert->pkey, 1); + TEST_CALLOC(cert->ca_cert, 1); + TEST_CALLOC(cert->cert, 1); + TEST_CALLOC(cert->pkey, 1); mbedtls_x509_crt_init(cert->ca_cert); mbedtls_x509_crt_init(cert->cert); diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index d30cef0e8..c27347542 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -545,9 +545,9 @@ void aes_ecb_copy_context(data_t *key) struct align1 *dec1 = NULL; /* All peak alignment */ - TEST_CALLOC_OR_FAIL(src0, 1); - TEST_CALLOC_OR_FAIL(enc0, 1); - TEST_CALLOC_OR_FAIL(dec0, 1); + TEST_CALLOC(src0, 1); + TEST_CALLOC(enc0, 1); + TEST_CALLOC(dec0, 1); if (!test_copy(key, &src0->ctx, &enc0->ctx, &dec0->ctx)) { goto exit; } @@ -559,9 +559,9 @@ void aes_ecb_copy_context(data_t *key) dec0 = NULL; /* Original shifted */ - TEST_CALLOC_OR_FAIL(src1, 1); - TEST_CALLOC_OR_FAIL(enc0, 1); - TEST_CALLOC_OR_FAIL(dec0, 1); + TEST_CALLOC(src1, 1); + TEST_CALLOC(enc0, 1); + TEST_CALLOC(dec0, 1); if (!test_copy(key, &src1->ctx, &enc0->ctx, &dec0->ctx)) { goto exit; } @@ -573,9 +573,9 @@ void aes_ecb_copy_context(data_t *key) dec0 = NULL; /* Copies shifted */ - TEST_CALLOC_OR_FAIL(src0, 1); - TEST_CALLOC_OR_FAIL(enc1, 1); - TEST_CALLOC_OR_FAIL(dec1, 1); + TEST_CALLOC(src0, 1); + TEST_CALLOC(enc1, 1); + TEST_CALLOC(dec1, 1); if (!test_copy(key, &src0->ctx, &enc1->ctx, &dec1->ctx)) { goto exit; } @@ -587,9 +587,9 @@ void aes_ecb_copy_context(data_t *key) dec1 = NULL; /* Source and copies shifted */ - TEST_CALLOC_OR_FAIL(src1, 1); - TEST_CALLOC_OR_FAIL(enc1, 1); - TEST_CALLOC_OR_FAIL(dec1, 1); + TEST_CALLOC(src1, 1); + TEST_CALLOC(enc1, 1); + TEST_CALLOC(dec1, 1); if (!test_copy(key, &src1->ctx, &enc1->ctx, &dec1->ctx)) { goto exit; } diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function index a43e44f15..01a091b06 100644 --- a/tests/suites/test_suite_asn1parse.function +++ b/tests/suites/test_suite_asn1parse.function @@ -135,7 +135,7 @@ int get_len_step(const data_t *input, size_t buffer_size, /* Allocate a new buffer of exactly the length to parse each time. * This gives memory sanitizers a chance to catch buffer overreads. */ if (buffer_size == 0) { - TEST_CALLOC_OR_FAIL(buf, 1); + TEST_CALLOC(buf, 1); end = buf + 1; p = end; } else { @@ -247,7 +247,7 @@ void parse_prefixes(const data_t *input, mbedtls_test_set_step(buffer_size); /* Allocate a new buffer of exactly the length to parse each time. * This gives memory sanitizers a chance to catch buffer overreads. */ - TEST_CALLOC_OR_FAIL(buf, buffer_size); + TEST_CALLOC(buf, buffer_size); memcpy(buf, input->x, buffer_size); p = buf; ret = nested_parse(&p, buf + buffer_size); @@ -506,7 +506,7 @@ void get_mpi_too_large() mbedtls_mpi_init(&actual_mpi); - TEST_CALLOC_OR_FAIL(buf, size); + TEST_CALLOC(buf, size); buf[0] = 0x02; /* tag: INTEGER */ buf[1] = 0x84; /* 4-octet length */ buf[2] = (too_many_octets >> 24) & 0xff; @@ -729,10 +729,10 @@ void free_named_data(int with_oid, int with_val, int with_next) { { 0x06, 0, NULL }, { 0, 0, NULL }, NULL, 0 }; if (with_oid) { - TEST_CALLOC_OR_FAIL(head.oid.p, 1); + TEST_CALLOC(head.oid.p, 1); } if (with_val) { - TEST_CALLOC_OR_FAIL(head.val.p, 1); + TEST_CALLOC(head.val.p, 1); } if (with_next) { head.next = &next; @@ -758,7 +758,7 @@ void free_named_data_list(int length) for (i = 0; i < length; i++) { mbedtls_asn1_named_data *new = NULL; - TEST_CALLOC_OR_FAIL(new, 1); + TEST_CALLOC(new, 1); new->next = head; head = new; } diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index 5d20ff8a9..aac7b30a0 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -17,7 +17,7 @@ int generic_write_start_step(generic_write_data_t *data) mbedtls_test_set_step(data->size); mbedtls_free(data->output); data->output = NULL; - TEST_CALLOC_OR_FAIL(data->output, data->size == 0 ? 1 : data->size); + TEST_CALLOC(data->output, data->size == 0 ? 1 : data->size); data->end = data->output + data->size; data->p = data->end; data->start = data->end - data->size; @@ -296,7 +296,7 @@ void mbedtls_asn1_write_algorithm_identifier(data_t *oid, size_t len_complete = data_len + par_len; unsigned char expected_params_tag; size_t expected_params_len; - TEST_CALLOC_OR_FAIL(buf_complete, len_complete); + TEST_CALLOC(buf_complete, len_complete); unsigned char *end_complete = buf_complete + len_complete; memcpy(buf_complete, data.p, data_len); if (par_len == 0) { @@ -404,7 +404,7 @@ void test_asn1_write_bitstrings(data_t *bitstring, int bits, TEST_ASSERT(bitstring->len >= byte_length); #if defined(MBEDTLS_ASN1_PARSE_C) - TEST_CALLOC_OR_FAIL(masked_bitstring, byte_length); + TEST_CALLOC(masked_bitstring, byte_length); if (byte_length != 0) { memcpy(masked_bitstring, bitstring->x, byte_length); if (bits % 8 != 0) { @@ -477,7 +477,7 @@ void store_named_data_find(data_t *oid0, data_t *oid1, } pointers[ARRAY_LENGTH(nd)] = NULL; for (i = 0; i < ARRAY_LENGTH(nd); i++) { - TEST_CALLOC_OR_FAIL(nd[i].oid.p, oid[i]->len); + TEST_CALLOC(nd[i].oid.p, oid[i]->len); memcpy(nd[i].oid.p, oid[i]->x, oid[i]->len); nd[i].oid.len = oid[i]->len; nd[i].next = pointers[i+1]; @@ -529,7 +529,7 @@ void store_named_data_val_found(int old_len, int new_len) unsigned char *new_val = (unsigned char *) "new value"; if (old_len != 0) { - TEST_CALLOC_OR_FAIL(nd.val.p, (size_t) old_len); + TEST_CALLOC(nd.val.p, (size_t) old_len); old_val = nd.val.p; nd.val.len = old_len; memset(old_val, 'x', old_len); diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index 5f64240a4..d155c749b 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -493,10 +493,10 @@ void mpi_core_cond_swap(char *input_X, TEST_EQUAL(limbs_X, limbs_Y); TEST_ASSERT(copy_limbs <= limbs); - TEST_CALLOC_OR_FAIL(X, limbs); + TEST_CALLOC(X, limbs); memcpy(X, tmp_X, bytes); - TEST_CALLOC_OR_FAIL(Y, limbs); + TEST_CALLOC(Y, limbs); memcpy(Y, tmp_Y, bytes); /* condition is false */ @@ -601,7 +601,7 @@ void mpi_core_add_and_add_if(char *input_A, char *input_B, TEST_EQUAL(A_limbs, S_limbs); size_t limbs = A_limbs; - TEST_CALLOC_OR_FAIL(X, limbs); + TEST_CALLOC(X, limbs); TEST_ASSERT(mpi_core_verify_add(A, B, limbs, S, carry, X)); TEST_ASSERT(mpi_core_verify_add_if(A, B, limbs, S, carry, X)); @@ -646,15 +646,15 @@ void mpi_core_sub(char *input_A, char *input_B, /* Now let's get arrays of mbedtls_mpi_uints, rather than MPI structures */ - /* TEST_CALLOC_OR_FAIL() uses calloc() under the hood, so these do get zeroed */ - TEST_CALLOC_OR_FAIL(a, bytes); - TEST_CALLOC_OR_FAIL(b, bytes); - TEST_CALLOC_OR_FAIL(x, bytes); - TEST_CALLOC_OR_FAIL(r, bytes); + /* TEST_CALLOC() uses calloc() under the hood, so these do get zeroed */ + TEST_CALLOC(a, bytes); + TEST_CALLOC(b, bytes); + TEST_CALLOC(x, bytes); + TEST_CALLOC(r, bytes); /* Populate the arrays. As the mbedtls_mpi_uint[]s in mbedtls_mpis (and as * processed by mbedtls_mpi_core_sub()) are little endian, we can just - * copy what we have as long as MSBs are 0 (which they are from TEST_CALLOC_OR_FAIL()) + * copy what we have as long as MSBs are 0 (which they are from TEST_CALLOC()) */ memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint)); memcpy(b, B.p, B.n * sizeof(mbedtls_mpi_uint)); @@ -759,13 +759,13 @@ void mpi_core_mla(char *input_A, char *input_B, char *input_S, /* Now let's get arrays of mbedtls_mpi_uints, rather than MPI structures */ - /* TEST_CALLOC_OR_FAIL() uses calloc() under the hood, so these do get zeroed */ - TEST_CALLOC_OR_FAIL(a, bytes); - TEST_CALLOC_OR_FAIL(x, bytes); + /* TEST_CALLOC() uses calloc() under the hood, so these do get zeroed */ + TEST_CALLOC(a, bytes); + TEST_CALLOC(x, bytes); /* Populate the arrays. As the mbedtls_mpi_uint[]s in mbedtls_mpis (and as * processed by mbedtls_mpi_core_mla()) are little endian, we can just - * copy what we have as long as MSBs are 0 (which they are from TEST_CALLOC_OR_FAIL()). + * copy what we have as long as MSBs are 0 (which they are from TEST_CALLOC()). */ memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint)); memcpy(x, X->p, X->n * sizeof(mbedtls_mpi_uint)); @@ -1017,8 +1017,8 @@ void mpi_core_ct_uint_table_lookup(int bitlen, int window_size) mbedtls_mpi_uint *table = NULL; mbedtls_mpi_uint *dest = NULL; - TEST_CALLOC_OR_FAIL(table, limbs * count); - TEST_CALLOC_OR_FAIL(dest, limbs); + TEST_CALLOC(table, limbs * count); + TEST_CALLOC(dest, limbs); /* * Fill the table with a unique counter so that differences are easily @@ -1070,7 +1070,7 @@ void mpi_core_fill_random(int wanted_bytes_arg, int extra_rng_bytes, int ret; /* Prepare an RNG with known output, limited to rng_bytes. */ - TEST_CALLOC_OR_FAIL(rnd_data, rng_bytes); + TEST_CALLOC(rnd_data, rng_bytes); TEST_EQUAL(0, mbedtls_test_rnd_std_rand(NULL, rnd_data, rng_bytes)); rnd_info.buf = rnd_data; @@ -1078,7 +1078,7 @@ void mpi_core_fill_random(int wanted_bytes_arg, int extra_rng_bytes, * extra_limbs may be negative but the total limb count must be positive. * Fill the MPI with the byte value in before. */ TEST_LE_U(1, X_limbs); - TEST_CALLOC_OR_FAIL(X, X_limbs); + TEST_CALLOC(X, X_limbs); memset(X, before, X_limbs * sizeof(*X)); ret = mbedtls_mpi_core_fill_random(X, X_limbs, wanted_bytes, @@ -1128,14 +1128,14 @@ void mpi_core_mul(char *input_A, const size_t X_limbs = A_limbs + B_limbs; const size_t X_bytes = X_limbs * sizeof(mbedtls_mpi_uint); - TEST_CALLOC_OR_FAIL(X, X_limbs); + TEST_CALLOC(X, X_limbs); const size_t A_bytes = A_limbs * sizeof(mbedtls_mpi_uint); - TEST_CALLOC_OR_FAIL(A_orig, A_limbs); + TEST_CALLOC(A_orig, A_limbs); memcpy(A_orig, A, A_bytes); const size_t B_bytes = B_limbs * sizeof(mbedtls_mpi_uint); - TEST_CALLOC_OR_FAIL(B_orig, B_limbs); + TEST_CALLOC(B_orig, B_limbs); memcpy(B_orig, B, B_bytes); /* Set result to something that is unlikely to be correct */ @@ -1195,7 +1195,7 @@ void mpi_core_exp_mod(char *input_N, char *input_A, TEST_EQUAL(0, mbedtls_test_read_mpi_core(&E, &E_limbs, input_E)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &N_limbs, input_N)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X)); - TEST_CALLOC_OR_FAIL(Y, N_limbs); + TEST_CALLOC(Y, N_limbs); TEST_EQUAL(A_limbs, N_limbs); TEST_EQUAL(X_limbs, N_limbs); @@ -1227,7 +1227,7 @@ void mpi_core_exp_mod(char *input_N, char *input_A, TEST_LE_U(mbedtls_mpi_core_montmul_working_limbs(N_limbs), working_limbs); - TEST_CALLOC_OR_FAIL(T, working_limbs); + TEST_CALLOC(T, working_limbs); mbedtls_mpi_core_exp_mod(Y, A, N, N_limbs, E, E_limbs, R2, T); @@ -1277,7 +1277,7 @@ void mpi_core_sub_int(char *input_A, char *input_B, TEST_EQUAL(A_limbs, X_limbs); size_t limbs = A_limbs; - TEST_CALLOC_OR_FAIL(R, limbs); + TEST_CALLOC(R, limbs); #define TEST_COMPARE_CORE_MPIS(A, B, limbs) \ TEST_BUFFERS_EQUAL(A, (limbs) * sizeof(mbedtls_mpi_uint), B, (limbs) * sizeof(mbedtls_mpi_uint)) diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 1f2407827..ccc824c85 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -123,7 +123,7 @@ void mpi_mod_mul(char *input_A, TEST_EQUAL(rB.limbs, limbs); TEST_EQUAL(rR.limbs, limbs); - TEST_CALLOC_OR_FAIL(X, limbs); + TEST_CALLOC(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0); @@ -206,7 +206,7 @@ void mpi_mod_mul_neg(char *input_A, const size_t limbs = m.limbs; - TEST_CALLOC_OR_FAIL(X, limbs); + TEST_CALLOC(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0); rX.limbs = rR.limbs; @@ -259,7 +259,7 @@ void mpi_mod_sub(char *input_N, if (expected_ret == 0) { /* Negative test with too many limbs in output */ - TEST_CALLOC_OR_FAIL(X_raw, limbs + 1); + TEST_CALLOC(X_raw, limbs + 1); x.p = X_raw; x.limbs = limbs + 1; @@ -271,7 +271,7 @@ void mpi_mod_sub(char *input_N, /* Negative test with too few limbs in output */ if (limbs > 1) { - TEST_CALLOC_OR_FAIL(X_raw, limbs - 1); + TEST_CALLOC(X_raw, limbs - 1); x.p = X_raw; x.limbs = limbs - 1; @@ -286,7 +286,7 @@ void mpi_mod_sub(char *input_N, * manually-written test cases with expected_ret != 0. */ } - TEST_CALLOC_OR_FAIL(X_raw, limbs); + TEST_CALLOC(X_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &m, X_raw, limbs)); @@ -358,7 +358,7 @@ void mpi_mod_inv_mont(char *input_N, size_t limbs = N.limbs; size_t bytes = limbs * sizeof(*X_raw); - TEST_CALLOC_OR_FAIL(X_raw, limbs); + TEST_CALLOC(X_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &N, X_raw, limbs)); @@ -408,7 +408,7 @@ void mpi_mod_inv_non_mont(char *input_N, size_t limbs = N.limbs; size_t bytes = limbs * sizeof(*X_raw); - TEST_CALLOC_OR_FAIL(X_raw, limbs); + TEST_CALLOC(X_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &N, X_raw, limbs)); @@ -462,7 +462,7 @@ void mpi_mod_add(char *input_N, if (expected_ret == 0) { /* Negative test with too many limbs in output */ - TEST_CALLOC_OR_FAIL(X_raw, limbs + 1); + TEST_CALLOC(X_raw, limbs + 1); x.p = X_raw; x.limbs = limbs + 1; @@ -474,7 +474,7 @@ void mpi_mod_add(char *input_N, /* Negative test with too few limbs in output */ if (limbs > 1) { - TEST_CALLOC_OR_FAIL(X_raw, limbs - 1); + TEST_CALLOC(X_raw, limbs - 1); x.p = X_raw; x.limbs = limbs - 1; @@ -490,7 +490,7 @@ void mpi_mod_add(char *input_N, } /* Allocate correct number of limbs for X_raw */ - TEST_CALLOC_OR_FAIL(X_raw, limbs); + TEST_CALLOC(X_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &m, X_raw, limbs)); @@ -582,7 +582,7 @@ void mpi_mod_io_neg(char *input_N, data_t *buf, int ret) size_t n_limbs; TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N)); size_t r_limbs = n_limbs; - TEST_CALLOC_OR_FAIL(R, r_limbs); + TEST_CALLOC(R, r_limbs); /* modulus->p == NULL || residue->p == NULL ( m has not been set-up ) */ TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, @@ -658,8 +658,8 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian) a_bytes = input_A->len; /* Allocate the memory for intermediate data structures */ - TEST_CALLOC_OR_FAIL(R, n_bytes); - TEST_CALLOC_OR_FAIL(R_COPY, n_bytes); + TEST_CALLOC(R, n_bytes); + TEST_CALLOC(R_COPY, n_bytes); /* Test that input's size is not greater to modulo's */ TEST_LE_U(a_bytes, n_bytes); @@ -698,14 +698,14 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian) obuf_sizes[2] = a_bytes + 8; for (size_t i = 0; i < obuf_sizes_len; i++) { - TEST_CALLOC_OR_FAIL(obuf, obuf_sizes[i]); + TEST_CALLOC(obuf, obuf_sizes[i]); TEST_EQUAL(0, mbedtls_mpi_mod_write(&r, &m, obuf, obuf_sizes[i], endian)); /* Make sure that writing didn't corrupt the value of r */ TEST_BUFFERS_EQUAL(r.p, r.limbs, r_copy.p, r_copy.limbs); /* Set up reference output for checking the result */ - TEST_CALLOC_OR_FAIL(ref_buf, obuf_sizes[i]); + TEST_CALLOC(ref_buf, obuf_sizes[i]); switch (endian) { case MBEDTLS_MPI_MOD_EXT_REP_LE: memcpy(ref_buf, input_A->x, a_bytes_trimmed); diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index 3f13cc263..9d671468d 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -133,7 +133,7 @@ void mpi_mod_raw_cond_assign(char *input_X, TEST_EQUAL(limbs_X, limbs_Y); TEST_ASSERT(copy_limbs <= limbs); - TEST_CALLOC_OR_FAIL(buff_m, copy_limbs); + TEST_CALLOC(buff_m, copy_limbs); memset(buff_m, 0xFF, copy_limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( &m, buff_m, copy_limbs), 0); @@ -203,15 +203,15 @@ void mpi_mod_raw_cond_swap(char *input_X, TEST_EQUAL(limbs_X, limbs_Y); TEST_ASSERT(copy_limbs <= limbs); - TEST_CALLOC_OR_FAIL(buff_m, copy_limbs); + TEST_CALLOC(buff_m, copy_limbs); memset(buff_m, 0xFF, copy_limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( &m, buff_m, copy_limbs), 0); - TEST_CALLOC_OR_FAIL(X, limbs); + TEST_CALLOC(X, limbs); memcpy(X, tmp_X, bytes); - TEST_CALLOC_OR_FAIL(Y, bytes); + TEST_CALLOC(Y, bytes); memcpy(Y, tmp_Y, bytes); /* condition is false */ @@ -291,7 +291,7 @@ void mpi_mod_raw_sub(char *input_A, TEST_EQUAL(limbs_B, limbs); TEST_EQUAL(limbs_res, limbs); - TEST_CALLOC_OR_FAIL(X, limbs); + TEST_CALLOC(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( &m, N, limbs), 0); @@ -356,7 +356,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N, TEST_EQUAL(limbs_X, limbs); TEST_EQUAL(limbs_res, limbs); - TEST_CALLOC_OR_FAIL(tmp, limbs); + TEST_CALLOC(tmp, limbs); memcpy(tmp, X, bytes); /* Check that 0 <= X < 2N */ @@ -411,13 +411,13 @@ void mpi_mod_raw_mul(char *input_A, TEST_EQUAL(limbs_B, limbs); TEST_EQUAL(limbs_R, limbs); - TEST_CALLOC_OR_FAIL(X, limbs); + TEST_CALLOC(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( &m, N, limbs), 0); const size_t limbs_T = limbs * 2 + 1; - TEST_CALLOC_OR_FAIL(T, limbs_T); + TEST_CALLOC(T, limbs_T); mbedtls_mpi_mod_raw_mul(X, A, B, &m, T); TEST_BUFFERS_EQUAL(X, bytes, R, bytes); @@ -489,7 +489,7 @@ void mpi_mod_raw_inv_prime(char *input_N, char *input_A, char *input_X) TEST_EQUAL(0, mbedtls_test_read_mpi_core(&A, &A_limbs, input_A)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &N_limbs, input_N)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X)); - TEST_CALLOC_OR_FAIL(Y, N_limbs); + TEST_CALLOC(Y, N_limbs); TEST_EQUAL(A_limbs, N_limbs); TEST_EQUAL(X_limbs, N_limbs); @@ -519,7 +519,7 @@ void mpi_mod_raw_inv_prime(char *input_N, char *input_A, char *input_X) TEST_LE_U(mbedtls_mpi_core_montmul_working_limbs(N_limbs), working_limbs); - TEST_CALLOC_OR_FAIL(T, working_limbs); + TEST_CALLOC(T, working_limbs); mbedtls_mpi_mod_raw_inv_prime(Y, A, N, N_limbs, R2, T); @@ -571,7 +571,7 @@ void mpi_mod_raw_add(char *input_N, TEST_EQUAL(B_limbs, limbs); TEST_EQUAL(S_limbs, limbs); - TEST_CALLOC_OR_FAIL(X, limbs); + TEST_CALLOC(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( &m, N, limbs), 0); @@ -718,8 +718,8 @@ void mpi_mod_raw_to_mont_rep(char *input_N, char *input_A, char *input_X) /* It has separate output, and requires temporary working storage */ size_t temp_limbs = mbedtls_mpi_core_montmul_working_limbs(limbs); - TEST_CALLOC_OR_FAIL(T, temp_limbs); - TEST_CALLOC_OR_FAIL(R, limbs); + TEST_CALLOC(T, temp_limbs); + TEST_CALLOC(R, limbs); mbedtls_mpi_core_to_mont_rep(R, A, N, n_limbs, m.rep.mont.mm, m.rep.mont.rr, T); /* Test that the low-level function gives the required value */ @@ -782,8 +782,8 @@ void mpi_mod_raw_from_mont_rep(char *input_N, char *input_A, char *input_X) /* It has separate output, and requires temporary working storage */ size_t temp_limbs = mbedtls_mpi_core_montmul_working_limbs(limbs); - TEST_CALLOC_OR_FAIL(T, temp_limbs); - TEST_CALLOC_OR_FAIL(R, limbs); + TEST_CALLOC(T, temp_limbs); + TEST_CALLOC(R, limbs); mbedtls_mpi_core_from_mont_rep(R, A, N, n_limbs, m.rep.mont.mm, T); /* Test that the low-level function gives the required value */ @@ -834,8 +834,8 @@ void mpi_mod_raw_neg(char *input_N, char *input_A, char *input_X) TEST_EQUAL(x_limbs, n_limbs); bytes = n_limbs * sizeof(mbedtls_mpi_uint); - TEST_CALLOC_OR_FAIL(R, n_limbs); - TEST_CALLOC_OR_FAIL(Z, n_limbs); + TEST_CALLOC(R, n_limbs); + TEST_CALLOC(Z, n_limbs); TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); diff --git a/tests/suites/test_suite_bignum_random.function b/tests/suites/test_suite_bignum_random.function index 534fdb8e6..f1e623e39 100644 --- a/tests/suites/test_suite_bignum_random.function +++ b/tests/suites/test_suite_bignum_random.function @@ -124,9 +124,9 @@ void mpi_core_random_basic(int min, char *bound_bytes, int expected_ret) TEST_EQUAL(0, mbedtls_test_read_mpi_core(&upper_bound, &limbs, bound_bytes)); - TEST_CALLOC_OR_FAIL(lower_bound, limbs); + TEST_CALLOC(lower_bound, limbs); lower_bound[0] = min; - TEST_CALLOC_OR_FAIL(result, limbs); + TEST_CALLOC(result, limbs); TEST_EQUAL(expected_ret, mbedtls_mpi_core_random(result, min, upper_bound, limbs, @@ -159,7 +159,7 @@ void mpi_legacy_random_values(int min, char *max_hex) TEST_EQUAL(0, mbedtls_test_read_mpi(&max_legacy, max_hex)); size_t limbs = max_legacy.n; - TEST_CALLOC_OR_FAIL(R_core, limbs); + TEST_CALLOC(R_core, limbs); /* Call the legacy function and the core function with the same random * stream. */ @@ -209,9 +209,9 @@ void mpi_mod_random_values(int min, char *max_hex, int rep) mbedtls_mpi_mod_modulus_init(&N); TEST_EQUAL(mbedtls_test_read_mpi_modulus(&N, max_hex, rep), 0); - TEST_CALLOC_OR_FAIL(R_core, N.limbs); - TEST_CALLOC_OR_FAIL(R_mod_raw, N.limbs); - TEST_CALLOC_OR_FAIL(R_mod_digits, N.limbs); + TEST_CALLOC(R_core, N.limbs); + TEST_CALLOC(R_mod_raw, N.limbs); + TEST_CALLOC(R_mod_digits, N.limbs); TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&R_mod, &N, R_mod_digits, N.limbs), 0); @@ -287,7 +287,7 @@ void mpi_random_many(int min, char *bound_hex, int iterations) TEST_EQUAL(0, mbedtls_test_read_mpi_core(&upper_bound, &limbs, bound_hex)); - TEST_CALLOC_OR_FAIL(result, limbs); + TEST_CALLOC(result, limbs); n_bits = mbedtls_mpi_core_bitlen(upper_bound, limbs); /* Consider a bound "small" if it's less than 2^5. This value is chosen @@ -302,7 +302,7 @@ void mpi_random_many(int min, char *bound_hex, int iterations) full_stats = 0; stats_len = n_bits; } - TEST_CALLOC_OR_FAIL(stats, stats_len); + TEST_CALLOC(stats, stats_len); for (i = 0; i < (size_t) iterations; i++) { mbedtls_test_set_step(i); @@ -340,7 +340,7 @@ void mpi_random_many(int min, char *bound_hex, int iterations) } } else { bound_bytes.len = limbs * sizeof(mbedtls_mpi_uint); - TEST_CALLOC_OR_FAIL(bound_bytes.x, bound_bytes.len); + TEST_CALLOC(bound_bytes.x, bound_bytes.len); mbedtls_mpi_core_write_be(upper_bound, limbs, bound_bytes.x, bound_bytes.len); int statistically_safe_all_the_way = @@ -416,7 +416,7 @@ void mpi_mod_random_validation(int min, char *bound_hex, MBEDTLS_MPI_MOD_REP_OPT_RED), 0); size_t result_limbs = N.limbs + result_limbs_delta; - TEST_CALLOC_OR_FAIL(result_digits, result_limbs); + TEST_CALLOC(result_digits, result_limbs); /* Build a reside that might not match the modulus, to test that * the library function rejects that as expected. */ mbedtls_mpi_mod_residue result = { result_digits, result_limbs }; diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 610f2ba46..d79272919 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -32,7 +32,7 @@ static int check_multipart(mbedtls_ccm_context *ctx, /* Allocate a tight buffer for each update call. This way, if the function * tries to write beyond the advertised required buffer size, this will * count as an overflow for memory sanitizers and static checkers. */ - TEST_CALLOC_OR_FAIL(output, n1); + TEST_CALLOC(output, n1); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen)); TEST_EQUAL(n1, olen); @@ -40,7 +40,7 @@ static int check_multipart(mbedtls_ccm_context *ctx, mbedtls_free(output); output = NULL; - TEST_CALLOC_OR_FAIL(output, n2); + TEST_CALLOC(output, n2); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen)); TEST_EQUAL(n2, olen); @@ -48,7 +48,7 @@ static int check_multipart(mbedtls_ccm_context *ctx, mbedtls_free(output); output = NULL; - TEST_CALLOC_OR_FAIL(output, tag->len); + TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len)); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); mbedtls_free(output); @@ -190,13 +190,13 @@ void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key, const uint8_t *expected_tag = result->x + msg->len; /* Prepare input/output message buffer */ - TEST_CALLOC_OR_FAIL(io_msg_buf, msg->len); + TEST_CALLOC(io_msg_buf, msg->len); if (msg->len != 0) { memcpy(io_msg_buf, msg->x, msg->len); } /* Prepare tag buffer */ - TEST_CALLOC_OR_FAIL(tag_buf, expected_tag_len); + TEST_CALLOC(tag_buf, expected_tag_len); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); @@ -246,7 +246,7 @@ void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key, TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0)); - TEST_CALLOC_OR_FAIL(output, msg->len); + TEST_CALLOC(output, msg->len); TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); TEST_EQUAL(result->len, olen); TEST_BUFFERS_EQUAL(output, olen, result->x, result->len); @@ -272,7 +272,7 @@ void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key, /* Prepare input/output message buffer */ uint8_t *io_msg_buf = NULL; - TEST_CALLOC_OR_FAIL(io_msg_buf, expected_msg_len); + TEST_CALLOC(io_msg_buf, expected_msg_len); if (expected_msg_len) { memcpy(io_msg_buf, msg->x, expected_msg_len); } @@ -344,16 +344,16 @@ void mbedtls_ccm_star_encrypt_and_tag(int cipher_id, } /* Prepare input/output message buffer */ - TEST_CALLOC_OR_FAIL(io_msg_buf, msg->len); + TEST_CALLOC(io_msg_buf, msg->len); if (msg->len) { memcpy(io_msg_buf, msg->x, msg->len); } /* Prepare tag buffer */ if (expected_tag_len == 0) { - TEST_CALLOC_OR_FAIL(tag_buf, 16); + TEST_CALLOC(tag_buf, 16); } else { - TEST_CALLOC_OR_FAIL(tag_buf, expected_tag_len); + TEST_CALLOC(tag_buf, expected_tag_len); } /* Calculate iv */ @@ -429,7 +429,7 @@ void mbedtls_ccm_star_auth_decrypt(int cipher_id, /* Prepare input/output message buffer */ uint8_t *io_msg_buf = NULL; - TEST_CALLOC_OR_FAIL(io_msg_buf, expected_msg_len); + TEST_CALLOC(io_msg_buf, expected_msg_len); if (expected_msg_len) { memcpy(io_msg_buf, msg->x, expected_msg_len); } @@ -500,7 +500,7 @@ void mbedtls_ccm_skip_ad(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len)); - TEST_CALLOC_OR_FAIL(output, result->len); + TEST_CALLOC(output, result->len); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen)); TEST_EQUAL(result->len, olen); @@ -508,7 +508,7 @@ void mbedtls_ccm_skip_ad(int cipher_id, int mode, mbedtls_free(output); output = NULL; - TEST_CALLOC_OR_FAIL(output, tag->len); + TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); mbedtls_free(output); @@ -536,7 +536,7 @@ void mbedtls_ccm_skip_update(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - TEST_CALLOC_OR_FAIL(output, tag->len); + TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); mbedtls_free(output); @@ -607,7 +607,7 @@ void mbedtls_ccm_unexpected_text(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - TEST_CALLOC_OR_FAIL(output, msg->len); + TEST_CALLOC(output, msg->len); olen = 0xdeadbeef; TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); @@ -633,7 +633,7 @@ void mbedtls_ccm_incomplete_ad(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1)); - TEST_CALLOC_OR_FAIL(output, 16); + TEST_CALLOC(output, 16); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); exit: @@ -713,7 +713,7 @@ void mbedtls_ccm_overflow_update(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - TEST_CALLOC_OR_FAIL(output, msg->len); + TEST_CALLOC(output, msg->len); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); exit: @@ -740,13 +740,13 @@ void mbedtls_ccm_incomplete_update(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - TEST_CALLOC_OR_FAIL(output, msg->len); + TEST_CALLOC(output, msg->len); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen)); mbedtls_free(output); output = NULL; - TEST_CALLOC_OR_FAIL(output, 16); + TEST_CALLOC(output, 16); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); exit: @@ -774,7 +774,7 @@ void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - TEST_CALLOC_OR_FAIL(output, msg->len); + TEST_CALLOC(output, msg->len); // pass full text TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); // pass 1 extra byte @@ -809,7 +809,7 @@ void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode, TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); - TEST_CALLOC_OR_FAIL(output, msg->len + 1); + TEST_CALLOC(output, msg->len + 1); // pass incomplete text TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen)); // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) @@ -836,7 +836,7 @@ void mbedtls_ccm_instant_finish(int cipher_id, int mode, // They are not a part of this test TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16)); - TEST_CALLOC_OR_FAIL(output, 16); + TEST_CALLOC(output, 16); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); exit: diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 54ee2ea11..55c6182ce 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -583,7 +583,7 @@ void dec_empty_buf(int cipher, iv_len = 12; } - TEST_CALLOC_OR_FAIL(iv, iv_len); + TEST_CALLOC(iv, iv_len); memset(iv, 0, iv_len); TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info)); @@ -905,7 +905,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, * (we need the tag appended to the ciphertext) */ cipher_plus_tag_len = cipher->len + tag->len; - TEST_CALLOC_OR_FAIL(cipher_plus_tag, cipher_plus_tag_len); + TEST_CALLOC(cipher_plus_tag, cipher_plus_tag_len); memcpy(cipher_plus_tag, cipher->x, cipher->len); memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len); @@ -923,7 +923,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, * Try decrypting to a buffer that's 1B too small */ if (decrypt_buf_len != 0) { - TEST_CALLOC_OR_FAIL(decrypt_buf, decrypt_buf_len - 1); + TEST_CALLOC(decrypt_buf, decrypt_buf_len - 1); outlen = 0; ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, @@ -938,7 +938,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, /* * Authenticate and decrypt, and check result */ - TEST_CALLOC_OR_FAIL(decrypt_buf, decrypt_buf_len); + TEST_CALLOC(decrypt_buf, decrypt_buf_len); outlen = 0; ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, @@ -981,7 +981,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, /* * Try encrypting with an output buffer that's 1B too small */ - TEST_CALLOC_OR_FAIL(encrypt_buf, encrypt_buf_len - 1); + TEST_CALLOC(encrypt_buf, encrypt_buf_len - 1); outlen = 0; ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, @@ -995,7 +995,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, /* * Encrypt and check the result */ - TEST_CALLOC_OR_FAIL(encrypt_buf, encrypt_buf_len); + TEST_CALLOC(encrypt_buf, encrypt_buf_len); outlen = 0; ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, diff --git a/tests/suites/test_suite_common.function b/tests/suites/test_suite_common.function index e8c5c6965..747def345 100644 --- a/tests/suites/test_suite_common.function +++ b/tests/suites/test_suite_common.function @@ -17,10 +17,10 @@ void mbedtls_xor(int len) { size_t n = (size_t) len; unsigned char *a = NULL, *b = NULL, *r1 = NULL, *r2 = NULL; - TEST_CALLOC_OR_FAIL(a, n + 1); - TEST_CALLOC_OR_FAIL(b, n + 1); - TEST_CALLOC_OR_FAIL(r1, n + 1); - TEST_CALLOC_OR_FAIL(r2, n + 1); + TEST_CALLOC(a, n + 1); + TEST_CALLOC(b, n + 1); + TEST_CALLOC(r1, n + 1); + TEST_CALLOC(r2, n + 1); /* Test non-overlapping */ fill_arrays(a, b, r1, r2, n); diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index 074be3103..42100ce60 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -29,8 +29,8 @@ void mbedtls_ct_memcmp_null() void mbedtls_ct_memcmp(int same, int size, int offset) { uint8_t *a = NULL, *b = NULL; - TEST_CALLOC_OR_FAIL(a, size + offset); - TEST_CALLOC_OR_FAIL(b, size + offset); + TEST_CALLOC(a, size + offset); + TEST_CALLOC(b, size + offset); TEST_CF_SECRET(a + offset, size); TEST_CF_SECRET(b + offset, size); @@ -70,9 +70,9 @@ exit: void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset) { uint8_t *src = NULL, *result = NULL, *expected = NULL; - TEST_CALLOC_OR_FAIL(src, size + offset); - TEST_CALLOC_OR_FAIL(result, size + offset); - TEST_CALLOC_OR_FAIL(expected, size + offset); + TEST_CALLOC(src, size + offset); + TEST_CALLOC(result, size + offset); + TEST_CALLOC(expected, size + offset); for (int i = 0; i < size + offset; i++) { src[i] = 1; @@ -125,8 +125,8 @@ void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len) size_t src_len = offset_max + len; size_t secret; - TEST_CALLOC_OR_FAIL(dst, len); - TEST_CALLOC_OR_FAIL(src, src_len); + TEST_CALLOC(dst, len); + TEST_CALLOC(src, src_len); /* Fill src in a way that we can detect if we copied the right bytes */ mbedtls_test_rnd_std_rand(NULL, src, src_len); diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index b51128f79..e284c07ce 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -58,7 +58,7 @@ void ssl_cf_hmac(int hash) #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Use allocated out buffer to catch overwrites */ - TEST_CALLOC_OR_FAIL(out, out_len); + TEST_CALLOC(out, out_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Set up dummy key */ @@ -85,7 +85,7 @@ void ssl_cf_hmac(int hash) mbedtls_test_set_step(max_in_len * 10000); /* Use allocated in buffer to catch overreads */ - TEST_CALLOC_OR_FAIL(data, max_in_len); + TEST_CALLOC(data, max_in_len); min_in_len = max_in_len > 255 ? max_in_len - 255 : 0; for (in_len = min_in_len; in_len <= max_in_len; in_len++) { diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index f530774b8..7c507c242 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1101,7 +1101,7 @@ void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected) rnd_info.fallback_f_rng = NULL; rnd_info.fallback_p_rng = NULL; - TEST_CALLOC_OR_FAIL(actual, expected->len); + TEST_CALLOC(actual, expected->len); ret = mbedtls_ecp_gen_privkey_mx(bits, &d, mbedtls_test_rnd_buffer_rand, &rnd_info); @@ -1456,10 +1456,10 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype) /* Test for limb sizes */ TEST_EQUAL(m.limbs, limbs); - TEST_CALLOC_OR_FAIL(A_inverse, limbs); + TEST_CALLOC(A_inverse, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA_inverse, &m, A_inverse, limbs)); - TEST_CALLOC_OR_FAIL(rX_raw, limbs); + TEST_CALLOC(rX_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); /* Get inverse of A mode m, and multiply it with itself, @@ -1467,7 +1467,7 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype) TEST_EQUAL(0, mbedtls_mpi_mod_inv(&rA_inverse, &rA, &m)); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA_inverse, &m), 0); - TEST_CALLOC_OR_FAIL(bufx, limbs); + TEST_CALLOC(bufx, limbs); TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx, limbs * ciL, MBEDTLS_MPI_MOD_EXT_REP_LE), 0); @@ -1515,7 +1515,7 @@ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype) TEST_EQUAL(m.limbs, p_A_limbs); bytes = p_A_limbs * ciL; - TEST_CALLOC_OR_FAIL(p_S, p_A_limbs); + TEST_CALLOC(p_S, p_A_limbs); TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rA, &m, p_A, p_A_limbs), 0); TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rB, &m, p_B, p_B_limbs), 0); @@ -1562,11 +1562,11 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) /* Test for limb sizes */ TEST_EQUAL(m.limbs, limbs); - TEST_CALLOC_OR_FAIL(rX_raw, limbs); + TEST_CALLOC(rX_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); bytes = limbs * ciL; - TEST_CALLOC_OR_FAIL(bufx, limbs); + TEST_CALLOC(bufx, limbs); /* Write source mod residue to a buffer, then read it back to * the destination mod residue, compare the two mod residues. * Firstly test little endian write and read */ @@ -1616,7 +1616,7 @@ void ecp_mod_random(int id, int ctype) limbs = m.limbs; - TEST_CALLOC_OR_FAIL(rX_raw, limbs); + TEST_CALLOC(rX_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); TEST_EQUAL(0, mbedtls_mpi_mod_random(&rX, 1, &m, diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index ea72b872d..d7078cf60 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -33,7 +33,7 @@ static int check_multipart(mbedtls_gcm_context *ctx, /* Allocate a tight buffer for each update call. This way, if the function * tries to write beyond the advertised required buffer size, this will * count as an overflow for memory sanitizers and static checkers. */ - TEST_CALLOC_OR_FAIL(output, n1); + TEST_CALLOC(output, n1); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, n1, output, n1, &olen)); TEST_EQUAL(n1, olen); @@ -41,7 +41,7 @@ static int check_multipart(mbedtls_gcm_context *ctx, mbedtls_free(output); output = NULL; - TEST_CALLOC_OR_FAIL(output, n2); + TEST_CALLOC(output, n2); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x + n1, n2, output, n2, &olen)); TEST_EQUAL(n2, olen); @@ -49,7 +49,7 @@ static int check_multipart(mbedtls_gcm_context *ctx, mbedtls_free(output); output = NULL; - TEST_CALLOC_OR_FAIL(output, tag->len); + TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); @@ -87,7 +87,7 @@ static void check_cipher_with_empty_ad(mbedtls_gcm_context *ctx, /* Allocate a tight buffer for each update call. This way, if the function * tries to write beyond the advertised required buffer size, this will * count as an overflow for memory sanitizers and static checkers. */ - TEST_CALLOC_OR_FAIL(output, input->len); + TEST_CALLOC(output, input->len); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, input->len, output, input->len, &olen)); TEST_EQUAL(input->len, olen); @@ -95,7 +95,7 @@ static void check_cipher_with_empty_ad(mbedtls_gcm_context *ctx, mbedtls_free(output); output = NULL; - TEST_CALLOC_OR_FAIL(output, tag->len); + TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); @@ -124,7 +124,7 @@ static void check_empty_cipher_with_ad(mbedtls_gcm_context *ctx, TEST_EQUAL(0, olen); } - TEST_CALLOC_OR_FAIL(output_tag, tag->len); + TEST_CALLOC(output_tag, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output_tag, tag->len)); TEST_EQUAL(0, olen); @@ -144,7 +144,7 @@ static void check_no_cipher_no_ad(mbedtls_gcm_context *ctx, TEST_EQUAL(0, mbedtls_gcm_starts(ctx, mode, iv->x, iv->len)); - TEST_CALLOC_OR_FAIL(output, tag->len); + TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); @@ -448,7 +448,7 @@ void gcm_update_output_buffer_too_small(int cipher_id, int mode, TEST_EQUAL(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8), 0); TEST_EQUAL(0, mbedtls_gcm_starts(&ctx, mode, iv->x, iv->len)); - TEST_CALLOC_OR_FAIL(output, output_len); + TEST_CALLOC(output, output_len); TEST_EQUAL(MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL, mbedtls_gcm_update(&ctx, input->x, input->len, output, output_len, &olen)); diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index cbca94bd5..df920222f 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -50,7 +50,7 @@ void test_hkdf_extract(int md_alg, TEST_ASSERT(md != NULL); output_prk_len = mbedtls_md_get_size(md); - TEST_CALLOC_OR_FAIL(output_prk, output_prk_len); + TEST_CALLOC(output_prk, output_prk_len); ret = mbedtls_hkdf_extract(md, salt->x, salt->len, ikm->x, ikm->len, output_prk); @@ -79,7 +79,7 @@ void test_hkdf_expand(int md_alg, const mbedtls_md_info_t *md = mbedtls_md_info_from_type(md_alg); TEST_ASSERT(md != NULL); - TEST_CALLOC_OR_FAIL(output_okm, OKM_LEN); + TEST_CALLOC(output_okm, OKM_LEN); TEST_ASSERT(prk->len == mbedtls_md_get_size(md)); TEST_ASSERT(okm->len < OKM_LEN); @@ -110,7 +110,7 @@ void test_hkdf_extract_ret(int hash_len, int ret) fake_md_info.type = MBEDTLS_MD_NONE; fake_md_info.size = hash_len; - TEST_CALLOC_OR_FAIL(prk, MBEDTLS_MD_MAX_SIZE); + TEST_CALLOC(prk, MBEDTLS_MD_MAX_SIZE); salt_len = 0; ikm_len = 0; @@ -140,11 +140,11 @@ void test_hkdf_expand_ret(int hash_len, int prk_len, int okm_len, int ret) info_len = 0; if (prk_len > 0) { - TEST_CALLOC_OR_FAIL(prk, prk_len); + TEST_CALLOC(prk, prk_len); } if (okm_len > 0) { - TEST_CALLOC_OR_FAIL(okm, okm_len); + TEST_CALLOC(okm, okm_len); } output_ret = mbedtls_hkdf_expand(&fake_md_info, prk, prk_len, diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function index ece42a2a1..c0db0f7f9 100644 --- a/tests/suites/test_suite_lmots.function +++ b/tests/suites/test_suite_lmots.function @@ -122,7 +122,7 @@ void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key, continue; } - TEST_CALLOC_OR_FAIL(tmp_sig, size); + TEST_CALLOC(tmp_sig, size); if (tmp_sig != NULL) { memcpy(tmp_sig, sig->x, MIN(size, sig->len)); } @@ -154,7 +154,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) if (expected_import_rc == 0) { exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8); - TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, @@ -169,7 +169,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) /* Export into too-small buffer should fail */ exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) - 1; - TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, NULL), MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL); @@ -178,7 +178,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) /* Export into too-large buffer should succeed */ exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) + 1; - TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, &exported_pub_key_size), diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function index 211e4664f..ed6cd54d9 100644 --- a/tests/suites/test_suite_lms.function +++ b/tests/suites/test_suite_lms.function @@ -124,7 +124,7 @@ void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key, continue; } - TEST_CALLOC_OR_FAIL(tmp_sig, size); + TEST_CALLOC(tmp_sig, size); if (tmp_sig != NULL) { memcpy(tmp_sig, sig->x, MIN(size, sig->len)); } @@ -156,7 +156,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) if (expected_import_rc == 0) { exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10); - TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, @@ -171,7 +171,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) /* Export into too-small buffer should fail */ exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10) - 1; - TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, NULL), MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL); @@ -180,7 +180,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) /* Export into too-large buffer should succeed */ exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10) + 1; - TEST_CALLOC_OR_FAIL(exported_pub_key, exported_pub_key_buf_size); + TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size); TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key, exported_pub_key_buf_size, &exported_pub_key_size), diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function index a16a34de9..7024e0b8c 100644 --- a/tests/suites/test_suite_mps.function +++ b/tests/suites/test_suite_mps.function @@ -844,15 +844,15 @@ void mbedtls_mps_reader_random_usage(int num_out_chunks, mbedtls_mps_reader rd; if (acc_size > 0) { - TEST_CALLOC_OR_FAIL(acc, acc_size); + TEST_CALLOC(acc, acc_size); } /* This probably needs to be changed because we want * our tests to be deterministic. */ // srand( time( NULL ) ); - TEST_CALLOC_OR_FAIL(outgoing, num_out_chunks * max_chunk_size); - TEST_CALLOC_OR_FAIL(incoming, num_out_chunks * max_chunk_size); + TEST_CALLOC(outgoing, num_out_chunks * max_chunk_size); + TEST_CALLOC(incoming, num_out_chunks * max_chunk_size); mbedtls_mps_reader_init(&rd, acc, acc_size); @@ -884,7 +884,7 @@ void mbedtls_mps_reader_random_usage(int num_out_chunks, } tmp_size = (rand() % max_chunk_size) + 1; - TEST_CALLOC_OR_FAIL(tmp, tmp_size); + TEST_CALLOC(tmp, tmp_size); TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, tmp, tmp_size) == 0); ret = mbedtls_mps_reader_feed(&rd, tmp, tmp_size); diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function index 5dd057004..f0a778bb4 100644 --- a/tests/suites/test_suite_pkcs12.function +++ b/tests/suites/test_suite_pkcs12.function @@ -44,7 +44,7 @@ void pkcs12_derive_key(int md_type, int key_size_arg, salt_len = salt_arg->len; - TEST_CALLOC_OR_FAIL(output_data, key_size); + TEST_CALLOC(output_data, key_size); int ret = mbedtls_pkcs12_derivation(output_data, key_size, diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 28d54c957..a0da1d72d 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -85,8 +85,8 @@ void pkcs7_verify(char *pkcs7_file, } } - TEST_CALLOC_OR_FAIL(crts, n_crts); - TEST_CALLOC_OR_FAIL(crt_files_arr, n_crts); + TEST_CALLOC(crts, n_crts); + TEST_CALLOC(crt_files_arr, n_crts); for (i = 0; i < strlen(crt_files); i++) { for (k = i; k < strlen(crt_files); k++) { @@ -94,7 +94,7 @@ void pkcs7_verify(char *pkcs7_file, break; } } - TEST_CALLOC_OR_FAIL(crt_files_arr[cnt], (k-i)+1); + TEST_CALLOC(crt_files_arr[cnt], (k-i)+1); crt_files_arr[cnt][k-i] = '\0'; memcpy(crt_files_arr[cnt++], crt_files + i, k-i); i = k; @@ -102,7 +102,7 @@ void pkcs7_verify(char *pkcs7_file, mbedtls_pkcs7_init(&pkcs7); for (i = 0; i < n_crts; i++) { - TEST_CALLOC_OR_FAIL(crts[i], 1); + TEST_CALLOC(crts[i], 1); mbedtls_x509_crt_init(crts[i]); } @@ -127,7 +127,7 @@ void pkcs7_verify(char *pkcs7_file, datalen = st.st_size; /* Special-case for zero-length input so that data will be non-NULL */ - TEST_CALLOC_OR_FAIL(data, datalen == 0 ? 1 : datalen); + TEST_CALLOC(data, datalen == 0 ? 1 : datalen); buflen = fread((void *) data, sizeof(unsigned char), datalen, file); TEST_EQUAL(buflen, datalen); @@ -135,7 +135,7 @@ void pkcs7_verify(char *pkcs7_file, if (do_hash_alg) { md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg); - TEST_CALLOC_OR_FAIL(hash, mbedtls_md_get_size(md_info)); + TEST_CALLOC(hash, mbedtls_md_get_size(md_info)); res = mbedtls_md(md_info, data, datalen, hash); TEST_EQUAL(res, 0); diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 813166e2d..ba93e77c9 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -169,7 +169,7 @@ void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output) mbedtls_test_rnd_std_rand, NULL), 0); output_key_len = input_key->len; - TEST_CALLOC_OR_FAIL(output_key, output_key_len); + TEST_CALLOC(output_key, output_key_len); /* output_key_len is updated with the real amount of data written to * output_key buffer. */ output_key_len = mbedtls_pk_write_key_der(&pk, output_key, output_key_len); diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 784501da8..39c43b451 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -99,7 +99,7 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) } TEST_ASSERT(check_buf_len > 0); - TEST_CALLOC_OR_FAIL(buf, check_buf_len); + TEST_CALLOC(buf, check_buf_len); if (is_public_key) { TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0); @@ -185,7 +185,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) &pub_key_len), 0); derived_key_len = pub_key_len; - TEST_CALLOC_OR_FAIL(derived_key_raw, derived_key_len); + TEST_CALLOC(derived_key_raw, derived_key_len); TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, derived_key_len), pub_key_len); diff --git a/tests/suites/test_suite_platform_printf.function b/tests/suites/test_suite_platform_printf.function index 14fa60436..8739dc0a5 100644 --- a/tests/suites/test_suite_platform_printf.function +++ b/tests/suites/test_suite_platform_printf.function @@ -32,7 +32,7 @@ void printf_int(char *format, /* any format expecting one int argument, e.g. "%d const size_t n = strlen(result); /* Nominal case: buffer just large enough */ - TEST_CALLOC_OR_FAIL(output, n + 1); + TEST_CALLOC(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, x)); TEST_BUFFERS_EQUAL(result, n + 1, output, n + 1); mbedtls_free(output); @@ -53,11 +53,11 @@ void printf_long_max(const char *format, /* "%lx" or longer type */ const size_t n = sizeof(value) * 2; /* We assume that long has no padding bits! */ - TEST_CALLOC_OR_FAIL(expected, n + 1); + TEST_CALLOC(expected, n + 1); expected[0] = '7'; memset(expected + 1, 'f', sizeof(value) * 2 - 1); - TEST_CALLOC_OR_FAIL(output, n + 1); + TEST_CALLOC(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, value)); TEST_BUFFERS_EQUAL(expected, n + 1, output, n + 1); mbedtls_free(output); @@ -77,7 +77,7 @@ void printf_char2(char *format, /* "%c%c" */ const size_t n = strlen(result); /* Nominal case: buffer just large enough */ - TEST_CALLOC_OR_FAIL(output, n + 1); + TEST_CALLOC(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, arg1, arg2)); TEST_BUFFERS_EQUAL(result, n + 1, output, n + 1); mbedtls_free(output); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 422eba50d..21b3cf135 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -429,7 +429,7 @@ static int aead_multipart_internal_func(int key_type_arg, data_t *key_data, data_true_size = input_data->len - tag_length; } - TEST_CALLOC_OR_FAIL(output_data, output_size); + TEST_CALLOC(output_data, output_size); if (is_encrypt) { final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); @@ -439,7 +439,7 @@ static int aead_multipart_internal_func(int key_type_arg, data_t *key_data, TEST_LE_U(final_output_size, PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE); } - TEST_CALLOC_OR_FAIL(final_data, final_output_size); + TEST_CALLOC(final_data, final_output_size); if (is_encrypt) { status = psa_aead_encrypt_setup(&operation, key, alg); @@ -502,7 +502,7 @@ static int aead_multipart_internal_func(int key_type_arg, data_t *key_data, part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, (size_t) data_part_len); - TEST_CALLOC_OR_FAIL(part_data, part_data_size); + TEST_CALLOC(part_data, part_data_size); for (part_offset = 0, part_count = 0; part_offset < data_true_size; @@ -744,8 +744,8 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, psa_status_t expected_status = PSA_SUCCESS; psa_status_t status; - TEST_CALLOC_OR_FAIL(buffer0, buffer_length); - TEST_CALLOC_OR_FAIL(buffer1, buffer_length); + TEST_CALLOC(buffer0, buffer_length); + TEST_CALLOC(buffer1, buffer_length); switch (round) { case 1: @@ -1472,7 +1472,7 @@ void import_rsa_made_up(int bits_arg, int keypair, int expected_status_arg) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT(psa_crypto_init()); - TEST_CALLOC_OR_FAIL(buffer, buffer_size); + TEST_CALLOC(buffer, buffer_size); TEST_ASSERT((ret = construct_fake_rsa_key(buffer, buffer_size, &p, bits, keypair)) >= 0); @@ -1519,9 +1519,9 @@ void import_export(data_t *data, psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; export_size = (ptrdiff_t) data->len + export_size_delta; - TEST_CALLOC_OR_FAIL(exported, export_size); + TEST_CALLOC(exported, export_size); if (!canonical_input) { - TEST_CALLOC_OR_FAIL(reexported, export_size); + TEST_CALLOC(reexported, export_size); } PSA_ASSERT(psa_crypto_init()); @@ -1641,7 +1641,7 @@ void import_export_public_key(data_t *data, PSA_ASSERT(psa_import_key(&attributes, data->x, data->len, &key)); /* Export the public key */ - TEST_CALLOC_OR_FAIL(exported, export_size); + TEST_CALLOC(exported, export_size); status = psa_export_public_key(key, exported, export_size, &exported_length); @@ -1938,8 +1938,8 @@ void cipher_key_policy(int policy_usage_arg, output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, exercise_alg, input_buffer_size); - TEST_CALLOC_OR_FAIL(input, input_buffer_size); - TEST_CALLOC_OR_FAIL(output, output_buffer_size); + TEST_CALLOC(input, input_buffer_size); + TEST_CALLOC(output, output_buffer_size); PSA_ASSERT(psa_crypto_init()); @@ -2128,7 +2128,7 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, key_bits = psa_get_key_bits(&attributes); buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, exercise_alg); - TEST_CALLOC_OR_FAIL(buffer, buffer_length); + TEST_CALLOC(buffer, buffer_length); status = psa_asymmetric_encrypt(key, exercise_alg, NULL, 0, @@ -2498,7 +2498,7 @@ void copy_success(int source_usage_arg, psa_get_key_enrollment_algorithm(&target_attributes)); if (expected_usage & PSA_KEY_USAGE_EXPORT) { size_t length; - TEST_CALLOC_OR_FAIL(export_buffer, material->len); + TEST_CALLOC(export_buffer, material->len); PSA_ASSERT(psa_export_key(target_key, export_buffer, material->len, &length)); TEST_BUFFERS_EQUAL(material->x, material->len, @@ -2626,7 +2626,7 @@ void hash_setup(int alg_arg, /* Hash Setup, one-shot */ output_size = PSA_HASH_LENGTH(alg); - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); status = psa_hash_compute(alg, NULL, 0, output, output_size, &output_length); @@ -2669,7 +2669,7 @@ void hash_compute_fail(int alg_arg, data_t *input, psa_status_t expected_status = expected_status_arg; psa_status_t status; - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); PSA_ASSERT(psa_crypto_init()); @@ -3384,7 +3384,7 @@ void mac_sign(int key_type_arg, PSA_ERROR_BUFFER_TOO_SMALL); mbedtls_test_set_step(output_size); - TEST_CALLOC_OR_FAIL(actual_mac, output_size); + TEST_CALLOC(actual_mac, output_size); /* Calculate the MAC, one-shot case. */ TEST_EQUAL(psa_mac_compute(key, alg, @@ -3480,7 +3480,7 @@ void mac_verify(int key_type_arg, PSA_ERROR_INVALID_SIGNATURE); /* Test a MAC that's too long, one-shot case. */ - TEST_CALLOC_OR_FAIL(perturbed_mac, expected_mac->len + 1); + TEST_CALLOC(perturbed_mac, expected_mac->len + 1); memcpy(perturbed_mac, expected_mac->x, expected_mac->len); TEST_EQUAL(psa_mac_verify(key, alg, input->x, input->len, @@ -3810,7 +3810,7 @@ void cipher_encrypt_fail(int alg_arg, output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); - TEST_CALLOC_OR_FAIL(output, output_buffer_size); + TEST_CALLOC(output, output_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -3869,7 +3869,7 @@ void cipher_encrypt_validate_iv_length(int alg, int key_type, data_t *key_data, unsigned char *output = NULL; output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); - TEST_CALLOC_OR_FAIL(output, output_buffer_size); + TEST_CALLOC(output, output_buffer_size); PSA_ASSERT(psa_crypto_init()); @@ -3927,7 +3927,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, &key)); output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext->len); - TEST_CALLOC_OR_FAIL(output, output_buffer_size); + TEST_CALLOC(output, output_buffer_size); /* set_iv() is not allowed */ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); @@ -4077,8 +4077,8 @@ void cipher_encrypt_validation(int alg_arg, output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); - TEST_CALLOC_OR_FAIL(output1, output1_buffer_size); - TEST_CALLOC_OR_FAIL(output2, output2_buffer_size); + TEST_CALLOC(output1, output1_buffer_size); + TEST_CALLOC(output2, output2_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -4169,7 +4169,7 @@ void cipher_encrypt_multipart(int alg_arg, int key_type_arg, output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); - TEST_CALLOC_OR_FAIL(output, output_buffer_size); + TEST_CALLOC(output, output_buffer_size); TEST_LE_U(first_part_size, input->len); PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size, @@ -4268,7 +4268,7 @@ void cipher_decrypt_multipart(int alg_arg, int key_type_arg, output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); - TEST_CALLOC_OR_FAIL(output, output_buffer_size); + TEST_CALLOC(output, output_buffer_size); TEST_LE_U(first_part_size, input->len); PSA_ASSERT(psa_cipher_update(&operation, @@ -4364,13 +4364,13 @@ void cipher_decrypt_fail(int alg_arg, /* Allocate input buffer and copy the iv and the plaintext */ input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); if (input_buffer_size > 0) { - TEST_CALLOC_OR_FAIL(input, input_buffer_size); + TEST_CALLOC(input, input_buffer_size); memcpy(input, iv->x, iv->len); memcpy(input + iv->len, input_arg->x, input_arg->len); } output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); - TEST_CALLOC_OR_FAIL(output, output_buffer_size); + TEST_CALLOC(output, output_buffer_size); /* Decrypt, one-short */ status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output, @@ -4383,7 +4383,7 @@ void cipher_decrypt_fail(int alg_arg, output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_arg->len) + PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); - TEST_CALLOC_OR_FAIL(output_multi, output_buffer_size); + TEST_CALLOC(output_multi, output_buffer_size); if (iv->len > 0) { status = psa_cipher_set_iv(&operation, iv->x, iv->len); @@ -4454,13 +4454,13 @@ void cipher_decrypt(int alg_arg, /* Allocate input buffer and copy the iv and the plaintext */ input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); if (input_buffer_size > 0) { - TEST_CALLOC_OR_FAIL(input, input_buffer_size); + TEST_CALLOC(input, input_buffer_size); memcpy(input, iv->x, iv->len); memcpy(input + iv->len, input_arg->x, input_arg->len); } output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); - TEST_CALLOC_OR_FAIL(output, output_buffer_size); + TEST_CALLOC(output, output_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -4508,7 +4508,7 @@ void cipher_verify_output(int alg_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); - TEST_CALLOC_OR_FAIL(output1, output1_size); + TEST_CALLOC(output1, output1_size); PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, output1_size, @@ -4519,7 +4519,7 @@ void cipher_verify_output(int alg_arg, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len)); output2_size = output1_length; - TEST_CALLOC_OR_FAIL(output2, output2_size); + TEST_CALLOC(output2, output2_size); PSA_ASSERT(psa_cipher_decrypt(key, alg, output1, output1_length, output2, output2_size, @@ -4585,7 +4585,7 @@ void cipher_verify_output_multipart(int alg_arg, output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); TEST_LE_U(output1_buffer_size, PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len)); - TEST_CALLOC_OR_FAIL(output1, output1_buffer_size); + TEST_CALLOC(output1, output1_buffer_size); TEST_LE_U(first_part_size, input->len); @@ -4628,7 +4628,7 @@ void cipher_verify_output_multipart(int alg_arg, PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, output1_length)); TEST_LE_U(output2_buffer_size, PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(output1_length)); - TEST_CALLOC_OR_FAIL(output2, output2_buffer_size); + TEST_CALLOC(output2, output2_buffer_size); if (iv_length > 0) { PSA_ASSERT(psa_cipher_set_iv(&operation2, @@ -4724,7 +4724,7 @@ void aead_encrypt_decrypt(int key_type_arg, data_t *key_data, TEST_LE_U(output_size, PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); } - TEST_CALLOC_OR_FAIL(output_data, output_size); + TEST_CALLOC(output_data, output_size); status = psa_aead_encrypt(key, alg, nonce->x, nonce->len, @@ -4745,7 +4745,7 @@ void aead_encrypt_decrypt(int key_type_arg, data_t *key_data, TEST_EQUAL(status, expected_result); if (PSA_SUCCESS == expected_result) { - TEST_CALLOC_OR_FAIL(output_data2, output_length); + TEST_CALLOC(output_data2, output_length); /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE * should be exact. */ @@ -4813,7 +4813,7 @@ void aead_encrypt(int key_type_arg, data_t *key_data, PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); TEST_LE_U(output_size, PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); - TEST_CALLOC_OR_FAIL(output_data, output_size); + TEST_CALLOC(output_data, output_size); status = psa_aead_encrypt(key, alg, nonce->x, nonce->len, @@ -4883,7 +4883,7 @@ void aead_decrypt(int key_type_arg, data_t *key_data, TEST_LE_U(output_size, PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(input_data->len)); } - TEST_CALLOC_OR_FAIL(output_data, output_size); + TEST_CALLOC(output_data, output_size); status = psa_aead_decrypt(key, alg, nonce->x, nonce->len, @@ -5142,13 +5142,13 @@ void aead_multipart_generate_nonce(int key_type_arg, data_t *key_data, output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); TEST_LE_U(ciphertext_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE); - TEST_CALLOC_OR_FAIL(ciphertext, ciphertext_size); + TEST_CALLOC(ciphertext, ciphertext_size); status = psa_aead_encrypt_setup(&operation, key, alg); @@ -5245,13 +5245,13 @@ void aead_multipart_set_nonce(int key_type_arg, data_t *key_data, output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); TEST_LE_U(ciphertext_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE); - TEST_CALLOC_OR_FAIL(ciphertext, ciphertext_size); + TEST_CALLOC(ciphertext, ciphertext_size); status = psa_aead_encrypt_setup(&operation, key, alg); @@ -5268,12 +5268,12 @@ void aead_multipart_set_nonce(int key_type_arg, data_t *key_data, /* -1 == zero length and valid buffer, 0 = zero length and NULL buffer. */ if (nonce_length_arg == -1) { /* Arbitrary size buffer, to test zero length valid buffer. */ - TEST_CALLOC_OR_FAIL(nonce_buffer, 4); + TEST_CALLOC(nonce_buffer, 4); nonce_length = 0; } else { /* If length is zero, then this will return NULL. */ nonce_length = (size_t) nonce_length_arg; - TEST_CALLOC_OR_FAIL(nonce_buffer, nonce_length); + TEST_CALLOC(nonce_buffer, nonce_length); if (nonce_buffer) { for (index = 0; index < nonce_length - 1; ++index) { @@ -5362,11 +5362,11 @@ void aead_multipart_update_buffer_test(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_get_key_attributes(key, &attributes)); - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); - TEST_CALLOC_OR_FAIL(ciphertext, ciphertext_size); + TEST_CALLOC(ciphertext, ciphertext_size); status = psa_aead_encrypt_setup(&operation, key, alg); @@ -5449,11 +5449,11 @@ void aead_multipart_finish_buffer_test(int key_type_arg, data_t *key_data, ciphertext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); - TEST_CALLOC_OR_FAIL(ciphertext, ciphertext_size); + TEST_CALLOC(ciphertext, ciphertext_size); - TEST_CALLOC_OR_FAIL(finish_ciphertext, finish_ciphertext_size); + TEST_CALLOC(finish_ciphertext, finish_ciphertext_size); - TEST_CALLOC_OR_FAIL(tag_buffer, tag_size); + TEST_CALLOC(tag_buffer, tag_size); status = psa_aead_encrypt_setup(&operation, key, alg); @@ -5538,11 +5538,11 @@ void aead_multipart_verify(int key_type_arg, data_t *key_data, plaintext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); - TEST_CALLOC_OR_FAIL(plaintext, plaintext_size); + TEST_CALLOC(plaintext, plaintext_size); verify_plaintext_size = PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg); - TEST_CALLOC_OR_FAIL(finish_plaintext, verify_plaintext_size); + TEST_CALLOC(finish_plaintext, verify_plaintext_size); status = psa_aead_decrypt_setup(&operation, key, alg); @@ -5679,13 +5679,13 @@ void aead_multipart_state_test(int key_type_arg, data_t *key_data, output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); - TEST_CALLOC_OR_FAIL(output_data, output_size); + TEST_CALLOC(output_data, output_size); finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); TEST_LE_U(finish_output_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE); - TEST_CALLOC_OR_FAIL(final_data, finish_output_size); + TEST_CALLOC(final_data, finish_output_size); /* Test all operations error without calling setup first. */ @@ -6483,7 +6483,7 @@ void sign_hash_deterministic(int key_type_arg, data_t *key_data, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); /* Perform the signature. */ PSA_ASSERT(psa_sign_hash(key, alg, @@ -6566,7 +6566,7 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); psa_interruptible_set_max_ops(max_ops); @@ -6651,7 +6651,7 @@ void sign_hash_fail(int key_type_arg, data_t *key_data, size_t signature_length = 0xdeadbeef; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); PSA_ASSERT(psa_crypto_init()); @@ -6731,7 +6731,7 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, psa_sign_hash_interruptible_operation_t operation = psa_sign_hash_interruptible_operation_init(); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); PSA_ASSERT(psa_crypto_init()); @@ -6859,7 +6859,7 @@ void sign_verify_hash(int key_type_arg, data_t *key_data, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); /* Perform the signature. */ PSA_ASSERT(psa_sign_hash(key, alg, @@ -6962,7 +6962,7 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); psa_interruptible_set_max_ops(max_ops); @@ -7444,7 +7444,7 @@ void interruptible_signverify_hash_state_test(int key_type_arg, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); @@ -7600,7 +7600,7 @@ void interruptible_signverify_hash_edgecase_tests(int key_type_arg, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); /* --- Change function inputs mid run, to cause an error (sign only, * verify passes all inputs to start. --- */ @@ -7731,7 +7731,7 @@ void interruptible_signverify_hash_ops_tests(int key_type_arg, TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); /* Check that default max ops gets set if we don't set it. */ PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, @@ -7905,7 +7905,7 @@ void sign_message_deterministic(int key_type_arg, signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); PSA_ASSERT(psa_sign_message(key, alg, input_data->x, input_data->len, @@ -7943,7 +7943,7 @@ void sign_message_fail(int key_type_arg, size_t signature_length = 0xdeadbeef; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); PSA_ASSERT(psa_crypto_init()); @@ -8003,7 +8003,7 @@ void sign_verify_message(int key_type_arg, signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); PSA_ASSERT(psa_sign_message(key, alg, input_data->x, input_data->len, @@ -8143,7 +8143,7 @@ void asymmetric_encrypt(int key_type_arg, output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); TEST_LE_U(output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); /* Encrypt the input */ actual_status = psa_asymmetric_encrypt(key, alg, @@ -8225,13 +8225,13 @@ void asymmetric_encrypt_decrypt(int key_type_arg, output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); TEST_LE_U(output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); output2_size = input_data->len; TEST_LE_U(output2_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)); TEST_LE_U(output2_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); - TEST_CALLOC_OR_FAIL(output2, output2_size); + TEST_CALLOC(output2, output2_size); /* We test encryption by checking that encrypt-then-decrypt gives back * the original plaintext because of the non-optional random @@ -8299,7 +8299,7 @@ void asymmetric_decrypt(int key_type_arg, /* Determine the maximum ciphertext length */ output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg); TEST_LE_U(output_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); PSA_ASSERT(psa_asymmetric_decrypt(key, alg, input_data->x, input_data->len, @@ -8354,7 +8354,7 @@ void asymmetric_decrypt_fail(int key_type_arg, psa_status_t expected_status = expected_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); PSA_ASSERT(psa_crypto_init()); @@ -8722,7 +8722,7 @@ void derive_output(int alg_arg, expected_outputs[i] = NULL; } } - TEST_CALLOC_OR_FAIL(output_buffer, output_buffer_size); + TEST_CALLOC(output_buffer, output_buffer_size); PSA_ASSERT(psa_crypto_init()); /* Extraction phase. */ @@ -8995,7 +8995,7 @@ void derive_ecjpake_to_pms(data_t *input, int expected_input_status_arg, psa_status_t expected_capacity_status = (psa_status_t) expected_capacity_status_arg; psa_status_t expected_output_status = (psa_status_t) expected_output_status_arg; - TEST_CALLOC_OR_FAIL(output_buffer, expected_output->len); + TEST_CALLOC(output_buffer, expected_output->len); PSA_ASSERT(psa_crypto_init()); PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); @@ -9116,8 +9116,8 @@ void derive_key_export(int alg_arg, psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; size_t length; - TEST_CALLOC_OR_FAIL(output_buffer, capacity); - TEST_CALLOC_OR_FAIL(export_buffer, capacity); + TEST_CALLOC(output_buffer, capacity); + TEST_CALLOC(export_buffer, capacity); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE); @@ -9201,7 +9201,7 @@ void derive_key_type(int alg_arg, psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; size_t export_length; - TEST_CALLOC_OR_FAIL(export_buffer, export_buffer_size); + TEST_CALLOC(export_buffer, export_buffer_size); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE); @@ -9373,7 +9373,7 @@ void raw_key_agreement(int alg_arg, PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); /* Good case with exact output size */ - TEST_CALLOC_OR_FAIL(output, expected_output->len); + TEST_CALLOC(output, expected_output->len); PSA_ASSERT(psa_raw_key_agreement(alg, our_key, peer_key_data->x, peer_key_data->len, output, expected_output->len, @@ -9385,7 +9385,7 @@ void raw_key_agreement(int alg_arg, output_length = ~0; /* Larger buffer */ - TEST_CALLOC_OR_FAIL(output, expected_output->len + 1); + TEST_CALLOC(output, expected_output->len + 1); PSA_ASSERT(psa_raw_key_agreement(alg, our_key, peer_key_data->x, peer_key_data->len, output, expected_output->len + 1, @@ -9397,7 +9397,7 @@ void raw_key_agreement(int alg_arg, output_length = ~0; /* Buffer too small */ - TEST_CALLOC_OR_FAIL(output, expected_output->len - 1); + TEST_CALLOC(output, expected_output->len - 1); TEST_EQUAL(psa_raw_key_agreement(alg, our_key, peer_key_data->x, peer_key_data->len, output, expected_output->len - 1, @@ -9486,7 +9486,7 @@ void key_agreement_output(int alg_arg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *actual_output = NULL; - TEST_CALLOC_OR_FAIL(actual_output, MAX(expected_output1->len, + TEST_CALLOC(actual_output, MAX(expected_output1->len, expected_output2->len)); PSA_ASSERT(psa_crypto_init()); @@ -9542,8 +9542,8 @@ void generate_random(int bytes_arg) TEST_ASSERT(bytes_arg >= 0); - TEST_CALLOC_OR_FAIL(output, bytes); - TEST_CALLOC_OR_FAIL(changed, bytes); + TEST_CALLOC(output, bytes); + TEST_CALLOC(changed, bytes); PSA_ASSERT(psa_crypto_init()); @@ -9661,8 +9661,8 @@ void generate_key_rsa(int bits_arg, is_default_public_exponent = 1; e_read_size = 0; } - TEST_CALLOC_OR_FAIL(e_read_buffer, e_read_size); - TEST_CALLOC_OR_FAIL(exported, exported_size); + TEST_CALLOC(e_read_buffer, e_read_size); + TEST_CALLOC(exported, exported_size); PSA_ASSERT(psa_crypto_init()); @@ -9764,8 +9764,8 @@ void persistent_key_load_key_from_storage(data_t *data, size_t second_exported_length; if (usage_flags & PSA_KEY_USAGE_EXPORT) { - TEST_CALLOC_OR_FAIL(first_export, export_size); - TEST_CALLOC_OR_FAIL(second_export, export_size); + TEST_CALLOC(first_export, export_size); + TEST_CALLOC(second_export, export_size); } PSA_ASSERT(psa_crypto_init()); @@ -9912,7 +9912,7 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, size_t buf_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg, PSA_PAKE_STEP_KEY_SHARE); - TEST_CALLOC_OR_FAIL(output_buffer, buf_size); + TEST_CALLOC(output_buffer, buf_size); if (pw_data->len > 0) { psa_set_key_usage_flags(&attributes, key_usage_pw); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index e83d2ae59..6d027a581 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -49,8 +49,8 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; psa_status_t status; - TEST_CALLOC_OR_FAIL(buffer0, buffer_length); - TEST_CALLOC_OR_FAIL(buffer1, buffer_length); + TEST_CALLOC(buffer0, buffer_length); + TEST_CALLOC(buffer1, buffer_length); switch (round) { case 1: @@ -538,7 +538,7 @@ void sign_hash(int key_type_arg, TEST_ASSERT(signature_size != 0); TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); actual_status = psa_sign_hash(key, alg, data_input->x, data_input->len, @@ -665,7 +665,7 @@ void sign_message(int key_type_arg, TEST_ASSERT(signature_size != 0); TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(signature, signature_size); actual_status = psa_sign_message(key, alg, data_input->x, data_input->len, @@ -997,7 +997,7 @@ void key_agreement(int alg_arg, mbedtls_test_driver_key_agreement_hooks.hits = 0; mbedtls_test_driver_key_agreement_hooks.forced_status = force_status; - TEST_CALLOC_OR_FAIL(actual_output, expected_output->len); + TEST_CALLOC(actual_output, expected_output->len); actual_status = psa_raw_key_agreement(alg, our_key, peer_key_data->x, peer_key_data->len, actual_output, expected_output->len, @@ -1053,8 +1053,8 @@ void cipher_encrypt_validation(int alg_arg, output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); - TEST_CALLOC_OR_FAIL(output1, output1_buffer_size); - TEST_CALLOC_OR_FAIL(output2, output2_buffer_size); + TEST_CALLOC(output1, output1_buffer_size); + TEST_CALLOC(output2, output2_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -1171,7 +1171,7 @@ void cipher_encrypt_multipart(int alg_arg, output_buffer_size = ((size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); - TEST_CALLOC_OR_FAIL(output, output_buffer_size); + TEST_CALLOC(output, output_buffer_size); if (mock_output_arg) { mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; @@ -1299,7 +1299,7 @@ void cipher_decrypt_multipart(int alg_arg, output_buffer_size = ((size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); - TEST_CALLOC_OR_FAIL(output, output_buffer_size); + TEST_CALLOC(output, output_buffer_size); if (mock_output_arg) { mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; @@ -1398,13 +1398,13 @@ void cipher_decrypt(int alg_arg, /* Allocate input buffer and copy the iv and the plaintext */ input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); if (input_buffer_size > 0) { - TEST_CALLOC_OR_FAIL(input, input_buffer_size); + TEST_CALLOC(input, input_buffer_size); memcpy(input, iv->x, iv->len); memcpy(input + iv->len, input_arg->x, input_arg->len); } output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); - TEST_CALLOC_OR_FAIL(output, output_buffer_size); + TEST_CALLOC(output, output_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -1451,7 +1451,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); - TEST_CALLOC_OR_FAIL(output, input->len + 16); + TEST_CALLOC(output, input->len + 16); output_buffer_size = input->len + 16; PSA_ASSERT(psa_crypto_init()); @@ -1691,7 +1691,7 @@ void aead_encrypt(int key_type_arg, data_t *key_data, PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); TEST_ASSERT(output_size <= PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); - TEST_CALLOC_OR_FAIL(output_data, output_size); + TEST_CALLOC(output_data, output_size); mbedtls_test_driver_aead_hooks.forced_status = forced_status; status = psa_aead_encrypt(key, alg, @@ -1753,7 +1753,7 @@ void aead_decrypt(int key_type_arg, data_t *key_data, output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg); - TEST_CALLOC_OR_FAIL(output_data, output_size); + TEST_CALLOC(output_data, output_size); mbedtls_test_driver_aead_hooks.forced_status = forced_status; status = psa_aead_decrypt(key, alg, @@ -1816,7 +1816,7 @@ void mac_sign(int key_type_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); - TEST_CALLOC_OR_FAIL(actual_mac, mac_buffer_size); + TEST_CALLOC(actual_mac, mac_buffer_size); mbedtls_test_driver_mac_hooks.forced_status = forced_status; /* @@ -1891,7 +1891,7 @@ void mac_sign_multipart(int key_type_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); - TEST_CALLOC_OR_FAIL(actual_mac, mac_buffer_size); + TEST_CALLOC(actual_mac, mac_buffer_size); mbedtls_test_driver_mac_hooks.forced_status = forced_status; /* @@ -2152,7 +2152,7 @@ void builtin_key_export(int builtin_key_id_arg, psa_status_t actual_status; PSA_ASSERT(psa_crypto_init()); - TEST_CALLOC_OR_FAIL(output_buffer, expected_output->len); + TEST_CALLOC(output_buffer, expected_output->len); actual_status = psa_export_key(key, output_buffer, expected_output->len, &output_size); @@ -2203,7 +2203,7 @@ void builtin_pubkey_export(int builtin_key_id_arg, psa_status_t actual_status; PSA_ASSERT(psa_crypto_init()); - TEST_CALLOC_OR_FAIL(output_buffer, expected_output->len); + TEST_CALLOC(output_buffer, expected_output->len); actual_status = psa_export_public_key(key, output_buffer, expected_output->len, &output_size); @@ -2244,7 +2244,7 @@ void hash_compute(int alg_arg, PSA_ASSERT(psa_crypto_init()); - TEST_CALLOC_OR_FAIL(output, PSA_HASH_LENGTH(alg)); + TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); @@ -2282,7 +2282,7 @@ void hash_multipart_setup(int alg_arg, PSA_ASSERT(psa_crypto_init()); - TEST_CALLOC_OR_FAIL(output, PSA_HASH_LENGTH(alg)); + TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); @@ -2329,7 +2329,7 @@ void hash_multipart_update(int alg_arg, PSA_ASSERT(psa_crypto_init()); - TEST_CALLOC_OR_FAIL(output, PSA_HASH_LENGTH(alg)); + TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); @@ -2385,7 +2385,7 @@ void hash_multipart_finish(int alg_arg, size_t output_length; PSA_ASSERT(psa_crypto_init()); - TEST_CALLOC_OR_FAIL(output, PSA_HASH_LENGTH(alg)); + TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); @@ -2440,7 +2440,7 @@ void hash_clone(int alg_arg, size_t output_length; PSA_ASSERT(psa_crypto_init()); - TEST_CALLOC_OR_FAIL(output, PSA_HASH_LENGTH(alg)); + TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); @@ -2539,11 +2539,11 @@ void asymmetric_encrypt_decrypt(int alg_arg, mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_encrypt->len; output_size = fake_output_encrypt->len; - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); } else { output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); TEST_ASSERT(output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); } /* We test encryption by checking that encrypt-then-decrypt gives back @@ -2571,13 +2571,13 @@ void asymmetric_encrypt_decrypt(int alg_arg, mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_decrypt->len; output2_size = fake_output_decrypt->len; - TEST_CALLOC_OR_FAIL(output2, output2_size); + TEST_CALLOC(output2, output2_size); } else { output2_size = input_data->len; TEST_ASSERT(output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)); TEST_ASSERT(output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); - TEST_CALLOC_OR_FAIL(output2, output2_size); + TEST_CALLOC(output2, output2_size); } TEST_EQUAL(psa_asymmetric_decrypt(key, alg, @@ -2651,10 +2651,10 @@ void asymmetric_decrypt(int alg_arg, mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_decrypt->len; output_size = fake_output_decrypt->len; - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); } else { output_size = expected_output_data->len; - TEST_CALLOC_OR_FAIL(output, expected_output_data->len); + TEST_CALLOC(output, expected_output_data->len); } TEST_EQUAL(psa_asymmetric_decrypt(key, alg, @@ -2724,10 +2724,10 @@ void asymmetric_encrypt(int alg_arg, mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_encrypt->len; output_size = fake_output_encrypt->len; - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); } else { output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); - TEST_CALLOC_OR_FAIL(output, output_size); + TEST_CALLOC(output, output_size); } TEST_EQUAL(psa_asymmetric_encrypt(key, alg, @@ -2824,7 +2824,7 @@ void aead_encrypt_setup(int key_type_arg, data_t *key_data, PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); TEST_ASSERT(output_size <= PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); - TEST_CALLOC_OR_FAIL(output_data, output_size); + TEST_CALLOC(output_data, output_size); status = psa_aead_encrypt_setup(&operation, key, alg); @@ -2926,7 +2926,7 @@ void aead_decrypt_setup(int key_type_arg, data_t *key_data, output_size = input_ciphertext->len; - TEST_CALLOC_OR_FAIL(output_data, output_size); + TEST_CALLOC(output_data, output_size); mbedtls_test_driver_aead_hooks.forced_status = forced_status; @@ -3016,12 +3016,12 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st PSA_PAKE_STEP_KEY_SHARE); int in_driver = (forced_status_setup_arg == PSA_SUCCESS); - TEST_CALLOC_OR_FAIL(input_buffer, + TEST_CALLOC(input_buffer, PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE)); memset(input_buffer, 0xAA, size_key_share); - TEST_CALLOC_OR_FAIL(output_buffer, + TEST_CALLOC(output_buffer, PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE)); memset(output_buffer, 0x55, output_size); diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function index 9e3f0a075..416b9f1d7 100644 --- a/tests/suites/test_suite_psa_crypto_entropy.function +++ b/tests/suites/test_suite_psa_crypto_entropy.function @@ -86,8 +86,8 @@ void external_rng_failure_sign(int key_type, data_t *key_data, int alg, size_t signature_size = PSA_SIGNATURE_MAX_SIZE; size_t signature_length; - TEST_CALLOC_OR_FAIL(input, input_size); - TEST_CALLOC_OR_FAIL(signature, signature_size); + TEST_CALLOC(input, input_size); + TEST_CALLOC(signature, signature_size); PSA_ASSERT(psa_crypto_init()); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, @@ -135,7 +135,7 @@ void validate_entropy_seed_injection(int seed_length_a, } else { seed_size = seed_length_b; } - TEST_CALLOC_OR_FAIL(seed, seed_size); + TEST_CALLOC(seed, seed_size); /* fill seed with some data */ for (i = 0; i < seed_size; ++i) { seed[i] = i; diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index 3debd7959..7a434322a 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -267,7 +267,7 @@ void entropy_from_nv_seed(int seed_size_arg, uint8_t *seed = NULL; size_t seed_size = seed_size_arg; - TEST_CALLOC_OR_FAIL(seed, seed_size); + TEST_CALLOC(seed, seed_size); TEST_ASSERT(mbedtls_nv_seed_write(seed, seed_size) >= 0); custom_entropy_sources_mask = ENTROPY_SOURCE_NV_SEED; diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index e260761ae..0ce9df1f2 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -137,8 +137,8 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; psa_status_t status; - TEST_CALLOC_OR_FAIL(buffer0, buffer_length); - TEST_CALLOC_OR_FAIL(buffer1, buffer_length); + TEST_CALLOC(buffer0, buffer_length); + TEST_CALLOC(buffer1, buffer_length); switch (round) { case PAKE_ROUND_ONE: @@ -617,7 +617,7 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, size_t buf_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg, PSA_PAKE_STEP_KEY_SHARE); - TEST_CALLOC_OR_FAIL(output_buffer, buf_size); + TEST_CALLOC(output_buffer, buf_size); psa_set_key_usage_flags(&attributes, key_usage_pw); psa_set_key_algorithm(&attributes, alg); diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 6d3c4d44d..a8f72e86c 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -61,7 +61,7 @@ void format_storage_data_check(data_t *key_data, psa_set_key_algorithm(&attributes, key_alg); psa_set_key_enrollment_algorithm(&attributes, key_alg2); - TEST_CALLOC_OR_FAIL(file_data, file_data_length); + TEST_CALLOC(file_data, file_data_length); psa_format_key_data_for_storage(key_data->x, key_data->len, &attributes.core, file_data); @@ -127,7 +127,7 @@ void save_large_persistent_key(int data_length_arg, int expected_status) size_t data_length = data_length_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_CALLOC_OR_FAIL(data, data_length); + TEST_CALLOC(data, data_length); PSA_ASSERT(psa_crypto_init()); @@ -267,7 +267,7 @@ void import_export_persistent_key(data_t *data, int type_arg, size_t exported_length; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_CALLOC_OR_FAIL(exported, export_size); + TEST_CALLOC(exported, export_size); PSA_ASSERT(psa_crypto_init()); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 4eaf434b6..10cd9e5cd 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -605,7 +605,7 @@ static int check_persistent_data(psa_key_location_t location, int ok = 0; PSA_ASSERT(psa_its_get_info(uid, &info)); - TEST_CALLOC_OR_FAIL(loaded, info.size); + TEST_CALLOC(loaded, info.size); PSA_ASSERT(psa_its_get(uid, 0, info.size, loaded, NULL)); TEST_BUFFERS_EQUAL(expected_data, size, loaded, info.size); ok = 1; diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 57492b99e..9ff9dd9c1 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -303,7 +303,7 @@ void persistent_slot_lifecycle(int lifetime_arg, int owner_id_arg, int id_arg, psa_get_key_type(&read_attributes)); TEST_EQUAL(psa_get_key_bits(&attributes), psa_get_key_bits(&read_attributes)); - TEST_CALLOC_OR_FAIL(reexported, key_data->len); + TEST_CALLOC(reexported, key_data->len); if (usage_flags & PSA_KEY_USAGE_EXPORT) { PSA_ASSERT(psa_export_key(id, reexported, key_data->len, &reexported_length)); @@ -575,7 +575,7 @@ void copy_across_lifetimes(int source_lifetime_arg, int source_owner_id_arg, psa_get_key_enrollment_algorithm(&target_attributes)); if (expected_usage & PSA_KEY_USAGE_EXPORT) { size_t length; - TEST_CALLOC_OR_FAIL(export_buffer, material->len); + TEST_CALLOC(export_buffer, material->len); PSA_ASSERT(psa_export_key(returned_target_id, export_buffer, material->len, &length)); TEST_BUFFERS_EQUAL(material->x, material->len, @@ -689,7 +689,7 @@ void copy_to_occupied(int source_lifetime_arg, int source_id_arg, psa_get_key_algorithm(&attributes2)); if (target_usage & PSA_KEY_USAGE_EXPORT) { size_t length; - TEST_CALLOC_OR_FAIL(export_buffer, target_material->len); + TEST_CALLOC(export_buffer, target_material->len); PSA_ASSERT(psa_export_key(returned_target_id, export_buffer, target_material->len, &length)); TEST_BUFFERS_EQUAL(target_material->x, target_material->len, @@ -813,7 +813,7 @@ void many_transient_keys(int max_keys_arg) uint8_t exported[sizeof(size_t)]; size_t exported_length; - TEST_CALLOC_OR_FAIL(keys, max_keys); + TEST_CALLOC(keys, max_keys); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); @@ -942,7 +942,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() TEST_ASSERT(MBEDTLS_PSA_KEY_SLOT_COUNT >= 1); - TEST_CALLOC_OR_FAIL(keys, MBEDTLS_PSA_KEY_SLOT_COUNT); + TEST_CALLOC(keys, MBEDTLS_PSA_KEY_SLOT_COUNT); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function index 1099ba205..8ad5c11e8 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tests/suites/test_suite_psa_crypto_storage_format.function @@ -36,7 +36,7 @@ static int test_written_key(const psa_key_attributes_t *attributes, /* Check that the key is represented as expected. */ PSA_ASSERT(psa_its_get_info(uid, &storage_info)); TEST_EQUAL(storage_info.size, expected_representation->len); - TEST_CALLOC_OR_FAIL(actual_representation, storage_info.size); + TEST_CALLOC(actual_representation, storage_info.size); PSA_ASSERT(psa_its_get(uid, 0, storage_info.size, actual_representation, &length)); TEST_BUFFERS_EQUAL(expected_representation->x, expected_representation->len, @@ -259,7 +259,7 @@ static int test_read_key(const psa_key_attributes_t *expected_attributes, TEST_EQUAL(psa_get_key_enrollment_algorithm(expected_attributes), psa_get_key_enrollment_algorithm(&actual_attributes)); if (can_export(expected_attributes)) { - TEST_CALLOC_OR_FAIL(exported_material, expected_material->len); + TEST_CALLOC(exported_material, expected_material->len); PSA_ASSERT(psa_export_key(key_id, exported_material, expected_material->len, &length)); diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index 28e7cdec5..5f8dd87a0 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -92,7 +92,7 @@ void set_get_remove(int uid_arg, int flags_arg, data_t *data) unsigned char *buffer = NULL; size_t ret_len = 0; - TEST_CALLOC_OR_FAIL(buffer, data->len); + TEST_CALLOC(buffer, data->len); PSA_ASSERT(psa_its_set_wrap(uid, data->len, data->x, flags)); @@ -122,7 +122,7 @@ void set_overwrite(int uid_arg, unsigned char *buffer = NULL; size_t ret_len = 0; - TEST_CALLOC_OR_FAIL(buffer, MAX(data1->len, data2->len)); + TEST_CALLOC(buffer, MAX(data1->len, data2->len)); PSA_ASSERT(psa_its_set_wrap(uid, data1->len, data1->x, flags1)); PSA_ASSERT(psa_its_get_info(uid, &info)); @@ -214,7 +214,7 @@ void get_at(int uid_arg, data_t *data, size_t i; size_t ret_len = 0; - TEST_CALLOC_OR_FAIL(buffer, length + 16); + TEST_CALLOC(buffer, length + 16); trailer = buffer + length; memset(trailer, '-', 16); diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function index 147f5440c..6a2b67740 100644 --- a/tests/suites/test_suite_random.function +++ b/tests/suites/test_suite_random.function @@ -169,7 +169,7 @@ void mbedtls_psa_get_random_length(int n) unsigned char *output = NULL; PSA_ASSERT(psa_crypto_init()); - TEST_CALLOC_OR_FAIL(output, n); + TEST_CALLOC(output, n); TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, output, n)); diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 668f0dc92..8cadb40c3 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -155,7 +155,7 @@ void mbedtls_sha3(int family, data_t *in, data_t *hash) { unsigned char *output = NULL; - TEST_CALLOC_OR_FAIL(output, hash->len); + TEST_CALLOC(output, hash->len); TEST_ASSERT(mbedtls_sha3(family, in->x, in->len, output, hash->len) == 0); @@ -193,7 +193,7 @@ void mbedtls_sha3_multi(int family, data_t *in, data_t *hash) mbedtls_sha3_context ctx; const unsigned int block_size = 256; - TEST_CALLOC_OR_FAIL(output, hash->len); + TEST_CALLOC(output, hash->len); mbedtls_sha3_init(&ctx); mbedtls_sha3_starts(&ctx, family); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index f71a3de19..7fdba10b9 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -152,7 +152,7 @@ void test_callback_buffer(int size, int put1, int put1_ret, if (input_len == 0) { input_len = 1; } - TEST_CALLOC_OR_FAIL(input, input_len); + TEST_CALLOC(input, input_len); output_len = 0; for (j = 0; j < ROUNDS; j++) { @@ -166,7 +166,7 @@ void test_callback_buffer(int size, int put1, int put1_ret, if (output_len == 0) { output_len = 1; } - TEST_CALLOC_OR_FAIL(output, output_len); + TEST_CALLOC(output, output_len); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ @@ -1543,8 +1543,8 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, + plaintext_len + t0.maclen + padlen + 1; - TEST_CALLOC_OR_FAIL(buf, buflen); - TEST_CALLOC_OR_FAIL(buf_save, buflen); + TEST_CALLOC(buf, buflen); + TEST_CALLOC(buf_save, buflen); /* Prepare a dummy record header */ memset(rec.ctr, 0, sizeof(rec.ctr)); @@ -2064,7 +2064,7 @@ void ssl_tls13_record_protection(int ciphersuite, /* Make sure we have enough space in the buffer even if * we use more padding than the KAT. */ buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; - TEST_CALLOC_OR_FAIL(buf, buf_len); + TEST_CALLOC(buf, buf_len); rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */ diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index da042cf21..577cea41d 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -944,7 +944,7 @@ void mbedtls_x509_dn_get_next(char *name_str, c = buf + sizeof(buf); // Additional size required for trailing space out_size = strlen(expected_oids) + 2; - TEST_CALLOC_OR_FAIL(out, out_size); + TEST_CALLOC(out, out_size); TEST_EQUAL(mbedtls_x509_string_to_names(&names, name_str), 0); @@ -979,7 +979,7 @@ void mbedtls_x509_dn_get_next(char *name_str, out = NULL; out_size = strlen(exp_dn_gets) + 1; - TEST_CALLOC_OR_FAIL(out, out_size); + TEST_CALLOC(out, out_size); TEST_LE_S(0, mbedtls_x509_dn_gets((char *) out, out_size, &parsed)); TEST_EQUAL(strcmp((char *) out, exp_dn_gets), 0); From a45d902822bd6972edd4cfacec00b4301edce83d Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jul 2023 11:34:44 +0100 Subject: [PATCH 137/339] Rename the length argument to TEST_CALLOC() to be the more accurate item_count Signed-off-by: Tom Cosgrove --- tests/include/test/macros.h | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 7c62c7ed7..ecf6a1753 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -107,52 +107,52 @@ * The allocated memory will be filled with zeros. * * You must set \p pointer to \c NULL before calling this macro and - * put `mbedtls_free( pointer )` in the test's cleanup code. + * put `mbedtls_free(pointer)` in the test's cleanup code. * - * If \p length is zero, the resulting \p pointer will be \c NULL. + * If \p item_count is zero, the resulting \p pointer will be \c NULL. * This is usually what we want in tests since API functions are * supposed to accept null pointers when a buffer size is zero. * * This macro expands to an instruction, not an expression. * It may jump to the \c exit label. * - * \param pointer An lvalue where the address of the allocated buffer - * will be stored. - * This expression may be evaluated multiple times. - * \param length Number of elements to allocate. - * This expression may be evaluated multiple times. + * \param pointer An lvalue where the address of the allocated buffer + * will be stored. + * This expression may be evaluated multiple times. + * \param item_count Number of elements to allocate. + * This expression may be evaluated multiple times. * */ -#define TEST_CALLOC(pointer, length) \ +#define TEST_CALLOC(pointer, item_count) \ do { \ TEST_ASSERT((pointer) == NULL); \ - if ((length) != 0) { \ + if ((item_count) != 0) { \ (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ - (length)); \ + (item_count)); \ TEST_ASSERT((pointer) != NULL); \ } \ } while (0) /* For backwards compatibility */ -#define ASSERT_ALLOC(pointer, length) TEST_CALLOC(pointer, length) +#define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count) /** Allocate memory dynamically. If the allocation fails, skip the test case. * * This macro behaves like #TEST_CALLOC, except that if the allocation * fails, it marks the test as skipped rather than failed. */ -#define TEST_CALLOC_OR_SKIP(pointer, length) \ +#define TEST_CALLOC_OR_SKIP(pointer, item_count) \ do { \ TEST_ASSERT((pointer) == NULL); \ - if ((length) != 0) { \ + if ((item_count) != 0) { \ (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ - (length)); \ + (item_count)); \ TEST_ASSUME((pointer) != NULL); \ } \ } while (0) /* For backwards compatibility */ -#define ASSERT_ALLOC_WEAK(pointer, length) TEST_CALLOC_OR_SKIP(pointer, length) +#define ASSERT_ALLOC_WEAK(pointer, item_count) TEST_CALLOC_OR_SKIP(pointer, item_count) /** Compare two buffers and fail the test case if they differ. * From e4e9e7da58ac378aba8412f013892b760f55c8b7 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jul 2023 11:40:20 +0100 Subject: [PATCH 138/339] For tests, rename TEST_BUFFERS_EQUAL() to TEST_MEMORY_COMPARE() Signed-off-by: Tom Cosgrove --- tests/include/test/macros.h | 4 +- tests/suites/test_suite_aes.function | 4 +- tests/suites/test_suite_aria.function | 16 +- tests/suites/test_suite_asn1write.function | 12 +- tests/suites/test_suite_bignum_core.function | 90 +++++----- tests/suites/test_suite_bignum_mod.function | 22 +-- .../suites/test_suite_bignum_mod_raw.function | 84 ++++----- .../suites/test_suite_bignum_random.function | 12 +- tests/suites/test_suite_ccm.function | 26 +-- tests/suites/test_suite_chacha20.function | 6 +- tests/suites/test_suite_cipher.function | 2 +- tests/suites/test_suite_common.function | 12 +- .../suites/test_suite_constant_time.function | 6 +- .../test_suite_constant_time_hmac.function | 2 +- tests/suites/test_suite_ecp.function | 22 +-- tests/suites/test_suite_gcm.function | 20 +-- tests/suites/test_suite_hkdf.function | 6 +- tests/suites/test_suite_lmots.function | 4 +- tests/suites/test_suite_lms.function | 4 +- tests/suites/test_suite_md.function | 20 +-- tests/suites/test_suite_mps.function | 164 +++++++++--------- tests/suites/test_suite_pkcs12.function | 2 +- tests/suites/test_suite_pkcs1_v21.function | 8 +- tests/suites/test_suite_pkparse.function | 2 +- tests/suites/test_suite_pkwrite.function | 8 +- .../test_suite_platform_printf.function | 6 +- tests/suites/test_suite_poly1305.function | 8 +- tests/suites/test_suite_psa_crypto.function | 86 ++++----- ..._suite_psa_crypto_driver_wrappers.function | 58 +++---- .../test_suite_psa_crypto_hash.function | 6 +- .../test_suite_psa_crypto_pake.function | 8 +- ...t_suite_psa_crypto_persistent_key.function | 6 +- ...st_suite_psa_crypto_se_driver_hal.function | 4 +- ..._suite_psa_crypto_slot_management.function | 18 +- ...t_suite_psa_crypto_storage_format.function | 4 +- tests/suites/test_suite_psa_its.function | 10 +- tests/suites/test_suite_shax.function | 10 +- tests/suites/test_suite_ssl.function | 38 ++-- tests/suites/test_suite_x509parse.function | 2 +- 39 files changed, 411 insertions(+), 411 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index ecf6a1753..2c17745a7 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -166,7 +166,7 @@ * \param size2 Size of the second buffer in bytes. * This expression may be evaluated multiple times. */ -#define TEST_BUFFERS_EQUAL(p1, size1, p2, size2) \ +#define TEST_MEMORY_COMPARE(p1, size1, p2, size2) \ do { \ TEST_EQUAL((size1), (size2)); \ if ((size1) != 0) { \ @@ -175,7 +175,7 @@ } while (0) /* For backwards compatibility */ -#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_BUFFERS_EQUAL(p1, size1, p2, size2) +#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_MEMORY_COMPARE(p1, size1, p2, size2) /** * \brief This macro tests the expression passed to it and skips the diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index c27347542..d495b49ed 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -38,13 +38,13 @@ static int test_copy(const data_t *key, // Encrypt with copied context TEST_ASSERT(mbedtls_aes_crypt_ecb(enc, MBEDTLS_AES_ENCRYPT, plaintext, output) == 0); - TEST_BUFFERS_EQUAL(ciphertext, 16, output, 16); + TEST_MEMORY_COMPARE(ciphertext, 16, output, 16); mbedtls_aes_free(enc); // Decrypt with copied context TEST_ASSERT(mbedtls_aes_crypt_ecb(dec, MBEDTLS_AES_DECRYPT, ciphertext, output) == 0); - TEST_BUFFERS_EQUAL(plaintext, 16, output, 16); + TEST_MEMORY_COMPARE(plaintext, 16, output, 16); mbedtls_aes_free(dec); return 1; diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 9e6d9b9d5..daac98318 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -77,7 +77,7 @@ void aria_encrypt_ecb(data_t *key_str, data_t *src_str, output + i) == 0); } - TEST_BUFFERS_EQUAL(output, expected_output->len, + TEST_MEMORY_COMPARE(output, expected_output->len, expected_output->x, expected_output->len); } @@ -105,7 +105,7 @@ void aria_decrypt_ecb(data_t *key_str, data_t *src_str, output + i) == 0); } - TEST_BUFFERS_EQUAL(output, expected_output->len, + TEST_MEMORY_COMPARE(output, expected_output->len, expected_output->x, expected_output->len); } @@ -130,7 +130,7 @@ void aria_encrypt_cbc(data_t *key_str, data_t *iv_str, src_str->len, iv_str->x, src_str->x, output) == cbc_result); if (cbc_result == 0) { - TEST_BUFFERS_EQUAL(output, expected_output->len, + TEST_MEMORY_COMPARE(output, expected_output->len, expected_output->x, expected_output->len); } @@ -155,7 +155,7 @@ void aria_decrypt_cbc(data_t *key_str, data_t *iv_str, src_str->len, iv_str->x, src_str->x, output) == cbc_result); if (cbc_result == 0) { - TEST_BUFFERS_EQUAL(output, expected_output->len, + TEST_MEMORY_COMPARE(output, expected_output->len, expected_output->x, expected_output->len); } @@ -182,7 +182,7 @@ void aria_encrypt_cfb128(data_t *key_str, data_t *iv_str, iv_str->x, src_str->x, output) == result); - TEST_BUFFERS_EQUAL(output, expected_output->len, + TEST_MEMORY_COMPARE(output, expected_output->len, expected_output->x, expected_output->len); exit: @@ -208,7 +208,7 @@ void aria_decrypt_cfb128(data_t *key_str, data_t *iv_str, iv_str->x, src_str->x, output) == result); - TEST_BUFFERS_EQUAL(output, expected_output->len, + TEST_MEMORY_COMPARE(output, expected_output->len, expected_output->x, expected_output->len); exit: @@ -234,7 +234,7 @@ void aria_encrypt_ctr(data_t *key_str, data_t *iv_str, iv_str->x, blk, src_str->x, output) == result); - TEST_BUFFERS_EQUAL(output, expected_output->len, + TEST_MEMORY_COMPARE(output, expected_output->len, expected_output->x, expected_output->len); exit: @@ -260,7 +260,7 @@ void aria_decrypt_ctr(data_t *key_str, data_t *iv_str, iv_str->x, blk, src_str->x, output) == result); - TEST_BUFFERS_EQUAL(output, expected_output->len, + TEST_MEMORY_COMPARE(output, expected_output->len, expected_output->x, expected_output->len); exit: diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index aac7b30a0..f92c751eb 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -37,7 +37,7 @@ int generic_write_finish_step(generic_write_data_t *data, TEST_EQUAL(ret, data->end - data->p); TEST_ASSERT(data->p >= data->start); TEST_ASSERT(data->p <= data->end); - TEST_BUFFERS_EQUAL(data->p, (size_t) (data->end - data->p), + TEST_MEMORY_COMPARE(data->p, (size_t) (data->end - data->p), expected->x, expected->len); } ok = 1; @@ -322,7 +322,7 @@ void mbedtls_asn1_write_algorithm_identifier(data_t *oid, TEST_EQUAL(mbedtls_asn1_get_alg(&p, end_complete, &alg, ¶ms), 0); TEST_EQUAL(alg.tag, MBEDTLS_ASN1_OID); - TEST_BUFFERS_EQUAL(alg.p, alg.len, oid->x, oid->len); + TEST_MEMORY_COMPARE(alg.p, alg.len, oid->x, oid->len); TEST_EQUAL(params.tag, expected_params_tag); TEST_EQUAL(params.len, expected_params_len); mbedtls_free(buf_complete); @@ -440,7 +440,7 @@ void test_asn1_write_bitstrings(data_t *bitstring, int bits, mbedtls_asn1_bitstring read = { 0, 0, NULL }; TEST_EQUAL(mbedtls_asn1_get_bitstring(&data.p, data.end, &read), 0); - TEST_BUFFERS_EQUAL(read.p, read.len, + TEST_MEMORY_COMPARE(read.p, read.len, masked_bitstring, byte_length); TEST_EQUAL(read.unused_bits, 8 * byte_length - value_bits); } @@ -545,7 +545,7 @@ void store_named_data_val_found(int old_len, int new_len) TEST_ASSERT(found == head); if (new_val != NULL) { - TEST_BUFFERS_EQUAL(found->val.p, found->val.len, + TEST_MEMORY_COMPARE(found->val.p, found->val.len, new_val, (size_t) new_len); } if (new_len == 0) { @@ -580,14 +580,14 @@ void store_named_data_val_new(int new_len, int set_new_val) TEST_ASSERT(found != NULL); TEST_ASSERT(found == head); TEST_ASSERT(found->oid.p != oid); - TEST_BUFFERS_EQUAL(found->oid.p, found->oid.len, oid, oid_len); + TEST_MEMORY_COMPARE(found->oid.p, found->oid.len, oid, oid_len); if (new_len == 0) { TEST_ASSERT(found->val.p == NULL); } else if (new_val == NULL) { TEST_ASSERT(found->val.p != NULL); } else { TEST_ASSERT(found->val.p != new_val); - TEST_BUFFERS_EQUAL(found->val.p, found->val.len, + TEST_MEMORY_COMPARE(found->val.p, found->val.len, new_val, (size_t) new_len); } diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index d155c749b..79f540bcb 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -34,45 +34,45 @@ static int mpi_core_verify_add(mbedtls_mpi_uint *A, /* A + B => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add(X, A, B, limbs)); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); /* A + B; alias output and first operand => correct result and carry */ memcpy(X, A, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_add(X, X, B, limbs)); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); /* A + B; alias output and second operand => correct result and carry */ memcpy(X, B, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_add(X, A, X, limbs)); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); if (memcmp(A, B, bytes) == 0) { /* A == B, so test where A and B are aliased */ /* A + A => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add(X, A, A, limbs)); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); /* A + A, output aliased to both operands => correct result and carry */ memcpy(X, A, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_add(X, X, X, limbs)); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); } else { /* A != B, so test B + A */ /* B + A => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add(X, B, A, limbs)); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); /* B + A; alias output and first operand => correct result and carry */ memcpy(X, B, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_add(X, X, A, limbs)); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); /* B + A; alias output and second operand => correct result and carry */ memcpy(X, A, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_add(X, B, X, limbs)); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); } ret = 1; @@ -111,11 +111,11 @@ static int mpi_core_verify_add_if(mbedtls_mpi_uint *A, /* cond = 0 => X unchanged, no carry */ memcpy(X, A, bytes); TEST_EQUAL(0, mbedtls_mpi_core_add_if(X, B, limbs, 0)); - TEST_BUFFERS_EQUAL(X, bytes, A, bytes); + TEST_MEMORY_COMPARE(X, bytes, A, bytes); /* cond = 1 => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add_if(X, B, limbs, 1)); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); if (memcmp(A, B, bytes) == 0) { /* A == B, so test where A and B are aliased */ @@ -123,22 +123,22 @@ static int mpi_core_verify_add_if(mbedtls_mpi_uint *A, /* cond = 0 => X unchanged, no carry */ memcpy(X, B, bytes); TEST_EQUAL(0, mbedtls_mpi_core_add_if(X, X, limbs, 0)); - TEST_BUFFERS_EQUAL(X, bytes, B, bytes); + TEST_MEMORY_COMPARE(X, bytes, B, bytes); /* cond = 1 => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add_if(X, X, limbs, 1)); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); } else { /* A != B, so test B + A */ /* cond = 0 => d unchanged, no carry */ memcpy(X, B, bytes); TEST_EQUAL(0, mbedtls_mpi_core_add_if(X, A, limbs, 0)); - TEST_BUFFERS_EQUAL(X, bytes, B, bytes); + TEST_MEMORY_COMPARE(X, bytes, B, bytes); /* cond = 1 => correct result and carry */ TEST_EQUAL(carry, mbedtls_mpi_core_add_if(X, A, limbs, 1)); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); } ret = 1; @@ -458,10 +458,10 @@ void mpi_core_cond_assign(char *input_X, TEST_CF_PUBLIC(X, bytes); TEST_CF_PUBLIC(Y, bytes); - TEST_BUFFERS_EQUAL(X, copy_bytes, Y, copy_bytes); + TEST_MEMORY_COMPARE(X, copy_bytes, Y, copy_bytes); TEST_ASSERT(memcmp(X, Y, bytes) != 0); } else { - TEST_BUFFERS_EQUAL(X, bytes, Y, bytes); + TEST_MEMORY_COMPARE(X, bytes, Y, bytes); } exit: @@ -508,8 +508,8 @@ void mpi_core_cond_swap(char *input_X, TEST_CF_PUBLIC(X, bytes); TEST_CF_PUBLIC(Y, bytes); - TEST_BUFFERS_EQUAL(X, bytes, tmp_X, bytes); - TEST_BUFFERS_EQUAL(Y, bytes, tmp_Y, bytes); + TEST_MEMORY_COMPARE(X, bytes, tmp_X, bytes); + TEST_MEMORY_COMPARE(Y, bytes, tmp_Y, bytes); /* condition is true */ TEST_CF_SECRET(X, bytes); @@ -523,15 +523,15 @@ void mpi_core_cond_swap(char *input_X, /* Check if the given length is copied even it is smaller than the length of the given MPIs. */ if (copy_limbs < limbs) { - TEST_BUFFERS_EQUAL(X, copy_bytes, tmp_Y, copy_bytes); - TEST_BUFFERS_EQUAL(Y, copy_bytes, tmp_X, copy_bytes); + TEST_MEMORY_COMPARE(X, copy_bytes, tmp_Y, copy_bytes); + TEST_MEMORY_COMPARE(Y, copy_bytes, tmp_X, copy_bytes); TEST_ASSERT(memcmp(X, tmp_X, bytes) != 0); TEST_ASSERT(memcmp(X, tmp_Y, bytes) != 0); TEST_ASSERT(memcmp(Y, tmp_X, bytes) != 0); TEST_ASSERT(memcmp(Y, tmp_Y, bytes) != 0); } else { - TEST_BUFFERS_EQUAL(X, bytes, tmp_Y, bytes); - TEST_BUFFERS_EQUAL(Y, bytes, tmp_X, bytes); + TEST_MEMORY_COMPARE(X, bytes, tmp_Y, bytes); + TEST_MEMORY_COMPARE(Y, bytes, tmp_X, bytes); } exit: @@ -554,7 +554,7 @@ void mpi_core_shift_r(char *input, int count, char *result) TEST_EQUAL(limbs, n); mbedtls_mpi_core_shift_r(X, limbs, count); - TEST_BUFFERS_EQUAL(X, limbs * ciL, Y, limbs * ciL); + TEST_MEMORY_COMPARE(X, limbs * ciL, Y, limbs * ciL); exit: mbedtls_free(X); @@ -574,7 +574,7 @@ void mpi_core_shift_l(char *input, int count, char *result) TEST_EQUAL(limbs, n); mbedtls_mpi_core_shift_l(X, limbs, count); - TEST_BUFFERS_EQUAL(X, limbs * ciL, Y, limbs * ciL); + TEST_MEMORY_COMPARE(X, limbs * ciL, Y, limbs * ciL); exit: mbedtls_free(X); @@ -664,7 +664,7 @@ void mpi_core_sub(char *input_A, char *input_B, TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, a, b, limbs)); /* 1b) r = a - b => we should get the correct result */ - TEST_BUFFERS_EQUAL(r, bytes, x, bytes); + TEST_MEMORY_COMPARE(r, bytes, x, bytes); /* 2 and 3 test "r may be aliased to a or b" */ /* 2a) r = a; r -= b => we should get the correct carry (use r to avoid clobbering a) */ @@ -672,20 +672,20 @@ void mpi_core_sub(char *input_A, char *input_B, TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, r, b, limbs)); /* 2b) r -= b => we should get the correct result */ - TEST_BUFFERS_EQUAL(r, bytes, x, bytes); + TEST_MEMORY_COMPARE(r, bytes, x, bytes); /* 3a) r = b; r = a - r => we should get the correct carry (use r to avoid clobbering b) */ memcpy(r, b, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, a, r, limbs)); /* 3b) r = a - b => we should get the correct result */ - TEST_BUFFERS_EQUAL(r, bytes, x, bytes); + TEST_MEMORY_COMPARE(r, bytes, x, bytes); /* 4 tests "r may be aliased to [...] both" */ if (A.n == B.n && memcmp(A.p, B.p, bytes) == 0) { memcpy(r, b, bytes); TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, r, r, limbs)); - TEST_BUFFERS_EQUAL(r, bytes, x, bytes); + TEST_MEMORY_COMPARE(r, bytes, x, bytes); } exit: @@ -774,13 +774,13 @@ void mpi_core_mla(char *input_A, char *input_B, char *input_S, TEST_EQUAL(mbedtls_mpi_core_mla(a, limbs, B.p, B.n, *S.p), *cy->p); /* 1b) A += B * s => we should get the correct result */ - TEST_BUFFERS_EQUAL(a, bytes, x, bytes); + TEST_MEMORY_COMPARE(a, bytes, x, bytes); if (A.n == B.n && memcmp(A.p, B.p, bytes) == 0) { /* Check when A and B are aliased */ memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint)); TEST_EQUAL(mbedtls_mpi_core_mla(a, limbs, a, limbs, *S.p), *cy->p); - TEST_BUFFERS_EQUAL(a, bytes, x, bytes); + TEST_MEMORY_COMPARE(a, bytes, x, bytes); } exit: @@ -890,14 +890,14 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4, mbedtls_mpi_core_montmul(R.p, A.p, B.p, B.n, N.p, N.n, mm, T.p); size_t bytes = N.n * sizeof(mbedtls_mpi_uint); - TEST_BUFFERS_EQUAL(R.p, bytes, X->p, bytes); + TEST_MEMORY_COMPARE(R.p, bytes, X->p, bytes); /* The output (R, above) may be aliased to A - use R to save the value of A */ memcpy(R.p, A.p, bytes); mbedtls_mpi_core_montmul(A.p, A.p, B.p, B.n, N.p, N.n, mm, T.p); - TEST_BUFFERS_EQUAL(A.p, bytes, X->p, bytes); + TEST_MEMORY_COMPARE(A.p, bytes, X->p, bytes); memcpy(A.p, R.p, bytes); /* restore A */ @@ -906,7 +906,7 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4, memcpy(R.p, N.p, bytes); mbedtls_mpi_core_montmul(N.p, A.p, B.p, B.n, N.p, N.n, mm, T.p); - TEST_BUFFERS_EQUAL(N.p, bytes, X->p, bytes); + TEST_MEMORY_COMPARE(N.p, bytes, X->p, bytes); memcpy(N.p, R.p, bytes); @@ -917,7 +917,7 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4, * don't bother with yet another test with only A and B aliased */ mbedtls_mpi_core_montmul(B.p, B.p, B.p, B.n, N.p, N.n, mm, T.p); - TEST_BUFFERS_EQUAL(B.p, bytes, X->p, bytes); + TEST_MEMORY_COMPARE(B.p, bytes, X->p, bytes); memcpy(B.p, A.p, bytes); /* restore B from equal value A */ } @@ -925,7 +925,7 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4, /* The output may be aliased to B - last test, so we don't save B */ mbedtls_mpi_core_montmul(B.p, A.p, B.p, B.n, N.p, N.n, mm, T.p); - TEST_BUFFERS_EQUAL(B.p, bytes, X->p, bytes); + TEST_MEMORY_COMPARE(B.p, bytes, X->p, bytes); } exit: @@ -1046,7 +1046,7 @@ void mpi_core_ct_uint_table_lookup(int bitlen, int window_size) TEST_CF_PUBLIC(dest, limbs * sizeof(*dest)); TEST_CF_PUBLIC(table, count * limbs * sizeof(*table)); - TEST_BUFFERS_EQUAL(dest, limbs * sizeof(*dest), + TEST_MEMORY_COMPARE(dest, limbs * sizeof(*dest), current, limbs * sizeof(*current)); TEST_CF_PUBLIC(&i, sizeof(i)); } @@ -1143,24 +1143,24 @@ void mpi_core_mul(char *input_A, /* 1. X = A * B - result should be correct, A and B unchanged */ mbedtls_mpi_core_mul(X, A, A_limbs, B, B_limbs); - TEST_BUFFERS_EQUAL(X, X_bytes, R, X_bytes); - TEST_BUFFERS_EQUAL(A, A_bytes, A_orig, A_bytes); - TEST_BUFFERS_EQUAL(B, B_bytes, B_orig, B_bytes); + TEST_MEMORY_COMPARE(X, X_bytes, R, X_bytes); + TEST_MEMORY_COMPARE(A, A_bytes, A_orig, A_bytes); + TEST_MEMORY_COMPARE(B, B_bytes, B_orig, B_bytes); /* 2. A == B: alias A and B - result should be correct, A and B unchanged */ if (A_bytes == B_bytes && memcmp(A, B, A_bytes) == 0) { memset(X, '!', X_bytes); mbedtls_mpi_core_mul(X, A, A_limbs, A, A_limbs); - TEST_BUFFERS_EQUAL(X, X_bytes, R, X_bytes); - TEST_BUFFERS_EQUAL(A, A_bytes, A_orig, A_bytes); + TEST_MEMORY_COMPARE(X, X_bytes, R, X_bytes); + TEST_MEMORY_COMPARE(A, A_bytes, A_orig, A_bytes); } /* 3. X = B * A - result should be correct, A and B unchanged */ else { memset(X, '!', X_bytes); mbedtls_mpi_core_mul(X, B, B_limbs, A, A_limbs); - TEST_BUFFERS_EQUAL(X, X_bytes, R, X_bytes); - TEST_BUFFERS_EQUAL(A, A_bytes, A_orig, A_bytes); - TEST_BUFFERS_EQUAL(B, B_bytes, B_orig, B_bytes); + TEST_MEMORY_COMPARE(X, X_bytes, R, X_bytes); + TEST_MEMORY_COMPARE(A, A_bytes, A_orig, A_bytes); + TEST_MEMORY_COMPARE(B, B_bytes, B_orig, B_bytes); } exit: @@ -1280,7 +1280,7 @@ void mpi_core_sub_int(char *input_A, char *input_B, TEST_CALLOC(R, limbs); #define TEST_COMPARE_CORE_MPIS(A, B, limbs) \ - TEST_BUFFERS_EQUAL(A, (limbs) * sizeof(mbedtls_mpi_uint), B, (limbs) * sizeof(mbedtls_mpi_uint)) + TEST_MEMORY_COMPARE(A, (limbs) * sizeof(mbedtls_mpi_uint), B, (limbs) * sizeof(mbedtls_mpi_uint)) /* 1. R = A - b. Result and borrow should be correct */ TEST_EQUAL(mbedtls_mpi_core_sub_int(R, A, B[0], limbs), borrow); diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index ccc824c85..10deffa97 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -7,7 +7,7 @@ #include "test/constant_flow.h" #define TEST_COMPARE_MPI_RESIDUES(a, b) \ - TEST_BUFFERS_EQUAL((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \ + TEST_MEMORY_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \ (b).p, (b).limbs * sizeof(mbedtls_mpi_uint)) static int test_read_residue(mbedtls_mpi_mod_residue *r, @@ -128,42 +128,42 @@ void mpi_mod_mul(char *input_A, TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rB, &m), 0); - TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); + TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes); /* alias X to A */ memcpy(rX.p, rA.p, bytes); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rB, &m), 0); - TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); + TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes); /* alias X to B */ memcpy(rX.p, rB.p, bytes); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rX, &m), 0); - TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); + TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes); /* A == B: alias A and B */ if (memcmp(rA.p, rB.p, bytes) == 0) { TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA, &m), 0); - TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); + TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes); /* X, A, B all aliased together */ memcpy(rX.p, rA.p, bytes); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rX, &m), 0); - TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); + TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes); } /* A != B: test B * A */ else { TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rB, &rA, &m), 0); - TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); + TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes); /* B * A: alias X to A */ memcpy(rX.p, rA.p, bytes); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rB, &rX, &m), 0); - TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); + TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes); /* B + A: alias X to B */ memcpy(rX.p, rB.p, bytes); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rA, &m), 0); - TEST_BUFFERS_EQUAL(rX.p, bytes, rR.p, bytes); + TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes); } exit: @@ -702,7 +702,7 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian) TEST_EQUAL(0, mbedtls_mpi_mod_write(&r, &m, obuf, obuf_sizes[i], endian)); /* Make sure that writing didn't corrupt the value of r */ - TEST_BUFFERS_EQUAL(r.p, r.limbs, r_copy.p, r_copy.limbs); + TEST_MEMORY_COMPARE(r.p, r.limbs, r_copy.p, r_copy.limbs); /* Set up reference output for checking the result */ TEST_CALLOC(ref_buf, obuf_sizes[i]); @@ -723,7 +723,7 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian) } /* Check the result */ - TEST_BUFFERS_EQUAL(obuf, obuf_sizes[i], ref_buf, obuf_sizes[i]); + TEST_MEMORY_COMPARE(obuf, obuf_sizes[i], ref_buf, obuf_sizes[i]); mbedtls_free(ref_buf); ref_buf = NULL; diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index 9d671468d..3a4d4416d 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -161,10 +161,10 @@ void mpi_mod_raw_cond_assign(char *input_X, /* Check if the given length is copied even it is smaller than the length of the given MPIs. */ if (copy_limbs < limbs) { - TEST_BUFFERS_EQUAL(X, copy_bytes, Y, copy_bytes); + TEST_MEMORY_COMPARE(X, copy_bytes, Y, copy_bytes); TEST_ASSERT(memcmp(X, Y, bytes) != 0); } else { - TEST_BUFFERS_EQUAL(X, bytes, Y, bytes); + TEST_MEMORY_COMPARE(X, bytes, Y, bytes); } exit: @@ -223,8 +223,8 @@ void mpi_mod_raw_cond_swap(char *input_X, TEST_CF_PUBLIC(X, bytes); TEST_CF_PUBLIC(Y, bytes); - TEST_BUFFERS_EQUAL(X, bytes, tmp_X, bytes); - TEST_BUFFERS_EQUAL(Y, bytes, tmp_Y, bytes); + TEST_MEMORY_COMPARE(X, bytes, tmp_X, bytes); + TEST_MEMORY_COMPARE(Y, bytes, tmp_Y, bytes); /* condition is true */ TEST_CF_SECRET(X, bytes); @@ -238,15 +238,15 @@ void mpi_mod_raw_cond_swap(char *input_X, /* Check if the given length is copied even it is smaller than the length of the given MPIs. */ if (copy_limbs < limbs) { - TEST_BUFFERS_EQUAL(X, copy_bytes, tmp_Y, copy_bytes); - TEST_BUFFERS_EQUAL(Y, copy_bytes, tmp_X, copy_bytes); + TEST_MEMORY_COMPARE(X, copy_bytes, tmp_Y, copy_bytes); + TEST_MEMORY_COMPARE(Y, copy_bytes, tmp_X, copy_bytes); TEST_ASSERT(memcmp(X, tmp_X, bytes) != 0); TEST_ASSERT(memcmp(X, tmp_Y, bytes) != 0); TEST_ASSERT(memcmp(Y, tmp_X, bytes) != 0); TEST_ASSERT(memcmp(Y, tmp_Y, bytes) != 0); } else { - TEST_BUFFERS_EQUAL(X, bytes, tmp_Y, bytes); - TEST_BUFFERS_EQUAL(Y, bytes, tmp_X, bytes); + TEST_MEMORY_COMPARE(X, bytes, tmp_Y, bytes); + TEST_MEMORY_COMPARE(Y, bytes, tmp_X, bytes); } exit: @@ -297,27 +297,27 @@ void mpi_mod_raw_sub(char *input_A, &m, N, limbs), 0); mbedtls_mpi_mod_raw_sub(X, A, B, &m); - TEST_BUFFERS_EQUAL(X, bytes, res, bytes); + TEST_MEMORY_COMPARE(X, bytes, res, bytes); /* alias X to A */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_sub(X, X, B, &m); - TEST_BUFFERS_EQUAL(X, bytes, res, bytes); + TEST_MEMORY_COMPARE(X, bytes, res, bytes); /* alias X to B */ memcpy(X, B, bytes); mbedtls_mpi_mod_raw_sub(X, A, X, &m); - TEST_BUFFERS_EQUAL(X, bytes, res, bytes); + TEST_MEMORY_COMPARE(X, bytes, res, bytes); /* A == B: alias A and B */ if (memcmp(A, B, bytes) == 0) { mbedtls_mpi_mod_raw_sub(X, A, A, &m); - TEST_BUFFERS_EQUAL(X, bytes, res, bytes); + TEST_MEMORY_COMPARE(X, bytes, res, bytes); /* X, A, B all aliased together */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_sub(X, X, X, &m); - TEST_BUFFERS_EQUAL(X, bytes, res, bytes); + TEST_MEMORY_COMPARE(X, bytes, res, bytes); } exit: mbedtls_free(A); @@ -367,7 +367,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N, &m, N, limbs), 0); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); - TEST_BUFFERS_EQUAL(X, bytes, res, bytes); + TEST_MEMORY_COMPARE(X, bytes, res, bytes); exit: mbedtls_free(X); @@ -420,42 +420,42 @@ void mpi_mod_raw_mul(char *input_A, TEST_CALLOC(T, limbs_T); mbedtls_mpi_mod_raw_mul(X, A, B, &m, T); - TEST_BUFFERS_EQUAL(X, bytes, R, bytes); + TEST_MEMORY_COMPARE(X, bytes, R, bytes); /* alias X to A */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_mul(X, X, B, &m, T); - TEST_BUFFERS_EQUAL(X, bytes, R, bytes); + TEST_MEMORY_COMPARE(X, bytes, R, bytes); /* alias X to B */ memcpy(X, B, bytes); mbedtls_mpi_mod_raw_mul(X, A, X, &m, T); - TEST_BUFFERS_EQUAL(X, bytes, R, bytes); + TEST_MEMORY_COMPARE(X, bytes, R, bytes); /* A == B: alias A and B */ if (memcmp(A, B, bytes) == 0) { mbedtls_mpi_mod_raw_mul(X, A, A, &m, T); - TEST_BUFFERS_EQUAL(X, bytes, R, bytes); + TEST_MEMORY_COMPARE(X, bytes, R, bytes); /* X, A, B all aliased together */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_mul(X, X, X, &m, T); - TEST_BUFFERS_EQUAL(X, bytes, R, bytes); + TEST_MEMORY_COMPARE(X, bytes, R, bytes); } /* A != B: test B * A */ else { mbedtls_mpi_mod_raw_mul(X, B, A, &m, T); - TEST_BUFFERS_EQUAL(X, bytes, R, bytes); + TEST_MEMORY_COMPARE(X, bytes, R, bytes); /* B * A: alias X to A */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_mul(X, B, X, &m, T); - TEST_BUFFERS_EQUAL(X, bytes, R, bytes); + TEST_MEMORY_COMPARE(X, bytes, R, bytes); /* B + A: alias X to B */ memcpy(X, B, bytes); mbedtls_mpi_mod_raw_mul(X, X, A, &m, T); - TEST_BUFFERS_EQUAL(X, bytes, R, bytes); + TEST_MEMORY_COMPARE(X, bytes, R, bytes); } exit: @@ -578,45 +578,45 @@ void mpi_mod_raw_add(char *input_N, /* A + B => Correct result */ mbedtls_mpi_mod_raw_add(X, A, B, &m); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); /* A + B: alias X to A => Correct result */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_add(X, X, B, &m); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); /* A + B: alias X to B => Correct result */ memcpy(X, B, bytes); mbedtls_mpi_mod_raw_add(X, A, X, &m); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); if (memcmp(A, B, bytes) == 0) { /* A == B: alias A and B */ /* A + A => Correct result */ mbedtls_mpi_mod_raw_add(X, A, A, &m); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); /* A + A: X, A, B all aliased together => Correct result */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_add(X, X, X, &m); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); } else { /* A != B: test B + A */ /* B + A => Correct result */ mbedtls_mpi_mod_raw_add(X, B, A, &m); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); /* B + A: alias X to A => Correct result */ memcpy(X, A, bytes); mbedtls_mpi_mod_raw_add(X, B, X, &m); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); /* B + A: alias X to B => Correct result */ memcpy(X, B, bytes); mbedtls_mpi_mod_raw_add(X, X, A, &m); - TEST_BUFFERS_EQUAL(X, bytes, S, bytes); + TEST_MEMORY_COMPARE(X, bytes, S, bytes); } exit: @@ -647,7 +647,7 @@ void mpi_mod_raw_canonical_to_modulus_rep(const char *input_N, int rep, TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X)); TEST_EQUAL(0, mbedtls_mpi_mod_raw_canonical_to_modulus_rep(A, &N)); - TEST_BUFFERS_EQUAL(A, A_limbs * sizeof(mbedtls_mpi_uint), + TEST_MEMORY_COMPARE(A, A_limbs * sizeof(mbedtls_mpi_uint), X, X_limbs * sizeof(mbedtls_mpi_uint)); exit: @@ -674,7 +674,7 @@ void mpi_mod_raw_modulus_to_canonical_rep(const char *input_N, int rep, TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X)); TEST_EQUAL(0, mbedtls_mpi_mod_raw_modulus_to_canonical_rep(A, &N)); - TEST_BUFFERS_EQUAL(A, A_limbs * sizeof(mbedtls_mpi_uint), + TEST_MEMORY_COMPARE(A, A_limbs * sizeof(mbedtls_mpi_uint), X, X_limbs * sizeof(mbedtls_mpi_uint)); exit: @@ -723,20 +723,20 @@ void mpi_mod_raw_to_mont_rep(char *input_N, char *input_A, char *input_X) mbedtls_mpi_core_to_mont_rep(R, A, N, n_limbs, m.rep.mont.mm, m.rep.mont.rr, T); /* Test that the low-level function gives the required value */ - TEST_BUFFERS_EQUAL(R, bytes, X, bytes); + TEST_MEMORY_COMPARE(R, bytes, X, bytes); /* Test when output is aliased to input */ memcpy(R, A, bytes); mbedtls_mpi_core_to_mont_rep(R, R, N, n_limbs, m.rep.mont.mm, m.rep.mont.rr, T); - TEST_BUFFERS_EQUAL(R, bytes, X, bytes); + TEST_MEMORY_COMPARE(R, bytes, X, bytes); /* 2. Test higher-level cannonical to Montgomery conversion */ TEST_EQUAL(0, mbedtls_mpi_mod_raw_to_mont_rep(A, &m)); /* The result matches expected value */ - TEST_BUFFERS_EQUAL(A, bytes, X, bytes); + TEST_MEMORY_COMPARE(A, bytes, X, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); @@ -787,20 +787,20 @@ void mpi_mod_raw_from_mont_rep(char *input_N, char *input_A, char *input_X) mbedtls_mpi_core_from_mont_rep(R, A, N, n_limbs, m.rep.mont.mm, T); /* Test that the low-level function gives the required value */ - TEST_BUFFERS_EQUAL(R, bytes, X, bytes); + TEST_MEMORY_COMPARE(R, bytes, X, bytes); /* Test when output is aliased to input */ memcpy(R, A, bytes); mbedtls_mpi_core_from_mont_rep(R, R, N, n_limbs, m.rep.mont.mm, T); - TEST_BUFFERS_EQUAL(R, bytes, X, bytes); + TEST_MEMORY_COMPARE(R, bytes, X, bytes); /* 2. Test higher-level Montgomery to cannonical conversion */ TEST_EQUAL(0, mbedtls_mpi_mod_raw_from_mont_rep(A, &m)); /* The result matches expected value */ - TEST_BUFFERS_EQUAL(A, bytes, X, bytes); + TEST_MEMORY_COMPARE(A, bytes, X, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); @@ -841,19 +841,19 @@ void mpi_mod_raw_neg(char *input_N, char *input_A, char *input_X) /* Neg( A == 0 ) => Zero result */ mbedtls_mpi_mod_raw_neg(R, Z, &m); - TEST_BUFFERS_EQUAL(R, bytes, Z, bytes); + TEST_MEMORY_COMPARE(R, bytes, Z, bytes); /* Neg( A == N ) => Zero result */ mbedtls_mpi_mod_raw_neg(R, N, &m); - TEST_BUFFERS_EQUAL(R, bytes, Z, bytes); + TEST_MEMORY_COMPARE(R, bytes, Z, bytes); /* Neg( A ) => Correct result */ mbedtls_mpi_mod_raw_neg(R, A, &m); - TEST_BUFFERS_EQUAL(R, bytes, X, bytes); + TEST_MEMORY_COMPARE(R, bytes, X, bytes); /* Neg( A ): alias A to R => Correct result */ mbedtls_mpi_mod_raw_neg(A, A, &m); - TEST_BUFFERS_EQUAL(A, bytes, X, bytes); + TEST_MEMORY_COMPARE(A, bytes, X, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); mbedtls_free(N); diff --git a/tests/suites/test_suite_bignum_random.function b/tests/suites/test_suite_bignum_random.function index f1e623e39..f7025d4d5 100644 --- a/tests/suites/test_suite_bignum_random.function +++ b/tests/suites/test_suite_bignum_random.function @@ -174,7 +174,7 @@ void mpi_legacy_random_values(int min, char *max_hex) * same number, with the same limb count. */ TEST_EQUAL(core_ret, legacy_ret); if (core_ret == 0) { - TEST_BUFFERS_EQUAL(R_core, limbs * ciL, + TEST_MEMORY_COMPARE(R_core, limbs * ciL, R_legacy.p, R_legacy.n * ciL); } @@ -182,7 +182,7 @@ void mpi_legacy_random_values(int min, char *max_hex) /* This may theoretically fail on rare platforms with padding in * the structure! If this is a problem in practice, change to a * field-by-field comparison. */ - TEST_BUFFERS_EQUAL(&rnd_core, sizeof(rnd_core), + TEST_MEMORY_COMPARE(&rnd_core, sizeof(rnd_core), &rnd_legacy, sizeof(rnd_legacy)); exit: @@ -237,11 +237,11 @@ void mpi_mod_random_values(int min, char *max_hex, int rep) if (core_ret == 0) { TEST_EQUAL(mbedtls_mpi_mod_raw_modulus_to_canonical_rep(R_mod_raw, &N), 0); - TEST_BUFFERS_EQUAL(R_core, N.limbs * ciL, + TEST_MEMORY_COMPARE(R_core, N.limbs * ciL, R_mod_raw, N.limbs * ciL); TEST_EQUAL(mbedtls_mpi_mod_raw_modulus_to_canonical_rep(R_mod_digits, &N), 0); - TEST_BUFFERS_EQUAL(R_core, N.limbs * ciL, + TEST_MEMORY_COMPARE(R_core, N.limbs * ciL, R_mod_digits, N.limbs * ciL); } @@ -249,9 +249,9 @@ void mpi_mod_random_values(int min, char *max_hex, int rep) /* This may theoretically fail on rare platforms with padding in * the structure! If this is a problem in practice, change to a * field-by-field comparison. */ - TEST_BUFFERS_EQUAL(&rnd_core, sizeof(rnd_core), + TEST_MEMORY_COMPARE(&rnd_core, sizeof(rnd_core), &rnd_mod_raw, sizeof(rnd_mod_raw)); - TEST_BUFFERS_EQUAL(&rnd_core, sizeof(rnd_core), + TEST_MEMORY_COMPARE(&rnd_core, sizeof(rnd_core), &rnd_mod, sizeof(rnd_mod)); exit: diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index d79272919..5aaaaa2e4 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -36,7 +36,7 @@ static int check_multipart(mbedtls_ccm_context *ctx, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen)); TEST_EQUAL(n1, olen); - TEST_BUFFERS_EQUAL(output, olen, expected_output->x, n1); + TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1); mbedtls_free(output); output = NULL; @@ -44,13 +44,13 @@ static int check_multipart(mbedtls_ccm_context *ctx, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen)); TEST_EQUAL(n2, olen); - TEST_BUFFERS_EQUAL(output, olen, expected_output->x + n1, n2); + TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2); mbedtls_free(output); output = NULL; TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len)); - TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); + TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); mbedtls_free(output); output = NULL; @@ -204,8 +204,8 @@ void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key, TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len, io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0); - TEST_BUFFERS_EQUAL(io_msg_buf, msg->len, result->x, msg->len); - TEST_BUFFERS_EQUAL(tag_buf, expected_tag_len, expected_tag, expected_tag_len); + TEST_MEMORY_COMPARE(io_msg_buf, msg->len, result->x, msg->len); + TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); /* Prepare data_t structures for multipart testing */ const data_t encrypted_expected = { .x = result->x, @@ -249,7 +249,7 @@ void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key, TEST_CALLOC(output, msg->len); TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); TEST_EQUAL(result->len, olen); - TEST_BUFFERS_EQUAL(output, olen, result->x, result->len); + TEST_MEMORY_COMPARE(output, olen, result->x, result->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0)); exit: @@ -285,7 +285,7 @@ void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key, result); if (result == 0) { - TEST_BUFFERS_EQUAL(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len); + TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len); /* Prepare data_t structures for multipart testing */ const data_t encrypted = { .x = msg->x, @@ -372,8 +372,8 @@ void mbedtls_ccm_star_encrypt_and_tag(int cipher_id, add->x, add->len, io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), output_ret); - TEST_BUFFERS_EQUAL(io_msg_buf, msg->len, expected_result->x, msg->len); - TEST_BUFFERS_EQUAL(tag_buf, expected_tag_len, expected_tag, expected_tag_len); + TEST_MEMORY_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len); + TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); if (output_ret == 0) { const data_t iv_data = { .x = iv, @@ -450,7 +450,7 @@ void mbedtls_ccm_star_auth_decrypt(int cipher_id, add->x, add->len, io_msg_buf, io_msg_buf, expected_tag, expected_tag_len), output_ret); - TEST_BUFFERS_EQUAL(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len); + TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len); if (output_ret == 0) { const data_t iv_data = { .x = iv, @@ -504,13 +504,13 @@ void mbedtls_ccm_skip_ad(int cipher_id, int mode, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen)); TEST_EQUAL(result->len, olen); - TEST_BUFFERS_EQUAL(output, olen, result->x, result->len); + TEST_MEMORY_COMPARE(output, olen, result->x, result->len); mbedtls_free(output); output = NULL; TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); - TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); + TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); mbedtls_free(output); output = NULL; @@ -538,7 +538,7 @@ void mbedtls_ccm_skip_update(int cipher_id, int mode, TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); - TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); + TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); mbedtls_free(output); output = NULL; diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index 1838cdc7d..a638213ff 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -29,7 +29,7 @@ void chacha20_crypt(data_t *key_str, TEST_ASSERT(mbedtls_chacha20_crypt(key_str->x, nonce_str->x, counter, src_str->len, src_str->x, output) == 0); - TEST_BUFFERS_EQUAL(output, expected_output_str->len, + TEST_MEMORY_COMPARE(output, expected_output_str->len, expected_output_str->x, expected_output_str->len); /* @@ -44,7 +44,7 @@ void chacha20_crypt(data_t *key_str, memset(output, 0x00, sizeof(output)); TEST_ASSERT(mbedtls_chacha20_update(&ctx, src_str->len, src_str->x, output) == 0); - TEST_BUFFERS_EQUAL(output, expected_output_str->len, + TEST_MEMORY_COMPARE(output, expected_output_str->len, expected_output_str->x, expected_output_str->len); /* @@ -60,7 +60,7 @@ void chacha20_crypt(data_t *key_str, TEST_ASSERT(mbedtls_chacha20_update(&ctx, src_str->len - 1, src_str->x + 1, output + 1) == 0); - TEST_BUFFERS_EQUAL(output, expected_output_str->len, + TEST_MEMORY_COMPARE(output, expected_output_str->len, expected_output_str->x, expected_output_str->len); mbedtls_chacha20_free(&ctx); diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 55c6182ce..40907ad94 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -950,7 +950,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len)); } else { TEST_ASSERT(ret == 0); - TEST_BUFFERS_EQUAL(decrypt_buf, outlen, clear->x, clear->len); + TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len); } mbedtls_free(decrypt_buf); diff --git a/tests/suites/test_suite_common.function b/tests/suites/test_suite_common.function index 747def345..a583e4604 100644 --- a/tests/suites/test_suite_common.function +++ b/tests/suites/test_suite_common.function @@ -28,7 +28,7 @@ void mbedtls_xor(int len) r1[i] = a[i] ^ b[i]; } mbedtls_xor(r2, a, b, n); - TEST_BUFFERS_EQUAL(r1, n, r2, n); + TEST_MEMORY_COMPARE(r1, n, r2, n); /* Test r == a */ fill_arrays(a, b, r1, r2, n); @@ -36,7 +36,7 @@ void mbedtls_xor(int len) r1[i] = r1[i] ^ b[i]; } mbedtls_xor(r2, r2, b, n); - TEST_BUFFERS_EQUAL(r1, n, r2, n); + TEST_MEMORY_COMPARE(r1, n, r2, n); /* Test r == b */ fill_arrays(a, b, r1, r2, n); @@ -44,7 +44,7 @@ void mbedtls_xor(int len) r1[i] = a[i] ^ r1[i]; } mbedtls_xor(r2, a, r2, n); - TEST_BUFFERS_EQUAL(r1, n, r2, n); + TEST_MEMORY_COMPARE(r1, n, r2, n); /* Test a == b */ fill_arrays(a, b, r1, r2, n); @@ -52,7 +52,7 @@ void mbedtls_xor(int len) r1[i] = a[i] ^ a[i]; } mbedtls_xor(r2, a, a, n); - TEST_BUFFERS_EQUAL(r1, n, r2, n); + TEST_MEMORY_COMPARE(r1, n, r2, n); /* Test a == b == r */ fill_arrays(a, b, r1, r2, n); @@ -60,7 +60,7 @@ void mbedtls_xor(int len) r1[i] = r1[i] ^ r1[i]; } mbedtls_xor(r2, r2, r2, n); - TEST_BUFFERS_EQUAL(r1, n, r2, n); + TEST_MEMORY_COMPARE(r1, n, r2, n); /* Test non-word-aligned buffers, for all combinations of alignedness */ for (int i = 0; i < 7; i++) { @@ -71,7 +71,7 @@ void mbedtls_xor(int len) r1[j + r_off] = a[j + a_off] ^ b[j + b_off]; } mbedtls_xor(r2 + r_off, a + a_off, b + b_off, n); - TEST_BUFFERS_EQUAL(r1 + r_off, n, r2 + r_off, n); + TEST_MEMORY_COMPARE(r1 + r_off, n, r2 + r_off, n); } exit: mbedtls_free(a); diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index 42100ce60..bd0eec5a2 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -91,7 +91,7 @@ void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset) TEST_CF_PUBLIC(&one, sizeof(one)); TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq)); - TEST_BUFFERS_EQUAL(expected, size, result + offset, size); + TEST_MEMORY_COMPARE(expected, size, result + offset, size); for (int i = 0; i < size + offset; i++) { src[i] = 1; @@ -109,7 +109,7 @@ void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset) TEST_CF_PUBLIC(&one, sizeof(one)); TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq)); - TEST_BUFFERS_EQUAL(expected, size, result, size); + TEST_MEMORY_COMPARE(expected, size, result, size); exit: mbedtls_free(src); mbedtls_free(result); @@ -140,7 +140,7 @@ void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len) TEST_CF_PUBLIC(&secret, sizeof(secret)); TEST_CF_PUBLIC(dst, len); - TEST_BUFFERS_EQUAL(dst, len, src + secret, len); + TEST_MEMORY_COMPARE(dst, len, src + secret, len); } exit: diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index e284c07ce..d7bbe04bd 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -133,7 +133,7 @@ void ssl_cf_hmac(int hash) TEST_EQUAL(0, mbedtls_md_hmac_reset(&ref_ctx)); /* Compare */ - TEST_BUFFERS_EQUAL(out, out_len, ref_out, out_len); + TEST_MEMORY_COMPARE(out, out_len, ref_out, out_len); #endif /* MBEDTLS_USE_PSA_CRYPTO */ } diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 7c507c242..93138bdc6 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -538,7 +538,7 @@ void ecp_muladd(int id, &len, actual_result, sizeof(actual_result))); TEST_ASSERT(len <= MBEDTLS_ECP_MAX_PT_LEN); - TEST_BUFFERS_EQUAL(expected_result->x, expected_result->len, + TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, actual_result, len); exit: @@ -1061,7 +1061,7 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica ret = mbedtls_ecp_write_key(&key, buf, in_key->len); TEST_ASSERT(ret == 0); - TEST_BUFFERS_EQUAL(in_key->x, in_key->len, + TEST_MEMORY_COMPARE(in_key->x, in_key->len, buf, in_key->len); } else { unsigned char export1[MBEDTLS_ECP_MAX_BYTES]; @@ -1076,7 +1076,7 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica ret = mbedtls_ecp_write_key(&key2, export2, in_key->len); TEST_ASSERT(ret == 0); - TEST_BUFFERS_EQUAL(export1, in_key->len, + TEST_MEMORY_COMPARE(export1, in_key->len, export2, in_key->len); } } @@ -1123,7 +1123,7 @@ void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected) * (can be enforced by checking these bits). * - Other bits must be random (by testing with different RNG outputs, * we validate that those bits are indeed influenced by the RNG). */ - TEST_BUFFERS_EQUAL(expected->x, expected->len, + TEST_MEMORY_COMPARE(expected->x, expected->len, actual, expected->len); } @@ -1379,7 +1379,7 @@ void ecp_mod_p_generic_raw(int curve_id, TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); - TEST_BUFFERS_EQUAL(X, bytes, res, bytes); + TEST_MEMORY_COMPARE(X, bytes, res, bytes); exit: mbedtls_free(X); @@ -1420,7 +1420,7 @@ void ecp_mod_setup(char *input_A, int id, int ctype, int iret) } /* Compare output byte-by-byte */ - TEST_BUFFERS_EQUAL(p, bytes, m.p, bytes); + TEST_MEMORY_COMPARE(p, bytes, m.p, bytes); /* Test for user free-ing allocated memory */ mbedtls_mpi_mod_modulus_free(&m); @@ -1472,10 +1472,10 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype) limbs * ciL, MBEDTLS_MPI_MOD_EXT_REP_LE), 0); - TEST_BUFFERS_EQUAL(bufx, ciL, one, ciL); + TEST_MEMORY_COMPARE(bufx, ciL, one, ciL); /*Borrow the buffer of A to compare the left lims with 0 */ memset(A, 0, limbs * ciL); - TEST_BUFFERS_EQUAL(&bufx[1], (limbs - 1) * ciL, A, (limbs - 1) * ciL); + TEST_MEMORY_COMPARE(&bufx[1], (limbs - 1) * ciL, A, (limbs - 1) * ciL); exit: mbedtls_mpi_mod_modulus_free(&m); @@ -1527,7 +1527,7 @@ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype) TEST_EQUAL(0, mbedtls_mpi_mod_sub(&rS, &rS, &rB, &m)); /* Compare difference with rA byte-by-byte */ - TEST_BUFFERS_EQUAL(rA.p, bytes, rS.p, bytes); + TEST_MEMORY_COMPARE(rA.p, bytes, rS.p, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); @@ -1577,7 +1577,7 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); TEST_EQUAL(limbs, rX.limbs); - TEST_BUFFERS_EQUAL(rA.p, bytes, rX.p, bytes); + TEST_MEMORY_COMPARE(rA.p, bytes, rX.p, bytes); memset(bufx, 0x00, bytes); memset(rX_raw, 0x00, bytes); @@ -1591,7 +1591,7 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) MBEDTLS_MPI_MOD_EXT_REP_BE)); TEST_EQUAL(limbs, rX.limbs); - TEST_BUFFERS_EQUAL(rA.p, bytes, rX.p, bytes); + TEST_MEMORY_COMPARE(rA.p, bytes, rX.p, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index d7078cf60..747914f6b 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -37,7 +37,7 @@ static int check_multipart(mbedtls_gcm_context *ctx, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, n1, output, n1, &olen)); TEST_EQUAL(n1, olen); - TEST_BUFFERS_EQUAL(output, olen, expected_output->x, n1); + TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1); mbedtls_free(output); output = NULL; @@ -45,14 +45,14 @@ static int check_multipart(mbedtls_gcm_context *ctx, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x + n1, n2, output, n2, &olen)); TEST_EQUAL(n2, olen); - TEST_BUFFERS_EQUAL(output, olen, expected_output->x + n1, n2); + TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2); mbedtls_free(output); output = NULL; TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); - TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); + TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); mbedtls_free(output); output = NULL; @@ -91,14 +91,14 @@ static void check_cipher_with_empty_ad(mbedtls_gcm_context *ctx, olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, input->len, output, input->len, &olen)); TEST_EQUAL(input->len, olen); - TEST_BUFFERS_EQUAL(output, olen, expected_output->x, input->len); + TEST_MEMORY_COMPARE(output, olen, expected_output->x, input->len); mbedtls_free(output); output = NULL; TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); - TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); + TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); exit: mbedtls_free(output); @@ -128,7 +128,7 @@ static void check_empty_cipher_with_ad(mbedtls_gcm_context *ctx, TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output_tag, tag->len)); TEST_EQUAL(0, olen); - TEST_BUFFERS_EQUAL(output_tag, tag->len, tag->x, tag->len); + TEST_MEMORY_COMPARE(output_tag, tag->len, tag->x, tag->len); exit: mbedtls_free(output_tag); @@ -147,7 +147,7 @@ static void check_no_cipher_no_ad(mbedtls_gcm_context *ctx, TEST_CALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); TEST_EQUAL(0, olen); - TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len); + TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); exit: mbedtls_free(output); @@ -212,8 +212,8 @@ void gcm_encrypt_and_tag(int cipher_id, data_t *key_str, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output) == 0); - TEST_BUFFERS_EQUAL(output, src_str->len, dst->x, dst->len); - TEST_BUFFERS_EQUAL(tag_output, tag_len, tag->x, tag->len); + TEST_MEMORY_COMPARE(output, src_str->len, dst->x, dst->len); + TEST_MEMORY_COMPARE(tag_output, tag_len, tag->x, tag->len); for (n1 = 0; n1 <= src_str->len; n1 += 1) { for (n1_add = 0; n1_add <= add_str->len; n1_add += 1) { @@ -269,7 +269,7 @@ void gcm_decrypt_and_verify(int cipher_id, data_t *key_str, TEST_ASSERT(ret == MBEDTLS_ERR_GCM_AUTH_FAILED); } else { TEST_ASSERT(ret == 0); - TEST_BUFFERS_EQUAL(output, src_str->len, pt_result->x, pt_result->len); + TEST_MEMORY_COMPARE(output, src_str->len, pt_result->x, pt_result->len); for (n1 = 0; n1 <= src_str->len; n1 += 1) { for (n1_add = 0; n1_add <= add_str->len; n1_add += 1) { diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index df920222f..b3ccfb030 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -26,7 +26,7 @@ void test_hkdf(int md_alg, data_t *ikm, data_t *salt, data_t *info, info->x, info->len, okm, expected_okm->len); TEST_ASSERT(ret == 0); - TEST_BUFFERS_EQUAL(okm, expected_okm->len, + TEST_MEMORY_COMPARE(okm, expected_okm->len, expected_okm->x, expected_okm->len); exit: @@ -56,7 +56,7 @@ void test_hkdf_extract(int md_alg, ikm->x, ikm->len, output_prk); TEST_ASSERT(ret == 0); - TEST_BUFFERS_EQUAL(output_prk, output_prk_len, prk->x, prk->len); + TEST_MEMORY_COMPARE(output_prk, output_prk_len, prk->x, prk->len); exit: mbedtls_free(output_prk); @@ -88,7 +88,7 @@ void test_hkdf_expand(int md_alg, info->x, info->len, output_okm, OKM_LEN); TEST_ASSERT(ret == 0); - TEST_BUFFERS_EQUAL(output_okm, okm->len, okm->x, okm->len); + TEST_MEMORY_COMPARE(output_okm, okm->len, okm->x, okm->len); exit: mbedtls_free(output_okm); diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function index c0db0f7f9..e991672a7 100644 --- a/tests/suites/test_suite_lmots.function +++ b/tests/suites/test_suite_lmots.function @@ -162,7 +162,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) TEST_EQUAL(exported_pub_key_size, MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)); - TEST_BUFFERS_EQUAL(pub_key->x, pub_key->len, + TEST_MEMORY_COMPARE(pub_key->x, pub_key->len, exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; @@ -183,7 +183,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) exported_pub_key_buf_size, &exported_pub_key_size), 0); - TEST_BUFFERS_EQUAL(pub_key->x, pub_key->len, + TEST_MEMORY_COMPARE(pub_key->x, pub_key->len, exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function index ed6cd54d9..f6f4685c8 100644 --- a/tests/suites/test_suite_lms.function +++ b/tests/suites/test_suite_lms.function @@ -164,7 +164,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) TEST_EQUAL(exported_pub_key_size, MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10)); - TEST_BUFFERS_EQUAL(pub_key->x, pub_key->len, + TEST_MEMORY_COMPARE(pub_key->x, pub_key->len, exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; @@ -185,7 +185,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) exported_pub_key_buf_size, &exported_pub_key_size), 0); - TEST_BUFFERS_EQUAL(pub_key->x, pub_key->len, + TEST_MEMORY_COMPARE(pub_key->x, pub_key->len, exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 63d5d0ae8..fadb36238 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -185,7 +185,7 @@ void md_text(int md_type, char *text_src_string, data_t *hash) TEST_EQUAL(0, mbedtls_md(md_info, src, src_len, output)); - TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); exit: MD_PSA_DONE(); @@ -206,7 +206,7 @@ void md_hex(int md_type, data_t *src_str, data_t *hash) TEST_EQUAL(0, mbedtls_md(md_info, src_str->x, src_str->len, output)); - TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); exit: MD_PSA_DONE(); @@ -248,14 +248,14 @@ void md_text_multi(int md_type, char *text_src_string, TEST_EQUAL(0, mbedtls_md_update(&ctx, src + halfway, src_len - halfway)); TEST_EQUAL(0, mbedtls_md_finish(&ctx, output)); - TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); /* Test clone */ memset(output, 0x00, sizeof(output)); TEST_EQUAL(0, mbedtls_md_update(&ctx_copy, src + halfway, src_len - halfway)); TEST_EQUAL(0, mbedtls_md_finish(&ctx_copy, output)); - TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); exit: mbedtls_md_free(&ctx); @@ -295,14 +295,14 @@ void md_hex_multi(int md_type, data_t *src_str, data_t *hash) TEST_EQUAL(0, mbedtls_md_update(&ctx, src_str->x + halfway, src_str->len - halfway)); TEST_EQUAL(0, mbedtls_md_finish(&ctx, output)); - TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); /* Test clone */ memset(output, 0x00, sizeof(output)); TEST_EQUAL(0, mbedtls_md_update(&ctx_copy, src_str->x + halfway, src_str->len - halfway)); TEST_EQUAL(0, mbedtls_md_finish(&ctx_copy, output)); - TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); exit: mbedtls_md_free(&ctx); @@ -328,7 +328,7 @@ void mbedtls_md_hmac(int md_type, int trunc_size, TEST_EQUAL(0, mbedtls_md_hmac(md_info, key_str->x, key_str->len, src_str->x, src_str->len, output)); - TEST_BUFFERS_EQUAL(output, trunc_size, hash->x, hash->len); + TEST_MEMORY_COMPARE(output, trunc_size, hash->x, hash->len); exit: MD_PSA_DONE(); @@ -363,7 +363,7 @@ void md_hmac_multi(int md_type, int trunc_size, data_t *key_str, TEST_EQUAL(0, mbedtls_md_hmac_update(&ctx, src_str->x + halfway, src_str->len - halfway)); TEST_EQUAL(0, mbedtls_md_hmac_finish(&ctx, output)); - TEST_BUFFERS_EQUAL(output, trunc_size, hash->x, hash->len); + TEST_MEMORY_COMPARE(output, trunc_size, hash->x, hash->len); /* Test again, for reset() */ memset(output, 0x00, sizeof(output)); @@ -373,7 +373,7 @@ void md_hmac_multi(int md_type, int trunc_size, data_t *key_str, TEST_EQUAL(0, mbedtls_md_hmac_update(&ctx, src_str->x + halfway, src_str->len - halfway)); TEST_EQUAL(0, mbedtls_md_hmac_finish(&ctx, output)); - TEST_BUFFERS_EQUAL(output, trunc_size, hash->x, hash->len); + TEST_MEMORY_COMPARE(output, trunc_size, hash->x, hash->len); exit: mbedtls_md_free(&ctx); @@ -395,7 +395,7 @@ void mbedtls_md_file(int md_type, char *filename, TEST_EQUAL(0, mbedtls_md_file(md_info, filename, output)); - TEST_BUFFERS_EQUAL(output, mbedtls_md_get_size(md_info), hash->x, hash->len); + TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len); exit: MD_PSA_DONE(); diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function index 7024e0b8c..7d4845225 100644 --- a/tests/suites/test_suite_mps.function +++ b/tests/suites/test_suite_mps.function @@ -60,7 +60,7 @@ void mbedtls_mps_reader_no_pausing_single_step_single_round(int with_acc) /* Consumption (upper layer) */ /* Consume exactly what's available */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 100, bufA, 100); + TEST_MEMORY_COMPARE(tmp, 100, bufA, 100); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup (lower layer) */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0); @@ -108,14 +108,14 @@ void mbedtls_mps_reader_no_pausing_single_step_multiple_rounds(int with_acc) /* Consumption (upper layer) */ /* Consume exactly what's available */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 100, bufA, 100); + TEST_MEMORY_COMPARE(tmp, 100, bufA, 100); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Preparation */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); /* Consumption */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 100, bufB, 100); + TEST_MEMORY_COMPARE(tmp, 100, bufB, 100); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup (lower layer) */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); @@ -162,11 +162,11 @@ void mbedtls_mps_reader_no_pausing_multiple_steps_single_round(int with_acc) TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, buf, 10); + TEST_MEMORY_COMPARE(tmp, 10, buf, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 70, buf + 10, 70); + TEST_MEMORY_COMPARE(tmp, 70, buf + 10, 70); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0); - TEST_BUFFERS_EQUAL(tmp, tmp_len, buf + 80, 20); + TEST_MEMORY_COMPARE(tmp, tmp_len, buf + 80, 20); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup (lower layer) */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); @@ -202,18 +202,18 @@ void mbedtls_mps_reader_no_pausing_multiple_steps_multiple_rounds(int with_acc) TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 70, bufA + 10, 70); + TEST_MEMORY_COMPARE(tmp, 70, bufA + 10, 70); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0); - TEST_BUFFERS_EQUAL(tmp, tmp_len, bufA + 80, 20); + TEST_MEMORY_COMPARE(tmp, tmp_len, bufA + 80, 20); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Preparation */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); /* Consumption */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 100, bufB, 100); + TEST_MEMORY_COMPARE(tmp, 100, bufB, 100); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); @@ -243,7 +243,7 @@ void mbedtls_mps_reader_pausing_needed_disabled() TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 50, buf, 50); + TEST_MEMORY_COMPARE(tmp, 50, buf, 50); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -284,10 +284,10 @@ void mbedtls_mps_reader_pausing_needed_buffer_too_small() TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 50, buf, 50); + TEST_MEMORY_COMPARE(tmp, 50, buf, 50); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, buf + 50, 10); + TEST_MEMORY_COMPARE(tmp, 10, buf + 50, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); /* Wrapup (lower layer) */ @@ -295,7 +295,7 @@ void mbedtls_mps_reader_pausing_needed_buffer_too_small() MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, &tmp_len) == 0); - TEST_BUFFERS_EQUAL(tmp, tmp_len, buf + 50, 50); + TEST_MEMORY_COMPARE(tmp, tmp_len, buf + 50, 50); mbedtls_mps_reader_free(&rd); } @@ -325,7 +325,7 @@ void mbedtls_mps_reader_reclaim_overflow() TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 50, buf, 50); + TEST_MEMORY_COMPARE(tmp, 50, buf, 50); /* Excess request */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, (mbedtls_mps_size_t) -1, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -376,10 +376,10 @@ void mbedtls_mps_reader_pausing(int option) /* Consumption (upper layer) */ /* Ask for more than what's available. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 80, bufA, 80); + TEST_MEMORY_COMPARE(tmp, 80, bufA, 80); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); switch (option) { case 0: /* Single uncommitted fetch at pausing */ case 1: @@ -400,50 +400,50 @@ void mbedtls_mps_reader_pausing(int option) switch (option) { case 0: /* Single fetch at pausing, re-fetch with commit. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); - TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); + TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); break; case 1: /* Single fetch at pausing, re-fetch without commit. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); - TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); + TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); break; case 2: /* Multiple fetches at pausing, repeat without commit. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); - TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); + TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); break; case 3: /* Multiple fetches at pausing, repeat with commit 1. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); - TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); + TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); break; case 4: /* Multiple fetches at pausing, repeat with commit 2. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); - TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); + TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); break; case 5: /* Multiple fetches at pausing, repeat with commit 3. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); - TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); + TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); break; @@ -453,7 +453,7 @@ void mbedtls_mps_reader_pausing(int option) /* In all cases, fetch the rest of the second buffer. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 90, bufB + 10, 90); + TEST_MEMORY_COMPARE(tmp, 90, bufB + 10, 90); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup */ @@ -498,7 +498,7 @@ void mbedtls_mps_reader_pausing_multiple_feeds(int option) /* Consumption (upper layer) */ /* Ask for more than what's available. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 80, bufA, 80); + TEST_MEMORY_COMPARE(tmp, 80, bufA, 80); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* 20 left, ask for 70 -> 50 overhead */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == @@ -538,8 +538,8 @@ void mbedtls_mps_reader_pausing_multiple_feeds(int option) /* Consumption */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 20, bufA + 80, 20); - TEST_BUFFERS_EQUAL(tmp + 20, 50, bufB, 50); + TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); + TEST_MEMORY_COMPARE(tmp + 20, 50, bufB, 50); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 1000, &tmp, &fetch_len) == 0); switch (option) { case 0: @@ -591,14 +591,14 @@ void mbedtls_mps_reader_reclaim_data_left(int option) /* Fetch (but not commit) the entire buffer. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf), &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 100, buf, 100); + TEST_MEMORY_COMPARE(tmp, 100, buf, 100); break; case 1: /* Fetch (but not commit) parts of the buffer. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); + TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); break; case 2: @@ -606,11 +606,11 @@ void mbedtls_mps_reader_reclaim_data_left(int option) * fetch but not commit the rest of the buffer. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); + TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, sizeof(buf) / 2, + TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, buf + sizeof(buf) / 2, sizeof(buf) / 2); break; @@ -646,16 +646,16 @@ void mbedtls_mps_reader_reclaim_data_left_retry() TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 50, buf, 50); + TEST_MEMORY_COMPARE(tmp, 50, buf, 50); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 50, buf + 50, 50); + TEST_MEMORY_COMPARE(tmp, 50, buf + 50, 50); /* Preparation */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == MBEDTLS_ERR_MPS_READER_DATA_LEFT); /* Consumption */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 50, buf + 50, 50); + TEST_MEMORY_COMPARE(tmp, 50, buf + 50, 50); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup */ TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); @@ -699,10 +699,10 @@ void mbedtls_mps_reader_multiple_pausing(int option) /* Consumption (upper layer) */ /* Ask for more than what's available. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 80, bufA, 80); + TEST_MEMORY_COMPARE(tmp, 80, bufA, 80); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -717,10 +717,10 @@ void mbedtls_mps_reader_multiple_pausing(int option) /* Consume */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, &tmp_len) == 0); - TEST_BUFFERS_EQUAL(tmp, tmp_len, bufA + 80, 10); + TEST_MEMORY_COMPARE(tmp, tmp_len, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); - TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); + TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -731,18 +731,18 @@ void mbedtls_mps_reader_multiple_pausing(int option) /* Consume */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufB + 10, 10); - TEST_BUFFERS_EQUAL(tmp + 10, 10, bufC, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufB + 10, 10); + TEST_MEMORY_COMPARE(tmp + 10, 10, bufC, 10); break; case 1: /* Fetch same chunks, commit afterwards, and * then exceed bounds of new buffer; accumulator * not large enough. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); - TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); + TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 51, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -756,10 +756,10 @@ void mbedtls_mps_reader_multiple_pausing(int option) * then exceed bounds of new buffer; accumulator * large enough. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); - TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); + TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -769,19 +769,19 @@ void mbedtls_mps_reader_multiple_pausing(int option) /* Consume */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 20, bufA + 80, 20); - TEST_BUFFERS_EQUAL(tmp + 20, 20, bufB, 20); - TEST_BUFFERS_EQUAL(tmp + 40, 10, bufC, 10); + TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); + TEST_MEMORY_COMPARE(tmp + 20, 20, bufB, 20); + TEST_MEMORY_COMPARE(tmp + 40, 10, bufC, 10); break; case 3: /* Fetch same chunks, don't commit afterwards, and * then exceed bounds of new buffer; accumulator * not large enough. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 80, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 10, bufA + 90, 10); - TEST_BUFFERS_EQUAL(tmp + 10, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); + TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 21, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); @@ -1005,16 +1005,16 @@ void mbedtls_reader_inconsistent_usage(int option) case 0: /* Ask for buffered data in a single chunk, no commit */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 20, bufA + 80, 20); - TEST_BUFFERS_EQUAL(tmp + 20, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); + TEST_MEMORY_COMPARE(tmp + 20, 10, bufB, 10); success = 1; break; case 1: /* Ask for buffered data in a single chunk, with commit */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 20, bufA + 80, 20); - TEST_BUFFERS_EQUAL(tmp + 20, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); + TEST_MEMORY_COMPARE(tmp + 20, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); success = 1; break; @@ -1035,7 +1035,7 @@ void mbedtls_reader_inconsistent_usage(int option) /* Asking for buffered data in different * chunks than before CAN fail. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 15, bufA + 80, 15); + TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS); break; @@ -1044,10 +1044,10 @@ void mbedtls_reader_inconsistent_usage(int option) /* Asking for buffered data different chunks * than before NEED NOT fail - no commits */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 15, bufA + 80, 15); + TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 5, bufA + 95, 5); - TEST_BUFFERS_EQUAL(tmp + 5, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); + TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); success = 1; break; @@ -1055,11 +1055,11 @@ void mbedtls_reader_inconsistent_usage(int option) /* Asking for buffered data different chunks * than before NEED NOT fail - intermediate commit */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 15, bufA + 80, 15); + TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 5, bufA + 95, 5); - TEST_BUFFERS_EQUAL(tmp + 5, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); + TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); success = 1; break; @@ -1067,10 +1067,10 @@ void mbedtls_reader_inconsistent_usage(int option) /* Asking for buffered data different chunks * than before NEED NOT fail - end commit */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 15, bufA + 80, 15); + TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 5, bufA + 95, 5); - TEST_BUFFERS_EQUAL(tmp + 5, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); + TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); success = 1; break; @@ -1079,11 +1079,11 @@ void mbedtls_reader_inconsistent_usage(int option) /* Asking for buffered data different chunks * than before NEED NOT fail - intermediate & end commit */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 15, bufA + 80, 15); + TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_BUFFERS_EQUAL(tmp, 5, bufA + 95, 5); - TEST_BUFFERS_EQUAL(tmp + 5, 10, bufB, 10); + TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); + TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); success = 1; break; @@ -1096,7 +1096,7 @@ void mbedtls_reader_inconsistent_usage(int option) if (success == 1) { /* In all succeeding cases, fetch the rest of the second buffer. */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 90, bufB + 10, 90); + TEST_MEMORY_COMPARE(tmp, 90, bufB + 10, 90); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup */ @@ -1131,7 +1131,7 @@ void mbedtls_mps_reader_feed_empty() /* Consumption (upper layer) */ TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_BUFFERS_EQUAL(tmp, 100, buf, 100); + TEST_MEMORY_COMPARE(tmp, 100, buf, 100); TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); /* Wrapup */ diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function index f0a778bb4..46d683af2 100644 --- a/tests/suites/test_suite_pkcs12.function +++ b/tests/suites/test_suite_pkcs12.function @@ -59,7 +59,7 @@ void pkcs12_derive_key(int md_type, int key_size_arg, TEST_EQUAL(ret, expected_status); if (expected_status == 0) { - TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, output_data, key_size); } diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 987518058..626197995 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -48,7 +48,7 @@ void pkcs1_rsaes_oaep_encrypt(int mod, data_t *input_N, data_t *input_E, message_str->x, output) == result); if (result == 0) { - TEST_BUFFERS_EQUAL(output, ctx.len, result_str->x, result_str->len); + TEST_MEMORY_COMPARE(output, ctx.len, result_str->x, result_str->len); } exit: @@ -110,7 +110,7 @@ void pkcs1_rsaes_oaep_decrypt(int mod, data_t *input_P, data_t *input_Q, output, sizeof(output)) == result); if (result == 0) { - TEST_BUFFERS_EQUAL(output, output_len, result_str->x, result_str->len); + TEST_MEMORY_COMPARE(output, output_len, result_str->x, result_str->len); } } @@ -167,7 +167,7 @@ void pkcs1_rsassa_pss_sign(int mod, data_t *input_P, data_t *input_Q, &ctx, &mbedtls_test_rnd_buffer_rand, &info, digest, hash_digest->len, hash_digest->x, output) == result); if (result == 0) { - TEST_BUFFERS_EQUAL(output, ctx.len, result_str->x, result_str->len); + TEST_MEMORY_COMPARE(output, ctx.len, result_str->x, result_str->len); } info.buf = rnd_buf->x; @@ -179,7 +179,7 @@ void pkcs1_rsassa_pss_sign(int mod, data_t *input_P, data_t *input_Q, digest, hash_digest->len, hash_digest->x, fixed_salt_length, output) == result); if (result == 0) { - TEST_BUFFERS_EQUAL(output, ctx.len, result_str->x, result_str->len); + TEST_MEMORY_COMPARE(output, ctx.len, result_str->x, result_str->len); } exit: diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index ba93e77c9..7947d3c9f 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -175,7 +175,7 @@ void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output) output_key_len = mbedtls_pk_write_key_der(&pk, output_key, output_key_len); TEST_ASSERT(output_key_len > 0); - TEST_BUFFERS_EQUAL(exp_output->x, exp_output->len, output_key, output_key_len); + TEST_MEMORY_COMPARE(exp_output->x, exp_output->len, output_key, output_key_len); exit: if (output_key != NULL) { diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 39c43b451..8176b6dfe 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -113,7 +113,7 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key, is_der), 0); - TEST_BUFFERS_EQUAL(start_buf, buf_len, check_buf, check_buf_len); + TEST_MEMORY_COMPARE(start_buf, buf_len, check_buf, check_buf_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Verify that pk_write works also for opaque private keys */ @@ -128,7 +128,7 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key, is_der), 0); - TEST_BUFFERS_EQUAL(start_buf, buf_len, check_buf, check_buf_len); + TEST_MEMORY_COMPARE(start_buf, buf_len, check_buf, check_buf_len); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -190,7 +190,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, derived_key_len), pub_key_len); - TEST_BUFFERS_EQUAL(derived_key_raw, derived_key_len, + TEST_MEMORY_COMPARE(derived_key_raw, derived_key_len, pub_key_raw, pub_key_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -203,7 +203,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, derived_key_len), pub_key_len); - TEST_BUFFERS_EQUAL(derived_key_raw, derived_key_len, + TEST_MEMORY_COMPARE(derived_key_raw, derived_key_len, pub_key_raw, pub_key_len); #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/tests/suites/test_suite_platform_printf.function b/tests/suites/test_suite_platform_printf.function index 8739dc0a5..643accf1f 100644 --- a/tests/suites/test_suite_platform_printf.function +++ b/tests/suites/test_suite_platform_printf.function @@ -34,7 +34,7 @@ void printf_int(char *format, /* any format expecting one int argument, e.g. "%d /* Nominal case: buffer just large enough */ TEST_CALLOC(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, x)); - TEST_BUFFERS_EQUAL(result, n + 1, output, n + 1); + TEST_MEMORY_COMPARE(result, n + 1, output, n + 1); mbedtls_free(output); output = NULL; @@ -59,7 +59,7 @@ void printf_long_max(const char *format, /* "%lx" or longer type */ TEST_CALLOC(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, value)); - TEST_BUFFERS_EQUAL(expected, n + 1, output, n + 1); + TEST_MEMORY_COMPARE(expected, n + 1, output, n + 1); mbedtls_free(output); output = NULL; @@ -79,7 +79,7 @@ void printf_char2(char *format, /* "%c%c" */ /* Nominal case: buffer just large enough */ TEST_CALLOC(output, n + 1); TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, arg1, arg2)); - TEST_BUFFERS_EQUAL(result, n + 1, output, n + 1); + TEST_MEMORY_COMPARE(result, n + 1, output, n + 1); mbedtls_free(output); output = NULL; diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index f74c5445b..07cc93bb7 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -22,7 +22,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) TEST_ASSERT(mbedtls_poly1305_mac(key->x, src_str->x, src_str->len, mac) == 0); - TEST_BUFFERS_EQUAL(mac, expected_mac->len, + TEST_MEMORY_COMPARE(mac, expected_mac->len, expected_mac->x, expected_mac->len); /* @@ -36,7 +36,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0); - TEST_BUFFERS_EQUAL(mac, expected_mac->len, + TEST_MEMORY_COMPARE(mac, expected_mac->len, expected_mac->x, expected_mac->len); /* @@ -53,7 +53,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0); - TEST_BUFFERS_EQUAL(mac, expected_mac->len, + TEST_MEMORY_COMPARE(mac, expected_mac->len, expected_mac->x, expected_mac->len); } @@ -69,7 +69,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0); - TEST_BUFFERS_EQUAL(mac, expected_mac->len, + TEST_MEMORY_COMPARE(mac, expected_mac->len, expected_mac->x, expected_mac->len); } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 21b3cf135..a58e48be6 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -583,7 +583,7 @@ static int aead_multipart_internal_func(int key_type_arg, data_t *key_data, } - TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, output_data, output_length); @@ -692,7 +692,7 @@ static int mac_multipart_internal_func(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_mac_sign_finish(&operation, mac, PSA_MAC_MAX_SIZE, &mac_len)); - TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, mac, mac_len); } @@ -1574,7 +1574,7 @@ void import_export(data_t *data, } if (canonical_input) { - TEST_BUFFERS_EQUAL(data->x, data->len, exported, exported_length); + TEST_MEMORY_COMPARE(data->x, data->len, exported, exported_length); } else { mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; PSA_ASSERT(psa_import_key(&attributes, exported, exported_length, @@ -1583,7 +1583,7 @@ void import_export(data_t *data, reexported, export_size, &reexported_length)); - TEST_BUFFERS_EQUAL(exported, exported_length, + TEST_MEMORY_COMPARE(exported, exported_length, reexported, reexported_length); PSA_ASSERT(psa_destroy_key(key2)); } @@ -1657,7 +1657,7 @@ void import_export_public_key(data_t *data, PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, bits)); TEST_LE_U(expected_public_key->len, PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); - TEST_BUFFERS_EQUAL(expected_public_key->x, expected_public_key->len, + TEST_MEMORY_COMPARE(expected_public_key->x, expected_public_key->len, exported, exported_length); } exit: @@ -2501,7 +2501,7 @@ void copy_success(int source_usage_arg, TEST_CALLOC(export_buffer, material->len); PSA_ASSERT(psa_export_key(target_key, export_buffer, material->len, &length)); - TEST_BUFFERS_EQUAL(material->x, material->len, + TEST_MEMORY_COMPARE(material->x, material->len, export_buffer, length); } @@ -2760,7 +2760,7 @@ void hash_compute_compare(int alg_arg, data_t *input, output, PSA_HASH_LENGTH(alg), &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); - TEST_BUFFERS_EQUAL(output, output_length, + TEST_MEMORY_COMPARE(output, output_length, expected_output->x, expected_output->len); /* Compute with tight buffer, multi-part */ @@ -2770,7 +2770,7 @@ void hash_compute_compare(int alg_arg, data_t *input, PSA_HASH_LENGTH(alg), &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); - TEST_BUFFERS_EQUAL(output, output_length, + TEST_MEMORY_COMPARE(output, output_length, expected_output->x, expected_output->len); /* Compute with larger buffer, one-shot */ @@ -2778,7 +2778,7 @@ void hash_compute_compare(int alg_arg, data_t *input, output, sizeof(output), &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); - TEST_BUFFERS_EQUAL(output, output_length, + TEST_MEMORY_COMPARE(output, output_length, expected_output->x, expected_output->len); /* Compute with larger buffer, multi-part */ @@ -2787,7 +2787,7 @@ void hash_compute_compare(int alg_arg, data_t *input, PSA_ASSERT(psa_hash_finish(&operation, output, sizeof(output), &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); - TEST_BUFFERS_EQUAL(output, output_length, + TEST_MEMORY_COMPARE(output, output_length, expected_output->x, expected_output->len); /* Compare with correct hash, one-shot */ @@ -3392,7 +3392,7 @@ void mac_sign(int key_type_arg, actual_mac, output_size, &mac_length), expected_status); if (expected_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(expected_mac->x, expected_mac->len, + TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, actual_mac, mac_length); } @@ -3411,7 +3411,7 @@ void mac_sign(int key_type_arg, PSA_ASSERT(psa_mac_abort(&operation)); if (expected_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(expected_mac->x, expected_mac->len, + TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, actual_mac, mac_length); } mbedtls_free(actual_mac); @@ -3962,7 +3962,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, output_buffer_size - output_length, &length)); output_length += length; - TEST_BUFFERS_EQUAL(ciphertext->x, ciphertext->len, + TEST_MEMORY_COMPARE(ciphertext->x, ciphertext->len, output, output_length); /* Multipart encryption */ @@ -3980,7 +3980,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, output_buffer_size - output_length, &length)); output_length += length; - TEST_BUFFERS_EQUAL(plaintext->x, plaintext->len, + TEST_MEMORY_COMPARE(plaintext->x, plaintext->len, output, output_length); /* One-shot encryption */ @@ -3988,7 +3988,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, PSA_ASSERT(psa_cipher_encrypt(key, alg, plaintext->x, plaintext->len, output, output_buffer_size, &output_length)); - TEST_BUFFERS_EQUAL(ciphertext->x, ciphertext->len, + TEST_MEMORY_COMPARE(ciphertext->x, ciphertext->len, output, output_length); /* One-shot decryption */ @@ -3996,7 +3996,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, PSA_ASSERT(psa_cipher_decrypt(key, alg, ciphertext->x, ciphertext->len, output, output_buffer_size, &output_length)); - TEST_BUFFERS_EQUAL(plaintext->x, plaintext->len, + TEST_MEMORY_COMPARE(plaintext->x, plaintext->len, output, output_length); exit: @@ -4116,7 +4116,7 @@ void cipher_encrypt_validation(int alg_arg, output2_length += function_output_length; PSA_ASSERT(psa_cipher_abort(&operation)); - TEST_BUFFERS_EQUAL(output1 + iv_size, output1_length - iv_size, + TEST_MEMORY_COMPARE(output1 + iv_size, output1_length - iv_size, output2, output2_length); exit: @@ -4215,7 +4215,7 @@ void cipher_encrypt_multipart(int alg_arg, int key_type_arg, if (expected_status == PSA_SUCCESS) { PSA_ASSERT(psa_cipher_abort(&operation)); - TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, output, total_output_length); } @@ -4315,7 +4315,7 @@ void cipher_decrypt_multipart(int alg_arg, int key_type_arg, if (expected_status == PSA_SUCCESS) { PSA_ASSERT(psa_cipher_abort(&operation)); - TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, output, total_output_length); } @@ -4472,7 +4472,7 @@ void cipher_decrypt(int alg_arg, TEST_LE_U(output_length, PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_buffer_size)); - TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, output, output_length); exit: mbedtls_free(input); @@ -4529,7 +4529,7 @@ void cipher_verify_output(int alg_arg, TEST_LE_U(output2_length, PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(output1_length)); - TEST_BUFFERS_EQUAL(input->x, input->len, output2, output2_length); + TEST_MEMORY_COMPARE(input->x, input->len, output2, output2_length); exit: mbedtls_free(output1); @@ -4669,7 +4669,7 @@ void cipher_verify_output_multipart(int alg_arg, PSA_ASSERT(psa_cipher_abort(&operation2)); - TEST_BUFFERS_EQUAL(input->x, input->len, output2, output2_length); + TEST_MEMORY_COMPARE(input->x, input->len, output2, output2_length); exit: psa_cipher_abort(&operation1); @@ -4764,7 +4764,7 @@ void aead_encrypt_decrypt(int key_type_arg, data_t *key_data, &output_length2), expected_result); - TEST_BUFFERS_EQUAL(input_data->x, input_data->len, + TEST_MEMORY_COMPARE(input_data->x, input_data->len, output_data2, output_length2); } @@ -4831,7 +4831,7 @@ void aead_encrypt(int key_type_arg, data_t *key_data, } PSA_ASSERT(status); - TEST_BUFFERS_EQUAL(expected_result->x, expected_result->len, + TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, output_data, output_length); exit: @@ -4904,7 +4904,7 @@ void aead_decrypt(int key_type_arg, data_t *key_data, TEST_EQUAL(status, expected_result); if (expected_result == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(expected_data->x, expected_data->len, + TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, output_data, output_length); } @@ -6491,7 +6491,7 @@ void sign_hash_deterministic(int key_type_arg, data_t *key_data, signature, signature_size, &signature_length)); /* Verify that the signature is what is expected. */ - TEST_BUFFERS_EQUAL(output_data->x, output_data->len, + TEST_MEMORY_COMPARE(output_data->x, output_data->len, signature, signature_length); exit: @@ -6614,7 +6614,7 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, TEST_LE_U(num_completes, max_completes); /* Verify that the signature is what is expected. */ - TEST_BUFFERS_EQUAL(output_data->x, output_data->len, + TEST_MEMORY_COMPARE(output_data->x, output_data->len, signature, signature_length); PSA_ASSERT(psa_sign_hash_abort(&operation)); @@ -7912,7 +7912,7 @@ void sign_message_deterministic(int key_type_arg, signature, signature_size, &signature_length)); - TEST_BUFFERS_EQUAL(output_data->x, output_data->len, + TEST_MEMORY_COMPARE(output_data->x, output_data->len, signature, signature_length); exit: @@ -8250,7 +8250,7 @@ void asymmetric_encrypt_decrypt(int key_type_arg, label->x, label->len, output2, output2_size, &output2_length)); - TEST_BUFFERS_EQUAL(input_data->x, input_data->len, + TEST_MEMORY_COMPARE(input_data->x, input_data->len, output2, output2_length); exit: @@ -8307,7 +8307,7 @@ void asymmetric_decrypt(int key_type_arg, output, output_size, &output_length)); - TEST_BUFFERS_EQUAL(expected_data->x, expected_data->len, + TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, output, output_length); /* If the label is empty, the test framework puts a non-null pointer @@ -8323,7 +8323,7 @@ void asymmetric_decrypt(int key_type_arg, output, output_size, &output_length)); - TEST_BUFFERS_EQUAL(expected_data->x, expected_data->len, + TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, output, output_length); } @@ -8892,7 +8892,7 @@ void derive_output(int alg_arg, /* Success. Check the read data. */ PSA_ASSERT(status); if (output_sizes[i] != 0) { - TEST_BUFFERS_EQUAL(output_buffer, output_sizes[i], + TEST_MEMORY_COMPARE(output_buffer, output_sizes[i], expected_outputs[i], output_sizes[i]); } /* Check the operation status. */ @@ -9015,7 +9015,7 @@ void derive_ecjpake_to_pms(data_t *input, int expected_input_status_arg, TEST_EQUAL(status, expected_output_status); if (expected_output->len != 0 && expected_output_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(output_buffer, expected_output->len, expected_output->x, + TEST_MEMORY_COMPARE(output_buffer, expected_output->len, expected_output->x, expected_output->len); } @@ -9167,7 +9167,7 @@ void derive_key_export(int alg_arg, TEST_EQUAL(length, bytes2); /* Compare the outputs from the two runs. */ - TEST_BUFFERS_EQUAL(output_buffer, bytes1 + bytes2, + TEST_MEMORY_COMPARE(output_buffer, bytes1 + bytes2, export_buffer, capacity); exit: @@ -9228,7 +9228,7 @@ void derive_key_type(int alg_arg, PSA_ASSERT(psa_export_key(derived_key, export_buffer, export_buffer_size, &export_length)); - TEST_BUFFERS_EQUAL(export_buffer, export_length, + TEST_MEMORY_COMPARE(export_buffer, export_length, expected_export->x, expected_export->len); exit: @@ -9378,7 +9378,7 @@ void raw_key_agreement(int alg_arg, peer_key_data->x, peer_key_data->len, output, expected_output->len, &output_length)); - TEST_BUFFERS_EQUAL(output, output_length, + TEST_MEMORY_COMPARE(output, output_length, expected_output->x, expected_output->len); mbedtls_free(output); output = NULL; @@ -9390,7 +9390,7 @@ void raw_key_agreement(int alg_arg, peer_key_data->x, peer_key_data->len, output, expected_output->len + 1, &output_length)); - TEST_BUFFERS_EQUAL(output, output_length, + TEST_MEMORY_COMPARE(output, output_length, expected_output->x, expected_output->len); mbedtls_free(output); output = NULL; @@ -9513,13 +9513,13 @@ void key_agreement_output(int alg_arg, PSA_ASSERT(psa_key_derivation_output_bytes(&operation, actual_output, expected_output1->len)); - TEST_BUFFERS_EQUAL(actual_output, expected_output1->len, + TEST_MEMORY_COMPARE(actual_output, expected_output1->len, expected_output1->x, expected_output1->len); if (expected_output2->len != 0) { PSA_ASSERT(psa_key_derivation_output_bytes(&operation, actual_output, expected_output2->len)); - TEST_BUFFERS_EQUAL(actual_output, expected_output2->len, + TEST_MEMORY_COMPARE(actual_output, expected_output2->len, expected_output2->x, expected_output2->len); } @@ -9688,7 +9688,7 @@ void generate_key_rsa(int bits_arg, if (is_default_public_exponent) { TEST_EQUAL(e_read_length, 0); } else { - TEST_BUFFERS_EQUAL(e_read_buffer, e_read_length, e_arg->x, e_arg->len); + TEST_MEMORY_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len); } /* Do something with the key according to its type and permitted usage. */ @@ -9724,7 +9724,7 @@ void generate_key_rsa(int bits_arg, TEST_EQUAL(p[1], 0); TEST_EQUAL(p[2], 1); } else { - TEST_BUFFERS_EQUAL(p, len, e_arg->x, e_arg->len); + TEST_MEMORY_COMPARE(p, len, e_arg->x, e_arg->len); } } @@ -9833,7 +9833,7 @@ void persistent_key_load_key_from_storage(data_t *data, first_export, export_size, &first_exported_length)); if (generation_method == IMPORT_KEY) { - TEST_BUFFERS_EQUAL(data->x, data->len, + TEST_MEMORY_COMPARE(data->x, data->len, first_export, first_exported_length); } } @@ -9860,7 +9860,7 @@ void persistent_key_load_key_from_storage(data_t *data, PSA_ASSERT(psa_export_key(key, second_export, export_size, &second_exported_length)); - TEST_BUFFERS_EQUAL(first_export, first_exported_length, + TEST_MEMORY_COMPARE(first_export, first_exported_length, second_export, second_exported_length); } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 6d027a581..8cf076a23 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -460,7 +460,7 @@ static int sanity_check_rsa_encryption_result( TEST_EQUAL(buf[0], 0x00); TEST_EQUAL(buf[1], 0x02); TEST_EQUAL(buf[length - input_data->len - 1], 0x00); - TEST_BUFFERS_EQUAL(buf + length - input_data->len, input_data->len, + TEST_MEMORY_COMPARE(buf + length - input_data->len, input_data->len, input_data->x, input_data->len); } else if (PSA_ALG_IS_RSA_OAEP(alg)) { TEST_EQUAL(buf[0], 0x00); @@ -546,7 +546,7 @@ void sign_hash(int key_type_arg, &signature_length); TEST_EQUAL(actual_status, expected_status); if (expected_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(signature, signature_length, + TEST_MEMORY_COMPARE(signature, signature_length, expected_output->x, expected_output->len); } TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 1); @@ -673,7 +673,7 @@ void sign_message(int key_type_arg, &signature_length); TEST_EQUAL(actual_status, expected_status); if (expected_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(signature, signature_length, + TEST_MEMORY_COMPARE(signature, signature_length, expected_output->x, expected_output->len); } /* In the builtin algorithm the driver is called twice. */ @@ -795,7 +795,7 @@ void generate_ec_key(int force_status_arg, psa_export_key(key, actual_output, sizeof(actual_output), &actual_output_length); if (fake_output->len > 0) { - TEST_BUFFERS_EQUAL(actual_output, actual_output_length, + TEST_MEMORY_COMPARE(actual_output, actual_output_length, expected_output, expected_output_length); } else { size_t zeroes = 0; @@ -927,7 +927,7 @@ void export_key(int force_status_arg, } if (actual_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(actual_output, actual_output_length, + TEST_MEMORY_COMPARE(actual_output, actual_output_length, expected_output_ptr, expected_output_length); } exit: @@ -1006,7 +1006,7 @@ void key_agreement(int alg_arg, TEST_EQUAL(mbedtls_test_driver_key_agreement_hooks.hits, 1); if (actual_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(actual_output, actual_output_length, + TEST_MEMORY_COMPARE(actual_output, actual_output_length, expected_output_ptr, expected_output_length); } mbedtls_free(actual_output); @@ -1093,7 +1093,7 @@ void cipher_encrypt_validation(int alg_arg, PSA_ASSERT(psa_cipher_abort(&operation)); // driver function should've been called as part of the finish() core routine TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); - TEST_BUFFERS_EQUAL(output1 + iv_size, output1_length - iv_size, + TEST_MEMORY_COMPARE(output1 + iv_size, output1_length - iv_size, output2, output2_length); exit: @@ -1221,7 +1221,7 @@ void cipher_encrypt_multipart(int alg_arg, PSA_ASSERT(psa_cipher_abort(&operation)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); - TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, output, total_output_length); } @@ -1350,7 +1350,7 @@ void cipher_decrypt_multipart(int alg_arg, PSA_ASSERT(psa_cipher_abort(&operation)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); - TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, output, total_output_length); } @@ -1422,7 +1422,7 @@ void cipher_decrypt(int alg_arg, TEST_EQUAL(status, expected_status); if (expected_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(expected_output->x, expected_output->len, + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, output, output_length); } @@ -1707,7 +1707,7 @@ void aead_encrypt(int key_type_arg, data_t *key_data, PSA_SUCCESS : forced_status); if (status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(expected_result->x, expected_result->len, + TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, output_data, output_length); } @@ -1770,7 +1770,7 @@ void aead_decrypt(int key_type_arg, data_t *key_data, PSA_SUCCESS : forced_status); if (status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(expected_data->x, expected_data->len, + TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, output_data, output_length); } @@ -1839,7 +1839,7 @@ void mac_sign(int key_type_arg, TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); if (forced_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(expected_mac->x, expected_mac->len, + TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, actual_mac, mac_length); } @@ -1957,7 +1957,7 @@ void mac_sign_multipart(int key_type_arg, } if (forced_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(expected_mac->x, expected_mac->len, + TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, actual_mac, mac_length); } @@ -2159,7 +2159,7 @@ void builtin_key_export(int builtin_key_id_arg, if (expected_status == PSA_SUCCESS) { PSA_ASSERT(actual_status); TEST_EQUAL(output_size, expected_output->len); - TEST_BUFFERS_EQUAL(output_buffer, output_size, + TEST_MEMORY_COMPARE(output_buffer, output_size, expected_output->x, expected_output->len); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); @@ -2210,7 +2210,7 @@ void builtin_pubkey_export(int builtin_key_id_arg, if (expected_status == PSA_SUCCESS) { PSA_ASSERT(actual_status); TEST_EQUAL(output_size, expected_output->len); - TEST_BUFFERS_EQUAL(output_buffer, output_size, + TEST_MEMORY_COMPARE(output_buffer, output_size, expected_output->x, expected_output->len); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); @@ -2257,7 +2257,7 @@ void hash_compute(int alg_arg, TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); if (expected_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(output, output_length, hash->x, hash->len); + TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); } exit: @@ -2305,7 +2305,7 @@ void hash_multipart_setup(int alg_arg, forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); - TEST_BUFFERS_EQUAL(output, output_length, hash->x, hash->len); + TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); } exit: @@ -2362,7 +2362,7 @@ void hash_multipart_update(int alg_arg, TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); - TEST_BUFFERS_EQUAL(output, output_length, hash->x, hash->len); + TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); } exit: @@ -2416,7 +2416,7 @@ void hash_multipart_finish(int alg_arg, TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); if (forced_status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(output, output_length, hash->x, hash->len); + TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); } exit: @@ -2476,7 +2476,7 @@ void hash_clone(int alg_arg, TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 3); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); - TEST_BUFFERS_EQUAL(output, output_length, hash->x, hash->len); + TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); } exit: @@ -2560,7 +2560,7 @@ void asymmetric_encrypt_decrypt(int alg_arg, if (expected_status_encrypt == PSA_SUCCESS) { if (fake_output_encrypt->len > 0) { - TEST_BUFFERS_EQUAL(fake_output_encrypt->x, fake_output_encrypt->len, + TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, output, output_length); } else { mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = @@ -2587,10 +2587,10 @@ void asymmetric_encrypt_decrypt(int alg_arg, &output2_length), expected_status_decrypt); if (expected_status_decrypt == PSA_SUCCESS) { if (fake_output_decrypt->len > 0) { - TEST_BUFFERS_EQUAL(fake_output_decrypt->x, fake_output_decrypt->len, + TEST_MEMORY_COMPARE(fake_output_decrypt->x, fake_output_decrypt->len, output2, output2_length); } else { - TEST_BUFFERS_EQUAL(input_data->x, input_data->len, + TEST_MEMORY_COMPARE(input_data->x, input_data->len, output2, output2_length); } } @@ -2664,7 +2664,7 @@ void asymmetric_decrypt(int alg_arg, &output_length), expected_status_decrypt); if (expected_status_decrypt == PSA_SUCCESS) { TEST_EQUAL(output_length, expected_output_data->len); - TEST_BUFFERS_EQUAL(expected_output_data->x, expected_output_data->len, + TEST_MEMORY_COMPARE(expected_output_data->x, expected_output_data->len, output, output_length); } exit: @@ -2738,7 +2738,7 @@ void asymmetric_encrypt(int alg_arg, if (expected_status_encrypt == PSA_SUCCESS) { if (fake_output_encrypt->len > 0) { TEST_EQUAL(fake_output_encrypt->len, output_length); - TEST_BUFFERS_EQUAL(fake_output_encrypt->x, fake_output_encrypt->len, + TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, output, output_length); } else { /* Perform sanity checks on the output */ @@ -2873,11 +2873,11 @@ void aead_encrypt_setup(int key_type_arg, data_t *key_data, forced_status == PSA_SUCCESS ? 1 : 0); /* Compare output_data and expected_ciphertext */ - TEST_BUFFERS_EQUAL(expected_ciphertext->x, expected_ciphertext->len, + TEST_MEMORY_COMPARE(expected_ciphertext->x, expected_ciphertext->len, output_data, output_length + finish_output_length); /* Compare tag and expected_tag */ - TEST_BUFFERS_EQUAL(expected_tag->x, expected_tag->len, tag_buffer, tag_length); + TEST_MEMORY_COMPARE(expected_tag->x, expected_tag->len, tag_buffer, tag_length); } exit: @@ -2979,7 +2979,7 @@ void aead_decrypt_setup(int key_type_arg, data_t *key_data, TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, forced_status == PSA_SUCCESS ? 1 : 0); - TEST_BUFFERS_EQUAL(expected_result->x, expected_result->len, + TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, output_data, output_length + verify_output_length); } diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index fce293a9b..28b556c4f 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -25,7 +25,7 @@ void hash_finish(int alg_arg, data_t *input, data_t *expected_hash) PSA_ASSERT(psa_hash_finish(&operation, actual_hash, sizeof(actual_hash), &actual_hash_length)); - TEST_BUFFERS_EQUAL(expected_hash->x, expected_hash->len, + TEST_MEMORY_COMPARE(expected_hash->x, expected_hash->len, actual_hash, actual_hash_length); exit: @@ -83,13 +83,13 @@ void hash_multi_part(int alg_arg, data_t *input, data_t *expected_hash) PSA_ASSERT(psa_hash_finish(&operation, actual_hash, sizeof(actual_hash), &actual_hash_length)); - TEST_BUFFERS_EQUAL(expected_hash->x, expected_hash->len, + TEST_MEMORY_COMPARE(expected_hash->x, expected_hash->len, actual_hash, actual_hash_length); PSA_ASSERT(psa_hash_finish(&operation2, actual_hash, sizeof(actual_hash), &actual_hash_length)); - TEST_BUFFERS_EQUAL(expected_hash->x, expected_hash->len, + TEST_MEMORY_COMPARE(expected_hash->x, expected_hash->len, actual_hash, actual_hash_length); } while (len++ != input->len); diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 0ce9df1f2..e4313ab2f 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -1031,7 +1031,7 @@ void pake_input_getters_password() &buffer_len_ret), PSA_SUCCESS); - TEST_BUFFERS_EQUAL(password_ret, buffer_len_ret, password, strlen(password)); + TEST_MEMORY_COMPARE(password_ret, buffer_len_ret, password, strlen(password)); exit: PSA_ASSERT(psa_destroy_key(key)); PSA_ASSERT(psa_pake_abort(&operation)); @@ -1064,7 +1064,7 @@ void pake_input_getters_cipher_suite() TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret), PSA_SUCCESS); - TEST_BUFFERS_EQUAL(&cipher_suite_ret, sizeof(cipher_suite_ret), + TEST_MEMORY_COMPARE(&cipher_suite_ret, sizeof(cipher_suite_ret), &cipher_suite, sizeof(cipher_suite)); exit: @@ -1128,7 +1128,7 @@ void pake_input_getters_user() &buffer_len_ret), PSA_SUCCESS); - TEST_BUFFERS_EQUAL(user_ret, buffer_len_ret, user, user_len); + TEST_MEMORY_COMPARE(user_ret, buffer_len_ret, user, user_len); } exit: PSA_ASSERT(psa_pake_abort(&operation)); @@ -1191,7 +1191,7 @@ void pake_input_getters_peer() &buffer_len_ret), PSA_SUCCESS); - TEST_BUFFERS_EQUAL(peer_ret, buffer_len_ret, peer, peer_len); + TEST_MEMORY_COMPARE(peer_ret, buffer_len_ret, peer, peer_len); } exit: PSA_ASSERT(psa_pake_abort(&operation)); diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index a8f72e86c..416fed9cc 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -66,7 +66,7 @@ void format_storage_data_check(data_t *key_data, &attributes.core, file_data); - TEST_BUFFERS_EQUAL(expected_file_data->x, expected_file_data->len, + TEST_MEMORY_COMPARE(expected_file_data->x, expected_file_data->len, file_data, file_data_length); exit: @@ -111,7 +111,7 @@ void parse_storage_data_check(data_t *file_data, (uint32_t) expected_key_alg); TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), (uint32_t) expected_key_alg2); - TEST_BUFFERS_EQUAL(expected_key_data->x, expected_key_data->len, + TEST_MEMORY_COMPARE(expected_key_data->x, expected_key_data->len, key_data, key_data_length); exit: @@ -307,7 +307,7 @@ void import_export_persistent_key(data_t *data, int type_arg, PSA_ASSERT(psa_export_key(key_id, exported, export_size, &exported_length)); - TEST_BUFFERS_EQUAL(data->x, data->len, exported, exported_length); + TEST_MEMORY_COMPARE(data->x, data->len, exported, exported_length); /* Destroy the key */ PSA_ASSERT(psa_destroy_key(key_id)); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 10cd9e5cd..68f6ee83d 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -607,7 +607,7 @@ static int check_persistent_data(psa_key_location_t location, PSA_ASSERT(psa_its_get_info(uid, &info)); TEST_CALLOC(loaded, info.size); PSA_ASSERT(psa_its_get(uid, 0, info.size, loaded, NULL)); - TEST_BUFFERS_EQUAL(expected_data, size, loaded, info.size); + TEST_MEMORY_COMPARE(expected_data, size, loaded, info.size); ok = 1; exit: @@ -965,7 +965,7 @@ void key_creation_import_export(int lifetime_arg, int min_slot, int restart) PSA_ASSERT(psa_export_key(returned_id, exported, sizeof(exported), &exported_length)); - TEST_BUFFERS_EQUAL(key_material, sizeof(key_material), + TEST_MEMORY_COMPARE(key_material, sizeof(key_material), exported, exported_length); PSA_ASSERT(psa_destroy_key(returned_id)); diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 9ff9dd9c1..e25d1e8cf 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -307,7 +307,7 @@ void persistent_slot_lifecycle(int lifetime_arg, int owner_id_arg, int id_arg, if (usage_flags & PSA_KEY_USAGE_EXPORT) { PSA_ASSERT(psa_export_key(id, reexported, key_data->len, &reexported_length)); - TEST_BUFFERS_EQUAL(key_data->x, key_data->len, + TEST_MEMORY_COMPARE(key_data->x, key_data->len, reexported, reexported_length); } else { TEST_EQUAL(psa_export_key(id, reexported, @@ -402,7 +402,7 @@ void create_existent(int lifetime_arg, int owner_id_arg, int id_arg, PSA_ASSERT(psa_export_key(id, reexported, sizeof(reexported), &reexported_length)); - TEST_BUFFERS_EQUAL(material1, sizeof(material1), + TEST_MEMORY_COMPARE(material1, sizeof(material1), reexported, reexported_length); PSA_ASSERT(psa_close_key(id)); @@ -578,7 +578,7 @@ void copy_across_lifetimes(int source_lifetime_arg, int source_owner_id_arg, TEST_CALLOC(export_buffer, material->len); PSA_ASSERT(psa_export_key(returned_target_id, export_buffer, material->len, &length)); - TEST_BUFFERS_EQUAL(material->x, material->len, + TEST_MEMORY_COMPARE(material->x, material->len, export_buffer, length); } else { size_t length; @@ -692,7 +692,7 @@ void copy_to_occupied(int source_lifetime_arg, int source_id_arg, TEST_CALLOC(export_buffer, target_material->len); PSA_ASSERT(psa_export_key(returned_target_id, export_buffer, target_material->len, &length)); - TEST_BUFFERS_EQUAL(target_material->x, target_material->len, + TEST_MEMORY_COMPARE(target_material->x, target_material->len, export_buffer, length); } @@ -840,7 +840,7 @@ void many_transient_keys(int max_keys_arg) PSA_ASSERT(psa_export_key(keys[i], exported, sizeof(exported), &exported_length)); - TEST_BUFFERS_EQUAL(exported, exported_length, + TEST_MEMORY_COMPARE(exported, exported_length, (uint8_t *) &i, sizeof(i)); } PSA_ASSERT(psa_close_key(keys[i - 1])); @@ -917,7 +917,7 @@ void key_slot_eviction_to_import_new_key(int lifetime_arg) PSA_ASSERT(psa_export_key(key, exported, sizeof(exported), &exported_length)); - TEST_BUFFERS_EQUAL(exported, exported_length, + TEST_MEMORY_COMPARE(exported, exported_length, (uint8_t *) &i, sizeof(i)); PSA_ASSERT(psa_destroy_key(key)); } @@ -988,7 +988,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() exported, sizeof(exported), &exported_length)); i = MBEDTLS_PSA_KEY_SLOT_COUNT - 1; - TEST_BUFFERS_EQUAL(exported, exported_length, (uint8_t *) &i, sizeof(i)); + TEST_MEMORY_COMPARE(exported, exported_length, (uint8_t *) &i, sizeof(i)); PSA_ASSERT(psa_destroy_key(keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1])); /* @@ -1016,7 +1016,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() PSA_ASSERT(psa_export_key(keys[i], exported, sizeof(exported), &exported_length)); - TEST_BUFFERS_EQUAL(exported, exported_length, + TEST_MEMORY_COMPARE(exported, exported_length, (uint8_t *) &i, sizeof(i)); PSA_ASSERT(psa_destroy_key(keys[i])); } @@ -1028,7 +1028,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() PSA_ASSERT(psa_export_key(persistent_key, exported, sizeof(exported), &exported_length)); - TEST_BUFFERS_EQUAL(exported, exported_length, + TEST_MEMORY_COMPARE(exported, exported_length, (uint8_t *) &persistent_key, sizeof(persistent_key)); exit: /* diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function index 8ad5c11e8..9f67f4868 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tests/suites/test_suite_psa_crypto_storage_format.function @@ -39,7 +39,7 @@ static int test_written_key(const psa_key_attributes_t *attributes, TEST_CALLOC(actual_representation, storage_info.size); PSA_ASSERT(psa_its_get(uid, 0, storage_info.size, actual_representation, &length)); - TEST_BUFFERS_EQUAL(expected_representation->x, expected_representation->len, + TEST_MEMORY_COMPARE(expected_representation->x, expected_representation->len, actual_representation, length); ok = 1; @@ -263,7 +263,7 @@ static int test_read_key(const psa_key_attributes_t *expected_attributes, PSA_ASSERT(psa_export_key(key_id, exported_material, expected_material->len, &length)); - TEST_BUFFERS_EQUAL(expected_material->x, expected_material->len, + TEST_MEMORY_COMPARE(expected_material->x, expected_material->len, exported_material, length); } diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index 5f8dd87a0..aeb413c93 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -100,7 +100,7 @@ void set_get_remove(int uid_arg, int flags_arg, data_t *data) TEST_ASSERT(info.size == data->len); TEST_ASSERT(info.flags == flags); PSA_ASSERT(psa_its_get(uid, 0, data->len, buffer, &ret_len)); - TEST_BUFFERS_EQUAL(data->x, data->len, buffer, ret_len); + TEST_MEMORY_COMPARE(data->x, data->len, buffer, ret_len); PSA_ASSERT(psa_its_remove(uid)); @@ -129,7 +129,7 @@ void set_overwrite(int uid_arg, TEST_ASSERT(info.size == data1->len); TEST_ASSERT(info.flags == flags1); PSA_ASSERT(psa_its_get(uid, 0, data1->len, buffer, &ret_len)); - TEST_BUFFERS_EQUAL(data1->x, data1->len, buffer, ret_len); + TEST_MEMORY_COMPARE(data1->x, data1->len, buffer, ret_len); PSA_ASSERT(psa_its_set_wrap(uid, data2->len, data2->x, flags2)); PSA_ASSERT(psa_its_get_info(uid, &info)); @@ -137,7 +137,7 @@ void set_overwrite(int uid_arg, TEST_ASSERT(info.flags == flags2); ret_len = 0; PSA_ASSERT(psa_its_get(uid, 0, data2->len, buffer, &ret_len)); - TEST_BUFFERS_EQUAL(data2->x, data2->len, buffer, ret_len); + TEST_MEMORY_COMPARE(data2->x, data2->len, buffer, ret_len); PSA_ASSERT(psa_its_remove(uid)); @@ -167,7 +167,7 @@ void set_multiple(int first_id, int count) mbedtls_snprintf(stored, sizeof(stored), "Content of file 0x%08lx", (unsigned long) uid); PSA_ASSERT(psa_its_get(uid, 0, sizeof(stored), retrieved, &ret_len)); - TEST_BUFFERS_EQUAL(retrieved, ret_len, + TEST_MEMORY_COMPARE(retrieved, ret_len, stored, sizeof(stored)); PSA_ASSERT(psa_its_remove(uid)); TEST_ASSERT(psa_its_get(uid, 0, 0, NULL, NULL) == @@ -223,7 +223,7 @@ void get_at(int uid_arg, data_t *data, status = psa_its_get(uid, offset, length_arg, buffer, &ret_len); TEST_ASSERT(status == (psa_status_t) expected_status); if (status == PSA_SUCCESS) { - TEST_BUFFERS_EQUAL(data->x + offset, (size_t) length_arg, + TEST_MEMORY_COMPARE(data->x + offset, (size_t) length_arg, buffer, ret_len); } for (i = 0; i < 16; i++) { diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 8cadb40c3..c02853bec 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -159,7 +159,7 @@ void mbedtls_sha3(int family, data_t *in, data_t *hash) TEST_ASSERT(mbedtls_sha3(family, in->x, in->len, output, hash->len) == 0); - TEST_BUFFERS_EQUAL(output, hash->len, hash->x, hash->len); + TEST_MEMORY_COMPARE(output, hash->len, hash->x, hash->len); exit: mbedtls_free(output); @@ -204,7 +204,7 @@ void mbedtls_sha3_multi(int family, data_t *in, data_t *hash) TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, hash->len) == 0); - TEST_BUFFERS_EQUAL(output, hash->len, hash->x, hash->len); + TEST_MEMORY_COMPARE(output, hash->len, hash->x, hash->len); exit: mbedtls_free(output); @@ -253,7 +253,7 @@ void sha3_streaming(int type, data_t *input) mbedtls_sha3_finish(&ctx, hash, hash_length); mbedtls_sha3_free(&ctx); - TEST_BUFFERS_EQUAL(hash, hash_length, reference_hash, hash_length); + TEST_MEMORY_COMPARE(hash, hash_length, reference_hash, hash_length); } exit: @@ -289,13 +289,13 @@ void sha3_reuse(data_t *input1, data_t *hash1, TEST_ASSERT(mbedtls_sha3_starts(&ctx, type1) == 0); TEST_ASSERT(mbedtls_sha3_update(&ctx, input1->x, input1->len) == 0); TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, sizeof(output)) == 0); - TEST_BUFFERS_EQUAL(output, hash1->len, hash1->x, hash1->len); + TEST_MEMORY_COMPARE(output, hash1->len, hash1->x, hash1->len); /* Round 2 */ TEST_ASSERT(mbedtls_sha3_starts(&ctx, type2) == 0); TEST_ASSERT(mbedtls_sha3_update(&ctx, input2->x, input2->len) == 0); TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, sizeof(output)) == 0); - TEST_BUFFERS_EQUAL(output, hash2->len, hash2->x, hash2->len); + TEST_MEMORY_COMPARE(output, hash2->len, hash2->x, hash2->len); exit: mbedtls_sha3_free(&ctx); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7fdba10b9..b2a075b64 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1728,7 +1728,7 @@ void ssl_tls13_hkdf_expand_label(int hash_alg, ctx->x, ctx->len, dst, desired_length) == 0); - TEST_BUFFERS_EQUAL(dst, (size_t) desired_length, + TEST_MEMORY_COMPARE(dst, (size_t) desired_length, expected->x, (size_t) expected->len); exit: @@ -1768,19 +1768,19 @@ void ssl_tls13_traffic_key_generation(int hash_alg, desired_key_len, desired_iv_len, &keys) == 0); - TEST_BUFFERS_EQUAL(keys.client_write_key, + TEST_MEMORY_COMPARE(keys.client_write_key, keys.key_len, expected_client_write_key->x, (size_t) desired_key_len); - TEST_BUFFERS_EQUAL(keys.server_write_key, + TEST_MEMORY_COMPARE(keys.server_write_key, keys.key_len, expected_server_write_key->x, (size_t) desired_key_len); - TEST_BUFFERS_EQUAL(keys.client_write_iv, + TEST_MEMORY_COMPARE(keys.client_write_iv, keys.iv_len, expected_client_write_iv->x, (size_t) desired_iv_len); - TEST_BUFFERS_EQUAL(keys.server_write_iv, + TEST_MEMORY_COMPARE(keys.server_write_iv, keys.iv_len, expected_server_write_iv->x, (size_t) desired_iv_len); @@ -1827,7 +1827,7 @@ void ssl_tls13_derive_secret(int hash_alg, already_hashed, dst, desired_length) == 0); - TEST_BUFFERS_EQUAL(dst, desired_length, + TEST_MEMORY_COMPARE(dst, desired_length, expected->x, desired_length); exit: @@ -1859,9 +1859,9 @@ void ssl_tls13_derive_early_secrets(int hash_alg, alg, secret->x, transcript->x, transcript->len, &secrets) == 0); - TEST_BUFFERS_EQUAL(secrets.client_early_traffic_secret, hash_len, + TEST_MEMORY_COMPARE(secrets.client_early_traffic_secret, hash_len, traffic_expected->x, traffic_expected->len); - TEST_BUFFERS_EQUAL(secrets.early_exporter_master_secret, hash_len, + TEST_MEMORY_COMPARE(secrets.early_exporter_master_secret, hash_len, exporter_expected->x, exporter_expected->len); exit: @@ -1893,9 +1893,9 @@ void ssl_tls13_derive_handshake_secrets(int hash_alg, alg, secret->x, transcript->x, transcript->len, &secrets) == 0); - TEST_BUFFERS_EQUAL(secrets.client_handshake_traffic_secret, hash_len, + TEST_MEMORY_COMPARE(secrets.client_handshake_traffic_secret, hash_len, client_expected->x, client_expected->len); - TEST_BUFFERS_EQUAL(secrets.server_handshake_traffic_secret, hash_len, + TEST_MEMORY_COMPARE(secrets.server_handshake_traffic_secret, hash_len, server_expected->x, server_expected->len); exit: @@ -1929,11 +1929,11 @@ void ssl_tls13_derive_application_secrets(int hash_alg, alg, secret->x, transcript->x, transcript->len, &secrets) == 0); - TEST_BUFFERS_EQUAL(secrets.client_application_traffic_secret_N, hash_len, + TEST_MEMORY_COMPARE(secrets.client_application_traffic_secret_N, hash_len, client_expected->x, client_expected->len); - TEST_BUFFERS_EQUAL(secrets.server_application_traffic_secret_N, hash_len, + TEST_MEMORY_COMPARE(secrets.server_application_traffic_secret_N, hash_len, server_expected->x, server_expected->len); - TEST_BUFFERS_EQUAL(secrets.exporter_master_secret, hash_len, + TEST_MEMORY_COMPARE(secrets.exporter_master_secret, hash_len, exporter_expected->x, exporter_expected->len); exit: @@ -1963,7 +1963,7 @@ void ssl_tls13_derive_resumption_secrets(int hash_alg, alg, secret->x, transcript->x, transcript->len, &secrets) == 0); - TEST_BUFFERS_EQUAL(secrets.resumption_master_secret, hash_len, + TEST_MEMORY_COMPARE(secrets.resumption_master_secret, hash_len, resumption_expected->x, resumption_expected->len); exit: @@ -1997,7 +1997,7 @@ void ssl_tls13_create_psk_binder(int hash_alg, transcript->x, binder) == 0); - TEST_BUFFERS_EQUAL(binder, hash_len, + TEST_MEMORY_COMPARE(binder, hash_len, binder_expected->x, binder_expected->len); exit: @@ -2090,12 +2090,12 @@ void ssl_tls13_record_protection(int ciphersuite, NULL, NULL) == 0); if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { - TEST_BUFFERS_EQUAL(rec.buf + rec.data_offset, rec.data_len, + TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, ciphertext->x, ciphertext->len); } TEST_ASSERT(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec) == 0); - TEST_BUFFERS_EQUAL(rec.buf + rec.data_offset, rec.data_len, + TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, plaintext->x, plaintext->len); exit: @@ -2122,7 +2122,7 @@ void ssl_tls13_key_evolution(int hash_alg, input->len ? input->x : NULL, input->len, secret_new) == 0); - TEST_BUFFERS_EQUAL(secret_new, (size_t) expected->len, + TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len, expected->x, (size_t) expected->len); exit: @@ -3326,7 +3326,7 @@ void cid_sanity() == 0); TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_ENABLED); - TEST_BUFFERS_EQUAL(own_cid, own_cid_len, test_cid, own_cid_len); + TEST_MEMORY_COMPARE(own_cid, own_cid_len, test_cid, own_cid_len); /* Test disabling works. */ TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL, diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 577cea41d..88ca28cd4 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -447,7 +447,7 @@ void x509_crt_parse_cn_inet_pton(const char *cn, data_t *exp, int ref_ret) TEST_EQUAL(addrlen, (size_t) ref_ret); if (addrlen) { - TEST_BUFFERS_EQUAL(exp->x, exp->len, addr, addrlen); + TEST_MEMORY_COMPARE(exp->x, exp->len, addr, addrlen); } } /* END_CASE */ From 3dd3ae219e76305980162703daad00482c6b5739 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 21 Jul 2023 17:07:00 +0100 Subject: [PATCH 139/339] Remove trailing backslash Signed-off-by: Agathiyan Bragadeesh --- tests/include/test/macros.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 6ddcb4c85..0928e5b05 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -68,8 +68,8 @@ #define TEST_FAIL(MESSAGE) \ do { \ mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \ - goto exit; \ - } while (0) \ + goto exit; \ + } while (0) /** Evaluate two integer expressions and fail the test case if they have * different values. From 60d3b91eba65e21ffba9c1b7ee8b8c29827f6032 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 10:43:53 +0200 Subject: [PATCH 140/339] tls: use TLS 1.2 macros in ssl_tls12_server.c Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 426365d3b..c23416ec3 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -148,7 +148,7 @@ static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, return 0; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* @@ -293,7 +293,7 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED || +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -837,7 +837,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ defined(MBEDTLS_PK_CAN_ECDSA_SOME) if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && (ssl->handshake->curves_tls_id == NULL || @@ -1381,7 +1381,7 @@ read_record_header: break; #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: @@ -1402,7 +1402,7 @@ read_record_header: return ret; } break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED || \ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || \ MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) From d0371b0a08b99cb3ab08a7b119deb441c5ef704d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 10:57:01 +0200 Subject: [PATCH 141/339] debug: keep ECDH_C guard for debug printf accessing ecdh_context's items Signed-off-by: Valerio Setti --- include/mbedtls/debug.h | 8 ++++++-- library/debug.c | 6 ++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 01d2901d9..d6dd15224 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -280,7 +280,10 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_x509_crt *crt); #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) +/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function + only works for the built-in implementation. */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ + defined(MBEDTLS_ECDH_C) typedef enum { MBEDTLS_DEBUG_ECDH_Q, MBEDTLS_DEBUG_ECDH_QP, @@ -307,7 +310,8 @@ void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const mbedtls_ecdh_context *ecdh, mbedtls_debug_ecdh_attr attr); -#endif +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && + MBEDTLS_ECDH_C */ #ifdef __cplusplus } diff --git a/library/debug.c b/library/debug.c index 8c33f8281..56bc3f694 100644 --- a/library/debug.c +++ b/library/debug.c @@ -397,7 +397,8 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ + defined(MBEDTLS_ECDH_C) static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -443,6 +444,7 @@ void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, } #endif } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && + MBEDTLS_ECDH_C */ #endif /* MBEDTLS_DEBUG_C */ From ea59c43499ee11a0c061577b9a98462f02b4358e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 11:14:03 +0200 Subject: [PATCH 142/339] tls: fix a comment a rename a variable/symbol Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 4 ++-- library/ssl_misc.h | 6 +++--- library/ssl_tls.c | 4 ++-- library/ssl_tls12_client.c | 8 ++++---- library/ssl_tls12_server.c | 10 +++++----- library/ssl_tls13_client.c | 10 +++++----- library/ssl_tls13_generic.c | 10 +++++----- library/ssl_tls13_server.c | 12 ++++++------ 8 files changed, 32 insertions(+), 32 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 5696d9a4b..48ed541d8 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -383,7 +383,7 @@ typedef enum { #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED #endif -/* TLS 1.3 key exchanges using ECDH or ECDHE */ +/* TLS 1.3 key exchanges using ECDHE */ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_ECDH) #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED @@ -403,7 +403,7 @@ typedef enum { #if (defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED) && defined(MBEDTLS_USE_PSA_CRYPTO)) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED #endif typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; diff --git a/library/ssl_misc.h b/library/ssl_misc.h index c08f5e1a8..b5e6ed2fd 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -757,14 +757,14 @@ struct mbedtls_ssl_handshake_params { #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) psa_key_type_t xxdh_psa_type; - size_t xxdh_bits; + size_t xxdh_psa_bits; mbedtls_svc_key_id_t xxdh_psa_privkey; uint8_t xxdh_psa_privkey_is_external; unsigned char xxdh_psa_peerkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; size_t xxdh_psa_peerkey_len; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a21b3fb1d..f6fd254fa 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4219,11 +4219,11 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) mbedtls_ssl_buffering_free(ssl); #endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) if (handshake->xxdh_psa_privkey_is_external == 0) { psa_destroy_key(handshake->xxdh_psa_privkey); } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_transform_free(handshake->transform_handshake); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 957488109..9f37fdcf3 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1766,7 +1766,7 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } handshake->xxdh_psa_type = key_type; - handshake->xxdh_bits = ec_bits; + handshake->xxdh_psa_bits = ec_bits; /* Keep a copy of the peer's public key */ ecpoint_len = *(*p)++; @@ -2039,7 +2039,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) /* If the above conversion to TLS ID was fine, then also this one will be, so there is no need to check the return value here */ mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->xxdh_bits); + &ssl->handshake->xxdh_psa_bits); ssl->handshake->xxdh_psa_type = key_type; @@ -2790,7 +2790,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_bits); + psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); /* Generate ECDH private key. */ status = psa_generate_key(&key_attributes, @@ -2962,7 +2962,7 @@ ecdh_calc_secret: psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_bits); + psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); /* Generate ECDH private key. */ status = psa_generate_key(&key_attributes, diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index c23416ec3..7acede773 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2646,7 +2646,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) } ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); - ssl->handshake->xxdh_bits = psa_get_key_bits(&key_attributes); + ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); psa_reset_key_attributes(&key_attributes); @@ -2670,7 +2670,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) /* If the above conversion to TLS ID was fine, then also this one will be, so there is no need to check the return value here */ mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->xxdh_bits); + &ssl->handshake->xxdh_psa_bits); ssl->handshake->xxdh_psa_type = key_type; @@ -2679,7 +2679,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); - psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_bits); + psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); key_len = PSA_BITS_TO_BYTES(key->grp.pbits); ret = mbedtls_ecp_write_key(key, buf, key_len); @@ -2987,13 +2987,13 @@ curve_matching_done: return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } handshake->xxdh_psa_type = key_type; - handshake->xxdh_bits = ec_bits; + handshake->xxdh_psa_bits = ec_bits; key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_bits); + psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); /* * ECParameters curve_params diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index aafc47d3b..fbbbb6703 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -35,7 +35,7 @@ #include "ssl_debug_helpers.h" #include "md_psa.h" -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -194,7 +194,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -211,7 +211,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return 0; } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } @@ -503,7 +503,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || mbedtls_ssl_tls13_named_group_is_ffdh(group)) { MBEDTLS_SSL_DEBUG_MSG(2, @@ -513,7 +513,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } else { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 5e9140a47..639e59110 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -39,7 +39,7 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -1496,7 +1496,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) return ret; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1592,13 +1592,13 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( } handshake->xxdh_psa_type = key_type; - ssl->handshake->xxdh_bits = bits; + ssl->handshake->xxdh_psa_bits = bits; key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, alg); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_bits); + psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); /* Generate ECDH/FFDH private key. */ status = psa_generate_key(&key_attributes, @@ -1625,7 +1625,7 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ /* RFC 8446 section 4.2 * diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 66ac54937..d88aae6c7 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -837,7 +837,7 @@ static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, #define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) /* * ssl_tls13_parse_key_shares_ext() verifies whether the information in the * extension is correct and stores the first acceptable key share and its @@ -940,7 +940,7 @@ static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, } return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, @@ -1563,7 +1563,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, break; #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension")); @@ -1588,7 +1588,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: /* Already parsed */ @@ -1913,7 +1913,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, *out_len = 0; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) || mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) { ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( @@ -1925,7 +1925,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ if (0 /* Other kinds of KEMs */) { } else { ((void) ssl); From c9ae8622252bf3de245be745b8b408414ae9bc9d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 11:23:50 +0200 Subject: [PATCH 143/339] tls: use TLS 1.3 guards in ssl_tls13 modules Signed-off-by: Valerio Setti --- library/ssl_tls13_client.c | 10 +++++----- library/ssl_tls13_generic.c | 6 +++--- library/ssl_tls13_server.c | 12 ++++++------ 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index fbbbb6703..77325c327 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -35,7 +35,7 @@ #include "ssl_debug_helpers.h" #include "md_psa.h" -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -194,7 +194,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -211,7 +211,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return 0; } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } @@ -503,7 +503,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || mbedtls_ssl_tls13_named_group_is_ffdh(group)) { MBEDTLS_SSL_DEBUG_MSG(2, @@ -513,7 +513,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } else { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 639e59110..f8e078edf 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -39,7 +39,7 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -1496,7 +1496,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) return ret; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1625,7 +1625,7 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ /* RFC 8446 section 4.2 * diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d88aae6c7..c12631ef3 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -837,7 +837,7 @@ static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, #define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* * ssl_tls13_parse_key_shares_ext() verifies whether the information in the * extension is correct and stores the first acceptable key share and its @@ -940,7 +940,7 @@ static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, } return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, @@ -1563,7 +1563,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, break; #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension")); @@ -1588,7 +1588,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: /* Already parsed */ @@ -1913,7 +1913,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, *out_len = 0; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) || mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) { ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( @@ -1925,7 +1925,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ if (0 /* Other kinds of KEMs */) { } else { ((void) ssl); From 46520ea52d99f0d1fff225717a96294dc57cf7b7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 11:41:28 +0200 Subject: [PATCH 144/339] tls12: check buffer size before memcpy-ing data into it Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 9f37fdcf3..ff116ad02 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1774,9 +1774,10 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_DECODE_ERROR; } - /* xxdh_psa_peerkey is sized after maximum supported FFDH public key. - * PSA_VENDOR_FFDH_MAX_KEY_BITS is always larger than EC public key, so - * we can skip the buffer size check before the memcpy-ing data into it. */ + if (ecpoint_len > PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)) { + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } + memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len); handshake->xxdh_psa_peerkey_len = ecpoint_len; *p += ecpoint_len; From fe478909f094b7d732f262b67e006731ef6116e9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 12:27:19 +0200 Subject: [PATCH 145/339] psa_crypto_rsa: fix guards for importing the key Signed-off-by: Valerio Setti --- library/psa_crypto.c | 6 ++++-- library/psa_crypto_rsa.c | 8 ++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bfb368588..42a0fa7f0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -712,7 +712,8 @@ psa_status_t psa_import_key_into_slot( } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ +#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_RSA(type)) { return mbedtls_psa_rsa_import_key(attributes, @@ -721,7 +722,8 @@ psa_status_t psa_import_key_into_slot( key_buffer_length, bits); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || +#endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ } diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 534c71603..95c732970 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -44,6 +44,7 @@ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) /* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes @@ -124,9 +125,11 @@ exit: * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ +#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) psa_status_t mbedtls_psa_rsa_import_key( const psa_key_attributes_t *attributes, @@ -164,7 +167,8 @@ exit: return status; } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || +#endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ From 19fec5487da8754aca5a8df1626c60c71fe0903c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 12:31:50 +0200 Subject: [PATCH 146/339] test: remove GENPRIME dependency when RSA_KEY_PAIR_GENERATE Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 22 ++++++++++----------- tests/suites/test_suite_psa_crypto.function | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 40ea62c42..f42f073ed 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6984,44 +6984,44 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 0 bits: invalid -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: RSA, 1022 bits: not supported -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: RSA, 1023 bits: not supported -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: RSA, maximum size exceeded -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: ECC, SECP256R1, good @@ -7113,7 +7113,7 @@ depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY PSA generate persistent key: RSA, 1024 bits, exportable -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_GENPRIME:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY PSA generate persistent key: ECC, SECP256R1, exportable diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index dddfa0c7f..6b0babffd 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9634,7 +9634,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_GENPRIME */ +/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ void generate_key_rsa(int bits_arg, data_t *e_arg, int expected_status_arg) From d298b76421f4a4ea4603db0fa82f9ea8d59af17d Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 25 Jul 2023 11:33:00 +0100 Subject: [PATCH 147/339] Remove redundant casts Signed-off-by: Agathiyan Bragadeesh --- tests/src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index d9228f442..1ef26221b 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -692,7 +692,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED), 0); - TEST_EQUAL(len, (uintptr_t) end - (uintptr_t) p); + TEST_EQUAL(len, end - p); if (!mbedtls_test_asn1_skip_integer(&p, end, 0, 0, 0)) { goto exit; } @@ -722,7 +722,7 @@ int mbedtls_test_psa_exported_key_sanity_check( if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { goto exit; } - TEST_EQUAL((uintptr_t) p - (uintptr_t) end, 0); + TEST_EQUAL(p - end, 0); TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); } else From 93a859341b20aae2a2f2f1ad76f49c1a6481d157 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 25 Jul 2023 12:28:59 +0100 Subject: [PATCH 148/339] Remove remaining redundant casts Signed-off-by: Agathiyan Bragadeesh --- tests/src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 1ef26221b..7f93496e7 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -748,14 +748,14 @@ int mbedtls_test_psa_exported_key_sanity_check( MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED), 0); - TEST_EQUAL(len, (uintptr_t) end - (uintptr_t) p); + TEST_EQUAL(len, end - p); if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) { goto exit; } if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) { goto exit; } - TEST_EQUAL((uintptr_t) p - (uintptr_t) end, 0); + TEST_EQUAL(p - end, 0); TEST_ASSERT(exported_length <= From 350226f636c4d75639c9b96316a9a58c7a0dc8a8 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 25 Jul 2023 14:58:25 +0100 Subject: [PATCH 149/339] Use a macro for mbedtls_mpi_zeroize_and_free() Signed-off-by: Tom Cosgrove --- library/bignum.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 70081de09..06626c69c 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -55,10 +55,7 @@ MBEDTLS_INTERNAL_VALIDATE(cond) /* Implementation that should never be optimized out by the compiler */ -static void mbedtls_mpi_zeroize_and_free(mbedtls_mpi_uint *v, size_t n) -{ - mbedtls_zeroize_and_free(v, ciL * n); -} +#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * n) /* * Initialize one MPI From bc345e8685f2e5c5ce9e9a9d2f0c61f7cd7f9e06 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 25 Jul 2023 15:17:39 +0100 Subject: [PATCH 150/339] Protect macro parameter expansion with parentheses Signed-off-by: Tom Cosgrove --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 06626c69c..3cbeedc46 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -55,7 +55,7 @@ MBEDTLS_INTERNAL_VALIDATE(cond) /* Implementation that should never be optimized out by the compiler */ -#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * n) +#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) /* * Initialize one MPI From afe4b79114cc113114c683e818ec48b19bcb7312 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Jul 2023 10:23:02 +0200 Subject: [PATCH 151/339] Enable DH in generate_psa_tests.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- scripts/mbedtls_dev/crypto_knowledge.py | 6 ++++++ tests/scripts/generate_psa_tests.py | 25 +++++++++++++++++++++---- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index 819d92afb..eab6f5660 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -138,6 +138,9 @@ class KeyType: """Whether the key type is for public keys.""" return self.name.endswith('_PUBLIC_KEY') + DH_KEY_SIZES = { + 'PSA_DH_FAMILY_RFC7919': (2048, 3072, 4096, 6144, 8192), + } # type: Dict[str, Tuple[int, ...]] ECC_KEY_SIZES = { 'PSA_ECC_FAMILY_SECP_K1': (192, 224, 256), 'PSA_ECC_FAMILY_SECP_R1': (225, 256, 384, 521), @@ -175,6 +178,9 @@ class KeyType: if self.private_type == 'PSA_KEY_TYPE_ECC_KEY_PAIR': assert self.params is not None return self.ECC_KEY_SIZES[self.params[0]] + if self.private_type == 'PSA_KEY_TYPE_DH_KEY_PAIR': + assert self.params is not None + return self.DH_KEY_SIZES[self.params[0]] return self.KEY_TYPE_SIZES[self.private_type] # "48657265006973206b6579a064617461" diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index f5d83c6fb..738136cfc 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -152,10 +152,8 @@ class Information: def remove_unwanted_macros( constructors: macro_collector.PSAMacroEnumerator ) -> None: - # Mbed TLS doesn't support finite-field DH yet and will not support - # finite-field DSA. Don't attempt to generate any related test case. - constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR') - constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY') + # Mbed TLS does not support finite-field DSA. + # Don't attempt to generate any related test case. constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR') constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY') @@ -261,12 +259,16 @@ class KeyTypeNotSupported: ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR', 'PSA_KEY_TYPE_ECC_PUBLIC_KEY') + DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR', + 'PSA_KEY_TYPE_DH_PUBLIC_KEY') def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]: """Generate test cases that exercise the creation of keys of unsupported types.""" for key_type in sorted(self.constructors.key_types): if key_type in self.ECC_KEY_TYPES: continue + if key_type in self.DH_KEY_TYPES: + continue kt = crypto_knowledge.KeyType(key_type) yield from self.test_cases_for_key_type_not_supported(kt) for curve_family in sorted(self.constructors.ecc_curves): @@ -276,6 +278,13 @@ class KeyTypeNotSupported: kt, param_descr='type') yield from self.test_cases_for_key_type_not_supported( kt, 0, param_descr='curve') + for dh_family in sorted(self.constructors.dh_groups): + for constr in self.DH_KEY_TYPES: + kt = crypto_knowledge.KeyType(constr, [dh_family]) + yield from self.test_cases_for_key_type_not_supported( + kt, param_descr='type') + yield from self.test_cases_for_key_type_not_supported( + kt, 0, param_descr='group') def test_case_for_key_generation( key_type: str, bits: int, @@ -304,6 +313,8 @@ class KeyGenerate: ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR', 'PSA_KEY_TYPE_ECC_PUBLIC_KEY') + DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR', + 'PSA_KEY_TYPE_DH_PUBLIC_KEY') @staticmethod def test_cases_for_key_type_key_generation( @@ -341,12 +352,18 @@ class KeyGenerate: for key_type in sorted(self.constructors.key_types): if key_type in self.ECC_KEY_TYPES: continue + if key_type in self.DH_KEY_TYPES: + continue kt = crypto_knowledge.KeyType(key_type) yield from self.test_cases_for_key_type_key_generation(kt) for curve_family in sorted(self.constructors.ecc_curves): for constr in self.ECC_KEY_TYPES: kt = crypto_knowledge.KeyType(constr, [curve_family]) yield from self.test_cases_for_key_type_key_generation(kt) + for dh_family in sorted(self.constructors.dh_groups): + for constr in self.DH_KEY_TYPES: + kt = crypto_knowledge.KeyType(constr, [dh_family]) + yield from self.test_cases_for_key_type_key_generation(kt) class OpFail: """Generate test cases for operations that must fail.""" From 636d85724a32e5df9c745288f8542781588596d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Jul 2023 11:00:36 +0200 Subject: [PATCH 152/339] Shorten DH_FAMILY just like ECC_FAMILY MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- scripts/mbedtls_dev/crypto_knowledge.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index eab6f5660..3230a005d 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -34,7 +34,7 @@ def short_expression(original: str, level: int = 0) -> str: unambiguous, but ad hoc way. """ short = original - short = re.sub(r'\bPSA_(?:ALG|ECC_FAMILY|KEY_[A-Z]+)_', r'', short) + short = re.sub(r'\bPSA_(?:ALG|DH_FAMILY|ECC_FAMILY|KEY_[A-Z]+)_', r'', short) short = re.sub(r' +', r'', short) if level >= 1: short = re.sub(r'PUBLIC_KEY\b', r'PUB', short) From c154a043bb299847ec6c36b32517f0d99b032a1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Jul 2023 11:01:14 +0200 Subject: [PATCH 153/339] Fix dependencies for DH (and RSA) key pairs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - RSA was missing the MBEDTLS_ prefix. - DH needs the same temporary fix (prefix + suffix) for now. - hack_dependencies_not_implemented() needs to ignore MBEDTLS_PSA_WANT dependencies. While at it, make the code currently used for ECC more generic, so that it's ready to be used for RSA and DH in the near future. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/generate_psa_tests.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index 738136cfc..cad788461 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -111,7 +111,7 @@ def hack_dependencies_not_implemented(dependencies: List[str]) -> None: _implemented_dependencies = \ read_implemented_dependencies('include/psa/crypto_config.h') if not all((dep.lstrip('!') in _implemented_dependencies or - 'PSA_WANT' not in dep) + not dep.lstrip('!').startswith('PSA_WANT')) for dep in dependencies): dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET') @@ -121,7 +121,14 @@ def tweak_key_pair_dependency(dep: str, usage: str): symbols according to the required usage. """ ret_list = list() - if dep.endswith('KEY_PAIR'): + # Note: this LEGACY replacement DH is temporary and it's going + # to be aligned with ECC one in #7773. + if dep.endswith('DH_KEY_PAIR'): + legacy = dep + legacy = re.sub(r'KEY_PAIR\Z', r'KEY_PAIR_LEGACY', legacy) + legacy = re.sub(r'PSA_WANT', r'MBEDTLS_PSA_WANT', legacy) + ret_list.append(legacy) + elif dep.endswith('KEY_PAIR'): if usage == "BASIC": # BASIC automatically includes IMPORT and EXPORT for test purposes (see # config_psa.h). From 182eb1514e49a1dc1eafffd83ab7abf03e3c6591 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Jul 2023 17:58:09 +0200 Subject: [PATCH 154/339] Fix KeyType.can_do() for DH+FFDH MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- scripts/mbedtls_dev/crypto_knowledge.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index 3230a005d..45d253b9b 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -267,6 +267,8 @@ class KeyType: if alg.head in {'PURE_EDDSA', 'EDDSA_PREHASH'} and \ eccc == EllipticCurveCategory.TWISTED_EDWARDS: return True + if self.head == 'DH' and alg.head == 'FFDH': + return True return False From e256cc1552d05e609391bce8bc2f1dfb45060511 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 26 Jul 2023 17:28:48 +0200 Subject: [PATCH 155/339] Add 32bit test component for ecp with new bignum interface Signed-off-by: Gabor Mezei --- tests/scripts/all.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e3db6fdbd..b6f6b600c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4205,6 +4205,19 @@ component_test_have_int64 () { make test } +component_test_have_int32_cmake_new_bignum () { + msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" + scripts/config.py unset MBEDTLS_HAVE_ASM + scripts/config.py unset MBEDTLS_AESNI_C + scripts/config.py unset MBEDTLS_PADLOCK_C + scripts/config.py unset MBEDTLS_AESCE_C + scripts/config.py set MBEDTLS_TEST_HOOKS + make CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32 -DMBEDTLS_ECP_WITH_MPI_UINT" LDFLAGS="$ASAN_CFLAGS" + + msg "test: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" + make test +} + component_test_no_udbl_division () { msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s scripts/config.py full From a12baf8c5fd7968859f1c4c9c0bb319d8cf08285 Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar Date: Wed, 19 Jul 2023 08:39:20 +0100 Subject: [PATCH 156/339] Update test scripts to use latest/earliest compilers The Ubuntu 16.04 and 22.04 docker images have been updated with earliest and latest versions of gcc and clang respectively. This patch adds the necessary component and support functions required for the CI to run these compilers. For FreeBSD we invoke the function by name so a condition is added to disable the existing test_clang_opt function for linux. Signed-off-by: Gowtham Suresh Kumar --- scripts/output_env.sh | 12 +++++++++++ tests/scripts/all.sh | 47 +++++++++++++++++++++++++++++++++++++++---- 2 files changed, 55 insertions(+), 4 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 1d9e0faeb..ce2c50065 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -105,9 +105,21 @@ echo print_version "gcc" "--version" "" "head -n 1" echo +print_version "gcc-earliest" "--version" "" "head -n 1" +echo + +print_version "gcc-latest" "--version" "" "head -n 1" +echo + print_version "clang" "--version" "" "head -n 2" echo +print_version "clang-earliest" "--version" "" "head -n 2" +echo + +print_version "clang-latest" "--version" "" "head -n 2" +echo + print_version "ldd" "--version" "" "head -n 1" echo diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a747c9d1e..21f537106 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -195,6 +195,13 @@ pre_initialize_variables () { # they are defined. ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") + # For Linux platforms we run latest/earliest versions of clang and the + # test_clang_opt function is only for FreeBSD. This condition removes + # test_clang_opt element from the ALL_COMPONENTS array for Linux. + if [[ $(uname) == "Linux" ]]; then + ALL_COMPONENTS=( "${ALL_COMPONENTS[@]/test_clang_opt}" ) + fi + # Exclude components that are not supported on this platform. SUPPORTED_COMPONENTS= for component in $ALL_COMPONENTS; do @@ -3993,6 +4000,7 @@ component_test_cmake_shared () { test_build_opt () { info=$1 cc=$2; shift 2 + $cc --version for opt in "$@"; do msg "build/test: $cc $opt, $info" # ~ 30s make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" @@ -4005,14 +4013,45 @@ test_build_opt () { done } -component_test_clang_opt () { +# For FreeBSD we invoke the function by name so this condition is added +# to disable the existing test_clang_opt function for linux. +if [[ $(uname) != "Linux" ]]; then + component_test_clang_opt () { + scripts/config.py full + test_build_opt 'full config' clang -O0 -Os -O2 + } +fi + +component_test_clang_latest_opt () { scripts/config.py full - test_build_opt 'full config' clang -O0 -Os -O2 + test_build_opt 'full config' clang-latest -O0 -Os -O2 +} +support_test_clang_latest_opt () { + type clang-latest >/dev/null 2>/dev/null } -component_test_gcc_opt () { +component_test_clang_earliest_opt () { scripts/config.py full - test_build_opt 'full config' gcc -O0 -Os -O2 + test_build_opt 'full config' clang-earliest -O0 +} +support_test_clang_earliest_opt () { + type clang-earliest >/dev/null 2>/dev/null +} + +component_test_gcc_latest_opt () { + scripts/config.py full + test_build_opt 'full config' gcc-latest -O0 -Os -O2 +} +support_test_gcc_latest_opt () { + type gcc-latest >/dev/null 2>/dev/null +} + +component_test_gcc_earliest_opt () { + scripts/config.py full + test_build_opt 'full config' gcc-earliest -O0 +} +support_test_gcc_earliest_opt () { + type gcc-earliest >/dev/null 2>/dev/null } component_build_mbedtls_config_file () { From 186731b22acea22c0af32e2577c7ce1cb6e2491e Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar Date: Wed, 26 Jul 2023 15:47:45 +0100 Subject: [PATCH 157/339] Fix warnings from clang-16 Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes". This patch fixes these warnings by adding void to functions with no arguments. The generate_test_code.py is modified to insert void into test functions with no arguments in *.function files. Signed-off-by: Gowtham Suresh Kumar --- library/ecp.c | 2 +- programs/fuzz/common.c | 2 +- programs/fuzz/common.h | 2 +- programs/ssl/ssl_context_info.c | 6 +++--- programs/test/udp_proxy.c | 2 +- tests/scripts/generate_test_code.py | 5 +++++ tests/scripts/test_generate_test_code.py | 12 ++++++------ 7 files changed, 18 insertions(+), 13 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 049a1e015..29f5bc77f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3639,7 +3639,7 @@ cleanup: #if defined(MBEDTLS_TEST_HOOKS) MBEDTLS_STATIC_TESTABLE -mbedtls_ecp_variant mbedtls_ecp_get_variant() +mbedtls_ecp_variant mbedtls_ecp_get_variant(void) { return MBEDTLS_ECP_VARIANT_WITH_MPI_STRUCT; } diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c index 75021bb2f..98aa4037b 100644 --- a/programs/fuzz/common.c +++ b/programs/fuzz/common.c @@ -13,7 +13,7 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) } #endif -void dummy_init() +void dummy_init(void) { #if defined(MBEDTLS_PLATFORM_TIME_ALT) mbedtls_platform_set_time(dummy_constant_time); diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h index bc817bd76..094383c7a 100644 --- a/programs/fuzz/common.h +++ b/programs/fuzz/common.h @@ -15,7 +15,7 @@ typedef struct fuzzBufferOffset { #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); #endif -void dummy_init(); +void dummy_init(void); int dummy_send(void *ctx, const unsigned char *buf, size_t len); int fuzz_recv(void *ctx, unsigned char *buf, size_t len); diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index a5f065032..855b0911f 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -125,12 +125,12 @@ const char buf_ln_err[] = "Buffer does not have enough data to complete the pars /* * Basic printing functions */ -void print_version() +void print_version(void) { printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR); } -void print_usage() +void print_usage(void) { print_version(); printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n" @@ -179,7 +179,7 @@ void printf_err(const char *str, ...) /* * Exit from the program in case of error */ -void error_exit() +void error_exit(void) { if (NULL != b64_file) { fclose(b64_file); diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index ac527f257..685e336e6 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -644,7 +644,7 @@ void delay_packet(packet *delay) memcpy(&prev[prev_len++], delay, sizeof(packet)); } -int send_delayed() +int send_delayed(void) { uint8_t offset; int ret; diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index ff7f9b997..c42f9a84b 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -667,6 +667,11 @@ def parse_function_code(funcs_f, dependencies, suite_dependencies): code = code.replace(name, 'test_' + name, 1) name = 'test_' + name + # If a test function has no arguments then add 'void' argument to + # avoid "-Wstrict-prototypes" warnings from clang-16 + if len(args) == 0: + code = code.replace('()', '(void)', 1) + for line in funcs_f: if re.search(END_CASE_REGEX, line): break diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py index fe748aeb4..b32d18423 100755 --- a/tests/scripts/test_generate_test_code.py +++ b/tests/scripts/test_generate_test_code.py @@ -647,7 +647,7 @@ void func() self.assertEqual(arg, []) expected = '''#line 1 "test_suite_ut.function" -void test_func() +void test_func(void) { ba ba black sheep have you any wool @@ -690,7 +690,7 @@ exit: expected = '''#line 1 "test_suite_ut.function" -void test_func() +void test_func(void) { ba ba black sheep have you any wool @@ -750,7 +750,7 @@ exit: void -test_func() +test_func(void) { ba ba black sheep have you any wool @@ -803,7 +803,7 @@ exit: -void test_func() +void test_func(void) { ba ba black sheep have you any wool @@ -1139,7 +1139,7 @@ void func2() #if defined(MBEDTLS_ENTROPY_NV_SEED) #if defined(MBEDTLS_FS_IO) #line 13 "test_suite_ut.function" -void test_func1() +void test_func1(void) { exit: ; @@ -1156,7 +1156,7 @@ void test_func1_wrapper( void ** params ) #if defined(MBEDTLS_ENTROPY_NV_SEED) #if defined(MBEDTLS_FS_IO) #line 19 "test_suite_ut.function" -void test_func2() +void test_func2(void) { exit: ; From a55f042636af216abae1cfff75847cf56a22d3f8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 15:34:41 +0200 Subject: [PATCH 158/339] psa: replace DH_KEY_PAIR_LEGACY with new symbols Signed-off-by: Valerio Setti --- include/mbedtls/config_psa.h | 20 ++-- library/psa_crypto.c | 24 ++--- library/psa_crypto_ffdh.c | 17 ++-- .../src/drivers/test_driver_key_management.c | 2 +- tests/suites/test_suite_psa_crypto.data | 94 +++++++++---------- 5 files changed, 79 insertions(+), 78 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 611d5aba3..e113865ca 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -1041,20 +1041,16 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 #endif -/* Temporary internal migration helpers */ -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) || \ - defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \ - defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \ - defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) -#define MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +/* See description above */ +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 #endif -/* Temporary internal migration helpers */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY +/* See description above */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 #endif /* These features are always enabled. */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c890e12b7..d37bb59d0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -127,9 +127,9 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) (void) hash_alg; return global_data.drivers_initialized; } -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY) + defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) static int psa_is_dh_key_size_valid(size_t bits) { if (bits != 2048 && bits != 3072 && bits != 4096 && @@ -139,9 +139,9 @@ static int psa_is_dh_key_size_valid(size_t bits) return 1; } -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY || +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT || MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || - MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY */ + PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */ psa_status_t mbedtls_to_psa_error(int ret) { @@ -687,7 +687,7 @@ psa_status_t psa_import_key_into_slot( return PSA_SUCCESS; } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_DH(type)) { if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { @@ -699,7 +699,7 @@ psa_status_t psa_import_key_into_slot( key_buffer_length, bits); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) @@ -1510,7 +1510,7 @@ psa_status_t psa_export_public_key_internal( #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ } else if (PSA_KEY_TYPE_IS_DH(type)) { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) return mbedtls_psa_ffdh_export_public_key(attributes, key_buffer, @@ -1519,7 +1519,7 @@ psa_status_t psa_export_public_key_internal( data_length); #else return PSA_ERROR_NOT_SUPPORTED; -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ } else { (void) key_buffer; @@ -7390,13 +7390,13 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( } else #endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) */ -#if defined(MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY) +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { if (psa_is_dh_key_size_valid(bits) == 0) { return PSA_ERROR_NOT_SUPPORTED; } } else -#endif /* defined(MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY) */ +#endif /* defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) */ { return PSA_ERROR_NOT_SUPPORTED; } @@ -7447,14 +7447,14 @@ psa_status_t psa_generate_key_internal( } else #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE) if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { return mbedtls_psa_ffdh_generate_key(attributes, key_buffer, key_buffer_size, key_buffer_length); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE) */ { (void) key_buffer_length; return PSA_ERROR_NOT_SUPPORTED; diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index d8a208fae..20dfd2dcf 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -29,7 +29,8 @@ #include "mbedtls/platform.h" #include "mbedtls/error.h" -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size, @@ -118,11 +119,12 @@ cleanup: return PSA_SUCCESS; } -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY || +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE || MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || MBEDTLS_PSA_BUILTIN_ALG_FFDH */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) psa_status_t mbedtls_psa_ffdh_export_public_key( const psa_key_attributes_t *attributes, @@ -178,7 +180,10 @@ cleanup: return status; } +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE) psa_status_t mbedtls_psa_ffdh_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) @@ -212,7 +217,9 @@ cleanup: return status; } +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT) psa_status_t mbedtls_psa_ffdh_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, @@ -230,9 +237,7 @@ psa_status_t mbedtls_psa_ffdh_import_key( return PSA_SUCCESS; } - -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY || - MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY */ +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) psa_status_t mbedtls_psa_ffdh_key_agreement( diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 1996651ff..19da47ad6 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -245,7 +245,7 @@ psa_status_t mbedtls_test_transparent_generate_key( } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE) return libtestdriver1_mbedtls_psa_ffdh_generate_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key, key_size, key_length); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f42f073ed..24e27f816 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -507,7 +507,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:P import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 PSA import/export FFDH RFC7919 2048 key pair: good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 2048 public key: good @@ -515,7 +515,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 3072 key pair: good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 3072 public key: good @@ -523,7 +523,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 4096 key pair: good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 4096 public key: good @@ -531,7 +531,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 6144 key pair: good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 6144 public key: good @@ -539,7 +539,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 8192 key pair: good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 8192 public key: good @@ -547,11 +547,11 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 2048 key pair: export not permitterd -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export FFDH RFC7919 2040 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_with_data:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 2040 public key: import invalid key length @@ -559,7 +559,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_with_data:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 3064 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_with_data:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E9":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 3064 public key: import invalid key length @@ -567,7 +567,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_with_data:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C8":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 4088 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_with_data:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C655":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 4088 public key: import invalid key length @@ -575,7 +575,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_with_data:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 6136 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_with_data:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF1852":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 6136 public key: import invalid key length @@ -583,7 +583,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_with_data:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE688":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 8184 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_with_data:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE38788122":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 8184 public key: import invalid key length @@ -591,7 +591,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_with_data:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F02811":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 2048 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 2048 public key: export buffer to small @@ -599,7 +599,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 3072 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 3072 public key: export buffer to small @@ -607,7 +607,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 4096 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 4096 public key: export buffer to small @@ -615,7 +615,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 6144 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 6144 public key: export buffer to small @@ -623,7 +623,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 8192 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 8192 public key: export buffer to small @@ -635,7 +635,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export_public_key:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0" PSA import/export-public FFDH RFC7919 key pair 2048 good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export_public_key:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"AA396C4E08F47E499243FF17B3E0D019415A52FB6E31FCA71B2B9F46FE84E3A611757DD414A21E1BE8A8FFD60479348245918F7D771EC4A78733F627F72CE0FE1717EE3950B4DB7982577A332CC66C3F3EEB79CD604568644FD3EDAE35A08F3C75C7A99E1A24CB8B56CF7D102984568C0D93BAB9C760F22BB2AC3BEE62E532010E6EEB5A3FB2ABE1EEE1562C1C8D9AC8F781B7283C846B435F4BD4F437EE4D60B97B6EF6ECE675F199E6A40EEFFDC8C65F2973B662782FD2069AEFC026560FA57DE67474AD1A5C8837FF0644F6D0E79161DE5AC38B4837818A5EC38D335D6ECCCC1F9FC676D3548BA30635C5DB24C02BF86977E401E47C3262B81C84C340D729" PSA import/export-public FFDH RFC7919 public key 3072 good @@ -643,7 +643,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export_public_key:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512" PSA import/export-public FFDH RFC7919 key pair 3072 good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export_public_key:"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"c6dbc8151d22313ab19feea7be0f22f798ff9bec21e9da9b5020b6028395d4a3258f3db0cee7adda3f56864863d4c565498d59b205bcbcc3fc098d78efd4e6b4e09b97971c6fd00cd2fa63bb0b3c7380cc1c19fbb34d077fda61c4a71c254242aa5870786b5d0fd3cb179f64f737eb7ab83b57ca70f93955f49b43869ca2ea441650f48a516137229be2926b02129de4089c9d129df7d76848ecda1bcecda1cf95df195e8e388ee70fac0f1c4d9b38e745b067ee88b32e6d59cb159a95852f18b121f85fedfbb6a2c6962ed70cc1ae471813e1bdc053abacccd1eec79359a6f15ec55d92bbf3890b912fbbb2c029407e1493315394a290f4ce81c0d9dccfbab386b745145cb173b9e08f018d309200691b72acafb313cebf483ff8810080bce9516aa5382a18c3c10965a33176d93d8c51f83d6fca7f606200bb7c779a891fd65dd7ed6972f6835f4e94d928f89f1d0ee204b1ef073a761c65241a76f254695ac31842600aa0753c94e6c805c24ed101bbb26c96928db1166a91c7fea8bc3b90" PSA import/export-public FFDH RFC7919 public key 4096 good @@ -651,7 +651,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export_public_key:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B" PSA import/export-public FFDH RFC7919 key pair 4096 good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export_public_key:"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"e0c2e35be32adb92560e6557d07ba9bab295792063a2724f9e381e9f2644423e73efeb074ddee70388444bc1a67edfe496a6c38eafff45ec500278f9b896a6fb1de4a59461e6fcf1de17867018e0c362876ae107fd4287383989a4ab41cd44844b103cf58085aa52b49527df433446fa5c4665037475e8f78c8d64d5d60a462603d292d02c539329e9d48c25e05083fa98fd6a513c84f0e2ced9121c2f5922559abb5e2fe3081e6bf2256d6043af211a70fe48e371bf683b953f199821fe0fbe924151dc772e72db53492ba5613bcf5661b7ed419fa02f332443be5f8b97908800077306abf6fd796afdbbdbc2badb21501ccee5ed67635b3cf37819f5d1db5370d77960ac0535a029b0af1bf634679367d35db0e7f38bbe0a022392efefc6b8ccf1e9f53bd7ac28012f6bf5e3701476606eb4649c64377b1e0c418840486bb4a286ebaf685449061ee375487e9e9164d0a7c9327c7b667b1933dc3adb11358e76457d594c19b88e8a689107c641d3503a7639159f3cdae7f58398204d29895e84fb82e192b796866c27d8373a36c5c062a445f6fd515e561d7c2328e7424057229689fe7851432f706f21e114f74d21ca3b01f1aa57d2743f28f8dbfa5ef5c584de2012d82ee978bb7cd713001237e76b5ee12e3cc51393cbcfe1717cefdf885022f18e66661097fe1ce91d0508e1931cf3774bd83d8f068711e09943b82355" PSA import/export-public FFDH RFC7919 public key 6144 good @@ -659,7 +659,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export_public_key:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D" PSA import/export-public FFDH RFC7919 key pair 6144 good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export_public_key:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D" PSA import/export-public FFDH RFC7919 public key 8192 good @@ -667,7 +667,7 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export_public_key:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187" PSA import/export-public FFDH RFC7919 key pair 8192 good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export_public_key:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187" PSA import: reject raw data key of length 0 @@ -6796,35 +6796,35 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_ raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d":"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d" PSA raw key agreement: FFDH 2048 bits -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"718ab2b5da3bc6e7767a98fb2c172bd74003fae2acffbc9a53d9b358401c1c748da36cab277e9397bc5eeec3010321d0f882d959eb097adddc99745526b213e30dc0df9fb1e4cd3fc27bfb1d6e89c715373439a66b9a13aa1334c84799827c17be1c36c1bc02fe60ea698da790fe4d2af710a435a1aae7fb11cd2a90a17ad87dde4f154b325dc47d8ea107a29d10a3bfa17149a1f9e8a1f7b680bfdca90fb0913c0b681670d904de49d7d000d24060330d4d2e4a2381d78c49e272d313174218561ceeb37e2ef824905d0fa42d13d49a73018411aeb749f7f4fc765bdc6db58bcebd995d4c949b0061f20759e1263d8f9ba3fd56afda07c178997256bb7d5230" PSA raw key agreement: FFDH 2048 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"9156de25da686a831ca0645bfb49df73e4a126ab864393e943b3d12b7ad32cbf21709268bf918c4e03e9a3b54bd230d88f1ceaa2810fae5fd4091d31e76153daaf0da9168a7b39fa85acf618622efd1f70d5866e518f256d0ff90a0c468c41a329fb1dd837b18a4300be0f25b108fe7210705cdc0436df84592c1a8b372c5028d67ed5231f846452c942a5f087b3830aa139b0b045a7ae38903497e4ddd0585ce20504ff70e13dbadf77a73d5514eb9c38feeae3cb773311b360f8304f67cf3f2282e4aad47f1494b5823ae2196a23ca426426bef427e4056df1f9144b20bf0b1f6da451f8eead38fdc5bb71074e4d43e21bc6fa787a681c0ef92c633d73b348":"8a73c0f5d874a2afb718efa66f78c80adf713562145a9f5a1df5f2bb9ead8827eb518a769dc089364768b27b2e49ca465ec7c0710b3054ae256aec25de72bd435b3ede0e17ab50cc8ed102fa6a83a9f09454e59e218b894ee130fbd772fb95a83aba29c6b270daba1f3842b2eae2ad1eafe7945888a55cb459547d6cb0b276d25218df8948a86e49f3fefae9c5b30ca8a7fd1bac1c3a5cb4dedfbcbb5c6e5bafbdf8ffcb37d245260d00658450fad1ced83b5afedc43def222c7196f0531e101b3a777e5f5141597fe8c093485d0c8cc752b03e7f551ef3648b1da330fe3ba5dbbb9f11c1a44ef6c0c9c492b6140391254abb7ae8d3e77b4655ab6dd155ba2a1":"00a376f5bed9c27cfa7fa6e01ecd4094b6a189a6184270ea22cb5b2649a6c4b33682e0625536f7d61722fe85381d8ead8b283496db84f8e6b2eb7c5b015eb15c9bfa5eae290612e2aef4014d6bdce902f5907f73f6722d827b73297d14aa677ed1b75bc26785bb32cf60bed1d9467b2ac069ebe48ee9196bdbaa4565f9cfbff3c31e812c58d65bd5b4c45751d1439930d2ea237030307623a0b149a21077397ec5e2c50610c01f76cdec43ff2f9177a0b3a2b18de2a787d42b6f8bdacdcce49a6884f38c5a729e54ce616da439fc9fd6d7d266188b79e40800f22b8c21adcb1f8ffd2f5225e3dc4c485dc4df8184c04f0dea3b2c3f9b04e42e229fe1a24a77ba" PSA raw key agreement: FFDH 3072 bits -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"ff5de4e90966aadab8299ddbf8169af2c0d8d0d99a17b4a2e62ff55b36a69fe4566a775970dd0c2904465884b75b67756b0d04b68838e80d8bc84a741cd67d735ba7aec9b55a30cce1df81203fd5deb57bbec027846eb010054b4d5b911041f721358fc8acfc9c5f06d76932f42103adcde97d5607d93303a94fa9f9caea7108ce67a9ce866ef11b2b4ea8c2acb27340735ee8c64e7516e17bff3cf3ede166767f30cada892997f6b5309fc2cca54364678b93d044b4d8e5570e1f64127fcc21d8724fff275290d803df5fa413ec2f5231ce75a58f14a467cb80cc3c4f1f0a4a62ecc17c65f2723d3f7f804b2a02c91adbfea1b2bbbc9cf9a38df29da92a71375447c81c55b8fb4086f71d57e3260da06e08393f6329aa35e673a75545dee66d01e0c7243412c6e2043a984849b67095be3fb3bf39fff291639c57e44fda5d7c1898327c40c1815e88efe0330b4481e462d30e235f607dc9e53d99521f527d65bf3edb4d0332d6d074e652e84a2ffc5d75d1734b55f3b446db122af2a502f8a0" PSA raw key agreement: FFDH 3072 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"1c357f078144dbbf6815e798fbc6d98037a65bbd01961c6eb82d1f97bd0993132cfbba209e95e8a231e3bed2616b41119cc5a2f97d5da71ac2d6d0a6617a4e7b5d61857627cbfa57161de3aa6a2afac23f50e4a35dca1a82376879e695892a88323af1c0728eb1a76b2d3a1684df3f91ced0728f954d5349981cec5e309137f6d4e837d22f24a13fbd7985e2169b61aae812a68a1a4b3427b1e9f8612002b5fd711b9c9518c777c4e554a5109c9f079b929d5895df748a24d659d39e787076a1f1d9237a89b52c296644165d2625c541ff5052371093046f4b6abc28d3d2fbb4eb1cd2aa3d393a030f71c7050681b017febccd3bb947c6dbecf6fca28adb2a0f06e7cd9a6aa6eda160f0a3098bdd7a719f31beda56ffa0e26a212834d0da1f53e0739ef3ddbd119ff61b497d420585e3a8ea7cc3370829297da76edd3fb701d8efff6116dd87e6e542e82a76ab76cf5a75eb4638e817679fe06a5a3f04e67a101d154f4c2ccbf70b8bec0e5663fdd838ac0f4a4da02f0071e514b6c6d0ff3358":"17ec74c211f655be646c2f006056230208dcff38644efc429591562f3869f867e7b79cdfb3e426fef60ca77d9fc80ea39e21ec060321bab3c7820177eba4242d0cd9f0301e4da7146608409add169ed05dfda2702a437f3e2b8cd162a0e50da2682433d50c37cc1aeabc5c7cd8fdd359381a8d192af00d7f41b8c049b1e552b832224b40f9d85c4307f0b76b0e2605858fb33e594ac1d0c04d358209ad47133e76fa8dafd0f2370b1944a4780138618eaf66f6d4961c584aa7a34bcc1c78bbd15e7f5a2b8beaa8f66819dc04eabe08b24cabfe69e2b78a12470162ba6703bbbcf34890b8af761d36c33e3b72f631dbc5dd6f1fbafca18a8498623ea00bd9aa6b426da30e2ebc27075eb589b237d1dc54e215a6b6ec40220f14e320b72c5f702ee496b53a63edd5620294d9be88a862544c561b4e175ff3c094ab3adacc579334cb95fa2d29b17fa483ba50d6270b6478ce4f26b564bec6ae82a60e2c15456c4610b6567ba7d91218b59a670c517179d30d743751ae3c3e777ec1f29af890b2ec":"00abc3c15e3f8156a2785949d76c96c22fffb49b0701c29fb6711b51af0ce2851a8b469b4cb25750e2c35938f848f31f179470e3271eb6b8780ad5d757a2c1353f825baf55e5c76fbf4c73d2f0cdab409e8c4f85c3001da101cc97bea764c72e844cfad5f00cb8a81a5bfce5a4bf62b68ff2d13515064b17f23b7f6e6a65440856715d2696fa1957cc022b29e38fdbb8c2a0a54e22595ed66bc4c74c36d525b60900c7427274a9d60ea289a04715a677fb9c71eb1dbb38e30f30b2af8fa24f18a5a13e9f6ee83aeb4ec3f9452986399e2673ada70826b0a84cf446a21cce41e5119bf50798bc5fc9ffca9febe4ffc9d64f1b8abae11c7c8f5da0da2288b0f7a8aed286af03d06cdb1914fc50054bdd46c289c18b14297c4254b39ab5fd719264841b981c6531a80ebc8a59ebdfec9ae0413f3f9795622fad3bd34778e539ae104b8a85918401b10a3802a81db413bddac66f83b6428a33fe5c217a2d0feef50c8ef933d6e3d0f10d8b8630c52c89ae78385716efbfb855729ad0e5ef39828e6b" PSA raw key agreement: FFDH 4096 bits -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"262392693c8ca0da404d0195742df69a6b87d22984765c91e3c9dbbc0293960cf1f9deb7a25998a91f8c6b9756224435fc143f31690af35eb211acffec542c8f8fbea3c9112d666639d40a699467bb195815b8b816363ca44baa4df22eca425fa9ab1471ddf045f4e252090663c1c536dd29623c324c7e18b694f83a6c655fb3d95d5a9831ccc9978f66916e95aff49d973f322e2b43f5632a19d79d615a56539aa2ec8f4441bbf4f8016f8c23407e371e9de212c6f1d7d3ca4093c2648451eef68c03aa251547e94046d5fbdffb5cdc0f713bc390111d6727fc1d11243046203ad6632d91c1df3efa77ce530ff26376a208349f2b18628422c9ae13ef84f4a15c1e05ce5fb92ff55547943db4727d091308deb85f54acb94d14411049924b79da131e736a9af42a3fa7139d0357925f430c6cd4330b01ff66f5f8cca26f4230d562f45d5f75bd6d133114449205263c5631f3d561e2ed81e6aa54376094757cbb6f6857c03574e9f6042dc80ea78be470b836c5371a3fae8c119f67c28f856fe70c2affb46574a4356e995a45bdf35e50a6f3a2556d3d1d7c42db8e63430933ffc4783d571908a1270a3cd20d87678cc288ccc183c7cd7512587536a8e15267dd5af0ad3b501ecebc0ecd9ecfd410ce356f9305e4a32cfcafa676da5b5a9ed9b13a5e4cfc06e87310ccdc3ed988699610d7d3125de13a8ac0b59f782859f0b1" PSA raw key agreement: FFDH 4096 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"d39cf86d9d81011fc48d3bd489decd4cd520ba87e469b5899fae777109ff7b43c8c809814521a8d66ac33099c9bd2a8567a202c21a8b5457603ac1ce95ea9ae705efd69fb7c514295059938d818bb65b7c881d1ef9541346be2131143f51db13109e9a4fdff1ef2208839c89eb1c1d52018c77c33f5b7e73a747002997c75f4a3dcf15e7cd73938ece0cdefc9fcfa2c4b1c3416eb2fecc00ce328b0b2bead58493b3e8c25d3c0a675bf6ce2363917d1e74a7987a464709fcfcd1b512b67dc1023ade2cc027109169ffcb51625fbb0c607946a6009811be07047024bb6e517f388a99a08f2c73b7e0b779d8469797eb3153f2e5ddde2931a8f97c586e20c5e521b84d015a52f8e13d5fa34c32bc118b62d34cf157f1db40423f384a16a78c7e1569a5d754db6216f6412abfa7c440586c506d5be88d5172a311b8f16f70a06162dbab6ee09fea55c47f6538d3775d236cfa50824f5c8bafa44bcd9424aa620ef17466413f35aa6e6eb5c8d8a26a7ffd6e8bda2dc5ada4b296885635fc8a73933de059ff403fb0a322bf6daba24330a7be204c307f44260b4d34000d2142f79654360af82179f9d5e18e8f47c7d94a10fd077f011bdef578a2b57d5a382ca404f67fd3c59d95a3481f1311c7454bb45acba1e1c30acb6a9fbda70aea30a9ca76471dc46e504abae9a06eb9a8cfed83143cffef3c530b03185609a55484aaf9f677":"b7baa37aca4cd56e4107c3e428a7a568adbf678e741ad89f157f66803370618abfd8ec7c159d84a741c276ea119eaf2ec1bc4431a073d92de3dbca1287a37522b2ca4ef8c0a0fa76c1dd5f665d498ae62e5e2925b6d921d797d76d86e27ac8286643c19a2a2b1361fe7dd772766e9511127fd0cf92ad98099a9e1760ad969be0a7df4936f1b37455cbfe3a1ac9b3b83205594f018bb5f64970371d4e5396f4c5e8cf0cffaa4525ee811b39632551af470efc435fab26e3cbd643feb0113bf56fd4bced3ad743e55be2eaefa7d36833f56af570ff773a3a3cf649b1ef62fb300c4c5a70d70e4d6ba1ca405483f036092f5b9f94960306515fcd4a0d8a086d826c105924d05ce5ee3dd7c62d61d1a460772b169fd943824e0efffdde3f27439e112766780bca7b4c82a2c8fac1d18894fcbd40ea5f7f23aa27024870404cf1832cfa025df193f31aa275fc685fb348c321a2186adf32c9cd203cb4b1c49b8afffbfe11e1d443711a5a1da302fa0e52b5143e6ae7aa40ed4828d03a17443f04061f56c2d3b83298d617cd3a78cd84233dda83c4e541e9b98f0f4e7fed504f888ac929f0f3e00e3569e0f0aa95dd811297efa8af84c645d59bb6c2e968c1ba77772d858ff2d7448b65c723f6a87604ce938b670b612b3eebaa795593be2cac1d631c1b7d9baccb2cbebda6019eb42469ae4209a953f48c3cd438cd1b7b06c8c54819":"0053ad8c14e1ec87d76bf9127e084beaead313bf93f0f241442316af144097077da91c83d68c78692dd952036731624ec8ea8bf8bf85f7a278289f667bd5d92a6aa2e41337ee9e6089f8ead48ff7e179c80bedc10fa6e6e0c1511f33afe96f0890e6ef9b6f981f8337e60ada56ce0ed30ab1f6f8b72a3234cbc77db017c470d549173ae203cf73b4a5901a4edf713a866069bc7790e799becde1a088e8c3e3c41ac8f9c9abf8561af51f738577e183197c85e5d3ea5bfc6471577e7daa5cd3ed53f7e72849890d2d1f8ff0a830a1ce6283dd61e5e04b25183b42074e193cfde4ed2e35b25fb57715f74290a612d21e404394d9bc4116952cf962c14149287cf71d7c8bc26a9eac0231a0dfc4ed68fad9ceb195f82ca0012c8c9ff4350bb0a2da913af26fb0f0940541dc3ad788d3cc8512e0dfdf7e5f9604437492ed8b52c5b0eabfa04231a90abbf1b29298f33b55c4e94fe7af4aa94b572d4a7f4cd67de41b90f3224b9ce57d6656835560a8c8d22496d8dd15ac37866dc1b04cdbc23847e5f2bd8d1a5639c6e91612ceba11bd1125a75dbed89f01ba738bd27ca0a788fddcec35b823f986d5be1acc037f56d236eebedf8ec50e831f532194a62740ef45b49511abbe51b7179ec04b1aa752c0182dbef3e099579fdfe2624848bfa1c389a06039bff756d4cc0cb9cb4cc2fd382336afce62a20975409e0fc5a45e7a83416c" PSA raw key agreement: FFDH 6144 bits -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"ede0361026e81a9ad960f674de49449f12ee33c2dda7028c6b7fad7f8f8a7edc495621a6d13e47847873a954adfe7bb6a2ed7c9bc21f3b57458d9116ff4ed06cfca40e2002a70bca91a9a9e0475dd74be7d58453d3cc155ee0b0be20197e14674a7a6f8d903e211cbdbdad1e3383d0d1ae6b4d56837671589d8f151acb34bb4d1cdda55a0f9d1f70e80c61553fd0152bc871e930054efe763fdcd1f8fd1702afa61b3471e7a504612c58ab05ed581b34e2a884c5dd8d2aa919855351719e2cb290d00f0b161c104415f5579731072c1382508421c8d674113b2fe25a0e979455c8f145285ed3d32b744153d3ffab7625a3173440f026ecc62d9dd1bbdff6136f5d9d5245ff307eabfa91f6a10e7cf62a889975c0afd2f707eb8a43c2499c05029ca613edae2741f8e56b186a6390fbb0962323ed6c492620c1c8a24f9a89f15c00bd7263423e714db0fe0381556a15a8e4d1b7383d52fd524425e0200f9d410833330253306b1c23c15c08310bfc12b48131c120db8444d34dd951c5fd6df44e0eecbe92ad5f13641600db68d1d2c7d8ff460058c09d89d4febf2fcaacb40c900e19e4dc868a24ec61361c452541a0fb13da53d61b59806e0598985031e161a2e887420e4c6ce217587c72cd3a7b3085d2383112e1066277ed63e82ec16ac6dc7ce0ade255f30275b9798d4476f31d8d237c4d79b13da9dc6ceed7fe626e4da6eb6cfd234b8fdec4fd4520898b13a77aa034361c0d63edef55595e3e638b48c1c00e8c683c8cffd9fac2a33f73e04aff1f4624669057c7faf51f996e3d64bea3097b4810f99c8f078887be2440f67b249467eb26a03210b4d2baeaa8dc9746a14a6cfb45297e121eef8540eb438270403105c11ef4fed87127545b81e37ee1f942605a5a46253752351dee91d0a171031defa9dd20cbb942e3940fa43542f6fbcb0980f6ef2b36297527f7c0d47e36ea203ab924e937ca10e9d9e64c6419a061a300f86ffed0e2e72a1f73310efc00118dd315a6b01e19406471e071e4c153e2216d525195357fedf3d1f12d2c1ca659bbd1a6d1fa28b6bfb648deec17f8a894" PSA raw key agreement: FFDH 6144 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"8bc903e9b5b0742e86d657f64082205c1d50268b8d1d9260e5474e8b686e63adfab13484cc24e35b6f43f5e998fcd7d92c4aece9eb30b0f51b7a2200911e6d38b41da23f04e37697b6a7ac053d15676b75538aefb6693be8eda8b7d07b7611fbc9673e98d8580131cd3462d8851ab00f5831497cb89b4fdfd597a4fc84a9fe1a28ca3ceb17b70334af2414fff73584f2a21fda89c10e2b23a4b454ea4cd6d901312e52a557d45b9350dc8e8b08eb31a73095f014efebf1336ea2c4938fd477f90da212c92eeba483d784b377514c3afb7e34f8dbd6d4ca281aa0bb9167d6d96894b225deccfee7453739becb849c1f381720a59836df967d6525876509515014e46b0a8b27afd304b5db238dfdbe14afb8fb1433b05a00654abede04978f84116e4e3e3a6bdc9ef558dbc1a9cc5c5ba1ee4bd8654845f04106d3b1b48b3208d109aa96609cad246e543d94683b8963e13597dc4aec21b0959e7e6d73efc91ff2b9b52f0e9189f0619264b9893f9289dd8e9bd6d3cbccf079ab8fbd525151e704bd517ee8f29505046620048a684883e6fb858ce7b9e72ea35ae4ad7ded04f39e37a3056b6b695ef2032cb5cf99e22ce5500ba0315aff86516c42b1288c94b46dc0548c7ba07c2b2ca8423b9ba4782c1d4626589ae2b325917484f8eda07f2071276d3fb78bb71a5c501396302eacd1b07b28487c580c5ec5be236e1ad4fcc434325b24a2409c236a85f7b9e0e66f6548a1814c519919d8215b0370b9b3256aa10a28a05f0d2265f6fa7842dfbc67c8f32e9fe12d0df647665ba9809349e5ef6911a4755330d004de03e598cbd7e2b80c259d9d66050177df8984263a7c53abb5ea3157945b727fbf1866649260e321a7ad5eaea41639b35ed6e98b74ab679eab93e5873857342fbb55cda604f57222555631741aa97d74b5eff885aa45ce5a25d34841aa0ea4ea317267e86c45f713c81c3de81cd6eb252053544a5dcacd9f7388704bda8acf83276975f03bffd403eaf199a7a1367d2e6b40c7d94e23679b6520eb40b5d61f5f56c6939f21a4f1dc00f13b5cdcaaf827c760a6e4a9c5601961":"b3795eb1aead05ed8b950e0a00fa12ac0ce4679e6f7715ffd8b5df04e5b068c82210482d3a377b224dc7aec1dfb7e4d635b9fbc22a5534b6a4cb50d3c39cd0dd5e0ec45ea69a3296b83ce89b5cc0c5e15e4934212e8c33ed23939912d0cd738eaa949f763450d5a07fb1540207065f1159a55af7f80bc48c49f88164cd4492b0020902c78295dacfe593fedc1914ddefebf45b5eccd6830681a80c853a3f2389798c391aab3baafd578ad0bf0dfe5b63fd05835e215c6850c0f61e48698053fec9281f0a11b45cc4e259b310a9720456c481031e0467401afeade395ab9b664d9fdb42f953aaf9fb6501c2e105868201ef26d58d31d473c676c751bd892a84a59441f92f7b6ba49a7e385b3d13f806e701a7c339d37e5596414631ed95908c7118f45250acb68f6f2d9ea4bfcb85dc75d21a03a5dc2b86d41cc55753a72a185ce94d20cb897f8759b4ba41e56fe9cf6edf7ee733581589b319e85300b7f479b093030e2d345584e2934dafddda62701404b628b2f25a15992b7ded6271fecb37b817316a908ede803285da3b57986196d59b164692384d469c09b4551b37862d588294a022db7deca641ae90f9a96d75612d55b673213419a450f7ccf78a2fdad291f6c905b5e1a0bbe90baec1c2706d7d81ea8f6d68d350004ea00f24009f6121650547e84b3edb66d969af206f5011ededee736eafe4100e4625ced482caf2cdf6b4465927d8fb138bebaeff652d6afa0fbfd03ea03cf70e80bd95ade41443b85bfa1c56f770f123ba3666412cc2c6997de49e90d7d9fa1722894d6c4f7dfa349e9a9c400eb59b4ce4f6a64763359ed1bf2327f552052070bd4bd2fc1a816e8eddf72645e7fb0ef10bf9c5dee2b386ee2258c99f8ec5b91d8e043b9411870c6f02d2df7863359e46e732e3ffc398993a232d812f934737c503f9d3532d4126c72d5dabf8ff9d6da214fb9571ad180935cb6d01ec1404c85346d9ca858adff2a8ae87ae2d9b99c3ea1557a801703bade1d349410304dfaca488cd5b90086dbee91d60c7dba504721fd54b38fa0835cf70b2f48837430476d5fe8349ad1f2f38":"00e17befd66905acec575c87804c61c047abc9a724db6337e34975980eb0395cf4da8c956c823fa23c52b901bb58a9d26eff282dc6a0f588d71a1636bb919ca1d564f400d7a8e909cc9c59cbaf18f09d5a2101a7afd32687657a3cd1b00148cc84411ff3f07609acc8c07eed678162d1d69280f1072674dfc1d6819d45d8710e2be12402b06b846d68f4088895ce64243f24156c1be33031dac21fb60916ebfdc3939a6bcb012c66c7ef748e30f43bcc08e13c5dea85703a4928166501bb1eec25e61ba5c187531bd982fb310e56656cadfe4f7f756c8b71062388d50cbb70a7d07220912891c4c736ef1ec6390d4bc12803f20c8f1ffa7f41996ce3c8ab792753165fc25d2c1b373f5664c38ed688b4d096a34bf2669e8245bb55ad4c0ad51206fd082969bef351c271b103aa1592889536a2b9ed18e02035a457735317bdca6b7f7104af64d30270c732cfff302d7b82c1a602f16194ea62290c1ed35e93911a62743b3d1bee83c01669320408f2219f2d53c926acf014150ab47ddcee73c6159b368ab26f4da25c5440f79fb898473bdc2b7c333cff7cc5f8332b43ba1a49c327bc5b5ad9459afabf5e9c8421cee51ec0a6821e7af83af0ba2857ef2dd1417b250e2e1e14045883a26e3c70404c53998daf94d8452ade76e0e886324cc6301cdd40d04be33c59ba11bb7e5ef62186647d3891b221bd955e109f5b9b3dc625b44cbc3359e8b2dc4b90171d4a0a47537e095e0108827b3228e6ba325e935a2eb2eb82985443c7691ac208d55ca8d7200adef6c9b9e224190f672efbba75554a4c72af539c70d0bb7af67ada46a2c46311a91bd67d7ce724581695f6b4b2c0a58cd23b84873a76556bf573e447fcf583395895600aca30340ba327b44df33b1aa5c51f515c542c37fd9dba35534f94383300c23ceb8426e46ada509e03dd06fc2ea3fc6b973ef02dd6cb6adc36d76158c21dd8975c0eaa3d50082b53d328acd5894a1229c27aabd513ff6d8de6e2e780ef8342182182f85a89e6697452166f4e012a6f3f137c8d2a5e279e1f490995d9618f177acfac9f16f65bb89c2087e7b5" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160 @@ -6856,51 +6856,51 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4417883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992":"" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada":"" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27a":"da" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f":"6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6":"" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73d":"c6" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9":"f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87":"" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de":"87" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01":"ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c":"" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce0":"8c" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"10":"5d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c" PSA generate random: 0 bytes @@ -7061,27 +7061,27 @@ PSA generate key: RSA, e=2 generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: FFDH, 2048 bits, good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 3072 bits, good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 4096 bits, good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 6144 bits, good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 8192 bits, good -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 1024 bits, invalid bits -depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0 PSA import persistent key: raw data, 8 bits From 27602c32a20c31d153b074a5e117c650257a6ad8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 16:38:59 +0200 Subject: [PATCH 159/339] test: accelerate all KEY_PAIR symbols in accel FFDH component Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e3db6fdbd..18633cba9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2351,7 +2351,12 @@ component_test_psa_crypto_config_accel_ffdh () { msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH" # Algorithms and key types to accelerate - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY" + loc_accel_list="ALG_FFDH \ + KEY_TYPE_DH_KEY_PAIR_BASIC \ + KEY_TYPE_DH_KEY_PAIR_IMPORT \ + KEY_TYPE_DH_KEY_PAIR_EXPORT \ + KEY_TYPE_DH_KEY_PAIR_GENERATE \ + KEY_TYPE_DH_PUBLIC_KEY" # Configure # --------- From 4b36c59d42d34584ecd865251cf09bf6e42705d2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 13 Jul 2023 11:31:21 +0200 Subject: [PATCH 160/339] ChangeLog: improving descriptions of KEY_PAIR changes Signed-off-by: Valerio Setti --- .../Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt b/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt index 65afb7f28..95464e4d1 100644 --- a/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt +++ b/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt @@ -2,13 +2,17 @@ New deprecations * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR, where xxx is either ECC or RSA, are now being deprecated in favor of PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and - MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy. Here yyy can be: USE, IMPORT, - EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about the - capabilities of the PSA side for either key. + MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy. Here yyy can be: BASIC, + IMPORT, EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about + the capabilities of the PSA side for either key. Features * New symbols PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy (where xxx is either ECC, RSA or DH) were introduced in order to have finer accuracy in defining the PSA capabilities for each key. These capabilities, named yyy above, can be - any of: USE, IMPORT, EXPORT, GENERATE, DERIVE. + any of: BASIC, IMPORT, EXPORT, GENERATE, DERIVE. + - GENERATE is only available for ECC keys, not for RSA or DH ones. + - implementations are free to enable more than what it was strictly + requested. For example BASIC internally enables IMPORT and EXPORT + (useful for testing purposes), but this might change in the future). From dfed278218cc7441183c6eec693212a7de7f6114 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 10:57:55 +0200 Subject: [PATCH 161/339] changelog: fix errors/typos Signed-off-by: Valerio Setti --- ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt b/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt index 95464e4d1..014eec657 100644 --- a/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt +++ b/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt @@ -12,7 +12,7 @@ Features or DH) were introduced in order to have finer accuracy in defining the PSA capabilities for each key. These capabilities, named yyy above, can be any of: BASIC, IMPORT, EXPORT, GENERATE, DERIVE. - - GENERATE is only available for ECC keys, not for RSA or DH ones. + - DERIVE is only available for ECC keys, not for RSA or DH ones. - implementations are free to enable more than what it was strictly requested. For example BASIC internally enables IMPORT and EXPORT - (useful for testing purposes), but this might change in the future). + (useful for testing purposes), but this might change in the future. From 3a96227706228ea8d603d62ffa08dfe41119a7ed Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 11:01:33 +0200 Subject: [PATCH 162/339] generate_psa_tests: remove checks for DH's LEGACY symbols Signed-off-by: Valerio Setti --- tests/scripts/generate_psa_tests.py | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index cad788461..a3e825d21 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -121,14 +121,7 @@ def tweak_key_pair_dependency(dep: str, usage: str): symbols according to the required usage. """ ret_list = list() - # Note: this LEGACY replacement DH is temporary and it's going - # to be aligned with ECC one in #7773. - if dep.endswith('DH_KEY_PAIR'): - legacy = dep - legacy = re.sub(r'KEY_PAIR\Z', r'KEY_PAIR_LEGACY', legacy) - legacy = re.sub(r'PSA_WANT', r'MBEDTLS_PSA_WANT', legacy) - ret_list.append(legacy) - elif dep.endswith('KEY_PAIR'): + if dep.endswith('KEY_PAIR'): if usage == "BASIC": # BASIC automatically includes IMPORT and EXPORT for test purposes (see # config_psa.h). From 9c5c2a4b718db15bdbfd9508b576179aeb9c22dc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 11:11:19 +0200 Subject: [PATCH 163/339] crypto_legacy: fix initial comment Signed-off-by: Valerio Setti --- include/psa/crypto_legacy.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_legacy.h b/include/psa/crypto_legacy.h index 8494f3685..7a038d945 100644 --- a/include/psa/crypto_legacy.h +++ b/include/psa/crypto_legacy.h @@ -4,8 +4,8 @@ * \brief Add temporary suppport for deprecated symbols before they are * removed from the library. * - * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_LEGACY and - * MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_LEGACY symbols are deprecated. + * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR + * symbols are deprecated. * New symols add a suffix to that base name in order to clearly state what is * the expected use for the key (use, import, export, generate, derive). * Here we define some backward compatibility support for uses stil using From 430a4f39683d25e4291afa61e367b081240cfe23 Mon Sep 17 00:00:00 2001 From: Sarvesh Bodakhe Date: Thu, 27 Jul 2023 14:51:25 +0530 Subject: [PATCH 164/339] rsa_signature: Use heap memory to allocate DER encoded RSA private key 'mbedtls_pk_psa_rsa_sign_ext' function allocates a buffer of maximum size 5679 bytes (MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES) on the stack to store DER encoded private key. This increased stack usage significantly for RSA signature operations when MBEDTLS_PSA_CRYPTO_C is defined. This issue was discovered when adding support for EAP-TLS 1.3 (rfc9190). Signed-off-by: Sarvesh Bodakhe --- ChangeLog.d/use_heap_rsa_signature.txt | 4 ++++ library/pk_wrap.c | 13 ++++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/use_heap_rsa_signature.txt diff --git a/ChangeLog.d/use_heap_rsa_signature.txt b/ChangeLog.d/use_heap_rsa_signature.txt new file mode 100644 index 000000000..e6d7b1255 --- /dev/null +++ b/ChangeLog.d/use_heap_rsa_signature.txt @@ -0,0 +1,4 @@ +Changes + * Use heap memory to allocate DER encoded RSA private key. + This reduces stack usage significantly for RSA signature + operations when MBEDTLS_PSA_CRYPTO_C is defined. diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 4781151a1..a92c754b4 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -302,11 +302,16 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, psa_status_t status; mbedtls_pk_context key; int key_len; - unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; + unsigned char *buf = NULL; + buf = mbedtls_calloc(1, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES); + if (buf == NULL) { + return MBEDTLS_ERR_PK_ALLOC_FAILED; + } mbedtls_pk_info_t pk_info = mbedtls_rsa_info; *sig_len = mbedtls_rsa_get_len(rsa_ctx); if (sig_size < *sig_len) { + mbedtls_free(buf); return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; } @@ -314,8 +319,9 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, * re-construct one to make it happy */ key.pk_info = &pk_info; key.pk_ctx = rsa_ctx; - key_len = mbedtls_pk_write_key_der(&key, buf, sizeof(buf)); + key_len = mbedtls_pk_write_key_der(&key, buf, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES); if (key_len <= 0) { + mbedtls_free(buf); return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); @@ -323,7 +329,7 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); status = psa_import_key(&attributes, - buf + sizeof(buf) - key_len, key_len, + buf + MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES - key_len, key_len, &key_id); if (status != PSA_SUCCESS) { ret = PSA_PK_TO_MBEDTLS_ERR(status); @@ -339,6 +345,7 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, ret = 0; cleanup: + mbedtls_free(buf); status = psa_destroy_key(key_id); if (ret == 0 && status != PSA_SUCCESS) { ret = PSA_PK_TO_MBEDTLS_ERR(status); From 0fda0d2e5cd85dae63e364e7a05b754b0507be7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Jul 2023 12:22:52 +0200 Subject: [PATCH 165/339] Fix overly specific description in public doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index f717618d2..a5a294d2a 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -464,8 +464,8 @@ const int *mbedtls_md_list(void); const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); /** - * \brief This function extracts the message-digest name from the - * message-digest information structure. + * \brief This function returns the name of the message digest for + * the message-digest information structure given. * * \param md_info The information structure of the message-digest algorithm * to use. From 76336c3e4d0396508f6f5e23f54bc13d854fd863 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 30 Jun 2023 16:48:19 +0100 Subject: [PATCH 166/339] Enforce minimum key size when generating RSA key size Add configuration to enforce minimum size when generating a RSA key, it's default value is 1024 bits since this the minimum secure value currently but it can be any value greater than or equal 128 bits. Tests were modifed to accommodate for this change. Signed-off-by: Waleed Elmelegy --- include/mbedtls/mbedtls_config.h | 9 +++++++++ library/rsa.c | 5 +++++ tests/suites/test_suite_pk.data | 6 +++--- tests/suites/test_suite_pk.function | 8 ++++---- tests/suites/test_suite_psa_crypto.data | 24 ++++++++++++------------ tests/suites/test_suite_rsa.data | 7 +++++++ 6 files changed, 40 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 30e4d13ec..dcd28e9c4 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1335,6 +1335,15 @@ */ //#define MBEDTLS_RSA_NO_CRT +/** + * \def MBEDTLS_RSA_MIN_KEY_SIZE + * + * Minimum RSA key size allowed in bits. + * + * Minimum possible value is 128 bits. + */ +#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 + /** * \def MBEDTLS_SELF_TEST * diff --git a/library/rsa.c b/library/rsa.c index 6a74befe9..9fd14dbe4 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -550,6 +550,11 @@ int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx, goto cleanup; } + if (nbits < MBEDTLS_RSA_MIN_KEY_SIZE) { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + /* * find primes P and Q with Q < P so that: * 1. |P-Q| > 2^( nbits / 2 - 100 ) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index e84c28851..f1cf5e941 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -8,9 +8,9 @@ PK write valid parameters depends_on:MBEDTLS_RSA_C valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12" -PK utils: RSA 512-bit +PK utils: RSA 1024-bit depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA" +pk_utils:MBEDTLS_PK_RSA:1024:1024:128:"RSA" PK utils: ECKEY SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED @@ -402,7 +402,7 @@ pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_ RSA sign-verify depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME -pk_sign_verify:MBEDTLS_PK_RSA:512:0:0 +pk_sign_verify:MBEDTLS_PK_RSA:1024:0:0 RSA encrypt-decrypt test depends_on:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 1519cf598..bbcad9330 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -21,8 +21,8 @@ /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "psa_util_internal.h" -#define RSA_KEY_SIZE 512 -#define RSA_KEY_LEN 64 +#define RSA_KEY_SIZE 1024 +#define RSA_KEY_LEN 128 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) @@ -1198,8 +1198,8 @@ void pk_rsa_alt() mbedtls_rsa_context raw; mbedtls_pk_context rsa, alt; mbedtls_pk_debug_item dbg_items[10]; - unsigned char hash[50], sig[64]; - unsigned char msg[50], ciph[64], test[50]; + unsigned char hash[50], sig[RSA_KEY_LEN]; + unsigned char msg[50], ciph[RSA_KEY_LEN], test[50]; size_t sig_len, ciph_len, test_len; int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f42f073ed..51e95ec31 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6984,27 +6984,27 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1016 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 0 bits: invalid @@ -7043,22 +7043,22 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_EC generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0 PSA generate key: RSA, default e -generate_key_rsa:512:"":PSA_SUCCESS +generate_key_rsa:1024:"":PSA_SUCCESS PSA generate key: RSA, e=3 -generate_key_rsa:512:"03":PSA_SUCCESS +generate_key_rsa:1024:"03":PSA_SUCCESS PSA generate key: RSA, e=65537 -generate_key_rsa:512:"010001":PSA_SUCCESS +generate_key_rsa:1024:"010001":PSA_SUCCESS PSA generate key: RSA, e=513 -generate_key_rsa:512:"0201":PSA_SUCCESS +generate_key_rsa:1024:"0201":PSA_SUCCESS PSA generate key: RSA, e=1 -generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:1024:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: RSA, e=2 -generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:1024:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: FFDH, 2048 bits, good depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 9b83a220f..3df82f5df 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -386,8 +386,13 @@ RSA Public (Data = 0) mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0 RSA Generate Key - 128bit key +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE == 128 mbedtls_rsa_gen_key:128:3:0 +RSA Generate Key - 128bit key (Less than minimum size) +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE > 128 +mbedtls_rsa_gen_key:128:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + RSA Generate Key (Number of bits too small) mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA @@ -395,9 +400,11 @@ RSA Generate Key (Exponent too small) mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key - 1024 bit key +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 mbedtls_rsa_gen_key:1024:3:0 RSA Generate Key - 2048 bit key +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key From ab5707185a9ef33c5a6126ab8281046b5b81b034 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 5 Jul 2023 16:40:58 +0000 Subject: [PATCH 167/339] Add a minimum rsa key size config to psa config Signed-off-by: Waleed Elmelegy --- include/mbedtls/mbedtls_config.h | 12 +++--------- include/mbedtls/rsa.h | 4 ++++ include/psa/crypto_sizes.h | 12 ++++++++++++ library/psa_crypto.c | 3 +++ tests/suites/test_suite_rsa.data | 15 +++++++-------- 5 files changed, 29 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index dcd28e9c4..49e218c7b 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1335,15 +1335,6 @@ */ //#define MBEDTLS_RSA_NO_CRT -/** - * \def MBEDTLS_RSA_MIN_KEY_SIZE - * - * Minimum RSA key size allowed in bits. - * - * Minimum possible value is 128 bits. - */ -#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 - /** * \def MBEDTLS_SELF_TEST * @@ -3700,6 +3691,9 @@ //#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */ //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ +/* RSA OPTIONS */ +//#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 /**< Minimum RSA key size allowed in bits (Minimum possible value is 128 bits)*/ + /* Entropy options */ //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 3d57aa21b..8045e6b71 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -85,6 +85,10 @@ extern "C" { // Regular implementation // +#if !defined(MBEDTLS_RSA_MIN_KEY_SIZE) +#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 +#endif + /** * \brief The RSA context structure. */ diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 8cc965b09..fd0eeb944 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -208,6 +208,18 @@ * operations, and does not need to accept all key sizes up to the limit. */ #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096 +/* The minimum size of an RSA key on this implementation, in bits. + * This is a vendor-specific macro. + * + * Limits RSA key generation to a minimum due to security reasons. + * This value cannot be less than 128 bits. + */ +#if defined(MBEDTLS_RSA_MIN_KEY_SIZE) +#define PSA_VENDOR_RSA_MIN_KEY_BITS MBEDTLS_RSA_MIN_KEY_SIZE +#else +#define PSA_VENDOR_RSA_MIN_KEY_BITS 1024 +#endif + /* The maximum size of an DH key on this implementation, in bits. * * Note that an implementation may set different size limits for different diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c890e12b7..4e1f41b04 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7374,6 +7374,9 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) { return PSA_ERROR_NOT_SUPPORTED; } + if (bits < PSA_VENDOR_RSA_MIN_KEY_BITS) { + return PSA_ERROR_NOT_SUPPORTED; + } /* Accept only byte-aligned keys, for the same reasons as * in psa_import_rsa_key(). */ diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 3df82f5df..f9b668587 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -385,13 +385,12 @@ mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b RSA Public (Data = 0) mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0 -RSA Generate Key - 128bit key -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE == 128 -mbedtls_rsa_gen_key:128:3:0 +RSA Generate Key (Minimum size key) +mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE:3:0 -RSA Generate Key - 128bit key (Less than minimum size) -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE > 128 -mbedtls_rsa_gen_key:128:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +RSA Generate Key (Key less than minimum size) +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE > 130 +mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key (Number of bits too small) mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA @@ -407,9 +406,9 @@ RSA Generate Key - 2048 bit key depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 mbedtls_rsa_gen_key:2048:3:0 -RSA Generate Key - 1025 bit key +RSA Generate Key (Odd sized key) # mbedtls_rsa_gen_key only supports even-sized keys -mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Validate Params, toy example mbedtls_rsa_validate_params:"f":"3":"5":"3":"3":0:0 From 3d158f0c2810d8abba6e89f4710a69ce99719464 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 7 Jul 2023 11:48:03 +0000 Subject: [PATCH 168/339] Adapt tests to work on all possible minimum RSA key sizes Signed-off-by: Waleed Elmelegy --- include/mbedtls/mbedtls_config.h | 2 +- tests/scripts/generate_psa_tests.py | 7 ++++++- tests/suites/test_suite_pk.data | 22 +++++++++++----------- tests/suites/test_suite_pk.function | 4 ++-- tests/suites/test_suite_psa_crypto.data | 18 +++++++++--------- tests/suites/test_suite_rsa.data | 2 +- 6 files changed, 30 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 49e218c7b..ab3837e31 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3692,7 +3692,7 @@ //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ /* RSA OPTIONS */ -//#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 /**< Minimum RSA key size allowed in bits (Minimum possible value is 128 bits)*/ +//#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 /**< Minimum RSA key size allowed in bits (Minimum possible value is 128 bits) */ /* Entropy options */ //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index cad788461..edaec92b3 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -347,9 +347,14 @@ class KeyGenerate: else: generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE') for bits in kt.sizes_to_test(): + if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR': + size_dependency = "PSA_VENDOR_RSA_MIN_KEY_BITS <= " + str(bits) + test_dependencies = generate_dependencies + [size_dependency] + else: + test_dependencies = generate_dependencies yield test_case_for_key_generation( kt.expression, bits, - finish_family_dependencies(generate_dependencies, bits), + finish_family_dependencies(test_dependencies, bits), str(bits), result ) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index f1cf5e941..258423af4 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -8,9 +8,9 @@ PK write valid parameters depends_on:MBEDTLS_RSA_C valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12" -PK utils: RSA 1024-bit +PK utils: RSA Minimum key depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_utils:MBEDTLS_PK_RSA:1024:1024:128:"RSA" +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:MBEDTLS_RSA_MIN_KEY_SIZE:(MBEDTLS_RSA_MIN_KEY_SIZE/8):"RSA" PK utils: ECKEY SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED @@ -401,8 +401,8 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH RSA sign-verify -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME -pk_sign_verify:MBEDTLS_PK_RSA:1024:0:0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:0:0 RSA encrypt-decrypt test depends_on:MBEDTLS_PKCS1_V15 @@ -437,7 +437,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN pk_ec_nocrypt:MBEDTLS_PK_ECDSA RSA_ALT consistency -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512 pk_rsa_alt: Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK) @@ -622,27 +622,27 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024 PK Sign ext:RSA2048,PK_RSA,MD_SHA256 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 PK Sign ext:RSA2048,PK_RSA,MD_SHA384 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 PK Sign ext:RSA2048,PK_RSA,MD_SHA512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index bbcad9330..3ea9e3d66 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -21,8 +21,8 @@ /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "psa_util_internal.h" -#define RSA_KEY_SIZE 1024 -#define RSA_KEY_LEN 128 +#define RSA_KEY_SIZE MBEDTLS_RSA_MIN_KEY_SIZE +#define RSA_KEY_LEN (MBEDTLS_RSA_MIN_KEY_SIZE/8) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 51e95ec31..0b872fcd0 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7043,22 +7043,22 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_EC generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0 PSA generate key: RSA, default e -generate_key_rsa:1024:"":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"":PSA_SUCCESS PSA generate key: RSA, e=3 -generate_key_rsa:1024:"03":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"03":PSA_SUCCESS PSA generate key: RSA, e=65537 -generate_key_rsa:1024:"010001":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"010001":PSA_SUCCESS PSA generate key: RSA, e=513 -generate_key_rsa:1024:"0201":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"0201":PSA_SUCCESS PSA generate key: RSA, e=1 -generate_key_rsa:1024:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: RSA, e=2 -generate_key_rsa:1024:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: FFDH, 2048 bits, good depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY @@ -7112,9 +7112,9 @@ PSA generate persistent key: DES, 64 bits, exportable depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY -PSA generate persistent key: RSA, 1024 bits, exportable -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY +PSA generate persistent key: RSA, minimum size key, exportable +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_MIN_KEY_BITS >= 512 +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY PSA generate persistent key: ECC, SECP256R1, exportable depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index f9b668587..7014399ba 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -389,7 +389,7 @@ RSA Generate Key (Minimum size key) mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE:3:0 RSA Generate Key (Key less than minimum size) -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE > 130 +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE >= 130 mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key (Number of bits too small) From 763b353f2f29f302d1c9f073f150a5189b016c8d Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 27 Jul 2023 13:52:31 +0100 Subject: [PATCH 169/339] Replace TEST_ASSERT("message" == 0) with TEST_FAIL Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_bignum.function | 2 +- tests/suites/test_suite_x509parse.function | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function index 7f858e554..7ccc48198 100644 --- a/tests/suites/test_suite_bignum.function +++ b/tests/suites/test_suite_bignum.function @@ -834,7 +834,7 @@ void mpi_mul_int(char *input_X, int input_Y, } else if (strcmp(result_comparison, "!=") == 0) { TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) != 0); } else { - TEST_ASSERT("unknown operator" == 0); + TEST_FAIL("unknown operator"); } exit: diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index c142d42cb..a94594f8c 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -702,7 +702,7 @@ void x509_verify(char *crt_file, char *ca_file, char *crl_file, } else if (strcmp(profile_str, "all") == 0) { profile = &profile_all; } else { - TEST_ASSERT("Unknown algorithm profile" == 0); + TEST_FAIL("Unknown algorithm profile"); } if (strcmp(verify_callback, "NULL") == 0) { @@ -712,7 +712,7 @@ void x509_verify(char *crt_file, char *ca_file, char *crl_file, } else if (strcmp(verify_callback, "verify_all") == 0) { f_vrfy = verify_all; } else { - TEST_ASSERT("No known verify callback selected" == 0); + TEST_FAIL("No known verify callback selected"); } TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); @@ -881,7 +881,7 @@ void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str) } else if (strcmp(entity, "issuer") == 0) { res = mbedtls_x509_dn_gets(buf, 2000, &crt.issuer); } else { - TEST_ASSERT("Unknown entity" == 0); + TEST_FAIL("Unknown entity"); } TEST_ASSERT(res != -1); @@ -1006,7 +1006,7 @@ void mbedtls_x509_time_is_past(char *crt_file, char *entity, int result) } else if (strcmp(entity, "valid_to") == 0) { TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result); } else { - TEST_ASSERT("Unknown entity" == 0); + TEST_FAIL("Unknown entity"); } exit: @@ -1030,7 +1030,7 @@ void mbedtls_x509_time_is_future(char *crt_file, char *entity, int result) } else if (strcmp(entity, "valid_to") == 0) { TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result); } else { - TEST_ASSERT("Unknown entity" == 0); + TEST_FAIL("Unknown entity"); } exit: From 25b4e72d6ee7f148bc3d679964b6f28d2b980df1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Jul 2023 15:05:12 +0200 Subject: [PATCH 170/339] MBEDTLS_PSA_CRYPTO_CONFIG is ready for production It's ok if people use MBEDTLS_PSA_CRYPTO_CONFIG: it's not unstable or unpredictable. But we still reserve the right to make minor changes (e.g. https://github.com/Mbed-TLS/mbedtls/issues/7439). Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 30e4d13ec..a85ba94e7 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1998,8 +1998,15 @@ * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies * an alternative header to include instead of include/psa/crypto_config.h. * - * This feature is still experimental and is not ready for production since - * it is not completed. + * \warning This option is experimental, in that the set of `PSA_WANT_XXX` + * symbols is not completely finalized yet, and the configuration + * tooling is not ideally adapted to having two separate configuration + * files. + * Future minor releases of Mbed TLS may make minor changes to those + * symbols, but we will endeavor to provide a transition path. + * Nonetheless, this option is considered mature enough to use in + * production, as long as you accept that you may need to make + * minor changes to psa/crypto_config.h when upgrading Mbed TLS. */ //#define MBEDTLS_PSA_CRYPTO_CONFIG From 0540fe74e3ac2ed08fd628e7a79ebbab547065c3 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 27 Jul 2023 14:17:27 +0100 Subject: [PATCH 171/339] Fix code style Signed-off-by: Tom Cosgrove --- tests/suites/test_suite_aria.function | 16 ++-- tests/suites/test_suite_asn1write.function | 8 +- tests/suites/test_suite_bignum_core.function | 5 +- tests/suites/test_suite_bignum_mod.function | 2 +- .../suites/test_suite_bignum_mod_raw.function | 4 +- .../suites/test_suite_bignum_random.function | 12 +-- tests/suites/test_suite_chacha20.function | 6 +- tests/suites/test_suite_ecp.function | 8 +- tests/suites/test_suite_hkdf.function | 2 +- tests/suites/test_suite_lmots.function | 4 +- tests/suites/test_suite_lms.function | 4 +- tests/suites/test_suite_mps.function | 4 +- tests/suites/test_suite_pkcs12.function | 2 +- tests/suites/test_suite_pkwrite.function | 4 +- tests/suites/test_suite_poly1305.function | 8 +- tests/suites/test_suite_psa_crypto.function | 78 +++++++++---------- ..._suite_psa_crypto_driver_wrappers.function | 54 ++++++------- .../test_suite_psa_crypto_hash.function | 6 +- .../test_suite_psa_crypto_pake.function | 2 +- ...t_suite_psa_crypto_persistent_key.function | 4 +- ...st_suite_psa_crypto_se_driver_hal.function | 2 +- ..._suite_psa_crypto_slot_management.function | 16 ++-- ...t_suite_psa_crypto_storage_format.function | 4 +- tests/suites/test_suite_psa_its.function | 4 +- tests/suites/test_suite_ssl.function | 52 ++++++------- 25 files changed, 156 insertions(+), 155 deletions(-) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index daac98318..579dddf3b 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -78,7 +78,7 @@ void aria_encrypt_ecb(data_t *key_str, data_t *src_str, } TEST_MEMORY_COMPARE(output, expected_output->len, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); } exit: @@ -106,7 +106,7 @@ void aria_decrypt_ecb(data_t *key_str, data_t *src_str, } TEST_MEMORY_COMPARE(output, expected_output->len, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); } exit: @@ -131,7 +131,7 @@ void aria_encrypt_cbc(data_t *key_str, data_t *iv_str, output) == cbc_result); if (cbc_result == 0) { TEST_MEMORY_COMPARE(output, expected_output->len, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); } exit: @@ -156,7 +156,7 @@ void aria_decrypt_cbc(data_t *key_str, data_t *iv_str, output) == cbc_result); if (cbc_result == 0) { TEST_MEMORY_COMPARE(output, expected_output->len, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); } exit: @@ -183,7 +183,7 @@ void aria_encrypt_cfb128(data_t *key_str, data_t *iv_str, == result); TEST_MEMORY_COMPARE(output, expected_output->len, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); exit: mbedtls_aria_free(&ctx); @@ -209,7 +209,7 @@ void aria_decrypt_cfb128(data_t *key_str, data_t *iv_str, == result); TEST_MEMORY_COMPARE(output, expected_output->len, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); exit: mbedtls_aria_free(&ctx); @@ -235,7 +235,7 @@ void aria_encrypt_ctr(data_t *key_str, data_t *iv_str, == result); TEST_MEMORY_COMPARE(output, expected_output->len, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); exit: mbedtls_aria_free(&ctx); @@ -261,7 +261,7 @@ void aria_decrypt_ctr(data_t *key_str, data_t *iv_str, == result); TEST_MEMORY_COMPARE(output, expected_output->len, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); exit: mbedtls_aria_free(&ctx); diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index f92c751eb..a7330d089 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -38,7 +38,7 @@ int generic_write_finish_step(generic_write_data_t *data, TEST_ASSERT(data->p >= data->start); TEST_ASSERT(data->p <= data->end); TEST_MEMORY_COMPARE(data->p, (size_t) (data->end - data->p), - expected->x, expected->len); + expected->x, expected->len); } ok = 1; @@ -441,7 +441,7 @@ void test_asn1_write_bitstrings(data_t *bitstring, int bits, TEST_EQUAL(mbedtls_asn1_get_bitstring(&data.p, data.end, &read), 0); TEST_MEMORY_COMPARE(read.p, read.len, - masked_bitstring, byte_length); + masked_bitstring, byte_length); TEST_EQUAL(read.unused_bits, 8 * byte_length - value_bits); } #endif /* MBEDTLS_ASN1_PARSE_C */ @@ -546,7 +546,7 @@ void store_named_data_val_found(int old_len, int new_len) if (new_val != NULL) { TEST_MEMORY_COMPARE(found->val.p, found->val.len, - new_val, (size_t) new_len); + new_val, (size_t) new_len); } if (new_len == 0) { TEST_ASSERT(found->val.p == NULL); @@ -588,7 +588,7 @@ void store_named_data_val_new(int new_len, int set_new_val) } else { TEST_ASSERT(found->val.p != new_val); TEST_MEMORY_COMPARE(found->val.p, found->val.len, - new_val, (size_t) new_len); + new_val, (size_t) new_len); } exit: diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index 79f540bcb..3ede6b208 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -1047,7 +1047,7 @@ void mpi_core_ct_uint_table_lookup(int bitlen, int window_size) TEST_CF_PUBLIC(dest, limbs * sizeof(*dest)); TEST_CF_PUBLIC(table, count * limbs * sizeof(*table)); TEST_MEMORY_COMPARE(dest, limbs * sizeof(*dest), - current, limbs * sizeof(*current)); + current, limbs * sizeof(*current)); TEST_CF_PUBLIC(&i, sizeof(i)); } @@ -1280,7 +1280,8 @@ void mpi_core_sub_int(char *input_A, char *input_B, TEST_CALLOC(R, limbs); #define TEST_COMPARE_CORE_MPIS(A, B, limbs) \ - TEST_MEMORY_COMPARE(A, (limbs) * sizeof(mbedtls_mpi_uint), B, (limbs) * sizeof(mbedtls_mpi_uint)) + TEST_MEMORY_COMPARE(A, (limbs) * sizeof(mbedtls_mpi_uint), \ + B, (limbs) * sizeof(mbedtls_mpi_uint)) /* 1. R = A - b. Result and borrow should be correct */ TEST_EQUAL(mbedtls_mpi_core_sub_int(R, A, B[0], limbs), borrow); diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 10deffa97..70152845b 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -8,7 +8,7 @@ #define TEST_COMPARE_MPI_RESIDUES(a, b) \ TEST_MEMORY_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \ - (b).p, (b).limbs * sizeof(mbedtls_mpi_uint)) + (b).p, (b).limbs * sizeof(mbedtls_mpi_uint)) static int test_read_residue(mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index 3a4d4416d..6b953f571 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -648,7 +648,7 @@ void mpi_mod_raw_canonical_to_modulus_rep(const char *input_N, int rep, TEST_EQUAL(0, mbedtls_mpi_mod_raw_canonical_to_modulus_rep(A, &N)); TEST_MEMORY_COMPARE(A, A_limbs * sizeof(mbedtls_mpi_uint), - X, X_limbs * sizeof(mbedtls_mpi_uint)); + X, X_limbs * sizeof(mbedtls_mpi_uint)); exit: mbedtls_test_mpi_mod_modulus_free_with_limbs(&N); @@ -675,7 +675,7 @@ void mpi_mod_raw_modulus_to_canonical_rep(const char *input_N, int rep, TEST_EQUAL(0, mbedtls_mpi_mod_raw_modulus_to_canonical_rep(A, &N)); TEST_MEMORY_COMPARE(A, A_limbs * sizeof(mbedtls_mpi_uint), - X, X_limbs * sizeof(mbedtls_mpi_uint)); + X, X_limbs * sizeof(mbedtls_mpi_uint)); exit: mbedtls_test_mpi_mod_modulus_free_with_limbs(&N); diff --git a/tests/suites/test_suite_bignum_random.function b/tests/suites/test_suite_bignum_random.function index f7025d4d5..9ea773c4e 100644 --- a/tests/suites/test_suite_bignum_random.function +++ b/tests/suites/test_suite_bignum_random.function @@ -175,7 +175,7 @@ void mpi_legacy_random_values(int min, char *max_hex) TEST_EQUAL(core_ret, legacy_ret); if (core_ret == 0) { TEST_MEMORY_COMPARE(R_core, limbs * ciL, - R_legacy.p, R_legacy.n * ciL); + R_legacy.p, R_legacy.n * ciL); } /* Also check that they have consumed the RNG in the same way. */ @@ -183,7 +183,7 @@ void mpi_legacy_random_values(int min, char *max_hex) * the structure! If this is a problem in practice, change to a * field-by-field comparison. */ TEST_MEMORY_COMPARE(&rnd_core, sizeof(rnd_core), - &rnd_legacy, sizeof(rnd_legacy)); + &rnd_legacy, sizeof(rnd_legacy)); exit: mbedtls_mpi_free(&max_legacy); @@ -238,11 +238,11 @@ void mpi_mod_random_values(int min, char *max_hex, int rep) TEST_EQUAL(mbedtls_mpi_mod_raw_modulus_to_canonical_rep(R_mod_raw, &N), 0); TEST_MEMORY_COMPARE(R_core, N.limbs * ciL, - R_mod_raw, N.limbs * ciL); + R_mod_raw, N.limbs * ciL); TEST_EQUAL(mbedtls_mpi_mod_raw_modulus_to_canonical_rep(R_mod_digits, &N), 0); TEST_MEMORY_COMPARE(R_core, N.limbs * ciL, - R_mod_digits, N.limbs * ciL); + R_mod_digits, N.limbs * ciL); } /* Also check that they have consumed the RNG in the same way. */ @@ -250,9 +250,9 @@ void mpi_mod_random_values(int min, char *max_hex, int rep) * the structure! If this is a problem in practice, change to a * field-by-field comparison. */ TEST_MEMORY_COMPARE(&rnd_core, sizeof(rnd_core), - &rnd_mod_raw, sizeof(rnd_mod_raw)); + &rnd_mod_raw, sizeof(rnd_mod_raw)); TEST_MEMORY_COMPARE(&rnd_core, sizeof(rnd_core), - &rnd_mod, sizeof(rnd_mod)); + &rnd_mod, sizeof(rnd_mod)); exit: mbedtls_test_mpi_mod_modulus_free_with_limbs(&N); diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index a638213ff..d6b67e12f 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -30,7 +30,7 @@ void chacha20_crypt(data_t *key_str, output) == 0); TEST_MEMORY_COMPARE(output, expected_output_str->len, - expected_output_str->x, expected_output_str->len); + expected_output_str->x, expected_output_str->len); /* * Test the streaming API @@ -45,7 +45,7 @@ void chacha20_crypt(data_t *key_str, TEST_ASSERT(mbedtls_chacha20_update(&ctx, src_str->len, src_str->x, output) == 0); TEST_MEMORY_COMPARE(output, expected_output_str->len, - expected_output_str->x, expected_output_str->len); + expected_output_str->x, expected_output_str->len); /* * Test the streaming API again, piecewise @@ -61,7 +61,7 @@ void chacha20_crypt(data_t *key_str, src_str->x + 1, output + 1) == 0); TEST_MEMORY_COMPARE(output, expected_output_str->len, - expected_output_str->x, expected_output_str->len); + expected_output_str->x, expected_output_str->len); mbedtls_chacha20_free(&ctx); } diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 93138bdc6..8a1a23343 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -539,7 +539,7 @@ void ecp_muladd(int id, TEST_ASSERT(len <= MBEDTLS_ECP_MAX_PT_LEN); TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, - actual_result, len); + actual_result, len); exit: mbedtls_ecp_group_free(&grp); @@ -1062,7 +1062,7 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica TEST_ASSERT(ret == 0); TEST_MEMORY_COMPARE(in_key->x, in_key->len, - buf, in_key->len); + buf, in_key->len); } else { unsigned char export1[MBEDTLS_ECP_MAX_BYTES]; unsigned char export2[MBEDTLS_ECP_MAX_BYTES]; @@ -1077,7 +1077,7 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica TEST_ASSERT(ret == 0); TEST_MEMORY_COMPARE(export1, in_key->len, - export2, in_key->len); + export2, in_key->len); } } @@ -1124,7 +1124,7 @@ void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected) * - Other bits must be random (by testing with different RNG outputs, * we validate that those bits are indeed influenced by the RNG). */ TEST_MEMORY_COMPARE(expected->x, expected->len, - actual, expected->len); + actual, expected->len); } exit: diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index b3ccfb030..becf67277 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -27,7 +27,7 @@ void test_hkdf(int md_alg, data_t *ikm, data_t *salt, data_t *info, TEST_ASSERT(ret == 0); TEST_MEMORY_COMPARE(okm, expected_okm->len, - expected_okm->x, expected_okm->len); + expected_okm->x, expected_okm->len); exit: MD_PSA_DONE(); diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function index e991672a7..293287aab 100644 --- a/tests/suites/test_suite_lmots.function +++ b/tests/suites/test_suite_lmots.function @@ -163,7 +163,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) TEST_EQUAL(exported_pub_key_size, MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)); TEST_MEMORY_COMPARE(pub_key->x, pub_key->len, - exported_pub_key, exported_pub_key_size); + exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; @@ -184,7 +184,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) &exported_pub_key_size), 0); TEST_MEMORY_COMPARE(pub_key->x, pub_key->len, - exported_pub_key, exported_pub_key_size); + exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; } diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function index f6f4685c8..7116f6181 100644 --- a/tests/suites/test_suite_lms.function +++ b/tests/suites/test_suite_lms.function @@ -165,7 +165,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) TEST_EQUAL(exported_pub_key_size, MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10)); TEST_MEMORY_COMPARE(pub_key->x, pub_key->len, - exported_pub_key, exported_pub_key_size); + exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; @@ -186,7 +186,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) &exported_pub_key_size), 0); TEST_MEMORY_COMPARE(pub_key->x, pub_key->len, - exported_pub_key, exported_pub_key_size); + exported_pub_key, exported_pub_key_size); mbedtls_free(exported_pub_key); exported_pub_key = NULL; } diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function index 7d4845225..0b8434b7c 100644 --- a/tests/suites/test_suite_mps.function +++ b/tests/suites/test_suite_mps.function @@ -611,8 +611,8 @@ void mbedtls_mps_reader_reclaim_data_left(int option) TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, &tmp, NULL) == 0); TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, - buf + sizeof(buf) / 2, - sizeof(buf) / 2); + buf + sizeof(buf) / 2, + sizeof(buf) / 2); break; default: diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function index 46d683af2..2c93c1380 100644 --- a/tests/suites/test_suite_pkcs12.function +++ b/tests/suites/test_suite_pkcs12.function @@ -60,7 +60,7 @@ void pkcs12_derive_key(int md_type, int key_size_arg, if (expected_status == 0) { TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, - output_data, key_size); + output_data, key_size); } exit: diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 8176b6dfe..e1be52ef4 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -191,7 +191,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) derived_key_len), pub_key_len); TEST_MEMORY_COMPARE(derived_key_raw, derived_key_len, - pub_key_raw, pub_key_len); + pub_key_raw, pub_key_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_platform_zeroize(derived_key_raw, sizeof(derived_key_raw)); @@ -204,7 +204,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) derived_key_len), pub_key_len); TEST_MEMORY_COMPARE(derived_key_raw, derived_key_len, - pub_key_raw, pub_key_len); + pub_key_raw, pub_key_len); #endif /* MBEDTLS_USE_PSA_CRYPTO */ exit: diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index 07cc93bb7..dbf817e91 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -23,7 +23,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) src_str->len, mac) == 0); TEST_MEMORY_COMPARE(mac, expected_mac->len, - expected_mac->x, expected_mac->len); + expected_mac->x, expected_mac->len); /* * Test the streaming API @@ -37,7 +37,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0); TEST_MEMORY_COMPARE(mac, expected_mac->len, - expected_mac->x, expected_mac->len); + expected_mac->x, expected_mac->len); /* * Test the streaming API again, piecewise @@ -54,7 +54,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0); TEST_MEMORY_COMPARE(mac, expected_mac->len, - expected_mac->x, expected_mac->len); + expected_mac->x, expected_mac->len); } /* @@ -70,7 +70,7 @@ void mbedtls_poly1305(data_t *key, data_t *expected_mac, data_t *src_str) TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0); TEST_MEMORY_COMPARE(mac, expected_mac->len, - expected_mac->x, expected_mac->len); + expected_mac->x, expected_mac->len); } mbedtls_poly1305_free(&ctx); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index a58e48be6..2182ad010 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -584,7 +584,7 @@ static int aead_multipart_internal_func(int key_type_arg, data_t *key_data, TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, - output_data, output_length); + output_data, output_length); test_ok = 1; @@ -693,7 +693,7 @@ static int mac_multipart_internal_func(int key_type_arg, data_t *key_data, PSA_MAC_MAX_SIZE, &mac_len)); TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, - mac, mac_len); + mac, mac_len); } test_ok = 1; @@ -1584,7 +1584,7 @@ void import_export(data_t *data, export_size, &reexported_length)); TEST_MEMORY_COMPARE(exported, exported_length, - reexported, reexported_length); + reexported, reexported_length); PSA_ASSERT(psa_destroy_key(key2)); } TEST_LE_U(exported_length, @@ -1658,7 +1658,7 @@ void import_export_public_key(data_t *data, TEST_LE_U(expected_public_key->len, PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); TEST_MEMORY_COMPARE(expected_public_key->x, expected_public_key->len, - exported, exported_length); + exported, exported_length); } exit: /* @@ -2502,7 +2502,7 @@ void copy_success(int source_usage_arg, PSA_ASSERT(psa_export_key(target_key, export_buffer, material->len, &length)); TEST_MEMORY_COMPARE(material->x, material->len, - export_buffer, length); + export_buffer, length); } if (!psa_key_lifetime_is_external(target_lifetime)) { @@ -2761,7 +2761,7 @@ void hash_compute_compare(int alg_arg, data_t *input, &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); TEST_MEMORY_COMPARE(output, output_length, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); /* Compute with tight buffer, multi-part */ PSA_ASSERT(psa_hash_setup(&operation, alg)); @@ -2771,7 +2771,7 @@ void hash_compute_compare(int alg_arg, data_t *input, &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); TEST_MEMORY_COMPARE(output, output_length, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); /* Compute with larger buffer, one-shot */ PSA_ASSERT(psa_hash_compute(alg, input->x, input->len, @@ -2779,7 +2779,7 @@ void hash_compute_compare(int alg_arg, data_t *input, &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); TEST_MEMORY_COMPARE(output, output_length, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); /* Compute with larger buffer, multi-part */ PSA_ASSERT(psa_hash_setup(&operation, alg)); @@ -2788,7 +2788,7 @@ void hash_compute_compare(int alg_arg, data_t *input, sizeof(output), &output_length)); TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); TEST_MEMORY_COMPARE(output, output_length, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); /* Compare with correct hash, one-shot */ PSA_ASSERT(psa_hash_compare(alg, input->x, input->len, @@ -3393,7 +3393,7 @@ void mac_sign(int key_type_arg, expected_status); if (expected_status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, - actual_mac, mac_length); + actual_mac, mac_length); } if (output_size > 0) { @@ -3412,7 +3412,7 @@ void mac_sign(int key_type_arg, if (expected_status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, - actual_mac, mac_length); + actual_mac, mac_length); } mbedtls_free(actual_mac); actual_mac = NULL; @@ -3963,7 +3963,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, &length)); output_length += length; TEST_MEMORY_COMPARE(ciphertext->x, ciphertext->len, - output, output_length); + output, output_length); /* Multipart encryption */ PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); @@ -3981,7 +3981,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, &length)); output_length += length; TEST_MEMORY_COMPARE(plaintext->x, plaintext->len, - output, output_length); + output, output_length); /* One-shot encryption */ output_length = ~0; @@ -3989,7 +3989,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, output, output_buffer_size, &output_length)); TEST_MEMORY_COMPARE(ciphertext->x, ciphertext->len, - output, output_length); + output, output_length); /* One-shot decryption */ output_length = ~0; @@ -3997,7 +3997,7 @@ void cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, output, output_buffer_size, &output_length)); TEST_MEMORY_COMPARE(plaintext->x, plaintext->len, - output, output_length); + output, output_length); exit: PSA_ASSERT(psa_cipher_abort(&operation)); @@ -4117,7 +4117,7 @@ void cipher_encrypt_validation(int alg_arg, PSA_ASSERT(psa_cipher_abort(&operation)); TEST_MEMORY_COMPARE(output1 + iv_size, output1_length - iv_size, - output2, output2_length); + output2, output2_length); exit: psa_cipher_abort(&operation); @@ -4216,7 +4216,7 @@ void cipher_encrypt_multipart(int alg_arg, int key_type_arg, PSA_ASSERT(psa_cipher_abort(&operation)); TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, - output, total_output_length); + output, total_output_length); } exit: @@ -4316,7 +4316,7 @@ void cipher_decrypt_multipart(int alg_arg, int key_type_arg, PSA_ASSERT(psa_cipher_abort(&operation)); TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, - output, total_output_length); + output, total_output_length); } exit: @@ -4473,7 +4473,7 @@ void cipher_decrypt(int alg_arg, PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_buffer_size)); TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, - output, output_length); + output, output_length); exit: mbedtls_free(input); mbedtls_free(output); @@ -4765,7 +4765,7 @@ void aead_encrypt_decrypt(int key_type_arg, data_t *key_data, expected_result); TEST_MEMORY_COMPARE(input_data->x, input_data->len, - output_data2, output_length2); + output_data2, output_length2); } exit: @@ -4832,7 +4832,7 @@ void aead_encrypt(int key_type_arg, data_t *key_data, PSA_ASSERT(status); TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, - output_data, output_length); + output_data, output_length); exit: psa_destroy_key(key); @@ -4905,7 +4905,7 @@ void aead_decrypt(int key_type_arg, data_t *key_data, if (expected_result == PSA_SUCCESS) { TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, - output_data, output_length); + output_data, output_length); } exit: @@ -6492,7 +6492,7 @@ void sign_hash_deterministic(int key_type_arg, data_t *key_data, &signature_length)); /* Verify that the signature is what is expected. */ TEST_MEMORY_COMPARE(output_data->x, output_data->len, - signature, signature_length); + signature, signature_length); exit: /* @@ -6615,7 +6615,7 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, /* Verify that the signature is what is expected. */ TEST_MEMORY_COMPARE(output_data->x, output_data->len, - signature, signature_length); + signature, signature_length); PSA_ASSERT(psa_sign_hash_abort(&operation)); @@ -7913,7 +7913,7 @@ void sign_message_deterministic(int key_type_arg, &signature_length)); TEST_MEMORY_COMPARE(output_data->x, output_data->len, - signature, signature_length); + signature, signature_length); exit: psa_reset_key_attributes(&attributes); @@ -8251,7 +8251,7 @@ void asymmetric_encrypt_decrypt(int key_type_arg, output2, output2_size, &output2_length)); TEST_MEMORY_COMPARE(input_data->x, input_data->len, - output2, output2_length); + output2, output2_length); exit: /* @@ -8308,7 +8308,7 @@ void asymmetric_decrypt(int key_type_arg, output_size, &output_length)); TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, - output, output_length); + output, output_length); /* If the label is empty, the test framework puts a non-null pointer * in label->x. Test that a null pointer works as well. */ @@ -8324,7 +8324,7 @@ void asymmetric_decrypt(int key_type_arg, output_size, &output_length)); TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, - output, output_length); + output, output_length); } exit: @@ -8893,7 +8893,7 @@ void derive_output(int alg_arg, PSA_ASSERT(status); if (output_sizes[i] != 0) { TEST_MEMORY_COMPARE(output_buffer, output_sizes[i], - expected_outputs[i], output_sizes[i]); + expected_outputs[i], output_sizes[i]); } /* Check the operation status. */ expected_capacity -= output_sizes[i]; @@ -9016,7 +9016,7 @@ void derive_ecjpake_to_pms(data_t *input, int expected_input_status_arg, TEST_EQUAL(status, expected_output_status); if (expected_output->len != 0 && expected_output_status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(output_buffer, expected_output->len, expected_output->x, - expected_output->len); + expected_output->len); } exit: @@ -9168,7 +9168,7 @@ void derive_key_export(int alg_arg, /* Compare the outputs from the two runs. */ TEST_MEMORY_COMPARE(output_buffer, bytes1 + bytes2, - export_buffer, capacity); + export_buffer, capacity); exit: mbedtls_free(output_buffer); @@ -9229,7 +9229,7 @@ void derive_key_type(int alg_arg, export_buffer, export_buffer_size, &export_length)); TEST_MEMORY_COMPARE(export_buffer, export_length, - expected_export->x, expected_export->len); + expected_export->x, expected_export->len); exit: mbedtls_free(export_buffer); @@ -9379,7 +9379,7 @@ void raw_key_agreement(int alg_arg, output, expected_output->len, &output_length)); TEST_MEMORY_COMPARE(output, output_length, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); mbedtls_free(output); output = NULL; output_length = ~0; @@ -9391,7 +9391,7 @@ void raw_key_agreement(int alg_arg, output, expected_output->len + 1, &output_length)); TEST_MEMORY_COMPARE(output, output_length, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); mbedtls_free(output); output = NULL; output_length = ~0; @@ -9487,7 +9487,7 @@ void key_agreement_output(int alg_arg, uint8_t *actual_output = NULL; TEST_CALLOC(actual_output, MAX(expected_output1->len, - expected_output2->len)); + expected_output2->len)); PSA_ASSERT(psa_crypto_init()); @@ -9514,13 +9514,13 @@ void key_agreement_output(int alg_arg, actual_output, expected_output1->len)); TEST_MEMORY_COMPARE(actual_output, expected_output1->len, - expected_output1->x, expected_output1->len); + expected_output1->x, expected_output1->len); if (expected_output2->len != 0) { PSA_ASSERT(psa_key_derivation_output_bytes(&operation, actual_output, expected_output2->len)); TEST_MEMORY_COMPARE(actual_output, expected_output2->len, - expected_output2->x, expected_output2->len); + expected_output2->x, expected_output2->len); } exit: @@ -9834,7 +9834,7 @@ void persistent_key_load_key_from_storage(data_t *data, &first_exported_length)); if (generation_method == IMPORT_KEY) { TEST_MEMORY_COMPARE(data->x, data->len, - first_export, first_exported_length); + first_export, first_exported_length); } } @@ -9861,7 +9861,7 @@ void persistent_key_load_key_from_storage(data_t *data, second_export, export_size, &second_exported_length)); TEST_MEMORY_COMPARE(first_export, first_exported_length, - second_export, second_exported_length); + second_export, second_exported_length); } /* Do something with the key according to its type and permitted usage. */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 8cf076a23..98a766294 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -461,7 +461,7 @@ static int sanity_check_rsa_encryption_result( TEST_EQUAL(buf[1], 0x02); TEST_EQUAL(buf[length - input_data->len - 1], 0x00); TEST_MEMORY_COMPARE(buf + length - input_data->len, input_data->len, - input_data->x, input_data->len); + input_data->x, input_data->len); } else if (PSA_ALG_IS_RSA_OAEP(alg)) { TEST_EQUAL(buf[0], 0x00); /* The rest is too hard to check */ @@ -547,7 +547,7 @@ void sign_hash(int key_type_arg, TEST_EQUAL(actual_status, expected_status); if (expected_status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(signature, signature_length, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); } TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 1); @@ -674,7 +674,7 @@ void sign_message(int key_type_arg, TEST_EQUAL(actual_status, expected_status); if (expected_status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(signature, signature_length, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); } /* In the builtin algorithm the driver is called twice. */ TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, @@ -796,7 +796,7 @@ void generate_ec_key(int force_status_arg, if (fake_output->len > 0) { TEST_MEMORY_COMPARE(actual_output, actual_output_length, - expected_output, expected_output_length); + expected_output, expected_output_length); } else { size_t zeroes = 0; for (size_t i = 0; i < sizeof(actual_output); i++) { @@ -928,7 +928,7 @@ void export_key(int force_status_arg, if (actual_status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(actual_output, actual_output_length, - expected_output_ptr, expected_output_length); + expected_output_ptr, expected_output_length); } exit: psa_reset_key_attributes(&attributes); @@ -1007,7 +1007,7 @@ void key_agreement(int alg_arg, if (actual_status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(actual_output, actual_output_length, - expected_output_ptr, expected_output_length); + expected_output_ptr, expected_output_length); } mbedtls_free(actual_output); actual_output = NULL; @@ -1094,7 +1094,7 @@ void cipher_encrypt_validation(int alg_arg, // driver function should've been called as part of the finish() core routine TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); TEST_MEMORY_COMPARE(output1 + iv_size, output1_length - iv_size, - output2, output2_length); + output2, output2_length); exit: psa_cipher_abort(&operation); @@ -1222,7 +1222,7 @@ void cipher_encrypt_multipart(int alg_arg, TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, - output, total_output_length); + output, total_output_length); } exit: @@ -1351,7 +1351,7 @@ void cipher_decrypt_multipart(int alg_arg, TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, - output, total_output_length); + output, total_output_length); } exit: @@ -1423,7 +1423,7 @@ void cipher_decrypt(int alg_arg, if (expected_status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, - output, output_length); + output, output_length); } exit: @@ -1708,7 +1708,7 @@ void aead_encrypt(int key_type_arg, data_t *key_data, if (status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, - output_data, output_length); + output_data, output_length); } exit: @@ -1771,7 +1771,7 @@ void aead_decrypt(int key_type_arg, data_t *key_data, if (status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, - output_data, output_length); + output_data, output_length); } exit: @@ -1840,7 +1840,7 @@ void mac_sign(int key_type_arg, if (forced_status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, - actual_mac, mac_length); + actual_mac, mac_length); } mbedtls_free(actual_mac); @@ -1958,7 +1958,7 @@ void mac_sign_multipart(int key_type_arg, if (forced_status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, - actual_mac, mac_length); + actual_mac, mac_length); } mbedtls_free(actual_mac); @@ -2160,7 +2160,7 @@ void builtin_key_export(int builtin_key_id_arg, PSA_ASSERT(actual_status); TEST_EQUAL(output_size, expected_output->len); TEST_MEMORY_COMPARE(output_buffer, output_size, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); @@ -2211,7 +2211,7 @@ void builtin_pubkey_export(int builtin_key_id_arg, PSA_ASSERT(actual_status); TEST_EQUAL(output_size, expected_output->len); TEST_MEMORY_COMPARE(output_buffer, output_size, - expected_output->x, expected_output->len); + expected_output->x, expected_output->len); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); @@ -2561,7 +2561,7 @@ void asymmetric_encrypt_decrypt(int alg_arg, if (expected_status_encrypt == PSA_SUCCESS) { if (fake_output_encrypt->len > 0) { TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, - output, output_length); + output, output_length); } else { mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = forced_status_decrypt; @@ -2588,10 +2588,10 @@ void asymmetric_encrypt_decrypt(int alg_arg, if (expected_status_decrypt == PSA_SUCCESS) { if (fake_output_decrypt->len > 0) { TEST_MEMORY_COMPARE(fake_output_decrypt->x, fake_output_decrypt->len, - output2, output2_length); + output2, output2_length); } else { TEST_MEMORY_COMPARE(input_data->x, input_data->len, - output2, output2_length); + output2, output2_length); } } } @@ -2665,7 +2665,7 @@ void asymmetric_decrypt(int alg_arg, if (expected_status_decrypt == PSA_SUCCESS) { TEST_EQUAL(output_length, expected_output_data->len); TEST_MEMORY_COMPARE(expected_output_data->x, expected_output_data->len, - output, output_length); + output, output_length); } exit: /* @@ -2739,7 +2739,7 @@ void asymmetric_encrypt(int alg_arg, if (fake_output_encrypt->len > 0) { TEST_EQUAL(fake_output_encrypt->len, output_length); TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, - output, output_length); + output, output_length); } else { /* Perform sanity checks on the output */ #if PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY @@ -2874,7 +2874,7 @@ void aead_encrypt_setup(int key_type_arg, data_t *key_data, /* Compare output_data and expected_ciphertext */ TEST_MEMORY_COMPARE(expected_ciphertext->x, expected_ciphertext->len, - output_data, output_length + finish_output_length); + output_data, output_length + finish_output_length); /* Compare tag and expected_tag */ TEST_MEMORY_COMPARE(expected_tag->x, expected_tag->len, tag_buffer, tag_length); @@ -2980,7 +2980,7 @@ void aead_decrypt_setup(int key_type_arg, data_t *key_data, forced_status == PSA_SUCCESS ? 1 : 0); TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, - output_data, output_length + verify_output_length); + output_data, output_length + verify_output_length); } exit: @@ -3017,13 +3017,13 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st int in_driver = (forced_status_setup_arg == PSA_SUCCESS); TEST_CALLOC(input_buffer, - PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, - PSA_PAKE_STEP_KEY_SHARE)); + PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, + PSA_PAKE_STEP_KEY_SHARE)); memset(input_buffer, 0xAA, size_key_share); TEST_CALLOC(output_buffer, - PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, - PSA_PAKE_STEP_KEY_SHARE)); + PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, + PSA_PAKE_STEP_KEY_SHARE)); memset(output_buffer, 0x55, output_size); PSA_INIT(); diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index 28b556c4f..0405c1de9 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -26,7 +26,7 @@ void hash_finish(int alg_arg, data_t *input, data_t *expected_hash) actual_hash, sizeof(actual_hash), &actual_hash_length)); TEST_MEMORY_COMPARE(expected_hash->x, expected_hash->len, - actual_hash, actual_hash_length); + actual_hash, actual_hash_length); exit: psa_hash_abort(&operation); @@ -84,13 +84,13 @@ void hash_multi_part(int alg_arg, data_t *input, data_t *expected_hash) actual_hash, sizeof(actual_hash), &actual_hash_length)); TEST_MEMORY_COMPARE(expected_hash->x, expected_hash->len, - actual_hash, actual_hash_length); + actual_hash, actual_hash_length); PSA_ASSERT(psa_hash_finish(&operation2, actual_hash, sizeof(actual_hash), &actual_hash_length)); TEST_MEMORY_COMPARE(expected_hash->x, expected_hash->len, - actual_hash, actual_hash_length); + actual_hash, actual_hash_length); } while (len++ != input->len); exit: diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index e4313ab2f..96c119592 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -1065,7 +1065,7 @@ void pake_input_getters_cipher_suite() PSA_SUCCESS); TEST_MEMORY_COMPARE(&cipher_suite_ret, sizeof(cipher_suite_ret), - &cipher_suite, sizeof(cipher_suite)); + &cipher_suite, sizeof(cipher_suite)); exit: PSA_ASSERT(psa_pake_abort(&operation)); diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 416fed9cc..a48114ff6 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -67,7 +67,7 @@ void format_storage_data_check(data_t *key_data, file_data); TEST_MEMORY_COMPARE(expected_file_data->x, expected_file_data->len, - file_data, file_data_length); + file_data, file_data_length); exit: mbedtls_free(file_data); @@ -112,7 +112,7 @@ void parse_storage_data_check(data_t *file_data, TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), (uint32_t) expected_key_alg2); TEST_MEMORY_COMPARE(expected_key_data->x, expected_key_data->len, - key_data, key_data_length); + key_data, key_data_length); exit: mbedtls_free(key_data); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 68f6ee83d..979db5947 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -966,7 +966,7 @@ void key_creation_import_export(int lifetime_arg, int min_slot, int restart) exported, sizeof(exported), &exported_length)); TEST_MEMORY_COMPARE(key_material, sizeof(key_material), - exported, exported_length); + exported, exported_length); PSA_ASSERT(psa_destroy_key(returned_id)); if (!check_persistent_data(location, diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index e25d1e8cf..a8fe46f5f 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -308,7 +308,7 @@ void persistent_slot_lifecycle(int lifetime_arg, int owner_id_arg, int id_arg, PSA_ASSERT(psa_export_key(id, reexported, key_data->len, &reexported_length)); TEST_MEMORY_COMPARE(key_data->x, key_data->len, - reexported, reexported_length); + reexported, reexported_length); } else { TEST_EQUAL(psa_export_key(id, reexported, key_data->len, &reexported_length), @@ -403,7 +403,7 @@ void create_existent(int lifetime_arg, int owner_id_arg, int id_arg, reexported, sizeof(reexported), &reexported_length)); TEST_MEMORY_COMPARE(material1, sizeof(material1), - reexported, reexported_length); + reexported, reexported_length); PSA_ASSERT(psa_close_key(id)); @@ -579,7 +579,7 @@ void copy_across_lifetimes(int source_lifetime_arg, int source_owner_id_arg, PSA_ASSERT(psa_export_key(returned_target_id, export_buffer, material->len, &length)); TEST_MEMORY_COMPARE(material->x, material->len, - export_buffer, length); + export_buffer, length); } else { size_t length; /* Check that the key is actually non-exportable. */ @@ -693,7 +693,7 @@ void copy_to_occupied(int source_lifetime_arg, int source_id_arg, PSA_ASSERT(psa_export_key(returned_target_id, export_buffer, target_material->len, &length)); TEST_MEMORY_COMPARE(target_material->x, target_material->len, - export_buffer, length); + export_buffer, length); } PSA_ASSERT(psa_destroy_key(returned_source_id)); @@ -841,7 +841,7 @@ void many_transient_keys(int max_keys_arg) exported, sizeof(exported), &exported_length)); TEST_MEMORY_COMPARE(exported, exported_length, - (uint8_t *) &i, sizeof(i)); + (uint8_t *) &i, sizeof(i)); } PSA_ASSERT(psa_close_key(keys[i - 1])); @@ -918,7 +918,7 @@ void key_slot_eviction_to_import_new_key(int lifetime_arg) exported, sizeof(exported), &exported_length)); TEST_MEMORY_COMPARE(exported, exported_length, - (uint8_t *) &i, sizeof(i)); + (uint8_t *) &i, sizeof(i)); PSA_ASSERT(psa_destroy_key(key)); } @@ -1017,7 +1017,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() exported, sizeof(exported), &exported_length)); TEST_MEMORY_COMPARE(exported, exported_length, - (uint8_t *) &i, sizeof(i)); + (uint8_t *) &i, sizeof(i)); PSA_ASSERT(psa_destroy_key(keys[i])); } @@ -1029,7 +1029,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() PSA_ASSERT(psa_export_key(persistent_key, exported, sizeof(exported), &exported_length)); TEST_MEMORY_COMPARE(exported, exported_length, - (uint8_t *) &persistent_key, sizeof(persistent_key)); + (uint8_t *) &persistent_key, sizeof(persistent_key)); exit: /* * Key attributes may have been returned by psa_get_key_attributes() diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function index 9f67f4868..116f4cd53 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tests/suites/test_suite_psa_crypto_storage_format.function @@ -40,7 +40,7 @@ static int test_written_key(const psa_key_attributes_t *attributes, PSA_ASSERT(psa_its_get(uid, 0, storage_info.size, actual_representation, &length)); TEST_MEMORY_COMPARE(expected_representation->x, expected_representation->len, - actual_representation, length); + actual_representation, length); ok = 1; @@ -264,7 +264,7 @@ static int test_read_key(const psa_key_attributes_t *expected_attributes, exported_material, expected_material->len, &length)); TEST_MEMORY_COMPARE(expected_material->x, expected_material->len, - exported_material, length); + exported_material, length); } if ((flags & TEST_FLAG_EXERCISE) && can_exercise(&actual_attributes)) { diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index aeb413c93..cb11f189a 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -168,7 +168,7 @@ void set_multiple(int first_id, int count) "Content of file 0x%08lx", (unsigned long) uid); PSA_ASSERT(psa_its_get(uid, 0, sizeof(stored), retrieved, &ret_len)); TEST_MEMORY_COMPARE(retrieved, ret_len, - stored, sizeof(stored)); + stored, sizeof(stored)); PSA_ASSERT(psa_its_remove(uid)); TEST_ASSERT(psa_its_get(uid, 0, 0, NULL, NULL) == PSA_ERROR_DOES_NOT_EXIST); @@ -224,7 +224,7 @@ void get_at(int uid_arg, data_t *data, TEST_ASSERT(status == (psa_status_t) expected_status); if (status == PSA_SUCCESS) { TEST_MEMORY_COMPARE(data->x + offset, (size_t) length_arg, - buffer, ret_len); + buffer, ret_len); } for (i = 0; i < 16; i++) { TEST_ASSERT(trailer[i] == '-'); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b2a075b64..915d10435 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1729,7 +1729,7 @@ void ssl_tls13_hkdf_expand_label(int hash_alg, dst, desired_length) == 0); TEST_MEMORY_COMPARE(dst, (size_t) desired_length, - expected->x, (size_t) expected->len); + expected->x, (size_t) expected->len); exit: PSA_DONE(); @@ -1769,21 +1769,21 @@ void ssl_tls13_traffic_key_generation(int hash_alg, &keys) == 0); TEST_MEMORY_COMPARE(keys.client_write_key, - keys.key_len, - expected_client_write_key->x, - (size_t) desired_key_len); + keys.key_len, + expected_client_write_key->x, + (size_t) desired_key_len); TEST_MEMORY_COMPARE(keys.server_write_key, - keys.key_len, - expected_server_write_key->x, - (size_t) desired_key_len); + keys.key_len, + expected_server_write_key->x, + (size_t) desired_key_len); TEST_MEMORY_COMPARE(keys.client_write_iv, - keys.iv_len, - expected_client_write_iv->x, - (size_t) desired_iv_len); + keys.iv_len, + expected_client_write_iv->x, + (size_t) desired_iv_len); TEST_MEMORY_COMPARE(keys.server_write_iv, - keys.iv_len, - expected_server_write_iv->x, - (size_t) desired_iv_len); + keys.iv_len, + expected_server_write_iv->x, + (size_t) desired_iv_len); exit: PSA_DONE(); @@ -1828,7 +1828,7 @@ void ssl_tls13_derive_secret(int hash_alg, dst, desired_length) == 0); TEST_MEMORY_COMPARE(dst, desired_length, - expected->x, desired_length); + expected->x, desired_length); exit: PSA_DONE(); @@ -1860,9 +1860,9 @@ void ssl_tls13_derive_early_secrets(int hash_alg, &secrets) == 0); TEST_MEMORY_COMPARE(secrets.client_early_traffic_secret, hash_len, - traffic_expected->x, traffic_expected->len); + traffic_expected->x, traffic_expected->len); TEST_MEMORY_COMPARE(secrets.early_exporter_master_secret, hash_len, - exporter_expected->x, exporter_expected->len); + exporter_expected->x, exporter_expected->len); exit: PSA_DONE(); @@ -1894,9 +1894,9 @@ void ssl_tls13_derive_handshake_secrets(int hash_alg, &secrets) == 0); TEST_MEMORY_COMPARE(secrets.client_handshake_traffic_secret, hash_len, - client_expected->x, client_expected->len); + client_expected->x, client_expected->len); TEST_MEMORY_COMPARE(secrets.server_handshake_traffic_secret, hash_len, - server_expected->x, server_expected->len); + server_expected->x, server_expected->len); exit: PSA_DONE(); @@ -1930,11 +1930,11 @@ void ssl_tls13_derive_application_secrets(int hash_alg, &secrets) == 0); TEST_MEMORY_COMPARE(secrets.client_application_traffic_secret_N, hash_len, - client_expected->x, client_expected->len); + client_expected->x, client_expected->len); TEST_MEMORY_COMPARE(secrets.server_application_traffic_secret_N, hash_len, - server_expected->x, server_expected->len); + server_expected->x, server_expected->len); TEST_MEMORY_COMPARE(secrets.exporter_master_secret, hash_len, - exporter_expected->x, exporter_expected->len); + exporter_expected->x, exporter_expected->len); exit: PSA_DONE(); @@ -1964,7 +1964,7 @@ void ssl_tls13_derive_resumption_secrets(int hash_alg, &secrets) == 0); TEST_MEMORY_COMPARE(secrets.resumption_master_secret, hash_len, - resumption_expected->x, resumption_expected->len); + resumption_expected->x, resumption_expected->len); exit: PSA_DONE(); @@ -1998,7 +1998,7 @@ void ssl_tls13_create_psk_binder(int hash_alg, binder) == 0); TEST_MEMORY_COMPARE(binder, hash_len, - binder_expected->x, binder_expected->len); + binder_expected->x, binder_expected->len); exit: PSA_DONE(); @@ -2091,12 +2091,12 @@ void ssl_tls13_record_protection(int ciphersuite, if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, - ciphertext->x, ciphertext->len); + ciphertext->x, ciphertext->len); } TEST_ASSERT(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec) == 0); TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, - plaintext->x, plaintext->len); + plaintext->x, plaintext->len); exit: mbedtls_free(buf); @@ -2123,7 +2123,7 @@ void ssl_tls13_key_evolution(int hash_alg, secret_new) == 0); TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len, - expected->x, (size_t) expected->len); + expected->x, (size_t) expected->len); exit: PSA_DONE(); From d7bdbbeb0ae2dd855d0f7659df8158356a7b45ef Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 20 Jul 2023 16:26:58 +0000 Subject: [PATCH 172/339] Improve naming of mimimum RSA key size generation configurations Signed-off-by: Waleed Elmelegy --- ChangeLog.d/enforce-min-RSA-key-size.txt | 3 +++ include/mbedtls/mbedtls_config.h | 6 ++--- include/mbedtls/rsa.h | 6 +++-- include/psa/crypto_sizes.h | 8 +++---- library/psa_crypto.c | 2 +- library/rsa.c | 4 ++-- tests/scripts/generate_psa_tests.py | 2 +- tests/suites/test_suite_pk.data | 20 ++++++++--------- tests/suites/test_suite_pk.function | 4 ++-- tests/suites/test_suite_psa_crypto.data | 28 ++++++++++++------------ tests/suites/test_suite_rsa.data | 12 +++++----- 11 files changed, 50 insertions(+), 45 deletions(-) create mode 100644 ChangeLog.d/enforce-min-RSA-key-size.txt diff --git a/ChangeLog.d/enforce-min-RSA-key-size.txt b/ChangeLog.d/enforce-min-RSA-key-size.txt new file mode 100644 index 000000000..06cd2a276 --- /dev/null +++ b/ChangeLog.d/enforce-min-RSA-key-size.txt @@ -0,0 +1,3 @@ +Changes + * Enforce minimum RSA key size when generating a key + to avoid accidental misuse. diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ab3837e31..28249d3b3 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3691,9 +3691,6 @@ //#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */ //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ -/* RSA OPTIONS */ -//#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 /**< Minimum RSA key size allowed in bits (Minimum possible value is 128 bits) */ - /* Entropy options */ //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ @@ -3784,6 +3781,9 @@ */ //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 +/* RSA OPTIONS */ +#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */ + /* SSL Cache options */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 8045e6b71..69f3981ed 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -85,8 +85,10 @@ extern "C" { // Regular implementation // -#if !defined(MBEDTLS_RSA_MIN_KEY_SIZE) -#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 +#if !defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS) +#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 +#elif MBEDTLS_RSA_GEN_KEY_MIN_BITS < 128 +#error "MBEDTLS_RSA_GEN_KEY_MIN_BITS must be at least 128 bits" #endif /** diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index fd0eeb944..08761778c 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -211,13 +211,13 @@ /* The minimum size of an RSA key on this implementation, in bits. * This is a vendor-specific macro. * - * Limits RSA key generation to a minimum due to security reasons. + * Limits RSA key generation to a minimum due to avoid accidental misuse. * This value cannot be less than 128 bits. */ -#if defined(MBEDTLS_RSA_MIN_KEY_SIZE) -#define PSA_VENDOR_RSA_MIN_KEY_BITS MBEDTLS_RSA_MIN_KEY_SIZE +#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS) +#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS #else -#define PSA_VENDOR_RSA_MIN_KEY_BITS 1024 +#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024 #endif /* The maximum size of an DH key on this implementation, in bits. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4e1f41b04..1eb696054 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7374,7 +7374,7 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) { return PSA_ERROR_NOT_SUPPORTED; } - if (bits < PSA_VENDOR_RSA_MIN_KEY_BITS) { + if (bits < PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS) { return PSA_ERROR_NOT_SUPPORTED; } diff --git a/library/rsa.c b/library/rsa.c index 9fd14dbe4..4955052be 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -545,12 +545,12 @@ int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx, mbedtls_mpi_init(&G); mbedtls_mpi_init(&L); - if (nbits < 128 || exponent < 3 || nbits % 2 != 0) { + if (exponent < 3 || nbits % 2 != 0) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } - if (nbits < MBEDTLS_RSA_MIN_KEY_SIZE) { + if (nbits < MBEDTLS_RSA_GEN_KEY_MIN_BITS) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index edaec92b3..a5a4fd2b0 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -348,7 +348,7 @@ class KeyGenerate: generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE') for bits in kt.sizes_to_test(): if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR': - size_dependency = "PSA_VENDOR_RSA_MIN_KEY_BITS <= " + str(bits) + size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits) test_dependencies = generate_dependencies + [size_dependency] else: test_dependencies = generate_dependencies diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 258423af4..84802da77 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -10,7 +10,7 @@ valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee8265 PK utils: RSA Minimum key depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:MBEDTLS_RSA_MIN_KEY_SIZE:(MBEDTLS_RSA_MIN_KEY_SIZE/8):"RSA" +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA" PK utils: ECKEY SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED @@ -401,8 +401,8 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH RSA sign-verify -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512 -pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:0:0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:0 RSA encrypt-decrypt test depends_on:MBEDTLS_PKCS1_V15 @@ -437,7 +437,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN pk_ec_nocrypt:MBEDTLS_PK_ECDSA RSA_ALT consistency -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512 pk_rsa_alt: Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK) @@ -622,27 +622,27 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024 PK Sign ext:RSA2048,PK_RSA,MD_SHA256 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 PK Sign ext:RSA2048,PK_RSA,MD_SHA384 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 PK Sign ext:RSA2048,PK_RSA,MD_SHA512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 3ea9e3d66..881429c2d 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -21,8 +21,8 @@ /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "psa_util_internal.h" -#define RSA_KEY_SIZE MBEDTLS_RSA_MIN_KEY_SIZE -#define RSA_KEY_LEN (MBEDTLS_RSA_MIN_KEY_SIZE/8) +#define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS +#define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 0b872fcd0..fb583d33f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6984,27 +6984,27 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1016 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1016 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 0 bits: invalid @@ -7043,22 +7043,22 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_EC generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0 PSA generate key: RSA, default e -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"":PSA_SUCCESS PSA generate key: RSA, e=3 -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"03":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"03":PSA_SUCCESS PSA generate key: RSA, e=65537 -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"010001":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"010001":PSA_SUCCESS PSA generate key: RSA, e=513 -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"0201":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"0201":PSA_SUCCESS PSA generate key: RSA, e=1 -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: RSA, e=2 -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: FFDH, 2048 bits, good depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY @@ -7113,8 +7113,8 @@ depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY PSA generate persistent key: RSA, minimum size key, exportable -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_MIN_KEY_BITS >= 512 -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 512 +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY PSA generate persistent key: ECC, SECP256R1, exportable depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 7014399ba..0a60f314e 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -386,11 +386,11 @@ RSA Public (Data = 0) mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0 RSA Generate Key (Minimum size key) -mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE:3:0 +mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS:3:0 RSA Generate Key (Key less than minimum size) -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE >= 130 -mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 130 +mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key (Number of bits too small) mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA @@ -399,16 +399,16 @@ RSA Generate Key (Exponent too small) mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key - 1024 bit key -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 +depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 1024 mbedtls_rsa_gen_key:1024:3:0 RSA Generate Key - 2048 bit key -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key (Odd sized key) # mbedtls_rsa_gen_key only supports even-sized keys -mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Validate Params, toy example mbedtls_rsa_validate_params:"f":"3":"5":"3":"3":0:0 From ce38db1c0b28458c59b5629842e73774b2775beb Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:01:03 +0530 Subject: [PATCH 173/339] Change config_psa.h PBKDF2_CMAC dependencies Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 9f6b9cafe..5762ee2f3 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -519,12 +519,20 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 #define MBEDTLS_CMAC_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ +#endif /* PSA_WANT_ALG_CMAC */ + #if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ #endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ #endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ -#endif /* PSA_WANT_ALG_CMAC */ + #if defined(PSA_WANT_ALG_CTR) #if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \ From 105f772fe84cfa180b3eb7cca244c50c16d8deae Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:03:06 +0530 Subject: [PATCH 174/339] Add PSA_HAVE_SOFT_PBKDF2 Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 5762ee2f3..ce34386a2 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -273,6 +273,7 @@ extern "C" { #if defined(PSA_WANT_ALG_PBKDF2_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#define PSA_HAVE_SOFT_PBKDF2_HMAC #if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ @@ -524,6 +525,7 @@ extern "C" { #if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 +#define PSA_HAVE_SOFT_PBKDF2_CMAC #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ @@ -533,6 +535,10 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ #endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#if defined(PSA_HAVE_SOFT_PBKDF2_HMAC) || \ + defined(PSA_HAVE_SOFT_PBKDF2_CMAC) +#define PSA_HAVE_SOFT_PBKDF2 1 +#endif /* PSA_HAVE_SOFT_PBKDF2_HMAC || PSA_HAVE_SOFT_PBKDF2_CMAC */ #if defined(PSA_WANT_ALG_CTR) #if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \ From 2addf35855a40c3ee9ec6499957d9f6695bef577 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:09:26 +0530 Subject: [PATCH 175/339] Replace MBEDTLS_PSA_BUILTIN_PBKDF2_XXX with PSA_HAVE_SOFT_PBKDF2 Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 6 +-- library/psa_crypto.c | 47 ++++++--------------- 2 files changed, 15 insertions(+), 38 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index c598fa438..8a2143a7e 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -105,8 +105,7 @@ typedef struct psa_tls12_prf_key_derivation_s { } psa_tls12_prf_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) +#if defined(PSA_HAVE_SOFT_PBKDF2) typedef enum { PSA_PBKDF2_STATE_INIT, /* no input provided */ PSA_PBKDF2_STATE_INPUT_COST_SET, /* input cost has been set */ @@ -126,7 +125,6 @@ typedef struct { uint8_t MBEDTLS_PRIVATE(bytes_used); uint32_t MBEDTLS_PRIVATE(block_number); } psa_pbkdf2_key_derivation_t; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ #endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 048ab58b3..c3c4d5879 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5080,8 +5080,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + defined(PSA_HAVE_SOFT_PBKDF2) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ @@ -5185,10 +5184,7 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) sizeof(operation->ctx.tls12_ecjpake_to_pms.data)); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || - kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { +#if defined(PSA_HAVE_SOFT_PBKDF2) if (operation->ctx.pbkdf2.salt != NULL) { mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, operation->ctx.pbkdf2.salt_length); @@ -5197,8 +5193,7 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) status = PSA_SUCCESS; } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) */ +#endif /* defined(PSA_HAVE_SOFT_PBKDF2) */ { status = PSA_ERROR_BAD_STATE; } @@ -5525,8 +5520,7 @@ static psa_status_t psa_key_derivation_tls12_ecjpake_to_pms_read( } #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) +#if defined(PSA_HAVE_SOFT_PBKDF2) static psa_status_t psa_key_derivation_pbkdf2_generate_block( psa_pbkdf2_key_derivation_t *pbkdf2, psa_algorithm_t prf_alg, @@ -5662,8 +5656,7 @@ static psa_status_t psa_key_derivation_pbkdf2_read( return PSA_SUCCESS; } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, @@ -5718,15 +5711,11 @@ psa_status_t psa_key_derivation_output_bytes( &operation->ctx.tls12_ecjpake_to_pms, output, output_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || - kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { +#if defined(PSA_HAVE_SOFT_PBKDF2) status = psa_key_derivation_pbkdf2_read(&operation->ctx.pbkdf2, kdf_alg, output, output_length); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ { (void) kdf_alg; @@ -6651,8 +6640,7 @@ static psa_status_t psa_tls12_ecjpake_to_pms_input( } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) +#if defined(PSA_HAVE_SOFT_PBKDF2) static psa_status_t psa_pbkdf2_set_input_cost( psa_pbkdf2_key_derivation_t *pbkdf2, psa_key_derivation_step_t step, @@ -6802,8 +6790,7 @@ static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_INVALID_ARGUMENT; } } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ /** Check whether the given key type is acceptable for the given * input step of a key derivation. @@ -6900,15 +6887,11 @@ static psa_status_t psa_key_derivation_input_internal( &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || - kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { +#if defined(PSA_HAVE_SOFT_PBKDF2) status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg, step, data, data_length); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ { /* This can't happen unless the operation object was not initialized */ (void) data; @@ -6932,15 +6915,11 @@ static psa_status_t psa_key_derivation_input_integer_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || - kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { +#if defined(PSA_HAVE_SOFT_PBKDF2) status = psa_pbkdf2_set_input_cost( &operation->ctx.pbkdf2, step, value); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ { (void) step; (void) value; From 9ab03c3d727e2026d45f0b2a4ea19501f910402e Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:14:05 +0530 Subject: [PATCH 176/339] Define PSA_ALG_IS_PBKDF2 Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_values.h | 4 ++++ library/psa_crypto.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 580e3ae80..50df3e3d0 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2115,6 +2115,10 @@ */ #define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t) 0x08800200) +#define PSA_ALG_IS_PBKDF2(kdf_alg) \ + (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || \ + (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128)) + #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff) #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c3c4d5879..2e3d451ba 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5185,6 +5185,7 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ #if defined(PSA_HAVE_SOFT_PBKDF2) + if (PSA_ALG_IS_PBKDF2(kdf_alg)) { if (operation->ctx.pbkdf2.salt != NULL) { mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, operation->ctx.pbkdf2.salt_length); @@ -5712,6 +5713,7 @@ psa_status_t psa_key_derivation_output_bytes( } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ #if defined(PSA_HAVE_SOFT_PBKDF2) + if (PSA_ALG_IS_PBKDF2(kdf_alg)) { status = psa_key_derivation_pbkdf2_read(&operation->ctx.pbkdf2, kdf_alg, output, output_length); } else @@ -6888,6 +6890,7 @@ static psa_status_t psa_key_derivation_input_internal( } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ #if defined(PSA_HAVE_SOFT_PBKDF2) + if (PSA_ALG_IS_PBKDF2(kdf_alg)) { status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg, step, data, data_length); } else @@ -6916,6 +6919,7 @@ static psa_status_t psa_key_derivation_input_integer_internal( psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); #if defined(PSA_HAVE_SOFT_PBKDF2) + if (PSA_ALG_IS_PBKDF2(kdf_alg)) { status = psa_pbkdf2_set_input_cost( &operation->ctx.pbkdf2, step, value); } else From a12e2d53bd5032acdf25bef067c9da3cdb504eb6 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:18:30 +0530 Subject: [PATCH 177/339] Replace AES_CMAC_128_PRF_OUTPUT_SIZE with PSA_MAC_LENGTH() Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_sizes.h | 3 --- library/psa_crypto.c | 16 +++++++++------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index b884defe0..8cc965b09 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -276,9 +276,6 @@ * This is a vendor-specific macro. This can be configured if necessary */ #define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff -/* Output size of AES_CMAC_PRF_128 algorithm */ -#define PSA_AES_CMAC_PRF_128_OUTPUT_SIZE 16 - /** The maximum size of a block cipher. */ #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2e3d451ba..f8d295afb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5611,7 +5611,7 @@ static psa_status_t psa_key_derivation_pbkdf2_read( psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { prf_alg = PSA_ALG_CMAC; - prf_output_length = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; + prf_output_length = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC); psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); } else { return PSA_ERROR_INVALID_ARGUMENT; @@ -6177,7 +6177,7 @@ static psa_status_t psa_key_derivation_setup_kdf( if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { - hash_size = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; + hash_size = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC); } else { if (hash_size == 0) { return PSA_ERROR_NOT_SUPPORTED; @@ -6730,23 +6730,25 @@ static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, size_t *output_len) { psa_status_t status = PSA_SUCCESS; - if (input_len != PSA_AES_CMAC_PRF_128_OUTPUT_SIZE) { + if (input_len != PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC)) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t zeros[16] = { 0 }; psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(sizeof(zeros))); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - /* Passing PSA_AES_CMAC_PRF_128_OUTPUT_SIZE as mac_size as the driver - * function sets mac_output_length = mac_size on success. See #7801*/ + /* Passing PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC) as + * mac_size as the driver function sets mac_output_length = mac_size */ status = psa_driver_wrapper_mac_compute(&attributes, zeros, sizeof(zeros), PSA_ALG_CMAC, input, input_len, output, - PSA_AES_CMAC_PRF_128_OUTPUT_SIZE, + PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, + 128U, + PSA_ALG_CMAC), output_len); } else { memcpy(output, input, input_len); - *output_len = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; + *output_len = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC); } return status; } From 0bca4c5fc45c7ca4f128505d6a9e8cc1b1a16292 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:20:14 +0530 Subject: [PATCH 178/339] Add ifdef for hmac and cmac specific functions Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f8d295afb..3c4730eb4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6707,6 +6707,7 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_SUCCESS; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, const uint8_t *input, size_t input_len, @@ -6723,7 +6724,9 @@ static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, } return status; } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, size_t input_len, uint8_t *output, @@ -6752,6 +6755,7 @@ static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, } return status; } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, psa_algorithm_t kdf_alg, From 5f3345ae44342a782a3ee464ed6eeb05bc8644bd Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:21:38 +0530 Subject: [PATCH 179/339] Add issue link instead of issue number Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3c4730eb4..ec99e166b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5572,7 +5572,7 @@ static psa_status_t psa_key_derivation_pbkdf2_generate_block( for (i = 1; i < pbkdf2->input_cost; i++) { /* We are passing prf_output_length as mac_size because the driver * function directly sets mac_output_length as mac_size upon success. - * See #7801 */ + * See https://github.com/Mbed-TLS/mbedtls/issues/7801 */ status = psa_driver_wrapper_mac_compute(attributes, pbkdf2->password, pbkdf2->password_length, @@ -6740,7 +6740,8 @@ static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(sizeof(zeros))); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); /* Passing PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC) as - * mac_size as the driver function sets mac_output_length = mac_size */ + * mac_size as the driver function sets mac_output_length = mac_size + * on success. See https://github.com/Mbed-TLS/mbedtls/issues/7801 */ status = psa_driver_wrapper_mac_compute(&attributes, zeros, sizeof(zeros), PSA_ALG_CMAC, input, input_len, From be55b7e45a45a737727f20d8755edda6e718ee5f Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:22:26 +0530 Subject: [PATCH 180/339] Add test cases for 16 byte and empty password Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 0bbe6bcc1..12043484d 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6438,6 +6438,14 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 6 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f524d9ecbf864eb814a46cda50ad5ec4c0dc03578c6c5fb4a3f9880deb5cab537e4":"":0:1:0 +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, empty direct password +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"db00f3996d041b415eb273362d8c8c83":"":0:0:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, 16 byte password +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f726470617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"c4c112c6e1e3b8757640603dec78825f":"":0:1:0 + PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, salt in two step depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"5468726561643733356338376234":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"4f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 From a83d9bf0dbd4ff9cfc6703c189d17d4b8ed945ca Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 18:15:20 +0200 Subject: [PATCH 181/339] crypto_sizes: size PSA max symbols according to actual support Signed-off-by: Valerio Setti --- include/psa/crypto_sizes.h | 86 ++++++++++++++++++++++++++++++-------- 1 file changed, 69 insertions(+), 17 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 8cc965b09..278370c6a 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -633,10 +633,18 @@ * This macro expands to a compile-time constant integer. This value * is the maximum size of a signature in bytes. */ -#define PSA_SIGNATURE_MAX_SIZE \ - (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \ - PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \ - PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE) +#define PSA_SIGNATURE_MAX_SIZE 0 + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ + (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE > PSA_SIGNATURE_MAX_SIZE) +#undef PSA_SIGNATURE_MAX_SIZE +#define PSA_SIGNATURE_MAX_SIZE PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE +#endif +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && \ + (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_SIGNATURE_MAX_SIZE) +#undef PSA_SIGNATURE_MAX_SIZE +#define PSA_SIGNATURE_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) +#endif /** Sufficient output buffer size for psa_asymmetric_encrypt(). * @@ -948,10 +956,29 @@ * * See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ - PSA_MAX_OF_THREE(PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS), \ - PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS), \ - PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)) +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE 0 + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ + (PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE) +#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && \ + (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE) +#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) +#endif +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \ + (PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE) +#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_DH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#endif /** Sufficient buffer size for exporting any asymmetric public key. * @@ -962,11 +989,29 @@ * * See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ - PSA_MAX_OF_THREE(PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS), \ - PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS), \ - PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)) +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE 0 +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ + (PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) +#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) && \ + (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) +#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) +#endif +#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) && \ + (PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \ + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) +#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#endif /** Sufficient output buffer size for psa_raw_key_agreement(). * @@ -1002,11 +1047,18 @@ * * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \ - (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ - PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) ? \ - PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) : \ - PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)) +#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE 0 + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ + (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) +#undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE +#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \ + (PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) +#undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE +#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#endif /** The default IV size for a cipher algorithm, in bytes. * From 05b60f40acc709b83599dc0ad31d1b8c2c4f9699 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 14:22:34 +0100 Subject: [PATCH 182/339] Make code_style.py -s more precise Signed-off-by: Dave Rodgman --- scripts/code_style.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index 7de93b085..89263cec0 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -81,11 +81,15 @@ def get_src_files(since: Optional[str]) -> List[str]: universal_newlines=True) src_files = output.split() if since: - output = subprocess.check_output(["git", "diff", "--name-only", - since, "--"] + - src_files, - universal_newlines=True) - src_files = output.split() + # get all files changed in commits since the starting point + cmd = ["git", "log", since + "..HEAD", "--name-only", "--pretty=", "--" ] + src_files + output = subprocess.check_output(cmd, universal_newlines=True) + committed_changed_files = output.split() + # and also get all files with uncommitted changes + cmd = ["git", "diff", "--name-only", "--" ] + src_files + output = subprocess.check_output(cmd, universal_newlines=True) + uncommitted_changed_files = output.split() + src_files = set(committed_changed_files + uncommitted_changed_files) generated_files = list_generated_files() # Don't correct style for third-party files (and, for simplicity, From eaf2761ae125a5e7d5dacc71691894b002063d74 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 14:22:55 +0100 Subject: [PATCH 183/339] Make code_style.py -s default to -s=development Signed-off-by: Dave Rodgman --- scripts/code_style.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index 89263cec0..664222df5 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -193,9 +193,10 @@ def main() -> int: parser.add_argument('-f', '--fix', action='store_true', help=('modify source files to fix the code style ' '(default: print diff, do not modify files)')) - parser.add_argument('-s', '--since', metavar='COMMIT', + parser.add_argument('-s', '--since', metavar='COMMIT', const='development', nargs='?', help=('only check files modified since the specified commit' - ' (e.g. --since=HEAD~3 or --since=development)')) + ' (e.g. --since=HEAD~3 or --since=development). If no' + ' commit is specified, default to development.')) # --subset is almost useless: it only matters if there are no files # ('code_style.py' without arguments checks all files known to Git, # 'code_style.py --subset' does nothing). In particular, From 82d174a6a80e160a7375385c3c1da5f9488a6d06 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 18:50:50 +0100 Subject: [PATCH 184/339] pylint tidy-up Signed-off-by: Dave Rodgman --- scripts/code_style.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index 664222df5..d6e56b29d 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -82,14 +82,14 @@ def get_src_files(since: Optional[str]) -> List[str]: src_files = output.split() if since: # get all files changed in commits since the starting point - cmd = ["git", "log", since + "..HEAD", "--name-only", "--pretty=", "--" ] + src_files + cmd = ["git", "log", since + "..HEAD", "--name-only", "--pretty=", "--"] + src_files output = subprocess.check_output(cmd, universal_newlines=True) committed_changed_files = output.split() # and also get all files with uncommitted changes cmd = ["git", "diff", "--name-only", "--" ] + src_files output = subprocess.check_output(cmd, universal_newlines=True) uncommitted_changed_files = output.split() - src_files = set(committed_changed_files + uncommitted_changed_files) + src_files = list(set(committed_changed_files + uncommitted_changed_files)) generated_files = list_generated_files() # Don't correct style for third-party files (and, for simplicity, From fccc5f8b9d74efd600d0a51cb5fc673b83e0ac7c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 20:00:41 +0100 Subject: [PATCH 185/339] whitespace fix Signed-off-by: Dave Rodgman --- scripts/code_style.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index d6e56b29d..ddd0a9800 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -86,7 +86,7 @@ def get_src_files(since: Optional[str]) -> List[str]: output = subprocess.check_output(cmd, universal_newlines=True) committed_changed_files = output.split() # and also get all files with uncommitted changes - cmd = ["git", "diff", "--name-only", "--" ] + src_files + cmd = ["git", "diff", "--name-only", "--"] + src_files output = subprocess.check_output(cmd, universal_newlines=True) uncommitted_changed_files = output.split() src_files = list(set(committed_changed_files + uncommitted_changed_files)) From 644e01d767ae23a0f45ec63b6938acfc69dbb902 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Jul 2023 09:31:51 +0200 Subject: [PATCH 186/339] crypto_sizes: fix typo Signed-off-by: Valerio Setti --- include/psa/crypto_sizes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 278370c6a..db3766a9d 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -977,7 +977,7 @@ PSA_EXPORT_KEY_PAIR_MAX_SIZE) #undef PSA_EXPORT_KEY_PAIR_MAX_SIZE #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ - PSA_KEY_EXPORT_DH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) + PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) #endif /** Sufficient buffer size for exporting any asymmetric public key. From c012a2de7ce180b062016a979df2dda519f18ac4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Jul 2023 09:34:44 +0200 Subject: [PATCH 187/339] crypto_sizes: change initial MAX_SIZE value to 1 Signed-off-by: Valerio Setti --- include/psa/crypto_sizes.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index db3766a9d..eeb460eb6 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -633,7 +633,7 @@ * This macro expands to a compile-time constant integer. This value * is the maximum size of a signature in bytes. */ -#define PSA_SIGNATURE_MAX_SIZE 0 +#define PSA_SIGNATURE_MAX_SIZE 1 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE > PSA_SIGNATURE_MAX_SIZE) @@ -956,7 +956,7 @@ * * See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_EXPORT_KEY_PAIR_MAX_SIZE 0 +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE 1 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ (PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ @@ -989,7 +989,7 @@ * * See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE 0 +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE 1 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ (PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ @@ -1047,7 +1047,7 @@ * * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE 0 +#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE 1 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) From f3e696dc1be31b80089a4e26b4d1af099179f25a Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 28 Jul 2023 13:30:50 +0530 Subject: [PATCH 188/339] Add ifdef for hmac and cmac set password Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ec99e166b..947c2e229 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6768,15 +6768,23 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_BAD_STATE; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, pbkdf2->password, &pbkdf2->password_length); - } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { status = psa_pbkdf2_cmac_set_password(data, data_length, pbkdf2->password, &pbkdf2->password_length); + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ + { + return PSA_ERROR_INVALID_ARGUMENT; } pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET; From c22affd9ec68311257f6d16bc1717f2bd671a30b Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 28 Jul 2023 13:31:58 +0530 Subject: [PATCH 189/339] Fix dependencies for pbkdf2 cmac Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index ce34386a2..64e226144 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -439,13 +439,21 @@ extern "C" { #define PSA_HAVE_SOFT_BLOCK_AEAD 1 #endif +#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 +#define PSA_HAVE_SOFT_PBKDF2_CMAC +#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ + #if defined(PSA_WANT_KEY_TYPE_AES) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define PSA_HAVE_SOFT_KEY_TYPE_AES 1 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ #if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ - defined(PSA_HAVE_SOFT_BLOCK_AEAD) + defined(PSA_HAVE_SOFT_BLOCK_AEAD) || \ + defined(PSA_HAVE_SOFT_PBKDF2_CMAC) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 #define MBEDTLS_AES_C #endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */ @@ -516,25 +524,13 @@ extern "C" { #if defined(PSA_WANT_ALG_CMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) + defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || \ + defined(PSA_HAVE_SOFT_PBKDF2_CMAC) #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 #define MBEDTLS_CMAC_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ #endif /* PSA_WANT_ALG_CMAC */ -#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) -#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 -#define PSA_HAVE_SOFT_PBKDF2_CMAC -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ -#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ -#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ - #if defined(PSA_HAVE_SOFT_PBKDF2_HMAC) || \ defined(PSA_HAVE_SOFT_PBKDF2_CMAC) #define PSA_HAVE_SOFT_PBKDF2 1 From 797e396fd94305e31acb964af88c0dc04dc10b50 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 16:19:00 +0200 Subject: [PATCH 190/339] debug: use proper guard for PK_DEBUG_MPI items Signed-off-by: Valerio Setti --- library/debug.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/debug.c b/library/debug.c index 0f0292915..973516bd4 100644 --- a/library/debug.c +++ b/library/debug.c @@ -324,15 +324,17 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name); name[sizeof(name) - 1] = '\0'; +#if defined(MBEDTLS_RSA_C) if (items[i].type == MBEDTLS_PK_DEBUG_MPI) { mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); } else +#endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) if (items[i].type == MBEDTLS_PK_DEBUG_ECP) { mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value); } else -#endif -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +#endif /* MBEDTLS_ECP_LIGHT */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) && defined(MBEDTLS_BIGNUM_C) if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); } else From c1319f4a26b7113e14921eee42c0b85cfffb1dda Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 16:20:07 +0200 Subject: [PATCH 191/339] debug: improve debug_print_psa_ec() as not to depend on bignum Signed-off-by: Valerio Setti --- library/debug.c | 75 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 51 insertions(+), 24 deletions(-) diff --git a/library/debug.c b/library/debug.c index 973516bd4..92fe903de 100644 --- a/library/debug.c +++ b/library/debug.c @@ -202,17 +202,55 @@ void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_ECP_LIGHT */ -#if defined(MBEDTLS_BIGNUM_C) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text, + const unsigned char *buf, size_t len) +{ + char str[DEBUG_BUF_SIZE]; + size_t i, idx = 0; + + mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%u bits) is:\n", + text, (unsigned int) len * 8); + + debug_send_line(ssl, level, file, line, str); + + idx = 0; + for (i = 0; i < len; i++) { + if (i >= 4096) { + break; + } + + if (i % 16 == 0) { + if (i > 0) { + mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); + debug_send_line(ssl, level, file, line, str); + + idx = 0; + } + } + + idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", + (unsigned int) buf[i]); + } + + if (len > 0) { + for (/* i = i */; i % 16 != 0; i++) { + idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " "); + } + + mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); + debug_send_line(ssl, level, file, line, str); + } +} + void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk) { char str[DEBUG_BUF_SIZE]; - mbedtls_mpi mpi; - const uint8_t *mpi_start; - size_t mpi_len; - int ret; + const uint8_t *coord_start; + size_t coord_len; if (NULL == ssl || NULL == ssl->conf || @@ -223,32 +261,21 @@ void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, /* For the description of pk->pk_raw content please refer to the description * psa_export_public_key() function. */ - mpi_len = (pk->pub_raw_len - 1)/2; + coord_len = (pk->pub_raw_len - 1)/2; /* X coordinate */ - mbedtls_mpi_init(&mpi); - mpi_start = pk->pub_raw + 1; - ret = mbedtls_mpi_read_binary(&mpi, mpi_start, mpi_len); - if (ret != 0) { - return; - } + coord_start = pk->pub_raw + 1; mbedtls_snprintf(str, sizeof(str), "%s(X)", text); - mbedtls_debug_print_mpi(ssl, level, file, line, str, &mpi); - mbedtls_mpi_free(&mpi); + mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len); /* Y coordinate */ - mbedtls_mpi_init(&mpi); - mpi_start = mpi_start + mpi_len; - ret = mbedtls_mpi_read_binary(&mpi, mpi_start, mpi_len); - if (ret != 0) { - return; - } + coord_start = coord_start + coord_len; mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); - mbedtls_debug_print_mpi(ssl, level, file, line, str, &mpi); - mbedtls_mpi_free(&mpi); + mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len); } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +#if defined(MBEDTLS_BIGNUM_C) void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_mpi *X) @@ -334,11 +361,11 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value); } else #endif /* MBEDTLS_ECP_LIGHT */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) && defined(MBEDTLS_BIGNUM_C) +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); } else -#endif +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ { debug_send_line(ssl, level, file, line, "should not happen\n"); } } From 478c236938bdd0d201a68d66f423df32b74203e0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Jul 2023 16:05:53 +0200 Subject: [PATCH 192/339] crypto_sizes: check also if DH is enabled for PSA_SIGNATURE_MAX_SIZE Signed-off-by: Valerio Setti --- include/psa/crypto_sizes.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index eeb460eb6..4f4a187eb 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -645,6 +645,11 @@ #undef PSA_SIGNATURE_MAX_SIZE #define PSA_SIGNATURE_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) #endif +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \ + (PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) > PSA_SIGNATURE_MAX_SIZE) +#undef PSA_SIGNATURE_MAX_SIZE +#define PSA_SIGNATURE_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#endif /** Sufficient output buffer size for psa_asymmetric_encrypt(). * From 8de3482507400e39f0d38a335e40a60b81cf9e48 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 28 Jul 2023 15:10:00 +0100 Subject: [PATCH 193/339] Fix false-positive non-const-time errors in test Signed-off-by: Dave Rodgman --- tests/suites/test_suite_constant_time.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index cce5b8435..dbcc9f759 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -77,13 +77,13 @@ void mbedtls_ct_bool_xxx(char *x_str, char *y_str) expected = x1 <= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; TEST_EQUAL(mbedtls_ct_bool_le(x, y), expected); - expected = mbedtls_ct_bool(x) ^ mbedtls_ct_bool(y) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + expected = mbedtls_ct_bool(x1) ^ mbedtls_ct_bool(y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; TEST_EQUAL(mbedtls_ct_bool_xor(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); - expected = mbedtls_ct_bool(x) & mbedtls_ct_bool(y) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + expected = mbedtls_ct_bool(x1) & mbedtls_ct_bool(y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; TEST_EQUAL(mbedtls_ct_bool_and(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); - expected = mbedtls_ct_bool(x) | mbedtls_ct_bool(y) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + expected = mbedtls_ct_bool(x1) | mbedtls_ct_bool(y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; TEST_EQUAL(mbedtls_ct_bool_or(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); TEST_CF_PUBLIC(&x, sizeof(x)); From 9cd8011978b719af8b3c60a81efdc4639901403f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 12:04:21 +0200 Subject: [PATCH 194/339] tls: fix definition of symbol KEY_EXCHANGE_SOME_XXDH_PSA_ANY Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 48ed541d8..2db5209ea 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -401,7 +401,16 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED #endif -#if (defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED) && defined(MBEDTLS_USE_PSA_CRYPTO)) || \ +/* The handshake params structure has a set of fields called xxdh_psa which are used: + * - by TLS 1.2 with `USE_PSA` to do ECDH or ECDHE; + * - by TLS 1.3 to do ECDHE or FFDHE. + * The following macros can be used to guard their declaration and use. + */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) +#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED +#endif +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED #endif From fa5a4bbb02f625d43c2efdee853059afefc8110f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 28 Jul 2023 16:13:52 +0100 Subject: [PATCH 195/339] Improve mbedtls_ct_memmove_left w.r.t. const-flow tests Signed-off-by: Dave Rodgman --- library/constant_time.c | 21 ++++++++++++++++--- .../suites/test_suite_constant_time.function | 5 ++--- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index f2cdddf96..6523ccf15 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -30,6 +30,8 @@ #include "mbedtls/error.h" #include "mbedtls/platform_util.h" +#include "../tests/include/test/constant_flow.h" + #include #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) @@ -127,6 +129,20 @@ int mbedtls_ct_memcmp(const void *a, void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) { + /* In case of inlining, ensure that code generated is independent of the value of offset + * (e.g., if the compiler knows that offset == 0, it might be able to optimise this function + * to a no-op). */ + size_t hidden_offset = mbedtls_ct_compiler_opaque(offset); + + /* During this loop, j will take every value from [0..total) exactly once, + * regardless of the value of hidden_offset (it only changes the initial + * value for j). + * + * For this reason, when testing, it is safe to mark hidden_offset as non-secret. + * This prevents the const-flow checkers from generating a false-positive. + */ + TEST_CF_PUBLIC(&hidden_offset, sizeof(hidden_offset)); + /* Iterate over the array, reading each byte once and writing each byte once. */ for (size_t i = 0; i < total; i++) { /* Each iteration, read one byte, and write it to start[i]. @@ -138,9 +154,8 @@ void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) * If the source address is out of range, mask it to zero. */ - // The address that we will read from - // TODO: if offset is marked as secret, this upsets Memsan. - size_t j = i + offset; + // The offset that we will read from (if in range) + size_t j = i + hidden_offset; // Is the address off the end of the array? mbedtls_ct_condition_t not_dummy = mbedtls_ct_bool_lt(j, total); diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index dbcc9f759..d8a1fccbe 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -329,11 +329,10 @@ void mbedtls_ct_memmove_left(int len, int offset) buf_expected[i] = buf[i]; } - //Note: Marking o as secret causes false positives from Memsan - //TEST_CF_SECRET(&o, sizeof(o)); + TEST_CF_SECRET(&o, sizeof(o)); TEST_CF_SECRET(buf, l); mbedtls_ct_memmove_left(buf, l, o); - //TEST_CF_PUBLIC(&o, sizeof(o)); + TEST_CF_PUBLIC(&o, sizeof(o)); TEST_CF_PUBLIC(buf, l); if (l > 0) { From 1eacae865ef4fe060f88580f0fa9ba622c828d90 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Jul 2023 16:07:03 +0200 Subject: [PATCH 196/339] test: check exported length against proper MAX_SIZE Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.function | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index b9dadcff5..b58077ba2 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1590,7 +1590,11 @@ void import_export(data_t *data, TEST_LE_U(exported_length, PSA_EXPORT_KEY_OUTPUT_SIZE(type, psa_get_key_bits(&got_attributes))); - TEST_LE_U(exported_length, PSA_EXPORT_KEY_PAIR_MAX_SIZE); + if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) { + TEST_LE_U(exported_length, PSA_EXPORT_KEY_PAIR_MAX_SIZE); + } else if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { + TEST_LE_U(exported_length, PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); + } destroy: /* Destroy the key */ From 8d45ec8b976b70675083140bf68b6b7956fd7c79 Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar Date: Fri, 28 Jul 2023 16:36:25 +0100 Subject: [PATCH 197/339] Remove test_clang_opt check The component functions in all.sh will be listed using compgen instead of sed so this check is not needed. Signed-off-by: Gowtham Suresh Kumar --- tests/scripts/all.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 21f537106..f1da9d2cd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -195,13 +195,6 @@ pre_initialize_variables () { # they are defined. ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") - # For Linux platforms we run latest/earliest versions of clang and the - # test_clang_opt function is only for FreeBSD. This condition removes - # test_clang_opt element from the ALL_COMPONENTS array for Linux. - if [[ $(uname) == "Linux" ]]; then - ALL_COMPONENTS=( "${ALL_COMPONENTS[@]/test_clang_opt}" ) - fi - # Exclude components that are not supported on this platform. SUPPORTED_COMPONENTS= for component in $ALL_COMPONENTS; do From 08691679b51c3e8e985c3b29056bb85ebdf1e031 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 28 Jul 2023 16:17:57 +0100 Subject: [PATCH 198/339] Enable testing of asm under Memsan Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 91418e58f..f8f6bb194 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -37,15 +37,7 @@ #include "mbedtls/bignum.h" #endif - -/* Disable asm under Memsan because it confuses Memsan and generates false errors */ -#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) -#define MBEDTLS_CT_NO_ASM -#elif defined(__has_feature) -#if __has_feature(memory_sanitizer) -#define MBEDTLS_CT_NO_ASM -#endif -#endif +#include "../tests/include/test/constant_flow.h" /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \ @@ -79,7 +71,19 @@ extern volatile mbedtls_ct_uint_t mbedtls_ct_zero; static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) { #if defined(MBEDTLS_CT_ASM) + /* Prevent false positives from Memsan - otherwise it will report the asm as + * accessing secret data. */ + TEST_CF_PUBLIC(&x, sizeof(x)); + asm volatile ("" : [x] "+r" (x) :); + + /* Mark the return value as secret. This is needed so that code of the form: + * + * if (mbedtls_ct_compiler_opaque(secret)) { ... } + * + * will fail const-flow tests. + */ + TEST_CF_SECRET(&x, sizeof(x)); return x; #else return x ^ mbedtls_ct_zero; From d684d7342bf47252e1ab0deb42f8f13a9ddee3d2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 28 Jul 2023 16:21:41 +0100 Subject: [PATCH 199/339] code style Signed-off-by: Dave Rodgman --- library/constant_time.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 6523ccf15..8cdb53a1c 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -135,13 +135,13 @@ void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) size_t hidden_offset = mbedtls_ct_compiler_opaque(offset); /* During this loop, j will take every value from [0..total) exactly once, - * regardless of the value of hidden_offset (it only changes the initial - * value for j). - * - * For this reason, when testing, it is safe to mark hidden_offset as non-secret. - * This prevents the const-flow checkers from generating a false-positive. - */ - TEST_CF_PUBLIC(&hidden_offset, sizeof(hidden_offset)); + * regardless of the value of hidden_offset (it only changes the initial + * value for j). + * + * For this reason, when testing, it is safe to mark hidden_offset as non-secret. + * This prevents the const-flow checkers from generating a false-positive. + */ + TEST_CF_PUBLIC(&hidden_offset, sizeof(hidden_offset)); /* Iterate over the array, reading each byte once and writing each byte once. */ for (size_t i = 0; i < total; i++) { From 1e829a403f7d08bb36162367369b97a1508c6764 Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar Date: Fri, 28 Jul 2023 16:41:21 +0100 Subject: [PATCH 200/339] Use compgen to gather components in all.sh Signed-off-by: Gowtham Suresh Kumar --- tests/scripts/all.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f1da9d2cd..ad31e5c6d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -191,9 +191,7 @@ pre_initialize_variables () { # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_". - # Parse the script with sed. This way we get the functions in the order - # they are defined. - ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") + ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//') # Exclude components that are not supported on this platform. SUPPORTED_COMPONENTS= From 6f1977bf208b3361e3651412ce889e1bcdd7e3fb Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar Date: Fri, 28 Jul 2023 17:04:47 +0100 Subject: [PATCH 201/339] Use variables for selecting compilers The latest and earliest clang/GCC compilers are now used through variables instead of symlinks and also the all.sh script is updated to support options for overriding the default values. Signed-off-by: Gowtham Suresh Kumar --- scripts/output_env.sh | 24 ++++++++++++++++++++---- tests/scripts/all.sh | 29 ++++++++++++++++++++--------- 2 files changed, 40 insertions(+), 13 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index ce2c50065..535613298 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -105,19 +105,35 @@ echo print_version "gcc" "--version" "" "head -n 1" echo -print_version "gcc-earliest" "--version" "" "head -n 1" +if [ -n "${GCC_EARLIEST+set}" ]; then + print_version "${GCC_EARLIEST}" "--version" "" "head -n 1" +else + echo " GCC_EARLIEST : Not configured." +fi echo -print_version "gcc-latest" "--version" "" "head -n 1" +if [ -n "${GCC_LATEST+set}" ]; then + print_version "${GCC_LATEST}" "--version" "" "head -n 1" +else + echo " GCC_LATEST : Not configured." +fi echo print_version "clang" "--version" "" "head -n 2" echo -print_version "clang-earliest" "--version" "" "head -n 2" +if [ -n "${CLANG_EARLIEST+set}" ]; then + print_version "${CLANG_EARLIEST}" "--version" "" "head -n 2" +else + echo " CLANG_EARLIEST : Not configured." +fi echo -print_version "clang-latest" "--version" "" "head -n 2" +if [ -n "${CLANG_LATEST+set}" ]; then + print_version "${CLANG_LATEST}" "--version" "" "head -n 2" +else + echo " CLANG_LATEST : Not configured." +fi echo print_version "ldd" "--version" "" "head -n 1" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ad31e5c6d..8caec486a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -176,7 +176,10 @@ pre_initialize_variables () { : ${ARMC6_BIN_DIR:=/usr/bin} : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-} - + : ${CLANG_LATEST:="clang-16"} + : ${CLANG_EARLIEST:="clang-3.5"} + : ${GCC_LATEST:="gcc-12"} + : ${GCC_EARLIEST:="gcc-4.7"} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -z "${MAKEFLAGS+set}" ]; then export MAKEFLAGS="-j$(all_sh_nproc)" @@ -273,6 +276,10 @@ General options: Tool path options: --armc5-bin-dir= ARM Compiler 5 bin directory. --armc6-bin-dir= ARM Compiler 6 bin directory. + --clang-earliest= Earliest version of clang available + --clang-latest= Latest version of clang available + --gcc-earliest= Earliest version of GCC available + --gcc-latest= Latest version of GCC available --gnutls-cli= GnuTLS client executable to use for most tests. --gnutls-serv= GnuTLS server executable to use for most tests. --gnutls-legacy-cli= GnuTLS client executable to use for legacy tests. @@ -439,9 +446,13 @@ pre_parse_command_line () { --armcc) no_armcc=;; --armc5-bin-dir) shift; ;; # assignment to ARMC5_BIN_DIR done in pre_parse_command_line_for_dirs --armc6-bin-dir) shift; ;; # assignment to ARMC6_BIN_DIR done in pre_parse_command_line_for_dirs + --clang-earliest) shift; CLANG_EARLIEST="$1";; + --clang-latest) shift; CLANG_LATEST="$1";; --error-test) error_test=$((error_test + 1));; --except) all_except=1;; --force|-f) FORCE=1;; + --gcc-earliest) shift; GCC_EARLIEST="$1";; + --gcc-latest) shift; GCC_LATEST="$1";; --gnutls-cli) shift; GNUTLS_CLI="$1";; --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; @@ -4015,34 +4026,34 @@ fi component_test_clang_latest_opt () { scripts/config.py full - test_build_opt 'full config' clang-latest -O0 -Os -O2 + test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2 } support_test_clang_latest_opt () { - type clang-latest >/dev/null 2>/dev/null + type "$CLANG_LATEST" >/dev/null 2>/dev/null } component_test_clang_earliest_opt () { scripts/config.py full - test_build_opt 'full config' clang-earliest -O0 + test_build_opt 'full config' "$CLANG_EARLIEST" -O0 } support_test_clang_earliest_opt () { - type clang-earliest >/dev/null 2>/dev/null + type "$CLANG_EARLIEST" >/dev/null 2>/dev/null } component_test_gcc_latest_opt () { scripts/config.py full - test_build_opt 'full config' gcc-latest -O0 -Os -O2 + test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2 } support_test_gcc_latest_opt () { - type gcc-latest >/dev/null 2>/dev/null + type "$GCC_LATEST" >/dev/null 2>/dev/null } component_test_gcc_earliest_opt () { scripts/config.py full - test_build_opt 'full config' gcc-earliest -O0 + test_build_opt 'full config' "$GCC_EARLIEST" -O0 } support_test_gcc_earliest_opt () { - type gcc-earliest >/dev/null 2>/dev/null + type "$GCC_EARLIEST" >/dev/null 2>/dev/null } component_build_mbedtls_config_file () { From 983448ea6236b35bb165c305ebfd84fceda4eacb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 28 Jul 2023 17:30:52 +0100 Subject: [PATCH 202/339] fix check for no-longer-used macro Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index f8f6bb194..c9e6a83ab 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -41,7 +41,7 @@ /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \ - __ARMCC_VERSION >= 6000000) && !defined(MBEDTLS_CT_NO_ASM) + __ARMCC_VERSION >= 6000000) #define MBEDTLS_CT_ASM #if (defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) #define MBEDTLS_CT_ARM_ASM From 2d28c46055b8006938df8f939d05e1f28e024064 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 28 Jul 2023 18:22:56 +0100 Subject: [PATCH 203/339] Fix asm Memsan workaround Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 7 ++++--- tests/include/test/constant_flow.h | 22 ++++++++++++++++++++++ 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index c9e6a83ab..191769b19 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -73,17 +73,18 @@ static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) #if defined(MBEDTLS_CT_ASM) /* Prevent false positives from Memsan - otherwise it will report the asm as * accessing secret data. */ - TEST_CF_PUBLIC(&x, sizeof(x)); + TEST_CF_SAVE_SECRET(x); asm volatile ("" : [x] "+r" (x) :); - /* Mark the return value as secret. This is needed so that code of the form: + /* Mark the return value as secret (if it was previously marked secret). + * This is needed so that code of the form: * * if (mbedtls_ct_compiler_opaque(secret)) { ... } * * will fail const-flow tests. */ - TEST_CF_SECRET(&x, sizeof(x)); + TEST_CF_RESTORE_SECRET(x); return x; #else return x ^ mbedtls_ct_zero; diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h index f3d676e28..572835713 100644 --- a/tests/include/test/constant_flow.h +++ b/tests/include/test/constant_flow.h @@ -32,14 +32,27 @@ * #define TEST_CF_SECRET(ptr, size) * #define TEST_CF_PUBLIC(ptr, size) * + * and + * + * #define TEST_CF_SAVE_SECRET(variable) + * #define TEST_CF_RESTORE_SECRET(variable) + * * that can be used in tests to mark a memory area as secret (no branch or * memory access should depend on it) or public (default, only needs to be * marked explicitly when it was derived from secret data). * + * The SAVE/RESTORE forms mark a variable as public, and subsequently restore its + * previous secret/not-secret state. This is used where library code is generating + * false positives and needs to temporarily disable Memsan checks for a particular + * variable, and then restore it's original state afterwards so it doesn't interfere + * with other checks. + * * Arguments: * - ptr: a pointer to the memory area to be marked * - size: the size in bytes of the memory area * + * - variable: a variable name + * * Implementation: * The basic idea is that of ctgrind : we can * re-use tools that were designed for checking use of uninitialized memory. @@ -63,6 +76,9 @@ #define TEST_CF_PUBLIC __msan_unpoison // void __msan_unpoison(const volatile void *a, size_t size); +#define TEST_CF_SAVE_SECRET(_x) int _test_cf_is_public_ ## _x = __msan_test_shadow(&(_x), sizeof(_x)) == -1; TEST_CF_PUBLIC(&(_x), sizeof(_x)); +#define TEST_CF_RESTORE_SECRET(_x) do { if (!_test_cf_is_public_ ## _x) TEST_CF_SECRET(&(_x), sizeof(_x)); } while(0) + #elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) #include @@ -71,12 +87,18 @@ #define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED // VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) +#define TEST_CF_SAVE_SECRET(_x) +#define TEST_CF_RESTORE_SECRET(_x) + #else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ #define TEST_CF_SECRET(ptr, size) #define TEST_CF_PUBLIC(ptr, size) +#define TEST_CF_SAVE_SECRET(_x) +#define TEST_CF_RESTORE_SECRET(_x) + #endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ From 2b174abd862160f8891eb416417c0baa7639fc67 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 28 Jul 2023 18:29:41 +0100 Subject: [PATCH 204/339] code style Signed-off-by: Dave Rodgman --- tests/include/test/constant_flow.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h index 572835713..ff464e617 100644 --- a/tests/include/test/constant_flow.h +++ b/tests/include/test/constant_flow.h @@ -76,8 +76,11 @@ #define TEST_CF_PUBLIC __msan_unpoison // void __msan_unpoison(const volatile void *a, size_t size); -#define TEST_CF_SAVE_SECRET(_x) int _test_cf_is_public_ ## _x = __msan_test_shadow(&(_x), sizeof(_x)) == -1; TEST_CF_PUBLIC(&(_x), sizeof(_x)); -#define TEST_CF_RESTORE_SECRET(_x) do { if (!_test_cf_is_public_ ## _x) TEST_CF_SECRET(&(_x), sizeof(_x)); } while(0) +#define TEST_CF_SAVE_SECRET(_x) \ + int _test_cf_is_public_ ## _x = __msan_test_shadow(&(_x), sizeof(_x)) == -1; \ + TEST_CF_PUBLIC(&(_x), sizeof(_x)); +#define TEST_CF_RESTORE_SECRET(_x) \ + if (!_test_cf_is_public_ ## _x) TEST_CF_SECRET(&(_x), sizeof(_x)); #elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) #include From 748a362fd09358105c945026993371d5c7827e31 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 15 Jun 2023 06:57:34 +0000 Subject: [PATCH 205/339] Revert ecp_curves.c to commit 449bd83 to save code size Signed-off-by: Xiaokang Qian --- library/ecp_curves.c | 1297 ++++++++++++------------------------------ 1 file changed, 362 insertions(+), 935 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 8ed1ce08b..2595119d5 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -21,17 +21,12 @@ #if !defined(MBEDTLS_ECP_WITH_MPI_UINT) -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_ECP_C) #include "mbedtls/ecp.h" -#include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#include "mbedtls/platform.h" - -#include "constant_time_internal.h" - #include "bn_mul.h" #include "bignum_core.h" #include "ecp_invasive.h" @@ -4509,9 +4504,7 @@ static const mbedtls_ecp_point brainpoolP512r1_T[32] = { #endif #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ - -#if defined(ECP_LOAD_GROUP) || defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ - defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +#if defined(ECP_LOAD_GROUP) /* * Create an MPI from embedded constants * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint) and @@ -4523,9 +4516,7 @@ static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_ X->n = (unsigned short) (len / sizeof(mbedtls_mpi_uint)); X->p = (mbedtls_mpi_uint *) p; } -#endif -#if defined(ECP_LOAD_GROUP) /* * Set an MPI to static value 1 */ @@ -4578,28 +4569,18 @@ static int ecp_group_load(mbedtls_ecp_group *grp, /* Forward declarations */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) static int ecp_mod_p192(mbedtls_mpi *); -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) static int ecp_mod_p224(mbedtls_mpi *); -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) static int ecp_mod_p256(mbedtls_mpi *); -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) static int ecp_mod_p384(mbedtls_mpi *); -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) static int ecp_mod_p521(mbedtls_mpi *); -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); #endif #define NIST_MODP(P) grp->modp = ecp_mod_ ## P; @@ -4610,28 +4591,18 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); /* Additional forward declarations */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) static int ecp_mod_p255(mbedtls_mpi *); -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) static int ecp_mod_p448(mbedtls_mpi *); -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *, size_t); #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) static int ecp_mod_p192k1(mbedtls_mpi *); -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) static int ecp_mod_p224k1(mbedtls_mpi *); -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) static int ecp_mod_p256k1(mbedtls_mpi *); -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(ECP_LOAD_GROUP) @@ -4659,21 +4630,9 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) /* Constants used by ecp_use_curve25519() */ static const mbedtls_mpi_sint curve25519_a24 = 0x01DB42; - -/* P = 2^255 - 19 */ -static const mbedtls_mpi_uint curve25519_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0X7F) -}; - -/* N = 2^252 + 27742317777372353535851937790883648493 */ -static const mbedtls_mpi_uint curve25519_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0XED, 0XD3, 0XF5, 0X5C, 0X1A, 0X63, 0X12, 0X58), - MBEDTLS_BYTES_TO_T_UINT_8(0XD6, 0X9C, 0XF7, 0XA2, 0XDE, 0XF9, 0XDE, 0X14), - MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0x00, 0x00, 0x00, 0x00), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10) +static const unsigned char curve25519_part_of_n[] = { + 0x14, 0xDE, 0xF9, 0xDE, 0xA2, 0xF7, 0x9C, 0xD6, + 0x58, 0x12, 0x63, 0x1A, 0x5C, 0xF5, 0xD3, 0xED, }; /* @@ -4686,11 +4645,16 @@ static int ecp_use_curve25519(mbedtls_ecp_group *grp) /* Actually ( A + 2 ) / 4 */ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve25519_a24)); - ecp_mpi_load(&grp->P, curve25519_p, sizeof(curve25519_p)); - + /* P = 2^255 - 19 */ + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 255)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 19)); grp->pbits = mbedtls_mpi_bitlen(&grp->P); - ecp_mpi_load(&grp->N, curve25519_n, sizeof(curve25519_n)); + /* N = 2^252 + 27742317777372353535851937790883648493 */ + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&grp->N, + curve25519_part_of_n, sizeof(curve25519_part_of_n))); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 252, 1)); /* Y intentionally not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ @@ -4713,29 +4677,11 @@ cleanup: #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) /* Constants used by ecp_use_curve448() */ static const mbedtls_mpi_sint curve448_a24 = 0x98AA; - -/* P = 2^448 - 2^224 - 1 */ -static const mbedtls_mpi_uint curve448_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFE, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00) -}; - -/* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */ -static const mbedtls_mpi_uint curve448_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0XF3, 0X44, 0X58, 0XAB, 0X92, 0XC2, 0X78, 0X23), - MBEDTLS_BYTES_TO_T_UINT_8(0X55, 0X8F, 0XC5, 0X8D, 0X72, 0XC2, 0X6C, 0X21), - MBEDTLS_BYTES_TO_T_UINT_8(0X90, 0X36, 0XD6, 0XAE, 0X49, 0XDB, 0X4E, 0XC4), - MBEDTLS_BYTES_TO_T_UINT_8(0XE9, 0X23, 0XCA, 0X7C, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF), - MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0X3F), - MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00) +static const unsigned char curve448_part_of_n[] = { + 0x83, 0x35, 0xDC, 0x16, 0x3B, 0xB1, 0x24, + 0xB6, 0x51, 0x29, 0xC9, 0x6F, 0xDE, 0x93, + 0x3D, 0x8D, 0x72, 0x3A, 0x70, 0xAA, 0xDC, + 0x87, 0x3D, 0x6D, 0x54, 0xA7, 0xBB, 0x0D, }; /* @@ -4743,12 +4689,20 @@ static const mbedtls_mpi_uint curve448_n[] = { */ static int ecp_use_curve448(mbedtls_ecp_group *grp) { + mbedtls_mpi Ns; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi_init(&Ns); + /* Actually ( A + 2 ) / 4 */ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve448_a24)); - ecp_mpi_load(&grp->P, curve448_p, sizeof(curve448_p)); + /* P = 2^448 - 2^224 - 1 */ + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1)); grp->pbits = mbedtls_mpi_bitlen(&grp->P); /* Y intentionally not set, since we use x/z coordinates. @@ -4757,12 +4711,17 @@ static int ecp_use_curve448(mbedtls_ecp_group *grp) MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1)); mbedtls_mpi_free(&grp->G.Y); - ecp_mpi_load(&grp->N, curve448_n, sizeof(curve448_n)); + /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */ + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 446, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&Ns, + curve448_part_of_n, sizeof(curve448_part_of_n))); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&grp->N, &grp->N, &Ns)); /* Actually, the required msb for private keys */ grp->nbits = 447; cleanup: + mbedtls_mpi_free(&Ns); if (ret != 0) { mbedtls_ecp_group_free(grp); } @@ -4912,12 +4871,10 @@ static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry) } #define WIDTH 8 / sizeof(mbedtls_mpi_uint) -#define A(i) Np + (i) * WIDTH -#define ADD(i) add64(p, A(i), &c) +#define A(i) N->p + (i) * WIDTH +#define ADD(i) add64(p, A(i), &c) #define NEXT p += WIDTH; carry64(p, &c) -#define LAST p += WIDTH; do *p = 0; while (++p < end) -#define RESET last_carry[0] = c; c = 0; p = Np -#define ADD_LAST add64(p, last_carry, &c) +#define LAST p += WIDTH; *p = c; while (++p < end) *p = 0 /* * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1) @@ -4925,67 +4882,33 @@ static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry) static int ecp_mod_p192(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = BITS_TO_LIMBS(192) * 2; - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p192_raw(N->p, expected_width); + mbedtls_mpi_uint c = 0; + mbedtls_mpi_uint *p, *end; + + /* Make sure we have enough blocks so that A(5) is legal */ + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, 6 * WIDTH)); + + p = N->p; + end = p + N->n; + + ADD(3); ADD(5); NEXT; // A0 += A3 + A5 + ADD(3); ADD(4); ADD(5); NEXT; // A1 += A3 + A4 + A5 + ADD(4); ADD(5); LAST; // A2 += A4 + A5 cleanup: return ret; } -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn) -{ - mbedtls_mpi_uint c = 0, last_carry[WIDTH] = { 0 }; - mbedtls_mpi_uint *p, *end; - - if (Nn != BITS_TO_LIMBS(192) * 2) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - p = Np; - end = p + Nn; - - ADD(3); ADD(5); NEXT; // A0 += A3 + A5 - ADD(3); ADD(4); ADD(5); NEXT; // A1 += A3 + A4 + A5 - ADD(4); ADD(5); // A2 += A4 + A5 - - RESET; - - /* Use the reduction for the carry as well: - * 2^192 * last_carry = 2^64 * last_carry + last_carry mod P192 - * It can generate a carry. */ - ADD_LAST; NEXT; // A0 += last_carry - ADD_LAST; NEXT; // A1 += last_carry - // A2 += carry - - RESET; - - /* Use the reduction for the carry as well: - * 2^192 * last_carry = 2^64 * last_carry + last_carry mod P192 - */ - ADD_LAST; NEXT; // A0 += last_carry - ADD_LAST; NEXT; // A1 += last_carry - // A2 += carry - - LAST; - - return 0; -} - #undef WIDTH #undef A #undef ADD #undef NEXT #undef LAST -#undef RESET -#undef ADD_LAST #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - /* * The reader is advised to first understand ecp_mod_p192() since the same * general structure is used here, but with additional complications: @@ -5006,209 +4929,162 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn) #if defined(MBEDTLS_HAVE_INT32) /* 32 bit */ -#define MAX32 X_limbs -#define A(j) X[j] -#define STORE32 X[i] = (mbedtls_mpi_uint) cur; -#define STORE0 X[i] = 0; +#define MAX32 N->n +#define A(j) N->p[j] +#define STORE32 N->p[i] = cur; -#else /* 64 bit */ +#else /* 64-bit */ -#define MAX32 X_limbs * 2 -#define A(j) \ - (j) % 2 ? \ - (uint32_t) (X[(j) / 2] >> 32) : \ - (uint32_t) (X[(j) / 2]) -#define STORE32 \ - if (i % 2) { \ - X[i/2] &= 0x00000000FFFFFFFF; \ - X[i/2] |= (uint64_t) (cur) << 32; \ - } else { \ - X[i/2] &= 0xFFFFFFFF00000000; \ - X[i/2] |= (uint32_t) cur; \ +#define MAX32 N->n * 2 +#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ + (uint32_t) (N->p[(j)/2]) +#define STORE32 \ + if (i % 2) { \ + N->p[i/2] &= 0x00000000FFFFFFFF; \ + N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ + } else { \ + N->p[i/2] &= 0xFFFFFFFF00000000; \ + N->p[i/2] |= (mbedtls_mpi_uint) cur; \ } -#define STORE0 \ - if (i % 2) { \ - X[i/2] &= 0x00000000FFFFFFFF; \ - } else { \ - X[i/2] &= 0xFFFFFFFF00000000; \ - } +#endif /* sizeof( mbedtls_mpi_uint ) */ -#endif - -static inline int8_t extract_carry(int64_t cur) +/* + * Helpers for addition and subtraction of chunks, with signed carry. + */ +static inline void add32(uint32_t *dst, uint32_t src, signed char *carry) { - return (int8_t) (cur >> 32); + *dst += src; + *carry += (*dst < src); } -#define ADD(j) cur += A(j) -#define SUB(j) cur -= A(j) +static inline void sub32(uint32_t *dst, uint32_t src, signed char *carry) +{ + *carry -= (*dst < src); + *dst -= src; +} -#define ADD_CARRY(cc) cur += (cc) -#define SUB_CARRY(cc) cur -= (cc) - -#define ADD_LAST ADD_CARRY(last_c) -#define SUB_LAST SUB_CARRY(last_c) +#define ADD(j) add32(&cur, A(j), &c); +#define SUB(j) sub32(&cur, A(j), &c); /* * Helpers for the main 'loop' */ -#define INIT(b) \ - int8_t c = 0, last_c; \ - int64_t cur; \ - size_t i = 0; \ +#define INIT(b) \ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \ + signed char c = 0, cc; \ + uint32_t cur; \ + size_t i = 0, bits = (b); \ + /* N is the size of the product of two b-bit numbers, plus one */ \ + /* limb for fix_negative */ \ + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b) * 2 / biL + 1)); \ LOAD32; -#define NEXT \ - c = extract_carry(cur); \ - STORE32; i++; LOAD32; \ - ADD_CARRY(c); +#define NEXT \ + STORE32; i++; LOAD32; \ + cc = c; c = 0; \ + if (cc < 0) \ + sub32(&cur, -cc, &c); \ + else \ + add32(&cur, cc, &c); \ -#define RESET \ - c = extract_carry(cur); \ - last_c = c; \ - STORE32; i = 0; LOAD32; \ - c = 0; \ +#define LAST \ + STORE32; i++; \ + cur = c > 0 ? c : 0; STORE32; \ + cur = 0; while (++i < MAX32) { STORE32; } \ + if (c < 0) mbedtls_ecp_fix_negative(N, c, bits); -#define LAST \ - c = extract_carry(cur); \ - STORE32; i++; \ - if (c != 0) \ - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; \ - while (i < MAX32) { STORE0; i++; } +/* + * If the result is negative, we get it in the form + * c * 2^bits + N, with c negative and N positive shorter than 'bits' + */ +MBEDTLS_STATIC_TESTABLE +void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits) +{ + size_t i; + + /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so + * set the absolute value to 0xfff...fff - N. There is no carry + * since we're subtracting from all-bits-one. */ + for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) { + N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i]; + } + /* Add 1, taking care of the carry. */ + i = 0; + do { + ++N->p[i]; + } while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint)); + /* Invert the sign. + * Now N = N0 - 2^bits where N0 is the initial value of N. */ + N->s = -1; + + /* Add |c| * 2^bits to the absolute value. Since c and N are + * negative, this adds c * 2^bits. */ + mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c; +#if defined(MBEDTLS_HAVE_INT64) + if (bits == 224) { + msw <<= 32; + } +#endif + N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw; +} #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) - /* * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) */ static int ecp_mod_p224(mbedtls_mpi *N) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = BITS_TO_LIMBS(224) * 2; - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p224_raw(N->p, expected_width); + INIT(224); + + SUB(7); SUB(11); NEXT; // A0 += -A7 - A11 + SUB(8); SUB(12); NEXT; // A1 += -A8 - A12 + SUB(9); SUB(13); NEXT; // A2 += -A9 - A13 + SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 + SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 + SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 + SUB(13); ADD(10); LAST; // A6 += -A13 + A10 + cleanup: return ret; } - -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs) -{ - if (X_limbs != BITS_TO_LIMBS(224) * 2) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - INIT(224); - - SUB(7); SUB(11); NEXT; // A0 += -A7 - A11 - SUB(8); SUB(12); NEXT; // A1 += -A8 - A12 - SUB(9); SUB(13); NEXT; // A2 += -A9 - A13 - SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 - SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 - SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 - SUB(13); ADD(10); // A6 += -A13 + A10 - - RESET; - - /* Use 2^224 = P + 2^96 - 1 to modulo reduce the final carry */ - SUB_LAST; NEXT; // A0 -= last_c - ; NEXT; // A1 - ; NEXT; // A2 - ADD_LAST; NEXT; // A3 += last_c - ; NEXT; // A4 - ; NEXT; // A5 - // A6 - - /* The carry reduction cannot generate a carry - * (see commit 73e8553 for details)*/ - - LAST; - - return 0; -} - #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - /* * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3) */ static int ecp_mod_p256(mbedtls_mpi *N) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = BITS_TO_LIMBS(256) * 2; - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p256_raw(N->p, expected_width); + INIT(256); + + ADD(8); ADD(9); + SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 + + ADD(9); ADD(10); + SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 + + ADD(10); ADD(11); + SUB(13); SUB(14); SUB(15); NEXT; // A2 + + ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); + SUB(15); SUB(8); SUB(9); NEXT; // A3 + + ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); + SUB(9); SUB(10); NEXT; // A4 + + ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); + SUB(10); SUB(11); NEXT; // A5 + + ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); + SUB(8); SUB(9); NEXT; // A6 + + ADD(15); ADD(15); ADD(15); ADD(8); + SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 + cleanup: return ret; } - -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs) -{ - if (X_limbs != BITS_TO_LIMBS(256) * 2) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - INIT(256); - - ADD(8); ADD(9); - SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 - - ADD(9); ADD(10); - SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 - - ADD(10); ADD(11); - SUB(13); SUB(14); SUB(15); NEXT; // A2 - - ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); - SUB(15); SUB(8); SUB(9); NEXT; // A3 - - ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); - SUB(9); SUB(10); NEXT; // A4 - - ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); - SUB(10); SUB(11); NEXT; // A5 - - ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); - SUB(8); SUB(9); NEXT; // A6 - - ADD(15); ADD(15); ADD(15); ADD(8); - SUB(10); SUB(11); SUB(12); SUB(13); // A7 - - RESET; - - /* Use 2^224 * (2^32 - 1) + 2^192 + 2^96 - 1 - * to modulo reduce the final carry. */ - ADD_LAST; NEXT; // A0 - ; NEXT; // A1 - ; NEXT; // A2 - SUB_LAST; NEXT; // A3 - ; NEXT; // A4 - ; NEXT; // A5 - SUB_LAST; NEXT; // A6 - ADD_LAST; // A7 - - RESET; - - /* Use 2^224 * (2^32 - 1) + 2^192 + 2^96 - 1 - * to modulo reduce the carry generated by the previous reduction. */ - ADD_LAST; NEXT; // A0 - ; NEXT; // A1 - ; NEXT; // A2 - SUB_LAST; NEXT; // A3 - ; NEXT; // A4 - ; NEXT; // A5 - SUB_LAST; NEXT; // A6 - ADD_LAST; // A7 - - LAST; - - return 0; -} - #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) @@ -5217,110 +5093,55 @@ int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs) */ static int ecp_mod_p384(mbedtls_mpi *N) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = BITS_TO_LIMBS(384) * 2; - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p384_raw(N->p, expected_width); -cleanup: - return ret; -} - -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs) -{ - if (X_limbs != BITS_TO_LIMBS(384) * 2) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - INIT(384); ADD(12); ADD(21); ADD(20); - SUB(23); NEXT; // A0 + SUB(23); NEXT; // A0 ADD(13); ADD(22); ADD(23); - SUB(12); SUB(20); NEXT; // A1 + SUB(12); SUB(20); NEXT; // A2 ADD(14); ADD(23); - SUB(13); SUB(21); NEXT; // A2 + SUB(13); SUB(21); NEXT; // A2 ADD(15); ADD(12); ADD(20); ADD(21); - SUB(14); SUB(22); SUB(23); NEXT; // A3 + SUB(14); SUB(22); SUB(23); NEXT; // A3 ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); - SUB(15); SUB(23); SUB(23); NEXT; // A4 + SUB(15); SUB(23); SUB(23); NEXT; // A4 ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); - SUB(16); NEXT; // A5 + SUB(16); NEXT; // A5 ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); - SUB(17); NEXT; // A6 + SUB(17); NEXT; // A6 ADD(19); ADD(16); ADD(15); ADD(23); - SUB(18); NEXT; // A7 + SUB(18); NEXT; // A7 ADD(20); ADD(17); ADD(16); - SUB(19); NEXT; // A8 + SUB(19); NEXT; // A8 ADD(21); ADD(18); ADD(17); - SUB(20); NEXT; // A9 + SUB(20); NEXT; // A9 ADD(22); ADD(19); ADD(18); - SUB(21); NEXT; // A10 + SUB(21); NEXT; // A10 ADD(23); ADD(20); ADD(19); - SUB(22); // A11 + SUB(22); LAST; // A11 - RESET; - - /* Use 2^384 = P + 2^128 + 2^96 - 2^32 + 1 to modulo reduce the final carry */ - ADD_LAST; NEXT; // A0 - SUB_LAST; NEXT; // A1 - ; NEXT; // A2 - ADD_LAST; NEXT; // A3 - ADD_LAST; NEXT; // A4 - ; NEXT; // A5 - ; NEXT; // A6 - ; NEXT; // A7 - ; NEXT; // A8 - ; NEXT; // A9 - ; NEXT; // A10 - // A11 - - RESET; - - ADD_LAST; NEXT; // A0 - SUB_LAST; NEXT; // A1 - ; NEXT; // A2 - ADD_LAST; NEXT; // A3 - ADD_LAST; NEXT; // A4 - ; NEXT; // A5 - ; NEXT; // A6 - ; NEXT; // A7 - ; NEXT; // A8 - ; NEXT; // A9 - ; NEXT; // A10 - // A11 - - LAST; - - return 0; +cleanup: + return ret; } #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#undef LOAD32 -#undef MAX32 #undef A +#undef LOAD32 #undef STORE32 -#undef STORE0 -#undef ADD -#undef SUB -#undef ADD_CARRY -#undef SUB_CARRY -#undef ADD_LAST -#undef SUB_LAST +#undef MAX32 #undef INIT #undef NEXT -#undef RESET #undef LAST #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED || @@ -5328,6 +5149,11 @@ int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs) MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +/* + * Here we have an actual Mersenne prime, so things are more straightforward. + * However, chunks are aligned on a 'weird' boundary (521 bits). + */ + /* Size of p521 in terms of mbedtls_mpi_uint */ #define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) @@ -5335,81 +5161,48 @@ int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs) #define P521_MASK 0x01FF /* - * Fast quasi-reduction modulo p521 = 2^521 - 1 (FIPS 186-3 D.2.5) + * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5) + * Write N as A1 + 2^521 A0, return A0 + A1 */ static int ecp_mod_p521(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = BITS_TO_LIMBS(521) * 2; - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p521_raw(N->p, expected_width); + size_t i; + mbedtls_mpi M; + mbedtls_mpi_uint Mp[P521_WIDTH + 1]; + /* Worst case for the size of M is when mbedtls_mpi_uint is 16 bits: + * we need to hold bits 513 to 1056, which is 34 limbs, that is + * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */ + + if (N->n < P521_WIDTH) { + return 0; + } + + /* M = A1 */ + M.s = 1; + M.n = N->n - (P521_WIDTH - 1); + if (M.n > P521_WIDTH + 1) { + M.n = P521_WIDTH + 1; + } + M.p = Mp; + memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint)))); + + /* N = A0 */ + N->p[P521_WIDTH - 1] &= P521_MASK; + for (i = P521_WIDTH; i < N->n; i++) { + N->p[i] = 0; + } + + /* N = A0 + A1 */ + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); + cleanup: return ret; } -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) -{ - mbedtls_mpi_uint carry = 0; - - if (X_limbs != BITS_TO_LIMBS(521) * 2) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - /* Step 1: Reduction to P521_WIDTH limbs */ - /* Helper references for bottom part of X */ - mbedtls_mpi_uint *X0 = X; - size_t X0_limbs = P521_WIDTH; - /* Helper references for top part of X */ - mbedtls_mpi_uint *X1 = X + X0_limbs; - size_t X1_limbs = X_limbs - X0_limbs; - /* Split X as X0 + 2^P521_WIDTH X1 and compute X0 + 2^(biL - 9) X1. - * (We are using that 2^P521_WIDTH = 2^(512 + biL) and that - * 2^(512 + biL) X1 = 2^(biL - 9) X1 mod P521.) - * The high order limb of the result will be held in carry and the rest - * in X0 (that is the result will be represented as - * 2^P521_WIDTH carry + X0). - * - * Also, note that the resulting carry is either 0 or 1: - * X0 < 2^P521_WIDTH = 2^(512 + biL) and X1 < 2^(P521_WIDTH-biL) = 2^512 - * therefore - * X0 + 2^(biL - 9) X1 < 2^(512 + biL) + 2^(512 + biL - 9) - * which in turn is less than 2 * 2^(512 + biL). - */ - mbedtls_mpi_uint shift = ((mbedtls_mpi_uint) 1u) << (biL - 9); - carry = mbedtls_mpi_core_mla(X0, X0_limbs, X1, X1_limbs, shift); - /* Set X to X0 (by clearing the top part). */ - memset(X1, 0, X1_limbs * sizeof(mbedtls_mpi_uint)); - - /* Step 2: Reduction modulo P521 - * - * At this point X is reduced to P521_WIDTH limbs. What remains is to add - * the carry (that is 2^P521_WIDTH carry) and to reduce mod P521. */ - - /* 2^P521_WIDTH carry = 2^(512 + biL) carry = 2^(biL - 9) carry mod P521. - * Also, recall that carry is either 0 or 1. */ - mbedtls_mpi_uint addend = carry << (biL - 9); - /* Keep the top 9 bits and reduce the rest, using 2^521 = 1 mod P521. */ - addend += (X[P521_WIDTH - 1] >> 9); - X[P521_WIDTH - 1] &= P521_MASK; - - /* Reuse the top part of X (already zeroed) as a helper array for - * carrying out the addition. */ - mbedtls_mpi_uint *addend_arr = X + P521_WIDTH; - addend_arr[0] = addend; - (void) mbedtls_mpi_core_add(X, X, addend_arr, P521_WIDTH); - /* Both addends were less than P521 therefore X < 2 * P521. (This also means - * that the result fit in P521_WIDTH limbs and there won't be any carry.) */ - - /* Clear the reused part of X. */ - addend_arr[0] = 0; - - return 0; -} - #undef P521_WIDTH #undef P521_MASK - #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #endif /* MBEDTLS_ECP_NIST_OPTIM */ @@ -5425,57 +5218,27 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) */ static int ecp_mod_p255(mbedtls_mpi *N) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = BITS_TO_LIMBS(255) * 2; - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); -cleanup: - return ret; -} + mbedtls_mpi_uint Mp[P255_WIDTH]; -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) -{ - - if (X_Limbs != BITS_TO_LIMBS(255) * 2) { + /* Helper references for top part of N */ + mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH; + const size_t NT_n = N->n - P255_WIDTH; + if (N->n <= P255_WIDTH) { + return 0; + } + if (NT_n > P255_WIDTH) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - mbedtls_mpi_uint *carry = mbedtls_calloc(P255_WIDTH, ciL); - if (carry == NULL) { - return MBEDTLS_ERR_ECP_ALLOC_FAILED; - } + /* Split N as N + 2^256 M */ + memcpy(Mp, NT_p, sizeof(mbedtls_mpi_uint) * NT_n); + memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); - /* Step 1: Reduction to P255_WIDTH limbs */ - if (X_Limbs > P255_WIDTH) { - /* Helper references for top part of X */ - mbedtls_mpi_uint * const A1 = X + P255_WIDTH; - const size_t A1_limbs = X_Limbs - P255_WIDTH; + /* N = A0 + 38 * A1 */ + mbedtls_mpi_core_mla(N->p, P255_WIDTH + 1, + Mp, NT_n, + 38); - /* X = A0 + 38 * A1, capture carry out */ - *carry = mbedtls_mpi_core_mla(X, P255_WIDTH, A1, A1_limbs, 38); - /* Clear top part */ - memset(A1, 0, sizeof(mbedtls_mpi_uint) * A1_limbs); - } - - /* Step 2: Reduce to <2p - * Split as A0 + 2^255*c, with c a scalar, and compute A0 + 19*c */ - *carry <<= 1; - *carry += (X[P255_WIDTH - 1] >> (biL - 1)); - *carry *= 19; - - /* Clear top bit */ - X[P255_WIDTH - 1] <<= 1; X[P255_WIDTH - 1] >>= 1; - /* Since the top bit for X has been cleared 0 + 0 + Carry - * will not overflow. - * - * Furthermore for 2p = 2^256-38. When a carry propagation on the highest - * limb occurs, X > 2^255 and all the remaining bits on the limb are zero. - * - If X < 2^255 ==> X < 2p - * - If X > 2^255 ==> X < 2^256 - 2^255 < 2p */ - (void) mbedtls_mpi_core_add(X, X, carry, P255_WIDTH); - - mbedtls_free(carry); return 0; } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ @@ -5492,144 +5255,67 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) #define P224_WIDTH_MAX DIV_ROUND_UP(P224_SIZE, sizeof(mbedtls_mpi_uint)) #define P224_UNUSED_BITS ((P224_WIDTH_MAX * sizeof(mbedtls_mpi_uint) * 8) - 224) +/* + * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1 + * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return + * A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference + * implementation of Curve448, which uses its own special 56-bit limbs rather + * than a generic bignum library. We could squeeze some extra speed out on + * 32-bit machines by splitting N up into 32-bit limbs and doing the + * arithmetic using the limbs directly as we do for the NIST primes above, + * but for 64-bit targets it should use half the number of operations if we do + * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds. + */ static int ecp_mod_p448(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = BITS_TO_LIMBS(448) * 2; + size_t i; + mbedtls_mpi M, Q; + mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH]; - /* This is required as some tests and use cases do not pass in a Bignum of - * the correct size, and expect the growth to be done automatically, which - * will no longer happen. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - - ret = mbedtls_ecp_mod_p448_raw(N->p, N->n); - -cleanup: - return ret; -} - -/* - * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1 - * Write X as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return A0 + A1 + B1 + - * (B0 + B1) * 2^224. This is different to the reference implementation of - * Curve448, which uses its own special 56-bit limbs rather than a generic - * bignum library. We could squeeze some extra speed out on 32-bit machines by - * splitting N up into 32-bit limbs and doing the arithmetic using the limbs - * directly as we do for the NIST primes above, but for 64-bit targets it should - * use half the number of operations if we do the reduction with 224-bit limbs, - * since mpi_core_add will then use 64-bit adds. - */ -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs) -{ - size_t round; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (X_limbs != BITS_TO_LIMBS(448) * 2) { + if (N->n <= P448_WIDTH) { return 0; } - size_t M_limbs = X_limbs - (P448_WIDTH); - - if (M_limbs > P448_WIDTH) { - /* Shouldn't be called with X larger than 2^896! */ + /* M = A1 */ + M.s = 1; + M.n = N->n - (P448_WIDTH); + if (M.n > P448_WIDTH) { + /* Shouldn't be called with N larger than 2^896! */ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } + M.p = Mp; + memset(Mp, 0, sizeof(Mp)); + memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint)); - /* Both M and Q require an extra limb to catch carries. */ - M_limbs++; - - const size_t Q_limbs = M_limbs; - mbedtls_mpi_uint *M = NULL; - mbedtls_mpi_uint *Q = NULL; - - M = mbedtls_calloc(M_limbs, ciL); - - if (M == NULL) { - return MBEDTLS_ERR_ECP_ALLOC_FAILED; + /* N = A0 */ + for (i = P448_WIDTH; i < N->n; i++) { + N->p[i] = 0; } - Q = mbedtls_calloc(Q_limbs, ciL); + /* N += A1 */ + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M)); - if (Q == NULL) { - ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; - goto cleanup; + /* Q = B1, N += B1 */ + Q = M; + Q.p = Qp; + memcpy(Qp, Mp, sizeof(Qp)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Q, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q)); + + /* M = (B0 + B1) * 2^224, N += M */ + if (sizeof(mbedtls_mpi_uint) > 4) { + Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); } - - /* M = A1 */ - memset(M, 0, (M_limbs * ciL)); - /* Do not copy into the overflow limb, as this would read past the end of - * X. */ - memcpy(M, X + P448_WIDTH, ((M_limbs - 1) * ciL)); - - /* X = A0 */ - memset(X + P448_WIDTH, 0, ((M_limbs - 1) * ciL)); - - /* X = X + M = A0 + A1 */ - /* Carry here fits in oversize X. Oversize M means it will get - * added in, not returned as carry. */ - (void) mbedtls_mpi_core_add(X, X, M, M_limbs); - - /* Q = B1 = M >> 224 */ - memcpy(Q, (char *) M + P224_SIZE, P224_SIZE); - memset((char *) Q + P224_SIZE, 0, P224_SIZE); - - /* X = X + Q = (A0 + A1) + B1 - * Oversize Q catches potential carry here when X is already max 448 bits. - */ - (void) mbedtls_mpi_core_add(X, X, Q, Q_limbs); - - /* M = B0 */ -#ifdef MBEDTLS_HAVE_INT64 - M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); - #endif - memset(M + P224_WIDTH_MAX, 0, ((M_limbs - P224_WIDTH_MAX) * ciL)); - - /* M = M + Q = B0 + B1 */ - (void) mbedtls_mpi_core_add(M, M, Q, Q_limbs); - - /* M = (B0 + B1) * 2^224 */ - /* Shifted carry bit from the addition fits in oversize M. */ - memmove((char *) M + P224_SIZE, M, P224_SIZE + ciL); - memset(M, 0, P224_SIZE); - - /* X = X + M = (A0 + A1 + B1) + (B0 + B1) * 2^224 */ - (void) mbedtls_mpi_core_add(X, X, M, M_limbs); - - /* In the second and third rounds A1 and B0 have at most 1 non-zero limb and - * B1=0. - * Using this we need to calculate: - * A0 + A1 + B1 + (B0 + B1) * 2^224 = A0 + A1 + B0 * 2^224. */ - for (round = 0; round < 2; ++round) { - - /* M = A1 */ - memset(M, 0, (M_limbs * ciL)); - memcpy(M, X + P448_WIDTH, ((M_limbs - 1) * ciL)); - - /* X = A0 */ - memset(X + P448_WIDTH, 0, ((M_limbs - 1) * ciL)); - - /* M = A1 + B0 * 2^224 - * We know that only one limb of A1 will be non-zero and that it will be - * limb 0. We also know that B0 is the bottom 224 bits of A1 (which is - * then shifted up 224 bits), so, given M is currently A1 this turns - * into: - * M = M + (M << 224) - * As the single non-zero limb in B0 will be A1 limb 0 shifted up by 224 - * bits, we can just move that into the right place, shifted up - * accordingly.*/ - M[P224_WIDTH_MIN] = M[0] << (224 & (biL - 1)); - - /* X = A0 + (A1 + B0 * 2^224) */ - (void) mbedtls_mpi_core_add(X, X, M, M_limbs); + for (i = P224_WIDTH_MAX; i < M.n; ++i) { + Mp[i] = 0; } - - ret = 0; + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q)); + M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */ + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M)); cleanup: - mbedtls_free(M); - mbedtls_free(Q); - return ret; } #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ @@ -5637,408 +5323,149 @@ cleanup: #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - /* * Fast quasi-reduction modulo P = 2^s - R, * with R about 33 bits, used by the Koblitz curves. * - * Write X as A0 + 2^224 A1, return A0 + R * A1. + * Write N as A0 + 2^224 A1, return A0 + R * A1. + * Actually do two passes, since R is big. */ +#define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P #define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R - -static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X, - size_t X_limbs, - mbedtls_mpi_uint *R, - size_t bits) +static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, + size_t adjust, size_t shift, mbedtls_mpi_uint mask) { - int ret = 0; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t i; + mbedtls_mpi M, R; + mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; - /* Determine if A1 is aligned to limb bitsize. If not then the used limbs - * of P, A0 and A1 must be set accordingly and there is a middle limb - * which is shared by A0 and A1 and need to handle accordingly. - */ - size_t shift = bits % biL; - size_t adjust = (shift + biL - 1) / biL; - size_t P_limbs = bits / biL + adjust; - mbedtls_mpi_uint mask = 0; - - mbedtls_mpi_uint *A1 = mbedtls_calloc(P_limbs, ciL); - if (A1 == NULL) { - return MBEDTLS_ERR_ECP_ALLOC_FAILED; + if (N->n < p_limbs) { + return 0; } - /* Create a buffer to store the value of `R * A1` */ - size_t R_limbs = P_KOBLITZ_R; - size_t M_limbs = P_limbs + R_limbs; - mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL); - if (M == NULL) { - ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; - goto cleanup; + /* Init R */ + R.s = 1; + R.p = Rp; + R.n = P_KOBLITZ_R; + + /* Common setup for M */ + M.s = 1; + M.p = Mp; + + /* M = A1 */ + M.n = N->n - (p_limbs - adjust); + if (M.n > p_limbs + adjust) { + M.n = p_limbs + adjust; + } + memset(Mp, 0, sizeof Mp); + memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); + if (shift != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); + } + M.n += R.n; /* Make room for multiplication by R */ + + /* N = A0 */ + if (mask != 0) { + N->p[p_limbs - 1] &= mask; + } + for (i = p_limbs; i < N->n; i++) { + N->p[i] = 0; } - if (adjust != 0) { - mask = ((mbedtls_mpi_uint) 1 << shift) - 1; + /* N = A0 + R * A1 */ + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); + + /* Second pass */ + + /* M = A1 */ + M.n = N->n - (p_limbs - adjust); + if (M.n > p_limbs + adjust) { + M.n = p_limbs + adjust; + } + memset(Mp, 0, sizeof Mp); + memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); + if (shift != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); + } + M.n += R.n; /* Make room for multiplication by R */ + + /* N = A0 */ + if (mask != 0) { + N->p[p_limbs - 1] &= mask; + } + for (i = p_limbs; i < N->n; i++) { + N->p[i] = 0; } - /* Two passes are needed to reduce the value of `A0 + R * A1` and then - * we need an additional one to reduce the possible overflow during - * the addition. - */ - for (size_t pass = 0; pass < 3; pass++) { - /* Copy A1 */ - memcpy(A1, X + P_limbs - adjust, P_limbs * ciL); - - /* Shift A1 to be aligned */ - if (shift != 0) { - mbedtls_mpi_core_shift_r(A1, P_limbs, shift); - } - - /* Zeroize the A1 part of the shared limb */ - if (mask != 0) { - X[P_limbs - 1] &= mask; - } - - /* X = A0 - * Zeroize the A1 part of X to keep only the A0 part. - */ - for (size_t i = P_limbs; i < X_limbs; i++) { - X[i] = 0; - } - - /* X = A0 + R * A1 */ - mbedtls_mpi_core_mul(M, A1, P_limbs, R, R_limbs); - (void) mbedtls_mpi_core_add(X, X, M, P_limbs + R_limbs); - - /* Carry can not be generated since R is a 33-bit value and stored in - * 64 bits. The result value of the multiplication is at most - * P length + 33 bits in length and the result value of the addition - * is at most P length + 34 bits in length. So the result of the - * addition always fits in P length + 64 bits. - */ - } + /* N = A0 + R * A1 */ + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); cleanup: - mbedtls_free(M); - mbedtls_free(A1); - return ret; } - #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) || MBEDTLS_ECP_DP_SECP224K1_ENABLED) || MBEDTLS_ECP_DP_SECP256K1_ENABLED) */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) - /* * Fast quasi-reduction modulo p192k1 = 2^192 - R, - * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x01000011C9 + * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119 */ static int ecp_mod_p192k1(mbedtls_mpi *N) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = BITS_TO_LIMBS(192) * 2; - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p192k1_raw(N->p, expected_width); - -cleanup: - return ret; -} - -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) { static mbedtls_mpi_uint Rp[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, - 0x01, 0x00, 0x00, 0x00) + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00) }; - if (X_limbs != BITS_TO_LIMBS(192) * 2) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - return ecp_mod_koblitz(X, X_limbs, Rp, 192); + return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, + 0); } - #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) - /* * Fast quasi-reduction modulo p224k1 = 2^224 - R, * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 */ static int ecp_mod_p224k1(mbedtls_mpi *N) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = BITS_TO_LIMBS(224) * 2; - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p224k1_raw(N->p, expected_width); - -cleanup: - return ret; -} - -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) { static mbedtls_mpi_uint Rp[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, - 0x01, 0x00, 0x00, 0x00) + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00) }; - if (X_limbs != BITS_TO_LIMBS(224) * 2) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - return ecp_mod_koblitz(X, X_limbs, Rp, 224); +#if defined(MBEDTLS_HAVE_INT64) + return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF); +#else + return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, + 0); +#endif } #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - /* * Fast quasi-reduction modulo p256k1 = 2^256 - R, * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1 */ static int ecp_mod_p256k1(mbedtls_mpi *N) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = BITS_TO_LIMBS(256) * 2; - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p256k1_raw(N->p, expected_width); - -cleanup: - return ret; -} - -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) { static mbedtls_mpi_uint Rp[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, - 0x01, 0x00, 0x00, 0x00) + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00) }; - - if (X_limbs != BITS_TO_LIMBS(256) * 2) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - return ecp_mod_koblitz(X, X_limbs, Rp, 256); + return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, + 0); } - #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ -#if defined(MBEDTLS_TEST_HOOKS) -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, - const mbedtls_ecp_group_id id, - const mbedtls_ecp_modulus_type ctype) -{ - mbedtls_mpi_modp_fn modp = NULL; - mbedtls_mpi_uint *p = NULL; - size_t p_limbs; - - if (!(ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE || \ - ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_SCALAR)) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - switch (id) { -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - case MBEDTLS_ECP_DP_SECP192R1: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { -#if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &mbedtls_ecp_mod_p192_raw; -#endif - p = (mbedtls_mpi_uint *) secp192r1_p; - p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); - } else { - p = (mbedtls_mpi_uint *) secp192r1_n; - p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) - case MBEDTLS_ECP_DP_SECP224R1: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { -#if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &mbedtls_ecp_mod_p224_raw; -#endif - p = (mbedtls_mpi_uint *) secp224r1_p; - p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); - } else { - p = (mbedtls_mpi_uint *) secp224r1_n; - p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - case MBEDTLS_ECP_DP_SECP256R1: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { -#if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &mbedtls_ecp_mod_p256_raw; -#endif - p = (mbedtls_mpi_uint *) secp256r1_p; - p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); - } else { - p = (mbedtls_mpi_uint *) secp256r1_n; - p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - case MBEDTLS_ECP_DP_SECP384R1: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { -#if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &mbedtls_ecp_mod_p384_raw; -#endif - p = (mbedtls_mpi_uint *) secp384r1_p; - p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); - } else { - p = (mbedtls_mpi_uint *) secp384r1_n; - p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - case MBEDTLS_ECP_DP_SECP521R1: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { -#if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &mbedtls_ecp_mod_p521_raw; -#endif - p = (mbedtls_mpi_uint *) secp521r1_p; - p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); - } else { - p = (mbedtls_mpi_uint *) secp521r1_n; - p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - case MBEDTLS_ECP_DP_BP256R1: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - p = (mbedtls_mpi_uint *) brainpoolP256r1_p; - p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p)); - } else { - p = (mbedtls_mpi_uint *) brainpoolP256r1_n; - p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) - case MBEDTLS_ECP_DP_BP384R1: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - p = (mbedtls_mpi_uint *) brainpoolP384r1_p; - p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p)); - } else { - p = (mbedtls_mpi_uint *) brainpoolP384r1_n; - p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) - case MBEDTLS_ECP_DP_BP512R1: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - p = (mbedtls_mpi_uint *) brainpoolP512r1_p; - p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p)); - } else { - p = (mbedtls_mpi_uint *) brainpoolP512r1_n; - p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - case MBEDTLS_ECP_DP_CURVE25519: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &mbedtls_ecp_mod_p255_raw; - p = (mbedtls_mpi_uint *) curve25519_p; - p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); - } else { - p = (mbedtls_mpi_uint *) curve25519_n; - p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) - case MBEDTLS_ECP_DP_SECP192K1: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &mbedtls_ecp_mod_p192k1_raw; - p = (mbedtls_mpi_uint *) secp192k1_p; - p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); - } else { - p = (mbedtls_mpi_uint *) secp192k1_n; - p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) - case MBEDTLS_ECP_DP_SECP224K1: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &mbedtls_ecp_mod_p224k1_raw; - p = (mbedtls_mpi_uint *) secp224k1_p; - p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); - } else { - p = (mbedtls_mpi_uint *) secp224k1_n; - p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - case MBEDTLS_ECP_DP_SECP256K1: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &mbedtls_ecp_mod_p256k1_raw; - p = (mbedtls_mpi_uint *) secp256k1_p; - p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); - } else { - p = (mbedtls_mpi_uint *) secp256k1_n; - p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_n)); - } - break; -#endif - -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - case MBEDTLS_ECP_DP_CURVE448: - if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &mbedtls_ecp_mod_p448_raw; - p = (mbedtls_mpi_uint *) curve448_p; - p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); - } else { - p = (mbedtls_mpi_uint *) curve448_n; - p_limbs = CHARS_TO_LIMBS(sizeof(curve448_n)); - } - break; -#endif - - default: - case MBEDTLS_ECP_DP_NONE: - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - if (modp != NULL) { - if (mbedtls_mpi_mod_optred_modulus_setup(N, p, p_limbs, modp)) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - } else { - if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - } - return 0; -} -#endif /* MBEDTLS_TEST_HOOKS */ #endif /* !MBEDTLS_ECP_ALT */ -#endif /* MBEDTLS_ECP_LIGHT */ + +#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_WITH_MPI_UINT */ From e25597dad72559a334f782240b0a3f09e2b6aca1 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 15 Jun 2023 07:00:20 +0000 Subject: [PATCH 206/339] Make ecp_mode_xxx functions depend on the new macro Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 51 ++++++++++++++++++++++++---- 1 file changed, 45 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 1b8a84c9f..d97b02e34 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1267,7 +1267,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */ void ecp_mod_p_generic_raw(int curve_id, char *input_N, char *input_X, @@ -1390,7 +1390,46 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_CURVE448_ENABLED:MBEDTLS_ECP_WITH_MPI_UINT */ +void ecp_mod_p448(char *input_N, + char *input_X, + char *result) +{ + mbedtls_mpi X; + mbedtls_mpi N; + mbedtls_mpi res; + + mbedtls_mpi_init(&X); + mbedtls_mpi_init(&N); + mbedtls_mpi_init(&res); + + TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0); + + TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n)); + TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n)); + TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n)); + + size_t limbs = N.n; + size_t bytes = limbs * sizeof(mbedtls_mpi_uint); + + TEST_LE_U(X.n, 2 * limbs); + TEST_EQUAL(res.n, limbs); + + TEST_EQUAL(mbedtls_ecp_mod_p448_raw(X.p, X.n), 0); + TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0); + TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 448); + ASSERT_COMPARE(X.p, bytes, res.p, bytes); + +exit: + mbedtls_mpi_free(&X); + mbedtls_mpi_free(&N); + mbedtls_mpi_free(&res); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */ void ecp_mod_setup(char *input_A, int id, int ctype, int iret) { int ret; @@ -1432,7 +1471,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */ void ecp_mod_mul_inv(char *input_A, int id, int ctype) { size_t limbs; @@ -1489,7 +1528,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype) { size_t p_A_limbs; @@ -1540,7 +1579,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */ void ecp_mod_read_write(char *input_A, int id, int ctype) { size_t limbs; @@ -1603,7 +1642,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */ void ecp_mod_random(int id, int ctype) { size_t limbs; From be4d6b62ab6ab9dd94150469a4593d0ede049652 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 15 Jun 2023 07:10:48 +0000 Subject: [PATCH 207/339] Fix use of sizeof without brackets in ecp_curves.c Signed-off-by: Xiaokang Qian --- library/ecp_curves.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 2595119d5..408ace638 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4507,8 +4507,7 @@ static const mbedtls_ecp_point brainpoolP512r1_T[32] = { #if defined(ECP_LOAD_GROUP) /* * Create an MPI from embedded constants - * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint) and - * len < 1048576) + * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint)) */ static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len) { @@ -5358,7 +5357,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p if (M.n > p_limbs + adjust) { M.n = p_limbs + adjust; } - memset(Mp, 0, sizeof Mp); + memset(Mp, 0, sizeof(Mp)); memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); if (shift != 0) { MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); @@ -5384,7 +5383,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p if (M.n > p_limbs + adjust) { M.n = p_limbs + adjust; } - memset(Mp, 0, sizeof Mp); + memset(Mp, 0, sizeof(Mp)); memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); if (shift != 0) { MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); From a8d30ac7e51a9d269dc51add78192b10012b635f Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 15 Jun 2023 07:17:35 +0000 Subject: [PATCH 208/339] Use new ECP_LIGHT symbol in ecp_curves.c Signed-off-by: Xiaokang Qian --- library/ecp_curves.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 408ace638..35ebc76f9 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -21,7 +21,7 @@ #if !defined(MBEDTLS_ECP_WITH_MPI_UINT) -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_LIGHT) #include "mbedtls/ecp.h" #include "mbedtls/platform_util.h" @@ -5466,5 +5466,5 @@ static int ecp_mod_p256k1(mbedtls_mpi *N) #endif /* !MBEDTLS_ECP_ALT */ -#endif /* MBEDTLS_ECP_C */ +#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_ECP_WITH_MPI_UINT */ From 02a3e0318fce04f0c5990706e6864a254639543b Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 15 Jun 2023 08:35:25 +0000 Subject: [PATCH 209/339] Declare mbedtls_ecp_fix_negative() always static to fix check_name failures Signed-off-by: Xiaokang Qian --- library/ecp_curves.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 35ebc76f9..4107ccf76 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4997,8 +4997,7 @@ static inline void sub32(uint32_t *dst, uint32_t src, signed char *carry) * If the result is negative, we get it in the form * c * 2^bits + N, with c negative and N positive shorter than 'bits' */ -MBEDTLS_STATIC_TESTABLE -void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits) +static void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits) { size_t i; From b903f4ecb67f9a7b92cc6b261a3f0fd64b5ea76b Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 20 Jul 2023 05:51:53 +0000 Subject: [PATCH 210/339] Free P and N of the group cause they are dynamic allocated Signed-off-by: Xiaokang Qian --- library/ecp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ecp.c b/library/ecp.c index 049a1e015..15da4a2fe 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -591,9 +591,11 @@ void mbedtls_ecp_group_free(mbedtls_ecp_group *grp) } if (grp->h != 1) { + mbedtls_mpi_free(&grp->P); mbedtls_mpi_free(&grp->A); mbedtls_mpi_free(&grp->B); mbedtls_ecp_point_free(&grp->G); + mbedtls_mpi_free(&grp->N); } if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) { From 796500e7512b7c07fa5799404289b0d59190c122 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 20 Jul 2023 07:03:07 +0000 Subject: [PATCH 211/339] Fix the type cast(size_t to unsigned short) warning Signed-off-by: Xiaokang Qian --- library/ecp_curves.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 4107ccf76..60646755f 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5352,9 +5352,9 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p M.p = Mp; /* M = A1 */ - M.n = N->n - (p_limbs - adjust); + M.n = (unsigned short) (N->n - (p_limbs - adjust)); if (M.n > p_limbs + adjust) { - M.n = p_limbs + adjust; + M.n = (unsigned short) (p_limbs + adjust); } memset(Mp, 0, sizeof(Mp)); memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); @@ -5378,9 +5378,9 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p /* Second pass */ /* M = A1 */ - M.n = N->n - (p_limbs - adjust); + M.n = (unsigned short) (N->n - (p_limbs - adjust)); if (M.n > p_limbs + adjust) { - M.n = p_limbs + adjust; + M.n = (unsigned short) (p_limbs + adjust); } memset(Mp, 0, sizeof(Mp)); memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); From d0657b001598288d5e704ee5b329c6f891a378c9 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 26 Jul 2023 10:35:24 +0000 Subject: [PATCH 212/339] ecp_mod_p448 has been moved to ecp_mod_p_generic_raw, remove here Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 39 ---------------------------- 1 file changed, 39 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index d97b02e34..962745cd8 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1390,45 +1390,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_CURVE448_ENABLED:MBEDTLS_ECP_WITH_MPI_UINT */ -void ecp_mod_p448(char *input_N, - char *input_X, - char *result) -{ - mbedtls_mpi X; - mbedtls_mpi N; - mbedtls_mpi res; - - mbedtls_mpi_init(&X); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&res); - - TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); - TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); - TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0); - - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n)); - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n)); - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n)); - - size_t limbs = N.n; - size_t bytes = limbs * sizeof(mbedtls_mpi_uint); - - TEST_LE_U(X.n, 2 * limbs); - TEST_EQUAL(res.n, limbs); - - TEST_EQUAL(mbedtls_ecp_mod_p448_raw(X.p, X.n), 0); - TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0); - TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 448); - ASSERT_COMPARE(X.p, bytes, res.p, bytes); - -exit: - mbedtls_mpi_free(&X); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&res); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */ void ecp_mod_setup(char *input_A, int id, int ctype, int iret) { From 59159abcce92651c70fb3ceb96b631f28de4d54d Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Fri, 28 Jul 2023 06:20:06 +0000 Subject: [PATCH 213/339] Fix fast quasi-reduction modulo value of p192K1 in comments Signed-off-by: Xiaokang Qian --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 60646755f..4ea36e34d 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5411,7 +5411,7 @@ cleanup: #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) /* * Fast quasi-reduction modulo p192k1 = 2^192 - R, - * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119 + * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x01000011C9 */ static int ecp_mod_p192k1(mbedtls_mpi *N) { From 82823b2fe88b2a38b698a59b1645dd68326ae5f3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 27 Jul 2023 12:25:05 +0100 Subject: [PATCH 214/339] Fix new bignum tests These tests weren't working, because they use CMake and can't pass options with CFLAGS directly. This could be mitigated by adding a CMake option, but using config.py is less invasive and it is what we normally use for setting build options anyway. Signed-off-by: Janos Follath --- library/ecp_invasive.h | 13 ++++++++----- tests/scripts/all.sh | 12 ++++++++---- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index db9dee3f4..0c6858a40 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -31,6 +31,14 @@ #include "bignum_mod.h" #include "mbedtls/ecp.h" +/* + * Turning this option on enables using the new bignum code in the ECC modules. + * + * WARNING: ECC implementation using the new bignum code is a work in progress, + * this option serves only development and testing purposes. + */ +//#define MBEDTLS_ECP_WITH_MPI_UINT + /* * Curve modulus types */ @@ -40,11 +48,6 @@ typedef enum { MBEDTLS_ECP_MOD_SCALAR } mbedtls_ecp_modulus_type; -/* Provide a commented-out definition so that `check_names.py` knows that - * it's not a typo. - */ -//#define MBEDTLS_ECP_WITH_MPI_UINT - typedef enum { MBEDTLS_ECP_VARIANT_NONE = 0, MBEDTLS_ECP_VARIANT_WITH_MPI_STRUCT, diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b6f6b600c..71e2332a7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -134,13 +134,14 @@ pre_initialize_variables () { CONFIG_H='include/mbedtls/mbedtls_config.h' CRYPTO_CONFIG_H='include/psa/crypto_config.h' CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h' + CONFIG_NEW_BIGNUM_H='library/ecp_invasive.h' # Files that are clobbered by some jobs will be backed up. Use a different # suffix from auxiliary scripts so that all.sh and auxiliary scripts can # independently decide when to remove the backup file. backup_suffix='.all.bak' # Files clobbered by config.py - files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H" + files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H $CONFIG_NEW_BIGNUM_H" # Files clobbered by in-tree cmake files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile" @@ -1028,8 +1029,9 @@ component_test_default_cmake_gcc_asan () { component_test_default_cmake_gcc_asan_new_bignum () { msg "build: cmake, gcc, ASan" # ~ 1 min 50s + scripts/config.py -f "$CONFIG_NEW_BIGNUM_H" set MBEDTLS_ECP_WITH_MPI_UINT CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make CFLAGS="-D MBEDTLS_ECP_WITH_MPI_UINT" + make msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s make test @@ -1086,8 +1088,9 @@ component_test_full_cmake_gcc_asan () { component_test_full_cmake_gcc_asan_new_bignum () { msg "build: full config, cmake, gcc, ASan" scripts/config.py full + scripts/config.py -f "$CONFIG_NEW_BIGNUM_H" set MBEDTLS_ECP_WITH_MPI_UINT CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make CFLAGS="-D MBEDTLS_ECP_WITH_MPI_UINT" + make msg "test: main suites (inc. selftests) (full config, ASan build)" make test @@ -1122,8 +1125,9 @@ component_test_full_cmake_gcc_asan_new_bignum_test_hooks () { msg "build: full config, cmake, gcc, ASan" scripts/config.py full scripts/config.py set MBEDTLS_TEST_HOOKS + scripts/config.py -f "$CONFIG_NEW_BIGNUM_H" set MBEDTLS_ECP_WITH_MPI_UINT CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make CFLAGS="-DMBEDTLS_ECP_WITH_MPI_UINT" + make msg "test: main suites (inc. selftests) (full config, ASan build)" make test From f3135af159aca63cfcfe02ab6689975a19545e64 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 31 Jul 2023 10:07:57 +0100 Subject: [PATCH 215/339] Use config.py in all new bignum tests This previous test is correct, as it is using make. Switch to using config.py for robustness and consistency. Signed-off-by: Janos Follath --- tests/scripts/all.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 71e2332a7..a1dcb8dfc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4216,7 +4216,8 @@ component_test_have_int32_cmake_new_bignum () { scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C scripts/config.py set MBEDTLS_TEST_HOOKS - make CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32 -DMBEDTLS_ECP_WITH_MPI_UINT" LDFLAGS="$ASAN_CFLAGS" + scripts/config.py -f "$CONFIG_NEW_BIGNUM_H" set MBEDTLS_ECP_WITH_MPI_UINT + make CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS" msg "test: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" make test From 8b27decc6a51b1ef7d19588d7ed56fd5e4d56853 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 31 Jul 2023 10:15:42 +0200 Subject: [PATCH 216/339] Revert "crypto_sizes: check also if DH is enabled for PSA_SIGNATURE_MAX_SIZE" This reverts commit 478c236938bdd0d201a68d66f423df32b74203e0. Signed-off-by: Valerio Setti --- include/psa/crypto_sizes.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 4f4a187eb..eeb460eb6 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -645,11 +645,6 @@ #undef PSA_SIGNATURE_MAX_SIZE #define PSA_SIGNATURE_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) #endif -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \ - (PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) > PSA_SIGNATURE_MAX_SIZE) -#undef PSA_SIGNATURE_MAX_SIZE -#define PSA_SIGNATURE_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) -#endif /** Sufficient output buffer size for psa_asymmetric_encrypt(). * From f5051efa81e9f361ab355ececdd30e9ad5d2d214 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 31 Jul 2023 11:00:43 +0200 Subject: [PATCH 217/339] test: properly size output buffer in key_agreement_fail() Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_op_fail.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_op_fail.function b/tests/suites/test_suite_psa_crypto_op_fail.function index 55dce8931..20942bf81 100644 --- a/tests/suites/test_suite_psa_crypto_op_fail.function +++ b/tests/suites/test_suite_psa_crypto_op_fail.function @@ -360,7 +360,7 @@ void key_agreement_fail(int key_type_arg, data_t *key_data, mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; uint8_t public_key[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE] = { 0 }; size_t public_key_length = SIZE_MAX; - uint8_t output[PSA_SIGNATURE_MAX_SIZE] = { 0 }; + uint8_t output[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE] = { 0 }; size_t length = SIZE_MAX; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; From 43c5bf4f888b4f189f2c28cfa2456350fb4af37a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 31 Jul 2023 11:06:50 +0200 Subject: [PATCH 218/339] crypto_sizes: use PSA_WANT_ALG for MAX signatures and key agreement sizes Signed-off-by: Valerio Setti --- include/psa/crypto_sizes.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index eeb460eb6..0d0300dbc 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -635,12 +635,12 @@ */ #define PSA_SIGNATURE_MAX_SIZE 1 -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ +#if (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) && \ (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE > PSA_SIGNATURE_MAX_SIZE) #undef PSA_SIGNATURE_MAX_SIZE #define PSA_SIGNATURE_MAX_SIZE PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE #endif -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && \ +#if (defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) || defined(PSA_WANT_ALG_RSA_PSS)) && \ (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_SIGNATURE_MAX_SIZE) #undef PSA_SIGNATURE_MAX_SIZE #define PSA_SIGNATURE_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) @@ -1049,12 +1049,12 @@ */ #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE 1 -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ +#if defined(PSA_WANT_ALG_ECDH) && \ (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) #undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) #endif -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \ +#if defined(PSA_WANT_ALG_FFDH) && \ (PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) #undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) From 2f04582d3799bb719889174585e1bb81d6b78d38 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 31 Jul 2023 10:57:16 +0100 Subject: [PATCH 219/339] Move MBEDTLS_ECP_WITH_MPI_UINT to mbedtls_config.h There is a precedent for having bigger and less mature options in mbedtls_config.h (MBEDTLS_USE_PSA_CRYPTO) for an extended period. Having this option in mbedtls_config.h is simpler and more robust. Signed-off-by: Janos Follath --- include/mbedtls/mbedtls_config.h | 9 +++++++++ library/ecp_invasive.h | 8 -------- tests/scripts/all.sh | 11 +++++------ 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 30e4d13ec..c65ed9268 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3997,4 +3997,13 @@ */ //#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED + +/** + * Uncomment to enable using new bignum code in the ECC modules. + * + * \warning ECC implementation using new bignum code is a work in progress, + * this option serves only development and testing purposes. + */ +//#define MBEDTLS_ECP_WITH_MPI_UINT + /** \} name SECTION: Module configuration options */ diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 0c6858a40..bb3b127ff 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -31,14 +31,6 @@ #include "bignum_mod.h" #include "mbedtls/ecp.h" -/* - * Turning this option on enables using the new bignum code in the ECC modules. - * - * WARNING: ECC implementation using the new bignum code is a work in progress, - * this option serves only development and testing purposes. - */ -//#define MBEDTLS_ECP_WITH_MPI_UINT - /* * Curve modulus types */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a1dcb8dfc..c47b767ae 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -134,14 +134,13 @@ pre_initialize_variables () { CONFIG_H='include/mbedtls/mbedtls_config.h' CRYPTO_CONFIG_H='include/psa/crypto_config.h' CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h' - CONFIG_NEW_BIGNUM_H='library/ecp_invasive.h' # Files that are clobbered by some jobs will be backed up. Use a different # suffix from auxiliary scripts so that all.sh and auxiliary scripts can # independently decide when to remove the backup file. backup_suffix='.all.bak' # Files clobbered by config.py - files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H $CONFIG_NEW_BIGNUM_H" + files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H" # Files clobbered by in-tree cmake files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile" @@ -1029,7 +1028,7 @@ component_test_default_cmake_gcc_asan () { component_test_default_cmake_gcc_asan_new_bignum () { msg "build: cmake, gcc, ASan" # ~ 1 min 50s - scripts/config.py -f "$CONFIG_NEW_BIGNUM_H" set MBEDTLS_ECP_WITH_MPI_UINT + scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1088,7 +1087,7 @@ component_test_full_cmake_gcc_asan () { component_test_full_cmake_gcc_asan_new_bignum () { msg "build: full config, cmake, gcc, ASan" scripts/config.py full - scripts/config.py -f "$CONFIG_NEW_BIGNUM_H" set MBEDTLS_ECP_WITH_MPI_UINT + scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1125,7 +1124,7 @@ component_test_full_cmake_gcc_asan_new_bignum_test_hooks () { msg "build: full config, cmake, gcc, ASan" scripts/config.py full scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -f "$CONFIG_NEW_BIGNUM_H" set MBEDTLS_ECP_WITH_MPI_UINT + scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -4216,7 +4215,7 @@ component_test_have_int32_cmake_new_bignum () { scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -f "$CONFIG_NEW_BIGNUM_H" set MBEDTLS_ECP_WITH_MPI_UINT + scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT make CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS" msg "test: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" From fb1b851797bca8d445f37784a5c33eed4a311a2f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:27:05 +0100 Subject: [PATCH 220/339] Improve docs for mbedtls_mpi_core_cond_assign Signed-off-by: Dave Rodgman --- library/bignum_core.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/bignum_core.h b/library/bignum_core.h index 64d51b92d..e5500f117 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -178,7 +178,9 @@ mbedtls_ct_condition_t mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, * \param[in] A The address of the source MPI. This must be initialized. * \param limbs The number of limbs of \p A. * \param assign The condition deciding whether to perform the - * assignment or not. + * assignment or not. Callers will need to use + * the constant time interface (e.g. `mbedtls_ct_bool()`) + * to construct this argument. * * \note This function avoids leaking any information about whether * the assignment was done or not. From 07f853713d60aa448a66fe8963c5ce0c1494e7c9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:27:49 +0100 Subject: [PATCH 221/339] Clarify comments in mbedtls_ct_memcpy_if Signed-off-by: Dave Rodgman --- library/constant_time.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 8cdb53a1c..c60ec8455 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -185,8 +185,11 @@ void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition, const uint32_t mask = (uint32_t) condition; const uint32_t not_mask = (uint32_t) ~mbedtls_ct_compiler_opaque(condition); - /* If src2 is NULL and condition == 0, then this function has no effect. - * In this case, copy from dest back into dest. */ + /* If src2 is NULL, setup src2 so that we read from the destination address. + * + * This means that if src2 == NULL && condition is false, the result will be a + * no-op because we read from dest and write the same data back into dest. + */ if (src2 == NULL) { src2 = dest; } From 32d726033b6a3cd83c1c9b69b393266a386e33d5 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:28:05 +0100 Subject: [PATCH 222/339] Improve comments in mbedtls_mpi_lt_mpi_ct Signed-off-by: Dave Rodgman --- library/bignum.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 8ad725858..aa5f818c4 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -86,19 +86,21 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, cond = mbedtls_ct_bool_xor(X_is_negative, Y_is_negative); // non-zero if different sign result = mbedtls_ct_bool_and(cond, X_is_negative); - /* Assuming signs are the same, compare X and Y. We switch the comparison + /* + * Assuming signs are the same, compare X and Y. We switch the comparison * order if they are negative so that we get the right result, regardles of * sign. - * - * Store in ret iff the signs are the same (i.e., iff cond == 0). If - * the signs differ, done has already been set. */ - /* This is used to conditionally swap the pointers in const time */ + /* This array is used to conditionally swap the pointers in const time */ void * const p[2] = { X->p, Y->p }; size_t i = mbedtls_ct_size_if0(X_is_negative, 1); mbedtls_ct_condition_t lt = mbedtls_mpi_core_lt_ct(p[i], p[i ^ 1], X->n); + /* + * Store in result iff the signs are the same (i.e., iff cond == false). If + * the signs differ, result has already been set, so we don't change it. + */ result = mbedtls_ct_bool_or(result, mbedtls_ct_bool_and(mbedtls_ct_bool_not(cond), lt)); *ret = mbedtls_ct_uint_if0(result, 1); From 93cec45af3de71894700b7824fae563939f46ebc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:30:26 +0100 Subject: [PATCH 223/339] Improve docs for mbedtls_ct_compiler_opaque Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 13 +++++++++++++ library/constant_time_internal.h | 5 +++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 191769b19..b2ef73f70 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -68,6 +68,19 @@ extern volatile mbedtls_ct_uint_t mbedtls_ct_zero; #endif +/** + * \brief Ensure that a value cannot be known at compile time. + * + * \param x The value to hide from the compiler. + * \return The same value that was passed in, such that the compiler + * cannot prove its value (even for calls of the form + * x = mbedtls_ct_compiler_opaque(1), x will be unknown). + * + * \note This is mainly used in constructing mbedtls_ct_condition_t + * values and performing operations over them, to ensure that + * there is no way for the compiler to ever know anything about + * the value of an mbedtls_ct_condition_t. + */ static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) { #if defined(MBEDTLS_CT_ASM) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 79927c1f1..c15eaeb4d 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -53,8 +53,9 @@ * function. * example: if (x) memcpy(...) => mbedtls_ct_memcpy_if(x, ...) * - * mbedtls_ct_condition_t should be treated as opaque and only manipulated - * via the functions in this header. + * mbedtls_ct_condition_t must be treated as opaque and only created and + * manipulated via the functions in this header. The compiler should never + * be able to prove anything about its value at compile-time. * * mbedtls_ct_uint_t is an unsigned integer type over which constant time * operations may be performed via the functions in this header. It is as big From 741d423ef8fa705453ccbc4c9c3637240f85297f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:31:01 +0100 Subject: [PATCH 224/339] Clarify docs for mbedtls_ct_memcpy_if Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index c15eaeb4d..959fbf945 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -428,7 +428,7 @@ void mbedtls_ct_memmove_left(void *start, * \param dest Secret. Destination pointer. * \param src1 Secret. Pointer to copy from (if \p condition == MBEDTLS_CT_TRUE). * This may be equal to \p dest, but may not overlap in other ways. - * \param src2 Secret (contents only - may branch to test if src2 == NULL). + * \param src2 Secret (contents only - may branch to determine if this parameter is NULL). * Pointer to copy from (if \p condition == MBEDTLS_CT_FALSE and \p src2 is not NULL). May be NULL. * This may be equal to \p dest, but may not overlap it in other ways. It may overlap with \p src1. * \param len Number of bytes to copy. From 0172de8b3da60f7cb78fb5b701d216119630303b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:32:23 +0100 Subject: [PATCH 225/339] Fix docs grammar Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 959fbf945..5879e47bb 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -65,9 +65,9 @@ * * For Arm (32-bit, 64-bit and Thumb), x86 and x86-64, assembly implementations * are used to ensure that the generated code is constant time. For other - * architectures, a plain C fallback designed to yield constant-time code (this - * has been observed to be constant-time on latest gcc, clang and MSVC as of - * May 2023). + * architectures, it uses a plain C fallback designed to yield constant-time code + * (this has been observed to be constant-time on latest gcc, clang and MSVC + * as of May 2023). */ #if (SIZE_MAX > 0xffffffffffffffffULL) From 9ee0e1f6fed0efb123bd75aefe7ced9f24484cd7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:33:36 +0100 Subject: [PATCH 226/339] Remove GCC redundant-decls workaround for mbedtls_ct_memcmp Signed-off-by: Dave Rodgman --- include/mbedtls/constant_time.h | 9 --------- library/constant_time_internal.h | 10 ++++++---- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/constant_time.h b/include/mbedtls/constant_time.h index 2d33adc88..01d5d9d29 100644 --- a/include/mbedtls/constant_time.h +++ b/include/mbedtls/constant_time.h @@ -23,11 +23,6 @@ #include -#ifdef __GNUC__ - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wredundant-decls" -#endif - /** Constant-time buffer comparison without branches. * * This is equivalent to the standard memcmp function, but is likely to be @@ -47,8 +42,4 @@ int mbedtls_ct_memcmp(const void *a, const void *b, size_t n); -#ifdef __GNUC__ - #pragma GCC diagnostic pop -#endif - #endif /* MBEDTLS_CONSTANT_TIME_H */ diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 5879e47bb..1411e1492 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -476,10 +476,12 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, size_t offset_max, size_t len); -/* Documented in include/mbedtls/constant_time.h. a and b are secret. */ -int mbedtls_ct_memcmp(const void *a, - const void *b, - size_t n); +/* Documented in include/mbedtls/constant_time.h. a and b are secret. + + int mbedtls_ct_memcmp(const void *a, + const void *b, + size_t n); + */ #ifdef __GNUC__ #pragma GCC diagnostic pop From ad9e5b9abe89216c90d70bf2676359bf6b989964 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:33:47 +0100 Subject: [PATCH 227/339] Improve docs for mbedtls_ct_memcmp Signed-off-by: Dave Rodgman --- include/mbedtls/constant_time.h | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/constant_time.h b/include/mbedtls/constant_time.h index 01d5d9d29..49bb375d4 100644 --- a/include/mbedtls/constant_time.h +++ b/include/mbedtls/constant_time.h @@ -26,16 +26,19 @@ /** Constant-time buffer comparison without branches. * * This is equivalent to the standard memcmp function, but is likely to be - * compiled to code using bitwise operation rather than a branch. + * compiled to code using bitwise operation rather than a branch, such that + * the time taken is constant w.r.t. the data pointed to by \p a and \p b, + * and w.r.t. whether \p a and \p b are equal or not. It is not constant-time + * w.r.t. \p n . * * This function can be used to write constant-time code by replacing branches * with bit operations using masks. * - * \param a Pointer to the first buffer. - * \param b Pointer to the second buffer. - * \param n The number of bytes to compare in the buffer. + * \param a Pointer to the first buffer, containing at least \p n bytes. May not be NULL. + * \param b Pointer to the second buffer, containing at least \p n bytes. May not be NULL. + * \param n The number of bytes to compare. * - * \return Zero if the content of the two buffer is the same, + * \return Zero if the contents of the two buffers are the same, * otherwise non-zero. */ int mbedtls_ct_memcmp(const void *a, From 04a334af550205cfed3990c1686270d5fad2ee6a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:35:26 +0100 Subject: [PATCH 228/339] Make const-time test not depend on internal knowledge of mbedtls_ct_condition_t Signed-off-by: Dave Rodgman --- tests/suites/test_suite_constant_time.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index d8a1fccbe..bdd27f53d 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -77,13 +77,13 @@ void mbedtls_ct_bool_xxx(char *x_str, char *y_str) expected = x1 <= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; TEST_EQUAL(mbedtls_ct_bool_le(x, y), expected); - expected = mbedtls_ct_bool(x1) ^ mbedtls_ct_bool(y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + expected = (!!x1) ^ (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; TEST_EQUAL(mbedtls_ct_bool_xor(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); - expected = mbedtls_ct_bool(x1) & mbedtls_ct_bool(y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + expected = (!!x1) && (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; TEST_EQUAL(mbedtls_ct_bool_and(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); - expected = mbedtls_ct_bool(x1) | mbedtls_ct_bool(y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; + expected = (!!x1) || (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; TEST_EQUAL(mbedtls_ct_bool_or(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); TEST_CF_PUBLIC(&x, sizeof(x)); From 1714a9b0ebbc8a6e6913c064a690484c1753923b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:37:01 +0100 Subject: [PATCH 229/339] Revert to old design for mbedtls_ct_memmove_left Signed-off-by: Dave Rodgman --- library/constant_time.c | 52 +++++++++-------------------------------- 1 file changed, 11 insertions(+), 41 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index c60ec8455..d4bd331d2 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -129,48 +129,18 @@ int mbedtls_ct_memcmp(const void *a, void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) { - /* In case of inlining, ensure that code generated is independent of the value of offset - * (e.g., if the compiler knows that offset == 0, it might be able to optimise this function - * to a no-op). */ - size_t hidden_offset = mbedtls_ct_compiler_opaque(offset); - - /* During this loop, j will take every value from [0..total) exactly once, - * regardless of the value of hidden_offset (it only changes the initial - * value for j). - * - * For this reason, when testing, it is safe to mark hidden_offset as non-secret. - * This prevents the const-flow checkers from generating a false-positive. - */ - TEST_CF_PUBLIC(&hidden_offset, sizeof(hidden_offset)); - - /* Iterate over the array, reading each byte once and writing each byte once. */ + volatile unsigned char *buf = start; for (size_t i = 0; i < total; i++) { - /* Each iteration, read one byte, and write it to start[i]. - * - * The source address will either be the "true" source address, if it's in the range - * where data is getting moved, or (if the source address is off the end of the - * array), it will wrap back to the start. - * - * If the source address is out of range, mask it to zero. - */ - - // The offset that we will read from (if in range) - size_t j = i + hidden_offset; - - // Is the address off the end of the array? - mbedtls_ct_condition_t not_dummy = mbedtls_ct_bool_lt(j, total); - - // Bring read address into range - j = j % total; - - // Read a byte - uint8_t b = ((uint8_t *) start)[j]; - - // Set it to zero if it's out of range - b = mbedtls_ct_uint_if0(not_dummy, b); - - // Write the byte to start[i] - ((uint8_t *) start)[i] = b; + mbedtls_ct_condition_t no_op = mbedtls_ct_bool_gt(total - offset, i); + /* The first `total - offset` passes are a no-op. The last + * `offset` passes shift the data one byte to the left and + * zero out the last byte. */ + for (size_t n = 0; n < total - 1; n++) { + unsigned char current = buf[n]; + unsigned char next = buf[n+1]; + buf[n] = mbedtls_ct_uint_if(no_op, current, next); + } + buf[total-1] = mbedtls_ct_uint_if0(no_op, buf[total-1]); } } From fd78c34e23c95a49b0c0790b714aee7cd85335c9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:38:55 +0100 Subject: [PATCH 230/339] Move constant_flow.h into the main library Signed-off-by: Dave Rodgman --- {tests/include/test => library}/constant_flow.h | 0 library/constant_time.c | 2 +- library/constant_time_impl.h | 2 +- tests/src/helpers.c | 2 +- tests/suites/test_suite_base64.function | 2 +- tests/suites/test_suite_bignum.function | 2 +- tests/suites/test_suite_bignum_core.function | 2 +- tests/suites/test_suite_bignum_mod.function | 2 +- tests/suites/test_suite_bignum_mod_raw.function | 2 +- tests/suites/test_suite_constant_time.function | 2 +- tests/suites/test_suite_constant_time_hmac.function | 2 +- tests/suites/test_suite_ssl.function | 2 +- 12 files changed, 11 insertions(+), 11 deletions(-) rename {tests/include/test => library}/constant_flow.h (100%) diff --git a/tests/include/test/constant_flow.h b/library/constant_flow.h similarity index 100% rename from tests/include/test/constant_flow.h rename to library/constant_flow.h diff --git a/library/constant_time.c b/library/constant_time.c index d4bd331d2..61fb094d9 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -30,7 +30,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform_util.h" -#include "../tests/include/test/constant_flow.h" +#include "constant_flow.h" #include diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index b2ef73f70..1bb07b3e9 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -37,7 +37,7 @@ #include "mbedtls/bignum.h" #endif -#include "../tests/include/test/constant_flow.h" +#include "constant_flow.h" /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \ diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 30fd362c0..1062560f2 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -15,7 +15,7 @@ * limitations under the License. */ -#include +#include "constant_flow.h" #include #include #include diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index e351ad8a2..acdfbea3c 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -2,7 +2,7 @@ #include "mbedtls/base64.h" #include "base64_internal.h" #include "constant_time_internal.h" -#include +#include "constant_flow.h" #if defined(MBEDTLS_TEST_HOOKS) static const char base64_digits[] = diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function index caa7e0467..edb369553 100644 --- a/tests/suites/test_suite_bignum.function +++ b/tests/suites/test_suite_bignum.function @@ -3,7 +3,7 @@ #include "mbedtls/entropy.h" #include "constant_time_internal.h" #include "bignum_core.h" -#include "test/constant_flow.h" +#include "constant_flow.h" #if MBEDTLS_MPI_MAX_BITS > 792 #define MPI_MAX_BITS_LARGER_THAN_792 diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index 7ac03d000..32889203e 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -3,7 +3,7 @@ #include "mbedtls/entropy.h" #include "bignum_core.h" #include "constant_time_internal.h" -#include "test/constant_flow.h" +#include "constant_flow.h" /** Verifies mbedtls_mpi_core_add(). * diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 4edc0b90e..f166079cf 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -4,7 +4,7 @@ #include "bignum_mod.h" #include "bignum_mod_raw.h" #include "constant_time_internal.h" -#include "test/constant_flow.h" +#include "constant_flow.h" #define TEST_COMPARE_MPI_RESIDUES(a, b) \ ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \ diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index b67ac51df..db4c20f3b 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -4,7 +4,7 @@ #include "bignum_core.h" #include "bignum_mod_raw.h" #include "constant_time_internal.h" -#include "test/constant_flow.h" +#include "constant_flow.h" #include "bignum_mod_raw_invasive.h" diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index bdd27f53d..330dc6fd6 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -18,7 +18,7 @@ #include #include -#include +#include "constant_flow.h" /* END_HEADER */ /* BEGIN_CASE */ diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 902acfa2b..b7cfb6686 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -5,7 +5,7 @@ #include #include "md_psa.h" -#include +#include "constant_flow.h" /* END_HEADER */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a8c714f39..eadf71558 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -8,7 +8,7 @@ #include #include -#include +#include "constant_flow.h" #define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 } From d175d524330d4df2292bcbfa459562cb45558ee4 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 14:03:08 +0100 Subject: [PATCH 231/339] Fix doxygen error Signed-off-by: Dave Rodgman --- library/constant_flow.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_flow.h b/library/constant_flow.h index ff464e617..9554cfc03 100644 --- a/library/constant_flow.h +++ b/library/constant_flow.h @@ -26,7 +26,7 @@ #include "mbedtls/build_info.h" -/* +/** * This file defines the two macros * * #define TEST_CF_SECRET(ptr, size) From ccb03449692e42f4da45fb20cd46e08b648bca26 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 31 Jul 2023 15:07:49 +0200 Subject: [PATCH 232/339] test: add GIT alternative commands for older GIT versions The Docker container used for the CI has Git version 2.7.4 which does not support the "git branch --show-current" command since this was added in version 2.22. Therefore this commit adds an alternative version for old Git versions. Signed-off-by: Valerio Setti --- docs/architecture/psa-migration/outcome-analysis.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/architecture/psa-migration/outcome-analysis.sh b/docs/architecture/psa-migration/outcome-analysis.sh index b26963b90..d03c5a226 100755 --- a/docs/architecture/psa-migration/outcome-analysis.sh +++ b/docs/architecture/psa-migration/outcome-analysis.sh @@ -43,8 +43,15 @@ record() { fi } -# save current HEAD -HEAD=$(git branch --show-current) +# save current HEAD. +# Note: unfortunately "git branch --show-current" was added only in GIT +# version 2.22. +GIT_VERSION="$(git --version | sed 's/git version //')" +if dpkg --compare-versions "$GIT_VERSION" "gt" "2.22.0"; then + HEAD=$(git branch --show-current) +else + HEAD=$(git rev-parse --abbrev-ref HEAD) +fi # get the numbers before this PR for default and full cleanup From ab02d391cb6cd46d16407ccdd9b9dda4240e4e0b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 31 Jul 2023 16:47:07 +0200 Subject: [PATCH 233/339] test: use only rev-parse for getting the current branch Signed-off-by: Valerio Setti --- docs/architecture/psa-migration/outcome-analysis.sh | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/docs/architecture/psa-migration/outcome-analysis.sh b/docs/architecture/psa-migration/outcome-analysis.sh index d03c5a226..1805a3ca0 100755 --- a/docs/architecture/psa-migration/outcome-analysis.sh +++ b/docs/architecture/psa-migration/outcome-analysis.sh @@ -44,14 +44,10 @@ record() { } # save current HEAD. -# Note: unfortunately "git branch --show-current" was added only in GIT -# version 2.22. -GIT_VERSION="$(git --version | sed 's/git version //')" -if dpkg --compare-versions "$GIT_VERSION" "gt" "2.22.0"; then - HEAD=$(git branch --show-current) -else - HEAD=$(git rev-parse --abbrev-ref HEAD) -fi +# Note: this can optionally be updated to +# HEAD=$(git branch --show-current) +# when using a Git version above 2.22 +HEAD=$(git rev-parse --abbrev-ref HEAD) # get the numbers before this PR for default and full cleanup From baf350c6bdbc93ba8475c4a4ce47634f32b49b1d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 31 Jul 2023 20:22:33 +0530 Subject: [PATCH 234/339] Add PSA_HAVE_SOFT_PBKDF2 to crypto_driver_context_key_derivation Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_driver_contexts_key_derivation.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h index 32de4f765..3fb29ff7f 100644 --- a/include/psa/crypto_driver_contexts_key_derivation.h +++ b/include/psa/crypto_driver_contexts_key_derivation.h @@ -55,8 +55,7 @@ typedef union { #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms); #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) +#if defined(PSA_HAVE_SOFT_PBKDF2) psa_pbkdf2_key_derivation_t MBEDTLS_PRIVATE(pbkdf2); #endif } psa_driver_key_derivation_context_t; From 3ed980d60fa376fb87839f1c528a26226d5bd12d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 31 Jul 2023 16:13:35 +0100 Subject: [PATCH 235/339] Fix full config in config.py By default, the full configuration enables all options. But we specifically don't want to enable MBEDTLS_ECP_WITH_MPI_UINT except where it's done explicitly, because it disables the old ecp. So it needs to be added to the exceptions in config.py (EXCLUDE_FROM_FULL). Signed-off-by: Janos Follath --- scripts/config.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/config.py b/scripts/config.py index 3e957fdd2..cb42c118e 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -217,7 +217,8 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature 'MBEDTLS_SSL_RECORD_SIZE_LIMIT', # in development, currently breaks other tests - 'MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED' # influences SECP256R1 KeyGen/ECDH/ECDSA + 'MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA + 'MBEDTLS_ECP_WITH_MPI_UINT' # disables the default ECP and is experimental ]) def is_seamless_alt(name): From 3d1bb9be06e3293742dc16bbd0703b0d2c1c2c80 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 16:34:17 +0100 Subject: [PATCH 236/339] Revert "Fix doxygen error" This reverts commit d175d524330d4df2292bcbfa459562cb45558ee4. Signed-off-by: Dave Rodgman --- library/constant_flow.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_flow.h b/library/constant_flow.h index 9554cfc03..ff464e617 100644 --- a/library/constant_flow.h +++ b/library/constant_flow.h @@ -26,7 +26,7 @@ #include "mbedtls/build_info.h" -/** +/* * This file defines the two macros * * #define TEST_CF_SECRET(ptr, size) From 378280e57fd9862bb20df7b70bc7b4327101af23 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 16:34:19 +0100 Subject: [PATCH 237/339] Revert "Move constant_flow.h into the main library" This reverts commit fd78c34e23c95a49b0c0790b714aee7cd85335c9. Signed-off-by: Dave Rodgman --- library/constant_time.c | 2 +- library/constant_time_impl.h | 2 +- {library => tests/include/test}/constant_flow.h | 0 tests/src/helpers.c | 2 +- tests/suites/test_suite_base64.function | 2 +- tests/suites/test_suite_bignum.function | 2 +- tests/suites/test_suite_bignum_core.function | 2 +- tests/suites/test_suite_bignum_mod.function | 2 +- tests/suites/test_suite_bignum_mod_raw.function | 2 +- tests/suites/test_suite_constant_time.function | 2 +- tests/suites/test_suite_constant_time_hmac.function | 2 +- tests/suites/test_suite_ssl.function | 2 +- 12 files changed, 11 insertions(+), 11 deletions(-) rename {library => tests/include/test}/constant_flow.h (100%) diff --git a/library/constant_time.c b/library/constant_time.c index 61fb094d9..d4bd331d2 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -30,7 +30,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform_util.h" -#include "constant_flow.h" +#include "../tests/include/test/constant_flow.h" #include diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 1bb07b3e9..b2ef73f70 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -37,7 +37,7 @@ #include "mbedtls/bignum.h" #endif -#include "constant_flow.h" +#include "../tests/include/test/constant_flow.h" /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \ diff --git a/library/constant_flow.h b/tests/include/test/constant_flow.h similarity index 100% rename from library/constant_flow.h rename to tests/include/test/constant_flow.h diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 1062560f2..30fd362c0 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -15,7 +15,7 @@ * limitations under the License. */ -#include "constant_flow.h" +#include #include #include #include diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index acdfbea3c..e351ad8a2 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -2,7 +2,7 @@ #include "mbedtls/base64.h" #include "base64_internal.h" #include "constant_time_internal.h" -#include "constant_flow.h" +#include #if defined(MBEDTLS_TEST_HOOKS) static const char base64_digits[] = diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function index edb369553..caa7e0467 100644 --- a/tests/suites/test_suite_bignum.function +++ b/tests/suites/test_suite_bignum.function @@ -3,7 +3,7 @@ #include "mbedtls/entropy.h" #include "constant_time_internal.h" #include "bignum_core.h" -#include "constant_flow.h" +#include "test/constant_flow.h" #if MBEDTLS_MPI_MAX_BITS > 792 #define MPI_MAX_BITS_LARGER_THAN_792 diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index 32889203e..7ac03d000 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -3,7 +3,7 @@ #include "mbedtls/entropy.h" #include "bignum_core.h" #include "constant_time_internal.h" -#include "constant_flow.h" +#include "test/constant_flow.h" /** Verifies mbedtls_mpi_core_add(). * diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index f166079cf..4edc0b90e 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -4,7 +4,7 @@ #include "bignum_mod.h" #include "bignum_mod_raw.h" #include "constant_time_internal.h" -#include "constant_flow.h" +#include "test/constant_flow.h" #define TEST_COMPARE_MPI_RESIDUES(a, b) \ ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \ diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index db4c20f3b..b67ac51df 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -4,7 +4,7 @@ #include "bignum_core.h" #include "bignum_mod_raw.h" #include "constant_time_internal.h" -#include "constant_flow.h" +#include "test/constant_flow.h" #include "bignum_mod_raw_invasive.h" diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index 330dc6fd6..bdd27f53d 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -18,7 +18,7 @@ #include #include -#include "constant_flow.h" +#include /* END_HEADER */ /* BEGIN_CASE */ diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index b7cfb6686..902acfa2b 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -5,7 +5,7 @@ #include #include "md_psa.h" -#include "constant_flow.h" +#include /* END_HEADER */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index eadf71558..a8c714f39 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -8,7 +8,7 @@ #include #include -#include "constant_flow.h" +#include #define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 } From 3d574da6fc0e7ddbb61fad2717d930586ed58bea Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 16:54:00 +0100 Subject: [PATCH 238/339] Revert to not enabling asm under Memsan Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 24 +++++++++--------------- tests/include/test/constant_flow.h | 25 ------------------------- 2 files changed, 9 insertions(+), 40 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index b2ef73f70..857092807 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -37,11 +37,18 @@ #include "mbedtls/bignum.h" #endif -#include "../tests/include/test/constant_flow.h" +/* Disable asm under Memsan because it confuses Memsan and generates false errors */ +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) +#define MBEDTLS_CT_NO_ASM +#elif defined(__has_feature) +#if __has_feature(memory_sanitizer) +#define MBEDTLS_CT_NO_ASM +#endif +#endif /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \ - __ARMCC_VERSION >= 6000000) + __ARMCC_VERSION >= 6000000) && !defined(MBEDTLS_CT_NO_ASM) #define MBEDTLS_CT_ASM #if (defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) #define MBEDTLS_CT_ARM_ASM @@ -84,20 +91,7 @@ extern volatile mbedtls_ct_uint_t mbedtls_ct_zero; static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) { #if defined(MBEDTLS_CT_ASM) - /* Prevent false positives from Memsan - otherwise it will report the asm as - * accessing secret data. */ - TEST_CF_SAVE_SECRET(x); - asm volatile ("" : [x] "+r" (x) :); - - /* Mark the return value as secret (if it was previously marked secret). - * This is needed so that code of the form: - * - * if (mbedtls_ct_compiler_opaque(secret)) { ... } - * - * will fail const-flow tests. - */ - TEST_CF_RESTORE_SECRET(x); return x; #else return x ^ mbedtls_ct_zero; diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h index ff464e617..f3d676e28 100644 --- a/tests/include/test/constant_flow.h +++ b/tests/include/test/constant_flow.h @@ -32,27 +32,14 @@ * #define TEST_CF_SECRET(ptr, size) * #define TEST_CF_PUBLIC(ptr, size) * - * and - * - * #define TEST_CF_SAVE_SECRET(variable) - * #define TEST_CF_RESTORE_SECRET(variable) - * * that can be used in tests to mark a memory area as secret (no branch or * memory access should depend on it) or public (default, only needs to be * marked explicitly when it was derived from secret data). * - * The SAVE/RESTORE forms mark a variable as public, and subsequently restore its - * previous secret/not-secret state. This is used where library code is generating - * false positives and needs to temporarily disable Memsan checks for a particular - * variable, and then restore it's original state afterwards so it doesn't interfere - * with other checks. - * * Arguments: * - ptr: a pointer to the memory area to be marked * - size: the size in bytes of the memory area * - * - variable: a variable name - * * Implementation: * The basic idea is that of ctgrind : we can * re-use tools that were designed for checking use of uninitialized memory. @@ -76,12 +63,6 @@ #define TEST_CF_PUBLIC __msan_unpoison // void __msan_unpoison(const volatile void *a, size_t size); -#define TEST_CF_SAVE_SECRET(_x) \ - int _test_cf_is_public_ ## _x = __msan_test_shadow(&(_x), sizeof(_x)) == -1; \ - TEST_CF_PUBLIC(&(_x), sizeof(_x)); -#define TEST_CF_RESTORE_SECRET(_x) \ - if (!_test_cf_is_public_ ## _x) TEST_CF_SECRET(&(_x), sizeof(_x)); - #elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) #include @@ -90,18 +71,12 @@ #define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED // VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) -#define TEST_CF_SAVE_SECRET(_x) -#define TEST_CF_RESTORE_SECRET(_x) - #else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ #define TEST_CF_SECRET(ptr, size) #define TEST_CF_PUBLIC(ptr, size) -#define TEST_CF_SAVE_SECRET(_x) -#define TEST_CF_RESTORE_SECRET(_x) - #endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ From 926d8da47ef3b688b9519891db1e327fb83007eb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 17:28:26 +0100 Subject: [PATCH 239/339] Fix test dependency Signed-off-by: Dave Rodgman --- tests/suites/test_suite_constant_time.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index bdd27f53d..12ad686b9 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -346,7 +346,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +/* BEGIN_CASE */ void mbedtls_ct_memcpy_offset(int offset_min, int offset_max, int len) { unsigned char *dst = NULL; From 9da40b89270228c7a036cead713f777b6e886c72 Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar Date: Mon, 31 Jul 2023 16:38:10 +0100 Subject: [PATCH 240/339] Update default variable values for compilers Signed-off-by: Gowtham Suresh Kumar --- tests/scripts/all.sh | 8 ++++---- tests/scripts/generate_test_code.py | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8caec486a..03782636e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -176,10 +176,10 @@ pre_initialize_variables () { : ${ARMC6_BIN_DIR:=/usr/bin} : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-} - : ${CLANG_LATEST:="clang-16"} - : ${CLANG_EARLIEST:="clang-3.5"} - : ${GCC_LATEST:="gcc-12"} - : ${GCC_EARLIEST:="gcc-4.7"} + : ${CLANG_LATEST:="clang-latest"} + : ${CLANG_EARLIEST:="clang-earliest"} + : ${GCC_LATEST:="gcc-latest"} + : ${GCC_EARLIEST:="gcc-earliest"} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -z "${MAKEFLAGS+set}" ]; then export MAKEFLAGS="-j$(all_sh_nproc)" diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index c42f9a84b..76806de95 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -668,7 +668,7 @@ def parse_function_code(funcs_f, dependencies, suite_dependencies): name = 'test_' + name # If a test function has no arguments then add 'void' argument to - # avoid "-Wstrict-prototypes" warnings from clang-16 + # avoid "-Wstrict-prototypes" warnings from clang if len(args) == 0: code = code.replace('()', '(void)', 1) From e416f03c8f2e8b2abf42657bed23dec4e538a129 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 1 Aug 2023 08:44:40 +0100 Subject: [PATCH 241/339] Improve wording of MBEDTLS_ECP_WITH_MPI_UINT doc Use the standard "experimental" word in the description and make the wording more similar to other experimental warnings. Signed-off-by: Janos Follath --- include/mbedtls/mbedtls_config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index c65ed9268..719bbed8f 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -4001,8 +4001,8 @@ /** * Uncomment to enable using new bignum code in the ECC modules. * - * \warning ECC implementation using new bignum code is a work in progress, - * this option serves only development and testing purposes. + * \warning This is currently experimental, incomplete and therefore should not + * be used in production. */ //#define MBEDTLS_ECP_WITH_MPI_UINT From 5b7c38f673f97835574b4fb8f206ccfd5e9740db Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 1 Aug 2023 08:51:12 +0100 Subject: [PATCH 242/339] Sort full config exceptions in config.py The EXCLUDE_FROM_FULL list in config.py should be, and used to be, but no longer is, in alphabetical order, and with a comma on the last element. Signed-off-by: Janos Follath --- scripts/config.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index cb42c118e..4ff516678 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -195,6 +195,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS 'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation + 'MBEDTLS_ECP_WITH_MPI_UINT', # disables the default ECP and is experimental 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_HAVE_SSE2', # hardware dependency 'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C @@ -204,6 +205,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature 'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum + 'MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature 'MBEDTLS_PSA_CRYPTO_CONFIG', # toggles old/new style PSA config 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency @@ -213,12 +215,10 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT + 'MBEDTLS_SSL_RECORD_SIZE_LIMIT', # in development, currently breaks other tests 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature - 'MBEDTLS_SSL_RECORD_SIZE_LIMIT', # in development, currently breaks other tests - 'MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA - 'MBEDTLS_ECP_WITH_MPI_UINT' # disables the default ECP and is experimental ]) def is_seamless_alt(name): From 52f7e18042babe6e121d01323b8c2608a3b287e5 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 1 Aug 2023 09:08:48 +0100 Subject: [PATCH 243/339] Use mbedtls_zeroize_and_free() in psa_remove_key_data_from_memory() Signed-off-by: Tom Cosgrove --- library/psa_crypto.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index df7057b0f..f6ad775ad 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1088,13 +1088,10 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) { - /* Data pointer will always be either a valid pointer or NULL in an - * initialized slot, so we can just free it. */ if (slot->key.data != NULL) { - mbedtls_platform_zeroize(slot->key.data, slot->key.bytes); + mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes); } - mbedtls_free(slot->key.data); slot->key.data = NULL; slot->key.bytes = 0; From 1f39f037bf5cb33420db8fc992b9504d85e2bc60 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 1 Aug 2023 09:19:16 +0100 Subject: [PATCH 244/339] Improve variable name in mbedtls_mpi_lt_mpi_ct Signed-off-by: Dave Rodgman --- library/bignum.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index aa5f818c4..de652c309 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -61,7 +61,7 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned *ret) { - mbedtls_ct_condition_t cond, X_is_negative, Y_is_negative, result; + mbedtls_ct_condition_t different_sign, X_is_negative, Y_is_negative, result; MPI_VALIDATE_RET(X != NULL); MPI_VALIDATE_RET(Y != NULL); @@ -83,8 +83,8 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, * That is if X is negative (X_is_negative == 1), then X < Y is true and it * is false if X is positive (X_is_negative == 0). */ - cond = mbedtls_ct_bool_xor(X_is_negative, Y_is_negative); // non-zero if different sign - result = mbedtls_ct_bool_and(cond, X_is_negative); + different_sign = mbedtls_ct_bool_xor(X_is_negative, Y_is_negative); // non-zero if different sign + result = mbedtls_ct_bool_and(different_sign, X_is_negative); /* * Assuming signs are the same, compare X and Y. We switch the comparison @@ -98,10 +98,11 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, mbedtls_ct_condition_t lt = mbedtls_mpi_core_lt_ct(p[i], p[i ^ 1], X->n); /* - * Store in result iff the signs are the same (i.e., iff cond == false). If + * Store in result iff the signs are the same (i.e., iff different_sign == false). If * the signs differ, result has already been set, so we don't change it. */ - result = mbedtls_ct_bool_or(result, mbedtls_ct_bool_and(mbedtls_ct_bool_not(cond), lt)); + result = mbedtls_ct_bool_or(result, + mbedtls_ct_bool_and(mbedtls_ct_bool_not(different_sign), lt)); *ret = mbedtls_ct_uint_if0(result, 1); From 205295c57655f40d953b5903b337ff9fdc2654e4 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 1 Aug 2023 14:10:56 +0100 Subject: [PATCH 245/339] Tidy-up: move GCC warning fix to constant_time_impl.h Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 15 +++++++++++++++ library/constant_time_internal.h | 21 +++++---------------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 857092807..1fa655d66 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -37,6 +37,17 @@ #include "mbedtls/bignum.h" #endif +/* constant_time_impl.h contains all the static inline implementations, + * so that constant_time_internal.h is more readable. + * + * gcc generates warnings about duplicate declarations, so disable this + * warning. + */ +#ifdef __GNUC__ + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wredundant-decls" +#endif + /* Disable asm under Memsan because it confuses Memsan and generates false errors */ #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) #define MBEDTLS_CT_NO_ASM @@ -288,4 +299,8 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t return (mbedtls_ct_condition_t) (~x); } +#ifdef __GNUC__ + #pragma GCC diagnostic pop +#endif + #endif /* MBEDTLS_CONSTANT_TIME_IMPL_H */ diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 1411e1492..6d549f16f 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -68,6 +68,9 @@ * architectures, it uses a plain C fallback designed to yield constant-time code * (this has been observed to be constant-time on latest gcc, clang and MSVC * as of May 2023). + * + * For readability, the static inline definitions are separated out into + * constant_time_impl.h. */ #if (SIZE_MAX > 0xffffffffffffffffULL) @@ -91,19 +94,6 @@ typedef int32_t mbedtls_ct_int_t; #endif #define MBEDTLS_CT_FALSE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(0)) -/* constant_time_impl.h contains all the static inline implementations, - * so that constant_time_internal.h is more readable. - * - * gcc generates warnings about duplicate declarations, so disable this - * warning. - */ -#ifdef __GNUC__ - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wredundant-decls" -#endif - -#include "constant_time_impl.h" - /* ============================================================================ * Boolean operations */ @@ -483,8 +473,7 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, size_t n); */ -#ifdef __GNUC__ - #pragma GCC diagnostic pop -#endif +/* Include the implementation of static inline functions above. */ +#include "constant_time_impl.h" #endif /* MBEDTLS_CONSTANT_TIME_INTERNAL_H */ From 56e5d6887fa2f60f15a1bbd853360c94fe48500e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 1 Aug 2023 15:04:11 +0100 Subject: [PATCH 246/339] Fix comment typo Co-authored-by: Tom Cosgrove Signed-off-by: Dave Rodgman --- include/mbedtls/constant_time.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/constant_time.h b/include/mbedtls/constant_time.h index 49bb375d4..ebecf35b0 100644 --- a/include/mbedtls/constant_time.h +++ b/include/mbedtls/constant_time.h @@ -26,7 +26,7 @@ /** Constant-time buffer comparison without branches. * * This is equivalent to the standard memcmp function, but is likely to be - * compiled to code using bitwise operation rather than a branch, such that + * compiled to code using bitwise operations rather than a branch, such that * the time taken is constant w.r.t. the data pointed to by \p a and \p b, * and w.r.t. whether \p a and \p b are equal or not. It is not constant-time * w.r.t. \p n . From 7847eaef20c3fea9e0f0adca1b0dce7e1567bfe8 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 1 Aug 2023 16:30:51 +0100 Subject: [PATCH 247/339] Add default test cases for add/subtract in bignum Signed-off-by: Agathiyan Bragadeesh --- scripts/mbedtls_dev/bignum_data.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/scripts/mbedtls_dev/bignum_data.py b/scripts/mbedtls_dev/bignum_data.py index 0a48e538d..28076a49b 100644 --- a/scripts/mbedtls_dev/bignum_data.py +++ b/scripts/mbedtls_dev/bignum_data.py @@ -106,6 +106,29 @@ INPUTS_DEFAULT = [ RANDOM_1024_BIT_SEED_4_NO2, # largest (not a prime) ] +ADD_SUB_DEFAULT = [ + "0", "1", "3", "f", "fe", "ff", "100", "ff00", + "fffe", "ffff", "10000", # 2^16 - 1, 2^16, 2^16 + 1 + "fffffffe", "ffffffff", "100000000", # 2^32 - 1, 2^32, 2^32 + 1 + "1f7f7f7f7f7f7f", + "8000000000000000", "fefefefefefefefe", + "fffffffffffffffe", "ffffffffffffffff", "10000000000000000", # 2^64 - 1, 2^64, 2^64 + 1 + "1234567890abcdef0", + "fffffffffffffffffffffffe", + "ffffffffffffffffffffffff", + "1000000000000000000000000", + "fffffffffffffffffefefefefefefefe", + "fffffffffffffffffffffffffffffffe", + "ffffffffffffffffffffffffffffffff", + "100000000000000000000000000000000", + "1234567890abcdef01234567890abcdef0", + "fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe", + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "10000000000000000000000000000000000000000000000000000000000000000", + "1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0", + ] + # Only odd moduli are present as in the new bignum code only odd moduli are # supported for now. MODULI_DEFAULT = [ From 59003c70aea301f0e92c45eb0c8b70d6bd0295a2 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 1 Aug 2023 16:32:36 +0100 Subject: [PATCH 248/339] Use ADD_SUB_DEFAULT as test input for bignum tests In BignumCoreAddAndAddIf and BignumCoreSub we use the new dedicated test inputs. Signed-off-by: Agathiyan Bragadeesh --- scripts/mbedtls_dev/bignum_core.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index ff3fd23e6..eecf94a11 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -21,6 +21,7 @@ from typing import Dict, Iterator, List, Tuple from . import test_case from . import test_data_generation from . import bignum_common +from .bignum_data import ADD_SUB_DEFAULT class BignumCoreTarget(test_data_generation.BaseTarget): #pylint: disable=abstract-method, too-few-public-methods @@ -176,6 +177,7 @@ class BignumCoreAddAndAddIf(BignumCoreTarget, bignum_common.OperationCommon): test_function = "mpi_core_add_and_add_if" test_name = "mpi_core_add_and_add_if" input_style = "arch_split" + input_values = ADD_SUB_DEFAULT unique_combinations_only = True def result(self) -> List[str]: @@ -196,6 +198,7 @@ class BignumCoreSub(BignumCoreTarget, bignum_common.OperationCommon): symbol = "-" test_function = "mpi_core_sub" test_name = "mbedtls_mpi_core_sub" + input_values = ADD_SUB_DEFAULT def result(self) -> List[str]: if self.int_a >= self.int_b: From ab329c0dfca6c2d45e0fa500da9bcdf143e71448 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 1 Aug 2023 17:18:31 +0100 Subject: [PATCH 249/339] Rename ADD_SUB_DEFAULT to ADD_SUB_DATA Signed-off-by: Agathiyan Bragadeesh --- scripts/mbedtls_dev/bignum_core.py | 6 +++--- scripts/mbedtls_dev/bignum_data.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index eecf94a11..563492b29 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -21,7 +21,7 @@ from typing import Dict, Iterator, List, Tuple from . import test_case from . import test_data_generation from . import bignum_common -from .bignum_data import ADD_SUB_DEFAULT +from .bignum_data import ADD_SUB_DATA class BignumCoreTarget(test_data_generation.BaseTarget): #pylint: disable=abstract-method, too-few-public-methods @@ -177,7 +177,7 @@ class BignumCoreAddAndAddIf(BignumCoreTarget, bignum_common.OperationCommon): test_function = "mpi_core_add_and_add_if" test_name = "mpi_core_add_and_add_if" input_style = "arch_split" - input_values = ADD_SUB_DEFAULT + input_values = ADD_SUB_DATA unique_combinations_only = True def result(self) -> List[str]: @@ -198,7 +198,7 @@ class BignumCoreSub(BignumCoreTarget, bignum_common.OperationCommon): symbol = "-" test_function = "mpi_core_sub" test_name = "mbedtls_mpi_core_sub" - input_values = ADD_SUB_DEFAULT + input_values = ADD_SUB_DATA def result(self) -> List[str]: if self.int_a >= self.int_b: diff --git a/scripts/mbedtls_dev/bignum_data.py b/scripts/mbedtls_dev/bignum_data.py index 28076a49b..6f132a6b3 100644 --- a/scripts/mbedtls_dev/bignum_data.py +++ b/scripts/mbedtls_dev/bignum_data.py @@ -106,7 +106,7 @@ INPUTS_DEFAULT = [ RANDOM_1024_BIT_SEED_4_NO2, # largest (not a prime) ] -ADD_SUB_DEFAULT = [ +ADD_SUB_DATA = [ "0", "1", "3", "f", "fe", "ff", "100", "ff00", "fffe", "ffff", "10000", # 2^16 - 1, 2^16, 2^16 + 1 "fffffffe", "ffffffff", "100000000", # 2^32 - 1, 2^32, 2^32 + 1 From 52e0fb4421bd8462417fc665bcd936ecaa8ced5a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 2 Aug 2023 09:55:21 +0200 Subject: [PATCH 250/339] crypto_config_profile_medium: add comment for new KEY_PAIR symbols Signed-off-by: Valerio Setti --- configs/crypto_config_profile_medium.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/configs/crypto_config_profile_medium.h b/configs/crypto_config_profile_medium.h index dda7d4d0f..3fa8552c9 100644 --- a/configs/crypto_config_profile_medium.h +++ b/configs/crypto_config_profile_medium.h @@ -116,4 +116,23 @@ //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 //#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 +/*********************************************************************** + * Local edits below this delimiter + **********************************************************************/ + +/* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro + * (commented-out above) has been replaced with the following new macros: */ +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */ + +/* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */ +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 // Not supported + #endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */ From c25567af23a63d02973099a0bd13cb033c84452c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 31 Jul 2023 12:01:39 +0100 Subject: [PATCH 251/339] Move variant test to ecp_curves We would like to de-duplicate ecp.c, but ecp_curves.c remains duplicated and we still want to test for the active variant. Signed-off-by: Janos Follath --- library/ecp.c | 10 ---------- library/ecp_curves.c | 10 ++++++++++ library/ecp_curves_new.c | 11 +++++++++++ library/ecp_new.c | 10 ---------- 4 files changed, 21 insertions(+), 20 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 25af6318c..d027564d5 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3638,16 +3638,6 @@ cleanup: #endif /* MBEDTLS_SELF_TEST */ -#if defined(MBEDTLS_TEST_HOOKS) - -MBEDTLS_STATIC_TESTABLE -mbedtls_ecp_variant mbedtls_ecp_get_variant(void) -{ - return MBEDTLS_ECP_VARIANT_WITH_MPI_STRUCT; -} - -#endif /* MBEDTLS_TEST_HOOKS */ - #endif /* !MBEDTLS_ECP_ALT */ #endif /* MBEDTLS_ECP_LIGHT */ diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 4ea36e34d..7b850e5e8 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5463,6 +5463,16 @@ static int ecp_mod_p256k1(mbedtls_mpi *N) } #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ +#if defined(MBEDTLS_TEST_HOOKS) + +MBEDTLS_STATIC_TESTABLE +mbedtls_ecp_variant mbedtls_ecp_get_variant(void) +{ + return MBEDTLS_ECP_VARIANT_WITH_MPI_STRUCT; +} + +#endif /* MBEDTLS_TEST_HOOKS */ + #endif /* !MBEDTLS_ECP_ALT */ #endif /* MBEDTLS_ECP_LIGHT */ diff --git a/library/ecp_curves_new.c b/library/ecp_curves_new.c index 9a3601625..d431dcf24 100644 --- a/library/ecp_curves_new.c +++ b/library/ecp_curves_new.c @@ -6039,6 +6039,17 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, return 0; } #endif /* MBEDTLS_TEST_HOOKS */ + +#if defined(MBEDTLS_TEST_HOOKS) + +MBEDTLS_STATIC_TESTABLE +mbedtls_ecp_variant mbedtls_ecp_get_variant(void) +{ + return MBEDTLS_ECP_VARIANT_WITH_MPI_UINT; +} + +#endif /* MBEDTLS_TEST_HOOKS */ + #endif /* !MBEDTLS_ECP_ALT */ #endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_ECP_WITH_MPI_UINT */ diff --git a/library/ecp_new.c b/library/ecp_new.c index 0635d5353..16c4fc094 100644 --- a/library/ecp_new.c +++ b/library/ecp_new.c @@ -3638,16 +3638,6 @@ cleanup: #endif /* MBEDTLS_SELF_TEST */ -#if defined(MBEDTLS_TEST_HOOKS) - -MBEDTLS_STATIC_TESTABLE -mbedtls_ecp_variant mbedtls_ecp_get_variant() -{ - return MBEDTLS_ECP_VARIANT_WITH_MPI_UINT; -} - -#endif /* MBEDTLS_TEST_HOOKS */ - #endif /* !MBEDTLS_ECP_ALT */ #endif /* MBEDTLS_ECP_LIGHT */ From b388ed737de3f10dfc4c0f7b478eb8eaf260ffaf Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 31 Jul 2023 12:31:11 +0100 Subject: [PATCH 252/339] Fix missing check in mbedtls_ecp_read_key In ecp_new.c mbedtls_ecp_read_key did only check Weierstrass keys. The behaviour in ecp.c was correct. This bug has no immediate security impact. (The code with the missing check wasn't released and we are checking keys at later point.) After this change ecp.c and ecp_new.c will have a single remaining difference and unifying them will be more straightforward. Signed-off-by: Janos Follath --- library/ecp_new.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/ecp_new.c b/library/ecp_new.c index 16c4fc094..f86f0e9e2 100644 --- a/library/ecp_new.c +++ b/library/ecp_new.c @@ -3280,16 +3280,14 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, ); } } - #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen)); - - MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); } - #endif + MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); + cleanup: if (ret != 0) { From 7e52921c9a07d9c2b1b1e2da0a4128868eccec90 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Aug 2023 12:00:06 +0200 Subject: [PATCH 253/339] Copy test certificates files from development Copy updated test certificates and related data (keys, CSR, etc.) from development. This replaces certificates that will expire on 2023-09-07, causing the unit tests to fail. This also adds new data files that are not used, and moves some files. The replacement data is good until 2023-12-31. The update causes some parsing unit tests to fail because the new certificates have a different expiry date. This will be fixed in a subsequent commit. ``` git checkout dc2d7cce02a273f6ec6a7cd78512dfeaf633a3a5 -- tests/data_files tests/src/test_certs.h tests/src/certs.c ``` Signed-off-by: Gilles Peskine --- tests/data_files/Makefile | 641 ++++++-- .../authorityKeyId_no_authorityKeyId.crt.der | Bin 0 -> 809 bytes .../authorityKeyId_no_issuer.crt.der | Bin 0 -> 842 bytes .../authorityKeyId_no_keyid.crt.der | Bin 0 -> 909 bytes .../authorityKeyId_subjectKeyId.conf | 19 + .../authorityKeyId_subjectKeyId.crt.der | Bin 0 -> 931 bytes ...subjectKeyId_issuer_tag1_malformed.crt.der | Bin 0 -> 931 bytes ...subjectKeyId_issuer_tag2_malformed.crt.der | Bin 0 -> 931 bytes ...bjectKeyId_keyid_tag_len_malformed.crt.der | Bin 0 -> 931 bytes ...d_subjectKeyId_keyid_tag_malformed.crt.der | Bin 0 -> 931 bytes ...eyId_subjectKeyId_length_malformed.crt.der | Bin 0 -> 931 bytes ...ubjectKeyId_sequence_tag_malformed.crt.der | Bin 0 -> 931 bytes ...eyId_subjectKeyId_sn_len_malformed.crt.der | Bin 0 -> 931 bytes ...eyId_subjectKeyId_sn_tag_malformed.crt.der | Bin 0 -> 931 bytes ...yId_subjectKeyId_tag_len_malformed.crt.der | Bin 0 -> 931 bytes ...tyKeyId_subjectKeyId_tag_malformed.crt.der | Bin 0 -> 931 bytes ...ized-fuzz_x509crt-6666050834661376.crt.der | Bin 0 -> 396 bytes tests/data_files/crl-ec-sha1.pem | 14 +- tests/data_files/crl-ec-sha256.pem | 14 +- tests/data_files/crl.pem | 16 +- tests/data_files/crl_cat_ec-rsa.pem | 32 +- tests/data_files/crl_cat_rsa-ec.pem | 32 +- tests/data_files/ec_256_long_prv.der | Bin 0 -> 121 bytes tests/data_files/ec_521_prv.der | Bin 0 -> 223 bytes tests/data_files/ec_521_pub.der | Bin 0 -> 158 bytes tests/data_files/ec_521_short_prv.der | Bin 0 -> 223 bytes tests/data_files/ec_bp512_prv.der | Bin 0 -> 221 bytes tests/data_files/ec_bp512_pub.der | Bin 0 -> 158 bytes tests/data_files/ec_pub.comp.pem | 4 +- tests/data_files/ec_pub.der | Bin 75 -> 75 bytes tests/data_files/ec_pub.pem | 4 +- tests/data_files/ec_x25519_prv.der | Bin 0 -> 48 bytes tests/data_files/ec_x25519_prv.pem | 3 + tests/data_files/ec_x25519_pub.der | Bin 0 -> 44 bytes tests/data_files/ec_x25519_pub.pem | 3 + tests/data_files/ec_x448_prv.der | Bin 0 -> 72 bytes tests/data_files/ec_x448_prv.pem | 4 + tests/data_files/ec_x448_pub.der | Bin 0 -> 68 bytes tests/data_files/ec_x448_pub.pem | 4 + .../parse_input/bitstring-in-dn.pem | 51 + .../parse_input/cert_example_multi.crt | 17 + .../parse_input/cert_example_multi_nocn.crt | 13 + tests/data_files/parse_input/cert_md5.crt | 20 + tests/data_files/parse_input/cert_sha1.crt | 20 + tests/data_files/parse_input/cert_sha224.crt | 20 + tests/data_files/parse_input/cert_sha256.crt | 20 + tests/data_files/parse_input/cert_sha384.crt | 20 + tests/data_files/parse_input/cert_sha512.crt | 20 + .../parse_input/cli-rsa-sha256-badalg.crt.der | Bin 0 -> 835 bytes tests/data_files/parse_input/crl-ec-sha1.pem | 10 + .../data_files/parse_input/crl-ec-sha224.pem | 10 + .../data_files/parse_input/crl-ec-sha256.pem | 10 + .../data_files/parse_input/crl-ec-sha384.pem | 10 + .../data_files/parse_input/crl-ec-sha512.pem | 10 + tests/data_files/parse_input/crl-idp.pem | 12 + tests/data_files/parse_input/crl-idpnc.pem | 12 + .../crl-malformed-trailing-spaces.pem | 20 + .../parse_input/crl-rsa-pss-sha1.pem | 14 + .../parse_input/crl-rsa-pss-sha224.pem | 16 + .../parse_input/crl-rsa-pss-sha256.pem | 16 + .../parse_input/crl-rsa-pss-sha384.pem | 16 + .../parse_input/crl-rsa-pss-sha512.pem | 16 + tests/data_files/parse_input/crl_expired.pem | 11 + tests/data_files/parse_input/crl_md5.pem | 11 + tests/data_files/parse_input/crl_sha1.pem | 11 + tests/data_files/parse_input/crl_sha224.pem | 11 + tests/data_files/parse_input/crl_sha256.pem | 11 + tests/data_files/parse_input/crl_sha384.pem | 11 + tests/data_files/parse_input/crl_sha512.pem | 11 + .../parse_input/keyUsage.decipherOnly.crt | 14 + tests/data_files/parse_input/multiple_san.crt | 12 + .../non-ascii-string-in-issuer.crt | 22 + .../parse_input/rsa_multiple_san_uri.crt.der | Bin 0 -> 954 bytes .../parse_input/rsa_single_san_uri.crt.der | Bin 0 -> 898 bytes .../parse_input/server1-ms.req.sha256 | 16 + .../parse_input/server1.cert_type.crt | 20 + tests/data_files/parse_input/server1.crt | 20 + tests/data_files/parse_input/server1.crt.der | Bin 0 -> 835 bytes .../data_files/parse_input/server1.ext_ku.crt | 22 + .../parse_input/server1.key_usage.crt | 20 + .../parse_input/server1.req.commas.sha256 | 16 + tests/data_files/parse_input/server1.req.md5 | 16 + tests/data_files/parse_input/server1.req.sha1 | 16 + .../data_files/parse_input/server1.req.sha224 | 16 + .../data_files/parse_input/server1.req.sha256 | 16 + .../data_files/parse_input/server1.req.sha384 | 16 + .../data_files/parse_input/server1.req.sha512 | 16 + .../parse_input/server1_pathlen_int_max-1.crt | 20 + .../parse_input/server1_pathlen_int_max.crt | 20 + tests/data_files/parse_input/server2.crt | 20 + tests/data_files/parse_input/server2.crt.der | Bin 0 -> 827 bytes tests/data_files/parse_input/server3.crt | 17 + tests/data_files/parse_input/server4.crt | 18 + ...erver5-directoryname-seq-malformed.crt.der | Bin 0 -> 525 bytes .../parse_input/server5-directoryname.crt.der | Bin 0 -> 498 bytes .../parse_input/server5-fan.crt.der | Bin 0 -> 408 bytes .../server5-nonprintable_othername.crt.der | Bin 0 -> 483 bytes .../parse_input/server5-othername.crt.der | Bin 0 -> 449 bytes ...second-directoryname-oid-malformed.crt.der | Bin 0 -> 525 bytes tests/data_files/parse_input/server5-sha1.crt | 14 + .../data_files/parse_input/server5-sha224.crt | 14 + .../data_files/parse_input/server5-sha384.crt | 14 + .../data_files/parse_input/server5-sha512.crt | 14 + .../server5-two-directorynames.crt.der | Bin 0 -> 525 bytes .../server5-unsupported_othername.crt.der | Bin 0 -> 472 bytes tests/data_files/parse_input/server5.crt | 14 + tests/data_files/parse_input/server5.req.sha1 | 8 + .../data_files/parse_input/server5.req.sha224 | 8 + .../data_files/parse_input/server5.req.sha256 | 8 + .../data_files/parse_input/server5.req.sha384 | 8 + .../data_files/parse_input/server5.req.sha512 | 8 + .../parse_input/server7_all_space.crt | 47 + .../data_files/parse_input/server7_int-ca.crt | 47 + .../parse_input/server7_pem_space.crt | 47 + .../parse_input/server7_trailing_space.crt | 47 + .../data_files/parse_input/server9-sha224.crt | 20 + .../data_files/parse_input/server9-sha256.crt | 20 + .../data_files/parse_input/server9-sha384.crt | 20 + .../data_files/parse_input/server9-sha512.crt | 20 + tests/data_files/parse_input/server9.crt | 19 + tests/data_files/parse_input/server9.req.sha1 | 11 + .../data_files/parse_input/server9.req.sha224 | 12 + .../data_files/parse_input/server9.req.sha256 | 12 + .../data_files/parse_input/server9.req.sha384 | 12 + .../data_files/parse_input/server9.req.sha512 | 12 + .../parse_input/test-ca-any_policy.crt | 19 + .../parse_input/test-ca-any_policy_ec.crt | 12 + .../test-ca-any_policy_with_qualifier.crt | 20 + .../test-ca-any_policy_with_qualifier_ec.crt | 13 + .../parse_input/test-ca-multi_policy.crt | 19 + .../parse_input/test-ca-multi_policy_ec.crt | 12 + .../test-ca-unsupported_policy.crt | 19 + .../test-ca-unsupported_policy_ec.crt | 12 + tests/data_files/parse_input/test-ca.crt | 20 + tests/data_files/parse_input/test-ca.crt.der | Bin 0 -> 837 bytes .../parse_input/test_cert_rfc822name.crt.der | Bin 0 -> 677 bytes .../parse_input/test_csr_v3_all.csr.der | Bin 0 -> 437 bytes ...ormed_attributes_extension_request.csr.der | Bin 0 -> 437 bytes ...es_extension_request_sequence_len1.csr.der | Bin 0 -> 437 bytes ...es_extension_request_sequence_len2.csr.der | Bin 0 -> 437 bytes ...tes_extension_request_sequence_tag.csr.der | Bin 0 -> 437 bytes ...tributes_extension_request_set_tag.csr.der | Bin 0 -> 437 bytes ...v3_all_malformed_attributes_id_tag.csr.der | Bin 0 -> 437 bytes ...r_v3_all_malformed_attributes_len1.csr.der | Bin 0 -> 437 bytes ...r_v3_all_malformed_attributes_len2.csr.der | Bin 0 -> 437 bytes ..._malformed_attributes_sequence_tag.csr.der | Bin 0 -> 437 bytes ...all_malformed_duplicated_extension.csr.der | Bin 0 -> 437 bytes ..._all_malformed_extension_data_len1.csr.der | Bin 0 -> 437 bytes ..._all_malformed_extension_data_len2.csr.der | Bin 0 -> 437 bytes ...3_all_malformed_extension_data_tag.csr.der | Bin 0 -> 437 bytes ..._v3_all_malformed_extension_id_tag.csr.der | Bin 0 -> 437 bytes ..._extension_key_usage_bitstream_tag.csr.der | Bin 0 -> 437 bytes ...ed_extension_ns_cert_bitstream_tag.csr.der | Bin 0 -> 437 bytes ...sion_subject_alt_name_sequence_tag.csr.der | Bin 0 -> 437 bytes ...3_all_malformed_extension_type_oid.csr.der | Bin 0 -> 437 bytes ..._malformed_extensions_sequence_tag.csr.der | Bin 0 -> 437 bytes .../parse_input/test_csr_v3_keyUsage.csr.der | Bin 0 -> 368 bytes .../test_csr_v3_nsCertType.csr.der | Bin 0 -> 374 bytes .../test_csr_v3_subjectAltName.csr.der | Bin 0 -> 407 bytes tests/data_files/pkcs7-rsa-sha256-1.crt | 32 +- tests/data_files/pkcs7-rsa-sha256-1.der | Bin 845 -> 845 bytes tests/data_files/pkcs7-rsa-sha256-1.key | 52 +- tests/data_files/pkcs7-rsa-sha256-1.pem | 84 +- tests/data_files/pkcs7-rsa-sha256-2.crt | 32 +- tests/data_files/pkcs7-rsa-sha256-2.der | Bin 845 -> 845 bytes tests/data_files/pkcs7-rsa-sha256-2.key | 52 +- tests/data_files/pkcs7-rsa-sha256-2.pem | 84 +- tests/data_files/pkcs7-rsa-sha256-3.crt | 32 +- tests/data_files/pkcs7-rsa-sha256-3.key | 52 +- tests/data_files/pkcs7-rsa-sha256-3.pem | 84 +- tests/data_files/pkcs7_data_3_signed.der | Bin 1185 -> 1185 bytes .../data_files/pkcs7_data_cert_encrypted.der | Bin 452 -> 452 bytes .../pkcs7_data_cert_signed_sha1.der | Bin 1276 -> 1276 bytes .../pkcs7_data_cert_signed_sha256.der | Bin 1284 -> 1284 bytes .../pkcs7_data_cert_signed_sha512.der | Bin 1284 -> 1284 bytes .../data_files/pkcs7_data_cert_signed_v2.der | Bin 1284 -> 1284 bytes .../pkcs7_data_cert_signeddata_sha256.der | Bin 1265 -> 1265 bytes .../pkcs7_data_multiple_certs_signed.der | Bin 2504 -> 2504 bytes .../data_files/pkcs7_data_multiple_signed.der | Bin 810 -> 810 bytes .../data_files/pkcs7_data_signed_badcert.der | Bin 1284 -> 1284 bytes .../pkcs7_data_signed_badsigner.der | Bin 1284 -> 1284 bytes .../pkcs7_data_signed_badsigner1_badsize.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner1_badtag.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner1_fuzzbad.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner2_badsize.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner2_badtag.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner2_fuzzbad.der | Bin 1185 -> 1185 bytes .../data_files/pkcs7_data_with_signature.der | Bin 446 -> 446 bytes .../pkcs7_data_without_cert_signed.der | Bin 435 -> 435 bytes ...o_1_serial_invalid_tag_after_long_name.der | Bin 810 -> 810 bytes .../pkcs7_signerInfo_2_invalid_tag.der | Bin 1185 -> 1185 bytes .../pkcs7_signerInfo_issuer_invalid_size.der | Bin 1284 -> 1284 bytes .../pkcs7_signerInfo_serial_invalid_size.der | Bin 1284 -> 1284 bytes .../data_files/pkcs7_zerolendata_detached.der | Bin 435 -> 435 bytes tests/data_files/rsa4096_prv.der | Bin 0 -> 2349 bytes tests/data_files/rsa4096_pub.der | Bin 0 -> 550 bytes .../data_files/server1.allSubjectAltNames.crt | 23 + tests/data_files/server1.key.der | Bin 0 -> 1190 bytes tests/data_files/server1.pubkey.der | Bin 0 -> 294 bytes tests/data_files/server10-badsign.crt | 16 +- tests/data_files/server10-bs_int3.pem | 32 +- tests/data_files/server10.crt | 16 +- tests/data_files/server10_int3-bs.pem | 32 +- tests/data_files/server10_int3_int-ca2.crt | 54 +- tests/data_files/server10_int3_int-ca2_ca.crt | 138 +- .../server10_int3_spurious_int-ca2.crt | 70 +- tests/data_files/server3.crt | 26 +- tests/data_files/server4.crt | 31 +- tests/data_files/server5-badsign.crt | 18 +- tests/data_files/server5-der0.crt | Bin 547 -> 548 bytes tests/data_files/server5-der1a.crt | Bin 548 -> 549 bytes tests/data_files/server5-der1b.crt | Bin 548 -> 549 bytes tests/data_files/server5-der2.crt | Bin 549 -> 550 bytes tests/data_files/server5-der4.crt | Bin 551 -> 552 bytes tests/data_files/server5-der8.crt | Bin 555 -> 556 bytes tests/data_files/server5-der9.crt | Bin 556 -> 557 bytes tests/data_files/server5-sha1.crt | 18 +- tests/data_files/server5-sha224.crt | 18 +- tests/data_files/server5-sha384.crt | 18 +- tests/data_files/server5-sha512.crt | 18 +- ...erver5-tricky-ip-san-malformed-len.crt.der | Bin 0 -> 409 bytes .../data_files/server5-tricky-ip-san.crt.der | Bin 0 -> 409 bytes tests/data_files/server5.crt | 18 +- tests/data_files/server5.crt.der | Bin 547 -> 548 bytes tests/data_files/server5.crt.openssl.v3_ext | 3 + tests/data_files/server6.crt | 16 +- tests/data_files/server7-badsign.crt | 52 +- tests/data_files/server7-expired.crt | 48 +- tests/data_files/server7-future.crt | 48 +- tests/data_files/server7.crt | 36 +- tests/data_files/server7_int-ca-exp.crt | 50 +- tests/data_files/server7_int-ca.crt | 52 +- tests/data_files/server7_int-ca_ca2.crt | 76 +- tests/data_files/server7_spurious_int-ca.crt | 74 +- tests/data_files/server8.crt | 31 +- tests/data_files/server8_int-ca2.crt | 53 +- tests/data_files/test-ca.crt | 18 +- tests/data_files/test-ca.key | 52 +- tests/data_files/test-ca.opensslconf | 19 + tests/data_files/test-ca.req.sha256 | 16 + tests/data_files/test-ca.req_ec.sha256 | 9 + tests/data_files/test-ca2.crt | 12 +- tests/data_files/test-ca2.crt.der | Bin 520 -> 523 bytes tests/data_files/test-ca2.req.sha256 | 9 + .../test-ca2_cat-future-invalid.crt | 42 +- .../test-ca2_cat-future-present.crt | 46 +- .../data_files/test-ca2_cat-past-invalid.crt | 16 +- .../data_files/test-ca2_cat-past-present.crt | 24 +- .../test-ca2_cat-present-future.crt | 46 +- .../data_files/test-ca2_cat-present-past.crt | 24 +- tests/data_files/test-ca_cat12.crt | 42 +- tests/data_files/test-ca_cat21.crt | 42 +- tests/data_files/test-int-ca-exp.crt | 14 +- tests/data_files/test-int-ca.crt | 16 +- tests/data_files/test-int-ca2.crt | 22 +- tests/data_files/test-int-ca3-badsign.crt | 16 +- tests/data_files/test-int-ca3.crt | 16 +- tests/data_files/test_certs.h.jinja2 | 54 + tests/src/certs.c | 1294 +---------------- tests/src/test_certs.h | 1238 ++++++++++++++++ 260 files changed, 4391 insertions(+), 2480 deletions(-) create mode 100644 tests/data_files/authorityKeyId_no_authorityKeyId.crt.der create mode 100644 tests/data_files/authorityKeyId_no_issuer.crt.der create mode 100644 tests/data_files/authorityKeyId_no_keyid.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId.conf create mode 100644 tests/data_files/authorityKeyId_subjectKeyId.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der create mode 100644 tests/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der create mode 100644 tests/data_files/ec_256_long_prv.der create mode 100644 tests/data_files/ec_521_prv.der create mode 100644 tests/data_files/ec_521_pub.der create mode 100644 tests/data_files/ec_521_short_prv.der create mode 100644 tests/data_files/ec_bp512_prv.der create mode 100644 tests/data_files/ec_bp512_pub.der create mode 100644 tests/data_files/ec_x25519_prv.der create mode 100644 tests/data_files/ec_x25519_prv.pem create mode 100644 tests/data_files/ec_x25519_pub.der create mode 100644 tests/data_files/ec_x25519_pub.pem create mode 100644 tests/data_files/ec_x448_prv.der create mode 100644 tests/data_files/ec_x448_prv.pem create mode 100644 tests/data_files/ec_x448_pub.der create mode 100644 tests/data_files/ec_x448_pub.pem create mode 100644 tests/data_files/parse_input/bitstring-in-dn.pem create mode 100644 tests/data_files/parse_input/cert_example_multi.crt create mode 100644 tests/data_files/parse_input/cert_example_multi_nocn.crt create mode 100644 tests/data_files/parse_input/cert_md5.crt create mode 100644 tests/data_files/parse_input/cert_sha1.crt create mode 100644 tests/data_files/parse_input/cert_sha224.crt create mode 100644 tests/data_files/parse_input/cert_sha256.crt create mode 100644 tests/data_files/parse_input/cert_sha384.crt create mode 100644 tests/data_files/parse_input/cert_sha512.crt create mode 100644 tests/data_files/parse_input/cli-rsa-sha256-badalg.crt.der create mode 100644 tests/data_files/parse_input/crl-ec-sha1.pem create mode 100644 tests/data_files/parse_input/crl-ec-sha224.pem create mode 100644 tests/data_files/parse_input/crl-ec-sha256.pem create mode 100644 tests/data_files/parse_input/crl-ec-sha384.pem create mode 100644 tests/data_files/parse_input/crl-ec-sha512.pem create mode 100644 tests/data_files/parse_input/crl-idp.pem create mode 100644 tests/data_files/parse_input/crl-idpnc.pem create mode 100644 tests/data_files/parse_input/crl-malformed-trailing-spaces.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha1.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha224.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha256.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha384.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha512.pem create mode 100644 tests/data_files/parse_input/crl_expired.pem create mode 100644 tests/data_files/parse_input/crl_md5.pem create mode 100644 tests/data_files/parse_input/crl_sha1.pem create mode 100644 tests/data_files/parse_input/crl_sha224.pem create mode 100644 tests/data_files/parse_input/crl_sha256.pem create mode 100644 tests/data_files/parse_input/crl_sha384.pem create mode 100644 tests/data_files/parse_input/crl_sha512.pem create mode 100644 tests/data_files/parse_input/keyUsage.decipherOnly.crt create mode 100644 tests/data_files/parse_input/multiple_san.crt create mode 100644 tests/data_files/parse_input/non-ascii-string-in-issuer.crt create mode 100644 tests/data_files/parse_input/rsa_multiple_san_uri.crt.der create mode 100644 tests/data_files/parse_input/rsa_single_san_uri.crt.der create mode 100644 tests/data_files/parse_input/server1-ms.req.sha256 create mode 100644 tests/data_files/parse_input/server1.cert_type.crt create mode 100644 tests/data_files/parse_input/server1.crt create mode 100644 tests/data_files/parse_input/server1.crt.der create mode 100644 tests/data_files/parse_input/server1.ext_ku.crt create mode 100644 tests/data_files/parse_input/server1.key_usage.crt create mode 100644 tests/data_files/parse_input/server1.req.commas.sha256 create mode 100644 tests/data_files/parse_input/server1.req.md5 create mode 100644 tests/data_files/parse_input/server1.req.sha1 create mode 100644 tests/data_files/parse_input/server1.req.sha224 create mode 100644 tests/data_files/parse_input/server1.req.sha256 create mode 100644 tests/data_files/parse_input/server1.req.sha384 create mode 100644 tests/data_files/parse_input/server1.req.sha512 create mode 100644 tests/data_files/parse_input/server1_pathlen_int_max-1.crt create mode 100644 tests/data_files/parse_input/server1_pathlen_int_max.crt create mode 100644 tests/data_files/parse_input/server2.crt create mode 100644 tests/data_files/parse_input/server2.crt.der create mode 100644 tests/data_files/parse_input/server3.crt create mode 100644 tests/data_files/parse_input/server4.crt create mode 100644 tests/data_files/parse_input/server5-directoryname-seq-malformed.crt.der create mode 100644 tests/data_files/parse_input/server5-directoryname.crt.der create mode 100644 tests/data_files/parse_input/server5-fan.crt.der create mode 100644 tests/data_files/parse_input/server5-nonprintable_othername.crt.der create mode 100644 tests/data_files/parse_input/server5-othername.crt.der create mode 100644 tests/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der create mode 100644 tests/data_files/parse_input/server5-sha1.crt create mode 100644 tests/data_files/parse_input/server5-sha224.crt create mode 100644 tests/data_files/parse_input/server5-sha384.crt create mode 100644 tests/data_files/parse_input/server5-sha512.crt create mode 100644 tests/data_files/parse_input/server5-two-directorynames.crt.der create mode 100644 tests/data_files/parse_input/server5-unsupported_othername.crt.der create mode 100644 tests/data_files/parse_input/server5.crt create mode 100644 tests/data_files/parse_input/server5.req.sha1 create mode 100644 tests/data_files/parse_input/server5.req.sha224 create mode 100644 tests/data_files/parse_input/server5.req.sha256 create mode 100644 tests/data_files/parse_input/server5.req.sha384 create mode 100644 tests/data_files/parse_input/server5.req.sha512 create mode 100644 tests/data_files/parse_input/server7_all_space.crt create mode 100644 tests/data_files/parse_input/server7_int-ca.crt create mode 100644 tests/data_files/parse_input/server7_pem_space.crt create mode 100644 tests/data_files/parse_input/server7_trailing_space.crt create mode 100644 tests/data_files/parse_input/server9-sha224.crt create mode 100644 tests/data_files/parse_input/server9-sha256.crt create mode 100644 tests/data_files/parse_input/server9-sha384.crt create mode 100644 tests/data_files/parse_input/server9-sha512.crt create mode 100644 tests/data_files/parse_input/server9.crt create mode 100644 tests/data_files/parse_input/server9.req.sha1 create mode 100644 tests/data_files/parse_input/server9.req.sha224 create mode 100644 tests/data_files/parse_input/server9.req.sha256 create mode 100644 tests/data_files/parse_input/server9.req.sha384 create mode 100644 tests/data_files/parse_input/server9.req.sha512 create mode 100644 tests/data_files/parse_input/test-ca-any_policy.crt create mode 100644 tests/data_files/parse_input/test-ca-any_policy_ec.crt create mode 100644 tests/data_files/parse_input/test-ca-any_policy_with_qualifier.crt create mode 100644 tests/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt create mode 100644 tests/data_files/parse_input/test-ca-multi_policy.crt create mode 100644 tests/data_files/parse_input/test-ca-multi_policy_ec.crt create mode 100644 tests/data_files/parse_input/test-ca-unsupported_policy.crt create mode 100644 tests/data_files/parse_input/test-ca-unsupported_policy_ec.crt create mode 100644 tests/data_files/parse_input/test-ca.crt create mode 100644 tests/data_files/parse_input/test-ca.crt.der create mode 100644 tests/data_files/parse_input/test_cert_rfc822name.crt.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_keyUsage.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_nsCertType.csr.der create mode 100644 tests/data_files/parse_input/test_csr_v3_subjectAltName.csr.der create mode 100644 tests/data_files/rsa4096_prv.der create mode 100644 tests/data_files/rsa4096_pub.der create mode 100644 tests/data_files/server1.allSubjectAltNames.crt create mode 100644 tests/data_files/server1.key.der create mode 100644 tests/data_files/server1.pubkey.der create mode 100644 tests/data_files/server5-tricky-ip-san-malformed-len.crt.der create mode 100644 tests/data_files/server5-tricky-ip-san.crt.der create mode 100644 tests/data_files/server5.crt.openssl.v3_ext create mode 100644 tests/data_files/test-ca.req.sha256 create mode 100644 tests/data_files/test-ca.req_ec.sha256 create mode 100644 tests/data_files/test-ca2.req.sha256 create mode 100644 tests/data_files/test_certs.h.jinja2 create mode 100644 tests/src/test_certs.h diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 7cdbd24b5..eff44d8ac 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -41,17 +41,20 @@ test_ca_key_file_rsa = test-ca.key test_ca_pwd_rsa = PolarSSLTest test_ca_config_file = test-ca.opensslconf +$(test_ca_key_file_rsa): + $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048 +all_final += $(test_ca_key_file_rsa) + test-ca.req.sha256: $(test_ca_key_file_rsa) $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 all_intermediate += test-ca.req.sha256 -test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 +parse_input/test-ca.crt test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ all_final += test-ca.crt -test-ca.crt.der: test-ca.crt +parse_input/test-ca.crt.der: parse_input/test-ca.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ -all_final += test-ca.crt.der test-ca.key.der: $(test_ca_key_file_rsa) $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)" @@ -90,57 +93,60 @@ test_ca_key_file_rsa_alt = test-ca-alt.key cert_example_multi.csr: rsa_pkcs1_1024_clear.pem $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@ -cert_example_multi.crt: cert_example_multi.csr - $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@ +parse_input/cert_example_multi.crt cert_example_multi.crt: cert_example_multi.csr + $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ + -extfile $(test_ca_config_file) -extensions dns_alt_names \ + -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 \ + -in $< > $@ -test_csr_v3_keyUsage.csr.der: rsa_pkcs1_1024_clear.pem +parse_input/test_csr_v3_keyUsage.csr.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_keyUsage -test_csr_v3_subjectAltName.csr.der: rsa_pkcs1_1024_clear.pem +parse_input/test_csr_v3_subjectAltName.csr.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_subjectAltName -test_csr_v3_nsCertType.csr.der: rsa_pkcs1_1024_clear.pem +parse_input/test_csr_v3_nsCertType.csr.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_nsCertType -test_csr_v3_all.csr.der: rsa_pkcs1_1024_clear.pem +parse_input/test_csr_v3_all.csr.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_all -test_csr_v3_all_malformed_extensions_sequence_tag.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/300B0603551D0F040403/200B0603551D0F040403/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_extension_id_tag.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/0603551D0F0404030201/0703551D0F0404030201/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_extension_data_tag.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/050403020102302F0603/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_extension_data_len1.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040503020102302F0603/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_extension_data_len2.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040303020102302F0603/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020102302F0603551D/04020102302F0603551D/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/3026A02406082B060105/4026A02406082B060105/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020780300D06092A86/04020780300D06092A86/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_duplicated_extension.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551D0F/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_extension_type_oid.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551DFF/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_attributes_sequence_tag.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/406006092A864886F70D/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_attributes_id_tag.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D0109/07092A864886F70D0109/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_attributes_extension_request.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/2A864886F70D01090E/2A864886F70D01090F/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/31533051300B0603551D/32533051300B0603551D/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3151300B0603551D0F04/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_attributes_len1.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/306106092A864886F70D/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_attributes_len2.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/305906092A864886F70D/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3052300B0603551D0F04/" | xxd -r -p ) > $@ -test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: test_csr_v3_all.csr.der +parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: parse_input/test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@ -test_cert_rfc822name.crt.der: cert_example_multi.csr +parse_input/test_cert_rfc822name.crt.der: cert_example_multi.csr $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -outform DER -extensions rfc822name_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@ $(test_ca_key_file_rsa_alt):test-ca.opensslconf @@ -167,39 +173,54 @@ all_intermediate += test-ca2.req.sha256 test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ -all_final += test-ca.crt +all_final += test-ca2.crt -test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 +test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 + $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \ + issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \ + not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@ +all_intermediate += test-ca2-future.crt + +test_ca_ec_cat := # files that concatenate different crt +test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt +test_ca_ec_cat += test-ca2_cat-future-invalid.crt +test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt +test_ca_ec_cat += test-ca2_cat-future-present.crt +test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt +test_ca_ec_cat += test-ca2_cat-present-future.crt +test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt +test_ca_ec_cat += test-ca2_cat-present-past.crt +test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt +test_ca_ec_cat += test-ca2_cat-past-invalid.crt +test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt +test_ca_ec_cat += test-ca2_cat-past-present.crt +$(test_ca_ec_cat): + cat $^ > $@ +all_final += $(test_ca_ec_cat) + +parse_input/test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ -all_final += test-ca-any_policy.crt -test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 +parse_input/test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ -all_final += test-ca-any_policy_ec.crt -test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 +parse_input/test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ -all_final += test-ca-any_policy_with_qualifier.crt -test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 +parse_input/test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ -all_final += test-ca-any_policy_with_qualifier_ec.crt -test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 +parse_input/test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ -all_final += test-ca-multi_policy.crt -test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 +parse_input/test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ -all_final += test-ca-multi_policy_ec.crt -test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 +parse_input/test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ -all_final += test-ca-unsupported_policy.crt -test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 +parse_input/test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ -all_final += test-ca-unsupported_policy_ec.crt test-ca.req_ec.sha256: $(test_ca_key_file_ec) $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256 @@ -225,20 +246,45 @@ all_final += $(test_ca_crt_cat21) test-int-ca.csr: test-int-ca.key $(test_ca_config_file) $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ -all_intermediate += test-int-ca.csr + +test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file) + $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \ + -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@ + +test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file) + $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \ + -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@ + +all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr + +test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr + $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca \ + -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ + -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ + +test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr + $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \ + -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \ + -passin "pass:$(test_ca_pwd_rsa)" -out $@ + +# Note: This requests openssl version >= 3.x.xx +test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr + $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \ + -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \ + -sha256 -in test-int-ca3.csr -out $@ + test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ -all_final += test-int-ca-exp.crt + +all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ -crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) +parse_input/crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ -all_final += crl-idp.pem -crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) +parse_input/crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ -all_final += crl-idpnc.pem cli_crt_key_file_rsa = cli-rsa.key cli_crt_extensions_file = cli.opensslconf @@ -258,34 +304,82 @@ cli-rsa-sha256.crt.der: cli-rsa-sha256.crt $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER all_final += cli-rsa-sha256.crt.der -cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der +parse_input/cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@ -all_final += cli-rsa-sha256-badalg.crt.der cli-rsa.key.der: $(cli_crt_key_file_rsa) $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER all_final += cli-rsa.key.der test_ca_int_rsa1 = test-int-ca.crt +test_ca_int_ec = test-int-ca2.crt +test_ca_int_key_file_ec = test-int-ca2.key + +# server7* server7.csr: server7.key $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ all_intermediate += server7.csr + +server7.crt: server7.csr $(test_ca_int_rsa1) + $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ + -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key \ + -set_serial 16 -days 3653 -sha256 -in server7.csr > $@ +all_final += server7.crt + server7-expired.crt: server7.csr $(test_ca_int_rsa1) $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ all_final += server7-expired.crt + server7-future.crt: server7.csr $(test_ca_int_rsa1) $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ all_final += server7-future.crt + server7-badsign.crt: server7.crt $(test_ca_int_rsa1) { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ all_final += server7-badsign.crt + +parse_input/server7_int-ca.crt server7_int-ca.crt: server7.crt $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_rsa1) > $@ +all_final += server7_int-ca.crt + +parse_input/server7_pem_space.crt: server7.crt $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@ + +parse_input/server7_all_space.crt: server7.crt $(test_ca_int_rsa1) + { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@ + +parse_input/server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@ + +server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) + cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@ +all_final += server7_int-ca_ca2.crt + server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt cat server7.crt test-int-ca-exp.crt > $@ all_final += server7_int-ca-exp.crt +server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@ +all_final += server7_spurious_int-ca.crt + +# server8* + +server8.crt: server8.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 \ + issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) \ + not_before=20190210144406 not_after=20290210144406 \ + md=SHA256 version=3 output_file=$@ +all_final += server8.crt + +server8_int-ca2.crt: server8.crt $(test_ca_int_ec) + cat $^ > $@ +all_final += server8_int-ca2.crt + cli2.req.sha256: cli2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 +all_intermediate += cli2.req.sha256 all_final += server1.req.sha1 cli2.crt: cli2.req.sha256 @@ -323,40 +417,102 @@ server5-ss-forgeca.crt: server5.key $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ all_final += server5-ss-forgeca.crt -server5-othername.crt: server5.key - $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@ +parse_input/server5-othername.crt.der: server5.key + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -outform der -out $@ -server5-nonprintable_othername.crt: server5.key - $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@ +parse_input/server5-nonprintable_othername.crt.der: server5.key + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -outform der -out $@ -server5-unsupported_othername.crt: server5.key - $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -out $@ +parse_input/server5-unsupported_othername.crt.der: server5.key + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -outform der -out $@ -server5-fan.crt: server5.key - $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@ +parse_input/server5-fan.crt.der: server5.key + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -outform der -out $@ -server5-tricky-ip-san.crt: server5.key - $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@ -all_final += server5-tricky-ip-san.crt +server5-tricky-ip-san.crt.der: server5.key + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -outform der -out $@ -rsa_single_san_uri.crt.der: rsa_single_san_uri.key +all_final += server5-tricky-ip-san.crt.der + +# malformed IP length +server5-tricky-ip-san-malformed-len.crt.der: server5-tricky-ip-san.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/87046162636487106162/87056162636487106162/" | xxd -r -p > $@ + +parse_input/server5-directoryname.crt.der: server5.key + $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions directory_name_san -days 3650 -sha256 -key server5.key -out $@ + +parse_input/server5-two-directorynames.crt.der: server5.key + $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions two_directorynames -days 3650 -sha256 -key server5.key -out $@ + +server5-der0.crt: server5.crt.der + cp $< $@ +server5-der1a.crt: server5.crt.der + cp $< $@ + echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc +server5-der1b.crt: server5.crt.der + cp $< $@ + echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc +server5-der2.crt: server5.crt.der + cp $< $@ + echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc +server5-der4.crt: server5.crt.der + cp $< $@ + echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc +server5-der8.crt: server5.crt.der + cp $< $@ + echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc +server5-der9.crt: server5.crt.der + cp $< $@ + echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc +all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \ + server5-der9.crt server5-der1a.crt server5-der2.crt \ + server5-der8.crt + +# directoryname sequence tag malformed +parse_input/server5-directoryname-seq-malformed.crt.der: parse_input/server5-two-directorynames.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/62A4473045310B/62A4473145310B/" | xxd -r -p > $@ + +# Second directoryname OID length malformed 03 -> 15 +parse_input/server5-second-directoryname-oid-malformed.crt.der: parse_input/server5-two-directorynames.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/0355040A0C0A4D414C464F524D5F4D45/1555040A0C0A4D414C464F524D5F4D45/" | xxd -r -p > $@ + +parse_input/rsa_single_san_uri.crt.der rsa_single_san_uri.crt.der: rsa_single_san_uri.key $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" -rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key +parse_input/rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" +test-int-ca3-badsign.crt: test-int-ca3.crt + { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ +all_final += test-int-ca3-badsign.crt + +# server10* + +server10.crt: server10.key test-int-ca3.crt test-int-ca3.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 \ + issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key \ + subject_identifier=0 authority_identifier=0 \ + not_before=20190210144406 not_after=20290210144406 \ + md=SHA256 version=3 output_file=$@ +all_final += server10.crt server10-badsign.crt: server10.crt { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ all_final += server10-badsign.crt server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt cat server10-badsign.crt test-int-ca3.crt > $@ all_final += server10-bs_int3.pem -test-int-ca3-badsign.crt: test-int-ca3.crt - { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ -all_final += test-int-ca3-badsign.crt server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt cat server10.crt test-int-ca3-badsign.crt > $@ all_final += server10_int3-bs.pem +server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) + cat $^ > $@ +all_final += server10_int3_int-ca2.crt +server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt) + cat $^ > $@ +all_final += server10_int3_int-ca2_ca.crt +server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec) + cat $^ > $@ +all_final += server10_int3_spurious_int-ca2.crt rsa_pkcs1_2048_public.pem: server8.key $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ @@ -374,6 +530,61 @@ rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ all_final += rsa_pkcs8_2048_public.der +# Generate crl_cat_*.pem +# - crt_cat_*.pem: (1+2) concatenations in various orders: +# ec = crl-ec-sha256.pem, ecfut = crl-future.pem +# rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem + +crl_cat_ec-rsa.pem:crl-ec-sha256.pem crl.pem + cat $^ > $@ + +crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem + cat $^ > $@ + +all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem + +authorityKeyId_subjectKeyId.crt.der: + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' -set_serial 593828494303792449134898749208168108403991951034 + +authorityKeyId_no_keyid.crt.der: + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' -set_serial 593828494303792449134898749208168108403991951034 + +authorityKeyId_no_issuer.crt.der: + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer' + +authorityKeyId_no_authorityKeyId.crt.der: + $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_no_authorityKeyId' + +authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0114A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0413A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_length_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306C8014A505E864B8DC/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/6F306D8014A505E864B8/6F006D8014A505E864B8/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D0014A505E864B8DC/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D80FFA505E864B8DC/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/A13FA43D303B310B3009/003FA43D303B310B3009/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/A43D303B310B30090603/003D303B310B30090603/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8114680430CD074DE63F/" | xxd -r -p > $@ + +authorityKeyId_subjectKeyId_sn_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8213680430CD074DE63F/" | xxd -r -p > $@ + ################################################################ #### Generate various RSA keys ################################################################ @@ -920,6 +1131,10 @@ ec_prv.pk8param.pem: ec_prv.pk8param.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_prv.pk8param.pem +ec_pub.pem: ec_prv.sec1.der + $(OPENSSL) pkey -in $< -inform DER -outform PEM -pubout -out $@ +all_final += ec_pub.pem + ec_prv.sec1.comp.pem: ec_prv.sec1.pem $(OPENSSL) ec -in $< -out $@ -conv_form compressed all_final += ec_prv.sec1.comp.pem @@ -984,23 +1199,106 @@ ec_bp512_pub.comp.pem: ec_bp512_pub.pem $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed all_final += ec_bp512_pub.comp.pem +ec_x25519_prv.der: + $(OPENSSL) genpkey -algorithm X25519 -out $@ -outform DER +all_final += ec_x25519_prv.der + +ec_x25519_pub.der: ec_x25519_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout +all_final += ec_x25519_pub.der + +ec_x25519_prv.pem: ec_x25519_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ +all_final += ec_x25519_prv.pem + +ec_x25519_pub.pem: ec_x25519_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout +all_final += ec_x25519_pub.pem + +ec_x448_prv.der: + $(OPENSSL) genpkey -algorithm X448 -out $@ -outform DER +all_final += ec_x448_prv.der + +ec_x448_pub.der: ec_x448_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout +all_final += ec_x448_pub.der + +ec_x448_prv.pem: ec_x448_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ +all_final += ec_x448_prv.pem + +ec_x448_pub.pem: ec_x448_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout +all_final += ec_x448_pub.pem + +################################################################ +#### Convert PEM keys to DER format +################################################################ +server1.pubkey.der: server1.pubkey + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += server1.pubkey.der + +rsa4096_pub.der: rsa4096_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += rsa4096_pub.der + +ec_pub.der: ec_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += ec_pub.der + +ec_521_pub.der: ec_521_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += ec_521_pub.der + +ec_bp512_pub.der: ec_bp512_pub.pem + $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER +all_final += ec_bp512_pub.der + +server1.key.der: server1.key + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += server1.key.der + +rsa4096_prv.der: rsa4096_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += rsa4096_prv.der + +ec_prv.sec1.der: ec_prv.sec1.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_prv.sec1.der + +ec_256_long_prv.der: ec_256_long_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_256_long_prv.der + +ec_521_prv.der: ec_521_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_521_prv.der + +ec_521_short_prv.der: ec_521_short_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_521_short_prv.der + +ec_bp512_prv.der: ec_bp512_prv.pem + $(OPENSSL) pkey -in $< -out $@ -outform DER +all_final += ec_bp512_prv.der + ################################################################ ### Generate CSRs for X.509 write test suite ################################################################ -server1.req.sha1: server1.key +parse_input/server1.req.sha1 server1.req.sha1: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 all_final += server1.req.sha1 -server1.req.md5: server1.key +parse_input/server1.req.md5 server1.req.md5: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5 all_final += server1.req.md5 -server1.req.sha224: server1.key +parse_input/server1.req.sha224 server1.req.sha224: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224 all_final += server1.req.sha224 -server1.req.sha256: server1.key +parse_input/server1.req.sha256 server1.req.sha256: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256 all_final += server1.req.sha256 @@ -1009,11 +1307,11 @@ server1.req.sha256.ext: server1.key openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth" -addext "subjectAltName=URI:http://pki.example.com/,IP:127.1.1.0,DNS:example.com" all_final += server1.req.sha256.ext -server1.req.sha384: server1.key +parse_input/server1.req.sha384 server1.req.sha384: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 all_final += server1.req.sha384 -server1.req.sha512: server1.key +parse_input/server1.req.sha512 server1.req.sha512: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512 all_final += server1.req.sha512 @@ -1037,9 +1335,8 @@ server1.req.cert_type_empty: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1 all_final += server1.req.cert_type_empty -server1.req.commas.sha256: server1.key +parse_input/server1.req.commas.sha256: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256 -all_final += server1.req.commas.sha256 # server2* @@ -1049,7 +1346,9 @@ server2.req.sha256: server2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 all_intermediate += server2.req.sha256 +parse_input/server2.crt.der: parse_input/server2.crt server2.crt.der: server2.crt +parse_input/server2.crt.der server2.crt.der: $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ all_final += server2.crt.der @@ -1067,11 +1366,39 @@ all_final += server2.key.enc # server5* +server5.csr: server5.key + $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ + -key $< -out $@ +all_intermediate += server5.csr +parse_input/server5.crt server5.crt: server5-sha256.crt + cp $< $@ +all_intermediate += server5-sha256.crt +server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext + $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ + -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \ + -sha$(@F:server5-sha%.crt=%) -in $< -out $@ +all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt + +server5-badsign.crt: server5.crt + { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ +all_final += server5-badsign.crt + # The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' server5.req.ku.sha1: server5.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 all_final += server5.req.ku.sha1 +# server6* + +server6.csr: server6.key + $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ + -key $< -out $@ +all_intermediate += server6.csr +server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) + $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ + -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@ +all_final += server6.crt + ################################################################ ### Generate certificates for CRT write check tests ################################################################ @@ -1090,8 +1417,17 @@ test_ca_server1_config_file = test-ca.server1.opensslconf # server1* -server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) - $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ +parse_input/server1.crt: parse_input/server1.req.sha256 +server1.crt: server1.req.sha256 +parse_input/server1.crt server1.crt: $(test_ca_crt) $(test_ca_key_file_rsa) +parse_input/server1.crt server1.crt: + $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 \ + issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ + issuer_pwd=$(test_ca_pwd_rsa) version=1 \ + not_before=20190210144406 not_after=20290210144406 \ + md=SHA1 version=3 output_file=$@ +server1.allSubjectAltNames.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ san=URI:http://pki.example.com\;IP:1.2.3.4\;DN:C=UK,O="Mbed TLS",CN="SubjectAltName test"\;DNS:example.com\;RFC822:mail@example.com server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ @@ -1103,24 +1439,34 @@ server1.long_serial_FF.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ -server1.crt.der: server1.crt - $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ +parse_input/server1.crt.der: parse_input/server1.crt + $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 \ + issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ + issuer_pwd=$(test_ca_pwd_rsa) \ + not_before=20190210144406 not_after=20290210144406 \ + md=SHA1 authority_identifier=0 version=3 output_file=$@ server1.der: server1.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ -server1.commas.crt: server1.key server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) - $(MBEDTLS_CERT_WRITE) request_file=server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ +server1.commas.crt: server1.key parse_input/server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ all_final += server1.crt server1.noauthid.crt server1.crt.der server1.commas.crt -server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) - $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ +parse_input/server1.key_usage.crt: parse_input/server1.req.sha256 +server1.key_usage.crt: server1.req.sha256 +parse_input/server1.key_usage.crt server1.key_usage.crt: $(test_ca_crt) $(test_ca_key_file_rsa) +parse_input/server1.key_usage.crt server1.key_usage.crt: + $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ server1.key_usage.der: server1.key_usage.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der -server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) - $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ +parse_input/server1.cert_type.crt: parse_input/server1.req.sha256 +server1.cert_type.crt: server1.req.sha256 +parse_input/server1.cert_type.crt server1.cert_type.crt: $(test_ca_crt) $(test_ca_key_file_rsa) +parse_input/server1.cert_type.crt server1.cert_type.crt: + $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ server1.cert_type.der: server1.cert_type.crt @@ -1145,23 +1491,23 @@ server1_ca.crt: server1.crt $(test_ca_crt) cat server1.crt $(test_ca_crt) > $@ all_final += server1_ca.crt -cert_sha1.crt: server1.key +parse_input/cert_sha1.crt cert_sha1.crt: server1.key $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ all_final += cert_sha1.crt -cert_sha224.crt: server1.key +parse_input/cert_sha224.crt cert_sha224.crt: server1.key $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@ all_final += cert_sha224.crt -cert_sha256.crt: server1.key +parse_input/cert_sha256.crt cert_sha256.crt: server1.key $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ all_final += cert_sha256.crt -cert_sha384.crt: server1.key +parse_input/cert_sha384.crt cert_sha384.crt: server1.key $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@ all_final += cert_sha384.crt -cert_sha512.crt: server1.key +parse_input/cert_sha512.crt cert_sha512.crt: server1.key $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@ all_final += cert_sha512.crt @@ -1206,7 +1552,7 @@ server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.c # server2* -server2.crt: server2.req.sha256 +parse_input/server2.crt server2.crt: server2.req.sha256 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ all_final += server2.crt @@ -1218,6 +1564,24 @@ server2-sha256.crt: server2.req.sha256 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ all_final += server2-sha256.crt +# server3* + +parse_input/server3.crt server3.crt: server3.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \ + issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ + not_before=20190210144406 not_after=20290210144406 \ + md=SHA1 version=3 output_file=$@ +all_final += server3.crt + +# server4* + +parse_input/server4.crt server4.crt: server4.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 \ + issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) \ + not_before=20190210144400 not_after=20290210144400 \ + md=SHA256 version=3 output_file=$@ +all_final += server4.crt + # MD5 test certificate cert_md_test_key = $(cli_crt_key_file_rsa) @@ -1226,8 +1590,12 @@ cert_md5.csr: $(cert_md_test_key) $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5 all_intermediate += cert_md5.csr -cert_md5.crt: cert_md5.csr - $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD5 version=3 output_file=$@ +parse_input/cert_md5.crt cert_md5.crt: cert_md5.csr + $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 \ + issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ + issuer_pwd=$(test_ca_pwd_rsa) \ + not_before=20000101121212 not_after=20300101121212 \ + md=MD5 version=3 output_file=$@ all_final += cert_md5.crt # TLSv1.3 test certificates @@ -1288,17 +1656,17 @@ all_final += pkcs7_data_1.bin # Generate signing cert pkcs7-rsa-sha256-1.crt: - $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt + $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem all_final += pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-2.crt: - $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt + $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem all_final += pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-3.crt: - $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt + $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt cat pkcs7-rsa-sha256-3.crt pkcs7-rsa-sha256-3.key > pkcs7-rsa-sha256-3.pem all_final += pkcs7-rsa-sha256-3.crt @@ -1413,17 +1781,17 @@ all_final += pkcs7_data_signed_badsigner1_fuzzbad.der pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ echo '72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc -all_final += pkcs7_data_signed_badsigner2_badsize +all_final += pkcs7_data_signed_badsigner2_badsize.der pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc -all_final += pkcs7_data_signed_badsigner2_badtag +all_final += pkcs7_data_signed_badsigner2_badtag.der pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc -all_final += pkcs7_data_signed_badsigner2_fuzzbad +all_final += pkcs7_data_signed_badsigner2_fuzzbad.der # pkcs7 file with version 2 pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der @@ -1452,6 +1820,72 @@ pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1 all_final += pkcs7_data_cert_signeddata_sha256.der +################################################################ +#### Generate C format test certs header +################################################################ + +TEST_CERTS_H_INPUT_FILES=test-ca2.crt \ + test-ca2.crt.der \ + test-ca2.key.enc \ + test-ca2.key.der \ + test-ca-sha256.crt \ + test-ca-sha256.crt.der \ + test-ca-sha1.crt \ + test-ca-sha1.crt.der \ + test-ca.key \ + test-ca.key.der \ + server5.crt \ + server5.crt.der \ + server5.key \ + server5.key.der \ + server2-sha256.crt \ + server2-sha256.crt.der \ + server2.crt \ + server2.crt.der \ + server2.key \ + server2.key.der \ + cli2.crt \ + cli2.crt.der \ + cli2.key \ + cli2.key.der \ + cli-rsa-sha256.crt \ + cli-rsa-sha256.crt.der \ + cli-rsa.key \ + cli-rsa.key.der +../src/test_certs.h: ../scripts/generate_test_cert_macros.py \ + $(TEST_CERTS_H_INPUT_FILES) + ../scripts/generate_test_cert_macros.py --output $@ \ + --string TEST_CA_CRT_EC_PEM=test-ca2.crt \ + --binary TEST_CA_CRT_EC_DER=test-ca2.crt.der \ + --string TEST_CA_KEY_EC_PEM=test-ca2.key.enc \ + --password TEST_CA_PWD_EC_PEM=PolarSSLTest \ + --binary TEST_CA_KEY_EC_DER=test-ca2.key.der \ + --string TEST_CA_CRT_RSA_SHA256_PEM=test-ca-sha256.crt \ + --binary TEST_CA_CRT_RSA_SHA256_DER=test-ca-sha256.crt.der \ + --string TEST_CA_CRT_RSA_SHA1_PEM=test-ca-sha1.crt \ + --binary TEST_CA_CRT_RSA_SHA1_DER=test-ca-sha1.crt.der \ + --string TEST_CA_KEY_RSA_PEM=test-ca.key \ + --password TEST_CA_PWD_RSA_PEM=PolarSSLTest \ + --binary TEST_CA_KEY_RSA_DER=test-ca.key.der \ + --string TEST_SRV_CRT_EC_PEM=server5.crt \ + --binary TEST_SRV_CRT_EC_DER=server5.crt.der \ + --string TEST_SRV_KEY_EC_PEM=server5.key \ + --binary TEST_SRV_KEY_EC_DER=server5.key.der \ + --string TEST_SRV_CRT_RSA_SHA256_PEM=server2-sha256.crt \ + --binary TEST_SRV_CRT_RSA_SHA256_DER=server2-sha256.crt.der \ + --string TEST_SRV_CRT_RSA_SHA1_PEM=server2.crt \ + --binary TEST_SRV_CRT_RSA_SHA1_DER=server2.crt.der \ + --string TEST_SRV_KEY_RSA_PEM=server2.key \ + --binary TEST_SRV_KEY_RSA_DER=server2.key.der \ + --string TEST_CLI_CRT_EC_PEM=cli2.crt \ + --binary TEST_CLI_CRT_EC_DER=cli2.crt.der \ + --string TEST_CLI_KEY_EC_PEM=cli2.key \ + --binary TEST_CLI_KEY_EC_DER=cli2.key.der \ + --string TEST_CLI_CRT_RSA_PEM=cli-rsa-sha256.crt \ + --binary TEST_CLI_CRT_RSA_DER=cli-rsa-sha256.crt.der \ + --string TEST_CLI_KEY_RSA_PEM=cli-rsa.key \ + --binary TEST_CLI_KEY_RSA_DER=cli-rsa.key.der + ################################################################ #### Diffie-Hellman parameters ################################################################ @@ -1462,6 +1896,7 @@ dh.998.pem: dh.999.pem: $(OPENSSL) dhparam -out $@ -text 999 + ################################################################ #### Meta targets ################################################################ @@ -1496,3 +1931,5 @@ clean: neat: clean rm -f $(all_final) .PHONY: clean neat + +.SECONDARY: $(all_intermediate) diff --git a/tests/data_files/authorityKeyId_no_authorityKeyId.crt.der b/tests/data_files/authorityKeyId_no_authorityKeyId.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..452d9d135d91032b4b7062e6e110de5902ecb25a GIT binary patch literal 809 zcmXqLVpcV1V&YxE%*4pVB*NGB^XQcMu`@YjAFhe`X!kZ$-z>p^myJ`a&7|-ctAPy2@<`IAiDTJgJmnb+p z8pw(B8W|gy8k!jzn;ICIMv3#9fVhTGE@g%{F)ATDmXVc#xrvdV!Jvtei>Zl`k>Q~4 z;=9k!%3fr-?pd^B<{G|=CssCI=dFarE<`;!yO^P4`8&DnY0HDQOn9$bRAr|!>(4fm zH7Z}rAE>4D%-Nt(yYSYlo@XazrtSH6kR@od*_Fk=9&RkVG2vk1mb4(VMQXvTR+q%F z*Ge|s*193T;3lt(u4mf!Xw_o37u;R`nLJw=COo{=B#>6SE=0RKwQ}OZM~R2eI(Txt z%i#Ig-FC@s|Aif^1exXP!&XSixk&Kyw|3v^c8Pl=aV$yycv|nT*c-K<)jKsAk51sT zSN~{m!i(?ywR^{pt7ji)wXHhBWHU?Fj{k+pjOf$F-a*rD2rklT=*YB;y3D`fUZlR@ z@$avM7!9T~F*7nSE><*meK))y%|?%Yq{4-oQASdp^cx7&F#av%a@ z92kg<3=@??i(JK{YW=)C1RYoUeyZZ-z!rV_QZd{3ttIn^ukziX>vHJ0jIhuMmw)}C|oF(#Pd%bzF`4__*f7NB*9&Zrm z*x7DeYg(SZeRf>2UH_aV@xLt{#I0JBuARIm>$>j6^Q6QHGTxIs58j@>=OW`@hLwva zwi*AP8&wrpvGqK2zx-t9xoQy{$;G~GDk8pY1` S`-&ef2)HW0$b3A58`n1a0KM%Bo+k+`xr_Zh=YWfc?4iW3L&Y*B?``t z26E!OM#cuFMka>FCT51_QR2KNK(3)BluMc6O^iy&j%8$JU~XdMXE11Dpu?ta8&Ms!?SpH5fd)o4#Efe1B7FF4)%=)v< zWR1$#@&{@uJ##i_)GoaBs^{5BnQ43e9b^gGY<6YwuZJ7UZcI3sxFs#fY>`^A!Mb-Ax4AgOw5c7jEkKN91LWE@gvK}BE}-Jl=Vf*jyv}g_ydG|6IP_G_w9C`Y#&g53 zfAK%-WfB(Kcya6E<&)km6Og(0@0Oaqe}s5JFKgaDnM~2FyR&_z0$ZE6-BFnJyKJBF zq0oi4o4wczBpz!Gr_xUYyUB3>LZ)eW@v-14Yw5 ee0P!9&|39-UxDh1mU#^~SL|xM{>9T~dkX-^Oh`EZ literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_no_keyid.crt.der b/tests/data_files/authorityKeyId_no_keyid.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..4ac5f00763d4d6c721d11392ea99ef36dde72208 GIT binary patch literal 909 zcmXqLV(v6(Vk%s~%*4pVB$B~maF*Tonf=)Vfol90oDOXj+P2GpmyJ`a&7|-ctAPy2@<`IAiDTJgJmnb+p z8pw(B8W|gy8JZXx85tTIMv3#90J#R1P%dSLH!&(9JC>1^fw_s1pTVGsk&CH`k&)q` z@8Y}9&&pn8x$arCW9AyZiYHb!UgxcZ#V$lWIlGvlWBEI|>}kt`woG`hTU2GIGV9Ma zlQk+|%O9wv^vv0yQM>TgtDa{kWv1=m874fu)g+KsyDmh#JGFA+!bgdR&pLQ= zyvyME*xh!?ZU2QGs|1cdt@$+<}I^S5^2>UN2HBylWB|9D#Ouh<*4pVd1x8IMlj zvseFUaKel4{k40?kE>@NXSJ<5!elc`){g&$$&BdJ#oj^FZU`>YY3RtbjJnLf;a;S^ z;PLOTgcuE`GchwVFfMLvF=%WwkOjt&EFX&)i^x*e7b!dL+)v;S5b{k}k+R;m+j+7< z0!Uh!CDI^#q5TqDilU{7m{bLfC`N|duC;pdZ}SgI$L;V+x_exIW!k5P$h-bVHE9!G z+*|*+Jy2SB-8?U*m-*@s45qBg+-1g8um5`IWa}l9dd_Bkt*NS9 zBF)JCcBNUq4zIDaYeY(9=SH4Ai`u`-r^+f$HP)z6XLfJtR0-Umweaey8VxtMkmfs@ zLVJRFyly=|&3SX$Ubd9gJ=;$vR9mcP?-g#oV%^x=dE7PWb+GB&N7D=X_n-S>d~as$ jrY$;qC$F9RTX4zlhc{jvwFzkwUAxq}V@}sg*HldaZd6fO literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId.conf b/tests/data_files/authorityKeyId_subjectKeyId.conf new file mode 100644 index 000000000..296fac863 --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId.conf @@ -0,0 +1,19 @@ +[req] +distinguished_name = req_distinguished_name +x509_extensions = v3_req +prompt = no +[req_distinguished_name] +countryName = NL +organizationalUnitName = PolarSSL +commonName = PolarSSL Test CA +[v3_req] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +[v3_req_authorityKeyId_no_keyid] +subjectKeyIdentifier = hash +authorityKeyIdentifier = issuer:always +[v3_req_authorityKeyId_no_issuer] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +[v3_req_no_authorityKeyId] +subjectKeyIdentifier = hash diff --git a/tests/data_files/authorityKeyId_subjectKeyId.crt.der b/tests/data_files/authorityKeyId_subjectKeyId.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..a6ca46958f2ac0ddb88b6d2a203fd3e0bb1cf92b GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZGc++YG6Lc#ab6Q3*T53WrOfaqMkQp&GO{u-H!<=v7&I|*F*PwVG92_> zeE0cT*^4aKJ&ShCT*FuK#LC9&yp^!ng{UWI7c+D$eXJD2 zTFIu{S~uhu+~k$f^-TL7ty=8%g1gHZ#gon491k!5Pg=lxDR!&^_DDm)F2TzW7 z89X1m+b+57zp!JKAhTS3*a|5*7YTm;*6v%~E^&_}jwR_IPwV{^d!zQVdZ#Ai(FuI^ z>K_eGc=5fzcJKIc_3Y!UwpB-%Y-Y*Y@xL&c5q-MYJ80Ss!9_X^9hsIbf4aa3dRrhE3$4} zwx4$(%Iw->t#4DTCOlx?KAV4a_=g1-(v7O~SLh$#$$2;T$jm!aO*{=ucU{z*$?^By z-$z^4<;1$GY|Zb~uTZjWZS6h$Z-(^xbLH(>2?>XHep518tGP01ZEfwFbsyw6^*7lD z?lzwO!Rbmn6A!E5o0^%c5;t+Z7293N=2daZDz#&dh`}abkE1rpPOlgfx-HM>u3d5@ zcAq>$$m0_=J6@LWsBmkq|GM@^{_GQlJHP%gDfE!Ay~(giUoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3bU@rPTVl9_kCoOa9K z=(5QsnPc6Zk`JbaTW&b+kpp{8-$*=D`d$H5jH#O5{`&3s&zDqVW(_j5r8Ssef@W;X}Cw4qs zu=2FFUF)xP7f)`_5q!F?eVtX!E2)<)W(sdUr3QRz&p?TQ@aVm0kb?XKfAu literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..1c8519b64a7e2f3aa486aed7eabf33b93a630cc1 GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3bU@rPTVl9_kCoOa9K z=(5QsnPc6Zk`JbaTW&b+kpp{8-$*=D`d$H5jH#O5{`&3s&zDqVW(_j5r8Ssef@W;X}Cw4qs zu=2FFUF)xP7f)`_5q!F?eVtX!E2)<)W(sdUr3QRz&p?TQ@aVm0kbUoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3OdB(3>o_w2eW0_>ktH&R1eM)BD^>W%R zf1}GLn`EB-66@dDsH^|7vgCh`)|CD4JRh!9U&hM&YxhUl%bI+9W_>9R-FbI`tEDc} z43D#uX4w4dQ92}gZVv06!1JUoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Dddf-u}P-;hr;3{xJCnw6DDtcy{@lO_6uf4Hq8h zPJ85L|MCsrf<+Z6K`WEwl3(9>_F|{4Z)&E^_NlIle3xu$roZ~LGT;%{;g5w|PV9KN zVC89TyVhUpE}q<;BlvV(`#P(dS5hxq%oN^y$cYuX^Uo>6x-jPLBI8v|iCIhHe3q|^ q*(DdM-!}Jxi^!2S%Z_=IS7l7G`15j6S8mFrtcdC(wr*;!D!l+FGHova literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..55d5dd061947db0948e4508866442f2bb6413e48 GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Dddf-u}P-;hr;3{xJCnw6DDtcy{@lO_6uf4Hq8h zPJ85L|MCsrf<+Z6K`WEwl3(9>_F|{4Z)&E^_NlIle3xu$roZ~LGT;%{;g5w|PV9KN zVC89TyVhUpE}q<;BlvV(`#P(dS5hxq%oN^y$cYuX^Uo>6x-jPLBI8v|iCIhHe3q|^ q*(DdM-!}Jxi^!2S%Z_=IS7l7G`15j6S8mFrtcdC(wr*;!D!l;aFm0{? literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..45ac8f4c4b5b1025dfde09753012b08bd9744f6c GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Dddf-u}P-;hr;3{xJCnw6DDtcy{@lO_6uf4Hq8h zPJ85L|MCsrf<+Z6K`WEwl3(9>_F|{4Z)&E^_NlIle3xu$roZ~LGT;%{;g5w|PV9KN zVC89TyVhUpE}q<;BlvV(`#P(dS5hxq%oN^y$cYuX^Uo>6x-jPLBI8v|iCIhHe3q|^ q*(DdM-!}Jxi^!2S%Z_=IS7l7G`15j6S8mFrtcdC(wr*;!D!l-oB5i*F literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..009fcf292c1290801e5d51d55ca9d2c809b24e6e GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3;_#H;463;Cb1sjp^A7uipN@{^6c8PyR6Z2(+)g6?k^}n@y2-(hV0L z=uUg&X8-aH--1OIDM2ffn@($o+J2lUHdw#npaXUTg(*Re8`Cvx%1B{!@4l$?IPn@b;(V5` ri`gX?s^2#Ef{VzJHp`BAlUHR-vH0_HQCDutq^yYQBerg8t}49%=80{t literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..93fb1e30bfcd360f43470868e26a66c2f359838e GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Dddf-u}P-;hr;3{xJCnw6DDtcy{@lO_6uf4Hq8h zPJ85L|MCsrf<+Z6K`WEwl3(9>_F|{4Z)&E^_NlIle3xu$roZ~LGT;%{;g5w|PV9KN zVC89TyVhUpE}q<;BlvV(`#P(dS5hxq%oN^y$cYuX^Uo>6x-jPLBI8v|iCIhHe3q|^ q*(DdM-!}Jxi^!2S%Z_=IS7l7G`15j6S8mFrtcdC(wr*;!D!l;ah;6O_ literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..89e1f4b98e71e995df31cd5f08592c2bac434f84 GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3;_#H;463;Cb1sjp^A7uipN@{^6c8PyR6Z2(+)g6?k^}n@y2-(hV0L z=uUg&X8-aH--1OIDM2ffn@($o+J2lUHdw#npaXUTg(*Re8`Cvx%1B{!@4l$?IPn@b;(V5` ri`gX?s^2#Ef{VzJHp`BAlUHR-vH0_HQCDutq^yYQBerg8t}49%<`HeK literal 0 HcmV?d00001 diff --git a/tests/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..53063f841dd621c20d6a5bc4a3cab86416beb745 GIT binary patch literal 931 zcmXqLVxDi%#MHiknTe5!NhE{C;4HiEGyAg#0@e60I33z5v~8CGFB_*;n@8JsUPeZ4 zRt5uWLv903Hs(+kHen_|A45R{eh`P7ha(_AC$T6v*vC-PKpZ5*%p(93QV2;cE>UoH zG>{YLH8M6ZHLx%=G&D0XiW28F0db9?T*?e@VpKwQEF&uea}y&!gFzD`7gG}>Bf~-8 z#dn{dmA%Mv-Lq)N%r$%!PpoXb&RYqKU5I*eb}>W8@^^CC)0PKqnebk>sLD=d)}L)A zYgE3LKTu2QnX^HocHym8JGkLZ$On7*!Ng%CuU5IvfYURX*j}i}`b@1eP zm%;O~yX}(O{tG)+2{Oyohpmv3bCKZZZ|%O-?GpD$;#iXY@wDDwu{UZzt9NQL9-Y8v zul~{CgcslYYxj;HSI<7qYFl-L$!3Dddf-u}P-;hr;3{xJCnw6DDtcy{@lO_6uf4Hq8h zPJ85L|MCsrf<+Z6K`WEwl3(9>_F|{4Z)&E^_NlIle3xu$roZ~LGT;%{;g5w|PV9KN zVC89TyVhUpE}q<;BlvV(`#P(dS5hxq%oN^y$cYuX^Uo>6x-jPLBI8v|iCIhHe3q|^ q*(DdM-!}Jxi^!2S%Z_=IS7l7G`15j6S8mFrtcdC(wr*;!D!l;W%x$ay literal 0 HcmV?d00001 diff --git a/tests/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der b/tests/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..64a490011cf252d4c703bf47a322ccfaff8fa63a GIT binary patch literal 396 zcmXqLV(c(zV$5H_%*4pV#Hj!S2E1&XT5TR}-+37sSy&kilnn(8_}G|%(!%UeHHQ2^ zMPLy&h=_rlIIp3hfvJIok%6hDiA5BUYXan&L%GBm5`%0tBP#>5H-mu(lOxPw~0n@?1mWxvoVLtDzo?)cr}P%Q?gKNi7HW^X=1>p9hVpYkuf^A literal 0 HcmV?d00001 diff --git a/tests/data_files/crl-ec-sha1.pem b/tests/data_files/crl-ec-sha1.pem index 8358640a0..f82d94674 100644 --- a/tests/data_files/crl-ec-sha1.pem +++ b/tests/data_files/crl-ec-sha1.pem @@ -1,10 +1,10 @@ -----BEGIN X509 CRL----- -MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ -b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz -MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G +MIIBbjCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQ +b2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMjMwNTE3MDcx +NDM5WhcNMzMwNTE3MDcxNDM5WjAUMBICAQoXDTIzMDUxNzA3MTQzOVqgcjBwMG4G A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO -TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg -Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW -svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm -56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U= +TDERMA8GA1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gAMGUCMQCRAtXd7kXgijlMXHXr6m0B +IzDbpAAwDwCJtgOzarF5hZKGDZeDp6vptGZK0y40NsoCMACxRrXIV+6KUBipFarI +36yXDoBNol2xzst6p9fOg+prl6p7vO1sRYrIGg1WJGA5wQ== -----END X509 CRL----- diff --git a/tests/data_files/crl-ec-sha256.pem b/tests/data_files/crl-ec-sha256.pem index adfd5f893..b9fad50fc 100644 --- a/tests/data_files/crl-ec-sha256.pem +++ b/tests/data_files/crl-ec-sha256.pem @@ -1,10 +1,10 @@ -----BEGIN X509 CRL----- -MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 -MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3 +MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC -TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD -IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln -S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX -g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n +zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq +NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw== -----END X509 CRL----- diff --git a/tests/data_files/crl.pem b/tests/data_files/crl.pem index df7417e8e..5a1bdd35a 100644 --- a/tests/data_files/crl.pem +++ b/tests/data_files/crl.pem @@ -1,11 +1,11 @@ -----BEGIN X509 CRL----- MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI -UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTE5MDIwNjE2MzQ0 -NloXDTI5MDIwNjE2MzQ0NlowKDASAgEBFw0xMTAyMTIxMjQ0MDdaMBICAQMXDTEx -MDIxMjEyNDQwN1owDQYJKoZIhvcNAQEFBQADggEBAGHkRHGDz2HsoiXzfJDBpkfg -I+yK34O9zoHMyGcDZbF9fj4NVyyNA6XCgY3IgQYe3boA1edO6+8ImjqiZjYK+GWt -4ne7YhapRFAoFbKQY5hgy8mlpSRlNfmRVVCDDKannMac4tQff1LCFHN8msk/uG1b -WHWAsL6dzLVojhbUFY6mZTb6nqjm5YgqcsNsz37n4dyrCDftB99FQdE/aAec2RXP -Jgy9DnY5jMotPqHLZtMyfVNEoivDb7YJA5Vv6NSyiYVTjyWyTHNRsFEXRtHqjpqs -oZdBgLZAAQsUvuVpMbDKQ4FrZjOaOW/xLtKPlh/HNA5p7hNtwIiCAIvp7uQti0w= +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz +OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz +MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S +CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0 +e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66 +pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA +C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx +7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU= -----END X509 CRL----- diff --git a/tests/data_files/crl_cat_ec-rsa.pem b/tests/data_files/crl_cat_ec-rsa.pem index 3cda8ff03..cafa1d411 100644 --- a/tests/data_files/crl_cat_ec-rsa.pem +++ b/tests/data_files/crl_cat_ec-rsa.pem @@ -1,21 +1,21 @@ -----BEGIN X509 CRL----- -MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 -MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3 +MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC -TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD -IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln -S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX -g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n +zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq +NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw== -----END X509 CRL----- -----BEGIN X509 CRL----- -MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1 -OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx -MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL -dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz -//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U -yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q -NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7 -5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU= +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz +OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz +MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S +CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0 +e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66 +pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA +C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx +7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU= -----END X509 CRL----- diff --git a/tests/data_files/crl_cat_rsa-ec.pem b/tests/data_files/crl_cat_rsa-ec.pem index ded369d89..92ecccc6d 100644 --- a/tests/data_files/crl_cat_rsa-ec.pem +++ b/tests/data_files/crl_cat_rsa-ec.pem @@ -1,21 +1,21 @@ -----BEGIN X509 CRL----- -MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1 -OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx -MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL -dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz -//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U -yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q -NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7 -5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU= +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz +OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz +MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S +CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0 +e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66 +pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA +C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx +7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU= -----END X509 CRL----- -----BEGIN X509 CRL----- -MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 -MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3 +MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC -TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD -IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln -S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX -g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n +zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq +NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw== -----END X509 CRL----- diff --git a/tests/data_files/ec_256_long_prv.der b/tests/data_files/ec_256_long_prv.der new file mode 100644 index 0000000000000000000000000000000000000000..96e329e20ea9a1505271e1d5b0a385bef37ea261 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R#eV$BC+5#2T4GlU4sOUSz-~v@aSsd6{v%r{9i8j6k3Y1_&yK zNX|V20SBQ(13~}L}n6< zY3l=yorYjho0y2!8ZF3zn=*BYvuY9j=`W&)8@uQ=vvy3`p-6F z!eG5DgiCK$0M6*-ik@ZAoUPcOBVFzV^SGu)zHwh4XVtVc;Qu3`{0HxMKp8$j?*DH) Z&HZ*-sTEK&QcvXa1@%NuDJ)DcYQg3~Zj1l` literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_521_pub.der b/tests/data_files/ec_521_pub.der new file mode 100644 index 0000000000000000000000000000000000000000..5b685deb363dbec17f18edd329ab3530b06e4eab GIT binary patch literal 158 zcmV;P0Ac?yftxT81_vsJNX|V10R{ytfdl{}1A&GB1OOf3Le)=c>jRGDx38T%pm#R? zoc9^)HBD)Up6BzyHv131p9uJC<@yqi!Jtvo=Eg(lTH25L&o*PiV7)AaOK(;H&gkTd zo@LOSt=OL%Ho{6KL(P)D!-VH39D0lnx9=1*FJ2M}8aSD4+)h1uKCB03)G+i35R#00aS4Fm=@^ z@HoChAgk&{fI0{FrRX!Adw^YrBvpEcXbXoaGaz#RqR=uDkP^2J%m((<(OtER5PpU_ zvpck>#i;$80DOba&MO(YcxUXY@=ZO`bVZ-UD=j)wNIEGvWrYW_uF@oflhX>b=Qhmc Zeeg2t_`*5u%%U!RgI-71dlJtF*Xs3$XAb}X literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_bp512_prv.der b/tests/data_files/ec_bp512_prv.der new file mode 100644 index 0000000000000000000000000000000000000000..2d9a3de27cc92bc24850ca3cb68d4a6fc1e6b8f0 GIT binary patch literal 221 zcmV<303!b|f!YEA0R%udESGrppK@%xqx7O^@oP~)<;{M6#(bl&}3Nob`_zV}fMQFw;?{5a}4s#23#*9vh~!(BYO$If?a z+a(>=OU`j4L?rHTN$${c@Y}@KnU>*o)mP$Ub~@>BmB4}LK7F#|irhU+ngoZj?dW#g XAIf3L0_maHaw~=sl8+doNJUv1?c8d~ literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_bp512_pub.der b/tests/data_files/ec_bp512_pub.der new file mode 100644 index 0000000000000000000000000000000000000000..6a8c4c79f841eaaa0cf4732a0110a78e5e36370f GIT binary patch literal 158 zcmV;P0Ac?yftxTC1_vsJNX|V10R{;xBm)Bi2mt{N1A&471UR?slC~UNY=68cr0jK_ zNc_~|<8NI9y2s9UYuhCq)=SQDBSa+b za7pgaa`4;4*O`{#b=6nmV|F^}aFxJ;=RSS1uXE*J>OB delta 53 zcmV-50LuSMOOP8dym@`Iu73#ZJxOa%v=OuRAf;HP0pKDn2+!c$itLLTd-6-^DN)Q@ Lp}xB$bdZ|hmr)u- diff --git a/tests/data_files/ec_pub.pem b/tests/data_files/ec_pub.pem index d677d27eb..d54dc944c 100644 --- a/tests/data_files/ec_pub.pem +++ b/tests/data_files/ec_pub.pem @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEvHl9s65/COw9SWtPtBGz9iClWKUB -4CItCM/g3Irsixp78kvpKVHMW6G+uyR0kJrg +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEUXW83zCjcPOdU5PmEnKI2AFntfS0 +t3bGdPfG81S30iQGLB9oVLWnrw/leOryWPAn -----END PUBLIC KEY----- diff --git a/tests/data_files/ec_x25519_prv.der b/tests/data_files/ec_x25519_prv.der new file mode 100644 index 0000000000000000000000000000000000000000..ea23733746a62b99ef32bc93a3c4d5fa7b9e814b GIT binary patch literal 48 zcmXreV`5}5U}a<0PR(OcVo}(T+cYgS#47Og;=JG>?E`E6CajNiOAY;PCs&zKv|1_> E07mf;mH+?% literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_x25519_prv.pem b/tests/data_files/ec_x25519_prv.pem new file mode 100644 index 000000000..007224040 --- /dev/null +++ b/tests/data_files/ec_x25519_prv.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VuBCIEILBtgpZVVDpRy6NuU1IrwKz9YK9ZRmVV+z4eeWhyqxpZ +-----END PRIVATE KEY----- diff --git a/tests/data_files/ec_x25519_pub.der b/tests/data_files/ec_x25519_pub.der new file mode 100644 index 0000000000000000000000000000000000000000..922cb76188bdd66444fd3b432d63d96e3866e14c GIT binary patch literal 44 zcmV+{0Mq|4Dli2G11n{210evL!?5W+f;0YVi>4EaNX!zc6JpiE?SWWLuv)c2oShL} CQW6mW literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_x25519_pub.pem b/tests/data_files/ec_x25519_pub.pem new file mode 100644 index 000000000..2a36b5be9 --- /dev/null +++ b/tests/data_files/ec_x25519_pub.pem @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VuAyEAm8Ow6T2CM/5qi6YTiUjMEqkTYtXC7YFYTbBatUGcnRE= +-----END PUBLIC KEY----- diff --git a/tests/data_files/ec_x448_prv.der b/tests/data_files/ec_x448_prv.der new file mode 100644 index 0000000000000000000000000000000000000000..f6d52f7ae4c7f88c6561e0fa56731e4a03ccc1cc GIT binary patch literal 72 zcmV-O0Jr}zMgjoa6%f_kI=F#?@mywa1mBGN;klTQhjX9KsO_<5g$57CK zAH?C};RwjjNh}Hu_A!(+5C;h{^9aC%6hcyqOB9?P4dldm4J{3f3=IrTOiT>SqQrTP zkhumn1PzxmkboF22shk0Co?s#M8U|QiBSpJwT!F`%uS5^3_x)%rY1&4h7%=6&g}fT zweqFwO_78RwYw*O%9fjNyq34W%O))K=^dAwXVO~Pul`Wq;AMItc^+4u^!8gH>Q=ww z5t!WODPi(?h1R9;uX8kMIOHyy2Ilpoed0q1Az+3q% z;eIPWuXuau!9jyU10#d0m%njb2=jOA`xO7vHhp4;fu7T*`?bHH@|6F7V|bvVfB&KS zQ)_b+ul3&S&g#p5F#Cr<*qP0J!lKViSkjKa`)S6PHT4_kEVlG7sf9mIE!n90;Ga#m zDNFjU2mWQPf9n63Wp90XR+l-+Z?i4K`SoQBGQ*m)F0HuoJfQH|Rx{Re*4*k7PmcWc zxvCh?#LURRxY*ag8ytbM!YoV%3=Yrt-hG+jIQyf8+q?<^%;eBSV~e{?&V$dI3qA ziOk<;ojG|Rw!vKC#I4SwD_JLsUp&FP=~`xyU)?*_k`$9|mMJl(J|{Ny`A)d;;D_s! zCL1Qt6}#MJeSd7<8`Jsy{pqBx&tdxO#f{yB8HCp<{aShJ#NW&1sqZ4Dlsx(BzfgVI zhKt;rZ-{NXo}R3Gr~0A9&0h7l(n{~|n+ZNT!N7O?<*^+%yzNaL|Noih>0jGt@19{S z-t5A^epw{fN~6<}|L(@;bt~;?oFF!li={H@zcpC^Ry|n!Cxzsm>0;Z==`%5~%Hn?y~*Z!27Na9QbN29Ig$@$X( Db~{is literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/crl-ec-sha1.pem b/tests/data_files/parse_input/crl-ec-sha1.pem new file mode 100644 index 000000000..8358640a0 --- /dev/null +++ b/tests/data_files/parse_input/crl-ec-sha1.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ +b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz +MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G +A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO +TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW +svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm +56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-ec-sha224.pem b/tests/data_files/parse_input/crl-ec-sha224.pem new file mode 100644 index 000000000..9131f104f --- /dev/null +++ b/tests/data_files/parse_input/crl-ec-sha224.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBcDCB9wIBATAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwEDaAAwZQIwbn+i0dOest0IJGzuqBLA +V5nscZPvHjDV6lWsSwurS4LC/Uv/qWteuMCp3OqQRJHcAjEA6KA0dibovfL1WKFo +C8jUGxlMfHeWDRkqMfcjjgIpky7v50sKtDOfmFJn3HFUbiKp +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-ec-sha256.pem b/tests/data_files/parse_input/crl-ec-sha256.pem new file mode 100644 index 000000000..adfd5f893 --- /dev/null +++ b/tests/data_files/parse_input/crl-ec-sha256.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln +S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX +g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-ec-sha384.pem b/tests/data_files/parse_input/crl-ec-sha384.pem new file mode 100644 index 000000000..b757abb18 --- /dev/null +++ b/tests/data_files/parse_input/crl-ec-sha384.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBcDCB9wIBATAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwMDaAAwZQIwateJaD13+Yi4HWBIlOov +8ZDsvnfQfW/R0A1s2ZccAi+byurShuNGiSvsFSh5d/6QAjEA427F8bNk/fdj5YXu +Oo1qEd7WpD2dNUb0draGSIcJGBRGzi5it14UXr9cR4S5eJ6Q +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-ec-sha512.pem b/tests/data_files/parse_input/crl-ec-sha512.pem new file mode 100644 index 000000000..f7c9402a3 --- /dev/null +++ b/tests/data_files/parse_input/crl-ec-sha512.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwQDaQAwZgIxAL/VFrDIYUECsS0rVpAy +6zt/CqeAZ1sa/l5LTaG1XW286n2Kibipr6EpkYZNYIQILgIxAI0wb3Py1DHPWpYf +/BFBH7C3KYq+nWTrLeEnhrjU1LzG/CiQ8lnuskya6lw/P3lJ/A== +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-idp.pem b/tests/data_files/parse_input/crl-idp.pem new file mode 100644 index 000000000..a229e7d6d --- /dev/null +++ b/tests/data_files/parse_input/crl-idp.pem @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBszCBnAIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE +ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDA3 +MzE0OFoXDTI4MDMxNDA3MzE0OFqgLTArMCkGA1UdHAEB/wQfMB2gG6AZhhdodHRw +Oi8vcGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEAs/vp1Ybq9Lj/ +YM+O2uBqhRNdt494GYSYcZcltbQDwLgDwsFQ9S+q5zBtanhxiF3C6dyDoWS6xyY3 +dkdO9kK2YAQLNaFBCsKRrI9vGKuF5/1uIr0a8cQcqVzyRI9uK0KgGEk9/APGtqob +nj/nt2ryGC+yEh20FmvwFn1vN5xaWK3uUIJCNDTZe+KQn150iAU/mWZG2xDdSXgm +JtpTrY6toBgTwDGyus2wIDvAF6rBc1lRoR0BPuTR1fcUPMvr8jceZqG+xuH+vmkU +j1B4Tu+K27ZmZMlhltfgwLzcgH9Ee1TgWPN2QqMzeZW/vNMyIIvWAWk2cFyCJj6r +16/9upL64w== +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-idpnc.pem b/tests/data_files/parse_input/crl-idpnc.pem new file mode 100644 index 000000000..0ebe480ee --- /dev/null +++ b/tests/data_files/parse_input/crl-idpnc.pem @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBsDCBmQIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE +ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDEx +MTQzNloXDTI4MDMxNDExMTQzNlqgKjAoMCYGA1UdHAQfMB2gG6AZhhdodHRwOi8v +cGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEACsszsNwAMkmUrbti +H1wpWN3LIb32MTZkBWZeFWWQ1MyzSFslgnOcu6tesJuTQJVJMGCSXZv7jkVHeeiK +x+BAoHCrR2aRVPbmiaP43Qp/dFOOfHVMM/VVWmuEYuCQaCAeVLQgGbgAYHE9aHQN +vBg8m7NJ95av2svLHMFIhirZlKWsAXM+aCyzoudEIhrP4Ppwt01SCtDl5gyg1Gkd +B3wuOckjTk0xwXdlOSMH9o0SD2fkc41AFDqOZTK2NTQzNChDNFbKXl8sr9SavJCm +k72l7wNJs6UOEhQMygyXEvqp8JbIi9JI+3TD4z4wUt0EnPkw0U48grLXFhjwBLWi +cxyjQQ== +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-malformed-trailing-spaces.pem b/tests/data_files/parse_input/crl-malformed-trailing-spaces.pem new file mode 100644 index 000000000..9eae3da19 --- /dev/null +++ b/tests/data_files/parse_input/crl-malformed-trailing-spaces.pem @@ -0,0 +1,20 @@ +-----BEGIN X509 CRL----- +MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ +b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz +MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G +A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO +TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW +svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm +56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U= +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwQDaQAwZgIxAL/VFrDIYUECsS0rVpAy +6zt/CqeAZ1sa/l5LTaG1XW286n2Kibipr6EpkYZNYIQILgIxAI0wb3Py1DHPWpYf +/BFBH7C3KYq+nWTrLeEnhrjU1LzG/CiQ8lnuskya6lw/P3lJ/A== +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha1.pem b/tests/data_files/parse_input/crl-rsa-pss-sha1.pem new file mode 100644 index 000000000..59ca4f703 --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha1.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx +ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x +NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4 +WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5 +1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM +MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC +AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS +4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0 +MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo +mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O +7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa +y6li0JzWNHtkKUlCv2+SESZbD3NU8GQZ +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha224.pem b/tests/data_files/parse_input/crl-rsa-pss-sha224.pem new file mode 100644 index 000000000..a51d5d911 --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha224.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgShGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAIEogQCAgDiMDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjA2WhcNMjQwMTE4MTM1NjA2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCBKEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBAEJI +i9sQOzMvvOTksN48+X+kk/wkLMKRGI222lqU6y6tP1LX3OE/+KN8gPXR+lCC+e0v +TsRTJkpKEcmHZoP/8kOtZnLb9PdITKGMQnZ+dmn5MFEzZI/zyrYWuJTuK1Q83w0e +Mc88cAhu8i4PTk/WnsWDphK1Q2YRupmmwWSUpp1Z2rpR+YSCedC01TVrtSUJUBw9 +NSqKDhyWYJIbS6/bFaERswC8xlMRhyLHUvikjmAK36TbIdhTnEffHOPW75sEOEEB +f0A3VtlZ7y5yt2/a6vOauJCivxKt/PutdHfBqH43QQmoVLWC2FmT9ADTJwcsZB3D +a6JSqCIMRCQY2JOUn0A= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha256.pem b/tests/data_files/parse_input/crl-rsa-pss-sha256.pem new file mode 100644 index 000000000..f16a49118 --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha256.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgGhGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAIBogQCAgDeMDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjE2WhcNMjQwMTE4MTM1NjE2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAEZ4 +oqp9i5eXrN6aCSTaU1j07MVTFW/U1jQAq6GseB6bEvoEXFMUHJsgAObqCK9flfEC +FEqXqWSo33hhPU7AKKttbDLjUYRNnQAPRUnRIl1/a1+UjqgKchWWD9ityeW8ICxo +IdATX9reYmPDLIMqTC7zuflYkvrvdEOuBORQP5mn4j8t84MSQF/p4qzaU0XxLo4X +ckzZCcHpa45AApCDjJMd9onhFVCYsykiYrF9NQFO8TI4lQ5jv79GoufEzvhY1SPB +r1xz4sMpfyaoPaa3SM2/nD65E5jzXell2u2VWNGKv4zAQP0E5yGel+1rklBltadb +XLdJyyak33CLBKu+nJc= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha384.pem b/tests/data_files/parse_input/crl-rsa-pss-sha384.pem new file mode 100644 index 000000000..50f7e4cd2 --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha384.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgDOMDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjI4WhcNMjQwMTE4MTM1NjI4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBAAco +SntUGDLBOAu0IIZaVea5Nt1NMsMcppC0hWPuH1LKAwyUODBqpT+0+AuALK0eIdYR +a7mAB+cv2fFwmwxnQWJ1Fvx4ft/N2AAfB83VRKpSo3xR8bxloHfTWKmyxJHmH9j1 +EYmLS86rj3Nhjf4m/YlQQ3Im5HwOgSgBOE8glq5D+0Wmsi9LsNEZXEzMw7TMUgbs +y9o/ghYF/shKU4mewK3DeM9gQiTcH5A4ISXR87hBQ08AKJRAG1CLvTyzqWiUUY+k +q8iZDYF17sHrPi2yn8q9c4zdxiaWDGDdL0Lh90wXGTAageoGEq25TMuL5FpX+u1u +KUH/xf1jEnNzbYNGiZw= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha512.pem b/tests/data_files/parse_input/crl-rsa-pss-sha512.pem new file mode 100644 index 000000000..0f1d6510b --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha512.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgOhGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAIDogQCAgC+MDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjM4WhcNMjQwMTE4MTM1NjM4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCA6EaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBAB9F +ywBfxOjetxNbCFhOYoPY2jvFCFVdlowMGuxEhX/LktqiBXqRc2r5naQSzuHqO8Iq +1zACtiDLri0CvgSHlravBNeY4c2wj//ueFE89tY5pK9E6vZp7cV+RfMx2YfGPAA2 +t7tWZ2rJWzELg8cZ8hpjSwFH7JmgJzjE5gi2gADhBYO6Vv5S3SOgqNjiN1OM31AU +p6GHK5Y1jurF5Zwzs+w3wXoXgpOxxwEC4eiS86c9kNSudwTLvDTU0bYEQE1cF+K0 +sB8QWABFJfuO5kjD2w3rWgmAiOKsZoxd1xrda+WD3JhDXnoVq3oVBIVlWVz6YID8 +enMfMvwScA5AImzu9xA= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl_expired.pem b/tests/data_files/parse_input/crl_expired.pem new file mode 100644 index 000000000..cf60ae4d7 --- /dev/null +++ b/tests/data_files/parse_input/crl_expired.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjQx +OVoXDTExMDIyMDExMjQxOVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKgP1XmCIPbfY1/UO+SVFQir +jArZ94QnQdoan4tJ29d8DmTxJ+z9/KyWNoGeOwc9P/2GQQaZahQOBr0f6lYd67Ct +wFVh/Q2zF8FgRcrQV7u/vJM33Q2yEsQkMGlM7rE5lC972vUKWu/NKq8bN9W/tWxZ +SFbvTXpv024aI0IRudpOCALnIy8SFhVb2/52IN2uR6qrFizDexMEdSckgpHuJzGS +IiANhIMn5LdQYJFjPgBzQU12tDdgzcpxtGhT10y4uQre+UbSjw+iVyml3issw59k +OSmkWFb06LamRC215JAMok3YQO5RnxCR8EjqPcJr+7+O9a1O1++yiaitg4bUjEA= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl_md5.pem b/tests/data_files/parse_input/crl_md5.pem new file mode 100644 index 000000000..1b17967ec --- /dev/null +++ b/tests/data_files/parse_input/crl_md5.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw +N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEEBQADggEBAKKCJZ1MwL+gKAw3RV4qEmb9 +gMDdSLJ1Vdkn9FgDx2ijNnYDtvaW+I3sOXrq7O6gVN1KEamJJbufVJA5+OE2oVbC +husEdgQm8D5TbrGcjPIPWxgYyuuRsl7XovZhXnqTIUrC+J8oH9XzKaMc+HZb5UhR +h8bzcyp+9jbBje7lWwKTzkuvd/I7VbS02TUkWFJTrYB0Laj8WMcgcZiyX0iZuj8j +4hOupu0lPoSzZ4h7t0Vmay6wO+8n8LJohyiwYS7LddpOjIdP0MWifN7u/ArqNNlh +2kg8eAc1pYOU/pJFTAAbOmC/kQpa9skd+PPIPPh9T53o3yeDQA0vFqN92JryCCU= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl_sha1.pem b/tests/data_files/parse_input/crl_sha1.pem new file mode 100644 index 000000000..049bebfcf --- /dev/null +++ b/tests/data_files/parse_input/crl_sha1.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw +N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAG64jqn7VLdvnKROsbCPR8w9 +xnox9vjuM2lGWema9sTuptw9EhArVSbibXZ1IPPyrEy1QOq3NukBqUW3KzOzYV5M +BxZSa28FTQxtVChWkDUIMCK8BSxy07yieFf/3A8mbfcW3ZzN4akLxOweuFp6l2H7 +9oa2jeUi1BlHCZS6JYI2pHZl8qiMRiqqMleSM2k1w7TraKLNBFM8UK72brXeZjPi +nNOzdYsQDzWo1HW7dsLWLfZKoJeyqvofVDQpC5dO56kty/do89z1OnEXfzMNeVVT +JCeAOzuu6kdrf+9keRoWhcIoBos/XtTV57u0pgr81bLgjj5PYivevKL/kKbyvKI= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl_sha224.pem b/tests/data_files/parse_input/crl_sha224.pem new file mode 100644 index 000000000..066f5be07 --- /dev/null +++ b/tests/data_files/parse_input/crl_sha224.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw +N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEOBQADggEBAL2sIly2OwgBu9UfEImduTG/ +RtGEO8RkXbCRJPLZaVGQh9b8rCRVHL9tIWm372FVkKyYEm3mIrl2ry16RznRt5yx +Dd8/DKUGUlIe1KwzjDc9O7bv1FDSXHd1USmGTheKDHNtuJXYENMHdoyR2k2BVGOZ +ie4zUcSpqyMjBlUjgNmXN6gQIcrRImumVUjMk74+rWTa0hQ0piF2qlRuE1dDqcZP +LkE/92rbnFeRAO91XUeEj13dif2UjlArFWd62AFp0wtIn2sb7wahhUj9/rEs6Wgx +kdiNsRMto6/ixLrPu3vxs80ZPWHey587T1ZZ9bS/wDkp9W+W0rGyRoPVmqiKtvM= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl_sha256.pem b/tests/data_files/parse_input/crl_sha256.pem new file mode 100644 index 000000000..c3ca25699 --- /dev/null +++ b/tests/data_files/parse_input/crl_sha256.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw +N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQELBQADggEBAG4mBBgwfNynCYYL2CEnqore +mgKpC32tB6WiUBu9figcvdN3nSX/1wrB8rpiE8R04C8oSFglwhotJCnlWsy42tjb +0pk0Wuizln0PFMc/OypqRNNhwx31SHH42W4KzONiqvq3n/WkH3M1YniR1ZnMlyvi +lJioQn6ZAoc6O6mMP1J9duKYYhiMAOV992PD1/iqXw+jYN31RwdIS8/mGzIs4ake +EdviwhM3E4/sVbNOWCOnZFYV4m+yNAEe29HL1VKw6UXixBczct+brqXNVD3U6T0F +5ovR6BTefZO17eT52Duke5RZGDUyQOGywxOYKI5W+FcOYdp+U5Idk399tAz2Mdw= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl_sha384.pem b/tests/data_files/parse_input/crl_sha384.pem new file mode 100644 index 000000000..b3baa2a95 --- /dev/null +++ b/tests/data_files/parse_input/crl_sha384.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw +N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEMBQADggEBAC0GpmRvsrvshp1q/SXk80HA +m28ZvEuys9zY5/AnrtYHQfsX9QRJk5li7PlnzHtVGp8I5Qi4mJVPaJ+JmhqAc/oo +NPmxDx8m9XF9v0XHzqQZIWlPXH8QM9WLzTazbQFXhuwnZ6LPhpo+m8cbN91mUFil +9g+SGkma+VYV+yPRNmKyldcRVvPZUIkhTCMWkZoYrbDXUmkVQpsgz2c5ksIeMI/7 +4Qj9J38I9AOt0DlQ3etFhNc0OMnR7zY8tn9B4dejoNklEZfiyDxsDZVPusZrxnWM +WxuehOGHZf3YESjLMtR7BW26QRHIF/nhGDHsbLiunxXI6eJlbYFoZMfwc6TMqnc= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl_sha512.pem b/tests/data_files/parse_input/crl_sha512.pem new file mode 100644 index 000000000..4d712e55d --- /dev/null +++ b/tests/data_files/parse_input/crl_sha512.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw +N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQENBQADggEBAH6GU24hd6d/5PmDusT+h2Kl +e7scmhkZDPU+VJSnzHdEREYTPaoFqyVBuJOE95lZELEqdOauhO3lG2WEQVGcgEcv +4jS2EzR3BYex1c1upqGtdIvIoA9TOLukdy6KeauomiWho2Kd7bSaXHy20jwdkLko +/t3lVhTtBvKbh8XHVYwCaw1aCj3LydwNcS+zPnRgsMVHszFxmMNn5HCRW8lbYwcf +UA98OmxIZs2hpBKRpvlfA5y6sXEx2+tSMg+MJrziGBgG6OR/m+KTaK5Yle9nrC+7 +hzKIe83hpktvfB1CY5Ak4Uke9/1FRqAjs5KCRxYSGQ7ZdS7DgAeGwT3slLbl/tY= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/keyUsage.decipherOnly.crt b/tests/data_files/parse_input/keyUsage.decipherOnly.crt new file mode 100644 index 000000000..7c379787a --- /dev/null +++ b/tests/data_files/parse_input/keyUsage.decipherOnly.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICFzCCAYCgAwIBAgIJAJsTzkylb95SMA0GCSqGSIb3DQEBBQUAMD8xCzAJBgNV +BAYTAkdCMRIwEAYDVQQHDAlDYW1icmlkZ2UxHDAaBgNVBAoME0RlZmF1bHQgQ29t +cGFueSBMdGQwHhcNMTUwNTEyMTAzNjU1WhcNMTgwNTExMTAzNjU1WjA/MQswCQYD +VQQGEwJHQjESMBAGA1UEBwwJQ2FtYnJpZGdlMRwwGgYDVQQKDBNEZWZhdWx0IENv +bXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9nxYOSbha/Ap4 +6rACrOMH7zfDD+0ZEHhbO0bgGRjc5ElvOaNuD321y9TnyAx+JrqPp/lFrAgNiVo1 +HPurPHfcJ+tNBUgBHboWGNENNaf9ovwFPawsBzEZraGnDaqVPEFcIsUQPVqO1lrQ +CHLUjtqo1hMZDqe/Web0Mw9cZrqOaQIDAQABoxswGTAJBgNVHRMEAjAAMAwGA1Ud +DwQFAwMH4IAwDQYJKoZIhvcNAQEFBQADgYEAJ0NS2wUbgRelK0qKxrR2Ts6jVYEH +bmykx3GHjFyKpscDIn2vNyyB7ygfFglZPcw+2mn3xuVIwOV/mWxFvKHk+j2WrTQL +tDqSC5BhFoR01veFu07JdEYvz+I+NCL5z0IGWXkUrk235Wl4w4WMZDnXTqncMNEk +fLtpo9y79XD00QY= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/multiple_san.crt b/tests/data_files/parse_input/multiple_san.crt new file mode 100644 index 000000000..8cdc73061 --- /dev/null +++ b/tests/data_files/parse_input/multiple_san.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB2jCCAYCgAwIBAgIBBDAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G +A1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11bHRpcGxlIG90aGVy +bmFtZSBTQU4wHhcNMTkwNDIyMTYxMDQ4WhcNMjkwNDE5MTYxMDQ4WjBKMQswCQYD +VQQGEwJVSzERMA8GA1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11 +bHRpcGxlIG90aGVybmFtZSBTQU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3 +zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI +wmt3DVXNiioO+gHItO3/o1cwVTBTBgNVHREETDBKggtleGFtcGxlLmNvbaAfBggr +BgEFBQcIBKATMBEGBysGAQQBEQMEBjEyMzQ1NoILZXhhbXBsZS5uZXSCDSouZXhh +bXBsZS5vcmcwCgYIKoZIzj0EAwIDSAAwRQIhAMZUkp+pcuFQ3WWdgvV4Y+tIXOyS +L6p0RtEAOi/GgigVAiB50n3rIUKjapYstPp3yOpGZGyRxnc6uRdSiMH5wLA4yw== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/non-ascii-string-in-issuer.crt b/tests/data_files/parse_input/non-ascii-string-in-issuer.crt new file mode 100644 index 000000000..99db8717d --- /dev/null +++ b/tests/data_files/parse_input/non-ascii-string-in-issuer.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDnTCCAoWgAwIBAgIUBeZT5xt08LXThG0Mbdz6P6RaK+AwDQYJKoZIhvcNAQEL +BQAwXjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMR8wHQYDVQQKDBbDo8KD +wobDo8KCwrnDo8KDwoggTHRkMR4wHAYDVQQDDBXDo8KDwobDo8KCwrnDo8KDwogg +Q0EwHhcNMjAwNTIwMTYxNzIzWhcNMjAwNjE5MTYxNzIzWjBeMQswCQYDVQQGEwJK +UDEOMAwGA1UECAwFVG9reW8xHzAdBgNVBAoMFsOjwoPChsOjwoLCucOjwoPCiCBM +dGQxHjAcBgNVBAMMFcOjwoPChsOjwoLCucOjwoPCiCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMkh8YszXqyKsEzm5XMpmLd9WL6ba3QDK0uuePTj +Uqt6RYjTHMDdu1T/gRUi15++6VAl2vUEcUKI4Lxarb9TuypsHfWLGDlioC4xo/5X +63fbvIEK6qeluY43v3/dXVLoak4E5C3i9hGpcCVUrawlFKQeuEoNgpxtAy4cA0HV +RhGK6cEddIo9lRksvO1jD2Xmi90+7STRYmyTVkHyj966f3xEr+8/VKcz2mG1PZgw +x2kYwv7JZ0F+vbjU2S1OATCS4lqEPJT0ggotIJCmxdv1XorPbYn3uNjT8Lp/UHgW ++4+K0OxdlD0GS7AxffCcq0ltVeUyHq9s2cG2AiP8603aeAUCAwEAAaNTMFEwHQYD +VR0OBBYEFKT8qVhvMaptyhJMcvz+c3Q0fkzDMB8GA1UdIwQYMBaAFKT8qVhvMapt +yhJMcvz+c3Q0fkzDMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AHR6U3p2DdhwdqhY73vAxtdmAML157cYoZSQiEfpp/Kr3MWoBods6VKHS6flv+T3 +TEf4G0oyEqKoJk3liIyTvUO5CiwXmiiJlYhQmWkEb3zcYVSSFXKvyEQYKLR3ggD/ +C4sCTohfYGB924vI619u6mjnNEBX7yiyZbfJ0uHd7BpOimFVeAos8hJ8Z5T+gESa +Tiv6EJPK+m3vKTK2w45M/xLEmGMrwxEB1IZnRz19in/Iqe5/sfMfEVXJSQ052tuO +GLl6reeMaHlbflB/HyoBRo1xM7Av6zy3TIM55Z3C6ry3pcTH6Y+U7Sz9Lw9MyYCX +b1QAPqg1U0lZZaSNUMsiAjI= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/rsa_multiple_san_uri.crt.der b/tests/data_files/parse_input/rsa_multiple_san_uri.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..ac5fab2932aacc7c232d5a78c69c5203ba2f6041 GIT binary patch literal 954 zcmXqLV%}!Z#58XKGZP~dlL*J7$r2OQZn$+!5b)pHcKS%gvsb(Zylk9WZ60mkc^MhG zSs4th4Y>_C*_cCF*o2uvy$uBo_(2>l9uD86)D(pfpI}2t196ZLGmijFNFg-HQz6*V z&p=L`*T~qw$k4>lz}Vc>AWEFq1jse8gmNh}yopf>*|ChQ49rc8{0s(7j9g4jjEoE$ zi)ZaQfAr$3kKeAWGW&AUyyVeJk5|{fn*Ef!+2nAFOIh-AAlKQ6;eAdwCTw4NbFp7c z4&ThrJH_}IJMI5@A8UVoJoe)9n8>s9w=gi@-|H~r*`1q*GUhmDzx#H&N}c6X#+E~8 zwMz=VT-iMFQOoRFcav!^Ql30vPVVE9JMdWXkX-!drocd)X{S%#v(46>r~Y*d zGgS$#II7R_AU4kBEfX^%1LNYxjRuYDz%eK*%)(^AV89KGELnaQ7G@^a2L`1ejvz~( zK~9@VX;Ge4YDHphK~Ab(a(=FrXB0;T3ML-XUwe)}$RX=kqf9QBGWYf3k~fJ=iVhr0rq6T86J6t% z#qugIeD9h`d~XzgonwqV_$q*{Z_DDZio5r{N>sPGF#Eu+EV-lw0w*8)uj~Are15O^ zRqh+RbzF>Xu1Q^q*4wk`8%8$11^?Z1VWy6BzCr^*qe5g5*7qrYoi_9UY@k^nOFbbF8>wEOL)~+eX0NF>o$E$)Zw(OqM~J+ WcvstKeF;9*e0W*?%#B-4UjhK9SbH@9 literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/rsa_single_san_uri.crt.der b/tests/data_files/parse_input/rsa_single_san_uri.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..22308c6f45d82f7ed64c5a4224ae63a56aada704 GIT binary patch literal 898 zcmXqLVy-i2VoF=U%*4pVB$8kH`em-_o{pxZ#Sb!;n_Isr?Vn@7%f_kI=F#?@mywa1 zmBGN;klTQhjX9KsO_(Xv+fdMeAH?C};qXmLO;HH(2{x285C;h{^9aC%6hebM6@nf8 z4CKUljf@S93{4CTj4cdIqr`blfLsGhD3>zBn;4al9m~kdz}&>h&tTBR$i>ve$jGp~ z*>7`Mq+*hS*WDKY7tn-np}0 z=M+y{+4{p^^_p9ky}LF<%wH6e%OuhMd2z`;iv~5Ho9<`du?3lZo~``+p|RWUc3q%a~4n7KfT9s+n#gF zsu~S``Wg51^w_L9xBGPMU)!YK^mTvE>vxBTUS9ZNvc&_@59y}M(qBb}uQ+JBut>ye zmfqQiQ*UP+>9%_RPRNWeEJ>4Te&4zt=kP+KYq^h}?5f$f_hIyr|K5^sZz)ZTZf9G) zMwj)D^!pH%s@+PPe!a{5bRyy>&#B4fN~>8;pGZvjC1l1Ll`iYaUb<_uKZ|OF=5xjE zJiTl8t0#q670oGP`QfO(WQB#crbywkza@`9yG`5irkL><%Z>Z9Rz_FK{+D&)PW$h3 y(?|G|?z+{PoXQG!rIe%|?)N+CcBw)wQ2O_WlcD1G_^n>@iS3v+zac)Orvv~P1yK?J literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/server1-ms.req.sha256 b/tests/data_files/parse_input/server1-ms.req.sha256 new file mode 100644 index 000000000..b0d9414a2 --- /dev/null +++ b/tests/data_files/parse_input/server1-ms.req.sha256 @@ -0,0 +1,16 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow +GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA +A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb ++OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr +eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19 +3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm +TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF +ox+ATHKxQ/XpRQP+2OTb9sw1kM59 +-----END NEW CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server1.cert_type.crt b/tests/data_files/parse_input/server1.cert_type.crt new file mode 100644 index 000000000..34fe4f6a4 --- /dev/null +++ b/tests/data_files/parse_input/server1.cert_type.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUjCCAjqgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zARBglghkgBhvhCAQEEBAMC +BkAwDQYJKoZIhvcNAQEFBQADggEBAElJPaCG6aFHoymoCrzckPfjENxgXW2czh5t +TsMPshkzX5p2AU89GBGdy0gQwoPuMtcznsDe4adM6Na8f30YDffATsgDECMIWtV1 +XVYKQIwFmZzEt4B+5sUmyMOLtTuuZBThOLPwOw8e4RnILKOYPHnQNRf6Eap4lFDx +lp2pAaiXMDWH88gmWoU5XrGTppllYV0IorzJ4xV9Sg3ittNwNO40ehVQDAseFwZH +iyh9iHz4BqtWjElmQ3hL8N/Cbqp3iN15h2pUgIj8JIt9rCsIZrsG3K42iSlPzEn2 +DCzWQSj9cQNCRVJnwgJAWnC1Hx0YYFQMgQquVxnK15THTGQAeB8= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server1.crt b/tests/data_files/parse_input/server1.crt new file mode 100644 index 000000000..258da5e17 --- /dev/null +++ b/tests/data_files/parse_input/server1.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC +AQEAf2k5OiORp60gBNqioC2mIqSXA0CU/qzllt8IvlcMv1V0PAP9f4IEm5mdkERr +UXjnB1Tr3edrsvXLgZ9vEosbFpNMsKfsmBkpjgWG2ui8pdn8cJiws4k4h5fuueSw +Ps1FLK5Tfpi+GJyPqk4ha9Ojp2p9opuA0aIfLuxI+0UzXH4wgrEW/Yydowv959gf +gGSl766CRdUvJbXOeVryFjFTRfLFFNfTvrftZk1dl8tas1nim8xfWet+BZVvq2zY +C7LeCI9nrfuAxfMJTrWFp17y72+hCDk7NEaB2ZLVuAM/ri7LWrr2V2hLFdIAhfC2 +nUaulRRpGt/ZTISw6uSIumNoNA== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server1.crt.der b/tests/data_files/parse_input/server1.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..f9f58a0fcdfedb27375d2ec5e1a98520cb730d83 GIT binary patch literal 835 zcmXqLVzxJEVp3ng%*4pV#K>sC%f_kI=F#?@mywZ`mBGN;klTQhjX9KsO_<5g$57CK zAH?C};RwjjNh}Hu_A!(+5C;h{^9aC%6hcyqOB9?P4dldm4J{3f3=IrTOiT>SqQrTP zkhumn1PzxmkboF22sb=9wWut$NWsvciBSpJwT!F`%uS5^3_x)%rY1&4hLue6whmcW zLxa2jn!RgE)e}vO>)gNNh3kad?>fYSE`M|maGxd=nbMy9SNnn6&*FV|&rfK`77Q9{jMpRO6g)xWwK~|@ge|-*bxqp{U-d7;d zA-!0b-{D7YqiQ_Y#^7THb)uGQen!2kpEPe7YxHyB>8)FpC*8cF!giHYwX>A{?lP%< zdrrxHYg2VnUQeBU=bvMo__A9$(V1tMc8TbSsm$@ZbN0gbp!DL8x(k&5)_pNNrCV^S zlbhwX-ZKA!ym{yLMsz+3j+~blH7WH`hds{}$;Ee{zL+~z_^syc)dfO#qE2OtuMTPo z*~rAq$iTSR*T5SbfwICZOa=@FvcTY!<=xmVg6g+#4>y4+zBq(ffdi$Ltfu~p1tYo>Bjl_ zLfz70lYKTUe=|c;vyZjy){8w$Z~iHmv0-zkMf>!3JD+T@JL{^mF1T*SK8ZQ~tNawR zFE3u6Rl8_*!^K7NdT%^_yBf#T88mGa``a^jG56o+H{=^qmcC!ts z!LFZ-0`X?fMp;;VpWJq4mSIxo+#GieyUNzv%5h)*oCMkXBRVcEPp4LJ#Bf=mI?25i>mBYX8qY_vPR`=`2)3- zo;e#dY8T#m)${D6%(OlK4zdJoHoLO;*TaovHzpiR+>#b#wn!~_)#{Qs_FBoN+gdl| z7u@8P(e+IG9<5sJ_JX_1Ka*!G!-R*ongr5n*M(?zr&dl}_$cx4SqD#!cNsh%yW1|g z?Z2>Nl_0ZReb@>qITs0j{?_hW-7ayDB#tHNA5ZK36?>!hvwEi{6u~JpTQa5Tn6# zCT2zk#>Kt{-r$In6=q>FU@(vc2BRz=ix`W@Qq~tKJMP?1;13Y;O<0k#-nZL%vVlBE zTA4+{K&(MzOVpF4o9|r;`nL1xvZ?&9?e-l1`yV;Lfyn|G;EW72RhvsJ3gq6uk$H3E z{Cj<+IR)=lEcbtqZfwyc-Mu=^{FZ0QhI30iu8PdOy>4~&{vVlBQtmcb|GV>}#=6DO zMd@40_hXGx2HmS_56@yevH!>m=XKAkA_I=gPU)|;wY{NirvLg&@f?i{61E#+niq3Q zrY^o|WVPqooGLAyKNfz;a-o;(((9IV{+oH_62C`NZ8wvI#F8YJ4rkkgc@G6n8qD%l z{C8^RrcF5#brBolulk9s`ZLw<>f2>0wd>ctnW-_=arJv$o@<(NPP?}1Oikn{R=Rs> z%b_rhll6;dnlbkL+N!Yib^q1{`91nY*P4&MmRPp;N}Y(svX#snDwp4>U9{aV-<)Vu0jz{YLSIB!; z^OJ32$%VBdTfb*0MJ7%1d&+P_S@8cW{YxgXv0{6>Iu2!*^M;=7(&GEYcw)=j|BD;@ z4H|n4vVmTe6=X>`S3_%W5xD%bsWkr=M6pErN#G)@x+$5{}-1U z6dMEqJt`~6;%(r$#GP7BmIax~$0Eie5|FsG{|fuf>rIS2PgCoAlHHaI??a9YW)B7f zS0;sQyF0V=PrLrIP&8TlEvt22`RWa`WeWH^BNf&m>C%uSejTGn?{NA8Uwk8=1?yA z21f$zV+XsBi4p2hW=3{qCk7VtGhsK&IOU>>?2bq3{#VF*SM!r?V#$TIB3r*_C`Bes z@_Wi~Ls{_uEB#9*v9V%%yE+bKm-B|6?b71=#du=N+y9Hr4NMJ0fS!?6W#Kj8X5-Xm zV`O1$dZNl`APW-ZV-aH!2}oSpe}(<#^(IE1r>XTl$!^Pq_aTQEvj>BLE0ZF_uCy%k z?;DvaYl^oX_-8P0W1sz(TX`xb7oGAgBn4D%Ok+~uKi(|4$vi-@C%uSejTG8AOTm8Uwk8=1?y6EsQh}W@88YhlvsDF=j?~W+w&~^D|*L%Q)qt zitLU@>i$>Adsp+5ZDPrVwIW-;XDCG`P4auna6?(}|114VCb6+%d%HRgWta1Yp6$}& z`^9)-%iI5pgA4);^nsq26=cycP+OqF#-Yu|$jZvj!LmTYK#YwY$YWs?WM<(uG%{{z zWN2(KHZnAj1!>@85n~YvNL<=~h5hFBCPtp8sr5a{Zp(%DAqPIQ2ZMntlLGgv-FGCYn2(d`zY)8kWhonOA1 R%>MF~)4QYd_dHAw0swp7kCXra literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/server5-othername.crt.der b/tests/data_files/parse_input/server5-othername.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..0ef31cf143616ff108b910a49d8414dcdd9e8830 GIT binary patch literal 449 zcmXqLV%%%c#F(;xnTe5!iP6`9i;Y98&EuRc3p0~}qan8eCmVAp3!5-gsJEe@0Y8Yt z#lzv7l$xRt;uCBrZy*a2V&)Np2`S{4WTY15CFZ6o1Uvc}$cghB85@`x85md^n3xzx ziSrr*xrXLYE;X!(G!SNE2fLYx5$bqmMs{W=1{U)(VK>V-<)Vu0jz{YLSIB!;^OJ32 z$%VBdTfb*0MJ7%1d&+P_S@8cW{YxgXv0{6>Iu2!*^M;=7(&GEYcw)=j|BHPMybZK~ z9+VYiQ8rLqAkW63&Bn;e%Fe;EK-fT#jUC8iVH9L$VKX!`HZe5=2Zk&kix`VYK;qK= zE9^I~H!<=&O|9=qc3UpI4>@d^-5CsAm=t1s-cG&|>KiLzQgY~EWW%f-of9T$^&a}R wYSpfW6_->(nG~da)7!Xqn@ztbn)OeAQrVC9>vq*Y`|00kapCsacGX}P097l3%>V!Z literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der b/tests/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..7074fd84a2afb9a22672f67c9c4ea64842b130d7 GIT binary patch literal 525 zcmXqLV&XJtVqCv~nTe5!iP6`9i;Y98&EuRc3p0~}t0A`mCmVAp3!5-gsJEe@0Y8Yt z#lzv7l$xRt;uCDBY@i4dV&;*82`Qvx7NsVaV-<)Vu0jz{YLSIB!; z^OJ32$%VBdTfb*0MJ7%1d&+P_S@8cW{YxgXv0{6>Iu2!*^M;=7(&GEYcw)=j|BD;@ z4H|n4vVmTe6=X>P4 z3VOqDG`%#Iw^fEokzudi4wcW!d;3-PY-Dd|-MVu{srzEy^L^RA4S{(qV-<)Vu0jz{YLSIB!; z^OJ32$%VBdTfb*0MJ7%1d&+P_S@8cW{YxgXv0{6>Iu2!*^M;=7(&GEYcw)=j|BD;@ z4H|n4vVmTe6=X>M3SMc4j9A7V|SQ8B}_evXTG z>r-JC2DO5GJ(IuncXL)TDWnx=G#oa_I3V+hAw2J;#Say6ah@_>wj`;tCWT+~6odhk Cw~RLc literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/server5.crt b/tests/data_files/parse_input/server5.crt new file mode 100644 index 000000000..459742828 --- /dev/null +++ b/tests/data_files/parse_input/server5.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA +2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd +BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh +clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S +C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V +fGa5kHvHARBPc8YAIVIqDvHH1Q== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server5.req.sha1 b/tests/data_files/parse_input/server5.req.sha1 new file mode 100644 index 000000000..1a14a1501 --- /dev/null +++ b/tests/data_files/parse_input/server5.req.sha1 @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBGDCBvwIBADA0MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxEjAQ +BgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDfMVtl2 +CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA2CMR/+ov0jRdXRa9iojCa3cN +Vc2KKg76Aci07f+gKTAnBgkqhkiG9w0BCQ4xGjAYMAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgXgMAkGByqGSM49BAEDSQAwRgIhALSf2Mj3er+ocZCN++aEoIp5PQ9JCkPY +b88ghuTyS7DCAiEA+CnVzNN0I2kpnmKUOUcXxLcjoPaLROgxtubDvKv5ckM= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server5.req.sha224 b/tests/data_files/parse_input/server5.req.sha224 new file mode 100644 index 000000000..276683410 --- /dev/null +++ b/tests/data_files/parse_input/server5.req.sha224 @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBGDCBvwIBADA0MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxEjAQ +BgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDfMVtl2 +CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA2CMR/+ov0jRdXRa9iojCa3cN +Vc2KKg76Aci07f+gKTAnBgkqhkiG9w0BCQ4xGjAYMAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgXgMAoGCCqGSM49BAMBA0gAMEUCIDYaN1m9MRk5mhX1U8aZKd0alyGKWqcR +oglF2MsIii/2AiEAjFHs8XQ0Q4yDF8oLztCxlq3nAvqmPdQz9T+TkEfh+PA= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server5.req.sha256 b/tests/data_files/parse_input/server5.req.sha256 new file mode 100644 index 000000000..c59e15f99 --- /dev/null +++ b/tests/data_files/parse_input/server5.req.sha256 @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBFzCBvwIBADA0MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxEjAQ +BgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDfMVtl2 +CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA2CMR/+ov0jRdXRa9iojCa3cN +Vc2KKg76Aci07f+gKTAnBgkqhkiG9w0BCQ4xGjAYMAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgXgMAoGCCqGSM49BAMCA0cAMEQCIGmRFdjjd53oM2Zpt3E5vfqujnA+DHWk +s9OudcSWBdjmAiA7BAYjGnXyL6ATPqM7qnLVGTf3JMT+1rXl7esBm/0APA== +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server5.req.sha384 b/tests/data_files/parse_input/server5.req.sha384 new file mode 100644 index 000000000..87556c6c3 --- /dev/null +++ b/tests/data_files/parse_input/server5.req.sha384 @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBFzCBvwIBADA0MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxEjAQ +BgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDfMVtl2 +CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA2CMR/+ov0jRdXRa9iojCa3cN +Vc2KKg76Aci07f+gKTAnBgkqhkiG9w0BCQ4xGjAYMAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgXgMAoGCCqGSM49BAMDA0cAMEQCIDnO+PIPZJGqiky9unvq13uXxahw1bpk +Zb5NRV0c06Q5AiAo5B49tp3kDN/n0BDNt1BBGLUfhcU+Qn2SQenCyfuGLg== +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server5.req.sha512 b/tests/data_files/parse_input/server5.req.sha512 new file mode 100644 index 000000000..607741e3e --- /dev/null +++ b/tests/data_files/parse_input/server5.req.sha512 @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBGDCBvwIBADA0MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxEjAQ +BgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDfMVtl2 +CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA2CMR/+ov0jRdXRa9iojCa3cN +Vc2KKg76Aci07f+gKTAnBgkqhkiG9w0BCQ4xGjAYMAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgXgMAoGCCqGSM49BAMEA0gAMEUCIQD8xdtluTiBJM50d/WvDeUvPbXOUMlL +8xEJXU2WOK+RLAIgS8U6Z8tlJpXLEisz/j4gdABG3Y3h4PBJjlpszFisTNo= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server7_all_space.crt b/tests/data_files/parse_input/server7_all_space.crt new file mode 100644 index 000000000..a979830ba --- /dev/null +++ b/tests/data_files/parse_input/server7_all_space.crt @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAk G +A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m +47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS +MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud +IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC +AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr +FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr +8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj ++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 +QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm +yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK +TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e +deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM +0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b +OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj +VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp +a8Si6UK5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHf Y +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG +i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 +Af5cNR8KhzegznL6amRObGGKmX1F +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server7_int-ca.crt b/tests/data_files/parse_input/server7_int-ca.crt new file mode 100644 index 000000000..d3ddc46a8 --- /dev/null +++ b/tests/data_files/parse_input/server7_int-ca.crt @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m +47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS +MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud +IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC +AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr +FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr +8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj ++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 +QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm +yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK +TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e +deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM +0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b +OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj +VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp +a8Si6UK5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG +i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 +Af5cNR8KhzegznL6amRObGGKmX1F +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server7_pem_space.crt b/tests/data_files/parse_input/server7_pem_space.crt new file mode 100644 index 000000000..0ef0fc7bd --- /dev/null +++ b/tests/data_files/parse_input/server7_pem_space.crt @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAk G +A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m +47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS +MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud +IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC +AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr +FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr +8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj ++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 +QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm +yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK +TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e +deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM +0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b +OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj +VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp +a8Si6UK5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG +i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 +Af5cNR8KhzegznL6amRObGGKmX1F +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server7_trailing_space.crt b/tests/data_files/parse_input/server7_trailing_space.crt new file mode 100644 index 000000000..6faf8cf08 --- /dev/null +++ b/tests/data_files/parse_input/server7_trailing_space.crt @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m +47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS +MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud +IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC +AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr +FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr +8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj ++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 +QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm +yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK +TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e +deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM +0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b +OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj +VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp +a8Si6UK5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG +i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 +Af5cNR8KhzegznL6amRObGGKmX1F +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server9-sha224.crt b/tests/data_files/parse_input/server9-sha224.crt new file mode 100644 index 000000000..1b05f313a --- /dev/null +++ b/tests/data_files/parse_input/server9-sha224.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAhKgAwIBAgIBFzA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEa +MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIwOzELMAkGA1UEBhMCTkwx +ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X +DTE0MDEyMDEzNTczNloXDTI0MDExODEzNTczNlowNDELMAkGA1UEBhMCTkwxETAP +BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C +uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI +i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV +AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy +36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ +BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg +VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEaMBgGCSqG +SIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBADJExjfWWvL28lgj+GGgviqo +PHZLxI0pLQUnFJQ9Kpu6jxfICseBF00Z6BJE/RcYDpIie5GDt/8u/i6xB6Li29Pm +g5nANgd/Y3fFnW7d0ydVjiSnetlPuf/jTlWQl6mQTH2xqYu8J8d3JRxQdRiDYbVm +uywW2d6rksiqm6dPD5l4A5DcemcYo8f/1Ifj5WNDCV8/OHex+AnW2ccDvWAnVgSR +B2VpOXJzVFuBsuf4tGVm/2TUMSB6NcvFc6TeJk1kzbZxii4QjKXtH1SfrVP59iEe +l17NYAEWARjBpQWBiutRG+QM2et0sNiUBuWxTkvd0eSgencNysVAOsZqrqaX3CY= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server9-sha256.crt b/tests/data_files/parse_input/server9-sha256.crt new file mode 100644 index 000000000..7d0aa3956 --- /dev/null +++ b/tests/data_files/parse_input/server9-sha256.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa +MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wOzELMAkGA1UEBhMCTkwx +ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X +DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP +BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C +uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI +i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV +AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy +36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ +BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg +VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG +SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAH0+knqkcLaxeDkenBQgd4Qg +3ZyAhtpiLU689mw+3cXB/uzFrCIxEL5aGh1eSj+DszB+FtsZ06ux7JVQqVOA2Wm9 +yLxC6wF8OOYj0nBa91BWLhRAHLhmIdWsVk7Hl9KojZd4TwV2N+ZEV/BLxyoRvK4H +V4xCpzgDSiTPe8Etk4r+0akbr6bsOUBayPb7MGLHubZKq8NsFAmmynp+fPmHd3SE +0ooJdiZ1MmKPKLE5Og/hXCI8qeiXQUR6oQ7b2XONsrI2HIj2SA9dA5qmHwE5PbMu +zqxQ3R83boqLXbkFORn+UiYLmffqdoWuNy00BHMCrxRA9DUv+WyN4npLMF8rOJw= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server9-sha384.crt b/tests/data_files/parse_input/server9-sha384.crt new file mode 100644 index 000000000..aaa63e6ed --- /dev/null +++ b/tests/data_files/parse_input/server9-sha384.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAhKgAwIBAgIBGTA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa +MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4wOzELMAkGA1UEBhMCTkwx +ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X +DTE0MDEyMDEzNTc1OFoXDTI0MDExODEzNTc1OFowNDELMAkGA1UEBhMCTkwxETAP +BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C +uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI +i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV +AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy +36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ +BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg +VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEaMBgGCSqG +SIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBABf8Gyq2VYuN1EBW1nOapDQp +B/KuafNW2GEJ7FmQKNyA7MIj1Yqo2MtJ6/OQojRQ3F5rnO4yjmvIPsXeQaMxJBiI +aaoAlLpH++F+oXMq/0aS0WSZrSLrsh2Fpay9cBDGwek2rDOX9kM+ZcPzGitVwWKX +TnOW22hpcl7u95CpZH+JZTcto5nL3tTyV9pIy+tSKQQfjPB+G0TAZCsOkbCGPLug +qdjvqFQwOf15VxQMj7NRiXjlqJvsx+I7B2AIhrs4DzQMEyiWq9S/PzpQuFU5v/Kg +s2iMLJ5ygv5aN3PYqGlE1ZmvgyRp5h/LaTGI2L6lzRTnecOhtPv30N2tyaDAEfo= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server9-sha512.crt b/tests/data_files/parse_input/server9-sha512.crt new file mode 100644 index 000000000..a211b921d --- /dev/null +++ b/tests/data_files/parse_input/server9-sha512.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAhKgAwIBAgIBGjA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6Ea +MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4wOzELMAkGA1UEBhMCTkwx +ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X +DTE0MDEyMDEzNTgxMloXDTI0MDExODEzNTgxMlowNDELMAkGA1UEBhMCTkwxETAP +BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C +uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI +i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV +AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy +36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ +BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg +VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6EaMBgGCSqG +SIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBACdVozFq6rUiXo+ib5Y2oPsR +6xxl4Ydn3LpUoYrPpTOrhcXJWW/tOLHGuCF/mSRfUzKaMIfL418cZHYnvumvuttu +6z3tp5E1VsiZCU2MWJnzjKSxFBOss43AmpJHHoapGFZu2pxObBPqegAKHYkKWOLk +tJDj47PurWgEek9j1nL7Pc1tVf59fm/ySp4fWkXLLvQiKid1516VioLyacUvK3zU +6Egz8jMt7D5c9KpaExLRTANVsThqO5/dmR36bOwm3Hpbde7DNdgxru41tiLMqJs/ +5pX3ceaJ1XQ/l0idj5/9ipvqHHUguyk7H22HwQHQdSD9oIha8kEM3P6CjpfE7yY= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server9.crt b/tests/data_files/parse_input/server9.crt new file mode 100644 index 000000000..a6f9fbc76 --- /dev/null +++ b/tests/data_files/parse_input/server9.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG +EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg +Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO +TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g +HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo +r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0 +qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ +wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w +OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh +clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR +vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6 +te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW +Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj +88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw +JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1 +o4Hl/lqjwCEG +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server9.req.sha1 b/tests/data_files/parse_input/server9.req.sha1 new file mode 100644 index 000000000..b9d005382 --- /dev/null +++ b/tests/data_files/parse_input/server9.req.sha1 @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBojCCAQYCAQAwNDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIw +EAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0R +ip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDX +yMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRY +mmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCVAgMBAAGgKTAnBgkqhkiG9w0B +CQ4xGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMBIGCSqGSIb3DQEBCjAFogMC +AWoDgYEA2n8SOoiJCs+YyH2VXoUVxhutdXGP4+7cECakl2mmVEKhxXDMEG7hEFkB +mkk4b1kRNOQHKqUq3crfi0OkMcPGkPiLlYLKgT51CgsBhuJaMsdCYo/5POgTZD4u +FI5gfyO70Xpq9QmrWEqqTdalRG7+UmGa3VEUVyXTDnQZfU1N2QE= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server9.req.sha224 b/tests/data_files/parse_input/server9.req.sha224 new file mode 100644 index 000000000..fe1c797ed --- /dev/null +++ b/tests/data_files/parse_input/server9.req.sha224 @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBzTCCAQYCAQAwNDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIw +EAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0R +ip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDX +yMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRY +mmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCVAgMBAAGgKTAnBgkqhkiG9w0B +CQ4xGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMD0GCSqGSIb3DQEBCjAwoA0w +CwYJYIZIAWUDBAIEoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCBKIDAgFiA4GB +AMlYYZKqpDqg5UZZq3NB3QUR9qftY/52/0gPfruw5s2gNtFmG1uyEBJX/oc7C/fU +lxo74HDraWJyvP7c3MMhOuwr/RfPNQhA2Hgwz9RuJIBhQrJfiZuHsCfiKVofMuMf +ar/4EKfyoELDdilhg6i+abahGOkqyXsjavFtyDSeCpXH +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server9.req.sha256 b/tests/data_files/parse_input/server9.req.sha256 new file mode 100644 index 000000000..0ef9ef028 --- /dev/null +++ b/tests/data_files/parse_input/server9.req.sha256 @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBzTCCAQYCAQAwNDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIw +EAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0R +ip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDX +yMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRY +mmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCVAgMBAAGgKTAnBgkqhkiG9w0B +CQ4xGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMD0GCSqGSIb3DQEBCjAwoA0w +CwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFeA4GB +ACUaCTidvzWVJNKmRrriufThGUfw5Xgdsc3Ga8Cx+vRf+bPZmR3NVkc0Zq9uc0+8 +d1WXaLzbmge6IbcvTPWCLNDAWI9UzoQ6WS9myM3eDEGdruClYwb5BVLx3MvhvooK +L/H6snE1dHNPXyCNVFTJIll3bRlVMRsfZpDhmz8/ImJ4 +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server9.req.sha384 b/tests/data_files/parse_input/server9.req.sha384 new file mode 100644 index 000000000..010345027 --- /dev/null +++ b/tests/data_files/parse_input/server9.req.sha384 @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBzTCCAQYCAQAwNDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIw +EAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0R +ip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDX +yMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRY +mmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCVAgMBAAGgKTAnBgkqhkiG9w0B +CQ4xGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMD0GCSqGSIb3DQEBCjAwoA0w +CwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIDAgFOA4GB +ANfZGK6nE/CP9PuALFzbA/mvOnYlI60pMowscRfCYpvR25iQJVhAJfYVXADRN3qd +NAiFWNVcjFMIkRlq7qifBN97VHGeYoWIuw9gYEb3OqDGzOsYP0KIgMNt8/A4qCkj +5MzolOYyT+N+QFGV0pdCNpX7QppfNdFyFAmWXa171RzG +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server9.req.sha512 b/tests/data_files/parse_input/server9.req.sha512 new file mode 100644 index 000000000..676b5c996 --- /dev/null +++ b/tests/data_files/parse_input/server9.req.sha512 @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBzTCCAQYCAQAwNDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIw +EAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0R +ip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDX +yMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRY +mmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCVAgMBAAGgKTAnBgkqhkiG9w0B +CQ4xGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMD0GCSqGSIb3DQEBCjAwoA0w +CwYJYIZIAWUDBAIDoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCA6IDAgE+A4GB +ACxWBhPkhyVlBY/mwkrW7OjYsaN2/ZlFSv76w63b61BpigReJsggMut5EPOgfGYJ +rzygKDlF/NtmMN22jWrFup9LsZJAX0gYbLmliiaG9Hch+i/8b42oaQTDWGFZ9LiY +W7F7X0f9lpzNKOtQ8ix0s+nYS2ONyzfu55+Rlzf8/63M +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/test-ca-any_policy.crt b/tests/data_files/parse_input/test-ca-any_policy.crt new file mode 100644 index 000000000..af87439cf --- /dev/null +++ b/tests/data_files/parse_input/test-ca-any_policy.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFDCCAfygAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMzIxMTY0MDU5WhcNMjkwMzIxMTY0MDU5WjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +IzAhMAwGA1UdEwQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEB +CwUAA4IBAQCHadUDZiIjJhcrG+rYrpOVgMu548rc5kHLC7zVSVfszfdOJq/TdXQT +Lbn9i+AAVRYJU2kHWKD2fvgOYIIBeEGFJKohlKZ82irWxt0Ltph31cuygLcpqNq9 +KRQ/dh3S0w9vn1A1ubYGKTzTnZGELTVzMlXZGTRbAOylMu4eWac6LHymE2EBqmOq +fPCuWdFB62ewQWRa+dRO92Aphh870u43/iLbw7hs4s8hokZP7Ewg6AHb4qjVePdF +jjxAO6x5VCj/WQRnw7muAy0P3l5AhYXAIUdnkdYca5Ja6LfdEJiVeTdE3IU6UJg+ +gAu9swDhUlEuIlCrOdC3tOPDslsOIgTV +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/test-ca-any_policy_ec.crt b/tests/data_files/parse_input/test-ca-any_policy_ec.crt new file mode 100644 index 000000000..821a92c45 --- /dev/null +++ b/tests/data_files/parse_input/test-ca-any_policy_ec.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBzDCCAVGgAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTkwMzI1MDkwMjQ1WhcNMjkwMzI1MDkwMjQ1WjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU +UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0 +X3WnR2/VGSlVaZpTOyC0ZhZgMx6jIzAhMAwGA1UdEwQFMAMBAf8wEQYDVR0gBAow +CDAGBgRVHSAAMAoGCCqGSM49BAMCA2kAMGYCMQDWHgmWMckbGLd7XREnJVAv+XRp +XANOCbWLDu+Fik6c28S+qR6zGEKKGiPHYeDpjRACMQDnYcFBwlfuAB6td3fteG0P +AWngOaGHmUFEA6h24b5Z6/GSFD9FK9rVRdxQc4Olz7U= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/test-ca-any_policy_with_qualifier.crt b/tests/data_files/parse_input/test-ca-any_policy_with_qualifier.crt new file mode 100644 index 000000000..a052bc626 --- /dev/null +++ b/tests/data_files/parse_input/test-ca-any_policy_with_qualifier.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMjCCAhqgAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwNDI4MTMxNDMxWhcNMjkwNDI4MTMxNDMxWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +QTA/MAwGA1UdEwQFMAMBAf8wLwYDVR0gBCgwJjAkBgRVHSAAMBwwGgYIKwYBBQUH +AgEWDkNQUyB1cmkgc3RyaW5nMA0GCSqGSIb3DQEBCwUAA4IBAQBo3CLwvTakVDWs +XUZz3ehGgk39KzmYOb3m9bBfMpOplDfE8Zaj8TDZZsxXpNCXT85GgbrAdr6pONQJ +Mqd3TzTXCs6tmmIOVDToOj6nKtm2nNSf+1TUuLRgeavgCoicoQZOtW5tAehw/RTE +4VQXSm+ZWotYwK1jvlHS0LaehUy53GsNxWBJHCc3exD+iyutXTZ89jczIKuWpEIN +pTdI/EYVD2r6r/IITRnJpGjNXOhGB4zvgFlwv88GeF5lG6Si9YD+swO8JuJP35q6 +7cPA/vtrjoiyM3kXmmN1LZGIfEMKNwEcyVhvl+d6sReomI3HAKOj9IIG7umFKi6t +axMwzK3Y +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt b/tests/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt new file mode 100644 index 000000000..5e1491da7 --- /dev/null +++ b/tests/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB6DCCAW+gAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTkwNDI4MTAxNjA1WhcNMjkwNDI4MTAxNjA1WjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU +UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0 +X3WnR2/VGSlVaZpTOyC0ZhZgMx6jQTA/MAwGA1UdEwQFMAMBAf8wLwYDVR0gBCgw +JjAkBgRVHSAAMBwwGgYIKwYBBQUHAgEWDkNQUyB1cmkgc3RyaW5nMAoGCCqGSM49 +BAMCA2cAMGQCMDvi5bBVplU3Gct+iYRmRW9ewty5b+1OX0ggzA+ExXpL1Obo6A16 +a2h1kb7Oy4+BSAIwXZHYb6OEWkOngISfwSZxDiiNXOTwvCu2/oFGC8xTENn0B88m +2WwPzh4jnvXhNh0w +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/test-ca-multi_policy.crt b/tests/data_files/parse_input/test-ca-multi_policy.crt new file mode 100644 index 000000000..168e99f2e --- /dev/null +++ b/tests/data_files/parse_input/test-ca-multi_policy.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGzCCAgOgAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwNDI4MTI1OTE5WhcNMjkwNDI4MTI1OTE5WjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +KjAoMAwGA1UdEwQFMAMBAf8wGAYDVR0gBBEwDzAFBgMqAwQwBgYEVR0gADANBgkq +hkiG9w0BAQsFAAOCAQEAPwOUmjnrcBA7dt5drCakEz9HOpj8gZQd1fyVGv221LCL +h2W1Ngd2WlcADhPQcTdqNx4Dk+KPiBjPEooE9M7d3K33Qn/dVkmOYiW6E/4wU2tM +cqFj7rg8Now4lBaEqEmBP+cpv+mYqavPcKy3tz4wn1SnA3MpT1hEazhNe4yInNAY +4YqRBbWuBGkePjbce6Lf+rTfaA7kJnyuC9SHguQRmWtV3xzNzLUFn+V/jYSqYvYU +2MjDFgCYCmW0xl5Wo8wMWWAvMbO2mRJ37OLUkSOkxgeEL6OihY1GPkbfxC2qV6mR +4VjmfclwXumiDAvVLhW8hWjCxg8gc69G7kCkVbljLA== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/test-ca-multi_policy_ec.crt b/tests/data_files/parse_input/test-ca-multi_policy_ec.crt new file mode 100644 index 000000000..70ea2ebbd --- /dev/null +++ b/tests/data_files/parse_input/test-ca-multi_policy_ec.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0zCCAVigAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTkwNDI4MTI1OTUxWhcNMjkwNDI4MTI1OTUxWjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU +UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0 +X3WnR2/VGSlVaZpTOyC0ZhZgMx6jKjAoMAwGA1UdEwQFMAMBAf8wGAYDVR0gBBEw +DzAFBgMqAwQwBgYEVR0gADAKBggqhkjOPQQDAgNpADBmAjEAqyz2v+6i3xXF4qlr +o89qxwlpIn9sR0xU+qo9tgcM6Fa7IDdAU1lhweN8MpkJTtrGAjEAmgNI/08M8n6/ +sMM0Xutt5u9EUHb+4y0uyOfYMcEPr+pCUM4GPxBP6RdqI8Wu9OQf +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/test-ca-unsupported_policy.crt b/tests/data_files/parse_input/test-ca-unsupported_policy.crt new file mode 100644 index 000000000..bf47d9538 --- /dev/null +++ b/tests/data_files/parse_input/test-ca-unsupported_policy.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDEzCCAfugAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwNDI4MTMwMDEzWhcNMjkwNDI4MTMwMDEzWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +IjAgMAwGA1UdEwQFMAMBAf8wEAYDVR0gBAkwBzAFBgMqAwQwDQYJKoZIhvcNAQEL +BQADggEBAGvARX2orRXDmc2a7nSrbRFkdw/7qbL8Y+wLeM94SsZVgzGcxzRx1KvG +2H5nBvPKgAzBqWVPU7eDPjrETIfsCxSu+yklBIg5QYRuOcprLtQPkFVfl+WLd31F +lS1uMgZkahIr57aHoJLYPrEjW4CBHoliT8xfrvVZi4+ym7i/vFqXL7IJ+PIklNF8 +2/b4SAB9hRI5oPw1TV9Q0v2PqMXL/0cp/9Roe+H28Tcrody6jTtEdsU2wbaxhxMd +YK4Ak1FkhKItumINbtAUnHgBVwO2IivGZgsYulC/9y1uh5NU1HxMzqh04UEMgre+ +9SeEjhwFkq16Njc5Cdt/7iFLeiaHcNU= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/test-ca-unsupported_policy_ec.crt b/tests/data_files/parse_input/test-ca-unsupported_policy_ec.crt new file mode 100644 index 000000000..161e83cc1 --- /dev/null +++ b/tests/data_files/parse_input/test-ca-unsupported_policy_ec.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByjCCAVCgAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTkwNDI4MTMwMDE5WhcNMjkwNDI4MTMwMDE5WjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU +UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0 +X3WnR2/VGSlVaZpTOyC0ZhZgMx6jIjAgMAwGA1UdEwQFMAMBAf8wEAYDVR0gBAkw +BzAFBgMqAwQwCgYIKoZIzj0EAwIDaAAwZQIwKUY3aTL6UR2H1Q1OzIJw7vxUso4P +2PksCWb62kQeAnhYK85t1VGQiA49iHCXVKuXAjEAq+1qvlmwHX1E99ha/rvxcAYp +UmxXLmSb53RT0NvhEKnUVGGUp2pBNAVVJOH+G0NI +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/test-ca.crt b/tests/data_files/parse_input/test-ca.crt new file mode 100644 index 000000000..31790b5bb --- /dev/null +++ b/tests/data_files/parse_input/test-ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA +A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL +hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm +8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD +zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ +0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/ +mtxyUALj2pQxRitopORFQdn7AOY5 +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/test-ca.crt.der b/tests/data_files/parse_input/test-ca.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..5d94810f5960f561162be9556302a5b141daa9ef GIT binary patch literal 837 zcmXqLVs&G%f_kI=F#?@mywZ`mBGN;klTQhjX9KsO_<5g$57CK zAH?C};RwjjNh}Hu_A!(+5C;h{^9aC%6hcyqOB9?P4dldm4J{3f3=IrTOiT<6qQrTP zkhzo@-o&Vc>{v!t2IeM4eg=akMlPl%Mn;AM_s#!^?|v|Cu6^6RX-2g!OT`wPRs1;f z%9~fGYa}8#rYwCk`)K!lDY=;zGu!2=5A<5zw}>sMV81-?=HwSUivo|HTWk=t^3!vN z0+G`$i;B1pJ$3kL_jDQG=AUo8k`L_AWGI;vZoOhD%Y?#@dz)|CUt9XfMyvn5dcxsj z^H1-3lTf?;S&Pv=|KAa6O3cw$wp{)F_3<>lf&)+V_Wsd(_sB8yfQeqMN>S!%_l+VB z&9&)Y+P)dC{#dzW(^fs9pDp4alJeExvi&hv5v`G zd4cFBi_{d(S3G%r(&7sWPi&rja`nr@pU$^W>u+E(nm02df6-MYW=00a#Q_F>20Xy{ zkrifPHDG3B{BIx&;_;w5Jo|G>;U=To z+^rdN%#44O{|NfRZP7oe;TF5El%9(ZZ}?j+gNTP~)@!Wynk*z6v-L-Ld{nfA!<%QH z`sZgdhs-|u**0?R)(@ha=ETYBc&69&Eq)@FK1Xtj63Zz=SzRaDpO!n=Z4W*(aXve3 zzvrsvMP9pJ+}*r%2bTtCxukF3@8<_s{GIFN9&pNY@-d;)k-{}1vlb?>d~&LeyvVZX zZoYf1n*W@TJ2tKN7AfDoHRG7>8hHly!OP;to-u%t*%n|?`U{pi^ literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/test_cert_rfc822name.crt.der b/tests/data_files/parse_input/test_cert_rfc822name.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..cdc8189d024239e5e5eaf931eb2b9922e62fd54c GIT binary patch literal 677 zcmXqLVp?d>#MrrjnTe5!iBZsimyJ`a&7|-ctAPy2@<`IAiDTJgJmnb+p8pw(B8W|fH8CV(`n;02eMv3zp zBXbR`2pTS7AOYW;3>rI`8XFmoTTD87 z_)CERNA?e4(>I?PWx7=Pr#6|%t&*E26e_jmM|G(&cR{%EoSRcW`uez-pV)U~f&G&d zo6Db1GCA8Gu8HoeT*cY4u1VOOYkzCzUM5yNN zky@men37VIT3p;HQk%O>dvw!pJ_z=eP zMVgPD=5bB^8rSslWlW$|$8L_dyO!^4EQx%R%_kG%UvSyt3ZLcz?(NwOEcFR*W9D<8 zcaT5w_IT+bMu}q=BUMtbOV2w|S(%~vQjBL?=)C)%1A4T3=G_0(Yv*HYUK_A?;gjnY z$&;cFoU3y7sOq|!;(>n=}tsdHiBg(rR;6I1l`_fGRSTC?1NRqNp&-8TCZ0QQ>vN&o-= literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/test_csr_v3_all.csr.der b/tests/data_files/parse_input/test_csr_v3_all.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..7e717f35733166efe3775e7747901738865de123 GIT binary patch literal 437 zcmXqLV%%uZ#3;qY$Y8*4$ZNpO#vIDR%)^pelAL1DINyMmjZ>@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD?~K9J>SVPR%sWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO}NR_6Fo2;06UjBg5ot`yOAJI-T89WkKTJ4;L=< ztz02Lr72qBo%IWb4i0BF%Y!mIl5>O~D8IXJxXE2awQ2G3Ka;+vWpsbJB@uJ#OwK%^ z(`Pr`(wTNYMC;SF73nKZ)@84m=@Rnp3BSeKgg;$o>$R8dNJ-t$v^8`6t(DK%u1lLg SepnJ%`%+r`-<@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE( zgAD?~K9J>SVPR%sWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO}NR_6Fo2;06UjBg5ot`yOAJI-T89WkKTJ4;L=< ztz02Lr72qBo%IWb4i0BF%Y!mIl5>O~D8IXJxXE2awQ2G3Ka;+vWpsbJB@uJ#OwK%^ z(`Pr`(wTNYMC;SF73nKZ)@84m=@Rnp3BSeKgg;$o>$R8dNJ-t$v^8`6t(DK%u1lLg SepnJ%`%+r`-<@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAIbfK9J>SVPR%sWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO}NR_6Fo2;06UjBg5ot`yOAJI-T89WkKTJ4;L=< ztz02Lr72qBo%IWb4i0BF%Y!mIl5>O~D8IXJxXE2awQ2G3Ka;+vWpsbJB@uJ#OwK%^ z(`Pr`(wTNYMC;SF73nKZ)@84m=@Rnp3BSeKgg;$o>$R8dNJ-t$v^8`6t(DK%u1lLg SepnJ%`%+r`-<@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD?}K9J>SVPR%sWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO}NR_6Fo2;06UjBg5ot`yOAJI-T89WkKTJ4;L=< ztz02Lr72qBo%IWb4i0BF%Y!mIl5>O~D8IXJxXE2awQ2G3Ka;+vWpsbJB@uJ#OwK%^ z(`Pr`(wTNYMC;SF73nKZ)@84m=@Rnp3BSeKgg;$o>$R8dNJ-t$v^8`6t(DK%u1lLg SepnJ%`%+r`-<@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD`0K9J>SVPR%sWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO}NR_6Fo2;06UjBg5ot`yOAJI-T89WkKTJ4;L=< ztz02Lr72qBo%IWb4i0BF%Y!mIl5>O~D8IXJxXE2awQ2G3Ka;+vWpsbJB@uJ#OwK%^ z(`Pr`(wTNYMC;SF73nKZ)@84m=@Rnp3BSeKgg;$o>$R8dNJ-t$v^8`6t(DK%u1lLg SepnJ%`%+r`-<@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CGO zf(-(}K9J>SVPR%sWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO}NR_6Fo2;06UjBg5ot`yOAJI-T89WkKTJ4;L=< ztz02Lr72qBo%IWb4i0BF%Y!mIl5>O~D8IXJxXE2awQ2G3Ka;+vWpsbJB@uJ#OwK%^ z(`Pr`(wTNYMC;SF73nKZ)@84m=@Rnp3BSeKgg;$o>$R8dNJ-t$v^8`6t(DK%u1lLg SepnJ%`%+r`-<@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dKYm;*Wa z41)~P*f& zq0?tK-O`zMKSb-(wH4_rPS$0wnduVp?g_ue+Jrw{X6v<=?MO-8(6lvk{jHVH*se>P TKYmyeSo>01{NJ4R32~1Bg=V0! literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..01eabffdc1c51a5596b2458740e553b81cac4270 GIT binary patch literal 437 zcmXqLV%%uZ#3;qY$Y8*4$ZNpO#vIDR%)^pelAL1DINyMmjZ>@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!fh_13CE& zgAD?~K9J>SVPR%sWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO}NR_6Fo2;06UjBg5ot`yOAJI-T89WkKTJ4;L=< ztz02Lr72qBo%IWb4i0BF%Y!mIl5>O~D8IXJxXE2awQ2G3Ka;+vWpsbJB@uJ#OwK%^ z(`Pr`(wTNYMC;SF73nKZ)@84m=@Rnp3BSeKgg;$o>$R8dNJ-t$v^8`6t(DK%u1lLg SepnJ%`%+r`-<@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!ft}13CE& zgAD?~K9J>SVPR%sWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO}NR_6Fo2;06UjBg5ot`yOAJI-T89WkKTJ4;L=< ztz02Lr72qBo%IWb4i0BF%Y!mIl5>O~D8IXJxXE2awQ2G3Ka;+vWpsbJB@uJ#OwK%^ z(`Pr`(wTNYMC;SF73nKZ)@84m=@Rnp3BSeKgg;$o>$R8dNJ-t$v^8`6t(DK%u1lLg SepnJ%`%+r`-<@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!>jJ13CE& zgAD?~K9J>SVPR%sWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO}NR_6Fo2;06UjBg5ot`yOAJI-T89WkKTJ4;L=< ztz02Lr72qBo%IWb4i0BF%Y!mIl5>O~D8IXJxXE2awQ2G3Ka;+vWpsbJB@uJ#OwK%^ z(`Pr`(wTNYMC;SF73nKZ)@84m=@Rnp3BSeKgg;$o>$R8dNJ-t$v^8`6t(DK%u1lLg SepnJ%`%+r`-<@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD?~K9J>SVPR%sWHQhPdI!kSFi=~d!p5P^#>mRb&cU)k!a$6T9mr#06l7-MHZ(GB zXk=(?Fg7wY5M<*_X!Brf`{BgM2r`4c0XYb`K|#>SF!|cP$5*CKXZKWDkhu55g$sQv zSIAFkidJ}M{eq!`!lGf(LB z*-f`}rri(G`gCnY`ihfv*=uIHguHvgZ?QJvPnX$x?PWVsQa3bh&0K$L@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD?~K9J>SVP$4wWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO?n7GZT9Qau9HXf}oLM^0j@BuS}iJ?y0gMaqou< z7y4GNke|{Nt?nH|YF!Vi?+-8bCiE~47B`1qem-_tU>zuc0DIdvvy zp3v#Dn{Me$yC0(U>Dr3)6({Sm*UWSYdH00hVr{~oF0=L8%XXxsZfM$?x&GG5XKdG{ U%^yE339Nl7E&gv#`-Hg10EJJWu>b%7 literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..a49209abe562ff552914f880ef47c9e9ed096e35 GIT binary patch literal 437 zcmXqLV%%uZ#3;qY$Y8*4$ZNpO#vIDR%)^pelAL1DINyMmjZ>@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD?~K9J>SVPnH|YF!Vi?+-8bCiE~47B`1qem-_tU>zuc0DIdvvy zp3v#Dn{Me$yC0(U>Dr3)6({Sm*UWSYdH00hVr{~oF0=L8%XXxsZfM$?x&GG5XKdG{ U%^yE339Nl7E&gv#`-Hg10E3sHuK)l5 literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..ccae7233b591dedc525f0d597321fee3b8e87c18 GIT binary patch literal 437 zcmXqLV%%uZ#3;qY$Y8*4$ZNpO#vIDR%)^pelAL1DINyMmjZ>@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD?~K9J>SWnpGwWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO?pY4E6@(Am9cCK_kQDYx^EwnL3@_Q)NNo-VYZp z^sQVWKcy*J;hpshh7JyAHp_!DJCbvRA1J@OZ@9@_M73%0@jsKkr)6}1xg`;E>P*f& zq0?tK-O`zMKSb-(wH4_rPS$0wnduVp?g_ue+Jrw{X6v<=?MO-8(6lvk{jHVH*se>P TKYmyeSo>01{NJ4R32~1Bg;1ce literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..989e40408357d4192c419bac484eb703dc9b5a7a GIT binary patch literal 437 zcmXqLV%%uZ#3;qY$Y8*4$ZNpO#vIDR%)^pelAL1DINyMmjZ>@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD==xY?OQW%*fHn3))v4D^BCkriaoFi=~d!p5P^#>mRb&cU)k!a$6T9mr#06l7-M zHZ(GBXk=(?Fg7wY5M<*_X!Brf`{BgM2r`4c0XYb`K|#>SF!|cP$5*CKXZKWDkhu55 zg$sQvSIAFkidJ}M{eq!`!l zGf(LB*-f`}rri(G`gCnY`ihfv*=uIHguHvgZ?QJvPnX$x?PWVsQa3bh&0K$L@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD?~K9J>SVPRonWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO?n7GZT9Qau9HXf}oLM^0j@BuS}iJ?y0gMaqou< z7y4GNke|{Nt?nH|YF!Vi?+-8bCiE~47B`1qem-_tU>zuc0DIdvvy zp3v#Dn{Me$yC0(U>Dr3)6({Sm*UWSYdH00hVr{~oF0=L8%XXxsZfM$?x&GG5XKdG{ U%^yE339Nl7E&gv#`-Hg10EJGVu>b%7 literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..6fdcfc8f39de9b2b1c8e88ea6f2692ac537cfe88 GIT binary patch literal 437 zcmXqLV%%uZ#3;qY$Y8*4$ZNpO#vIDR%)^pelAL1DINyMmjZ>@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD?~K9J>SVPR%sWHQhPdPi1}MZ-XCfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO?n73ln<-au9HXf}oLM^0j@BuS}iJ?y0gMaqou< z7y4GNke|{Nt?nH|YF!Vi?+-8bCiE~47B`1qem-_tU>zuc0DIdvvy zp3v#Dn{Me$yC0(U>Dr3)6({Sm*UWSYdH00hVr{~oF0=L8%XXxsZfM$?x&GG5XKdG{ U%^yE339Nl7E&gv#`-Hg10EG&mu>b%7 literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..f1090f924f880051eef1c0ca83da4a2b1987fc3a GIT binary patch literal 437 zcmXqLV%%uZ#3;qY$Y8*4$ZNpO#vIDR%)^pelAL1DINyMmjZ>@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD?~K9J>SVPR%sWHQhPdPi1}MZ-aDfeIUkHX9==D?10v0to{#Hg+J7g;9{1h1<}` zxS^4uvBB8L&_IxlGoj6cvF(QwBO}NR_6Fo2;06UjBg5ot`yOAJI-T89WkKTJ4;L=< ztz02Lr72qBo%IWb4i0BF%Y!mIl5>O~D8IXJxXE2awQ2G3Ka;+vWpsbJB@uJ#OwK%^ z(`Pr`(wTNYMC;SF73nKZ)@84m=@Rnp3BSeKgg;$o>$R8dNJ-t$v^8`6t(DK%u1lLg SepnJ%`%+r`-<@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD?~K9J>SVPR%sWHQhPdPnv@i-v*P0u?q6Z8k<$R(1}S1ri2gZ0tZD3!@-23%8+> zaYG|RV}r4gp@AS9XF{6?W7`iWMn;es>jALJL?w=9URVVmIq~aBr8Dh*h}NfTE7Dh-tjk_A(CTPvTjU6(e0 T{IDdj_NBD=zd7v_;vNG4M$n<2 literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..fecb15efb447947a1815037932f3738d9cc1286c GIT binary patch literal 437 zcmXqLV%%uZ#3;qY$Y8*4$ZNpO#vIDR%)^pelAL1DINyMmjZ>@5qwPB{BO@a#19M|9 zgF#~_Q)45;af?Yu4}U2T;K=?VZ2IOiqfD17|I{Wkxm9x0ghHj({HQK9<}L^~o^x~R zM_(To^Ar1yEUg)-?&6bM0@<+^c1pl(X^QlQj>VHaXT* zKbfm8GFyi|yU*FyKBvseZI(;{uj<@A9LF90++Z?K`d|C{k1i84BLm}tB!dLF13CE& zgAD=|Kt7P=XJKJxVq`MV2XO>hGz`=hsIYNpvoW%=vU9L3kT4KqV+ZnB7zLSGxDAbr z8yXoJ8;p$%4FuUZ6WTl&+kQAPGJ?!tZ$J(LZcq?3GEBa<@9~wX)7d>$79{TdaN$DV z$`$fcnxYlnS-)WD;BaQMJSejxIY;<`^1J(no7_cIn-(AcGwFL;M)#Ln5;3RF)FR?K>|cBO@yVb7L=q zL1QOVV`PH4mINIo4D^ znX4``TZcWn&)L>Kr_9Q2mP`S!>fAjX#~uFMU@}koU;FxxE)z2&1LFcY0~xpjIr$9v z4In;{Mt2k!x?v`C&sN=~jO~G+CA4Ox$O)FR?K>|cBO@yVb7L=q zL1QOVV`PH4mINIo4D^ znX4``TZcWn&)L>Kr_9Q2mP`S!>fAjX#~uFMU@}koU;FxxE)z2&1LFb}10}cvIr$7l z4TKE@**Fv0JQ&-4I59G^urM>RIUsw28{~;bh6Jl=?+W+)U0$%HEW9mQsPR(Tx$ei7 zpP5|6w~Czz)>T$3klS&{&3A{o)w4}^cW%o}yM5r&gq5ErzG}U(%Sf`au)oUsS06#8~b^rhX literal 0 HcmV?d00001 diff --git a/tests/data_files/parse_input/test_csr_v3_subjectAltName.csr.der b/tests/data_files/parse_input/test_csr_v3_subjectAltName.csr.der new file mode 100644 index 0000000000000000000000000000000000000000..2ccb3bb96268a0360a2a93488bf4b85dc69bb0e5 GIT binary patch literal 407 zcmXqLVw`Ny_?L;1!GPb8*MOUiIh2K&hb6TnImMuHz5y>Ar&gOs+jm|@Mn+Z!=EhzI zgT_v##zuzY7L$%1{!$>ok^Mv1^v!2RnJ!iSsZC~btK_B$g-WgYQC(`xT@Y?O=jPOp zzCJGIC-xm#VE-h==JMy0OwP84YohxqS8=wiYZ5l++TWVFSIaahXXC#oYaTdla;&L- zGFM$>whnuCpR=ufPMMY4ESUmc)wz2(jywFh!DOEFzxMSXT_$Em2F3-h2F`E?a`G9P z8JHLt0ev7V$f9ka*~Fb%k(gVMld6}TpNrt+rIs}DYU#n`@{7`ueaQ{-Wg|nd#*SA~ z^ZD-<`i8{+Xz#eU;r=z2br+f?cePX=+q<~_f8XkT)=i231Z`*3aoN7uI$_DtlpW7z zy*~K((msPdJ4Ek_Z!3AHkyBX982&c3<&G}@G3~G4>%M&5r1xpw|Ckz)Sh;z^Y#|#f f@@Ey_6prr*o_F`yb-(qM>s{p-R@US;f4Kp(^H840aFflnXF_DK@f109I&1TcA7@VsisdT6~Q00hKx)=S( z{`F=LujI)&tY?k6wjiRqd6GwJ{74UUMp}fq9Bipb<}zCp-$=r)DPQD40b`ob0%AmJPh5vK*a@; zf88vJqbIl`cUb!=Bv~Fcahy}nKXV0+Y^yJ+P>_;ulPCfu zf0Da~<4H&4<&ls_h$~yrqaT(r(OCO{FQ?YhVXp)?naLE#J29QA2h~sPSZJm$*G?a0Wmu$iLfBwK4hrr*m;-L$6uYeE|vYE6jBLjiAbsc$C zFa#LwsFlUEME%Mdq^VqIZ}_x~df|^Kl0)`BPun-=;5uGXI-MwqEIdqp0#ylSwmQ*> z|Mq~FIdJ=@M~Wg=-O C-!cmT delta 668 zcmV;N0%QHn2F(T|FoFX~FoFUxpaTK{0s<6!-rdqfOwrB$TtTQ1EQz<@E^NP%BT5=F zF)%VXF*Y$UH8xro4Kgz^FfuqXHZd?YHj#%|f5^7aX^EWC@awe7WLyR34h=5;-OORo ziOba$qnb5&xg$fi9>-7y547z!hhs884nkiYH*9`&!k04??ex1a$oSm@x%~f?S|nXb z6MEL>09MMul~Sl>)ggx%e857<#GXDnoEN1uv{TKiz{?RkPh<777fYV$kSiGw(G-@V ze|e`vCaurz5Wm^y>#w^vd+D}0Sr%Or-B(c;9IdT99Xi^^i^u^TVYN*50eHSPgPMt~ zk*h(TJfnSUsDaW|7{uFXyr%caHUjpUsB0Jd9(Oy-=S#UdNwQI{hC+*1K;edqvDW&z z;)fFHj>8$PkIGGR0SrqC#JB`lmL7cYOM_Da0|5X5qf;(a1+tfGFt%}}eU-MIE>H0vSVqNwvbSRNFF zReH)BlIx2G2qA*mTQufl))f8&+jb=CI_xV5g}U-btFjb*PMLzZmREWU4l ztoYjCRo#Ljv1w%?azBA2QFvKgm|E!<{YyERcRm`Ix4jSuR7UhAo6HHMRFaZ{!MK}o z?O1wuUJ5-$HZ&ha+UaTN2FY*l#}H?CYy!F>5-X9Ju}lmoz(j{okZ`$wJ<`_M0&;Vx C%{4m! diff --git a/tests/data_files/pkcs7-rsa-sha256-1.key b/tests/data_files/pkcs7-rsa-sha256-1.key index e31159d56..c6367fb29 100644 --- a/tests/data_files/pkcs7-rsa-sha256-1.key +++ b/tests/data_files/pkcs7-rsa-sha256-1.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIts9piZzR8Ou0 -ymRcBecODS7+3cxh0InL1RWjmjV5uSNDth7HUAYPtO03h2MyQA5CXx03bH51wpcz -FO30uzDI+N0Dufz/lVokXUkTetbmAFbKwZVSqGXVIYcYfMBCycSePjqcF6U0tFPN -q8DLETtPY/WzF0ue6ZArGRDRFJaieadDJq3P7hC/2efrr7s3e+m2OVkWXRPdV1EX -HK2tPB062saLyAEdYbVM9gF4vjaDmomskatBnjyjfWuogdJVGMTbaLym98g2AvaZ -qGsX+x53O8vnS7k6SbJRroZCi1dA4YaLsdb6ueKHEumOwxmtj8pNcwEMSwnEuARY -lh588INTAgMBAAECggEBAIg+P1B+TurbRMQ11iX5A7wwCsSKPh/vdHneLJAfL0lu -+JcP2piko1iqEZPt3NHRVVyMP8LNbJH3Ardz74p+PkFNXIkZCLlc4hFpGR+V9KWv -eTqsaPXwxR8FYTSoCcHMQCDCUPp/um6qMXCcs4OkMMRVMATfPT+jf28h1p52AUJL -aAoBJfn7gP3WiB0FWq0bRZgSZzNYowE/MhGAQ+DuBGTSASSK3YJcxE94044fBVE8 -EqYKrxoY/x56li5cZ0v9kaURCrvhqCeq2+U5kIkgtvp2l6wF0Mm1du3BLxo2LQEI -Y2j+6BFEV74Mtv48GTwrZcyit787zyo9vVGcviSD5VECgYEA/mgLc5KfF/cQLmM/ -20T4k0edvktkRIJHFUBphowt5Hb0a0wM5C1VM4z3yN3b9ikQK+ZaQXETdPATBXIe -LntX1D1xtbMxdcAfd1FSq8QxAuaPknJZBgtzlpCsx3ZvMnNuzKZN/TU8kR1biwPE -9HaeEG3bouUu+CI/l/DqrBbQRacCgYEAyfiqsLWGhXQ7e3pLk47PDYlMOsjDWPjs -SGcatH1/lIMWyZue4W2IUcFMbpbjA6QWibo3VnOavIRSTn97JNUWYvgc5MmaQ7iX -Iss4m3vJ1LIqx30iUgw3EfDoWdpufEEYssZ/VxJPs3sdmZGALgd3CaqxHJuhuS+U -eVhWzD6LonUCgYBRCbt8GRxsedrBrAPPSO0VnR52W3WZDRavglEa9tQ3jlzVQOhq -VrZpMWJMrb8/bl0kXsApUGeuPDsS5QMQM2IKzXfHNUlwBL8BNvpqlJg4IFFjiOEq -t8MeFv+ymdtZ6sNElUUKf0bHwt5CLfUzGgXHnfb0sKSBjgdL0wYtwyacyQKBgQDJ -NcyG4zEy/srLhtiIFnu8Fo40+hFzL/nlX6JBMc3KHJa1Hy43krF+ET6d5gAffndd -moDKxbzgFksRHPuHhCobSucuHpJq6RjYdvDcJYS7OwxXVRi9+KFcZE52RaBQdWGv -qQTvr7RrMDoa5dN3B8TVgpGT2JBTN02JXjKKo7zkiQKBgCZwKDiXl7qsGidvlFZc -4CEtFsCgnNgdRTzsTL/Pr8q9CBK3BhjZjNzQALF1iGFDC1FdFYFOwI1E3j+MRHJB -rQMF8zbmmlZ6SC5QtqatCSCCKUyrUjD5J+4UfJqWFjiBBdwz+5VJojHw1yijEwl4 -LrS/V2yBrDJVczQQM4psonLF +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCaolXNZtOsGJyr +Ial0qDhQ5YhVuhf9yP71Zg+v5Mk5rGeNubYgorp5kkdq5SXO/9mlm0x9D97rd3Yp +56KFLEsLPBMEU40nRAg8xfekEwiFL4TByDUH6ULsUq/ZXitwL6Igj4t11HnyoU7q +BdQP200MdkHDcyZbkDwM3b1AxQWS3SyJoye4IndY+ykkWR41cZxT56Ja9RBC1wyb +NvUVbqdYp/HzmgSJRxAK1rkoFdmkO7lS7gRzPDc9GPNdDxJYFGjgjMRr6PxMOE6Q +SXw4qUg9pVhT4rMZwc45qt28ovpgEaa/gR8RE7262dbkW2iAOm8xi9T2ZcP7zHL7 +kx7t8ijJAgMBAAECggEACirXl611yERng7iPRO59InOPKOzXID6XpgDHkgYJ5ZcE +iYzvENsGRhFUTQ7jUyafM8x/5V62ZnbYwAVdGiLJDeRtryyDtNPcM0vEfkcqmaA/ +20J72yjvF60RpyoSEtqs7zVlAvK9MHMDBm/q6z59BM9fQFfJSz6y9hkb1R8HQGpc +ktIBxqANvQ3XYzPwxBdECB6YH12t1UkCEFNmOVup7M/TpMBu79h4cd69Q709iOqP +9kIOxABrRE7evWpwYHFCI7QfbRpFeY7I9b94NQULmOLKJm8QfYfXumzfIQ3gqUW2 +WyIOJc5zAftQ/7Ddu5CKbqsL7yBiMGxI4IHQZ/gEcQKBgQDBE3Fl8XW7JpP9J0vw +VvCBGJgPOU7tn9JG082RUr0pi7HRiEo23zL37PvwPwjn81SkWmh9WcIQFm8Ip4Oy +9sUMR0oInjU3PaAI2oRQCOPynod23wC4tVmjLrNBek8T2AnTtkvSZalooACNumgD +Ef/hpMYDa2O9dTbjtqNOp2AOuQKBgQDNB6UGzwY+HDG444Ir/Q2s2XjOD1cvG3q8 +3NaSnIHuxJeUhYlBXmWsygpGLrq4i5h4EWPz8qKWQwBDwsZIBGisJFQcQzsXS9/Z ++F8l555ikb/AsbZHrWw+miTauXT0xe1dbjkqqpAiiYfJFeDss32WqgaAUD28IK9P +djR85p9ikQKBgHuRDPcYZKelFftjpfcoPP3yFodPvxLXQUVxElQaZtPrAp++IPkj +OcRwWAE25mVEVvxknBD1W/zdzqv0QZZM1ml4SopfbmFvQDfKWfm65uAE01+hcx3D +ep20KqcSNv/VONzVA4ug4p4CILiT/zNP1rq7sLrJhOjg1oNABR42goSJAoGAcs1N +Ajr5a92tmbEKOkc/WQGMOxUr5Bym5QlivEUWG/PITElZSVjp5Y5bomCX/K1teg2C +wh2iHDD3/PkavUh6s6jDz+91Lt41QX9pB3hhnx+tFuBrCEd6zLLS4AXoDwakmiQV +rmZCvpPzjAzMHL2EHNCnQ0Gqz6QdhYjSav1XUYECgYBiv8t7WZFLIsi7Baa1oocv +VU9WsohcqTGP8/i+J4fuRRVGDLl/jcBFm5dYzGVSbpBaM0qhfGIyaAmInHozxooR ++izbLM5nSAO3fXEsPROEx9RwLxQmrs2Ee5W4qDajTm3VOhfQXHQf/z5o3xsdnQJt +mbHCXPhmMn9O6jmrDlGeMg== -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-1.pem b/tests/data_files/pkcs7-rsa-sha256-1.pem index 3795b7188..deee4b2e6 100644 --- a/tests/data_files/pkcs7-rsa-sha256-1.pem +++ b/tests/data_files/pkcs7-rsa-sha256-1.pem @@ -1,48 +1,48 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUe97d0kRM0c3+XEGoECyJt98ubL8wDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUI2LNEq0VTrCDZpmJyvSG20rKV+MwDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDEwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD +NyBDZXJ0IDEwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMi2z2mJnNHw67TKZFwF5w4N -Lv7dzGHQicvVFaOaNXm5I0O2HsdQBg+07TeHYzJADkJfHTdsfnXClzMU7fS7MMj4 -3QO5/P+VWiRdSRN61uYAVsrBlVKoZdUhhxh8wELJxJ4+OpwXpTS0U82rwMsRO09j -9bMXS57pkCsZENEUlqJ5p0Mmrc/uEL/Z5+uvuzd76bY5WRZdE91XURccra08HTra -xovIAR1htUz2AXi+NoOaiayRq0GePKN9a6iB0lUYxNtovKb3yDYC9pmoaxf7Hnc7 -y+dLuTpJslGuhkKLV0Dhhoux1vq54ocS6Y7DGa2Pyk1zAQxLCcS4BFiWHnzwg1MC -AwEAAaNTMFEwHQYDVR0OBBYEFIru5ZR8xnxd1RWnbip+zTHuUv3IMB8GA1UdIwQY -MBaAFIru5ZR8xnxd1RWnbip+zTHuUv3IMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAIIda5jNRX3r0rCBrKJ+vs1Pk6zIKEQ7Oeq/+p+k6eRUO0b8 -wx4rW0gXeQPeppaaxKLMZXBlA5DxsI1DpML5dcfti/M1bHIYOAISRRqPEd5GVTy8 -1ltCVN249mg06yHdoqjzO1geFIRVesoblO6JMd3xYDe3pxcTIakZNq/Cf/zjld51 -1fcMuLWu4F/1BwiNZa8eQ5Zs1Cy+b3+s+NrgVd2CIrFpZSFyP4EkUXhZXJha6Rf9 -SzmYdz4al7e9EAhURvQlm8wJpFSSkoLBuJtx7Vh6d14KPUU2NB9F2ulp6AbJb+/H -EGd3bAK6IhIrkZmxTAwowESHUJBwuX890tbZcnM= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqiVc1m06wYnKshqXSoOFDl +iFW6F/3I/vVmD6/kyTmsZ425tiCiunmSR2rlJc7/2aWbTH0P3ut3dinnooUsSws8 +EwRTjSdECDzF96QTCIUvhMHINQfpQuxSr9leK3AvoiCPi3XUefKhTuoF1A/bTQx2 +QcNzJluQPAzdvUDFBZLdLImjJ7gid1j7KSRZHjVxnFPnolr1EELXDJs29RVup1in +8fOaBIlHEArWuSgV2aQ7uVLuBHM8Nz0Y810PElgUaOCMxGvo/Ew4TpBJfDipSD2l +WFPisxnBzjmq3byi+mARpr+BHxETvbrZ1uRbaIA6bzGL1PZlw/vMcvuTHu3yKMkC +AwEAAaNTMFEwHQYDVR0OBBYEFBvPc+YWbxPtP3MFjmyrL6lQkJJvMB8GA1UdIwQY +MBaAFBvPc+YWbxPtP3MFjmyrL6lQkJJvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJK7huNJR+TlkZBHiCtb0KMfljHRWPuAL6fW0mGvBDeZyRTH +OzGdqgjnYzgYZ538pG7TsMGomrSQwlATfICKsf8dNSlnPqOiIPo2fdd8gr/tO7yl +FG/KvXk0v5Dfs4RGUs7UYdmzncEYC2JsToFsD4jja+5tnY//NJRxkJdswfn+wBqH +wN+y4qELdq+AEBKymbQsIwOBt3UdeVUwBBjtqJXFtET9yhqkqVxnb/i0jHrhjyiS +Q/Y+T9s35+A6XlI6nSiJLDxMfgJVCWa2OtGI//aAlzlw+6dHiiJVVBHpZbW0YTY4 +qE7kjhPrddJYlB6k4S3ub9j4e87k0P0IyFptxw8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIts9piZzR8Ou0 -ymRcBecODS7+3cxh0InL1RWjmjV5uSNDth7HUAYPtO03h2MyQA5CXx03bH51wpcz -FO30uzDI+N0Dufz/lVokXUkTetbmAFbKwZVSqGXVIYcYfMBCycSePjqcF6U0tFPN -q8DLETtPY/WzF0ue6ZArGRDRFJaieadDJq3P7hC/2efrr7s3e+m2OVkWXRPdV1EX -HK2tPB062saLyAEdYbVM9gF4vjaDmomskatBnjyjfWuogdJVGMTbaLym98g2AvaZ -qGsX+x53O8vnS7k6SbJRroZCi1dA4YaLsdb6ueKHEumOwxmtj8pNcwEMSwnEuARY -lh588INTAgMBAAECggEBAIg+P1B+TurbRMQ11iX5A7wwCsSKPh/vdHneLJAfL0lu -+JcP2piko1iqEZPt3NHRVVyMP8LNbJH3Ardz74p+PkFNXIkZCLlc4hFpGR+V9KWv -eTqsaPXwxR8FYTSoCcHMQCDCUPp/um6qMXCcs4OkMMRVMATfPT+jf28h1p52AUJL -aAoBJfn7gP3WiB0FWq0bRZgSZzNYowE/MhGAQ+DuBGTSASSK3YJcxE94044fBVE8 -EqYKrxoY/x56li5cZ0v9kaURCrvhqCeq2+U5kIkgtvp2l6wF0Mm1du3BLxo2LQEI -Y2j+6BFEV74Mtv48GTwrZcyit787zyo9vVGcviSD5VECgYEA/mgLc5KfF/cQLmM/ -20T4k0edvktkRIJHFUBphowt5Hb0a0wM5C1VM4z3yN3b9ikQK+ZaQXETdPATBXIe -LntX1D1xtbMxdcAfd1FSq8QxAuaPknJZBgtzlpCsx3ZvMnNuzKZN/TU8kR1biwPE -9HaeEG3bouUu+CI/l/DqrBbQRacCgYEAyfiqsLWGhXQ7e3pLk47PDYlMOsjDWPjs -SGcatH1/lIMWyZue4W2IUcFMbpbjA6QWibo3VnOavIRSTn97JNUWYvgc5MmaQ7iX -Iss4m3vJ1LIqx30iUgw3EfDoWdpufEEYssZ/VxJPs3sdmZGALgd3CaqxHJuhuS+U -eVhWzD6LonUCgYBRCbt8GRxsedrBrAPPSO0VnR52W3WZDRavglEa9tQ3jlzVQOhq -VrZpMWJMrb8/bl0kXsApUGeuPDsS5QMQM2IKzXfHNUlwBL8BNvpqlJg4IFFjiOEq -t8MeFv+ymdtZ6sNElUUKf0bHwt5CLfUzGgXHnfb0sKSBjgdL0wYtwyacyQKBgQDJ -NcyG4zEy/srLhtiIFnu8Fo40+hFzL/nlX6JBMc3KHJa1Hy43krF+ET6d5gAffndd -moDKxbzgFksRHPuHhCobSucuHpJq6RjYdvDcJYS7OwxXVRi9+KFcZE52RaBQdWGv -qQTvr7RrMDoa5dN3B8TVgpGT2JBTN02JXjKKo7zkiQKBgCZwKDiXl7qsGidvlFZc -4CEtFsCgnNgdRTzsTL/Pr8q9CBK3BhjZjNzQALF1iGFDC1FdFYFOwI1E3j+MRHJB -rQMF8zbmmlZ6SC5QtqatCSCCKUyrUjD5J+4UfJqWFjiBBdwz+5VJojHw1yijEwl4 -LrS/V2yBrDJVczQQM4psonLF +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCaolXNZtOsGJyr +Ial0qDhQ5YhVuhf9yP71Zg+v5Mk5rGeNubYgorp5kkdq5SXO/9mlm0x9D97rd3Yp +56KFLEsLPBMEU40nRAg8xfekEwiFL4TByDUH6ULsUq/ZXitwL6Igj4t11HnyoU7q +BdQP200MdkHDcyZbkDwM3b1AxQWS3SyJoye4IndY+ykkWR41cZxT56Ja9RBC1wyb +NvUVbqdYp/HzmgSJRxAK1rkoFdmkO7lS7gRzPDc9GPNdDxJYFGjgjMRr6PxMOE6Q +SXw4qUg9pVhT4rMZwc45qt28ovpgEaa/gR8RE7262dbkW2iAOm8xi9T2ZcP7zHL7 +kx7t8ijJAgMBAAECggEACirXl611yERng7iPRO59InOPKOzXID6XpgDHkgYJ5ZcE +iYzvENsGRhFUTQ7jUyafM8x/5V62ZnbYwAVdGiLJDeRtryyDtNPcM0vEfkcqmaA/ +20J72yjvF60RpyoSEtqs7zVlAvK9MHMDBm/q6z59BM9fQFfJSz6y9hkb1R8HQGpc +ktIBxqANvQ3XYzPwxBdECB6YH12t1UkCEFNmOVup7M/TpMBu79h4cd69Q709iOqP +9kIOxABrRE7evWpwYHFCI7QfbRpFeY7I9b94NQULmOLKJm8QfYfXumzfIQ3gqUW2 +WyIOJc5zAftQ/7Ddu5CKbqsL7yBiMGxI4IHQZ/gEcQKBgQDBE3Fl8XW7JpP9J0vw +VvCBGJgPOU7tn9JG082RUr0pi7HRiEo23zL37PvwPwjn81SkWmh9WcIQFm8Ip4Oy +9sUMR0oInjU3PaAI2oRQCOPynod23wC4tVmjLrNBek8T2AnTtkvSZalooACNumgD +Ef/hpMYDa2O9dTbjtqNOp2AOuQKBgQDNB6UGzwY+HDG444Ir/Q2s2XjOD1cvG3q8 +3NaSnIHuxJeUhYlBXmWsygpGLrq4i5h4EWPz8qKWQwBDwsZIBGisJFQcQzsXS9/Z ++F8l555ikb/AsbZHrWw+miTauXT0xe1dbjkqqpAiiYfJFeDss32WqgaAUD28IK9P +djR85p9ikQKBgHuRDPcYZKelFftjpfcoPP3yFodPvxLXQUVxElQaZtPrAp++IPkj +OcRwWAE25mVEVvxknBD1W/zdzqv0QZZM1ml4SopfbmFvQDfKWfm65uAE01+hcx3D +ep20KqcSNv/VONzVA4ug4p4CILiT/zNP1rq7sLrJhOjg1oNABR42goSJAoGAcs1N +Ajr5a92tmbEKOkc/WQGMOxUr5Bym5QlivEUWG/PITElZSVjp5Y5bomCX/K1teg2C +wh2iHDD3/PkavUh6s6jDz+91Lt41QX9pB3hhnx+tFuBrCEd6zLLS4AXoDwakmiQV +rmZCvpPzjAzMHL2EHNCnQ0Gqz6QdhYjSav1XUYECgYBiv8t7WZFLIsi7Baa1oocv +VU9WsohcqTGP8/i+J4fuRRVGDLl/jcBFm5dYzGVSbpBaM0qhfGIyaAmInHozxooR ++izbLM5nSAO3fXEsPROEx9RwLxQmrs2Ee5W4qDajTm3VOhfQXHQf/z5o3xsdnQJt +mbHCXPhmMn9O6jmrDlGeMg== -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.crt b/tests/data_files/pkcs7-rsa-sha256-2.crt index a0df7d93d..2f0becb5c 100644 --- a/tests/data_files/pkcs7-rsa-sha256-2.crt +++ b/tests/data_files/pkcs7-rsa-sha256-2.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUVk1VQCWvWZ4ycHmycg7wDfN8+3wwDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIULQiixEME/TOd8CzfFgp/HxWQOj4wDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDIwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD +NyBDZXJ0IDIwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmVNZZ0/qcT+h/lVNO+gP65 -lERTTudQ15h8QTLjaKhx5SSTLnuUhD0jLbR+ng8PMqdJ8ePkZEh1+7mi9MHzID4Y -c47jH8M+Jc/JdBr6cSjbFd23QHESUjKKmV1IjSHc6Llbxe962z4gEXYjJAMkfr6B -g1iecK3AlnEI4F0BsQfC5dgA4Qce2okvcTuhYgvHtLZ+UN4ca50Kw0o4u5FYdl89 -KDCE4zNp8MaaxGC83xcM4A9XqjHyZ7a2wvACTlmLQ2q/E+RN/8THEel4Y+yv82Uj -j2LqqEaA06dvSdOPdaGz9jUZauqBw7TcuGGVzrrsZ0g/sHXKng9TppehAV/HrJUC -AwEAAaNTMFEwHQYDVR0OBBYEFI5FVrtfLwPXRERcyVX6qBVvfoduMB8GA1UdIwQY -MBaAFI5FVrtfLwPXRERcyVX6qBVvfoduMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAKRl0wgREe6eAduJSV5fs+Ec0s2qs2lHQqt/0JGEIbZBBtka -q1UH9CIMMAd6Kb0kh5GlJT2shg/EAYWoitMwntkeRYTln2k2/B5jux+U5Ph4HyC+ -ad2GqmsoXWDru79rltT7Pv1hS1ofJyQ4Jv88vQA/SuIIRGdTC24VAVgg00JxvDRB -xeqsQ9Pld4ebg4VvqsInnSpmKCcxfWxFhJk/Ax8bK/tV/GnrPiwsvry1j9nZyebS -IyI01/6DwJS2ZhFnsLGyPHFOAFNtomjIdQ6gf2L1wq0qiGOKj/K9IzFNCpCz82a+ -gMgqFzCT5TCZC16kUG2NA2pXAx9O4uppKjRk97U= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANarbCe4NkIbeBjAEKWuHhA7 +haz080iy8N1Xbdr0Xa6llOLKgsDVNxkzW+WHRgJNZAtN8XgT7IubIrno9ygcBK5B +b1E4/Butpfnw5aSJhW2uI8Wl7/xCvonEDd3jBQUA4cO8x3ie+7WcGJC2mUXlgUuJ +jdvX7/px5DQuJwy0R3Vul0IOSBvzXVo9UOTYkmoQI2e2UcAk6aU3zQKK8Db5dmlR +cA+sVCb9j1tEmSXQAj0XfXv0Sqijwr7MUYB9vUt2wYexC3b0SosqNqg7MYx6eDUJ +adVvPwHW4VQh5Rv9TVYr9Rpc1pyfgjtvlnouPU+yROJ9VO0irbMY5LI2rAIpQksC +AwEAAaNTMFEwHQYDVR0OBBYEFOozYBd7pxAmsVUtJwSQvRGNvKO9MB8GA1UdIwQY +MBaAFOozYBd7pxAmsVUtJwSQvRGNvKO9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJmOMP3gVqP0/vFqPdMjIa5Pjtwy02z4Z4uLplo/4K8CQp6T ++XMfz+p/UDoglyAuZ34TQ/dnGMM9EFEBgm/O5dJHl442+FrortIEhzGo0QAf+XYK +9HQKVk0a5ecVO9CZw2mduxMJ//r9GyFG0XSqpNqt2yi7UgcPsrq+2OqhzYngYmyr +V5HtQzwBaIqwoXzhHIOX1pJg4GUxrhsaqInrhUM0VTdfpKcRlzFsimQ60LZ6GMcm +rPy3oLs1ioVfYS7et0MnGhgSHIjBeocqYKchzfBk/NnF0eK+lJo+hrGk6F2rDJ4G +ViNKP6MhMBzlZ73yTRTWZcYu6O+sg5cHwjlHhRc= -----END CERTIFICATE----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.der b/tests/data_files/pkcs7-rsa-sha256-2.der index fc7a3eabf7b575630dd1a9d74ad17c128a902cbb..a101435991459604a11220538ecee2b8b248c221 100644 GIT binary patch delta 668 zcmX@hc9u=qpo!Vjpoz(F0W%XL6O)K8$D$+7EPsvXe$cru##JvbI>E|rqOzBiv4N?9 zg`t6=rJ-SzIIl4hcVc@){k7FO>O0Jwq$?y22rOMECt%&W=F4Y~O&{)t=id4fyKd=} zN2i(&Ts4<8j(*zi#^jsA?fbDp_)Yh0rJXOnYsj#ybIcF4_#?e`>CX>Omvpw~u2Vj` z^!*>FeVs>m?>=T_Wq5da&+&?Rzqihjn6Pc8>(fT>&feSC-~TFnVxp(cv&Fr%K5x1c zpNI74*eKh8CpRW#2`Hy;3p}9ma;f=QrmhcWKg%)$3;5TBsQvAacA2Sqfyq|9w)%_L zip7Waoe6BH-RoU;uze$U*%z;FEwdHYhCNjkrkt5q^X(b0Jq%HND*e|tO#7=;%(Xf5 zo2>JvRq5IKZ*qB58}e3Z?PiH5o6OcQX?i<(GchwVFfI-@2sDsoV-A(&V-aH!d1ag+ zUcFpEZDXjeI?IH;g1vhd?=_GINh`BR7>G4sRWMnDNwt1vpTXY;VT-@~`WRn`p9`k1(lnM_&)G{uK8UvQQ1q%$k4#Z z!qCjnz|<^CoY%-0!JXJ1QGar(>9mr6%Y}c*KMlFOui@X$DK5c&&jYT{sBtuUoUx+t zsmf%%>M1R@%DP+X=JE3zE%*HR_(_UK>F=G3z8w6lU?)-B_gMb0o$C3MB~rf%HExUE z-R@8*6lByjGuES5@y?5#(MR7`-L_K@EK^otR;k<9*c>shVC{ivg&YrJ88@=mA9{L& z;UT-+txo+y>xD_&$G2>&3%DnfJ(ugSm&NXh5oPhV8U`(ojWa(Sn{^~%&wX*82mIly z3_qoB+ji&!lV4=FbJl+0C%*rW92b09k^E-;=TznXq*p848ZIx-_q^O+x^VM1Q^~AX zjfc0~*^xN)+^#q29`+kbPtD^GUN(IpWBhUNHB*_G85tNC2O9($$g(kq%JQ*@v554! zhV72mXTI*@5_2;2*9y`6y7oK+d62X+i-dt#16Bo-HJDWEm!w|i5EOhjkMVY=XI%W| zhccJWuG*aG?zFo8!o(KEZH{a=rB;Wse^KHwV6W2LtI|GksjBUoHvS`wtt+}N8_c^Y z=i2ggex}(Ux#ZpQQ=a^&kXP83dADs)rdar(OAN_czfyN?u*XLhZlJUIu%w zM;tEc!Q6SGj1dZ#o$3qsm^dDNwZ{4K)AIJ&&8_*X4yn)8O4Cp`tj%$4nQ6}~FRlGM z^iSq%I~|>Ud$#u9ym|83C1oX(>;IY$Oxczun7(1-CYwS(hTz;q87E5l7StzwJ+xM< zBe|>p(_UpmU#ep`eve*dYMG=kecuWIcTFeT diff --git a/tests/data_files/pkcs7-rsa-sha256-2.key b/tests/data_files/pkcs7-rsa-sha256-2.key index 659c01566..fe78b1130 100644 --- a/tests/data_files/pkcs7-rsa-sha256-2.key +++ b/tests/data_files/pkcs7-rsa-sha256-2.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of -5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5 -ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2 -IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK -OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp -eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX -oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM -NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7 -73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD -w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T -i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB -qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9 -ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH -slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo -in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D -NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w -+CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95 -0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG -+fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ -FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI -xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9 -1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3 -kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa -uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO -0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ -Qn6c/zyvMKSyrCVxo5pTd5Il +MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDWq2wnuDZCG3gY +wBClrh4QO4Ws9PNIsvDdV23a9F2upZTiyoLA1TcZM1vlh0YCTWQLTfF4E+yLmyK5 +6PcoHASuQW9ROPwbraX58OWkiYVtriPFpe/8Qr6JxA3d4wUFAOHDvMd4nvu1nBiQ +tplF5YFLiY3b1+/6ceQ0LicMtEd1bpdCDkgb811aPVDk2JJqECNntlHAJOmlN80C +ivA2+XZpUXAPrFQm/Y9bRJkl0AI9F3179Eqoo8K+zFGAfb1LdsGHsQt29EqLKjao +OzGMeng1CWnVbz8B1uFUIeUb/U1WK/UaXNacn4I7b5Z6Lj1PskTifVTtIq2zGOSy +NqwCKUJLAgMBAAECgf8TtKi4/K/+YYckvnzIuLMJymz684FhqwtxRhVPhB8VaR3B +s9VM3kWwioZlC4XhsDj+0KjZ3PpZ1mPZrQkDJY9Ib7lIO3LpF4ek6fgqonUdHF8s +RY9CGN5kxxp+w9gyHWKcFTg6Wl3AzhNzNU/cmrTDulzLUYc19j58i8AJ6oKkxNcT +gie9c38wDjZr67cynARkS9N94WkMsOQzM59TzOfukldsbwYISZahR/L9hgQqzcFL +hxsrQbZ0M5XFziOjuDGzJZswbbTvkupqt0EwEXcI1jnvOtKPC50RaIY9y9sQYRPX +RXFzUaBGKHjLWtEYQd/bXWTtCLx6C4FDRkOsVQUCgYEA69z8xq8lp77lD2gNsh3x +o8cnnx3xcwnj+9bEDDKXgA1RBwnXpQ/Gq5Jme7zm9552xJXDQwckuJQ9/Fd4L8Zy +ZjyOuYC6Mdc4ncwo1yT9Rv6ipSq/dsVKQbMYaOxtQ6Lce1wPyF32slu2mPlwOgIo +w0Adl3MqC+Gk3ANcPWyJha8CgYEA6P86jw8MfaA4qTn6Zy1YEq17+8Chd15PA2E7 +NWdEL75Jr+Im9kTY+niWcZo6q/JKa5FokxrSB988NMK6Qd20d2gZijc1yHprC1fq +W3RP9C2qvEOs+4+w38F63JkBXOyqh6+bqclsEDk5COoe2EdIevF4PQheWuQtbNHv +7G5yECUCgYEApNTDMnakch5OJf4p1BhpDnPXlLNwUVzQHudwCrYweiTUQ371XT0x +MiYVyNOy9cmgZrHiy6zqVLQEvZzDOWAOArS/aZQ0izBFOMG8qN4Iwtyg/ZxqQa6O +vmtS28Cee24Nd4hW30gLZ4oAideIPoHTyt+7zmOFNthyRe9zPtnjIbECgYAfnrOV +wpcRXXMTFDk1U2QGdODEk6nWB0h1zvY4EyGf0RUy92AOP92qcD8Kf8HCoAkVfBBT +Fmq2gscq6dpZIfth0RDWPxPfdy2bxnyZmLlZC/GFxzFsml2IoDtKQMF8mOmzrFNV +wW4W7Y0d9pflBheCB88niUE02I6JnBwRXBPCuQKBgD01VJsGqgFvlvjK0KVpPVCB +KK0GPI5TFNSDjYSIG25Vm4lYmiWwr54iaqWvlK9SFXH0C9R1VAuU+uaY+8tGM4o5 +RO9mk0AvIJ4BC0FZHS2fHDld/37WO3rh66Qym6zgp02ZPYDSLXT18sf0SVMAzU7h +2j60FMMEJPr7clx+n6xU -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.pem b/tests/data_files/pkcs7-rsa-sha256-2.pem index b11a00a19..71004b5f8 100644 --- a/tests/data_files/pkcs7-rsa-sha256-2.pem +++ b/tests/data_files/pkcs7-rsa-sha256-2.pem @@ -1,48 +1,48 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUVk1VQCWvWZ4ycHmycg7wDfN8+3wwDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIULQiixEME/TOd8CzfFgp/HxWQOj4wDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDIwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD +NyBDZXJ0IDIwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmVNZZ0/qcT+h/lVNO+gP65 -lERTTudQ15h8QTLjaKhx5SSTLnuUhD0jLbR+ng8PMqdJ8ePkZEh1+7mi9MHzID4Y -c47jH8M+Jc/JdBr6cSjbFd23QHESUjKKmV1IjSHc6Llbxe962z4gEXYjJAMkfr6B -g1iecK3AlnEI4F0BsQfC5dgA4Qce2okvcTuhYgvHtLZ+UN4ca50Kw0o4u5FYdl89 -KDCE4zNp8MaaxGC83xcM4A9XqjHyZ7a2wvACTlmLQ2q/E+RN/8THEel4Y+yv82Uj -j2LqqEaA06dvSdOPdaGz9jUZauqBw7TcuGGVzrrsZ0g/sHXKng9TppehAV/HrJUC -AwEAAaNTMFEwHQYDVR0OBBYEFI5FVrtfLwPXRERcyVX6qBVvfoduMB8GA1UdIwQY -MBaAFI5FVrtfLwPXRERcyVX6qBVvfoduMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAKRl0wgREe6eAduJSV5fs+Ec0s2qs2lHQqt/0JGEIbZBBtka -q1UH9CIMMAd6Kb0kh5GlJT2shg/EAYWoitMwntkeRYTln2k2/B5jux+U5Ph4HyC+ -ad2GqmsoXWDru79rltT7Pv1hS1ofJyQ4Jv88vQA/SuIIRGdTC24VAVgg00JxvDRB -xeqsQ9Pld4ebg4VvqsInnSpmKCcxfWxFhJk/Ax8bK/tV/GnrPiwsvry1j9nZyebS -IyI01/6DwJS2ZhFnsLGyPHFOAFNtomjIdQ6gf2L1wq0qiGOKj/K9IzFNCpCz82a+ -gMgqFzCT5TCZC16kUG2NA2pXAx9O4uppKjRk97U= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANarbCe4NkIbeBjAEKWuHhA7 +haz080iy8N1Xbdr0Xa6llOLKgsDVNxkzW+WHRgJNZAtN8XgT7IubIrno9ygcBK5B +b1E4/Butpfnw5aSJhW2uI8Wl7/xCvonEDd3jBQUA4cO8x3ie+7WcGJC2mUXlgUuJ +jdvX7/px5DQuJwy0R3Vul0IOSBvzXVo9UOTYkmoQI2e2UcAk6aU3zQKK8Db5dmlR +cA+sVCb9j1tEmSXQAj0XfXv0Sqijwr7MUYB9vUt2wYexC3b0SosqNqg7MYx6eDUJ +adVvPwHW4VQh5Rv9TVYr9Rpc1pyfgjtvlnouPU+yROJ9VO0irbMY5LI2rAIpQksC +AwEAAaNTMFEwHQYDVR0OBBYEFOozYBd7pxAmsVUtJwSQvRGNvKO9MB8GA1UdIwQY +MBaAFOozYBd7pxAmsVUtJwSQvRGNvKO9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJmOMP3gVqP0/vFqPdMjIa5Pjtwy02z4Z4uLplo/4K8CQp6T ++XMfz+p/UDoglyAuZ34TQ/dnGMM9EFEBgm/O5dJHl442+FrortIEhzGo0QAf+XYK +9HQKVk0a5ecVO9CZw2mduxMJ//r9GyFG0XSqpNqt2yi7UgcPsrq+2OqhzYngYmyr +V5HtQzwBaIqwoXzhHIOX1pJg4GUxrhsaqInrhUM0VTdfpKcRlzFsimQ60LZ6GMcm +rPy3oLs1ioVfYS7et0MnGhgSHIjBeocqYKchzfBk/NnF0eK+lJo+hrGk6F2rDJ4G +ViNKP6MhMBzlZ73yTRTWZcYu6O+sg5cHwjlHhRc= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of -5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5 -ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2 -IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK -OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp -eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX -oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM -NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7 -73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD -w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T -i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB -qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9 -ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH -slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo -in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D -NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w -+CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95 -0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG -+fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ -FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI -xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9 -1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3 -kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa -uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO -0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ -Qn6c/zyvMKSyrCVxo5pTd5Il +MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDWq2wnuDZCG3gY +wBClrh4QO4Ws9PNIsvDdV23a9F2upZTiyoLA1TcZM1vlh0YCTWQLTfF4E+yLmyK5 +6PcoHASuQW9ROPwbraX58OWkiYVtriPFpe/8Qr6JxA3d4wUFAOHDvMd4nvu1nBiQ +tplF5YFLiY3b1+/6ceQ0LicMtEd1bpdCDkgb811aPVDk2JJqECNntlHAJOmlN80C +ivA2+XZpUXAPrFQm/Y9bRJkl0AI9F3179Eqoo8K+zFGAfb1LdsGHsQt29EqLKjao +OzGMeng1CWnVbz8B1uFUIeUb/U1WK/UaXNacn4I7b5Z6Lj1PskTifVTtIq2zGOSy +NqwCKUJLAgMBAAECgf8TtKi4/K/+YYckvnzIuLMJymz684FhqwtxRhVPhB8VaR3B +s9VM3kWwioZlC4XhsDj+0KjZ3PpZ1mPZrQkDJY9Ib7lIO3LpF4ek6fgqonUdHF8s +RY9CGN5kxxp+w9gyHWKcFTg6Wl3AzhNzNU/cmrTDulzLUYc19j58i8AJ6oKkxNcT +gie9c38wDjZr67cynARkS9N94WkMsOQzM59TzOfukldsbwYISZahR/L9hgQqzcFL +hxsrQbZ0M5XFziOjuDGzJZswbbTvkupqt0EwEXcI1jnvOtKPC50RaIY9y9sQYRPX +RXFzUaBGKHjLWtEYQd/bXWTtCLx6C4FDRkOsVQUCgYEA69z8xq8lp77lD2gNsh3x +o8cnnx3xcwnj+9bEDDKXgA1RBwnXpQ/Gq5Jme7zm9552xJXDQwckuJQ9/Fd4L8Zy +ZjyOuYC6Mdc4ncwo1yT9Rv6ipSq/dsVKQbMYaOxtQ6Lce1wPyF32slu2mPlwOgIo +w0Adl3MqC+Gk3ANcPWyJha8CgYEA6P86jw8MfaA4qTn6Zy1YEq17+8Chd15PA2E7 +NWdEL75Jr+Im9kTY+niWcZo6q/JKa5FokxrSB988NMK6Qd20d2gZijc1yHprC1fq +W3RP9C2qvEOs+4+w38F63JkBXOyqh6+bqclsEDk5COoe2EdIevF4PQheWuQtbNHv +7G5yECUCgYEApNTDMnakch5OJf4p1BhpDnPXlLNwUVzQHudwCrYweiTUQ371XT0x +MiYVyNOy9cmgZrHiy6zqVLQEvZzDOWAOArS/aZQ0izBFOMG8qN4Iwtyg/ZxqQa6O +vmtS28Cee24Nd4hW30gLZ4oAideIPoHTyt+7zmOFNthyRe9zPtnjIbECgYAfnrOV +wpcRXXMTFDk1U2QGdODEk6nWB0h1zvY4EyGf0RUy92AOP92qcD8Kf8HCoAkVfBBT +Fmq2gscq6dpZIfth0RDWPxPfdy2bxnyZmLlZC/GFxzFsml2IoDtKQMF8mOmzrFNV +wW4W7Y0d9pflBheCB88niUE02I6JnBwRXBPCuQKBgD01VJsGqgFvlvjK0KVpPVCB +KK0GPI5TFNSDjYSIG25Vm4lYmiWwr54iaqWvlK9SFXH0C9R1VAuU+uaY+8tGM4o5 +RO9mk0AvIJ4BC0FZHS2fHDld/37WO3rh66Qym6zgp02ZPYDSLXT18sf0SVMAzU7h +2j60FMMEJPr7clx+n6xU -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-3.crt b/tests/data_files/pkcs7-rsa-sha256-3.crt index 5f22ce2f5..03ce5b35d 100644 --- a/tests/data_files/pkcs7-rsa-sha256-3.crt +++ b/tests/data_files/pkcs7-rsa-sha256-3.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUYkdymHWejgRxiuVjFV81I8+4TNswDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUT1tppAbQpx6vLbVzRx/54bi0ehowDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDMwHhcNMjMwMTMwMTkyMTQzWhcNMjQwMTMwMTkyMTQzWjA0MQswCQYD +NyBDZXJ0IDMwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJ/vfx54ZcwX1ImcNW6ERqk -XMUWzQnnNrfKBRkxebIq/NAu/5vVE6D2qAeNBiZO+O3dYcyJGiP6O+SfzyKKrG3z -7O1v4ONY3A5P0ge3LJpj2MaUzPOANdQ8444IdWh1cP02uDhVJxgab6cSoFykK2bC -lETgb5XrV9/42/qCrT+UTuuRFadRLtO7lcs4ZoVCUJ/hBN2Ad65rX6TAc1AmUV+K -gO6b0ZvnVW1cevZ2rlpUqcoJyYtYE3Ysd/aVpqE19vS7gMXvFL616a4d+IUi2Rmu -6uXBYGvzf7eLVLpdzwSurG0oEklfSjDHejxKX7QETlSLNwODK/W0Se+sQQt1t0kC -AwEAAaNTMFEwHQYDVR0OBBYEFC7YxdBlJ9oR3H+KJt8toimNCyudMB8GA1UdIwQY -MBaAFC7YxdBlJ9oR3H+KJt8toimNCyudMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAGqqNRMi6uJRCPFae7L+yOY09FtFjMCY/1cvHjnQzYk3i90u -WiiZfOUD8js96SkdanaZEqxDNjx0VM3t0KDPrNHTMP2LDK58sktPRi62C2eHWI3C -PfqmCxWjSKjOeUaJsVBU4rfQgvnMFlG9iVfhix3aB79GfBSQmLxLAOBVsphTLL6C -AzJ60WjSM9WhILV4U5QnpTUuXFId+ub43jOHfLtJVk2nM5YSaZ0H9jM69FzOnqFE -qUuJ7d0CW256aiAz3hs/y0wXImFUPCfoU45nw7fFcb/EMon5cqgx99IADLecHL8P -uOX5xpJ64mBR5NuVdH2d4bld9vh3sOcCGebHaWw= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO1SO1OUqWVMqINj+MZPgE5s +8sdFrVyXlt/3EqXNs6zUBr12Kj4USt5tmVyF1FxYsw76U1ZpeUUBIrQ62CyQgZtD +l96tipHbxFneWXV0COrp+2rjWUDz3bY0lM39JCrOxlBDx/QYOJHm4HAeWPkg0F1R +26kKLNUYxg54gtjnauleWefrMcV3S69RTJGlf3hVJ1fltz/yw8N9XG8XxANZT0Cz +JV31yzLMxCTm2iBXXALSkw5QDVT+SD0mbkYT26bwtAvXptPjbC7ZrOxYyrmnhk2U +aPVewp5ncrDhZpfKCXVG6qtSQ3zHu6WwBCk3hdZ9RpBMDMOm+VFl+rGgD46p2osC +AwEAAaNTMFEwHQYDVR0OBBYEFGNzo9wwEk9/t6xxxpby/NRmNJRlMB8GA1UdIwQY +MBaAFGNzo9wwEk9/t6xxxpby/NRmNJRlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAKJEmDyEmw8Q6mbaqREvmNScGrA60wONTQdlX3lny4VzqAzi +MxIeCIfwSvR9Lho0lPmFMErdDPTUKzWmlAXUSlsyjnGrqP5uCixTUBZ9Ic1gaxDz +Mere8nr7yow+I9euYNN1/dNJZP9mcrP269FGyTuM/8Woi+zaJHr0Y8K9TRRXudqP +wu6X/qZ+OeQrW4WMeb1+eZ59FtRadamsQabxvtgkRJhmqNsGQ/i+S0SqGt2t2xvq +lTxshA5p17bLQmTJsNKXbQeVPH99M+ecXvwN0hj3fDnQeDMTjdKOsyFupyZ+vxN+ +pFvT7lP0hrOuU07FFqt36B0xObB1QwZb2DPcEIw= -----END CERTIFICATE----- diff --git a/tests/data_files/pkcs7-rsa-sha256-3.key b/tests/data_files/pkcs7-rsa-sha256-3.key index 3cdc717b0..17c4eedb1 100644 --- a/tests/data_files/pkcs7-rsa-sha256-3.key +++ b/tests/data_files/pkcs7-rsa-sha256-3.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDSf738eeGXMF9S -JnDVuhEapFzFFs0J5za3ygUZMXmyKvzQLv+b1ROg9qgHjQYmTvjt3WHMiRoj+jvk -n88iiqxt8+ztb+DjWNwOT9IHtyyaY9jGlMzzgDXUPOOOCHVodXD9Nrg4VScYGm+n -EqBcpCtmwpRE4G+V61ff+Nv6gq0/lE7rkRWnUS7Tu5XLOGaFQlCf4QTdgHeua1+k -wHNQJlFfioDum9Gb51VtXHr2dq5aVKnKCcmLWBN2LHf2laahNfb0u4DF7xS+temu -HfiFItkZrurlwWBr83+3i1S6Xc8ErqxtKBJJX0owx3o8Sl+0BE5UizcDgyv1tEnv -rEELdbdJAgMBAAECggEANIkePRecNnQjriia67SjFS+lWaktpkWXEfqxGA8RjOaO -r1SzhcyBuCAnYq8PNFtsZE1m3bnwFL+c2BwMgdXzYAPLg5zzFzqzvTytsjBEyQmX -bkRv/Gvow14o+udgiiAZgZD5HFIgTjM2349WB5kPnfd9Ms2C+/s/NM5y9IxNufqR -Toto9xwEviJDNVQUeamMbV1hYg0GkvYFNBg5JnGZw+2Sxdml3NFkaHjO+lOhC1VJ -nhtP0OeOhEMJe9J/MlqkByeg4WQW+jgPo9ysOa+JsEYBokBTleAboNNUJz1SmZ2o -CCLcMaEwA1IFZAbqjKzPb0xwjeZAtPsBzGFBwiuDyQKBgQDdCkiCeo+AuCdIK4Y3 -i8uf2Pv/eieN37pHBJZcRvNbwcrcnk4Tx0QAsiqnemLDurd+3Xp2BbPMKSNXNkaI -X4KAtv3hh6sNCQZ2QwkSGYvSOrR4xaExbeuPlrDteLG6Z7W+Txl6iFR8r7sbdySD -XIIB2yyyh/01gkphB1XPhPxAnQKBgQDzyqf8IccG/yoSm/luX7yKbsPsLMnV1CkR -hKaPik9vA8wi4P460HqGSwjECubbx2LuGNijVRHqufu6Arm7/hMNya0gA4ToHN+i -r7MiD8iGpKKYv7Dn1KVhw/Knwx3MHhFgB9V55EBn92MVL1ZC1S7cLq7tn1ggVHnC -mlS0OW1DnQKBgDx679QjzNgfi0AICLVyHskiCfGhbuk26jU8YBfnofbdU7CB8EMh -Js458cnZhuSfVk30M+nPLZ8TMoROaYYu+/pUF6t5/6eVbJs3RGgbbVKclXzmNnDb -7rRfOxH/EEI81lG4OvR4EQX832lodCktSrVPTy+aXgIiIE/kPeqGLK9RAoGBAIdN -4X/A62pJsfsUEBKfFdAq+5gXn4mKr6RmX97on394txJglxjjXi0sddgASPKPrauB -pLK54zDIOhqZqqXYtJCBbxGGgnwkkkYDh8MOyXdY5lkqgq+YSJWDICjV1LLVuUT3 -9BYrhUdueNJoLFL5aIGRc0q0lj+TQuSrrPk9qhPNAoGADbbSa+iD3C+sladHkMAU -u7CvM/0izVqokKnUTBzQh5oxfKQncMVyYrws/Orkcc7u30FeX6bkCoY6dP1+YXLh -ZlmiSgDK6kebOCGRWjCGKGys4WU1QiFluEjRfXQIMW3Wj45vxB3xPrD1TTHcfWgJ -7BT4C+yor7c/fL356athqxk= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtUjtTlKllTKiD +Y/jGT4BObPLHRa1cl5bf9xKlzbOs1Aa9dio+FErebZlchdRcWLMO+lNWaXlFASK0 +OtgskIGbQ5ferYqR28RZ3ll1dAjq6ftq41lA8922NJTN/SQqzsZQQ8f0GDiR5uBw +Hlj5INBdUdupCizVGMYOeILY52rpXlnn6zHFd0uvUUyRpX94VSdX5bc/8sPDfVxv +F8QDWU9AsyVd9csyzMQk5togV1wC0pMOUA1U/kg9Jm5GE9um8LQL16bT42wu2azs +WMq5p4ZNlGj1XsKeZ3Kw4WaXygl1RuqrUkN8x7ulsAQpN4XWfUaQTAzDpvlRZfqx +oA+OqdqLAgMBAAECggEAU51l9rBJsL2+H7Dw/VoUcE1Vip1Dk/x69YUVRmK/2/RG +Pams/3th15WQ87bZWAIOcIgFJcx6pDPeuNaExMrTR1Oc5iGJ0ZM3TpyXM1lDLRVs +dkAM+eQSKTjEdwEqJYT9/VisUhXYlJteV1Jx8bC8iSymspu5qQkV+xI9s9NxaTAd +19U5NoozZRBS37lU3WxMhPCHCrbl6vwcfvtsZClEICA8YUKyS+wUh0wjzgkQrORT +kaTxY8YyQ/ufSIkA3XKJX1flO1UdNFJcHhseiXWuuUTKUMvWNILUoFpbky5uYb5z +VM7u57ZBF3uVHmvJNYS04iQdNkV1ZkpWH8opuQ1kyQKBgQD2jl6Y0qTy/s+g9aQ7 +ypZ0zi/lhIJaTBDqxwJA18e8+4kq3WEEBDD1X/eT44nVPhGy78ccJZCnw2PBHy1k +6xVCfGAZVV850m9JGf4L/VEN6D5qdB2owJPVCEh7fa6hVvLKYFNCuvs0osKCVnyy +PGq8ixAP5sJp8yoEnlUi0II3UwKBgQD2aU7xdQgba7uMu2rJo0bzDKfxv4q5nUYO +XLBm7l+Mz6Uz68A/scLsKWmdvmdPKy83pmR/2RJ1pp0HNVfa8rL+0DHCqf1PApE+ +jFgcQIdnyzwRFHPDH/9zmrHUy32L5MdiQEWwqg9wP2HYbuv9VbN0Rn3HTFdRVarD +hg36/hSA6QKBgBaH+iMTFNnT6Vt3NzPzln5EHWJnEpZ33w/lcdJFJc6iWe2d33DD +hUnXJEPShlUDYBCvEs4CrM5375TFaZuQVBgIT6vg/lvFXEAc7Pdhhde0goet5sv2 +FUxhfmYynRPHY1aVKOavOaecvBO3HZwYI1TpjGU3nEqcWxmi8nrE/TFbAoGALGaD +XAzLfi1maRBoSJcMNMVmCbCK7bFCK1pWSuXO/892pClpxdBhIC7CIjNp6CEO7Acm +escBhYOVLfRVtVUgHbwkC0CYLUF4LH4bblPOUkyTsTwvM8yzOgB45LAaGjgKGVEd +fZzXFVHGbrpl+YsUv/Hnvh6qaTR3ha3FHSHlTekCgYEA889EzlEOwmu69z06RJsZ +mlYoR0/1xxiYmSNy+hXWoM64G99R94bc/bx/QSJAXu93HX4N0GHPmjjpZvk1IjHL +zQGikdb2jvbKnRcR/4DiXQ1jggk59bCUDaQkpEbBvtCLj/LjMnwxAJAoCOGjuIxG +hmSyoAlNQm47tGD3i+2erv0= -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-3.pem b/tests/data_files/pkcs7-rsa-sha256-3.pem index ee99782c3..0dc2fe985 100644 --- a/tests/data_files/pkcs7-rsa-sha256-3.pem +++ b/tests/data_files/pkcs7-rsa-sha256-3.pem @@ -1,48 +1,48 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUYkdymHWejgRxiuVjFV81I8+4TNswDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUT1tppAbQpx6vLbVzRx/54bi0ehowDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDMwHhcNMjMwMTMwMTkyMTQzWhcNMjQwMTMwMTkyMTQzWjA0MQswCQYD +NyBDZXJ0IDMwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJ/vfx54ZcwX1ImcNW6ERqk -XMUWzQnnNrfKBRkxebIq/NAu/5vVE6D2qAeNBiZO+O3dYcyJGiP6O+SfzyKKrG3z -7O1v4ONY3A5P0ge3LJpj2MaUzPOANdQ8444IdWh1cP02uDhVJxgab6cSoFykK2bC -lETgb5XrV9/42/qCrT+UTuuRFadRLtO7lcs4ZoVCUJ/hBN2Ad65rX6TAc1AmUV+K -gO6b0ZvnVW1cevZ2rlpUqcoJyYtYE3Ysd/aVpqE19vS7gMXvFL616a4d+IUi2Rmu -6uXBYGvzf7eLVLpdzwSurG0oEklfSjDHejxKX7QETlSLNwODK/W0Se+sQQt1t0kC -AwEAAaNTMFEwHQYDVR0OBBYEFC7YxdBlJ9oR3H+KJt8toimNCyudMB8GA1UdIwQY -MBaAFC7YxdBlJ9oR3H+KJt8toimNCyudMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAGqqNRMi6uJRCPFae7L+yOY09FtFjMCY/1cvHjnQzYk3i90u -WiiZfOUD8js96SkdanaZEqxDNjx0VM3t0KDPrNHTMP2LDK58sktPRi62C2eHWI3C -PfqmCxWjSKjOeUaJsVBU4rfQgvnMFlG9iVfhix3aB79GfBSQmLxLAOBVsphTLL6C -AzJ60WjSM9WhILV4U5QnpTUuXFId+ub43jOHfLtJVk2nM5YSaZ0H9jM69FzOnqFE -qUuJ7d0CW256aiAz3hs/y0wXImFUPCfoU45nw7fFcb/EMon5cqgx99IADLecHL8P -uOX5xpJ64mBR5NuVdH2d4bld9vh3sOcCGebHaWw= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO1SO1OUqWVMqINj+MZPgE5s +8sdFrVyXlt/3EqXNs6zUBr12Kj4USt5tmVyF1FxYsw76U1ZpeUUBIrQ62CyQgZtD +l96tipHbxFneWXV0COrp+2rjWUDz3bY0lM39JCrOxlBDx/QYOJHm4HAeWPkg0F1R +26kKLNUYxg54gtjnauleWefrMcV3S69RTJGlf3hVJ1fltz/yw8N9XG8XxANZT0Cz +JV31yzLMxCTm2iBXXALSkw5QDVT+SD0mbkYT26bwtAvXptPjbC7ZrOxYyrmnhk2U +aPVewp5ncrDhZpfKCXVG6qtSQ3zHu6WwBCk3hdZ9RpBMDMOm+VFl+rGgD46p2osC +AwEAAaNTMFEwHQYDVR0OBBYEFGNzo9wwEk9/t6xxxpby/NRmNJRlMB8GA1UdIwQY +MBaAFGNzo9wwEk9/t6xxxpby/NRmNJRlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAKJEmDyEmw8Q6mbaqREvmNScGrA60wONTQdlX3lny4VzqAzi +MxIeCIfwSvR9Lho0lPmFMErdDPTUKzWmlAXUSlsyjnGrqP5uCixTUBZ9Ic1gaxDz +Mere8nr7yow+I9euYNN1/dNJZP9mcrP269FGyTuM/8Woi+zaJHr0Y8K9TRRXudqP +wu6X/qZ+OeQrW4WMeb1+eZ59FtRadamsQabxvtgkRJhmqNsGQ/i+S0SqGt2t2xvq +lTxshA5p17bLQmTJsNKXbQeVPH99M+ecXvwN0hj3fDnQeDMTjdKOsyFupyZ+vxN+ +pFvT7lP0hrOuU07FFqt36B0xObB1QwZb2DPcEIw= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDSf738eeGXMF9S -JnDVuhEapFzFFs0J5za3ygUZMXmyKvzQLv+b1ROg9qgHjQYmTvjt3WHMiRoj+jvk -n88iiqxt8+ztb+DjWNwOT9IHtyyaY9jGlMzzgDXUPOOOCHVodXD9Nrg4VScYGm+n -EqBcpCtmwpRE4G+V61ff+Nv6gq0/lE7rkRWnUS7Tu5XLOGaFQlCf4QTdgHeua1+k -wHNQJlFfioDum9Gb51VtXHr2dq5aVKnKCcmLWBN2LHf2laahNfb0u4DF7xS+temu -HfiFItkZrurlwWBr83+3i1S6Xc8ErqxtKBJJX0owx3o8Sl+0BE5UizcDgyv1tEnv -rEELdbdJAgMBAAECggEANIkePRecNnQjriia67SjFS+lWaktpkWXEfqxGA8RjOaO -r1SzhcyBuCAnYq8PNFtsZE1m3bnwFL+c2BwMgdXzYAPLg5zzFzqzvTytsjBEyQmX -bkRv/Gvow14o+udgiiAZgZD5HFIgTjM2349WB5kPnfd9Ms2C+/s/NM5y9IxNufqR -Toto9xwEviJDNVQUeamMbV1hYg0GkvYFNBg5JnGZw+2Sxdml3NFkaHjO+lOhC1VJ -nhtP0OeOhEMJe9J/MlqkByeg4WQW+jgPo9ysOa+JsEYBokBTleAboNNUJz1SmZ2o -CCLcMaEwA1IFZAbqjKzPb0xwjeZAtPsBzGFBwiuDyQKBgQDdCkiCeo+AuCdIK4Y3 -i8uf2Pv/eieN37pHBJZcRvNbwcrcnk4Tx0QAsiqnemLDurd+3Xp2BbPMKSNXNkaI -X4KAtv3hh6sNCQZ2QwkSGYvSOrR4xaExbeuPlrDteLG6Z7W+Txl6iFR8r7sbdySD -XIIB2yyyh/01gkphB1XPhPxAnQKBgQDzyqf8IccG/yoSm/luX7yKbsPsLMnV1CkR -hKaPik9vA8wi4P460HqGSwjECubbx2LuGNijVRHqufu6Arm7/hMNya0gA4ToHN+i -r7MiD8iGpKKYv7Dn1KVhw/Knwx3MHhFgB9V55EBn92MVL1ZC1S7cLq7tn1ggVHnC -mlS0OW1DnQKBgDx679QjzNgfi0AICLVyHskiCfGhbuk26jU8YBfnofbdU7CB8EMh -Js458cnZhuSfVk30M+nPLZ8TMoROaYYu+/pUF6t5/6eVbJs3RGgbbVKclXzmNnDb -7rRfOxH/EEI81lG4OvR4EQX832lodCktSrVPTy+aXgIiIE/kPeqGLK9RAoGBAIdN -4X/A62pJsfsUEBKfFdAq+5gXn4mKr6RmX97on394txJglxjjXi0sddgASPKPrauB -pLK54zDIOhqZqqXYtJCBbxGGgnwkkkYDh8MOyXdY5lkqgq+YSJWDICjV1LLVuUT3 -9BYrhUdueNJoLFL5aIGRc0q0lj+TQuSrrPk9qhPNAoGADbbSa+iD3C+sladHkMAU -u7CvM/0izVqokKnUTBzQh5oxfKQncMVyYrws/Orkcc7u30FeX6bkCoY6dP1+YXLh -ZlmiSgDK6kebOCGRWjCGKGys4WU1QiFluEjRfXQIMW3Wj45vxB3xPrD1TTHcfWgJ -7BT4C+yor7c/fL356athqxk= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtUjtTlKllTKiD +Y/jGT4BObPLHRa1cl5bf9xKlzbOs1Aa9dio+FErebZlchdRcWLMO+lNWaXlFASK0 +OtgskIGbQ5ferYqR28RZ3ll1dAjq6ftq41lA8922NJTN/SQqzsZQQ8f0GDiR5uBw +Hlj5INBdUdupCizVGMYOeILY52rpXlnn6zHFd0uvUUyRpX94VSdX5bc/8sPDfVxv +F8QDWU9AsyVd9csyzMQk5togV1wC0pMOUA1U/kg9Jm5GE9um8LQL16bT42wu2azs +WMq5p4ZNlGj1XsKeZ3Kw4WaXygl1RuqrUkN8x7ulsAQpN4XWfUaQTAzDpvlRZfqx +oA+OqdqLAgMBAAECggEAU51l9rBJsL2+H7Dw/VoUcE1Vip1Dk/x69YUVRmK/2/RG +Pams/3th15WQ87bZWAIOcIgFJcx6pDPeuNaExMrTR1Oc5iGJ0ZM3TpyXM1lDLRVs +dkAM+eQSKTjEdwEqJYT9/VisUhXYlJteV1Jx8bC8iSymspu5qQkV+xI9s9NxaTAd +19U5NoozZRBS37lU3WxMhPCHCrbl6vwcfvtsZClEICA8YUKyS+wUh0wjzgkQrORT +kaTxY8YyQ/ufSIkA3XKJX1flO1UdNFJcHhseiXWuuUTKUMvWNILUoFpbky5uYb5z +VM7u57ZBF3uVHmvJNYS04iQdNkV1ZkpWH8opuQ1kyQKBgQD2jl6Y0qTy/s+g9aQ7 +ypZ0zi/lhIJaTBDqxwJA18e8+4kq3WEEBDD1X/eT44nVPhGy78ccJZCnw2PBHy1k +6xVCfGAZVV850m9JGf4L/VEN6D5qdB2owJPVCEh7fa6hVvLKYFNCuvs0osKCVnyy +PGq8ixAP5sJp8yoEnlUi0II3UwKBgQD2aU7xdQgba7uMu2rJo0bzDKfxv4q5nUYO +XLBm7l+Mz6Uz68A/scLsKWmdvmdPKy83pmR/2RJ1pp0HNVfa8rL+0DHCqf1PApE+ +jFgcQIdnyzwRFHPDH/9zmrHUy32L5MdiQEWwqg9wP2HYbuv9VbN0Rn3HTFdRVarD +hg36/hSA6QKBgBaH+iMTFNnT6Vt3NzPzln5EHWJnEpZ33w/lcdJFJc6iWe2d33DD +hUnXJEPShlUDYBCvEs4CrM5375TFaZuQVBgIT6vg/lvFXEAc7Pdhhde0goet5sv2 +FUxhfmYynRPHY1aVKOavOaecvBO3HZwYI1TpjGU3nEqcWxmi8nrE/TFbAoGALGaD +XAzLfi1maRBoSJcMNMVmCbCK7bFCK1pWSuXO/892pClpxdBhIC7CIjNp6CEO7Acm +escBhYOVLfRVtVUgHbwkC0CYLUF4LH4bblPOUkyTsTwvM8yzOgB45LAaGjgKGVEd +fZzXFVHGbrpl+YsUv/Hnvh6qaTR3ha3FHSHlTekCgYEA889EzlEOwmu69z06RJsZ +mlYoR0/1xxiYmSNy+hXWoM64G99R94bc/bx/QSJAXu93HX4N0GHPmjjpZvk1IjHL +zQGikdb2jvbKnRcR/4DiXQ1jggk59bCUDaQkpEbBvtCLj/LjMnwxAJAoCOGjuIxG +hmSyoAlNQm47tGD3i+2erv0= -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7_data_3_signed.der b/tests/data_files/pkcs7_data_3_signed.der index 92c0710753352dfdd3d21367b766da5eab62b1b0..23181ae82040668f6700a8710c452620a47a3702 100644 GIT binary patch delta 867 zcmV-p1DyP!384v)eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$isYtBV6 tE=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$5rRq1pfd delta 867 zcmV-p1DyP!384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l%P0FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt{SuXa zT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$MCdqx z#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo60~d< zk{~CIcNe#cJVn+yS`!M3ScDwBDGpD8edDD57VOY>$}^y*KTJlCU<&LNQUo z01~dhs%S8+-dW-5VjPtchT?z4Z;Y!*huoU#cgs|pAtx7UR?VygJ{KmJ>^A%i(Xj6y zoOHujcCC@$=i{lZMv9D{adx+kk27bexLSO)mQM6GfKZSnd4I2xVeSPqu(j9^4t6>a z?SG++AHzeoBt^h3FtoIpM1^(~HCa||;yIXhz<@<2qFU|U&(*5I<-r(_(l-gSP0q+E zPw)|XPZIwqK8)f4PIudYkOEom5P+X%1>td24E#)}Tbf#U0Z7c3C{54q@rf;k<#r71 zr5T@ymGeI6*Jr&LNQUo z02|E?%VZ8~v|qeCiAtktbZk}c;3S$mcAxPLg`4XgR55*-lUGBoLvLzrMVC3$L?D_m z7SvVux-a@^!)qyZuS-crr7VqJeUl8=F@yW0{s9TnBHvz8}N>$yH4()!`6Mc8furBe% zhM#AKt6>o8cFdE3Edq>t#zhPiQEFdMr2U*UVXUzKoi3WmUd-MGFIblx zK^J=@Lx^J9WM}?bDYijRe8cy@LQ7h51>}`{(G;>%QT-aYSr=Pwh?9t?p1f;usQmDi7-d2e#^lVrtB}B-UO|`8K+&K zzeu6KyYx!sr-gp6Sg-Kk_T?#aJY1|6J;8?O?p}wZtdr{R>U1tv-=S0<@mo_RQqHt+ zPVnYH^H;UVx@=e(um+kn z%76)z@(tuc(#k9n24W3Z6--WGQmvn~yX~>3`;(^=C%AWLM_*VhKh5xB#P0_E<<~AH zu4gfyc~a!Kwc*@V9M6+2B+}>pS(0~o!@(7^woEt_AY9YXwei2Ksb;#};zbI-%xbUK zH0^(Dy=SRN{;9o{Ci^Gc-`wIBbnZ&x&CPQUN^mFT_%-J6cRbF1mpixrzsZ!s3Da{9 z{;dCZK&t(~{Y{S+a+j@d5D?llbBm5LbK~|>*~(A@7KyhjrXJnm^7oX~l9e&(`9HSw zR6Xq1nB@G;&i}Ug^9NROK~{4$I(2M(>X;A`IZj07G9Bli+{)~VH8D=U$1GQG8KhRt zXR4yGr$yx4G^tzx%R6s*5_kVe?%=<^caWktr(Tp-9J2T);}oxzL()@T|wZr=bKkdFP6%Xs(UH7KH|bU zx2B~B1m60`N}tt=TdM4`#Y;_n#`CK7sln&39q`dvwQ8JtpV>L*;)mB;PNl@KKIh}r`*-(D;)TxBS49`kGOgUH?7U6xcmNy!mbd2Z z$wm%*PVutlId!FnrW=dA{j%HO#E-koJOBKj8l@8JDO`2!8AI5qgHwZ6q+V5Qm#8`5 zbn?hNJF7Y3OHH-}pIv?6w4k+r^4HDc-t%5g(3TXqC^BtPedTgzwYBHp3GBc5{Pp_X z=G8B^Sw@P*3f~P66qi}M)<)Lq*0JsrjIxPaeZDbP>@#bg)wyQkYR7pti)*u2G+qjo zIC48<&$90)%$UB-T#+sQTdv&t^mFf>R-T&z*R?ryhdVrM>)v?n*Um@nLNEIcORnud zxtb5&&B08}j0}v6gAD==WZ9TQW%*ddSVX$sJ)Kf>tS0uV=<+ zO7#oga|^ZEb1m8_u3vZ`Y#hGqoiE~{)3pk&)u@x`|Pi_7D^PzCP+4=kwQJWy&@D44xERP9Bo$epDHdy79=7Q*ZE7|gA+>QKy`i}0&Cn8%4 NxR?{3W-wJg0s!5)!5shq diff --git a/tests/data_files/pkcs7_data_cert_signed_sha256.der b/tests/data_files/pkcs7_data_cert_signed_sha256.der index 8dc2f4c9cd40932dc37fe681b2419775252db316..cc48123d45d7437b843d625389a2af434cf90401 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_data_cert_signed_sha512.der b/tests/data_files/pkcs7_data_cert_signed_sha512.der index a4aa5875876de0170637190fe7e71da8bbd73ee6..75bdf0fa6badc3f9314d8b7e2f2f97859734ca00 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;n-F ztQMH^sJSux_=PpqJ5SUdYxg+oyJO#pZ3c{zGvXhp&#Ye`6T%YiQIj3?+kfUh=bsjC ze;)EM&l28qG*5E#wL;}HleVgE{#+BJCG<${k(#Ah`(|hH4(Sa7-YX(b?c8{TyDQfwro|UKQ=L8b-_iNE ze=fMD%lX3p)s1T2nP*F8xX#IA-*{oajY7n;)UEv!|8ViNWP45j`Dgn5G$qT*y*DHy z-V5ro_?+vQ%=vi7#Do9qzuZ~BDf{?u>90rbf3h}>NDDV_IQwPG#MalI+mlP#VkWLW QkT-krlajN}Og9$-03&t6b^rhX delta 947 zcmZqSYT=sTEmD2&?j;wWi)a7EIIa-T>D+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlXg z^G=tw&I&q$^}o!1%5J;0qFi{n=f}*`S2xct{L2$CRZ6d}h(|s0?rIw^$>R4bZ&muS zB3#k|Dwd<(uk}T154YH9I`br-@U+XDRg}*f)_?B# zuB`$rEtUeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_data_cert_signeddata_sha256.der b/tests/data_files/pkcs7_data_cert_signeddata_sha256.der index cb7d75103daf5ed7cbaf0e2201458ca7c1fad8cf..cb97b9b6f763abacc3dd02e8d6c76d977632f7b8 100644 GIT binary patch delta 943 zcmey!`H^#ig@|&}S)sL}ejA$8W_F(X(stYHRQThGK3-DB2BroUh6aX~hK5n%yv9h} zi5nv7XDtdnn|67P#GKWND@#^b1U&5s-6j6_#J{g;{Og~bv|N+kyK|euqFt4f+_Rpl zp8J1u>1>}`{(G;>%QT-aYSr=Pwh?9t?p1f;usQmDi7-d2e#^lVrtB}B-UO|`8K+&K zzeu6KyYx!sr-gp6Sg-Kk_T?#aJY1|6J;8?O?p}wZtdr{R>U1tv-=S0<@mo_RQqHt+ zPVnYH^H;UVx@=e(um+kn z%76)z@(tuc(#k9n24W3Z6-*9fQmvn~yX~>3`;(^=C%AWLM_*VhKh5xB#P0_E<<~AH zu4gfyc~a!Kwc*@V9M6+2B+}>pS(0~o!@(7^woEt_AY9YXwei2Ksb;#};zbI-%xbUK zH0^(Dy=SRN{;9o{Ci^Gc-`wIBbnZ&x&CPQUN^mFT_%-J6cRbF1mpixrzsZ!s3Da{9 z{;dCZK&t(~{Y{S+a+j@d5D?llbBm5LbK~|>*~(A@7KyhjrXJnm^7oX~l9e&(`9HSw zR6Xq1nB@G;&i}Ug^9NROK~{4$I(2M(>X;A`IZj07G9BliT*mB*H8D;;&#Y8Gp>&tW z!oLsYnw2~EzFWtc(tTXy#0eecOHM@v&t{A3KM`9S9TY7rDz0g!kz`f>?s58Do*idB z1#^RHIC?Z{a(}V1+p@cMDwUO;|GoIB>l~RnTj4#Lv5E&D-;Zqd-0*(JjYIX*{H!$A zdP(*DieIwqCCBv{6?e9pl*)Ya2#h@xT3^nTziaaTy!Edhh&{RA#t`45{`}0bDE70R zi4%|2wpcAaz5pP1I1;iB`guUuNZ(b2>-;jUykbHVe{*-&utLu&g zHOB<+^!hAhr?*nGNH<_%*nU4RwK~<88l@lFHWW?l-8<`2s>*k^jLkl2SDpzt=(&CE K-PXkP^)LXJcDc;} delta 943 zcmey!`H^#ig-G?iyO&&iE}s1tQ8JtpV>L*;)mB;PNl@KKIh}r`*-(D;)TxBS49`kGOgUH?7U6xcmNy!mbd2Z z$wm%*PVutlId!FnrW=dA{j%HO#E-koJOBKj8l@8JDO`2!8AI5qgHwZ6q+V5Qm#8`5 zbn?hNJF7Y3OHH-}pIv?6w4k+r^4HDc-t%5g(3TXqC^BtPedTgzwYBHp3GBc5{Pp_X z=G8B^Sw@P*3f~P66qi}M)<)Lq*0JsrjIxPaeZDbP>@#bg)wyQkYR7pti)*u2G+qjo zIC48<&$90)%$UB-T#+sQTdv&t^mFf>R-T&z*R?ryhdVrM>)v?n*Um@nLNEIcORnud zxtb5&&B08}j0}v6gAD==WZ9TQW%*ddSVX$sJ)Kf>tS0uV=<+ zO7#oga|^ZEb1m8_mF>basWgNK3m>(BbQ>zB@$hv^k_K#NKkSoC=t^F8<96 z+ZY}5=8ZGDz1{9ic^cZjko}dY+kT}>U7Ypxsag(ccQjMgCSFK}H^smz)5r|NaSr;FjtdAAH^^7)4sC+l5`_{UV1ZaVW;{yEdLYs=LZ z>}K*=J2SiE!RZ;TKCffA^NxGm{CO@b=Zbl2_nI9diCyaYpO=Updr)t?VMcrT-#0B$ M)A!d3FzH?Z0FZ;e(EtDd diff --git a/tests/data_files/pkcs7_data_multiple_certs_signed.der b/tests/data_files/pkcs7_data_multiple_certs_signed.der index 4a237e9d145e0f4afedd8c3bcffb3bf146f96c4a..63d7194c780f077116a277f4c268f20744f81d00 100644 GIT binary patch delta 1910 zcmaKscQhM{0>&$1tAqr(C_)jfkz53^S8cVqRMD1Hi?mg-#R_6I#H~wlOQNVfTWZCw zQ;Hf@RWr3p&8k)Jz5CaD=Q!`r?|k21-}!xCKcpW*Hit^y8sw|sx2lfy&L$1)#ZQ|J zI4!2Tn+Yi)Rgh{ZBuX8HauK|!^k0$!2BOmsB?vi%4ujqw%3-->@Y2U6YSxTIhi1Xk z{$KmvpsJ;}>gCwfrbh9?=8z2Idkm?ev#FwI77?H?>p^(gh`c? z5N6~^RGHTjLC(jrm;Vq|d6;XrT zwRvh{$@Oj&28T)>`{C7f{O-{)MRa4w9Pt*w%yfZ?YKOEzUSef-xWoe#078Y|2YeO4 zK{j*(SkipU6icni891cae{4x03@H$GZh%t5B1On}6TfI`yu?T+8z)|M9j1ysMU6Ng zM=2IhjCxi9RkPnh`!rB_FWHxGtHH2&Cp7;L)%22_dUB^VBs?mq=IoM+ELNLZD1L;F zm<*3;-_U3&g5m~RLzLUevvqOTY=_1?r|R8z zhQSZ*>(i>sbC{d9m^=hYPSYY1;K1SCh#5&d`w^9;{@}RSI7!06o_E!&q23d%R${f3 z23ZdrbH{HTm`#x}0Mv74022TJm1i&PHUOR~W&h~;~`Cbe5LPJW;E+$xJQ z7Y1TF##Mh)a%Ci316bbSvfK`ad`o^N(X?`a5CK-|;cV1Sge!^;w-_`M(XUdnr|A2M zejBO#;>;oo%Z2%_mcHQp$Qdp z5%wDr6?L$sT68%;)?DBGJT}*qJOsmv!O}Gj@-jejD{pEGwe^44JTLGMo7ri|(>X`# z-mmR@S|23gmDkfg|Ng=ECpJ0xg^SKy6+l0qau^`?evM#_5zi7=z(zt04zRE;EwBw! z3~q=qYMhmZ{^_z(ISNcbm5f{vJH&JDJ?3<@6k;s%YYb<1`Q*KUaGV{T3d66BJbp?0 zR56WsW6K7rZEpLxRxn5+%-!-Wb4uSZ&}6!sR9z50FA|$Ik>N4tg{l-5Dj}^C4U`>J z-D$7fZ%Jc{9iTX#;TdPWx7 zGIO-!YiKKOW!(9!j*@0NR5((Efo^ z+|Q&avPlrgfz2ibr}Lt*lBCwnN{&0pebD}XImuD|M-RR}6I5IhsBpD)h42f?q7k<+ zgv~{49{1}(Q(iyYaP|~LxZe>An--f9Ndk|5e@tZ<<%&dVL0V+p;Pl1WKZvH)-~am9 zNqB07K~$Itr5(A`UaYcD{uTVWK{-%l$Hd01(}55Kz%^6a{j1jI1eRvwFSw`3EWhh@ zVH+fQruRm~VTw8~P6m&2Zx-7t+z)g9W-kmD6xW5A5q9fJ>~x}VgPmg7I9%qJtgy&# z+t?d+O=i1%+6twzkL0Zj9NVqTq$8zP5rJFr)sNCsTXROeE+4Sot+VhR`wG@oxVE3# z7z5bv`gcWo=MMLue%QzzY0{dG>+rLCwl~ui(}=4xg{f_3@cyewm_8eIxCK}2XH$`J zRSzzs*h4_)c(i7lw2t)c;Keu=N~vxTw;s>>cCTtfau~&TKOtT-Tl~{_B8>+k>i}a8 zscj$2e}06MAN7~pCYY!k;Co&)uErn4{Hf=0=Ce*Vs)y1E*jYoU)A+LKc=P{x1j8Sg|SjW&o_^T;o&*+y*r%wCHE6w zjk-(4;)_NQobe>j*F8BI^3~e&bP+CC62Voz%0?JW<_-=hU;Cig(IL NM1xXe+5k5U{sojEY|H=v delta 1910 zcmaKscQhM{0>&j#t7?Xz6}1&5NeQhzFM?81yLKaJNnLxyPSM&c+@>{Jxwg`fQo9lq zEyXpWT3lPBbfLWW?mzFmbDa0*cfRkh@BF@xE=U*5MuDRj7~{s4??#SY4aj`TX{{er z0=shDEyNIT7(x?{gu~R4&X9A6EB}>we5}ZvpHg@_Wel74$2;a`%aD)jnN^;1D#wgB zo^R8JCxt3X)FY|VMieN`hK;vnTZ7<@(C0C97uN`k3+*ks0^Z(lhtYp9K-8m?0%sXF zbHS*ozgcb$^%UG7`%X#{L}I!P2m497*ZzP!Rco;usp%f(*ShZgwHbmUt!FEV^1TBW zmg6Id*YWH-9SQtKBnLnaq2XG?t0?L<^XInpsfHO2`X5s>nx+n@ zp9li$nSG*lSwmJK0B#g#e;cb~AvA`GO0olj04#tCJD4p@oDGB)=V29Q1*h+<m0eBS4&qg z*1EdUb?~@yec4{i^r#Q2c(}WOUTf`TU(UIAhmCqqPbmDEX%-vY{7$ zgkLIH2%Y@S-S(n>(funs$3x!+s8M0yd*#j`eC?0fMKmK(stM~Wc~37v#x}yqwb*$b z@(XpfI9yk(sPz>ehrQ{(Z0Q@$O8ea0#GbZN+_qy>_$@9S6Qr7i$?Q6IjcqXKGmQ@u z9teCXC7_f;Y_jB5=r$(UWCv66I^$C_viCw@i6C=WA`t!r1Oxzq;G0%xec1*l5+XSA z`8^)yxxJXfm>hTGJSK?k|KsV1A1qKW{QbB}@IYe4exft}n3`{FXT54OT^wV8Sn?y| zR%G&2qVtn=q%XI`k$8C#Rpz@(%RXkIht%@@p1q5@A|aVe5`DU|V}rko9pDt^gcz;* zIDs38bfTNtL&^Cys>|!oQFFQ%`NO1TKr(Ti2}zEm;JWTY9LJ&?potydyYd&yM|S9J znkr7K%PjJbe7i!*))ElD#&~yE3~Zno4Tm~MnYf9e4A&%=*umP znOI6_NYs*WC%G=Wp!#(dHVq= z*D0iDjf#2Pn9CY_@j=6uv*y{pE>rmXMdxlsnOW z#iD2NiNhFUclNFj!13aQAs*MEX7GBW)@WiSoKTvS5>(wQ|48w+f;>Dn&?K3t2a-6i zbcjB}Zt5y4cXqtUnwc5=dt6#dZTdK=JD+l!AJf?MTpMT2Vt1$9j~>eN1n>2=w@&fC zcY4;BSJH4RuI%Q$+nw=rMF=c!1x7r3tJ3DqLy*4%NW%Kl23Aqchwb|dcp`8o&z3_M z0tcS@nR%-0Qh1lGziFiL&_Bq2)7iojR-mh(_x*~D4O<5HW7I2$yoK2jGh z_oN+YSw{@Gzc^f+V!7#h_AbqA=I5w?;CqdfjM_G^XS%%VUZv2$B3`Glm=OMJE7`fI zE0zy<`R%_eGB|a(|MbJ^Q9SRiL|p1nnew@e=kokq)8nd1^S;vYW@iUka^1p(LEdnZ zGmu%n#7sr_>CBZycgbB&q;wu=S%c#>{2$=8W8)Mtk?p&QUezhFYrR|ol=9I`D?FTW zUeqpk%rm87RIOprvG7bZa=i&h8Hk(iRS4`N>-{Lh&^mCO`1;l9kJ+UY$%jXtd6`E~ zFQnzs#G4@@yuz!iVX0Bezg~My?Yga`tWvG_3o9_*nDXK3RtnN5gC*?cjO!f$68g<2>>dzYQ=5t7!0rt#!NSgDRM+I@4Kd15XLAEtm4+PJVlksJ}mzNsFr+5 diff --git a/tests/data_files/pkcs7_data_multiple_signed.der b/tests/data_files/pkcs7_data_multiple_signed.der index 095b80ce1b2b43bc24694807b247e96fca78f576..cc441fb7ce1cbf5f4eab2bc127d04a48b7144f66 100644 GIT binary patch delta 578 zcmV-I0=@mJ2C4>-eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@-eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o Qd?L~FH}8@@16l%P0EoOF4*&oF diff --git a/tests/data_files/pkcs7_data_signed_badcert.der b/tests/data_files/pkcs7_data_signed_badcert.der index ed00f65fa3e418f7d03b508ed2b54004d92506fd..c74d69dc0d5b9c2ff3a3c45e86a0f96fadcc4a60 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-Qdo8pyIShsyG?h_Q%BpD%tUmM{F)zL>Qy zXSM#yfC-cG4dg-6$}AEFVhvaoOip1^t)H~J?Xjo(lcy6WxOZqrUsxg#&2tY*a3|&XHRkYlJkEZXJGcM8$&|tg z({m2~tp9gFs{O$IO^+6Gm#uFQ5ZW|zi;gmLdb}dr@uT|OlM8=2PDJH09p|6i$?S?XK~8?etW-at zbeG4%zYpb_l{@#oTgREweO%;XRtMiU%Lxk8Jha@P5XPL-o`A ztTfhoN%j4TU$X2a$MqQ%cea|8%6#$&j6D=uU(S@jYx4fQ^{*a?J-Oe;5Z|Nz{LHZ^ z_OqRd6OYxlSS>xkd%fZ+&%5OzdfC+xZ$hL6#1$Nbz3M-2UJ-2Hkbm}&e0od%lzY>w z>y899#{}>6`YdFpw^Fl6H(+7dem^g@I@OmNr61Zh6iw{iJL^)a%6GPm%|2;Yo(VYU Nxqa>3*2MJnFaQ>D+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4Hg>6vN4Cs^0A1qh;+SsI;G}VP3%?C z<#}3lXAR#4{XJnI50X}9kuVTzz^Y(!3X^JmlWg{kv#zzTFKuXCv#4(0S^vpvPH4DT zTfW-=YyOg#PeQES{v4Lmj`k3*WWKj-+N>js&ZHKkGEexpq1SoIp`WG4-*$gC%_)+w zU=nhb>KDA{7HYHSTC`Kh-5uXDOkOMAU9{q}b%dNqOK8<8=_&6z4ex$TFyFphTv&0X zq}lpI^?&LgPrX-q^*hgwt?M4de`V+BOL{)hlm#wRriM;Er zmzgivPUgQqE|6ZH!?a6DNPFVUjXpdY2VB|%CKT+fx4m@jCR0)IUeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der b/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der index da7f3a9910f62aa76ba08523e29d6db28c46cacf..dbe9320f8e8d9d2a62324210fe4bd6a6e5635f87 100644 GIT binary patch delta 871 zcmV-t1DO1w384v)eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@ z3xnKA9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z( zK#(eb35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q z#_|fDsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$3u1qXPf{ delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5C$#KFoFSckw7{ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705* z{9%)h{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3 zNP(`od?L~FH}8@@16l%P0FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<mmPYQeKfSj)m#nqK&>vA;>F=I>%8tAxsN{+({hO zH((1zgZTo&)qy;|CO;-)c;kcxlc_*=3_%X-@y0i`i+hu7^@oN$nIPKLh@=h^DODH) zd9uIMo}l_~Ez)i*@qb7)_jbjmw&{lVf|WsF|7q)xMYI&be`nuB6j#;OaV0>IDt`%! z7@mAEskK4vq=m`){@)Mouma*LZJmZ&6V-I1jYqsOR0N`fC3m3i`p_YKn&HOs3ZAHI zh_}*TC4+XQ(I^UriD9_KnvyNBKHGp0$f9pJU$mQ0u)bMX`}|wryj2@wR1-w`Qf;)531v0E9m{&FV9&_I6yN$Tf)n zXWSHI)R~qG^iz*O;eW@$0$ZH=dQN`XaNRl?<1}lG7o7h(PxeZ;v@&bq={)(au delta 865 zcmV-n1D^b$384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGld}Oq6jn`DKqaqPo-%NG zvT_da4fA~ae36kNe*|Ed++Qo1RBd1 zB;+aZhB9b9+o5~ECM|-tzWO^(6o5BsjDI|Rekx~qyYYfzs)c>%!U__$qRx&@e=*$~ z8B>zaVTG^GG_T-TmIZq@>9KLP#(vkrC~Uu|Klq_%$GmX~f3D}(;gFltg!}wqlaBnQ z9Ep?19kUm64;JU=c7}T7{l#L|@m=MG=ebVwmZN85XQIohx3)H9ivV`I)y?tXmq6@l zMH~N9PWmBGpF5{}fdRQ5r{!JS{uBXGaA()B8Y&2R@Q7TAN{7$3j7@&%kYGrGuDN_7 z(epR&l0E}k0%QP@JU$mQ0u*9La+r0Vjs$UvB7bcxyEpw3m3~@u zfX)Op=_kW;6RtMw5Qv3AvQ3mpu57W&;IeouzH|~EPGR=Uax2qDgY!;Fr zCyjR(w~9PP);U@e3X52T9K0zGPl0{or2ZD{(09r+psFR}HOzlzRj3Q7uIz`9Te7EA rS+~5!p)>NCG?TO+{PsN8qmkq0_kfhjL@a<5L<7qTUjV6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@ z3xnKA9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@myUp%v=qT--$WEw)z)z( zK#(eb35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q z#_|fDsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@hLyKs>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$3U@qW%B? delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=W=`ym1Mx=hxwoo705* z{9%)h{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3 zNP(`od?L~FH}3|LJ_A~00FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$1;5qXPf{ delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l@T05F09a*;qf7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@)531v0E9m{&FV9&_I6yN$Tf)n zXWSHI)R~qG^iz*O;eW@$0$ZH=dQN`XaNRl?<1}lG7o7h(PxeZ;v@&bq=APS*` delta 865 zcmV-n1D^b$384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l%P0Fx>MK@?&~a+r0Vjs$UvB7bcxyEpw3m3~@u zfX)Op=_kW;6RtMw5Qv3AvQ3mpu57W&;IeouzH|~EPGR=Uax2qDgY!;Fr zCyjR(w~9PP);U@e3X52T9K0zGPl0{or2ZD{(09r+psFR}HOzlzRj3Q7uIz`9Te7EA rS+~5!p)>NCG?TO+{PsN8qmkq0_kfhjL@a<5L<7qTUjV6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IF4PC$Th$22jqW%B? delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l%P0FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&zyMp@IPbZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<=z#z2t@Qu^ diff --git a/tests/data_files/pkcs7_data_with_signature.der b/tests/data_files/pkcs7_data_with_signature.der index cb9d1267fb31d7633f5ef781447f8c82b8a8f118..b98cab6bcf88f31d57443e44f09e3d28909f609f 100644 GIT binary patch delta 289 zcmV++0p9+;1HJ>0h!i7Y%@VB@POyV!nTg8uhTBTYSL2bKB7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-0h!lI?-O@x%(aru`L8uTciMQV_Y`>A5B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v n&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGzD$e9 diff --git a/tests/data_files/pkcs7_data_without_cert_signed.der b/tests/data_files/pkcs7_data_without_cert_signed.der index b47fe927e5b427158e0d5f27002e6e1ca885dd63..390361fe10665e488087977e2a247e49ffe59448 100644 GIT binary patch delta 289 zcmV++0p9+z1G58=eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v n&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGjv-eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@-eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZGNBY!O;tc8uUVcl zaCx$F4)6{0eEWQnks^NtV3^!rE1BcGF4kl%e+psmtHE42$73_R%Ogdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o Qd?L~FH}8@@16l%P068xot^fc4 diff --git a/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der b/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der index 3a4287426c1758419224ca36729255bee68c32c5..4f059c270531c0ecb55e435645aa1dd6e7ad3cfd 100644 GIT binary patch delta 868 zcmV-q1DpJz384v)eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@L!ps9Jr^?q6i-`eqz2HZ9SosqP_Jn2y#;`e9?8R z3QrM0rU~^b>G>XM`1RI;c$jrNBhMc3h&! zHHiOb+!SQgnU)LmQ;$I5f5*WBTb%lOPJY?s907!sBC&gB^O9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l)Q0HKjRJr^?q6k<;EE|~yQwH&YqJHpTYr=Y&P3=q zfX5j`Msn<#bZe)K#J%KoF`WUu=X^=kjTY0g=^QR$=rBB^*X^Tuf7r8Jrz^2b6{1U4 zyKvkSNJV9Ufe`;)wTxExf1pEF2jjz1`}Flu2J)B>)6GITeZO%x?tdOK&48n~s}i(q z7Lp(*jdvHfiabTuIa(76i&%slyeSS(fqmno{ub=ecgi!MswLtz%ztK8s0*mB?1zwB uvZqv8x4gxnGxC`lp~fRxHaEPxb51Ir3u0Kdi>0_cDRIjwU5 diff --git a/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der b/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der index 898ca6777a799d3b720622dd95bc7949d2107fde..cd77545f34528bbf6d5331af2285fcfe27a3238b 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der b/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der index f4b4e384dbfc145a6c0382f71b51c8718701eb1c..5efa3a94f44735a620afbff95d1c6aad243e68ac 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_zerolendata_detached.der b/tests/data_files/pkcs7_zerolendata_detached.der index 2a389ab484991c53322dc87f998c23666c7f40d8..5f9b62eda71afa772b6a95266d9d7038ac66b3e7 100644 GIT binary patch delta 289 zcmV++0p9+z1G58=eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7bH7o!4`gS5K5wuvUbq zF6!DvsX?v9BQ{clJ}Of1VfI8P1MY+-XR?ZMi)PL5EgtEaWk4=?8bTI|{8_WJNePAF zfF?A$fI?WOEbig*yoOaV;?qZ%sw%W9CW6vHrWL4sua6xd3MA3%kEP8FL>!|E$Ojz% zh=m;deMcsh{eL5+tx!DHEVJ;9r+o8FB|V`GL^A~;LPFp`XR#T;%m4AdZd9>-%^O=L z>FhlpOpaWkZz7#@IOt0m)Q_Mncf2;bQQ^@A#QmlIH!zM(UG7n!ka3vy(v*MLkGqr~ nWsJXHBL@jkqq?a|9_B7a;7I2$7i!rx~y+-FH_ zOIzeiTb}iR70w~%C`}qJ!v*PGa|D*Lnu{c$Kkt=jl8wZnndbc1Y(FsLCDC*RoXeAH z4W$dWC0w^ShWUUGu+x2i1=JP-?3>cIY!@Z6f??Gcjwu~^vFQbs@wI!EBN%LE=BvVl z=$nT5>g`n;^M9wimT7SWc68Oqv?n?s4au4F*A_#oPF4(DNp`YDQ0L^0`wAhxd(Pt# zsN~Y+F|5pzKcl;u>E}Obtp}zKjl^)IPPdofS_K^`4ux|pr6h6(B`px5r68C==UG7p;&lU4%ADZ zIx~4>ll{@k_X@D5H_}c4+CgnPa|1+NA;2A29Pc#HEg;L%el50GmKBdM^alGjtR@HV zrX1?`@$WBlU6&f39}@p-dk3yDn-i8VghcuO2U$3y0cmnjP~`YKiCUBj+Kn58P7?BE z{<%qaY4cX(D37rjGSuB~;jaHDX8Uk&yQDRgayjpq(2etp{(&o;UGkv(xPYCQ81ERN z+2h29NeHTbq*F%~1qk(Vp5a_%T4(boshzU;sN%Rc&lZGA%W?>jt|)VBJ=)l2u9&^_3BzK>u@^@nBNd~+l3Jvu=20Cx za#DFOg-H)kdxxKnS3eeeYh}^Ow3`qQf>u?9d1bj=fYRNyqiPnq0%zsKMRKm zwzQ621Ed_Tj~CZ&(OFiNu-^+KH(%8;*M4?Ln^(gG)gOg+sVVuzSHUj;u~*n^yfb+j zLwhA?XP_Xr>O`jk0|5X50)henVDmj-uUjbPzT!5~P|Bwd!y+tjnO=w^#df(Tg=vsU zc9ieyc7D0QN=dC5C^WOI_-%Fx zX|T5pR!)RC;B_bZ6jH{#pReUYB*|eH#g+Xbuj!jGNF98MjM;hkz+V_T_Nk}Aqy2Nc z6;)bUZyh03D}yS+xa|2!ZFN1pKPXq5%;Yk)B=k#s^^cxgQeI1#JWEM-AUL(eULy>_ zh@k0v3UPB&(04vCq+f=HbOdQ$q(BD&Q}w!E)>WPk!69sjIR2#8DZn}p5*KJVU_aM~ z=+M?nrHXID^+}!PGb>|gEK0FnsqUXcjFfeE1Eym^@9p4NhBa7HJ@RdvI(6}7A`gt^ z8(OYYtQHnY_H|(q0)hbn0RCMC9*a7Ymo@Kho0lH*l^MO5>wc|WXKX`~Wl8e;>K7X& z>rso>F7$z1(yL+=uW16ED)Ug%Y%)TY zMouzs=zlRfyk4WmHny@w+;OoXAUnM8slDI5E=529nfRsw*^z}wJ|{Zm9ehr-RIzU% zw1_FNv?Q6DAY3u~#V7tpdXQnowF3l)IzBH1ItbiB*~wzQv?!cgqVlxDzh<8d8Y{G` z6X}=c^LA+L2BdFi>sXsnJz5a7eQHyg@O~1O676RA57TBSI3$(?qMqZ2+d5C`QdUOP zK91}0|2V|>Ow5>pt1!z%E--ZCI2G%V36)96d3OpldW>;&SZCi^#q}<01)G08&`(Er zrq8uHGJs+0|0tAkWbXok0RaHTvy&MNYB=!RaQ^LE<|w%c%D$qzQ4l&Lf!MWmX0W6fc+KiicJAsj!o5`eb#+XK0sxa@$< z662yQ;g74lFbDONhMp#m zrR)NfHwT>~8{PZzqh4quCow?QM6vryr@Dl3Si+^^px!KW#-F!^>@RvB^>KdVe{xz< zBa+aA<=)oxt#WdN2_f3`Ua0fnEZRKJX7qHHEsfQ^$VHm)DCvbaefuqll{=%~Rf$0$ zLqbnFE^T1|qM_Ysb+J(bf&l>lxWL%BvnOrmkbdJe1Z5RH!$+j4)EpqKUq*}~FO(M< zhv8WMzZj}wq-H$IF9^jhv%Bc)6QVa!4ju993K9Q7_oDR#$d}Wjw9Wzx7|kRyjaMYy?=!R=LLdS3n zp1(TMl;mM=cNWT3r8r(G)^<=QPP=CT#ickF&%)En2xd zA&%iW63d5?ASNGVwSPIy0)hbm86dQ&+g7tna4Se)Xt?fZ`;p^U zVw``QWX?VS)%Vq8t9xqZLN!D{8;II8ha5@9LC<}}v@3za^iZdl{0!ejKz=ffqeyJ| z1+1*#&yX0?$@S3iX8C>GV~-Epx)J<<->+;Hv>*gh=i@Dqq`64l2vGIFl!A}4&B8WR zM&Og7%k62d#}cXITh&3~pc{7A`Q2n}ZHz5sQ5II8EMd=e?2e95kx+3y0@?jAf&wBi4F(A+hDe6@4FLfG1potr0uKN%f&vNxf&u{m z9q^c(sEaUZ=IHkyv7uOaRu0rlpE@&nWRv~T%J&Mer#I400op-rI&%X=Tp_?6SRC&( z&@CX#(ta(rSe6x!F!TodHmoKG@1`8;_wny9b6uAjo*xqbYkLQ-F`E;XFN8$-{|8w( zqXB7hP*CLfJBeD93fheugiaFjW&XKIcWLuh0CuaL_Z@Z*5lyW)m zn9z;$i~fNtoL%yu{J4Ofm>BOEq1ofahDivjexy@J6$J?Oah~B^WLjtQC#jvX_^9Hz zS}oefjg$NIzBtzV6S42AiC5oCwBPlr@R*$KQK-xI5YHBbO3QKxk*+9nYdzZ7X0DjM z^a;aa#<3SiAtM!|zmi&{rsh!{J91KaFNH}DPG(9#AFlY>syXu8$YjZqZp*m9XCnBR5~wG1q=}NSjx~ o1l1pfcBv`(#aF>E0I^rtY`imh8AE#|XlI}xx9UWv0s{d60lxzR)Bpeg literal 0 HcmV?d00001 diff --git a/tests/data_files/server1.allSubjectAltNames.crt b/tests/data_files/server1.allSubjectAltNames.crt new file mode 100644 index 000000000..13af87310 --- /dev/null +++ b/tests/data_files/server1.allSubjectAltNames.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o4HaMIHXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKm +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MIGJBgNVHREEgYEwf4EQ +bWFpbEBleGFtcGxlLmNvbYILZXhhbXBsZS5jb22kQDA+MQswCQYDVQQGEwJVSzER +MA8GA1UECgwITWJlZCBUTFMxHDAaBgNVBAMME1N1YmplY3RBbHROYW1lIHRlc3SH +BAECAwSGFmh0dHA6Ly9wa2kuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQEFBQADggEB +AGPFB8YGpe6PRniPkYVlpCf5WwleYCpcP4AEvFHj5dD1UcBcqKjppJRGssg+S0fP +nNwYRjaVjKuhWSGIMrk0nZqsiexnkCma0S8kdFvHtCfbR9c9pQSn44olVMbHx/t8 +dzv7Z48HqsqvG0hn3AwDlZ+KrnTZFzzpWzfLkbPdZko/oHoFmqEekEuyOK9vO3fj +eNm5SzYtqOigw8TxkTb1+Qi9Cj66VEwVESW1y/TL9073Kx0lBoY8wj1Pvfdhplrg +IwYIwrr0HM+7nlYEhEI++NAbZhjQoS2kF5i7xpomUkYH9ePbrwWYBcuN00pljXEm +ioY0KKlx00fRehPH/6TBHZI= +-----END CERTIFICATE----- diff --git a/tests/data_files/server1.key.der b/tests/data_files/server1.key.der new file mode 100644 index 0000000000000000000000000000000000000000..88288d1697fbcf89551a638b72954ef481475801 GIT binary patch literal 1190 zcmV;X1X=qqf&`)h0RRGm0RaH10v|mlG)TG2Gt2AiFF6vrW%hw2^qevWh`Xtm7CoDL0%W8+H6~C%mTU;EEXi3O5DxR z_fltb@hzYu{eJW@$}Mopi3q zDch@X65LwKYZt3hf>f~r0|5X50)hbm7K!!fkwUH*rvI=}Hx;C?w4pnmTQ@19y<*om z#^GG*d-J5&TCy2B1}MozE3xpwuZt5WiQgQR=O=i-Q!w?g*%i`4)!>1Sg#aGa`jgSl z6GdI?3Kc_zV(8<@)(*ks$?N~0D>k{!=`$?HpA8qMu6fK8Q_Xcin%T6r*X})nuWvF3 zWo+`Sn3Q}K!-gM0?^Bp2lz`39lo7dLCpzQvWZDU@gr6j;hcs+hVUDRCoovz5 zlPrMS{2vNIW~l>d5t*E#cVP#g4B#!WEF6%Z`Lrj6c-OldRI;}SFUja+wzHJuF~HFp znrJ0eWwzZ%e?b|=fS5T_2LN#q0)c@5*V~wS*lp&iuymib+JL&vK3u@)uLN^tm6WEt{i@HEj~U3-2D1ejGc?6+3A`BbCc$w`{cJH!W*HcTXUZBN;*rq|5vpC8*0^ z0oFJlZoE+KKJb7LGJjj5tih~uAhY^!bD1$svWJ@uu(f1*y@#u?5|x2kTL@&4vcT9J zVQ$ub_^8eYC-g>f9djep6nj`Gr6EJaJ4*tAfK&%ozPf|L3Jcm1*51bkrx!&3Cl~C4FCWD literal 0 HcmV?d00001 diff --git a/tests/data_files/server1.pubkey.der b/tests/data_files/server1.pubkey.der new file mode 100644 index 0000000000000000000000000000000000000000..1a432a45eb80115053fa38932333f03b63c3a8b1 GIT binary patch literal 294 zcmV+>0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>lsRAE8Kx)-hQ;YpJ z?t*156=7b9zqsf{klXHv7E;skLr_PS5?N%2YyB(WM)`BT-OrNYkz4I%pl^vOc}0NG zgKE`5Lw8>}dy?|_ z{y|m0s{d60o!+fT>t<8 literal 0 HcmV?d00001 diff --git a/tests/data_files/server10-badsign.crt b/tests/data_files/server10-badsign.crt index eca171f35..d4ac4b170 100644 --- a/tests/data_files/server10-badsign.crt +++ b/tests/data_files/server10-badsign.crt @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX10= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS0= -----END CERTIFICATE----- diff --git a/tests/data_files/server10-bs_int3.pem b/tests/data_files/server10-bs_int3.pem index b84cee7c3..d824c43f3 100644 --- a/tests/data_files/server10-bs_int3.pem +++ b/tests/data_files/server10-bs_int3.pem @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX10= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- diff --git a/tests/data_files/server10.crt b/tests/data_files/server10.crt index 96a4040ce..52b5ea0ce 100644 --- a/tests/data_files/server10.crt +++ b/tests/data_files/server10.crt @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3-bs.pem b/tests/data_files/server10_int3-bs.pem index a9e06150b..9a82b1730 100644 --- a/tests/data_files/server10_int3-bs.pem +++ b/tests/data_files/server10_int3-bs.pem @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWf0= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg10== -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3_int-ca2.crt b/tests/data_files/server10_int3_int-ca2.crt index 0df2c653b..b5852927c 100644 --- a/tests/data_files/server10_int3_int-ca2.crt +++ b/tests/data_files/server10_int3_int-ca2.crt @@ -1,40 +1,40 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3_int-ca2_ca.crt b/tests/data_files/server10_int3_int-ca2_ca.crt index c25482b8b..3601a2002 100644 --- a/tests/data_files/server10_int3_int-ca2_ca.crt +++ b/tests/data_files/server10_int3_int-ca2_ca.crt @@ -1,120 +1,60 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Validity - Not Before: Feb 12 14:44:00 2011 GMT - Not After : Feb 12 14:44:00 2021 GMT - Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32: - 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18: - 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87: - 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93: - e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14: - cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9: - ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90: - 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60: - c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb: - 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0: - e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72: - 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1: - 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13: - 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6: - e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38: - 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9: - ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f: - a2:d5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Subject Key Identifier: - B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - X509v3 Authority Key Identifier: - keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA - serial:00 - - Signature Algorithm: sha1WithRSAEncryption - b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07: - 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a: - 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9: - 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62: - 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26: - 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d: - 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5: - e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7: - e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f: - 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5: - 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce: - 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6: - 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca: - e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de: - f7:e0:e9:54 -----BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny 50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH -/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV -BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz -dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ -SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H -DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF -pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf -m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ -7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68 +x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB +BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T +hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/ +G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf +7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH +9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf +hlf8qotOhNvFXpEsCGwZUywayo7c4DtO -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3_spurious_int-ca2.crt b/tests/data_files/server10_int3_spurious_int-ca2.crt index c9d6715f4..87cc476b1 100644 --- a/tests/data_files/server10_int3_spurious_int-ca2.crt +++ b/tests/data_files/server10_int3_spurious_int-ca2.crt @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -38,27 +38,27 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- diff --git a/tests/data_files/server3.crt b/tests/data_files/server3.crt index ed0d696b4..46987c3ef 100644 --- a/tests/data_files/server3.crt +++ b/tests/data_files/server3.crt @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICojCCAYqgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwODA5MDkxNzAzWhcNMjMwODA3MDkxNzAzWjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG +MIICXDCCAUSgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG CCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5 -fQcsej6EFasvlTdJ/6OBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTkF2s2sgaJ -OtleQ7bgZH2Hq33eNzBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/ -pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQ -b2xhclNTTCBUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjmSIjGKD1eH5W -4bl2MXfNIsTwc2vv/MAAhBzBEbTXd3T37+zAGPGjKncvTB+oufUVRGkoKbfoC6Jm -DYSEUuxtnUZOko/C//XlCEtK0TuS2aLEqF3gJjBJTCfthEdAhJCtmPAQDCzeKsdx -CoOtH0NQx6Xl64oDt2wYSQNWUTGLPfRpdsVEvBHhHYATQijkl2ZH8BDjsYcBicrS -qmCeN+0T1B9vrOQVEZe+fwgzVL38n8lkJZNPIbdovA9WLHwXAEzPv4la3w0qh4Tb -kSb8HtILl4I474QxrFywylyXR/p2znPleRIRgB5HtUp9tLSWkB0bwMlqQlg2EHXu -CAQ1sXmQ +fQcsej6EFasvlTdJ/6NNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU5BdrNrIGiTrZ +XkO24GR9h6t93jcwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJ +KoZIhvcNAQEFBQADggEBAKSCuGCXcpDrVwRVgHVlUsxACRDUH2QirsLFAUk1CGsR +SniBgWi+5KGK8fd3Tf+GkVeIZocaf7tnKm0YJg8W5QPDnwrMD2L1SjYFgc7r1G4f +579FOo0qRKdJabTV0e022XFyN77JJHAm8RkjZEnzUuW7k8/RohY8NBzh+KACyHOi +96DhGsBp9LG6QIKB1rxiNx4wq3WUygaMgImoaDRqgAFxJjwRBEhcsWtU2AmoOKdO +hzQp+EzEjn04+ScJpMzMF4FY+kLaz9PlvEO61aQuZsC2fUmk+M6q8xcBNEdoFNvv +0cOl5Liuewb32srAZWCMpbHFxaT9Nd3TxJwFxFCJpvc= -----END CERTIFICATE----- diff --git a/tests/data_files/server4.crt b/tests/data_files/server4.crt index 96b1aa772..2b4134d66 100644 --- a/tests/data_files/server4.crt +++ b/tests/data_files/server4.crt @@ -1,18 +1,17 @@ -----BEGIN CERTIFICATE----- -MIIC6jCCAnCgAwIBAgIBCDAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAKvXjL5VfYc7D/truqEpYcZcvlUhnuCNDJctYDJL -vgYYj5uxDxLHBXvnEHLgO5K+lps42p+r/dd4oE64ttRoeZZUvr+7eBnW35n0EpPA -Ik9Gwu+vg7GfxmifgIR8hZnOQkt2OjvvpChPCxvUailtB450Izh+mEK/hYFr+7Jl -NnxR1XQlbbyDM7Ect1HwYcuS3MBlBqq048J+0KEkQXICSjKeHFga9eDCq+Jyfqe5 -bt0K30hl1N0164B7aoh08Eomme+aSuAsz+MsJ3m7AO2DUYdrDxlrky1QrvRWWfX0 -d8djTM+uHTo1DviRM6o9+P9DfoFd53/Z0Km03sVLQWvUrhECAwEAAaOBnTCBmjAJ -BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTBuBgNVHSME -ZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAP -BgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkA -wUPifmJDzOgwCgYIKoZIzj0EAwIDaAAwZQIxAPWlxnMcjBaxaVieQYSLBqzizS3/ -O8Na6owRGPk0/UK+j5O9NTBHk+uXW/fQblKamQIwUQl4dl6gkRDE4rBR/yGjZZ1Z -3dEpvL2Wimt3keD7AcLpYB2FJ1mVcY1XQUeK1Vfc +MIICnTCCAiGgAwIBAgIBCDAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMDQxCzAJBgNVBAYTAk5MMREw +DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9eMvlV9hzsP+2u6oSlhxly+VSGe4I0Mly1g +Mku+BhiPm7EPEscFe+cQcuA7kr6Wmzjan6v913igTri21Gh5llS+v7t4GdbfmfQS +k8AiT0bC76+DsZ/GaJ+AhHyFmc5CS3Y6O++kKE8LG9RqKW0HjnQjOH6YQr+FgWv7 +smU2fFHVdCVtvIMzsRy3UfBhy5LcwGUGqrTjwn7QoSRBcgJKMp4cWBr14MKr4nJ+ +p7lu3QrfSGXU3TXrgHtqiHTwSiaZ75pK4CzP4ywnebsA7YNRh2sPGWuTLVCu9FZZ +9fR3x2NMz64dOjUO+JEzqj34/0N+gV3nf9nQqbTexUtBa9SuEQIDAQABo00wSzAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTAfBgNVHSME +GDAWgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDB +ek00E3uHPwnUDBVAPRJThsj2mQr/MSCTwRMNXnNlki9Lux0qGd6uvhp5v31I7V0C +MDiCHwEm55sU4gWrAxYVKVVV9qMTG2Moy4YnJDDlxwpyXPta5Ac2FV+0AbInBXSM +Bg== -----END CERTIFICATE----- diff --git a/tests/data_files/server5-badsign.crt b/tests/data_files/server5-badsign.crt index 0c6507233..b641f7019 100644 --- a/tests/data_files/server5-badsign.crt +++ b/tests/data_files/server5-badsign.crt @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA 2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB -PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh -clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG -CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S -C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V -fGa5kHvHARBPc8YAIVIqDvHH1A== +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh +clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ +qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN +06jC+BLgOH1KQV9ArqEh3AhOhE0= -----END CERTIFICATE----- diff --git a/tests/data_files/server5-der0.crt b/tests/data_files/server5-der0.crt index 08d8dd311b525fd51171a1019ad3194dad91580a..1e0a00894d5bfae4e3fb4be83c5dedc703b6b739 100644 GIT binary patch delta 246 zcmZ3?vV?`jpovLgB8!0+4@W?LPGV7Tu#cgPffO5aC<`->Fj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh L74LBPwRivk`~6jv delta 245 zcmZ3&vY3U%povL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPy zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPz zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh M74LBPwRkW908{u?mjD0& delta 246 zcmZ3=vV?`jpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPz zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh M74LBPwRju^093hFSO5S3 delta 246 zcmZ3=vV?`jpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3w-G zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh N74LBPwRr600syUMR$Tx9 delta 247 zcmZ3+vXq6zpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPz zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)c0syp!Q;`4w diff --git a/tests/data_files/server5-der4.crt b/tests/data_files/server5-der4.crt index 4af05cce1ed05ea02e9fac3fed3a0904b44799b0..4ceed41c496a286d6d7ae2c225d0f6376618d770 100644 GIT binary patch delta 250 zcmZ3^vVw)hpovLgB8!0+4@W?LPGV7Tu#cgPffO5aC<`->Fj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3w-H zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh P74LBPwRkKSm=X^FU_w_) delta 249 zcmZ3%vYds*povL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3w-I zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3pd$ zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh T74LBPwRkL9{$E|KY85{K&c)05NUiic84ia9bw#G3pd% zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3pd& zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh U74LBPwRoKWVPIVLe@T@l053UOl>h($ delta 254 zcmZ3>vWA7lpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3pd$ zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cL=y8yK5K ziSrtRxJFPeHLQp<5N2ZsyP1g*>Ud^Gc4j9A7V|Sw9^7cbZ6vCw$uEyly`Z$&!#{HkWN`Y$Q{vdnBT HW5`SZC1H4O literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-tricky-ip-san.crt.der b/tests/data_files/server5-tricky-ip-san.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..0bd06f845be296a056aba730844d8cb2e4b7f4db GIT binary patch literal 409 zcmXqLVw`Hw#AvgCnTe5!iP6`9i;Y98&EuRc3p0~}qan8eCmVAp3!5-gsJEe@0Y8Yt z#lzv7l$xRt;uCBrZy*a2V&)Np2`PjWWhQ4=DtHDc1Uvc}$cghB85@`xm>L=y8yK5K ziSrtRxJFPeHLQp<5N2ZsyP1g*>Ud^Gc4j9A7V|Sw9^7cbZ6vCw$uEyly`Z$&!#{HkWN`Y$Q{vdnBT HW5`SZB=vZ0 literal 0 HcmV?d00001 diff --git a/tests/data_files/server5.crt b/tests/data_files/server5.crt index 459742828..2eab9998c 100644 --- a/tests/data_files/server5.crt +++ b/tests/data_files/server5.crt @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA 2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB -PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh -clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG -CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S -C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V -fGa5kHvHARBPc8YAIVIqDvHH1Q== +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh +clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ +qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN +06jC+BLgOH1KQV9ArqEh3AhOhEg= -----END CERTIFICATE----- diff --git a/tests/data_files/server5.crt.der b/tests/data_files/server5.crt.der index 08d8dd311b525fd51171a1019ad3194dad91580a..1e0a00894d5bfae4e3fb4be83c5dedc703b6b739 100644 GIT binary patch delta 246 zcmZ3?vV?`jpovLgB8!0+4@W?LPGV7Tu#cgPffO5aC<`->Fj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh L74LBPwRivk`~6jv delta 245 zcmZ3&vY3U%povL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPy zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cVn!6IDh z>lJoW1Oxw82G7^fP|m=7(z8{qk5n38{Q&h$45dwk#o%H(s#f|C_5v_p*j25)H=Kgj qVL*z#eT~0Qm)N2rL}u5wOye%5 Date: Wed, 2 Aug 2023 12:12:53 +0200 Subject: [PATCH 254/339] Update failing unit tests to use the moved data files After upgrading certificates, some parsing unit tests are failing because the new certificates have a different expiry date, by design. Switch those test cases to using the moved copy of the old data (as we did in a more systematic way in the development branch). Signed-off-by: Gilles Peskine --- tests/suites/test_suite_x509parse.data | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 54080a7b8..65ec538fc 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -68,23 +68,23 @@ x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial n X509 CRT information EC, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA -x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/parse_input/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA -x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/parse_input/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA -x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/parse_input/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA -x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/parse_input/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA -x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/parse_input/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA256 Digest, hardware module name SAN depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA @@ -168,11 +168,11 @@ x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial n X509 CRT information RSA signed by EC depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_PK_CAN_ECDSA_SOME -x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/parse_input/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information EC signed by RSA depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_RSA_C -x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/parse_input/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" X509 CRT information Bitstring in subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA @@ -260,7 +260,7 @@ mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\ni X509 CRL Information EC, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO @@ -268,7 +268,7 @@ mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer X509 CRL Information EC, SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" X509 CRL Information EC, SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO From a256fd8f949989417aaf3e4e8355a642baf1b2f1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Aug 2023 12:49:07 +0200 Subject: [PATCH 255/339] Write changelog entry for the test data update We normally don't mention test updates in the changelog, but this one explains why we're making a patch release. Signed-off-by: Gilles Peskine --- ChangeLog.d/test-data-202308.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/test-data-202308.txt diff --git a/ChangeLog.d/test-data-202308.txt b/ChangeLog.d/test-data-202308.txt new file mode 100644 index 000000000..51dbd18bc --- /dev/null +++ b/ChangeLog.d/test-data-202308.txt @@ -0,0 +1,2 @@ +Changes + * Update test data to avoid failures of unit tests after 2023-08-07. From 550d147078356ad67fb60d781c6c652f028402ca Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Aug 2023 12:50:23 +0200 Subject: [PATCH 256/339] Bump version to 3.4.1 ``` ./scripts/bump_version.sh --version 3.4.1 ``` Signed-off-by: Gilles Peskine --- CMakeLists.txt | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/build_info.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8d3f08a98..a4c82cb7a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -354,7 +354,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) write_basic_package_version_file( "cmake/MbedTLSConfigVersion.cmake" COMPATIBILITY SameMajorVersion - VERSION 3.4.0) + VERSION 3.4.1) install( FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index c5bbf2c44..81eeedfed 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -22,7 +22,7 @@ */ /** - * @mainpage mbed TLS v3.4.0 source code documentation + * @mainpage mbed TLS v3.4.1 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 5e797434d..075880c5d 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "mbed TLS v3.4.0" +PROJECT_NAME = "mbed TLS v3.4.1" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 1b3d59fab..cffa05bde 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -38,16 +38,16 @@ */ #define MBEDTLS_VERSION_MAJOR 3 #define MBEDTLS_VERSION_MINOR 4 -#define MBEDTLS_VERSION_PATCH 0 +#define MBEDTLS_VERSION_PATCH 1 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x03040000 -#define MBEDTLS_VERSION_STRING "3.4.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.4.0" +#define MBEDTLS_VERSION_NUMBER 0x03040100 +#define MBEDTLS_VERSION_STRING "3.4.1" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.4.1" #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 535988303..9fc5375d4 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -284,7 +284,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) add_library(${mbedcrypto_target} SHARED ${src_crypto}) - set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.4.0 SOVERSION 14) + set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.4.1 SOVERSION 14) target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) if(TARGET everest) @@ -292,11 +292,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY) endif() add_library(${mbedx509_target} SHARED ${src_x509}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.4.0 SOVERSION 5) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.4.1 SOVERSION 5) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) - set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.4.0 SOVERSION 19) + set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.4.1 SOVERSION 19) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) endif(USE_SHARED_MBEDTLS_LIBRARY) diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 548e76051..dac3f7095 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compile time library version -check_compiletime_version:"3.4.0" +check_compiletime_version:"3.4.1" Check runtime library version -check_runtime_version:"3.4.0" +check_runtime_version:"3.4.1" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 82c159fb54e3df0a860a25676c4e41a32a7940fa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Aug 2023 12:51:01 +0200 Subject: [PATCH 257/339] Prepare changelog for release ``` ./scripts/assemble_changelog.py ``` Signed-off-by: Gilles Peskine --- ChangeLog | 8 ++++++++ ChangeLog.d/fix-win32-llvm-build.txt | 2 -- ChangeLog.d/test-data-202308.txt | 2 -- 3 files changed, 8 insertions(+), 4 deletions(-) delete mode 100644 ChangeLog.d/fix-win32-llvm-build.txt delete mode 100644 ChangeLog.d/test-data-202308.txt diff --git a/ChangeLog b/ChangeLog index 9b30aff00..6f7c86c5a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix builds on Windows with clang + +Changes + * Update test data to avoid failures of unit tests after 2023-08-07. + = Mbed TLS 3.4.0 branch released 2023-03-28 Default behavior changes diff --git a/ChangeLog.d/fix-win32-llvm-build.txt b/ChangeLog.d/fix-win32-llvm-build.txt deleted file mode 100644 index 826551ccf..000000000 --- a/ChangeLog.d/fix-win32-llvm-build.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix builds on Windows with clang diff --git a/ChangeLog.d/test-data-202308.txt b/ChangeLog.d/test-data-202308.txt deleted file mode 100644 index 51dbd18bc..000000000 --- a/ChangeLog.d/test-data-202308.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - * Update test data to avoid failures of unit tests after 2023-08-07. From 4a415fd4705c3ce751486d8b3d68fa61187edc47 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Aug 2023 12:51:44 +0200 Subject: [PATCH 258/339] Announce a release for Friday Signed-off-by: Gilles Peskine --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 6f7c86c5a..bc1d32e4d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ Mbed TLS ChangeLog (Sorted per branch, date) -= Mbed TLS x.x.x branch released xxxx-xx-xx += Mbed TLS 3.4.1 branch released 2023-08-04 Bugfix * Fix builds on Windows with clang From d8cb3d7fa482ac34f15050462cf63454c4d91791 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 31 Jul 2023 12:54:59 +0100 Subject: [PATCH 259/339] De-duplicate ecp.c We duplicated ecp.c in the anticipation of heavy refactoring there. This work has been suspended and the duplication is not useful anymore but imposes an overhead. Signed-off-by: Janos Follath --- library/CMakeLists.txt | 1 - library/Makefile | 1 - library/ecp.c | 9 +- library/ecp_new.c | 3643 ---------------------------------------- 4 files changed, 4 insertions(+), 3650 deletions(-) delete mode 100644 library/ecp_new.c diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 390192730..259cad967 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -37,7 +37,6 @@ set(src_crypto ecdsa.c ecjpake.c ecp.c - ecp_new.c ecp_curves.c ecp_curves_new.c entropy.c diff --git a/library/Makefile b/library/Makefile index fdab4f4ba..194a84739 100644 --- a/library/Makefile +++ b/library/Makefile @@ -102,7 +102,6 @@ OBJS_CRYPTO= \ ecdsa.o \ ecjpake.o \ ecp.o \ - ecp_new.o \ ecp_curves.o \ ecp_curves_new.o \ entropy.o \ diff --git a/library/ecp.c b/library/ecp.c index d027564d5..870773c13 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -43,8 +43,6 @@ #include "common.h" -#if !defined(MBEDTLS_ECP_WITH_MPI_UINT) - /** * \brief Function level alternative implementation. * @@ -591,11 +589,14 @@ void mbedtls_ecp_group_free(mbedtls_ecp_group *grp) } if (grp->h != 1) { - mbedtls_mpi_free(&grp->P); mbedtls_mpi_free(&grp->A); mbedtls_mpi_free(&grp->B); mbedtls_ecp_point_free(&grp->G); + +#if !defined(MBEDTLS_ECP_WITH_MPI_UINT) mbedtls_mpi_free(&grp->N); + mbedtls_mpi_free(&grp->P); +#endif } if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) { @@ -3641,5 +3642,3 @@ cleanup: #endif /* !MBEDTLS_ECP_ALT */ #endif /* MBEDTLS_ECP_LIGHT */ - -#endif /* !MBEDTLS_ECP_WITH_MPI_UINT */ diff --git a/library/ecp_new.c b/library/ecp_new.c deleted file mode 100644 index f86f0e9e2..000000000 --- a/library/ecp_new.c +++ /dev/null @@ -1,3643 +0,0 @@ -/* - * Elliptic curves over GF(p): generic functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * References: - * - * SEC1 https://www.secg.org/sec1-v2.pdf - * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone - * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf - * RFC 4492 for the related TLS structures and constants - * - https://www.rfc-editor.org/rfc/rfc4492 - * RFC 7748 for the Curve448 and Curve25519 curve definitions - * - https://www.rfc-editor.org/rfc/rfc7748 - * - * [Curve25519] https://cr.yp.to/ecdh/curve25519-20060209.pdf - * - * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis - * for elliptic curve cryptosystems. In : Cryptographic Hardware and - * Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302. - * - * - * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to - * render ECC resistant against Side Channel Attacks. IACR Cryptology - * ePrint Archive, 2004, vol. 2004, p. 342. - * - */ - -#include "common.h" - -#if defined(MBEDTLS_ECP_WITH_MPI_UINT) - -/** - * \brief Function level alternative implementation. - * - * The MBEDTLS_ECP_INTERNAL_ALT macro enables alternative implementations to - * replace certain functions in this module. The alternative implementations are - * typically hardware accelerators and need to activate the hardware before the - * computation starts and deactivate it after it finishes. The - * mbedtls_internal_ecp_init() and mbedtls_internal_ecp_free() functions serve - * this purpose. - * - * To preserve the correct functionality the following conditions must hold: - * - * - The alternative implementation must be activated by - * mbedtls_internal_ecp_init() before any of the replaceable functions is - * called. - * - mbedtls_internal_ecp_free() must \b only be called when the alternative - * implementation is activated. - * - mbedtls_internal_ecp_init() must \b not be called when the alternative - * implementation is activated. - * - Public functions must not return while the alternative implementation is - * activated. - * - Replaceable functions are guarded by \c MBEDTLS_ECP_XXX_ALT macros and - * before calling them an \code if( mbedtls_internal_ecp_grp_capable( grp ) ) - * \endcode ensures that the alternative implementation supports the current - * group. - */ -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -#endif - -#if defined(MBEDTLS_ECP_LIGHT) - -#include "mbedtls/ecp.h" -#include "mbedtls/threading.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/error.h" - -#include "bn_mul.h" -#include "ecp_invasive.h" - -#include - -#if !defined(MBEDTLS_ECP_ALT) - -#include "mbedtls/platform.h" - -#include "ecp_internal_alt.h" - -#if defined(MBEDTLS_SELF_TEST) -/* - * Counts of point addition and doubling, and field multiplications. - * Used to test resistance of point multiplication to simple timing attacks. - */ -#if defined(MBEDTLS_ECP_C) -static unsigned long add_count, dbl_count; -#endif /* MBEDTLS_ECP_C */ -static unsigned long mul_count; -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) -/* - * Maximum number of "basic operations" to be done in a row. - * - * Default value 0 means that ECC operations will not yield. - * Note that regardless of the value of ecp_max_ops, always at - * least one step is performed before yielding. - * - * Setting ecp_max_ops=1 can be suitable for testing purposes - * as it will interrupt computation at all possible points. - */ -static unsigned ecp_max_ops = 0; - -/* - * Set ecp_max_ops - */ -void mbedtls_ecp_set_max_ops(unsigned max_ops) -{ - ecp_max_ops = max_ops; -} - -/* - * Check if restart is enabled - */ -int mbedtls_ecp_restart_is_enabled(void) -{ - return ecp_max_ops != 0; -} - -/* - * Restart sub-context for ecp_mul_comb() - */ -struct mbedtls_ecp_restart_mul { - mbedtls_ecp_point R; /* current intermediate result */ - size_t i; /* current index in various loops, 0 outside */ - mbedtls_ecp_point *T; /* table for precomputed points */ - unsigned char T_size; /* number of points in table T */ - enum { /* what were we doing last time we returned? */ - ecp_rsm_init = 0, /* nothing so far, dummy initial state */ - ecp_rsm_pre_dbl, /* precompute 2^n multiples */ - ecp_rsm_pre_norm_dbl, /* normalize precomputed 2^n multiples */ - ecp_rsm_pre_add, /* precompute remaining points by adding */ - ecp_rsm_pre_norm_add, /* normalize all precomputed points */ - ecp_rsm_comb_core, /* ecp_mul_comb_core() */ - ecp_rsm_final_norm, /* do the final normalization */ - } state; -}; - -/* - * Init restart_mul sub-context - */ -static void ecp_restart_rsm_init(mbedtls_ecp_restart_mul_ctx *ctx) -{ - mbedtls_ecp_point_init(&ctx->R); - ctx->i = 0; - ctx->T = NULL; - ctx->T_size = 0; - ctx->state = ecp_rsm_init; -} - -/* - * Free the components of a restart_mul sub-context - */ -static void ecp_restart_rsm_free(mbedtls_ecp_restart_mul_ctx *ctx) -{ - unsigned char i; - - if (ctx == NULL) { - return; - } - - mbedtls_ecp_point_free(&ctx->R); - - if (ctx->T != NULL) { - for (i = 0; i < ctx->T_size; i++) { - mbedtls_ecp_point_free(ctx->T + i); - } - mbedtls_free(ctx->T); - } - - ecp_restart_rsm_init(ctx); -} - -/* - * Restart context for ecp_muladd() - */ -struct mbedtls_ecp_restart_muladd { - mbedtls_ecp_point mP; /* mP value */ - mbedtls_ecp_point R; /* R intermediate result */ - enum { /* what should we do next? */ - ecp_rsma_mul1 = 0, /* first multiplication */ - ecp_rsma_mul2, /* second multiplication */ - ecp_rsma_add, /* addition */ - ecp_rsma_norm, /* normalization */ - } state; -}; - -/* - * Init restart_muladd sub-context - */ -static void ecp_restart_ma_init(mbedtls_ecp_restart_muladd_ctx *ctx) -{ - mbedtls_ecp_point_init(&ctx->mP); - mbedtls_ecp_point_init(&ctx->R); - ctx->state = ecp_rsma_mul1; -} - -/* - * Free the components of a restart_muladd sub-context - */ -static void ecp_restart_ma_free(mbedtls_ecp_restart_muladd_ctx *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_ecp_point_free(&ctx->mP); - mbedtls_ecp_point_free(&ctx->R); - - ecp_restart_ma_init(ctx); -} - -/* - * Initialize a restart context - */ -void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx) -{ - ctx->ops_done = 0; - ctx->depth = 0; - ctx->rsm = NULL; - ctx->ma = NULL; -} - -/* - * Free the components of a restart context - */ -void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx) -{ - if (ctx == NULL) { - return; - } - - ecp_restart_rsm_free(ctx->rsm); - mbedtls_free(ctx->rsm); - - ecp_restart_ma_free(ctx->ma); - mbedtls_free(ctx->ma); - - mbedtls_ecp_restart_init(ctx); -} - -/* - * Check if we can do the next step - */ -int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp, - mbedtls_ecp_restart_ctx *rs_ctx, - unsigned ops) -{ - if (rs_ctx != NULL && ecp_max_ops != 0) { - /* scale depending on curve size: the chosen reference is 256-bit, - * and multiplication is quadratic. Round to the closest integer. */ - if (grp->pbits >= 512) { - ops *= 4; - } else if (grp->pbits >= 384) { - ops *= 2; - } - - /* Avoid infinite loops: always allow first step. - * Because of that, however, it's not generally true - * that ops_done <= ecp_max_ops, so the check - * ops_done > ecp_max_ops below is mandatory. */ - if ((rs_ctx->ops_done != 0) && - (rs_ctx->ops_done > ecp_max_ops || - ops > ecp_max_ops - rs_ctx->ops_done)) { - return MBEDTLS_ERR_ECP_IN_PROGRESS; - } - - /* update running count */ - rs_ctx->ops_done += ops; - } - - return 0; -} - -/* Call this when entering a function that needs its own sub-context */ -#define ECP_RS_ENTER(SUB) do { \ - /* reset ops count for this call if top-level */ \ - if (rs_ctx != NULL && rs_ctx->depth++ == 0) \ - rs_ctx->ops_done = 0; \ - \ - /* set up our own sub-context if needed */ \ - if (mbedtls_ecp_restart_is_enabled() && \ - rs_ctx != NULL && rs_ctx->SUB == NULL) \ - { \ - rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \ - if (rs_ctx->SUB == NULL) \ - return MBEDTLS_ERR_ECP_ALLOC_FAILED; \ - \ - ecp_restart_## SUB ##_init(rs_ctx->SUB); \ - } \ -} while (0) - -/* Call this when leaving a function that needs its own sub-context */ -#define ECP_RS_LEAVE(SUB) do { \ - /* clear our sub-context when not in progress (done or error) */ \ - if (rs_ctx != NULL && rs_ctx->SUB != NULL && \ - ret != MBEDTLS_ERR_ECP_IN_PROGRESS) \ - { \ - ecp_restart_## SUB ##_free(rs_ctx->SUB); \ - mbedtls_free(rs_ctx->SUB); \ - rs_ctx->SUB = NULL; \ - } \ - \ - if (rs_ctx != NULL) \ - rs_ctx->depth--; \ -} while (0) - -#else /* MBEDTLS_ECP_RESTARTABLE */ - -#define ECP_RS_ENTER(sub) (void) rs_ctx; -#define ECP_RS_LEAVE(sub) (void) rs_ctx; - -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -#if defined(MBEDTLS_ECP_C) -static void mpi_init_many(mbedtls_mpi *arr, size_t size) -{ - while (size--) { - mbedtls_mpi_init(arr++); - } -} - -static void mpi_free_many(mbedtls_mpi *arr, size_t size) -{ - while (size--) { - mbedtls_mpi_free(arr++); - } -} -#endif /* MBEDTLS_ECP_C */ - -/* - * List of supported curves: - * - internal ID - * - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2, RFC 8446 sec. 4.2.7) - * - size in bits - * - readable name - * - * Curves are listed in order: largest curves first, and for a given size, - * fastest curves first. - * - * Reminder: update profiles in x509_crt.c and ssl_tls.c when adding a new curve! - */ -static const mbedtls_ecp_curve_info ecp_supported_curves[] = -{ -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - { MBEDTLS_ECP_DP_SECP521R1, 25, 521, "secp521r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) - { MBEDTLS_ECP_DP_BP512R1, 28, 512, "brainpoolP512r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - { MBEDTLS_ECP_DP_SECP384R1, 24, 384, "secp384r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) - { MBEDTLS_ECP_DP_BP384R1, 27, 384, "brainpoolP384r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - { MBEDTLS_ECP_DP_SECP256R1, 23, 256, "secp256r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - { MBEDTLS_ECP_DP_SECP256K1, 22, 256, "secp256k1" }, -#endif -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - { MBEDTLS_ECP_DP_BP256R1, 26, 256, "brainpoolP256r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) - { MBEDTLS_ECP_DP_SECP224R1, 21, 224, "secp224r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) - { MBEDTLS_ECP_DP_SECP224K1, 20, 224, "secp224k1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - { MBEDTLS_ECP_DP_SECP192R1, 19, 192, "secp192r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) - { MBEDTLS_ECP_DP_SECP192K1, 18, 192, "secp192k1" }, -#endif -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - { MBEDTLS_ECP_DP_CURVE25519, 29, 256, "x25519" }, -#endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - { MBEDTLS_ECP_DP_CURVE448, 30, 448, "x448" }, -#endif - { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, -}; - -#define ECP_NB_CURVES sizeof(ecp_supported_curves) / \ - sizeof(ecp_supported_curves[0]) - -static mbedtls_ecp_group_id ecp_supported_grp_id[ECP_NB_CURVES]; - -/* - * List of supported curves and associated info - */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void) -{ - return ecp_supported_curves; -} - -/* - * List of supported curves, group ID only - */ -const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void) -{ - static int init_done = 0; - - if (!init_done) { - size_t i = 0; - const mbedtls_ecp_curve_info *curve_info; - - for (curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - ecp_supported_grp_id[i++] = curve_info->grp_id; - } - ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE; - - init_done = 1; - } - - return ecp_supported_grp_id; -} - -/* - * Get the curve info for the internal identifier - */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id) -{ - const mbedtls_ecp_curve_info *curve_info; - - for (curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (curve_info->grp_id == grp_id) { - return curve_info; - } - } - - return NULL; -} - -/* - * Get the curve info from the TLS identifier - */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id) -{ - const mbedtls_ecp_curve_info *curve_info; - - for (curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (curve_info->tls_id == tls_id) { - return curve_info; - } - } - - return NULL; -} - -/* - * Get the curve info from the name - */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name(const char *name) -{ - const mbedtls_ecp_curve_info *curve_info; - - if (name == NULL) { - return NULL; - } - - for (curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (strcmp(curve_info->name, name) == 0) { - return curve_info; - } - } - - return NULL; -} - -/* - * Get the type of a curve - */ -mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp) -{ - if (grp->G.X.p == NULL) { - return MBEDTLS_ECP_TYPE_NONE; - } - - if (grp->G.Y.p == NULL) { - return MBEDTLS_ECP_TYPE_MONTGOMERY; - } else { - return MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS; - } -} - -/* - * Initialize (the components of) a point - */ -void mbedtls_ecp_point_init(mbedtls_ecp_point *pt) -{ - mbedtls_mpi_init(&pt->X); - mbedtls_mpi_init(&pt->Y); - mbedtls_mpi_init(&pt->Z); -} - -/* - * Initialize (the components of) a group - */ -void mbedtls_ecp_group_init(mbedtls_ecp_group *grp) -{ - grp->id = MBEDTLS_ECP_DP_NONE; - mbedtls_mpi_init(&grp->P); - mbedtls_mpi_init(&grp->A); - mbedtls_mpi_init(&grp->B); - mbedtls_ecp_point_init(&grp->G); - mbedtls_mpi_init(&grp->N); - grp->pbits = 0; - grp->nbits = 0; - grp->h = 0; - grp->modp = NULL; - grp->t_pre = NULL; - grp->t_post = NULL; - grp->t_data = NULL; - grp->T = NULL; - grp->T_size = 0; -} - -/* - * Initialize (the components of) a key pair - */ -void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key) -{ - mbedtls_ecp_group_init(&key->grp); - mbedtls_mpi_init(&key->d); - mbedtls_ecp_point_init(&key->Q); -} - -/* - * Unallocate (the components of) a point - */ -void mbedtls_ecp_point_free(mbedtls_ecp_point *pt) -{ - if (pt == NULL) { - return; - } - - mbedtls_mpi_free(&(pt->X)); - mbedtls_mpi_free(&(pt->Y)); - mbedtls_mpi_free(&(pt->Z)); -} - -/* - * Check that the comb table (grp->T) is static initialized. - */ -static int ecp_group_is_static_comb_table(const mbedtls_ecp_group *grp) -{ -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 - return grp->T != NULL && grp->T_size == 0; -#else - (void) grp; - return 0; -#endif -} - -/* - * Unallocate (the components of) a group - */ -void mbedtls_ecp_group_free(mbedtls_ecp_group *grp) -{ - size_t i; - - if (grp == NULL) { - return; - } - - if (grp->h != 1) { - mbedtls_mpi_free(&grp->A); - mbedtls_mpi_free(&grp->B); - mbedtls_ecp_point_free(&grp->G); - } - - if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) { - for (i = 0; i < grp->T_size; i++) { - mbedtls_ecp_point_free(&grp->T[i]); - } - mbedtls_free(grp->T); - } - - mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group)); -} - -/* - * Unallocate (the components of) a key pair - */ -void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key) -{ - if (key == NULL) { - return; - } - - mbedtls_ecp_group_free(&key->grp); - mbedtls_mpi_free(&key->d); - mbedtls_ecp_point_free(&key->Q); -} - -/* - * Copy the contents of a point - */ -int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->X, &Q->X)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Y, &Q->Y)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Z, &Q->Z)); - -cleanup: - return ret; -} - -/* - * Copy the contents of a group object - */ -int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst, const mbedtls_ecp_group *src) -{ - return mbedtls_ecp_group_load(dst, src->id); -} - -/* - * Set point to zero - */ -int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->X, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Y, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 0)); - -cleanup: - return ret; -} - -/* - * Tell if a point is zero - */ -int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt) -{ - return mbedtls_mpi_cmp_int(&pt->Z, 0) == 0; -} - -/* - * Compare two points lazily - */ -int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q) -{ - if (mbedtls_mpi_cmp_mpi(&P->X, &Q->X) == 0 && - mbedtls_mpi_cmp_mpi(&P->Y, &Q->Y) == 0 && - mbedtls_mpi_cmp_mpi(&P->Z, &Q->Z) == 0) { - return 0; - } - - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; -} - -/* - * Import a non-zero point from ASCII strings - */ -int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix, - const char *x, const char *y) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->X, radix, x)); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->Y, radix, y)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&P->Z, 1)); - -cleanup: - return ret; -} - -/* - * Export a point into unsigned binary data (SEC1 2.3.3 and RFC7748) - */ -int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *P, - int format, size_t *olen, - unsigned char *buf, size_t buflen) -{ - int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - size_t plen; - if (format != MBEDTLS_ECP_PF_UNCOMPRESSED && - format != MBEDTLS_ECP_PF_COMPRESSED) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - plen = mbedtls_mpi_size(&grp->P); - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - (void) format; /* Montgomery curves always use the same point format */ - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { - *olen = plen; - if (buflen < *olen) { - return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&P->X, buf, plen)); - } -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { - /* - * Common case: P == 0 - */ - if (mbedtls_mpi_cmp_int(&P->Z, 0) == 0) { - if (buflen < 1) { - return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - } - - buf[0] = 0x00; - *olen = 1; - - return 0; - } - - if (format == MBEDTLS_ECP_PF_UNCOMPRESSED) { - *olen = 2 * plen + 1; - - if (buflen < *olen) { - return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - } - - buf[0] = 0x04; - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->Y, buf + 1 + plen, plen)); - } else if (format == MBEDTLS_ECP_PF_COMPRESSED) { - *olen = plen + 1; - - if (buflen < *olen) { - return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - } - - buf[0] = 0x02 + mbedtls_mpi_get_bit(&P->Y, 0); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen)); - } - } -#endif - -cleanup: - return ret; -} - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp, - const mbedtls_mpi *X, - mbedtls_mpi *Y, - int parity_bit); -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -/* - * Import a point from unsigned binary data (SEC1 2.3.4 and RFC7748) - */ -int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, - const unsigned char *buf, size_t ilen) -{ - int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - size_t plen; - if (ilen < 1) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - plen = mbedtls_mpi_size(&grp->P); - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { - if (plen != ilen) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&pt->X, buf, plen)); - mbedtls_mpi_free(&pt->Y); - - if (grp->id == MBEDTLS_ECP_DP_CURVE25519) { - /* Set most significant bit to 0 as prescribed in RFC7748 §5 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&pt->X, plen * 8 - 1, 0)); - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); - } -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { - if (buf[0] == 0x00) { - if (ilen == 1) { - return mbedtls_ecp_set_zero(pt); - } else { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - } - - if (ilen < 1 + plen) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, buf + 1, plen)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); - - if (buf[0] == 0x04) { - /* format == MBEDTLS_ECP_PF_UNCOMPRESSED */ - if (ilen != 1 + plen * 2) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - return mbedtls_mpi_read_binary(&pt->Y, buf + 1 + plen, plen); - } else if (buf[0] == 0x02 || buf[0] == 0x03) { - /* format == MBEDTLS_ECP_PF_COMPRESSED */ - if (ilen != 1 + plen) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - return mbedtls_ecp_sw_derive_y(grp, &pt->X, &pt->Y, - (buf[0] & 1)); - } else { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - } -#endif - -cleanup: - return ret; -} - -/* - * Import a point from a TLS ECPoint record (RFC 4492) - * struct { - * opaque point <1..2^8-1>; - * } ECPoint; - */ -int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, - const unsigned char **buf, size_t buf_len) -{ - unsigned char data_len; - const unsigned char *buf_start; - /* - * We must have at least two bytes (1 for length, at least one for data) - */ - if (buf_len < 2) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - data_len = *(*buf)++; - if (data_len < 1 || data_len > buf_len - 1) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - /* - * Save buffer start for read_binary and update buf - */ - buf_start = *buf; - *buf += data_len; - - return mbedtls_ecp_point_read_binary(grp, pt, buf_start, data_len); -} - -/* - * Export a point as a TLS ECPoint record (RFC 4492) - * struct { - * opaque point <1..2^8-1>; - * } ECPoint; - */ -int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, - int format, size_t *olen, - unsigned char *buf, size_t blen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (format != MBEDTLS_ECP_PF_UNCOMPRESSED && - format != MBEDTLS_ECP_PF_COMPRESSED) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - /* - * buffer length must be at least one, for our length byte - */ - if (blen < 1) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - if ((ret = mbedtls_ecp_point_write_binary(grp, pt, format, - olen, buf + 1, blen - 1)) != 0) { - return ret; - } - - /* - * write length to the first byte and update total length - */ - buf[0] = (unsigned char) *olen; - ++*olen; - - return 0; -} - -/* - * Set a group from an ECParameters record (RFC 4492) - */ -int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, - const unsigned char **buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_group_id grp_id; - if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, len)) != 0) { - return ret; - } - - return mbedtls_ecp_group_load(grp, grp_id); -} - -/* - * Read a group id from an ECParameters record (RFC 4492) and convert it to - * mbedtls_ecp_group_id. - */ -int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp, - const unsigned char **buf, size_t len) -{ - uint16_t tls_id; - const mbedtls_ecp_curve_info *curve_info; - /* - * We expect at least three bytes (see below) - */ - if (len < 3) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - /* - * First byte is curve_type; only named_curve is handled - */ - if (*(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - /* - * Next two bytes are the namedcurve value - */ - tls_id = *(*buf)++; - tls_id <<= 8; - tls_id |= *(*buf)++; - - if ((curve_info = mbedtls_ecp_curve_info_from_tls_id(tls_id)) == NULL) { - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - } - - *grp = curve_info->grp_id; - - return 0; -} - -/* - * Write the ECParameters record corresponding to a group (RFC 4492) - */ -int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen, - unsigned char *buf, size_t blen) -{ - const mbedtls_ecp_curve_info *curve_info; - if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(grp->id)) == NULL) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - /* - * We are going to write 3 bytes (see below) - */ - *olen = 3; - if (blen < *olen) { - return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - } - - /* - * First byte is curve_type, always named_curve - */ - *buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE; - - /* - * Next two bytes are the namedcurve value - */ - MBEDTLS_PUT_UINT16_BE(curve_info->tls_id, buf, 0); - - return 0; -} - -/* - * Wrapper around fast quasi-modp functions, with fall-back to mbedtls_mpi_mod_mpi. - * See the documentation of struct mbedtls_ecp_group. - * - * This function is in the critial loop for mbedtls_ecp_mul, so pay attention to perf. - */ -static int ecp_modp(mbedtls_mpi *N, const mbedtls_ecp_group *grp) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (grp->modp == NULL) { - return mbedtls_mpi_mod_mpi(N, N, &grp->P); - } - - /* N->s < 0 is a much faster test, which fails only if N is 0 */ - if ((N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) || - mbedtls_mpi_bitlen(N) > 2 * grp->pbits) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - MBEDTLS_MPI_CHK(grp->modp(N)); - - /* N->s < 0 is a much faster test, which fails only if N is 0 */ - while (N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) { - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P)); - } - - while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) { - /* we known P, N and the result are positive */ - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P)); - } - -cleanup: - return ret; -} - -/* - * Fast mod-p functions expect their argument to be in the 0..p^2 range. - * - * In order to guarantee that, we need to ensure that operands of - * mbedtls_mpi_mul_mpi are in the 0..p range. So, after each operation we will - * bring the result back to this range. - * - * The following macros are shortcuts for doing that. - */ - -/* - * Reduce a mbedtls_mpi mod p in-place, general case, to use after mbedtls_mpi_mul_mpi - */ -#if defined(MBEDTLS_SELF_TEST) -#define INC_MUL_COUNT mul_count++; -#else -#define INC_MUL_COUNT -#endif - -#define MOD_MUL(N) \ - do \ - { \ - MBEDTLS_MPI_CHK(ecp_modp(&(N), grp)); \ - INC_MUL_COUNT \ - } while (0) - -static inline int mbedtls_mpi_mul_mod(const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - const mbedtls_mpi *B) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(X, A, B)); - MOD_MUL(*X); -cleanup: - return ret; -} - -/* - * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi - * N->s < 0 is a very fast test, which fails only if N is 0 - */ -#define MOD_SUB(N) \ - do { \ - while ((N)->s < 0 && mbedtls_mpi_cmp_int((N), 0) != 0) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P)); \ - } while (0) - -#if (defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ - !(defined(MBEDTLS_ECP_NO_FALLBACK) && \ - defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \ - defined(MBEDTLS_ECP_ADD_MIXED_ALT))) || \ - (defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \ - !(defined(MBEDTLS_ECP_NO_FALLBACK) && \ - defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT))) -static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - const mbedtls_mpi *B) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(X, A, B)); - MOD_SUB(X); -cleanup: - return ret; -} -#endif /* All functions referencing mbedtls_mpi_sub_mod() are alt-implemented without fallback */ - -/* - * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int. - * We known P, N and the result are positive, so sub_abs is correct, and - * a bit faster. - */ -#define MOD_ADD(N) \ - while (mbedtls_mpi_cmp_mpi((N), &grp->P) >= 0) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs((N), (N), &grp->P)) - -static inline int mbedtls_mpi_add_mod(const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - const mbedtls_mpi *B) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, A, B)); - MOD_ADD(X); -cleanup: - return ret; -} - -static inline int mbedtls_mpi_mul_int_mod(const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - mbedtls_mpi_uint c) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(X, A, c)); - MOD_ADD(X); -cleanup: - return ret; -} - -static inline int mbedtls_mpi_sub_int_mod(const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - mbedtls_mpi_uint c) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(X, A, c)); - MOD_SUB(X); -cleanup: - return ret; -} - -#define MPI_ECP_SUB_INT(X, A, c) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int_mod(grp, X, A, c)) - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ - !(defined(MBEDTLS_ECP_NO_FALLBACK) && \ - defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \ - defined(MBEDTLS_ECP_ADD_MIXED_ALT)) -static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - size_t count) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(X, count)); - MOD_ADD(X); -cleanup: - return ret; -} -#endif \ - /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */ - -/* - * Macro wrappers around ECP modular arithmetic - * - * Currently, these wrappers are defined via the bignum module. - */ - -#define MPI_ECP_ADD(X, A, B) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B)) - -#define MPI_ECP_SUB(X, A, B) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) - -#define MPI_ECP_MUL(X, A, B) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) - -#define MPI_ECP_SQR(X, A) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) - -#define MPI_ECP_MUL_INT(X, A, c) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int_mod(grp, X, A, c)) - -#define MPI_ECP_INV(dst, src) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod((dst), (src), &grp->P)) - -#define MPI_ECP_MOV(X, A) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)) - -#define MPI_ECP_SHIFT_L(X, count) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, X, count)) - -#define MPI_ECP_LSET(X, c) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, c)) - -#define MPI_ECP_CMP_INT(X, c) \ - mbedtls_mpi_cmp_int(X, c) - -#define MPI_ECP_CMP(X, Y) \ - mbedtls_mpi_cmp_mpi(X, Y) - -/* Needs f_rng, p_rng to be defined. */ -#define MPI_ECP_RAND(X) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_random((X), 2, &grp->P, f_rng, p_rng)) - -/* Conditional negation - * Needs grp and a temporary MPI tmp to be defined. */ -#define MPI_ECP_COND_NEG(X, cond) \ - do \ - { \ - unsigned char nonzero = mbedtls_mpi_cmp_int((X), 0) != 0; \ - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&tmp, &grp->P, (X))); \ - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign((X), &tmp, \ - nonzero & cond)); \ - } while (0) - -#define MPI_ECP_NEG(X) MPI_ECP_COND_NEG((X), 1) - -#define MPI_ECP_VALID(X) \ - ((X)->p != NULL) - -#define MPI_ECP_COND_ASSIGN(X, Y, cond) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign((X), (Y), (cond))) - -#define MPI_ECP_COND_SWAP(X, Y, cond) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap((X), (Y), (cond))) - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - -/* - * Computes the right-hand side of the Short Weierstrass equation - * RHS = X^3 + A X + B - */ -static int ecp_sw_rhs(const mbedtls_ecp_group *grp, - mbedtls_mpi *rhs, - const mbedtls_mpi *X) -{ - int ret; - - /* Compute X^3 + A X + B as X (X^2 + A) + B */ - MPI_ECP_SQR(rhs, X); - - /* Special case for A = -3 */ - if (grp->A.p == NULL) { - MPI_ECP_SUB_INT(rhs, rhs, 3); - } else { - MPI_ECP_ADD(rhs, rhs, &grp->A); - } - - MPI_ECP_MUL(rhs, rhs, X); - MPI_ECP_ADD(rhs, rhs, &grp->B); - -cleanup: - return ret; -} - -/* - * Derive Y from X and a parity bit - */ -static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp, - const mbedtls_mpi *X, - mbedtls_mpi *Y, - int parity_bit) -{ - /* w = y^2 = x^3 + ax + b - * y = sqrt(w) = w^((p+1)/4) mod p (for prime p where p = 3 mod 4) - * - * Note: this method for extracting square root does not validate that w - * was indeed a square so this function will return garbage in Y if X - * does not correspond to a point on the curve. - */ - - /* Check prerequisite p = 3 mod 4 */ - if (mbedtls_mpi_get_bit(&grp->P, 0) != 1 || - mbedtls_mpi_get_bit(&grp->P, 1) != 1) { - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - } - - int ret; - mbedtls_mpi exp; - mbedtls_mpi_init(&exp); - - /* use Y to store intermediate result, actually w above */ - MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, Y, X)); - - /* w = y^2 */ /* Y contains y^2 intermediate result */ - /* exp = ((p+1)/4) */ - MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&exp, &grp->P, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&exp, 2)); - /* sqrt(w) = w^((p+1)/4) mod p (for prime p where p = 3 mod 4) */ - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(Y, Y /*y^2*/, &exp, &grp->P, NULL)); - - /* check parity bit match or else invert Y */ - /* This quick inversion implementation is valid because Y != 0 for all - * Short Weierstrass curves supported by mbedtls, as each supported curve - * has an order that is a large prime, so each supported curve does not - * have any point of order 2, and a point with Y == 0 would be of order 2 */ - if (mbedtls_mpi_get_bit(Y, 0) != parity_bit) { - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(Y, &grp->P, Y)); - } - -cleanup: - - mbedtls_mpi_free(&exp); - return ret; -} -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_C) -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -/* - * For curves in short Weierstrass form, we do all the internal operations in - * Jacobian coordinates. - * - * For multiplication, we'll use a comb method with countermeasures against - * SPA, hence timing attacks. - */ - -/* - * Normalize jacobian coordinates so that Z == 0 || Z == 1 (GECC 3.2.1) - * Cost: 1N := 1I + 3M + 1S - */ -static int ecp_normalize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt) -{ - if (MPI_ECP_CMP_INT(&pt->Z, 0) == 0) { - return 0; - } - -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_normalize_jac(grp, pt); - } -#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi T; - mbedtls_mpi_init(&T); - - MPI_ECP_INV(&T, &pt->Z); /* T <- 1 / Z */ - MPI_ECP_MUL(&pt->Y, &pt->Y, &T); /* Y' <- Y*T = Y / Z */ - MPI_ECP_SQR(&T, &T); /* T <- T^2 = 1 / Z^2 */ - MPI_ECP_MUL(&pt->X, &pt->X, &T); /* X <- X * T = X / Z^2 */ - MPI_ECP_MUL(&pt->Y, &pt->Y, &T); /* Y'' <- Y' * T = Y / Z^3 */ - - MPI_ECP_LSET(&pt->Z, 1); - -cleanup: - - mbedtls_mpi_free(&T); - - return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) */ -} - -/* - * Normalize jacobian coordinates of an array of (pointers to) points, - * using Montgomery's trick to perform only one inversion mod P. - * (See for example Cohen's "A Course in Computational Algebraic Number - * Theory", Algorithm 10.3.4.) - * - * Warning: fails (returning an error) if one of the points is zero! - * This should never happen, see choice of w in ecp_mul_comb(). - * - * Cost: 1N(t) := 1I + (6t - 3)M + 1S - */ -static int ecp_normalize_jac_many(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *T[], size_t T_size) -{ - if (T_size < 2) { - return ecp_normalize_jac(grp, *T); - } - -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size); - } -#endif - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - mbedtls_mpi *c, t; - - if ((c = mbedtls_calloc(T_size, sizeof(mbedtls_mpi))) == NULL) { - return MBEDTLS_ERR_ECP_ALLOC_FAILED; - } - - mbedtls_mpi_init(&t); - - mpi_init_many(c, T_size); - /* - * c[i] = Z_0 * ... * Z_i, i = 0,..,n := T_size-1 - */ - MPI_ECP_MOV(&c[0], &T[0]->Z); - for (i = 1; i < T_size; i++) { - MPI_ECP_MUL(&c[i], &c[i-1], &T[i]->Z); - } - - /* - * c[n] = 1 / (Z_0 * ... * Z_n) mod P - */ - MPI_ECP_INV(&c[T_size-1], &c[T_size-1]); - - for (i = T_size - 1;; i--) { - /* At the start of iteration i (note that i decrements), we have - * - c[j] = Z_0 * .... * Z_j for j < i, - * - c[j] = 1 / (Z_0 * .... * Z_j) for j == i, - * - * This is maintained via - * - c[i-1] <- c[i] * Z_i - * - * We also derive 1/Z_i = c[i] * c[i-1] for i>0 and use that - * to do the actual normalization. For i==0, we already have - * c[0] = 1 / Z_0. - */ - - if (i > 0) { - /* Compute 1/Z_i and establish invariant for the next iteration. */ - MPI_ECP_MUL(&t, &c[i], &c[i-1]); - MPI_ECP_MUL(&c[i-1], &c[i], &T[i]->Z); - } else { - MPI_ECP_MOV(&t, &c[0]); - } - - /* Now t holds 1 / Z_i; normalize as in ecp_normalize_jac() */ - MPI_ECP_MUL(&T[i]->Y, &T[i]->Y, &t); - MPI_ECP_SQR(&t, &t); - MPI_ECP_MUL(&T[i]->X, &T[i]->X, &t); - MPI_ECP_MUL(&T[i]->Y, &T[i]->Y, &t); - - /* - * Post-precessing: reclaim some memory by shrinking coordinates - * - not storing Z (always 1) - * - shrinking other coordinates, but still keeping the same number of - * limbs as P, as otherwise it will too likely be regrown too fast. - */ - MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->X, grp->P.n)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->Y, grp->P.n)); - - MPI_ECP_LSET(&T[i]->Z, 1); - - if (i == 0) { - break; - } - } - -cleanup: - - mbedtls_mpi_free(&t); - mpi_free_many(c, T_size); - mbedtls_free(c); - - return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) */ -} - -/* - * Conditional point inversion: Q -> -Q = (Q.X, -Q.Y, Q.Z) without leak. - * "inv" must be 0 (don't invert) or 1 (invert) or the result will be invalid - */ -static int ecp_safe_invert_jac(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *Q, - unsigned char inv) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi tmp; - mbedtls_mpi_init(&tmp); - - MPI_ECP_COND_NEG(&Q->Y, inv); - -cleanup: - mbedtls_mpi_free(&tmp); - return ret; -} - -/* - * Point doubling R = 2 P, Jacobian coordinates - * - * Based on http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#doubling-dbl-1998-cmo-2 . - * - * We follow the variable naming fairly closely. The formula variations that trade a MUL for a SQR - * (plus a few ADDs) aren't useful as our bignum implementation doesn't distinguish squaring. - * - * Standard optimizations are applied when curve parameter A is one of { 0, -3 }. - * - * Cost: 1D := 3M + 4S (A == 0) - * 4M + 4S (A == -3) - * 3M + 6S + 1a otherwise - */ -static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point *P, - mbedtls_mpi tmp[4]) -{ -#if defined(MBEDTLS_SELF_TEST) - dbl_count++; -#endif - -#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_double_jac(grp, R, P); - } -#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* Special case for A = -3 */ - if (grp->A.p == NULL) { - /* tmp[0] <- M = 3(X + Z^2)(X - Z^2) */ - MPI_ECP_SQR(&tmp[1], &P->Z); - MPI_ECP_ADD(&tmp[2], &P->X, &tmp[1]); - MPI_ECP_SUB(&tmp[3], &P->X, &tmp[1]); - MPI_ECP_MUL(&tmp[1], &tmp[2], &tmp[3]); - MPI_ECP_MUL_INT(&tmp[0], &tmp[1], 3); - } else { - /* tmp[0] <- M = 3.X^2 + A.Z^4 */ - MPI_ECP_SQR(&tmp[1], &P->X); - MPI_ECP_MUL_INT(&tmp[0], &tmp[1], 3); - - /* Optimize away for "koblitz" curves with A = 0 */ - if (MPI_ECP_CMP_INT(&grp->A, 0) != 0) { - /* M += A.Z^4 */ - MPI_ECP_SQR(&tmp[1], &P->Z); - MPI_ECP_SQR(&tmp[2], &tmp[1]); - MPI_ECP_MUL(&tmp[1], &tmp[2], &grp->A); - MPI_ECP_ADD(&tmp[0], &tmp[0], &tmp[1]); - } - } - - /* tmp[1] <- S = 4.X.Y^2 */ - MPI_ECP_SQR(&tmp[2], &P->Y); - MPI_ECP_SHIFT_L(&tmp[2], 1); - MPI_ECP_MUL(&tmp[1], &P->X, &tmp[2]); - MPI_ECP_SHIFT_L(&tmp[1], 1); - - /* tmp[3] <- U = 8.Y^4 */ - MPI_ECP_SQR(&tmp[3], &tmp[2]); - MPI_ECP_SHIFT_L(&tmp[3], 1); - - /* tmp[2] <- T = M^2 - 2.S */ - MPI_ECP_SQR(&tmp[2], &tmp[0]); - MPI_ECP_SUB(&tmp[2], &tmp[2], &tmp[1]); - MPI_ECP_SUB(&tmp[2], &tmp[2], &tmp[1]); - - /* tmp[1] <- S = M(S - T) - U */ - MPI_ECP_SUB(&tmp[1], &tmp[1], &tmp[2]); - MPI_ECP_MUL(&tmp[1], &tmp[1], &tmp[0]); - MPI_ECP_SUB(&tmp[1], &tmp[1], &tmp[3]); - - /* tmp[3] <- U = 2.Y.Z */ - MPI_ECP_MUL(&tmp[3], &P->Y, &P->Z); - MPI_ECP_SHIFT_L(&tmp[3], 1); - - /* Store results */ - MPI_ECP_MOV(&R->X, &tmp[2]); - MPI_ECP_MOV(&R->Y, &tmp[1]); - MPI_ECP_MOV(&R->Z, &tmp[3]); - -cleanup: - - return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) */ -} - -/* - * Addition: R = P + Q, mixed affine-Jacobian coordinates (GECC 3.22) - * - * The coordinates of Q must be normalized (= affine), - * but those of P don't need to. R is not normalized. - * - * P,Q,R may alias, but only at the level of EC points: they must be either - * equal as pointers, or disjoint (including the coordinate data buffers). - * Fine-grained aliasing at the level of coordinates is not supported. - * - * Special cases: (1) P or Q is zero, (2) R is zero, (3) P == Q. - * None of these cases can happen as intermediate step in ecp_mul_comb(): - * - at each step, P, Q and R are multiples of the base point, the factor - * being less than its order, so none of them is zero; - * - Q is an odd multiple of the base point, P an even multiple, - * due to the choice of precomputed points in the modified comb method. - * So branches for these cases do not leak secret information. - * - * Cost: 1A := 8M + 3S - */ -static int ecp_add_mixed(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q, - mbedtls_mpi tmp[4]) -{ -#if defined(MBEDTLS_SELF_TEST) - add_count++; -#endif - -#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_add_mixed(grp, R, P, Q); - } -#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* NOTE: Aliasing between input and output is allowed, so one has to make - * sure that at the point X,Y,Z are written, {P,Q}->{X,Y,Z} are no - * longer read from. */ - mbedtls_mpi * const X = &R->X; - mbedtls_mpi * const Y = &R->Y; - mbedtls_mpi * const Z = &R->Z; - - if (!MPI_ECP_VALID(&Q->Z)) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - /* - * Trivial cases: P == 0 or Q == 0 (case 1) - */ - if (MPI_ECP_CMP_INT(&P->Z, 0) == 0) { - return mbedtls_ecp_copy(R, Q); - } - - if (MPI_ECP_CMP_INT(&Q->Z, 0) == 0) { - return mbedtls_ecp_copy(R, P); - } - - /* - * Make sure Q coordinates are normalized - */ - if (MPI_ECP_CMP_INT(&Q->Z, 1) != 0) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - MPI_ECP_SQR(&tmp[0], &P->Z); - MPI_ECP_MUL(&tmp[1], &tmp[0], &P->Z); - MPI_ECP_MUL(&tmp[0], &tmp[0], &Q->X); - MPI_ECP_MUL(&tmp[1], &tmp[1], &Q->Y); - MPI_ECP_SUB(&tmp[0], &tmp[0], &P->X); - MPI_ECP_SUB(&tmp[1], &tmp[1], &P->Y); - - /* Special cases (2) and (3) */ - if (MPI_ECP_CMP_INT(&tmp[0], 0) == 0) { - if (MPI_ECP_CMP_INT(&tmp[1], 0) == 0) { - ret = ecp_double_jac(grp, R, P, tmp); - goto cleanup; - } else { - ret = mbedtls_ecp_set_zero(R); - goto cleanup; - } - } - - /* {P,Q}->Z no longer used, so OK to write to Z even if there's aliasing. */ - MPI_ECP_MUL(Z, &P->Z, &tmp[0]); - MPI_ECP_SQR(&tmp[2], &tmp[0]); - MPI_ECP_MUL(&tmp[3], &tmp[2], &tmp[0]); - MPI_ECP_MUL(&tmp[2], &tmp[2], &P->X); - - MPI_ECP_MOV(&tmp[0], &tmp[2]); - MPI_ECP_SHIFT_L(&tmp[0], 1); - - /* {P,Q}->X no longer used, so OK to write to X even if there's aliasing. */ - MPI_ECP_SQR(X, &tmp[1]); - MPI_ECP_SUB(X, X, &tmp[0]); - MPI_ECP_SUB(X, X, &tmp[3]); - MPI_ECP_SUB(&tmp[2], &tmp[2], X); - MPI_ECP_MUL(&tmp[2], &tmp[2], &tmp[1]); - MPI_ECP_MUL(&tmp[3], &tmp[3], &P->Y); - /* {P,Q}->Y no longer used, so OK to write to Y even if there's aliasing. */ - MPI_ECP_SUB(Y, &tmp[2], &tmp[3]); - -cleanup: - - return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_ADD_MIXED_ALT) */ -} - -/* - * Randomize jacobian coordinates: - * (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l - * This is sort of the reverse operation of ecp_normalize_jac(). - * - * This countermeasure was first suggested in [2]. - */ -static int ecp_randomize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) -{ -#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_randomize_jac(grp, pt, f_rng, p_rng); - } -#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi l; - - mbedtls_mpi_init(&l); - - /* Generate l such that 1 < l < p */ - MPI_ECP_RAND(&l); - - /* Z' = l * Z */ - MPI_ECP_MUL(&pt->Z, &pt->Z, &l); - - /* Y' = l * Y */ - MPI_ECP_MUL(&pt->Y, &pt->Y, &l); - - /* X' = l^2 * X */ - MPI_ECP_SQR(&l, &l); - MPI_ECP_MUL(&pt->X, &pt->X, &l); - - /* Y'' = l^2 * Y' = l^3 * Y */ - MPI_ECP_MUL(&pt->Y, &pt->Y, &l); - -cleanup: - mbedtls_mpi_free(&l); - - if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) { - ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; - } - return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) */ -} - -/* - * Check and define parameters used by the comb method (see below for details) - */ -#if MBEDTLS_ECP_WINDOW_SIZE < 2 || MBEDTLS_ECP_WINDOW_SIZE > 7 -#error "MBEDTLS_ECP_WINDOW_SIZE out of bounds" -#endif - -/* d = ceil( n / w ) */ -#define COMB_MAX_D (MBEDTLS_ECP_MAX_BITS + 1) / 2 - -/* number of precomputed points */ -#define COMB_MAX_PRE (1 << (MBEDTLS_ECP_WINDOW_SIZE - 1)) - -/* - * Compute the representation of m that will be used with our comb method. - * - * The basic comb method is described in GECC 3.44 for example. We use a - * modified version that provides resistance to SPA by avoiding zero - * digits in the representation as in [3]. We modify the method further by - * requiring that all K_i be odd, which has the small cost that our - * representation uses one more K_i, due to carries, but saves on the size of - * the precomputed table. - * - * Summary of the comb method and its modifications: - * - * - The goal is to compute m*P for some w*d-bit integer m. - * - * - The basic comb method splits m into the w-bit integers - * x[0] .. x[d-1] where x[i] consists of the bits in m whose - * index has residue i modulo d, and computes m * P as - * S[x[0]] + 2 * S[x[1]] + .. + 2^(d-1) S[x[d-1]], where - * S[i_{w-1} .. i_0] := i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + i_0 P. - * - * - If it happens that, say, x[i+1]=0 (=> S[x[i+1]]=0), one can replace the sum by - * .. + 2^{i-1} S[x[i-1]] - 2^i S[x[i]] + 2^{i+1} S[x[i]] + 2^{i+2} S[x[i+2]] .., - * thereby successively converting it into a form where all summands - * are nonzero, at the cost of negative summands. This is the basic idea of [3]. - * - * - More generally, even if x[i+1] != 0, we can first transform the sum as - * .. - 2^i S[x[i]] + 2^{i+1} ( S[x[i]] + S[x[i+1]] ) + 2^{i+2} S[x[i+2]] .., - * and then replace S[x[i]] + S[x[i+1]] = S[x[i] ^ x[i+1]] + 2 S[x[i] & x[i+1]]. - * Performing and iterating this procedure for those x[i] that are even - * (keeping track of carry), we can transform the original sum into one of the form - * S[x'[0]] +- 2 S[x'[1]] +- .. +- 2^{d-1} S[x'[d-1]] + 2^d S[x'[d]] - * with all x'[i] odd. It is therefore only necessary to know S at odd indices, - * which is why we are only computing half of it in the first place in - * ecp_precompute_comb and accessing it with index abs(i) / 2 in ecp_select_comb. - * - * - For the sake of compactness, only the seven low-order bits of x[i] - * are used to represent its absolute value (K_i in the paper), and the msb - * of x[i] encodes the sign (s_i in the paper): it is set if and only if - * if s_i == -1; - * - * Calling conventions: - * - x is an array of size d + 1 - * - w is the size, ie number of teeth, of the comb, and must be between - * 2 and 7 (in practice, between 2 and MBEDTLS_ECP_WINDOW_SIZE) - * - m is the MPI, expected to be odd and such that bitlength(m) <= w * d - * (the result will be incorrect if these assumptions are not satisfied) - */ -static void ecp_comb_recode_core(unsigned char x[], size_t d, - unsigned char w, const mbedtls_mpi *m) -{ - size_t i, j; - unsigned char c, cc, adjust; - - memset(x, 0, d+1); - - /* First get the classical comb values (except for x_d = 0) */ - for (i = 0; i < d; i++) { - for (j = 0; j < w; j++) { - x[i] |= mbedtls_mpi_get_bit(m, i + d * j) << j; - } - } - - /* Now make sure x_1 .. x_d are odd */ - c = 0; - for (i = 1; i <= d; i++) { - /* Add carry and update it */ - cc = x[i] & c; - x[i] = x[i] ^ c; - c = cc; - - /* Adjust if needed, avoiding branches */ - adjust = 1 - (x[i] & 0x01); - c |= x[i] & (x[i-1] * adjust); - x[i] = x[i] ^ (x[i-1] * adjust); - x[i-1] |= adjust << 7; - } -} - -/* - * Precompute points for the adapted comb method - * - * Assumption: T must be able to hold 2^{w - 1} elements. - * - * Operation: If i = i_{w-1} ... i_1 is the binary representation of i, - * sets T[i] = i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + P. - * - * Cost: d(w-1) D + (2^{w-1} - 1) A + 1 N(w-1) + 1 N(2^{w-1} - 1) - * - * Note: Even comb values (those where P would be omitted from the - * sum defining T[i] above) are not needed in our adaption - * the comb method. See ecp_comb_recode_core(). - * - * This function currently works in four steps: - * (1) [dbl] Computation of intermediate T[i] for 2-power values of i - * (2) [norm_dbl] Normalization of coordinates of these T[i] - * (3) [add] Computation of all T[i] - * (4) [norm_add] Normalization of all T[i] - * - * Step 1 can be interrupted but not the others; together with the final - * coordinate normalization they are the largest steps done at once, depending - * on the window size. Here are operation counts for P-256: - * - * step (2) (3) (4) - * w = 5 142 165 208 - * w = 4 136 77 160 - * w = 3 130 33 136 - * w = 2 124 11 124 - * - * So if ECC operations are blocking for too long even with a low max_ops - * value, it's useful to set MBEDTLS_ECP_WINDOW_SIZE to a lower value in order - * to minimize maximum blocking time. - */ -static int ecp_precompute_comb(const mbedtls_ecp_group *grp, - mbedtls_ecp_point T[], const mbedtls_ecp_point *P, - unsigned char w, size_t d, - mbedtls_ecp_restart_ctx *rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char i; - size_t j = 0; - const unsigned char T_size = 1U << (w - 1); - mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1] = { NULL }; - - mbedtls_mpi tmp[4]; - - mpi_init_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) { - if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) { - goto dbl; - } - if (rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl) { - goto norm_dbl; - } - if (rs_ctx->rsm->state == ecp_rsm_pre_add) { - goto add; - } - if (rs_ctx->rsm->state == ecp_rsm_pre_norm_add) { - goto norm_add; - } - } -#else - (void) rs_ctx; -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) { - rs_ctx->rsm->state = ecp_rsm_pre_dbl; - - /* initial state for the loop */ - rs_ctx->rsm->i = 0; - } - -dbl: -#endif - /* - * Set T[0] = P and - * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) - */ - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&T[0], P)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) { - j = rs_ctx->rsm->i; - } else -#endif - j = 0; - - for (; j < d * (w - 1); j++) { - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL); - - i = 1U << (j / d); - cur = T + i; - - if (j % d == 0) { - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(cur, T + (i >> 1))); - } - - MBEDTLS_MPI_CHK(ecp_double_jac(grp, cur, cur, tmp)); - } - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) { - rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl; - } - -norm_dbl: -#endif - /* - * Normalize current elements in T to allow them to be used in - * ecp_add_mixed() below, which requires one normalized input. - * - * As T has holes, use an auxiliary array of pointers to elements in T. - * - */ - j = 0; - for (i = 1; i < T_size; i <<= 1) { - TT[j++] = T + i; - } - - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2); - - MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) { - rs_ctx->rsm->state = ecp_rsm_pre_add; - } - -add: -#endif - /* - * Compute the remaining ones using the minimal number of additions - * Be careful to update T[2^l] only after using it! - */ - MBEDTLS_ECP_BUDGET((T_size - 1) * MBEDTLS_ECP_OPS_ADD); - - for (i = 1; i < T_size; i <<= 1) { - j = i; - while (j--) { - MBEDTLS_MPI_CHK(ecp_add_mixed(grp, &T[i + j], &T[j], &T[i], tmp)); - } - } - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) { - rs_ctx->rsm->state = ecp_rsm_pre_norm_add; - } - -norm_add: -#endif - /* - * Normalize final elements in T. Even though there are no holes now, we - * still need the auxiliary array for homogeneity with the previous - * call. Also, skip T[0] which is already normalised, being a copy of P. - */ - for (j = 0; j + 1 < T_size; j++) { - TT[j] = T + j + 1; - } - - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2); - - MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); - - /* Free Z coordinate (=1 after normalization) to save RAM. - * This makes T[i] invalid as mbedtls_ecp_points, but this is OK - * since from this point onwards, they are only accessed indirectly - * via the getter function ecp_select_comb() which does set the - * target's Z coordinate to 1. */ - for (i = 0; i < T_size; i++) { - mbedtls_mpi_free(&T[i].Z); - } - -cleanup: - - mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL && - ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) { - rs_ctx->rsm->i = j; - } - } -#endif - - return ret; -} - -/* - * Select precomputed point: R = sign(i) * T[ abs(i) / 2 ] - * - * See ecp_comb_recode_core() for background - */ -static int ecp_select_comb(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point T[], unsigned char T_size, - unsigned char i) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char ii, j; - - /* Ignore the "sign" bit and scale down */ - ii = (i & 0x7Fu) >> 1; - - /* Read the whole table to thwart cache-based timing attacks */ - for (j = 0; j < T_size; j++) { - MPI_ECP_COND_ASSIGN(&R->X, &T[j].X, j == ii); - MPI_ECP_COND_ASSIGN(&R->Y, &T[j].Y, j == ii); - } - - /* Safely invert result if i is "negative" */ - MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, R, i >> 7)); - - MPI_ECP_LSET(&R->Z, 1); - -cleanup: - return ret; -} - -/* - * Core multiplication algorithm for the (modified) comb method. - * This part is actually common with the basic comb method (GECC 3.44) - * - * Cost: d A + d D + 1 R - */ -static int ecp_mul_comb_core(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point T[], unsigned char T_size, - const unsigned char x[], size_t d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_point Txi; - mbedtls_mpi tmp[4]; - size_t i; - - mbedtls_ecp_point_init(&Txi); - mpi_init_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); - -#if !defined(MBEDTLS_ECP_RESTARTABLE) - (void) rs_ctx; -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL && - rs_ctx->rsm->state != ecp_rsm_comb_core) { - rs_ctx->rsm->i = 0; - rs_ctx->rsm->state = ecp_rsm_comb_core; - } - - /* new 'if' instead of nested for the sake of the 'else' branch */ - if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) { - /* restore current index (R already pointing to rs_ctx->rsm->R) */ - i = rs_ctx->rsm->i; - } else -#endif - { - /* Start with a non-zero point and randomize its coordinates */ - i = d; - MBEDTLS_MPI_CHK(ecp_select_comb(grp, R, T, T_size, x[i])); - if (f_rng != 0) { - MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, R, f_rng, p_rng)); - } - } - - while (i != 0) { - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD); - --i; - - MBEDTLS_MPI_CHK(ecp_double_jac(grp, R, R, tmp)); - MBEDTLS_MPI_CHK(ecp_select_comb(grp, &Txi, T, T_size, x[i])); - MBEDTLS_MPI_CHK(ecp_add_mixed(grp, R, R, &Txi, tmp)); - } - -cleanup: - - mbedtls_ecp_point_free(&Txi); - mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL && - ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - rs_ctx->rsm->i = i; - /* no need to save R, already pointing to rs_ctx->rsm->R */ - } -#endif - - return ret; -} - -/* - * Recode the scalar to get constant-time comb multiplication - * - * As the actual scalar recoding needs an odd scalar as a starting point, - * this wrapper ensures that by replacing m by N - m if necessary, and - * informs the caller that the result of multiplication will be negated. - * - * This works because we only support large prime order for Short Weierstrass - * curves, so N is always odd hence either m or N - m is. - * - * See ecp_comb_recode_core() for background. - */ -static int ecp_comb_recode_scalar(const mbedtls_ecp_group *grp, - const mbedtls_mpi *m, - unsigned char k[COMB_MAX_D + 1], - size_t d, - unsigned char w, - unsigned char *parity_trick) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi M, mm; - - mbedtls_mpi_init(&M); - mbedtls_mpi_init(&mm); - - /* N is always odd (see above), just make extra sure */ - if (mbedtls_mpi_get_bit(&grp->N, 0) != 1) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - /* do we need the parity trick? */ - *parity_trick = (mbedtls_mpi_get_bit(m, 0) == 0); - - /* execute parity fix in constant time */ - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&M, m)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mm, &grp->N, m)); - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&M, &mm, *parity_trick)); - - /* actual scalar recoding */ - ecp_comb_recode_core(k, d, w, &M); - -cleanup: - mbedtls_mpi_free(&mm); - mbedtls_mpi_free(&M); - - return ret; -} - -/* - * Perform comb multiplication (for short Weierstrass curves) - * once the auxiliary table has been pre-computed. - * - * Scalar recoding may use a parity trick that makes us compute -m * P, - * if that is the case we'll need to recover m * P at the end. - */ -static int ecp_mul_comb_after_precomp(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - const mbedtls_mpi *m, - const mbedtls_ecp_point *T, - unsigned char T_size, - unsigned char w, - size_t d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char parity_trick; - unsigned char k[COMB_MAX_D + 1]; - mbedtls_ecp_point *RR = R; - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) { - RR = &rs_ctx->rsm->R; - - if (rs_ctx->rsm->state == ecp_rsm_final_norm) { - goto final_norm; - } - } -#endif - - MBEDTLS_MPI_CHK(ecp_comb_recode_scalar(grp, m, k, d, w, - &parity_trick)); - MBEDTLS_MPI_CHK(ecp_mul_comb_core(grp, RR, T, T_size, k, d, - f_rng, p_rng, rs_ctx)); - MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, RR, parity_trick)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) { - rs_ctx->rsm->state = ecp_rsm_final_norm; - } - -final_norm: - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV); -#endif - /* - * Knowledge of the jacobian coordinates may leak the last few bits of the - * scalar [1], and since our MPI implementation isn't constant-flow, - * inversion (used for coordinate normalization) may leak the full value - * of its input via side-channels [2]. - * - * [1] https://eprint.iacr.org/2003/191 - * [2] https://eprint.iacr.org/2020/055 - * - * Avoid the leak by randomizing coordinates before we normalize them. - */ - if (f_rng != 0) { - MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, RR, f_rng, p_rng)); - } - - MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, RR)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) { - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, RR)); - } -#endif - -cleanup: - return ret; -} - -/* - * Pick window size based on curve size and whether we optimize for base point - */ -static unsigned char ecp_pick_window_size(const mbedtls_ecp_group *grp, - unsigned char p_eq_g) -{ - unsigned char w; - - /* - * Minimize the number of multiplications, that is minimize - * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w ) - * (see costs of the various parts, with 1S = 1M) - */ - w = grp->nbits >= 384 ? 5 : 4; - - /* - * If P == G, pre-compute a bit more, since this may be re-used later. - * Just adding one avoids upping the cost of the first mul too much, - * and the memory cost too. - */ - if (p_eq_g) { - w++; - } - - /* - * If static comb table may not be used (!p_eq_g) or static comb table does - * not exists, make sure w is within bounds. - * (The last test is useful only for very small curves in the test suite.) - * - * The user reduces MBEDTLS_ECP_WINDOW_SIZE does not changes the size of - * static comb table, because the size of static comb table is fixed when - * it is generated. - */ -#if (MBEDTLS_ECP_WINDOW_SIZE < 6) - if ((!p_eq_g || !ecp_group_is_static_comb_table(grp)) && w > MBEDTLS_ECP_WINDOW_SIZE) { - w = MBEDTLS_ECP_WINDOW_SIZE; - } -#endif - if (w >= grp->nbits) { - w = 2; - } - - return w; -} - -/* - * Multiplication using the comb method - for curves in short Weierstrass form - * - * This function is mainly responsible for administrative work: - * - managing the restart context if enabled - * - managing the table of precomputed points (passed between the below two - * functions): allocation, computation, ownership transfer, freeing. - * - * It delegates the actual arithmetic work to: - * ecp_precompute_comb() and ecp_mul_comb_with_precomp() - * - * See comments on ecp_comb_recode_core() regarding the computation strategy. - */ -static int ecp_mul_comb(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char w, p_eq_g, i; - size_t d; - unsigned char T_size = 0, T_ok = 0; - mbedtls_ecp_point *T = NULL; - - ECP_RS_ENTER(rsm); - - /* Is P the base point ? */ -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 - p_eq_g = (MPI_ECP_CMP(&P->Y, &grp->G.Y) == 0 && - MPI_ECP_CMP(&P->X, &grp->G.X) == 0); -#else - p_eq_g = 0; -#endif - - /* Pick window size and deduce related sizes */ - w = ecp_pick_window_size(grp, p_eq_g); - T_size = 1U << (w - 1); - d = (grp->nbits + w - 1) / w; - - /* Pre-computed table: do we have it already for the base point? */ - if (p_eq_g && grp->T != NULL) { - /* second pointer to the same table, will be deleted on exit */ - T = grp->T; - T_ok = 1; - } else -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* Pre-computed table: do we have one in progress? complete? */ - if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL) { - /* transfer ownership of T from rsm to local function */ - T = rs_ctx->rsm->T; - rs_ctx->rsm->T = NULL; - rs_ctx->rsm->T_size = 0; - - /* This effectively jumps to the call to mul_comb_after_precomp() */ - T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core; - } else -#endif - /* Allocate table if we didn't have any */ - { - T = mbedtls_calloc(T_size, sizeof(mbedtls_ecp_point)); - if (T == NULL) { - ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; - goto cleanup; - } - - for (i = 0; i < T_size; i++) { - mbedtls_ecp_point_init(&T[i]); - } - - T_ok = 0; - } - - /* Compute table (or finish computing it) if not done already */ - if (!T_ok) { - MBEDTLS_MPI_CHK(ecp_precompute_comb(grp, T, P, w, d, rs_ctx)); - - if (p_eq_g) { - /* almost transfer ownership of T to the group, but keep a copy of - * the pointer to use for calling the next function more easily */ - grp->T = T; - grp->T_size = T_size; - } - } - - /* Actual comb multiplication using precomputed points */ - MBEDTLS_MPI_CHK(ecp_mul_comb_after_precomp(grp, R, m, - T, T_size, w, d, - f_rng, p_rng, rs_ctx)); - -cleanup: - - /* does T belong to the group? */ - if (T == grp->T) { - T = NULL; - } - - /* does T belong to the restart context? */ -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL) { - /* transfer ownership of T from local function to rsm */ - rs_ctx->rsm->T_size = T_size; - rs_ctx->rsm->T = T; - T = NULL; - } -#endif - - /* did T belong to us? then let's destroy it! */ - if (T != NULL) { - for (i = 0; i < T_size; i++) { - mbedtls_ecp_point_free(&T[i]); - } - mbedtls_free(T); - } - - /* prevent caller from using invalid value */ - int should_free_R = (ret != 0); -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* don't free R while in progress in case R == P */ - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - should_free_R = 0; - } -#endif - if (should_free_R) { - mbedtls_ecp_point_free(R); - } - - ECP_RS_LEAVE(rsm); - - return ret; -} - -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) -/* - * For Montgomery curves, we do all the internal arithmetic in projective - * coordinates. Import/export of points uses only the x coordinates, which is - * internally represented as X / Z. - * - * For scalar multiplication, we'll use a Montgomery ladder. - */ - -/* - * Normalize Montgomery x/z coordinates: X = X/Z, Z = 1 - * Cost: 1M + 1I - */ -static int ecp_normalize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P) -{ -#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_normalize_mxz(grp, P); - } -#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MPI_ECP_INV(&P->Z, &P->Z); - MPI_ECP_MUL(&P->X, &P->X, &P->Z); - MPI_ECP_LSET(&P->Z, 1); - -cleanup: - return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) */ -} - -/* - * Randomize projective x/z coordinates: - * (X, Z) -> (l X, l Z) for random l - * This is sort of the reverse operation of ecp_normalize_mxz(). - * - * This countermeasure was first suggested in [2]. - * Cost: 2M - */ -static int ecp_randomize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) -{ -#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_randomize_mxz(grp, P, f_rng, p_rng); - } -#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi l; - mbedtls_mpi_init(&l); - - /* Generate l such that 1 < l < p */ - MPI_ECP_RAND(&l); - - MPI_ECP_MUL(&P->X, &P->X, &l); - MPI_ECP_MUL(&P->Z, &P->Z, &l); - -cleanup: - mbedtls_mpi_free(&l); - - if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) { - ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; - } - return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) */ -} - -/* - * Double-and-add: R = 2P, S = P + Q, with d = X(P - Q), - * for Montgomery curves in x/z coordinates. - * - * http://www.hyperelliptic.org/EFD/g1p/auto-code/montgom/xz/ladder/mladd-1987-m.op3 - * with - * d = X1 - * P = (X2, Z2) - * Q = (X3, Z3) - * R = (X4, Z4) - * S = (X5, Z5) - * and eliminating temporary variables tO, ..., t4. - * - * Cost: 5M + 4S - */ -static int ecp_double_add_mxz(const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, mbedtls_ecp_point *S, - const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q, - const mbedtls_mpi *d, - mbedtls_mpi T[4]) -{ -#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) { - return mbedtls_internal_ecp_double_add_mxz(grp, R, S, P, Q, d); - } -#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MPI_ECP_ADD(&T[0], &P->X, &P->Z); /* Pp := PX + PZ */ - MPI_ECP_SUB(&T[1], &P->X, &P->Z); /* Pm := PX - PZ */ - MPI_ECP_ADD(&T[2], &Q->X, &Q->Z); /* Qp := QX + XZ */ - MPI_ECP_SUB(&T[3], &Q->X, &Q->Z); /* Qm := QX - QZ */ - MPI_ECP_MUL(&T[3], &T[3], &T[0]); /* Qm * Pp */ - MPI_ECP_MUL(&T[2], &T[2], &T[1]); /* Qp * Pm */ - MPI_ECP_SQR(&T[0], &T[0]); /* Pp^2 */ - MPI_ECP_SQR(&T[1], &T[1]); /* Pm^2 */ - MPI_ECP_MUL(&R->X, &T[0], &T[1]); /* Pp^2 * Pm^2 */ - MPI_ECP_SUB(&T[0], &T[0], &T[1]); /* Pp^2 - Pm^2 */ - MPI_ECP_MUL(&R->Z, &grp->A, &T[0]); /* A * (Pp^2 - Pm^2) */ - MPI_ECP_ADD(&R->Z, &T[1], &R->Z); /* [ A * (Pp^2-Pm^2) ] + Pm^2 */ - MPI_ECP_ADD(&S->X, &T[3], &T[2]); /* Qm*Pp + Qp*Pm */ - MPI_ECP_SQR(&S->X, &S->X); /* (Qm*Pp + Qp*Pm)^2 */ - MPI_ECP_SUB(&S->Z, &T[3], &T[2]); /* Qm*Pp - Qp*Pm */ - MPI_ECP_SQR(&S->Z, &S->Z); /* (Qm*Pp - Qp*Pm)^2 */ - MPI_ECP_MUL(&S->Z, d, &S->Z); /* d * ( Qm*Pp - Qp*Pm )^2 */ - MPI_ECP_MUL(&R->Z, &T[0], &R->Z); /* [A*(Pp^2-Pm^2)+Pm^2]*(Pp^2-Pm^2) */ - -cleanup: - - return ret; -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) */ -} - -/* - * Multiplication with Montgomery ladder in x/z coordinates, - * for curves in Montgomery form - */ -static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - unsigned char b; - mbedtls_ecp_point RP; - mbedtls_mpi PX; - mbedtls_mpi tmp[4]; - mbedtls_ecp_point_init(&RP); mbedtls_mpi_init(&PX); - - mpi_init_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); - - if (f_rng == NULL) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - /* Save PX and read from P before writing to R, in case P == R */ - MPI_ECP_MOV(&PX, &P->X); - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&RP, P)); - - /* Set R to zero in modified x/z coordinates */ - MPI_ECP_LSET(&R->X, 1); - MPI_ECP_LSET(&R->Z, 0); - mbedtls_mpi_free(&R->Y); - - /* RP.X might be slightly larger than P, so reduce it */ - MOD_ADD(&RP.X); - - /* Randomize coordinates of the starting point */ - MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, &RP, f_rng, p_rng)); - - /* Loop invariant: R = result so far, RP = R + P */ - i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */ - while (i-- > 0) { - b = mbedtls_mpi_get_bit(m, i); - /* - * if (b) R = 2R + P else R = 2R, - * which is: - * if (b) double_add( RP, R, RP, R ) - * else double_add( R, RP, R, RP ) - * but using safe conditional swaps to avoid leaks - */ - MPI_ECP_COND_SWAP(&R->X, &RP.X, b); - MPI_ECP_COND_SWAP(&R->Z, &RP.Z, b); - MBEDTLS_MPI_CHK(ecp_double_add_mxz(grp, R, &RP, R, &RP, &PX, tmp)); - MPI_ECP_COND_SWAP(&R->X, &RP.X, b); - MPI_ECP_COND_SWAP(&R->Z, &RP.Z, b); - } - - /* - * Knowledge of the projective coordinates may leak the last few bits of the - * scalar [1], and since our MPI implementation isn't constant-flow, - * inversion (used for coordinate normalization) may leak the full value - * of its input via side-channels [2]. - * - * [1] https://eprint.iacr.org/2003/191 - * [2] https://eprint.iacr.org/2020/055 - * - * Avoid the leak by randomizing coordinates before we normalize them. - */ - MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, R, f_rng, p_rng)); - MBEDTLS_MPI_CHK(ecp_normalize_mxz(grp, R)); - -cleanup: - mbedtls_ecp_point_free(&RP); mbedtls_mpi_free(&PX); - - mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); - return ret; -} - -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -/* - * Restartable multiplication R = m * P - * - * This internal function can be called without an RNG in case where we know - * the inputs are not sensitive. - */ -static int ecp_mul_restartable_internal(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx) -{ - int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - char is_grp_capable = 0; -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* reset ops count for this call if top-level */ - if (rs_ctx != NULL && rs_ctx->depth++ == 0) { - rs_ctx->ops_done = 0; - } -#else - (void) rs_ctx; -#endif - -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { - MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); - } -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - - int restarting = 0; -#if defined(MBEDTLS_ECP_RESTARTABLE) - restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL); -#endif - /* skip argument check when restarting */ - if (!restarting) { - /* check_privkey is free */ - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_CHK); - - /* Common sanity checks */ - MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(grp, m)); - MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); - } - - ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { - MBEDTLS_MPI_CHK(ecp_mul_mxz(grp, R, m, P, f_rng, p_rng)); - } -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { - MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx)); - } -#endif - -cleanup: - -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if (is_grp_capable) { - mbedtls_internal_ecp_free(grp); - } -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL) { - rs_ctx->depth--; - } -#endif - - return ret; -} - -/* - * Restartable multiplication R = m * P - */ -int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx) -{ - if (f_rng == NULL) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - return ecp_mul_restartable_internal(grp, R, m, P, f_rng, p_rng, rs_ctx); -} - -/* - * Multiplication R = m * P - */ -int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) -{ - return mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL); -} -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -/* - * Check that an affine point is valid as a public key, - * short weierstrass curves (SEC1 3.2.3.1) - */ -static int ecp_check_pubkey_sw(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi YY, RHS; - - /* pt coordinates must be normalized for our checks */ - if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0 || - mbedtls_mpi_cmp_int(&pt->Y, 0) < 0 || - mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 || - mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) { - return MBEDTLS_ERR_ECP_INVALID_KEY; - } - - mbedtls_mpi_init(&YY); mbedtls_mpi_init(&RHS); - - /* - * YY = Y^2 - * RHS = X^3 + A X + B - */ - MPI_ECP_SQR(&YY, &pt->Y); - MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, &RHS, &pt->X)); - - if (MPI_ECP_CMP(&YY, &RHS) != 0) { - ret = MBEDTLS_ERR_ECP_INVALID_KEY; - } - -cleanup: - - mbedtls_mpi_free(&YY); mbedtls_mpi_free(&RHS); - - return ret; -} -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_C) -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -/* - * R = m * P with shortcuts for m == 0, m == 1 and m == -1 - * NOT constant-time - ONLY for short Weierstrass! - */ -static int mbedtls_ecp_mul_shortcuts(mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - const mbedtls_mpi *m, - const mbedtls_ecp_point *P, - mbedtls_ecp_restart_ctx *rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi tmp; - mbedtls_mpi_init(&tmp); - - if (mbedtls_mpi_cmp_int(m, 0) == 0) { - MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); - MBEDTLS_MPI_CHK(mbedtls_ecp_set_zero(R)); - } else if (mbedtls_mpi_cmp_int(m, 1) == 0) { - MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P)); - } else if (mbedtls_mpi_cmp_int(m, -1) == 0) { - MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P)); - MPI_ECP_NEG(&R->Y); - } else { - MBEDTLS_MPI_CHK(ecp_mul_restartable_internal(grp, R, m, P, - NULL, NULL, rs_ctx)); - } - -cleanup: - mbedtls_mpi_free(&tmp); - - return ret; -} - -/* - * Restartable linear combination - * NOT constant-time - */ -int mbedtls_ecp_muladd_restartable( - mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q, - mbedtls_ecp_restart_ctx *rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_point mP; - mbedtls_ecp_point *pmP = &mP; - mbedtls_ecp_point *pR = R; - mbedtls_mpi tmp[4]; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - char is_grp_capable = 0; -#endif - if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { - return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - } - - mbedtls_ecp_point_init(&mP); - mpi_init_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); - - ECP_RS_ENTER(ma); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->ma != NULL) { - /* redirect intermediate results to restart context */ - pmP = &rs_ctx->ma->mP; - pR = &rs_ctx->ma->R; - - /* jump to next operation */ - if (rs_ctx->ma->state == ecp_rsma_mul2) { - goto mul2; - } - if (rs_ctx->ma->state == ecp_rsma_add) { - goto add; - } - if (rs_ctx->ma->state == ecp_rsma_norm) { - goto norm; - } - } -#endif /* MBEDTLS_ECP_RESTARTABLE */ - - MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pmP, m, P, rs_ctx)); -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->ma != NULL) { - rs_ctx->ma->state = ecp_rsma_mul2; - } - -mul2: -#endif - MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR, n, Q, rs_ctx)); - -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { - MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); - } -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->ma != NULL) { - rs_ctx->ma->state = ecp_rsma_add; - } - -add: -#endif - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_ADD); - MBEDTLS_MPI_CHK(ecp_add_mixed(grp, pR, pmP, pR, tmp)); -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->ma != NULL) { - rs_ctx->ma->state = ecp_rsma_norm; - } - -norm: -#endif - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV); - MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, pR)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->ma != NULL) { - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, pR)); - } -#endif - -cleanup: - - mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); - -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if (is_grp_capable) { - mbedtls_internal_ecp_free(grp); - } -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - - mbedtls_ecp_point_free(&mP); - - ECP_RS_LEAVE(ma); - - return ret; -} - -/* - * Linear combination - * NOT constant-time - */ -int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q) -{ - return mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL); -} -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -#define ECP_MPI_INIT(_p, _n) { .p = (mbedtls_mpi_uint *) (_p), .s = 1, .n = (_n) } -#define ECP_MPI_INIT_ARRAY(x) \ - ECP_MPI_INIT(x, sizeof(x) / sizeof(mbedtls_mpi_uint)) -/* - * Constants for the two points other than 0, 1, -1 (mod p) in - * https://cr.yp.to/ecdh.html#validate - * See ecp_check_pubkey_x25519(). - */ -static const mbedtls_mpi_uint x25519_bad_point_1[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a), - MBEDTLS_BYTES_TO_T_UINT_8(0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00), -}; -static const mbedtls_mpi_uint x25519_bad_point_2[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24), - MBEDTLS_BYTES_TO_T_UINT_8(0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86), - MBEDTLS_BYTES_TO_T_UINT_8(0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57), -}; -static const mbedtls_mpi ecp_x25519_bad_point_1 = ECP_MPI_INIT_ARRAY( - x25519_bad_point_1); -static const mbedtls_mpi ecp_x25519_bad_point_2 = ECP_MPI_INIT_ARRAY( - x25519_bad_point_2); -#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ - -/* - * Check that the input point is not one of the low-order points. - * This is recommended by the "May the Fourth" paper: - * https://eprint.iacr.org/2017/806.pdf - * Those points are never sent by an honest peer. - */ -static int ecp_check_bad_points_mx(const mbedtls_mpi *X, const mbedtls_mpi *P, - const mbedtls_ecp_group_id grp_id) -{ - int ret; - mbedtls_mpi XmP; - - mbedtls_mpi_init(&XmP); - - /* Reduce X mod P so that we only need to check values less than P. - * We know X < 2^256 so we can proceed by subtraction. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&XmP, X)); - while (mbedtls_mpi_cmp_mpi(&XmP, P) >= 0) { - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&XmP, &XmP, P)); - } - - /* Check against the known bad values that are less than P. For Curve448 - * these are 0, 1 and -1. For Curve25519 we check the values less than P - * from the following list: https://cr.yp.to/ecdh.html#validate */ - if (mbedtls_mpi_cmp_int(&XmP, 1) <= 0) { /* takes care of 0 and 1 */ - ret = MBEDTLS_ERR_ECP_INVALID_KEY; - goto cleanup; - } - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - if (grp_id == MBEDTLS_ECP_DP_CURVE25519) { - if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_1) == 0) { - ret = MBEDTLS_ERR_ECP_INVALID_KEY; - goto cleanup; - } - - if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_2) == 0) { - ret = MBEDTLS_ERR_ECP_INVALID_KEY; - goto cleanup; - } - } -#else - (void) grp_id; -#endif - - /* Final check: check if XmP + 1 is P (final because it changes XmP!) */ - MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&XmP, &XmP, 1)); - if (mbedtls_mpi_cmp_mpi(&XmP, P) == 0) { - ret = MBEDTLS_ERR_ECP_INVALID_KEY; - goto cleanup; - } - - ret = 0; - -cleanup: - mbedtls_mpi_free(&XmP); - - return ret; -} - -/* - * Check validity of a public key for Montgomery curves with x-only schemes - */ -static int ecp_check_pubkey_mx(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) -{ - /* [Curve25519 p. 5] Just check X is the correct number of bytes */ - /* Allow any public value, if it's too big then we'll just reduce it mod p - * (RFC 7748 sec. 5 para. 3). */ - if (mbedtls_mpi_size(&pt->X) > (grp->nbits + 7) / 8) { - return MBEDTLS_ERR_ECP_INVALID_KEY; - } - - /* Implicit in all standards (as they don't consider negative numbers): - * X must be non-negative. This is normally ensured by the way it's - * encoded for transmission, but let's be extra sure. */ - if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0) { - return MBEDTLS_ERR_ECP_INVALID_KEY; - } - - return ecp_check_bad_points_mx(&pt->X, &grp->P, grp->id); -} -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -/* - * Check that a point is valid as a public key - */ -int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *pt) -{ - /* Must use affine coordinates */ - if (mbedtls_mpi_cmp_int(&pt->Z, 1) != 0) { - return MBEDTLS_ERR_ECP_INVALID_KEY; - } - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { - return ecp_check_pubkey_mx(grp, pt); - } -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { - return ecp_check_pubkey_sw(grp, pt); - } -#endif - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; -} - -/* - * Check that an mbedtls_mpi is valid as a private key - */ -int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, - const mbedtls_mpi *d) -{ -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { - /* see RFC 7748 sec. 5 para. 5 */ - if (mbedtls_mpi_get_bit(d, 0) != 0 || - mbedtls_mpi_get_bit(d, 1) != 0 || - mbedtls_mpi_bitlen(d) - 1 != grp->nbits) { /* mbedtls_mpi_bitlen is one-based! */ - return MBEDTLS_ERR_ECP_INVALID_KEY; - } - - /* see [Curve25519] page 5 */ - if (grp->nbits == 254 && mbedtls_mpi_get_bit(d, 2) != 0) { - return MBEDTLS_ERR_ECP_INVALID_KEY; - } - - return 0; - } -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { - /* see SEC1 3.2 */ - if (mbedtls_mpi_cmp_int(d, 1) < 0 || - mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) { - return MBEDTLS_ERR_ECP_INVALID_KEY; - } else { - return 0; - } - } -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; -} - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_gen_privkey_mx(size_t high_bit, - mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - size_t n_random_bytes = high_bit / 8 + 1; - - /* [Curve25519] page 5 */ - /* Generate a (high_bit+1)-bit random number by generating just enough - * random bytes, then shifting out extra bits from the top (necessary - * when (high_bit+1) is not a multiple of 8). */ - MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(d, n_random_bytes, - f_rng, p_rng)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(d, 8 * n_random_bytes - high_bit - 1)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, high_bit, 1)); - - /* Make sure the last two bits are unset for Curve448, three bits for - Curve25519 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 0, 0)); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 1, 0)); - if (high_bit == 254) { - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 2, 0)); - } - -cleanup: - return ret; -} -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -static int mbedtls_ecp_gen_privkey_sw( - const mbedtls_mpi *N, mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) -{ - int ret = mbedtls_mpi_random(d, 1, N, f_rng, p_rng); - switch (ret) { - case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: - return MBEDTLS_ERR_ECP_RANDOM_FAILED; - default: - return ret; - } -} -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -/* - * Generate a private key - */ -int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, - mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { - return mbedtls_ecp_gen_privkey_mx(grp->nbits, d, f_rng, p_rng); - } -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { - return mbedtls_ecp_gen_privkey_sw(&grp->N, d, f_rng, p_rng); - } -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; -} - -#if defined(MBEDTLS_ECP_C) -/* - * Generate a keypair with configurable base point - */ -int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, - const mbedtls_ecp_point *G, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng)); - MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, Q, d, G, f_rng, p_rng)); - -cleanup: - return ret; -} - -/* - * Generate key pair, wrapper for conventional base point - */ -int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - return mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng); -} - -/* - * Generate a keypair, prettier wrapper - */ -int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { - return ret; - } - - return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng); -} -#endif /* MBEDTLS_ECP_C */ - -#define ECP_CURVE25519_KEY_SIZE 32 -#define ECP_CURVE448_KEY_SIZE 56 -/* - * Read a private key. - */ -int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - const unsigned char *buf, size_t buflen) -{ - int ret = 0; - - if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { - return ret; - } - - ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { - /* - * Mask the key as mandated by RFC7748 for Curve25519 and Curve448. - */ - if (grp_id == MBEDTLS_ECP_DP_CURVE25519) { - if (buflen != ECP_CURVE25519_KEY_SIZE) { - return MBEDTLS_ERR_ECP_INVALID_KEY; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&key->d, buf, buflen)); - - /* Set the three least significant bits to 0 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 0, 0)); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 1, 0)); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 2, 0)); - - /* Set the most significant bit to 0 */ - MBEDTLS_MPI_CHK( - mbedtls_mpi_set_bit(&key->d, - ECP_CURVE25519_KEY_SIZE * 8 - 1, 0) - ); - - /* Set the second most significant bit to 1 */ - MBEDTLS_MPI_CHK( - mbedtls_mpi_set_bit(&key->d, - ECP_CURVE25519_KEY_SIZE * 8 - 2, 1) - ); - } else if (grp_id == MBEDTLS_ECP_DP_CURVE448) { - if (buflen != ECP_CURVE448_KEY_SIZE) { - return MBEDTLS_ERR_ECP_INVALID_KEY; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&key->d, buf, buflen)); - - /* Set the two least significant bits to 0 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 0, 0)); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 1, 0)); - - /* Set the most significant bit to 1 */ - MBEDTLS_MPI_CHK( - mbedtls_mpi_set_bit(&key->d, - ECP_CURVE448_KEY_SIZE * 8 - 1, 1) - ); - } - } -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen)); - } -#endif - MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); - -cleanup: - - if (ret != 0) { - mbedtls_mpi_free(&key->d); - } - - return ret; -} - -/* - * Write a private key. - */ -int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, - unsigned char *buf, size_t buflen) -{ - int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { - if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) { - if (buflen < ECP_CURVE25519_KEY_SIZE) { - return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - } - - } else if (key->grp.id == MBEDTLS_ECP_DP_CURVE448) { - if (buflen < ECP_CURVE448_KEY_SIZE) { - return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - } - } - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&key->d, buf, buflen)); - } -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&key->d, buf, buflen)); - } - -#endif -cleanup: - - return ret; -} - -#if defined(MBEDTLS_ECP_C) -/* - * Check a public-private key pair - */ -int mbedtls_ecp_check_pub_priv( - const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_point Q; - mbedtls_ecp_group grp; - if (pub->grp.id == MBEDTLS_ECP_DP_NONE || - pub->grp.id != prv->grp.id || - mbedtls_mpi_cmp_mpi(&pub->Q.X, &prv->Q.X) || - mbedtls_mpi_cmp_mpi(&pub->Q.Y, &prv->Q.Y) || - mbedtls_mpi_cmp_mpi(&pub->Q.Z, &prv->Q.Z)) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - mbedtls_ecp_point_init(&Q); - mbedtls_ecp_group_init(&grp); - - /* mbedtls_ecp_mul() needs a non-const group... */ - mbedtls_ecp_group_copy(&grp, &prv->grp); - - /* Also checks d is valid */ - MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng)); - - if (mbedtls_mpi_cmp_mpi(&Q.X, &prv->Q.X) || - mbedtls_mpi_cmp_mpi(&Q.Y, &prv->Q.Y) || - mbedtls_mpi_cmp_mpi(&Q.Z, &prv->Q.Z)) { - ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - goto cleanup; - } - -cleanup: - mbedtls_ecp_point_free(&Q); - mbedtls_ecp_group_free(&grp); - - return ret; -} -#endif /* MBEDTLS_ECP_C */ - -/* - * Export generic key-pair parameters. - */ -int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp, - mbedtls_mpi *d, mbedtls_ecp_point *Q) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) { - return ret; - } - - if ((ret = mbedtls_mpi_copy(d, &key->d)) != 0) { - return ret; - } - - if ((ret = mbedtls_ecp_copy(Q, &key->Q)) != 0) { - return ret; - } - - return 0; -} - -#if defined(MBEDTLS_SELF_TEST) - -#if defined(MBEDTLS_ECP_C) -/* - * PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!! - * - * This is the linear congruential generator from numerical recipes, - * except we only use the low byte as the output. See - * https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use - */ -static int self_test_rng(void *ctx, unsigned char *out, size_t len) -{ - static uint32_t state = 42; - - (void) ctx; - - for (size_t i = 0; i < len; i++) { - state = state * 1664525u + 1013904223u; - out[i] = (unsigned char) state; - } - - return 0; -} - -/* Adjust the exponent to be a valid private point for the specified curve. - * This is sometimes necessary because we use a single set of exponents - * for all curves but the validity of values depends on the curve. */ -static int self_test_adjust_exponent(const mbedtls_ecp_group *grp, - mbedtls_mpi *m) -{ - int ret = 0; - switch (grp->id) { - /* If Curve25519 is available, then that's what we use for the - * Montgomery test, so we don't need the adjustment code. */ -#if !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - case MBEDTLS_ECP_DP_CURVE448: - /* Move highest bit from 254 to N-1. Setting bit N-1 is - * necessary to enforce the highest-bit-set constraint. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, 254, 0)); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, grp->nbits, 1)); - /* Copy second-highest bit from 253 to N-2. This is not - * necessary but improves the test variety a bit. */ - MBEDTLS_MPI_CHK( - mbedtls_mpi_set_bit(m, grp->nbits - 1, - mbedtls_mpi_get_bit(m, 253))); - break; -#endif -#endif /* ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) */ - default: - /* Non-Montgomery curves and Curve25519 need no adjustment. */ - (void) grp; - (void) m; - goto cleanup; - } -cleanup: - return ret; -} - -/* Calculate R = m.P for each m in exponents. Check that the number of - * basic operations doesn't depend on the value of m. */ -static int self_test_point(int verbose, - mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - mbedtls_mpi *m, - const mbedtls_ecp_point *P, - const char *const *exponents, - size_t n_exponents) -{ - int ret = 0; - size_t i = 0; - unsigned long add_c_prev, dbl_c_prev, mul_c_prev; - add_count = 0; - dbl_count = 0; - mul_count = 0; - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[0])); - MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); - MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL)); - - for (i = 1; i < n_exponents; i++) { - add_c_prev = add_count; - dbl_c_prev = dbl_count; - mul_c_prev = mul_count; - add_count = 0; - dbl_count = 0; - mul_count = 0; - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[i])); - MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); - MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL)); - - if (add_count != add_c_prev || - dbl_count != dbl_c_prev || - mul_count != mul_c_prev) { - ret = 1; - break; - } - } - -cleanup: - if (verbose != 0) { - if (ret != 0) { - mbedtls_printf("failed (%u)\n", (unsigned int) i); - } else { - mbedtls_printf("passed\n"); - } - } - return ret; -} -#endif /* MBEDTLS_ECP_C */ - -/* - * Checkup routine - */ -int mbedtls_ecp_self_test(int verbose) -{ -#if defined(MBEDTLS_ECP_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_group grp; - mbedtls_ecp_point R, P; - mbedtls_mpi m; - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - /* Exponents especially adapted for secp192k1, which has the lowest - * order n of all supported curves (secp192r1 is in a slightly larger - * field but the order of its base point is slightly smaller). */ - const char *sw_exponents[] = - { - "000000000000000000000000000000000000000000000001", /* one */ - "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8C", /* n - 1 */ - "5EA6F389A38B8BC81E767753B15AA5569E1782E30ABE7D25", /* random */ - "400000000000000000000000000000000000000000000000", /* one and zeros */ - "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", /* all ones */ - "555555555555555555555555555555555555555555555555", /* 101010... */ - }; -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - const char *m_exponents[] = - { - /* Valid private values for Curve25519. In a build with Curve448 - * but not Curve25519, they will be adjusted in - * self_test_adjust_exponent(). */ - "4000000000000000000000000000000000000000000000000000000000000000", - "5C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C30", - "5715ECCE24583F7A7023C24164390586842E816D7280A49EF6DF4EAE6B280BF8", - "41A2B017516F6D254E1F002BCCBADD54BE30F8CEC737A0E912B4963B6BA74460", - "5555555555555555555555555555555555555555555555555555555555555550", - "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8", - }; -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - - mbedtls_ecp_group_init(&grp); - mbedtls_ecp_point_init(&R); - mbedtls_ecp_point_init(&P); - mbedtls_mpi_init(&m); - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - /* Use secp192r1 if available, or any available curve */ -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP192R1)); -#else - MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, mbedtls_ecp_curve_list()->grp_id)); -#endif - - if (verbose != 0) { - mbedtls_printf(" ECP SW test #1 (constant op_count, base point G): "); - } - /* Do a dummy multiplication first to trigger precomputation */ - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&m, 2)); - MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &P, &m, &grp.G, self_test_rng, NULL)); - ret = self_test_point(verbose, - &grp, &R, &m, &grp.G, - sw_exponents, - sizeof(sw_exponents) / sizeof(sw_exponents[0])); - if (ret != 0) { - goto cleanup; - } - - if (verbose != 0) { - mbedtls_printf(" ECP SW test #2 (constant op_count, other point): "); - } - /* We computed P = 2G last time, use it */ - ret = self_test_point(verbose, - &grp, &R, &m, &P, - sw_exponents, - sizeof(sw_exponents) / sizeof(sw_exponents[0])); - if (ret != 0) { - goto cleanup; - } - - mbedtls_ecp_group_free(&grp); - mbedtls_ecp_point_free(&R); -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (verbose != 0) { - mbedtls_printf(" ECP Montgomery test (constant op_count): "); - } -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE25519)); -#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE448)); -#else -#error "MBEDTLS_ECP_MONTGOMERY_ENABLED is defined, but no curve is supported for self-test" -#endif - ret = self_test_point(verbose, - &grp, &R, &m, &grp.G, - m_exponents, - sizeof(m_exponents) / sizeof(m_exponents[0])); - if (ret != 0) { - goto cleanup; - } -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -cleanup: - - if (ret < 0 && verbose != 0) { - mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int) ret); - } - - mbedtls_ecp_group_free(&grp); - mbedtls_ecp_point_free(&R); - mbedtls_ecp_point_free(&P); - mbedtls_mpi_free(&m); - - if (verbose != 0) { - mbedtls_printf("\n"); - } - - return ret; -#else /* MBEDTLS_ECP_C */ - (void) verbose; - return 0; -#endif /* MBEDTLS_ECP_C */ -} - -#endif /* MBEDTLS_SELF_TEST */ - -#endif /* !MBEDTLS_ECP_ALT */ - -#endif /* MBEDTLS_ECP_LIGHT */ - -#endif /* MBEDTLS_ECP_WITH_MPI_UINT */ From 6eff0b2258d53dd6661c6569560ec7abea6774b3 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 2 Aug 2023 17:22:49 +0530 Subject: [PATCH 260/339] Remove test vector Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 39 ++++++++++++------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 12043484d..302a9aa48 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6401,23 +6401,20 @@ PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #1, 20+1 (over capacity) depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"0c60c80f961f0e71f3a9b524af6012062fe037a6":"00":0:1:0 -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 16+0 -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 - -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 15+1 -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e3":"3c":0:1:0 - -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 0+16 -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"":"8b27beed7e7a4dd6c53138c879a8e33c":0:1:0 - #The following test vectors were generated by a python script. Details can be found in the commit message. -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1 +#The input cost, salt and password are the same as PBKDF2-HMAC test vectors +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1, 20+0 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:0 +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1, 10+10 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e2777":"7606a315876ec71227de":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1, 0+20 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"":"1b72f6419173a06e27777606a315876ec71227de":0:1:0 + PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 2 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"02":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"160597e28021fb3dd9cf088b007b688360fed438":"":0:1:0 @@ -6446,21 +6443,21 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128, 16 byte password depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f726470617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"c4c112c6e1e3b8757640603dec78825f":"":0:1:0 -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, salt in two step +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, salt in two step depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"5468726561643733356338376234":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"4f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"6c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:0 -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as key, derive key +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, password as key, derive key depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":""::0:1:1 +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:1 -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as bytes +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, password as bytes depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:0:0 +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:0:0 -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as bytes, derive key +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, password as bytes, derive key depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:0:1 +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"":"":0:0:1 PSA key derivation: ECJPAKE to PMS, no input depends_on:PSA_WANT_ALG_SHA_256 From 1de02049e493bb1357968503b4deeb0c91c84b41 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 2 Aug 2023 13:01:14 +0100 Subject: [PATCH 261/339] Clarify changelog not needed for compiler warnings Signed-off-by: Dave Rodgman --- ChangeLog.d/00README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md index d2ea73d1c..2fbc989de 100644 --- a/ChangeLog.d/00README.md +++ b/ChangeLog.d/00README.md @@ -21,6 +21,9 @@ We generally don't include changelog entries for: * Performance improvements, unless they are particularly significant. * Changes to parts of the code base that users don't interact with directly, such as test code and test data. +* Fixes for compiler warnings. Releases typically contain a number of fixes + of this kind, so we will only mention them in the Changelog if they are + particularly significant. Until Mbed TLS 2.24.0, we required changelog entries in more cases. Looking at older changelog entries is good practice for how to write a From df28b8d2ea5bcd3e947b7f72bf6a21f25c06a2a7 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 23 Feb 2023 18:39:16 +0000 Subject: [PATCH 262/339] Add space to appease doxygen bug See doxygen/doxygen#8706 Signed-off-by: David Horstmann --- include/mbedtls/bignum.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index b1d4b88ba..5c2c8431b 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -1005,7 +1005,7 @@ int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, * This must point to an initialized MPI. * \param rounds The number of bases to perform the Miller-Rabin primality * test for. The probability of returning 0 on a composite is - * at most 2-2*\p rounds. + * at most 2-2*\p rounds . * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG parameter to be passed to \p f_rng. * This may be \c NULL if \p f_rng doesn't use From 1d46bfbae8f1a8f6cf5dff1818e98259a4458523 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 14 Mar 2023 14:20:38 +0000 Subject: [PATCH 263/339] Tell Doxygen to generate XML Signed-off-by: David Horstmann --- doxygen/mbedtls.doxyfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 5e797434d..1a421efd1 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -42,3 +42,5 @@ DOT_TRANSPARENT = YES # \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription # This avoids writing redundant text and keeps Clang happy. ALIASES += emptydescription="" + +GENERATE_XML = YES From 7cedefe2fbd4d68d0e17cf643e23fcd6d75a6a78 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 14 Mar 2023 15:00:46 +0000 Subject: [PATCH 264/339] Add initial API doc configuration Signed-off-by: David Horstmann --- docs/Makefile | 20 +++++++++++ docs/conf.py | 34 ++++++++++++++++++ docs/index.rst | 20 +++++++++++ docs/make.bat | 35 ++++++++++++++++++ docs/requirements.in | 3 ++ docs/requirements.txt | 82 +++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 194 insertions(+) create mode 100644 docs/Makefile create mode 100644 docs/conf.py create mode 100644 docs/index.rst create mode 100644 docs/make.bat create mode 100644 docs/requirements.in create mode 100644 docs/requirements.txt diff --git a/docs/Makefile b/docs/Makefile new file mode 100644 index 000000000..d4bb2cbb9 --- /dev/null +++ b/docs/Makefile @@ -0,0 +1,20 @@ +# Minimal makefile for Sphinx documentation +# + +# You can set these variables from the command line, and also +# from the environment for the first two. +SPHINXOPTS ?= +SPHINXBUILD ?= sphinx-build +SOURCEDIR = . +BUILDDIR = _build + +# Put it first so that "make" without argument is like "make help". +help: + @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + +.PHONY: help Makefile + +# Catch-all target: route all unknown targets to Sphinx using the new +# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). +%: Makefile + @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) diff --git a/docs/conf.py b/docs/conf.py new file mode 100644 index 000000000..41c50c7f2 --- /dev/null +++ b/docs/conf.py @@ -0,0 +1,34 @@ +# Configuration file for the Sphinx documentation builder. +# +# For the full list of built-in configuration values, see the documentation: +# https://www.sphinx-doc.org/en/master/usage/configuration.html + +# -- Project information ----------------------------------------------------- +# https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information +import glob + +project = 'Mbed TLS Versioned' +copyright = '2023, Mbed TLS Contributors' +author = 'Mbed TLS Contributors' + +# -- General configuration --------------------------------------------------- +# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration + +extensions = ['breathe', 'sphinx.ext.graphviz'] + +templates_path = ['_templates'] +exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] + +breathe_projects = { + 'mbedtls-versioned': '../apidoc/xml' +} +breathe_default_project = 'mbedtls-versioned' + +primary_domain = 'c' +highlight_language = 'c' + +# -- Options for HTML output ------------------------------------------------- +# https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-html-output + +html_theme = 'sphinx_rtd_theme' +html_static_path = ['_static'] diff --git a/docs/index.rst b/docs/index.rst new file mode 100644 index 000000000..33a97223d --- /dev/null +++ b/docs/index.rst @@ -0,0 +1,20 @@ +.. Mbed TLS Versioned documentation master file, created by + sphinx-quickstart on Thu Feb 23 18:13:44 2023. + You can adapt this file completely to your liking, but it should at least + contain the root `toctree` directive. + +Mbed TLS API documentation +========================== + +.. doxygenpage:: index + :project: mbedtls-versioned + +.. toctree:: + :caption: Contents + :maxdepth: 1 + + Home + api/grouplist.rst + api/filelist.rst + api/structlist.rst + api/unionlist.rst diff --git a/docs/make.bat b/docs/make.bat new file mode 100644 index 000000000..32bb24529 --- /dev/null +++ b/docs/make.bat @@ -0,0 +1,35 @@ +@ECHO OFF + +pushd %~dp0 + +REM Command file for Sphinx documentation + +if "%SPHINXBUILD%" == "" ( + set SPHINXBUILD=sphinx-build +) +set SOURCEDIR=. +set BUILDDIR=_build + +%SPHINXBUILD% >NUL 2>NUL +if errorlevel 9009 ( + echo. + echo.The 'sphinx-build' command was not found. Make sure you have Sphinx + echo.installed, then set the SPHINXBUILD environment variable to point + echo.to the full path of the 'sphinx-build' executable. Alternatively you + echo.may add the Sphinx directory to PATH. + echo. + echo.If you don't have Sphinx installed, grab it from + echo.https://www.sphinx-doc.org/ + exit /b 1 +) + +if "%1" == "" goto help + +%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% +goto end + +:help +%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% + +:end +popd diff --git a/docs/requirements.in b/docs/requirements.in new file mode 100644 index 000000000..c0afd6158 --- /dev/null +++ b/docs/requirements.in @@ -0,0 +1,3 @@ +sphinx-rtd-theme +breathe +exhale diff --git a/docs/requirements.txt b/docs/requirements.txt new file mode 100644 index 000000000..9d57fadde --- /dev/null +++ b/docs/requirements.txt @@ -0,0 +1,82 @@ +# +# This file is autogenerated by pip-compile with Python 3.8 +# by the following command: +# +# pip-compile requirements.in +# +alabaster==0.7.13 + # via sphinx +babel==2.12.1 + # via sphinx +beautifulsoup4==4.11.2 + # via exhale +breathe==4.35.0 + # via + # -r requirements.in + # exhale +certifi==2022.12.7 + # via requests +charset-normalizer==3.1.0 + # via requests +docutils==0.17.1 + # via + # breathe + # exhale + # sphinx + # sphinx-rtd-theme +exhale==0.3.6 + # via -r requirements.in +idna==3.4 + # via requests +imagesize==1.4.1 + # via sphinx +importlib-metadata==6.0.0 + # via sphinx +jinja2==3.1.2 + # via sphinx +lxml==4.9.2 + # via exhale +markupsafe==2.1.2 + # via jinja2 +packaging==23.0 + # via sphinx +pygments==2.14.0 + # via sphinx +pytz==2022.7.1 + # via babel +requests==2.28.2 + # via sphinx +six==1.16.0 + # via exhale +snowballstemmer==2.2.0 + # via sphinx +soupsieve==2.4 + # via beautifulsoup4 +sphinx==4.5.0 + # via + # breathe + # exhale + # sphinx-rtd-theme +sphinx-rtd-theme==1.2.0 + # via -r requirements.in +sphinxcontrib-applehelp==1.0.4 + # via sphinx +sphinxcontrib-devhelp==1.0.2 + # via sphinx +sphinxcontrib-htmlhelp==2.0.1 + # via sphinx +sphinxcontrib-jquery==2.0.0 + # via sphinx-rtd-theme +sphinxcontrib-jsmath==1.0.1 + # via sphinx +sphinxcontrib-qthelp==1.0.3 + # via sphinx +sphinxcontrib-serializinghtml==1.1.5 + # via sphinx +urllib3==1.26.15 + # via requests +zipp==3.15.0 + # via importlib-metadata + +# The following packages are considered to be unsafe in a requirements file: +# setuptools From bd2947684cb6adbbd22b773d1512fc6c5ac2208f Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 14 Mar 2023 16:38:36 +0000 Subject: [PATCH 265/339] Add configuration for Read The Docs Signed-off-by: David Horstmann --- .readthedocs.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .readthedocs.yaml diff --git a/.readthedocs.yaml b/.readthedocs.yaml new file mode 100644 index 000000000..cef07bf1c --- /dev/null +++ b/.readthedocs.yaml @@ -0,0 +1,26 @@ +# .readthedocs.yaml +# Read the Docs configuration file +# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details + +# Required +version: 2 + +# Set the version of Python and other tools you might need +build: + os: ubuntu-20.04 + tools: + python: "3.9" + jobs: + pre_build: + - make apidoc + - breathe-apidoc -o docs/api apidoc/xml + +# Build documentation in the docs/ directory with Sphinx +sphinx: + builder: dirhtml + configuration: docs/conf.py + +# Optionally declare the Python requirements required to build your docs +python: + install: + - requirements: docs/requirements.txt From b9f0674ef194ea281b264c32fc663c82bf392e0d Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 16 Mar 2023 16:07:12 +0000 Subject: [PATCH 266/339] Ignore mbedtls macros causing warnings Sphinx's breathe plugin cannot readily parse the Mbed TLS macros, so define the less essential ones away at the doxygen step to reduce the number of warnings. Signed-off-by: David Horstmann --- doxygen/mbedtls.doxyfile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 1a421efd1..cd3937fdf 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -44,3 +44,12 @@ DOT_TRANSPARENT = YES ALIASES += emptydescription="" GENERATE_XML = YES + +# Define away Mbed TLS macros that make parsing definitions difficult. +# MBEDTLS_DEPRECATED is not included in this list as it's important to +# display deprecated status in the documentation. +PREDEFINED = "MBEDTLS_CHECK_RETURN_CRITICAL=" \ + "MBEDTLS_CHECK_RETURN_TYPICAL=" \ + "MBEDTLS_CHECK_RETURN_OPTIONAL=" \ + "MBEDTLS_PRINTF_ATTRIBUTE(a,b)=" \ + From 1fa678d58e84b14cacb564c6abb1f8f699b9cd82 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 17 Mar 2023 13:46:51 +0000 Subject: [PATCH 267/339] Add exemption for make.bat in checks for tabs Signed-off-by: David Horstmann --- tests/scripts/check_files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 352b55eaa..7cb3e0b41 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -350,6 +350,7 @@ class TabIssueTracker(LineIssueTracker): ".sln", "/Makefile", "/Makefile.inc", + "/make.bat", "/generate_visualc_files.pl", ]) From 5532597de3ef7549b50ab3adbffce82f3f816c11 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 22 Mar 2023 17:30:22 +0000 Subject: [PATCH 268/339] Remove Exhale from requirements and regenerate Regenerate the requirements.txt with Exhale removed and also with Python 3.9 instead of 3.8, for parity with Read The Docs. Signed-off-by: David Horstmann --- docs/requirements.in | 1 - docs/requirements.txt | 20 ++------------------ 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/docs/requirements.in b/docs/requirements.in index c0afd6158..a523188c3 100644 --- a/docs/requirements.in +++ b/docs/requirements.in @@ -1,3 +1,2 @@ sphinx-rtd-theme breathe -exhale diff --git a/docs/requirements.txt b/docs/requirements.txt index 9d57fadde..4b9f3a6b3 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.8 +# This file is autogenerated by pip-compile with Python 3.9 # by the following command: # # pip-compile requirements.in @@ -8,12 +8,8 @@ alabaster==0.7.13 # via sphinx babel==2.12.1 # via sphinx -beautifulsoup4==4.11.2 - # via exhale breathe==4.35.0 - # via - # -r requirements.in - # exhale + # via -r requirements.in certifi==2022.12.7 # via requests charset-normalizer==3.1.0 @@ -21,11 +17,8 @@ charset-normalizer==3.1.0 docutils==0.17.1 # via # breathe - # exhale # sphinx # sphinx-rtd-theme -exhale==0.3.6 - # via -r requirements.in idna==3.4 # via requests imagesize==1.4.1 @@ -34,28 +27,19 @@ importlib-metadata==6.0.0 # via sphinx jinja2==3.1.2 # via sphinx -lxml==4.9.2 - # via exhale markupsafe==2.1.2 # via jinja2 packaging==23.0 # via sphinx pygments==2.14.0 # via sphinx -pytz==2022.7.1 - # via babel requests==2.28.2 # via sphinx -six==1.16.0 - # via exhale snowballstemmer==2.2.0 # via sphinx -soupsieve==2.4 - # via beautifulsoup4 sphinx==4.5.0 # via # breathe - # exhale # sphinx-rtd-theme sphinx-rtd-theme==1.2.0 # via -r requirements.in From dbee883c74a6c1f43d7c2a9bc1a42f9708062571 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 22 Mar 2023 17:35:14 +0000 Subject: [PATCH 269/339] Improve positioning of GENERATE_XML option It is clearer to have this option next to the GENERATE_LATEX option. Signed-off-by: David Horstmann --- doxygen/mbedtls.doxyfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index cd3937fdf..393fd41ad 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -18,6 +18,7 @@ HTML_OUTPUT = . HTML_TIMESTAMP = YES SEARCHENGINE = YES GENERATE_LATEX = NO +GENERATE_XML = YES MACRO_EXPANSION = YES EXPAND_ONLY_PREDEF = YES INCLUDE_PATH = ../include @@ -43,8 +44,6 @@ DOT_TRANSPARENT = YES # This avoids writing redundant text and keeps Clang happy. ALIASES += emptydescription="" -GENERATE_XML = YES - # Define away Mbed TLS macros that make parsing definitions difficult. # MBEDTLS_DEPRECATED is not included in this list as it's important to # display deprecated status in the documentation. From e51ef92efd95e6bb0a6e792fce00cac67c0d0cfb Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 27 Mar 2023 15:21:27 +0100 Subject: [PATCH 270/339] Improve docs Makefile to do full build Include the make apidoc and breathe-apidoc steps in the documentation Makefile for ease of use. In this way, depart from the Makefile generated automatically by Sphinx. Signed-off-by: David Horstmann --- docs/Makefile | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/docs/Makefile b/docs/Makefile index d4bb2cbb9..6a7599e96 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -12,9 +12,27 @@ BUILDDIR = _build help: @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) -.PHONY: help Makefile +.PHONY: help clean apidoc breathe_apidoc Makefile + +# Intercept the 'clean' target so we can do the right thing for apidoc as well +clean: + @# Clean the apidoc + $(MAKE) -C .. apidoc_clean + @# Clean the sphinx docs + @$(SPHINXBUILD) -M clean "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + +apidoc: + @# Generate doxygen from source using the main Makefile + $(MAKE) -C .. apidoc + +breathe_apidoc: apidoc + @# Remove existing files - breathe-apidoc skips them if they're present + rm -rf ./api + @# Generate RST file structure with breathe-apidoc + breathe-apidoc -o ./api ../apidoc/xml # Catch-all target: route all unknown targets to Sphinx using the new # "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). -%: Makefile +%: Makefile breathe_apidoc + @# Build the relevant target with sphinx @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) From 8d7b213ef8c362597c1af13e5eba9c07a4a933d5 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 27 Mar 2023 15:24:37 +0100 Subject: [PATCH 271/339] Remove make.bat for documentation Building the docs on Windows is not supported in any case, as the apidoc target in the main Makefile will not run on Windows. Signed-off-by: David Horstmann --- docs/make.bat | 35 ----------------------------------- 1 file changed, 35 deletions(-) delete mode 100644 docs/make.bat diff --git a/docs/make.bat b/docs/make.bat deleted file mode 100644 index 32bb24529..000000000 --- a/docs/make.bat +++ /dev/null @@ -1,35 +0,0 @@ -@ECHO OFF - -pushd %~dp0 - -REM Command file for Sphinx documentation - -if "%SPHINXBUILD%" == "" ( - set SPHINXBUILD=sphinx-build -) -set SOURCEDIR=. -set BUILDDIR=_build - -%SPHINXBUILD% >NUL 2>NUL -if errorlevel 9009 ( - echo. - echo.The 'sphinx-build' command was not found. Make sure you have Sphinx - echo.installed, then set the SPHINXBUILD environment variable to point - echo.to the full path of the 'sphinx-build' executable. Alternatively you - echo.may add the Sphinx directory to PATH. - echo. - echo.If you don't have Sphinx installed, grab it from - echo.https://www.sphinx-doc.org/ - exit /b 1 -) - -if "%1" == "" goto help - -%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% -goto end - -:help -%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% - -:end -popd From 6c7785225280a2d5d78db34dc4357ffbbe1fad25 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 27 Mar 2023 15:30:40 +0100 Subject: [PATCH 272/339] Revert "Add exemption for make.bat in checks for tabs" This is no longer needed as make.bat has been removed. We do not support building the documentation on Windows. This reverts commit d50daedccace24bf69903ff7879bc0543757f5ef. Signed-off-by: David Horstmann --- tests/scripts/check_files.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 7cb3e0b41..352b55eaa 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -350,7 +350,6 @@ class TabIssueTracker(LineIssueTracker): ".sln", "/Makefile", "/Makefile.inc", - "/make.bat", "/generate_visualc_files.pl", ]) From 9d06c7d5e5c8ac08b2827021780cad7e39796632 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 28 Mar 2023 14:24:47 +0100 Subject: [PATCH 273/339] Clean the breathe-apidoc files with make clean Signed-off-by: David Horstmann --- docs/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/Makefile b/docs/Makefile index 6a7599e96..47510f984 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -18,6 +18,8 @@ help: clean: @# Clean the apidoc $(MAKE) -C .. apidoc_clean + @# Clean the breathe-apidoc generated files + rm -rf ./api @# Clean the sphinx docs @$(SPHINXBUILD) -M clean "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) From b7583c9a8fb0ef2ab8d7adc488209c189a385ed2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 28 Mar 2023 15:00:24 +0100 Subject: [PATCH 274/339] Add _build/ and api/ to gitignore Signed-off-by: David Horstmann --- docs/.gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/.gitignore b/docs/.gitignore index 23f832b73..11f197bc3 100644 --- a/docs/.gitignore +++ b/docs/.gitignore @@ -1,2 +1,4 @@ *.html *.pdf +_build/ +api/ From a824f8bc913bcacf8358380b4f35769c74849357 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Aug 2023 16:38:21 +0200 Subject: [PATCH 275/339] Update test dependencies when using test-ca.key "tests/data_files/test-ca.key" is now encrypted using AES instead of DES. Update test dependencies accordingly. This fixes `depends.py cipher_id`. This is a partial cherry-pick of 1a4cc5e92ca8dbffa5606e4da84eb02e1c70e83d (done manually because the context on the same line is different). Signed-off-by: Gilles Peskine --- tests/suites/test_suite_x509write.data | 48 +++++++++++++------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 78f8c59db..ddfcd3758 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -59,99 +59,99 @@ depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_PK_CAN x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0 Certificate write check Server1 SHA1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, not before 1970 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, not before 1970, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, not before 2050, not after 2059 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, one ext_key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, two ext_key_usages -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt" Certificate write check Server1 SHA1, RSA_ALT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, RSA_ALT, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, RSA_ALT, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, RSA_ALT, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Opaque -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Opaque, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Opaque, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Opaque, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Opaque, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Serial starting with 0x80 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, All 0xFF full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt" Certificate write check Server5 ECDSA From d3a797710adb1754d93562bcb0f5c3b85b10a733 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Aug 2023 18:36:06 +0200 Subject: [PATCH 276/339] psa_is_key_slot_occupied: change to using the key identifier Signed-off-by: Gilles Peskine --- docs/architecture/psa-thread-safety.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/architecture/psa-thread-safety.md b/docs/architecture/psa-thread-safety.md index b15594251..dbc8b9608 100644 --- a/docs/architecture/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety.md @@ -131,7 +131,7 @@ The following functions modify a slot's usage state: * `psa_key_slot_set_flags` - writes to attr.flags * `psa_key_slot_set_bits_in_flags` - writes to attr.flags * `psa_key_slot_clear_bits` - writes to attr.flags -* `psa_is_key_slot_occupied` - reads attr.type +* `psa_is_key_slot_occupied` - reads attr.type (but see “[Determining whether a key slot is occupied](#determining-whether-a-key-slot-is-occupied)”) * `psa_key_slot_get_flags` - reads attr.flags `psa_crypto_slot_management.c`: @@ -171,7 +171,11 @@ The following functions modify a slot's usage state: * `psa_key_derivation_input_key` - reads attr.type * `psa_key_agreement_raw_internal` - reads attr.type and attr.bits -TODO: change `psa_is_key_slot_occupied` to checking the id? +#### Determining whether a key slot is occupied + +`psa_is_key_slot_occupied` currently uses the `attr.type` field to determine whether a key slot is occupied. This works because we maintain the invariant that an occupied slot contains key material. With concurrency, it is desirable to allow a key slot to be reserved, but not yet contain key material or even metadata. When creating a key, determining the key type can be costly, for example when loading a persistent key from storage or (not yet implemented) when importing or unwrapping a key using an interface that determines the key type from the data that it parses. So we should not need to hold the global key store lock while the key type is undetermined. + +Instead, `psa_is_key_slot_occupied` should use the key identifier to decide whether a slot is occupied. The key identifier is always readily available: when allocating a slot for a persistent key, it's an input of the function that allocates the key slot; when allocating a slot for a volatile key, the identifier is calculated from the choice of slot. #### Key slot content From d4e7fe09b36b802c44ade701ab9f60de1cbe8ebf Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 2 Aug 2023 16:59:59 +0000 Subject: [PATCH 277/339] Change tests to work on different MBEDTLS_RSA_GEN_KEY_MIN_BITS configs Signed-off-by: Waleed Elmelegy --- tests/suites/test_suite_psa_crypto.data | 30 ++++++++++++------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index fb583d33f..4583c0741 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6932,7 +6932,7 @@ generate_random:2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1 PSA generate key: bad type (RSA public key) depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0 +generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: raw data, 0 bits: invalid argument # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED @@ -6983,13 +6983,13 @@ PSA generate key: invalid key size: AES, 64 bits depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0 -PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512 -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 +PSA generate key: RSA, minimum allowed key size, good, sign (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS > 128 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 -PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1016 -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 +PSA generate key: RSA, 1032 bits, good, sign (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1032 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1032:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 @@ -6999,9 +6999,9 @@ PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0 -PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512 -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 +PSA generate key: RSA, minimum allowed key size, good, encrypt (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 256:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 2048 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256) depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 @@ -7012,17 +7012,17 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERA # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT:0 -PSA generate key: RSA, 1022 bits: not supported +PSA generate key: RSA, size not multiple of 8: not supported depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 62:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 -PSA generate key: RSA, 1023 bits: not supported +PSA generate key: RSA, size not multiple of 2: not supported depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 63:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: RSA, maximum size exceeded depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: ECC, SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 From 6919546ddfece3cc53f3e27382ee3976a4983cf9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Aug 2023 12:02:14 +0200 Subject: [PATCH 278/339] Update more test dependencies when using test-ca.key Those test cases aren't actually executed due to another typo which is beyond the scope of this commit and will be resolved in https://github.com/Mbed-TLS/mbedtls/pull/8029 . But update DES to AES anyway. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 317a6c914..cc6412de7 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1,13 +1,13 @@ Parse RSA Key #1 (No password when required) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C +depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"NULL":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #2 (Correct password) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C +depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 Parse RSA Key #3 (Wrong password) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C +depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #4 (DES Encrypted) From 3c963eefe210037a8658f1571acf65a77f4a800b Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 3 Aug 2023 12:32:09 +0100 Subject: [PATCH 279/339] Remove trailing whitespace Signed-off-by: Agathiyan Bragadeesh --- scripts/mbedtls_dev/bignum_data.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/bignum_data.py b/scripts/mbedtls_dev/bignum_data.py index 6f132a6b3..897e31989 100644 --- a/scripts/mbedtls_dev/bignum_data.py +++ b/scripts/mbedtls_dev/bignum_data.py @@ -107,7 +107,7 @@ INPUTS_DEFAULT = [ ] ADD_SUB_DATA = [ - "0", "1", "3", "f", "fe", "ff", "100", "ff00", + "0", "1", "3", "f", "fe", "ff", "100", "ff00", "fffe", "ffff", "10000", # 2^16 - 1, 2^16, 2^16 + 1 "fffffffe", "ffffffff", "100000000", # 2^32 - 1, 2^32, 2^32 + 1 "1f7f7f7f7f7f7f", From ce37c5e1cea07ad81f18ef1fefc248c5d76bb4af Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 4 Aug 2023 13:53:36 +0100 Subject: [PATCH 280/339] Update links to Rijndael paper and NIST SP 800-90 DRBGs The link to the DRBG paper points to the March 2007 version, the same as the original link (rather than the latest version). The amended Rijndael paper has a two-page "Note on naming" prefix. Fixes #7193 Signed-off-by: Tom Cosgrove --- library/aes.c | 2 +- library/ctr_drbg.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/aes.c b/library/aes.c index 6d718f461..592ca6416 100644 --- a/library/aes.c +++ b/library/aes.c @@ -19,7 +19,7 @@ /* * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. * - * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf + * https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index acc4208cc..fdd753d1c 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -19,7 +19,7 @@ /* * The NIST SP 800-90 DRBGs are described in the following publication. * - * http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf + * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-90r.pdf */ #include "common.h" From 3bcff5431a120e3057e0904df12beb80401735d1 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 4 Aug 2023 14:05:28 +0100 Subject: [PATCH 281/339] Put both gitignore modifications in one script New file also contains a header file and uses sed Signed-off-by: Agathiyan Bragadeesh --- scripts/gitignore_add_generated_files.sh | 23 ------- scripts/gitignore_patch.sh | 71 +++++++++++++++++++++ scripts/gitignore_remove_generated_files.sh | 23 ------- 3 files changed, 71 insertions(+), 46 deletions(-) delete mode 100755 scripts/gitignore_add_generated_files.sh create mode 100755 scripts/gitignore_patch.sh delete mode 100755 scripts/gitignore_remove_generated_files.sh diff --git a/scripts/gitignore_add_generated_files.sh b/scripts/gitignore_add_generated_files.sh deleted file mode 100755 index 27c348082..000000000 --- a/scripts/gitignore_add_generated_files.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -set -eu - -GITIGNORES=$(find . -name ".gitignore") - -for GITIGNORE in $GITIGNORES; do - IN_GEN_BLOCK=false - while read -r line; do - if [ "$line" = "###START_COMMENTED_GENERATED_FILES###" ]; then - IN_GEN_BLOCK=true - echo "###START_GENERATED_FILES###" - elif [ "$line" = "###END_COMMENTED_GENERATED_FILES###" ]; then - IN_GEN_BLOCK=false - echo "###END_GENERATED_FILES###" - elif $IN_GEN_BLOCK ; then - echo "${line:1}" - else - echo "$line" - fi - done <$GITIGNORE > "$GITIGNORE.tmp" - mv "$GITIGNORE.tmp" $GITIGNORE -done diff --git a/scripts/gitignore_patch.sh b/scripts/gitignore_patch.sh new file mode 100755 index 000000000..d0fba6d6f --- /dev/null +++ b/scripts/gitignore_patch.sh @@ -0,0 +1,71 @@ +#!/bin/bash +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Purpose +# +# For adapting gitignore files for releases so generated files can be included. +# +# Usage: gitignore_add_generated_files.sh [ -h | --help ] etc +# + +set -eu + +print_usage() +{ + echo "Usage: $0" + echo -e " -h|--help\t\tPrint this help." + echo -e " -i|--ignore\t\tAdd generated files to the gitignores." + echo -e " -u|--unignore\t\tRemove generated files from the gitignores." +} + +if [[ $# -eq 0 ]]; then + print_usage + exit 1 +elif [[ $# -ge 2 ]]; then + echo "Too many arguments!" + exit 1 +fi + +case "$1" in + -i | --ignore) + IGNORE=true + ;; + -u | --uignore) + IGNORE=false + ;; + -h | --help | "") + print_usage + exit 1 + ;; + *) + echo "Unknown argument: $1" + echo "run '$0 --help' for options" + exit 1 +esac + +GITIGNORES=$(find . -name ".gitignore") +for GITIGNORE in $GITIGNORES; do + if $IGNORE; then + sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^# //' $GITIGNORE + sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE + sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE + else + sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/# /' $GITIGNORE + sed -i 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE + sed -i 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE + fi +done diff --git a/scripts/gitignore_remove_generated_files.sh b/scripts/gitignore_remove_generated_files.sh deleted file mode 100755 index 8314b2c23..000000000 --- a/scripts/gitignore_remove_generated_files.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -set -eu - -GITIGNORES=$(find . -name ".gitignore") - -for GITIGNORE in $GITIGNORES; do - IN_GEN_BLOCK=false - while read -r line; do - if [ "$line" = "###START_GENERATED_FILES###" ]; then - IN_GEN_BLOCK=true - echo "###START_COMMENTED_GENERATED_FILES###" - elif [ "$line" = "###END_GENERATED_FILES###" ]; then - IN_GEN_BLOCK=false - echo "###END_COMMENTED_GENERATED_FILES###" - elif $IN_GEN_BLOCK ; then - echo "#$line" - else - echo "$line" - fi - done <$GITIGNORE > "$GITIGNORE.tmp" - mv "$GITIGNORE.tmp" $GITIGNORE -done From b8bd604379eff106cd3ebf92c7a8462223cf51fc Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 4 Aug 2023 14:14:11 +0100 Subject: [PATCH 282/339] Remove trailing whitespace Signed-off-by: Agathiyan Bragadeesh --- scripts/gitignore_patch.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/gitignore_patch.sh b/scripts/gitignore_patch.sh index d0fba6d6f..74ec66c1d 100755 --- a/scripts/gitignore_patch.sh +++ b/scripts/gitignore_patch.sh @@ -59,7 +59,7 @@ esac GITIGNORES=$(find . -name ".gitignore") for GITIGNORE in $GITIGNORES; do - if $IGNORE; then + if $IGNORE; then sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^# //' $GITIGNORE sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE From b61484947af23d4301cc2c0d86df1753bd14a2d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 7 Aug 2023 11:32:51 +0200 Subject: [PATCH 283/339] Fix error in the guide to drivers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is no export_key entry point for transparent drivers. Signed-off-by: Manuel Pégourié-Gonnard --- docs/psa-driver-example-and-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md index ff661245f..ae3c04c64 100644 --- a/docs/psa-driver-example-and-guide.md +++ b/docs/psa-driver-example-and-guide.md @@ -29,8 +29,8 @@ Auto-generation of the driver wrapper is supported for the operation entry point | Transparent Driver | Opaque Driver | |---------------------|---------------------| | `import_key` | `import_key` | -| `export_key` | `export_key` | | `export_public_key` | `export_public_key` | +| | `export_key` | | | `copy_key` | | | `get_builtin_key` | From de24ba6cfd4c704b0bc51f3c512907cac9596070 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 7 Aug 2023 11:36:14 +0200 Subject: [PATCH 284/339] Add link to examples in relevant places MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some documents about driver describe a state of things that is ahead of the reality. They already contain a warning about it, but no way to know that the current reality is; add a pointer to a document that describes it. Signed-off-by: Manuel Pégourié-Gonnard --- docs/proposed/psa-driver-developer-guide.md | 1 + docs/proposed/psa-driver-integration-guide.md | 1 + docs/proposed/psa-driver-wrappers-codegen-migration-guide.md | 1 + 3 files changed, 3 insertions(+) diff --git a/docs/proposed/psa-driver-developer-guide.md b/docs/proposed/psa-driver-developer-guide.md index d004483f9..6b207c824 100644 --- a/docs/proposed/psa-driver-developer-guide.md +++ b/docs/proposed/psa-driver-developer-guide.md @@ -2,6 +2,7 @@ PSA Cryptoprocessor driver developer's guide ============================================ **This is a specification of work in progress. The implementation is not yet merged into Mbed TLS.** +For a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.html). This document describes how to write drivers of cryptoprocessors such as accelerators and secure elements for the PSA cryptography subsystem of Mbed TLS. diff --git a/docs/proposed/psa-driver-integration-guide.md b/docs/proposed/psa-driver-integration-guide.md index 3d12ec66c..8b3b4041c 100644 --- a/docs/proposed/psa-driver-integration-guide.md +++ b/docs/proposed/psa-driver-integration-guide.md @@ -2,6 +2,7 @@ Building Mbed TLS with PSA cryptoprocessor drivers ================================================== **This is a specification of work in progress. The implementation is not yet merged into Mbed TLS.** +For a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.html). This document describes how to build Mbed TLS with additional cryptoprocessor drivers that follow the PSA cryptoprocessor driver interface. diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md index 6144aada6..84c311ca5 100644 --- a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md +++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md @@ -2,6 +2,7 @@ Migrating to an auto generated psa_crypto_driver_wrappers.c file ================================================================ **This is a specification of work in progress. The implementation is not yet merged into Mbed TLS.** +For a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.html). This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.c file. It is meant to give the library user migration guidelines while the Mbed TLS project tides over multiple minor revs of version 1.0, after which this will be merged into psa-driver-interface.md. From 4dd89310e96817f6e6a67cbec99395db7074d1f6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 7 Aug 2023 11:49:12 +0100 Subject: [PATCH 285/339] Update w.r.t. test macro name changes from #6253 Signed-off-by: Dave Rodgman --- tests/suites/test_suite_constant_time.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index bc3eb0510..7cf69937b 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -152,7 +152,7 @@ void mbedtls_ct_zeroize_if(char *c_str, int len) uint8_t *buf = NULL; mbedtls_ct_condition_t c = mbedtls_ct_bool(strtoull(c_str, NULL, 16)); - ASSERT_ALLOC(buf, len); + TEST_CALLOC(buf, len); for (size_t i = 0; i < (size_t) len; i++) { buf[i] = 1; } @@ -321,8 +321,8 @@ void mbedtls_ct_memmove_left(int len, int offset) size_t o = (size_t) offset; uint8_t *buf = NULL, *buf_expected = NULL; - ASSERT_ALLOC(buf, l); - ASSERT_ALLOC(buf_expected, l); + TEST_CALLOC(buf, l); + TEST_CALLOC(buf_expected, l); for (size_t i = 0; i < l; i++) { buf[i] = (uint8_t) i; From 584bf985f5988a01bdca6a46a9831b251953fd4a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Aug 2023 16:29:19 +0200 Subject: [PATCH 286/339] Elaborate on psa_destroy_key requirements Signed-off-by: Gilles Peskine --- docs/architecture/psa-thread-safety.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/architecture/psa-thread-safety.md b/docs/architecture/psa-thread-safety.md index dbc8b9608..7cba70f14 100644 --- a/docs/architecture/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety.md @@ -71,6 +71,13 @@ We may want to go directly to a more sophisticated approach because when a syste As noted above in [“Correctness out of the box”](#correctness-out-of-the-box), when a key is destroyed, it's ok if `psa_destroy_key` allows copies of the key to live until ongoing operations using the key return. In the long term, it would be good to guarantee that `psa_destroy_key` wipes all copies of the key material. +#### Summary of guarantees when `psa_destroy_key` returns + +* The key identifier doesn't exist. Rationale: this is a functional requirement for persistent keys: the caller can immediately create a new key with the same identifier. +* The resources from the key have been freed. Rationale: in a low-resource condition, this may be necessary for the caller to re-create a similar key, which should be possible. +* The call must not block indefinitely, and in particular cannot wait for an event that is triggered by application code such as calling an abort function. Rationale: this may not strictly be a functional requirement, but it is an expectation `psa_destroy_key` does not block forever due to another thread, which could potentially be another process on a multi-process system. +* In the long term, no copy of the key material exists. Rationale: this is a security requirement. We do not have this requirement yet, but we need to document this as a security weakness, and we would like to become compliant. + ## Resources to protect Analysis of the behavior of the PSA key store as of Mbed TLS 9202ba37b19d3ea25c8451fd8597fce69eaa6867. From 9aa93c8e780e3c6768762d5ce712b8ea6cdafc43 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Aug 2023 16:32:09 +0200 Subject: [PATCH 287/339] Added a note about new primitives for secure destruction Signed-off-by: Gilles Peskine --- docs/architecture/psa-thread-safety.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/architecture/psa-thread-safety.md b/docs/architecture/psa-thread-safety.md index 7cba70f14..b0ca8088f 100644 --- a/docs/architecture/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety.md @@ -280,3 +280,5 @@ There is currently no indication of when a slot is in the WRITING state. This on Problem: a key slot is destroyed (by `psa_wipe_key_slot`) while it's in use (READING or WRITING). TODO: how do we ensure that? This needs something more sophisticated than mutexes (concurrency number >2)! Even a per-slot mutex isn't enough (we'd need a reader-writer lock). + +Solution: after some team discussion, we've decided to rely on a new threading abstraction which mimics C11 (i.e. `mbedtls_fff` where `fff` is the C11 function name, having the same parameters and return type, with default implementations for C11, pthreads and Windows). We'll likely use condition variables in addition to mutexes. From 153ae464db633edd427339cbbcf529626b40d46d Mon Sep 17 00:00:00 2001 From: Chien Wong Date: Tue, 31 Jan 2023 23:27:03 +0800 Subject: [PATCH 288/339] Improve doc on special use of A in ecp group structure Signed-off-by: Chien Wong --- include/mbedtls/ecp.h | 44 +++++++++++++++++++++++++++++++++++++++++-- library/ecp.c | 4 ++-- 2 files changed, 44 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 0e678a3eb..cd7fd26e2 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -196,6 +196,23 @@ mbedtls_ecp_point; * cardinality is denoted by \p N. Our code requires that \p N is an * odd prime as mbedtls_ecp_mul() requires an odd number, and * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. + * The default implementation only initializes \p A without setting it to the + * authentic value for curves with A = -3(SECP256R1, etc), in which + * case you need to load and free \p A by yourself when using domain parameters + * directly, for example: + * \code + * mbedtls_ecp_group_init(&grp); + * CHECK_RETURN(mbedtls_ecp_group_load(&grp, grp_id)); + * if (mbedtls_ecp_group_a_is_minus_3(&grp)) { + * CHECK_RETURN(mbedtls_mpi_sub_int(&grp.A, &grp.P, 3); + * } + * + * access_grp_A_etc(&grp); + * + * cleanup: + * mbedtls_mpi_free(&grp.A); + * mbedtls_ecp_group_free(&grp); + * \endcode * * For Montgomery curves, we do not store \p A, but (A + 2) / 4, * which is the quantity used in the formulas. Additionally, \p nbits is @@ -223,8 +240,11 @@ mbedtls_ecp_point; typedef struct mbedtls_ecp_group { mbedtls_ecp_group_id id; /*!< An internal group identifier. */ mbedtls_mpi P; /*!< The prime modulus of the base field. */ - mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For - Montgomery curves: (A + 2) / 4. */ + mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. Note that + \p A is not set to the authentic value in some cases. + For Montgomery curves: (A + 2) / 4. + Refer to detailed description of mbedtls_ecp_group if + using domain parameters in the structure. */ mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. For Montgomery curves: unused. */ mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ @@ -991,6 +1011,26 @@ int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, mbedtls_ecp_restart_ctx *rs_ctx); #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) +/** + * \brief This function checks if domain parameter A of the curve is + * \c -3. + * + * \note This function is only defined for short Weierstrass curves. + * It may not be included in builds without any short + * Weierstrass curve. + * + * \param grp The ECP group to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * + * \return \c 1 if A = -3. + * \return \c 0 Otherwise. + */ +static inline int mbedtls_ecp_group_a_is_minus_3(const mbedtls_ecp_group *grp) +{ + return grp->A.MBEDTLS_PRIVATE(p) == NULL; +} + /** * \brief This function performs multiplication and addition of two * points by integers: \p R = \p m * \p P + \p n * \p Q diff --git a/library/ecp.c b/library/ecp.c index 870773c13..f9b6672e9 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1255,7 +1255,7 @@ static int ecp_sw_rhs(const mbedtls_ecp_group *grp, MPI_ECP_SQR(rhs, X); /* Special case for A = -3 */ - if (grp->A.p == NULL) { + if (mbedtls_ecp_group_a_is_minus_3(grp)) { MPI_ECP_SUB_INT(rhs, rhs, 3); } else { MPI_ECP_ADD(rhs, rhs, &grp->A); @@ -1526,7 +1526,7 @@ static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Special case for A = -3 */ - if (grp->A.p == NULL) { + if (mbedtls_ecp_group_a_is_minus_3(grp)) { /* tmp[0] <- M = 3(X + Z^2)(X - Z^2) */ MPI_ECP_SQR(&tmp[1], &P->Z); MPI_ECP_ADD(&tmp[2], &P->X, &tmp[1]); From 0b6d021069266a099bd83c34dc679ac687c2086c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Aug 2023 09:37:11 +0200 Subject: [PATCH 289/339] Adjust presence of warning/link. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - the codegen migration document is already a migration document, so doesn't need the extra warning about work in progress; - the driver interface can use a link to the more practical guide too. Signed-off-by: Manuel Pégourié-Gonnard --- docs/proposed/psa-driver-interface.md | 2 ++ docs/proposed/psa-driver-wrappers-codegen-migration-guide.md | 5 ++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 41f90c9dd..1aa55b3cc 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,6 +5,8 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. +For a practical guide, with a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.html). + ## Introduction ### Purpose of the driver interface diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md index 84c311ca5..67157e5f7 100644 --- a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md +++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md @@ -1,12 +1,11 @@ Migrating to an auto generated psa_crypto_driver_wrappers.c file ================================================================ -**This is a specification of work in progress. The implementation is not yet merged into Mbed TLS.** -For a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.html). - This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.c file. It is meant to give the library user migration guidelines while the Mbed TLS project tides over multiple minor revs of version 1.0, after which this will be merged into psa-driver-interface.md. +For a practical guide with a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.html). + ## Introduction The design of the Driver Wrappers code generation is based on the design proposal https://github.com/Mbed-TLS/mbedtls/pull/5067 From 8550e0f746bdc4aa0b48bf48b083fb3e4dabe7b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Aug 2023 09:39:39 +0200 Subject: [PATCH 290/339] Remove "export_key" from transparent driver json MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Transparent drivers don't have this entry points. Other entry points that are only for opaque drivers are not listed here but only in the opaque_driver.json file, so this was likely a mistake. Signed-off-by: Manuel Pégourié-Gonnard --- .../driver_jsons/mbedtls_test_transparent_driver.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json index 9eb259f65..b9b2d6847 100644 --- a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json +++ b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json @@ -7,7 +7,7 @@ { "_comment": "The Mbed TLS transparent driver supports import key/export key", "mbedtls/c_condition": "defined(PSA_CRYPTO_DRIVER_TEST)", - "entry_points": ["import_key", "export_key"], + "entry_points": ["import_key"], "fallback": true }, { From aa9a15833e713f66da53c2a857082697b1a7eddc Mon Sep 17 00:00:00 2001 From: Chien Wong Date: Wed, 9 Aug 2023 12:33:40 +0800 Subject: [PATCH 291/339] Fix doc Signed-off-by: Chien Wong --- include/mbedtls/ecp.h | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index cd7fd26e2..a89d4d23c 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -196,21 +196,25 @@ mbedtls_ecp_point; * cardinality is denoted by \p N. Our code requires that \p N is an * odd prime as mbedtls_ecp_mul() requires an odd number, and * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. + * * The default implementation only initializes \p A without setting it to the * authentic value for curves with A = -3(SECP256R1, etc), in which - * case you need to load and free \p A by yourself when using domain parameters - * directly, for example: + * case you need to load \p A by yourself when using domain parameters directly, + * for example: * \code + * mbedtls_mpi_init(&A); * mbedtls_ecp_group_init(&grp); * CHECK_RETURN(mbedtls_ecp_group_load(&grp, grp_id)); * if (mbedtls_ecp_group_a_is_minus_3(&grp)) { - * CHECK_RETURN(mbedtls_mpi_sub_int(&grp.A, &grp.P, 3); + * CHECK_RETURN(mbedtls_mpi_sub_int(&A, &grp.P, 3)); + * } else { + * CHECK_RETURN(mbedtls_mpi_copy(&A, &grp.A)); * } * - * access_grp_A_etc(&grp); + * do_something_with_a(&A); * * cleanup: - * mbedtls_mpi_free(&grp.A); + * mbedtls_mpi_free(&A); * mbedtls_ecp_group_free(&grp); * \endcode * @@ -242,9 +246,9 @@ typedef struct mbedtls_ecp_group { mbedtls_mpi P; /*!< The prime modulus of the base field. */ mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. Note that \p A is not set to the authentic value in some cases. - For Montgomery curves: (A + 2) / 4. - Refer to detailed description of mbedtls_ecp_group if - using domain parameters in the structure. */ + Refer to detailed description of ::mbedtls_ecp_group if + using domain parameters in the structure. + For Montgomery curves: (A + 2) / 4. */ mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. For Montgomery curves: unused. */ mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ From a559c05a5b55033bab3267d577f388268a0e7729 Mon Sep 17 00:00:00 2001 From: Chien Wong Date: Wed, 9 Aug 2023 21:49:58 +0800 Subject: [PATCH 292/339] Add changelog Signed-off-by: Chien Wong --- .../improve-doc-on-ecp-curve-optimized-representation.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt diff --git a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt new file mode 100644 index 000000000..8fdc588b1 --- /dev/null +++ b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt @@ -0,0 +1,3 @@ +Features + * The documentation of mbedtls_ecp_group now describes the optimized + representation of A for some curves. Fixes #8045. From f3df105b376de4fd75dca45f99c3d9920d94ce47 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 9 Aug 2023 18:55:41 +0100 Subject: [PATCH 293/339] Generate smaller code for picking a sign value Signed-off-by: Dave Rodgman --- library/bignum.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index f2a864150..13c6d6fa9 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -258,6 +258,10 @@ static inline mbedtls_mpi_uint mpi_sint_abs(mbedtls_mpi_sint z) return (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z; } +/* Convert x to a sign, i.e. to 1, if x is positive, or -1, if x is negative. + * This looks awkward but generates smaller code than (x < 0 ? -1 : 1) */ +#define TO_SIGN(x) ((((mbedtls_mpi_uint)x) >> (biL - 1)) * -2 + 1) + /* * Set value from integer */ @@ -270,7 +274,7 @@ int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z) memset(X->p, 0, X->n * ciL); X->p[0] = mpi_sint_abs(z); - X->s = (z < 0) ? -1 : 1; + X->s = TO_SIGN(z); cleanup: @@ -880,7 +884,7 @@ int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z) MPI_VALIDATE_RET(X != NULL); *p = mpi_sint_abs(z); - Y.s = (z < 0) ? -1 : 1; + Y.s = TO_SIGN(z); Y.n = 1; Y.p = p; @@ -1068,7 +1072,7 @@ int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b MPI_VALIDATE_RET(A != NULL); p[0] = mpi_sint_abs(b); - B.s = (b < 0) ? -1 : 1; + B.s = TO_SIGN(b); B.n = 1; B.p = p; @@ -1086,7 +1090,7 @@ int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b MPI_VALIDATE_RET(A != NULL); p[0] = mpi_sint_abs(b); - B.s = (b < 0) ? -1 : 1; + B.s = TO_SIGN(b); B.n = 1; B.p = p; @@ -1436,7 +1440,7 @@ int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, MPI_VALIDATE_RET(A != NULL); p[0] = mpi_sint_abs(b); - B.s = (b < 0) ? -1 : 1; + B.s = TO_SIGN(b); B.n = 1; B.p = p; From fa703e38a24bf8c2a61c644b375b8c6515778d53 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 9 Aug 2023 18:56:07 +0100 Subject: [PATCH 294/339] Use __builtin_ctz to count trailing zeros Signed-off-by: Dave Rodgman --- library/bignum.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 13c6d6fa9..bf16ec1cf 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -330,16 +330,33 @@ cleanup: */ size_t mbedtls_mpi_lsb(const mbedtls_mpi *X) { - size_t i, j, count = 0; + size_t i; MBEDTLS_INTERNAL_VALIDATE_RET(X != NULL, 0); +#if defined(__has_builtin) +#if (MBEDTLS_MPI_UINT_MAX == UINT_MAX) && __has_builtin(__builtin_ctz) + #define mbedtls_mpi_uint_ctz __builtin_ctz +#elif (MBEDTLS_MPI_UINT_MAX == ULONG_MAX) && __has_builtin(__builtin_ctzl) + #define mbedtls_mpi_uint_ctz __builtin_ctzl +#elif (MBEDTLS_MPI_UINT_MAX == ULLONG_MAX) && __has_builtin(__builtin_ctzll) + #define mbedtls_mpi_uint_ctz __builtin_ctzll +#endif +#endif + +#if defined(mbedtls_mpi_uint_ctz) for (i = 0; i < X->n; i++) { - for (j = 0; j < biL; j++, count++) { + if (X->p[i] != 0) return i * biL + mbedtls_mpi_uint_ctz(X->p[i]); + } +#else + size_t count = 0; + for (i = 0; i < X->n; i++) { + for (size_t j = 0; j < biL; j++, count++) { if (((X->p[i] >> j) & 1) != 0) { return count; } } } +#endif return 0; } From ebcd78561c95c97fc9876a24a55727e89368c169 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 9 Aug 2023 18:56:42 +0100 Subject: [PATCH 295/339] Remove redundant code in mbedtls_mpi_cmp_abs Signed-off-by: Dave Rodgman --- library/bignum.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index bf16ec1cf..d53a484cb 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -817,9 +817,8 @@ int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y) } } - if (i == 0 && j == 0) { - return 0; - } + /* If i == j == 0, i.e. abs(X) == abs(Y), + * we end up returning 0 at the end of the function. */ if (i > j) { return 1; From 4883f109a007afbe5f0901b2cd67891d59ca4623 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 9 Aug 2023 20:17:40 +0100 Subject: [PATCH 296/339] Reduce code size for exp_mod_get_window_size Signed-off-by: Dave Rodgman --- library/bignum_core.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 8bf819ce6..ae0b94ace 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -686,16 +686,16 @@ cleanup: static size_t exp_mod_get_window_size(size_t Ebits) { - size_t wsize = (Ebits > 671) ? 6 : (Ebits > 239) ? 5 : - (Ebits > 79) ? 4 : 1; - -#if (MBEDTLS_MPI_WINDOW_SIZE < 6) - if (wsize > MBEDTLS_MPI_WINDOW_SIZE) { - wsize = MBEDTLS_MPI_WINDOW_SIZE; - } +#if MBEDTLS_MPI_WINDOW_SIZE >= 6 + return (Ebits > 671) ? 6 : (Ebits > 239) ? 5 : (Ebits > 79) ? 4 : 1; +#elif MBEDTLS_MPI_WINDOW_SIZE == 5 + return (Ebits > 239) ? 5 : (Ebits > 79) ? 4 : 1; +#elif MBEDTLS_MPI_WINDOW_SIZE > 1 + return (Ebits > 79) ? MBEDTLS_MPI_WINDOW_SIZE : 1; +#else + (void) Ebits; + return 1; #endif - - return wsize; } size_t mbedtls_mpi_core_exp_mod_working_limbs(size_t AN_limbs, size_t E_limbs) From 960eca997d07ad83843fa5dcdb61642614fabe1f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 9 Aug 2023 20:43:18 +0100 Subject: [PATCH 297/339] code style Signed-off-by: Dave Rodgman --- library/bignum.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index d53a484cb..f02b1ac84 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -260,7 +260,7 @@ static inline mbedtls_mpi_uint mpi_sint_abs(mbedtls_mpi_sint z) /* Convert x to a sign, i.e. to 1, if x is positive, or -1, if x is negative. * This looks awkward but generates smaller code than (x < 0 ? -1 : 1) */ -#define TO_SIGN(x) ((((mbedtls_mpi_uint)x) >> (biL - 1)) * -2 + 1) +#define TO_SIGN(x) ((((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) /* * Set value from integer @@ -345,7 +345,9 @@ size_t mbedtls_mpi_lsb(const mbedtls_mpi *X) #if defined(mbedtls_mpi_uint_ctz) for (i = 0; i < X->n; i++) { - if (X->p[i] != 0) return i * biL + mbedtls_mpi_uint_ctz(X->p[i]); + if (X->p[i] != 0) { + return i * biL + mbedtls_mpi_uint_ctz(X->p[i]); + } } #else size_t count = 0; From ca4c15dd25394dd7d961b41c03f7212f14024299 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 10 Aug 2023 06:41:31 +0200 Subject: [PATCH 298/339] debug: remove redundant variable assignments Signed-off-by: Valerio Setti --- library/debug.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/debug.c b/library/debug.c index 92fe903de..c392f6308 100644 --- a/library/debug.c +++ b/library/debug.c @@ -144,7 +144,6 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, debug_send_line(ssl, level, file, line, str); - idx = 0; memset(txt, 0, sizeof(txt)); for (i = 0; i < len; i++) { if (i >= 4096) { @@ -215,7 +214,6 @@ static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int lev debug_send_line(ssl, level, file, line, str); - idx = 0; for (i = 0; i < len; i++) { if (i >= 4096) { break; From abd00d0be880547c5dbad2039a792d28d4ddf701 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Jun 2023 17:51:33 +0200 Subject: [PATCH 299/339] test: adding new components for testing and driver coverage analysis without BN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 108 ++++++++++++++++++++++++++++++ tests/scripts/analyze_outcomes.py | 55 +++++++++++++++ 2 files changed, 163 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 386a94950..bebad5a07 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2650,6 +2650,114 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { tests/ssl-opt.sh } +# This function is really similar to config_psa_crypto_no_ecp_at_all() above so +# its description is basically the same. The main difference in this case is +# that when the EC built-in implementation is disabled, then also Bignum module +# and its dependencies are disabled as well. +# +# This is the common helper between: +# - component_test_psa_crypto_config_accel_ecc_no_bignum +# - component_test_psa_crypto_config_reference_ecc_no_bignum +config_psa_crypto_config_accel_ecc_no_bignum() { + DRIVER_ONLY="$1" + # start with crypto_full config for maximum coverage (also enables USE_PSA), + # but excluding X509, TLS and key exchanges + helper_libtestdriver1_adjust_config "crypto_full" + + # enable support for drivers and configuring PSA-only algorithms + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + if [ "$DRIVER_ONLY" -eq 1 ]; then + # Disable modules that are accelerated + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_ECDH_C + scripts/config.py unset MBEDTLS_ECJPAKE_C + # Disable ECP module (entirely) + scripts/config.py unset MBEDTLS_ECP_C + # TODO: bignum + fi + + # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) + scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED + scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + + # Restartable feature is not yet supported by PSA. Once it will in + # the future, the following line could be removed (see issues + # 6061, 6332 and following ones) + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE +} + +# Build and test a configuration where driver accelerates all EC algs while +# all support and dependencies from ECP and ECP_LIGHT are removed on the library +# side. +# +# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_bignum() +component_test_psa_crypto_config_accel_ecc_no_bignum () { + msg "build: crypto_full + accelerated EC algs + USE_PSA - ECP" + + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ + ALG_ECDH \ + ALG_JPAKE \ + KEY_TYPE_ECC_KEY_PAIR_BASIC \ + KEY_TYPE_ECC_KEY_PAIR_IMPORT \ + KEY_TYPE_ECC_KEY_PAIR_EXPORT \ + KEY_TYPE_ECC_KEY_PAIR_GENERATE \ + KEY_TYPE_ECC_PUBLIC_KEY" + + # Configure + # --------- + + # Set common configurations between library's and driver's builds + config_psa_crypto_config_accel_ecc_no_bignum 1 + + # Build + # ----- + + # Things we wanted supported in libtestdriver1, but not accelerated in the main library: + # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. + loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + + helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" + + helper_libtestdriver1_make_main "$loc_accel_list" + + # Make sure any built-in EC alg was not re-enabled by accident (additive config) + not grep mbedtls_ecdsa_ library/ecdsa.o + not grep mbedtls_ecdh_ library/ecdh.o + not grep mbedtls_ecjpake_ library/ecjpake.o + # Also ensure that ECP or RSA modules were not re-enabled + not grep mbedtls_ecp_ library/ecp.o + + # Run the tests + # ------------- + + msg "test suites: crypto_full + accelerated EC algs + USE_PSA - ECP" + make test + + # The following will be enabled in #7756 + #msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP" + #tests/ssl-opt.sh +} + +# Reference function used for driver's coverage analysis in analyze_outcomes.py +# in conjunction with component_test_psa_crypto_config_accel_ecc_no_bignum(). +# Keep in sync with its accelerated counterpart. +component_test_psa_crypto_config_reference_ecc_no_bignum () { + msg "build: crypto_full + non accelerated EC algs + USE_PSA" + + config_psa_crypto_config_accel_ecc_no_bignum 0 + + make + + msg "test suites: crypto_full + non accelerated EC algs + USE_PSA" + make test + + # The following will be enabled in #7756 + #msg "ssl-opt: full + non accelerated EC algs + USE_PSA" + #tests/ssl-opt.sh +} + # Helper function used in: # - component_test_psa_crypto_config_accel_all_curves_except_p192 # - component_test_psa_crypto_config_accel_all_curves_except_x25519 diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index f3a14a9d4..bb0c4509b 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -310,6 +310,61 @@ TASKS = { } } }, + 'analyze_driver_vs_reference_no_bignum': { + 'test_function': do_analyze_driver_vs_reference, + 'args': { + 'component_ref': 'test_psa_crypto_config_reference_ecc_no_bignum', + 'component_driver': 'test_psa_crypto_config_accel_ecc_no_bignum', + 'ignored_suites': [ + # Ignore test suites for the modules that are disabled in the + # accelerated test case. + 'ecp', + 'ecdsa', + 'ecdh', + 'ecjpake', + ], + 'ignored_tests': { + 'test_suite_random': [ + 'PSA classic wrapper: ECDSA signature (SECP256R1)', + ], + 'test_suite_psa_crypto': [ + 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1', + 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)', + ], + 'test_suite_pkparse': [ + # See the description provided above in the + # analyze_driver_vs_reference_no_ecp_at_all component. + 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)', + 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)', + 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)', + 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)', + 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)', + 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)', + 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)', + 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)', + 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)', + 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)', + 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)', + 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)', + 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)', + 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)', + 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)', + 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)', + ], + } + } + }, 'analyze_driver_vs_reference_ffdh_alg': { 'test_function': do_analyze_driver_vs_reference, 'args': { From 7dccb66d4944bbcdec024303b7d597511964e6ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Jun 2023 18:28:42 +0200 Subject: [PATCH 300/339] test: disable RSA support on the test ecc_no_bignum component MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 3 ++- library/pkparse.c | 2 +- library/pkwrite.h | 4 ++-- tests/scripts/all.sh | 23 +++++++++++++++++++++++ 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7a8797107..e503fdff5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -425,7 +425,8 @@ #endif #if defined(MBEDTLS_PK_C) && \ - !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_LIGHT) + !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_LIGHT) && \ + !( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) #error "MBEDTLS_PK_C defined, but not all prerequisites" #endif diff --git a/library/pkparse.c b/library/pkparse.c index f03ace261..78eb4bc62 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -34,7 +34,7 @@ #include "mbedtls/rsa.h" #endif #include "mbedtls/ecp.h" -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pkwrite.h" #endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) diff --git a/library/pkwrite.h b/library/pkwrite.h index aa2f17b02..bc40437d5 100644 --- a/library/pkwrite.h +++ b/library/pkwrite.h @@ -85,7 +85,7 @@ * + 2 * ECP_MAX (coords) [1] * } */ -#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES (30 + 2 * MBEDTLS_ECP_MAX_BYTES) +#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES (30 + 2 * 66) /* * EC private keys: @@ -96,7 +96,7 @@ * publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above * } */ -#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES) +#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * 66) #else /* MBEDTLS_PK_HAVE_ECC_KEYS */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bebad5a07..295c34ab5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2681,6 +2681,29 @@ config_psa_crypto_config_accel_ecc_no_bignum() { scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + # RSA support is intentionally disabled on this test because RSA_C depends + # on BIGNUM_C. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do + scripts/config.py -f include/psa/crypto_config.h unset $ALG + done + scripts/config.py unset MBEDTLS_RSA_C + scripts/config.py unset MBEDTLS_PKCS1_V15 + scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT + # Also disable key exchanges that depend on RSA + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + + # TODO: DHM and its reverse deps + # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues # 6061, 6332 and following ones) From 06aebe4995e753f4bf8b0a9b758942e55f8c4478 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Jun 2023 18:33:34 +0200 Subject: [PATCH 301/339] test: disable FFDH support on the test ecc_no_bignum component Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 295c34ab5..9823e420a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2702,7 +2702,17 @@ config_psa_crypto_config_accel_ecc_no_bignum() { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - # TODO: DHM and its reverse deps + # Disable FFDH because it also depends on BIGNUM. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY + scripts/config.py unset MBEDTLS_DHM_C + # Also disable key exchanges that depend on FFDH + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues @@ -2749,8 +2759,10 @@ component_test_psa_crypto_config_accel_ecc_no_bignum () { not grep mbedtls_ecdsa_ library/ecdsa.o not grep mbedtls_ecdh_ library/ecdh.o not grep mbedtls_ecjpake_ library/ecjpake.o - # Also ensure that ECP or RSA modules were not re-enabled + # Also ensure that ECP, RSA, or DHM modules were not re-enabled not grep mbedtls_ecp_ library/ecp.o + not grep mbedtls_rsa_ library/rsa.o + not grep mbedtls_dhm_ library/dhm.o # Run the tests # ------------- From 660bbf24707afdf2bdd069950aeec504edd1976d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Jun 2023 18:42:40 +0200 Subject: [PATCH 302/339] test: disable BIGNUM support on the test ecc_no_bignum component Signed-off-by: Valerio Setti --- programs/pkey/gen_key.c | 7 ++++++- programs/pkey/key_app_writer.c | 6 ++++++ tests/scripts/all.sh | 4 +++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 9bee27505..99e88505c 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -180,7 +180,9 @@ int main(int argc, char *argv[]) char buf[1024]; int i; char *p, *q; +#if defined(MBEDTLS_RSA_C) mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; +#endif /* MBEDTLS_RSA_C */ mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "gen_key"; @@ -191,10 +193,11 @@ int main(int argc, char *argv[]) /* * Set to sane values */ - +#if defined(MBEDTLS_RSA_C) mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); +#endif /* MBEDTLS_RSA_C */ mbedtls_pk_init(&key); mbedtls_ctr_drbg_init(&ctr_drbg); @@ -409,9 +412,11 @@ exit: #endif } +#if defined(MBEDTLS_RSA_C) mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); +#endif /* MBEDTLS_RSA_C */ mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index e8f3e85a9..179094cb5 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -203,7 +203,9 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; mbedtls_pk_context key; +#if defined(MBEDTLS_RSA_C) mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; +#endif /* MBEDTLS_RSA_C */ /* * Set to sane values @@ -225,9 +227,11 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_RSA_C) mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); +#endif /* MBEDTLS_RSA_C */ if (argc < 2) { usage: @@ -423,9 +427,11 @@ exit: #endif } +#if defined(MBEDTLS_RSA_C) mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); +#endif /* MBEDTLS_RSA_C */ mbedtls_pk_free(&key); diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9823e420a..38fbc2bf5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2673,7 +2673,8 @@ config_psa_crypto_config_accel_ecc_no_bignum() { scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C - # TODO: bignum + # Also disable bignum + scripts/config.py unset MBEDTLS_BIGNUM_C fi # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) @@ -2763,6 +2764,7 @@ component_test_psa_crypto_config_accel_ecc_no_bignum () { not grep mbedtls_ecp_ library/ecp.o not grep mbedtls_rsa_ library/rsa.o not grep mbedtls_dhm_ library/dhm.o + not grep mbedtls_mpi_ library/bignum.o # Run the tests # ------------- From 9b3dbcc2e31964d7d321d1a0672fe31a5e10c2e7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 26 Jul 2023 18:00:31 +0200 Subject: [PATCH 303/339] analyze_outcomes: skip tests that unavoidably depend on bignum Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index bb0c4509b..ee51513b7 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -322,6 +322,12 @@ TASKS = { 'ecdsa', 'ecdh', 'ecjpake', + 'bignum_core', + 'bignum_random', + 'bignum_mod', + 'bignum_mod_raw', + 'bignum.generated', + 'bignum.misc', ], 'ignored_tests': { 'test_suite_random': [ @@ -362,6 +368,28 @@ TASKS = { 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)', 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)', ], + 'test_suite_asn1parse': [ + # This test depends on BIGNUM_C + 'INTEGER too large for mpi', + ], + 'test_suite_asn1write': [ + # Following tests depends on BIGNUM_C + 'ASN.1 Write mpi 0 (1 limb)', + 'ASN.1 Write mpi 0 (null)', + 'ASN.1 Write mpi 0x100', + 'ASN.1 Write mpi 0x7f', + 'ASN.1 Write mpi 0x7f with leading 0 limb', + 'ASN.1 Write mpi 0x80', + 'ASN.1 Write mpi 0x80 with leading 0 limb', + 'ASN.1 Write mpi 0xff', + 'ASN.1 Write mpi 1', + 'ASN.1 Write mpi, 127*8 bits', + 'ASN.1 Write mpi, 127*8+1 bits', + 'ASN.1 Write mpi, 127*8-1 bits', + 'ASN.1 Write mpi, 255*8 bits', + 'ASN.1 Write mpi, 255*8-1 bits', + 'ASN.1 Write mpi, 256*8-1 bits', + ], } } }, From c5d85e5eade217d39f09d33c6f3969c18e49fb67 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 26 Jul 2023 18:12:23 +0200 Subject: [PATCH 304/339] test: remove BIGNUM dependencies from pk[parse/write] suites Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkparse.function | 2 +- tests/suites/test_suite_pkwrite.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 7947d3c9f..0d9a0c8fc 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -8,7 +8,7 @@ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_BIGNUM_C + * depends_on:MBEDTLS_PK_PARSE_C * END_DEPENDENCIES */ diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index e1be52ef4..37c06c85d 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -144,7 +144,7 @@ exit: /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO + * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_FS_IO * END_DEPENDENCIES */ From fe7d96cff7feb1593686c1268157071622215232 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 11:59:22 +0200 Subject: [PATCH 305/339] test: minor optimizations to ecc_no_bignum components Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 38fbc2bf5..1342e2eb0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2684,10 +2684,9 @@ config_psa_crypto_config_accel_ecc_no_bignum() { # RSA support is intentionally disabled on this test because RSA_C depends # on BIGNUM_C. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE + for KT in $(sed -n 's/^#define \(PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do + scripts/config.py -f include/psa/crypto_config.h unset $KT + done scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do scripts/config.py -f include/psa/crypto_config.h unset $ALG @@ -2705,10 +2704,9 @@ config_psa_crypto_config_accel_ecc_no_bignum() { # Disable FFDH because it also depends on BIGNUM. scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE + for KT in $(sed -n 's/^#define \(PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do + scripts/config.py -f include/psa/crypto_config.h unset $KT + done scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY scripts/config.py unset MBEDTLS_DHM_C # Also disable key exchanges that depend on FFDH @@ -2760,7 +2758,7 @@ component_test_psa_crypto_config_accel_ecc_no_bignum () { not grep mbedtls_ecdsa_ library/ecdsa.o not grep mbedtls_ecdh_ library/ecdh.o not grep mbedtls_ecjpake_ library/ecjpake.o - # Also ensure that ECP, RSA, or DHM modules were not re-enabled + # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled not grep mbedtls_ecp_ library/ecp.o not grep mbedtls_rsa_ library/rsa.o not grep mbedtls_dhm_ library/dhm.o From 97b28f81d8a1f243f7cb6af500e7c74664e16eb2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 12:02:14 +0200 Subject: [PATCH 306/339] pkparse: remove unnecessary header Signed-off-by: Valerio Setti --- library/pkparse.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 78eb4bc62..fe01a1149 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -34,9 +34,6 @@ #include "mbedtls/rsa.h" #endif #include "mbedtls/ecp.h" -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS) -#include "pkwrite.h" -#endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pk_internal.h" #endif From a7c9e09dd0f59ee6a6773d71e34f6f5180605dae Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 14:39:50 +0200 Subject: [PATCH 307/339] pkwrite: add new internal symbol to properly size DER buffer Signed-off-by: Valerio Setti --- library/pkwrite.h | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/library/pkwrite.h b/library/pkwrite.h index bc40437d5..8cfa64b8e 100644 --- a/library/pkwrite.h +++ b/library/pkwrite.h @@ -27,6 +27,10 @@ #include "mbedtls/pk.h" +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "psa/crypto.h" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Max sizes of key per types. Shown as tag + len (+ content). */ @@ -74,6 +78,19 @@ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) + +/* Find the maximum number of bytes necessary to store an EC point. When USE_PSA + * is defined this means looking for the maximum between PSA and built-in + * supported curves. */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define MBEDTLS_PK_MAX_ECC_BYTES (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + MBEDTLS_ECP_MAX_BYTES ? \ + PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) : \ + MBEDTLS_ECP_MAX_BYTES) +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#define MBEDTLS_PK_MAX_ECC_BYTES MBEDTLS_ECP_MAX_BYTES +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * EC public keys: * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2 @@ -85,7 +102,7 @@ * + 2 * ECP_MAX (coords) [1] * } */ -#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES (30 + 2 * 66) +#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES (30 + 2 * MBEDTLS_PK_MAX_ECC_BYTES) /* * EC private keys: @@ -96,7 +113,7 @@ * publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above * } */ -#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * 66) +#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_PK_MAX_ECC_BYTES) #else /* MBEDTLS_PK_HAVE_ECC_KEYS */ From 7c494e7211437a443872f4caee7eb10b140ed03f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 14:58:53 +0200 Subject: [PATCH 308/339] pk: move PK_HAVE_ECC_KEYS to build_info.h This is usefuls to use PK_HAVE_ECC_KEYS in check_config.h instead of redefining it twice in different ways. Signed-off-by: Valerio Setti --- include/mbedtls/build_info.h | 29 +++++++++++++++++++++++++++++ include/mbedtls/check_config.h | 3 +-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 5b8a40df7..0b1ef1d91 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -208,6 +208,35 @@ #define MBEDTLS_PK_PARSE_C #endif +/* Internal helper to define which fields in the pk_context structure should + * be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) format. + * It should be noticed that this only affect how data is stored, not which + * functions are used for various operations. The overall picture looks like + * this: + * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure + * and legacy functions + * - if USE_PSA is defined and + * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly + * format and use PSA functions + * - if !ECP_C then use new raw data and PSA functions directly. + * + * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long + * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the + * ecp_keypair structure inside the pk_context so he/she can modify it using + * ECP functions which are not under PK module's control. + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ + !defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_USE_PSA_EC_DATA +#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ + +/* Helper symbol to state that the PK module has support for EC keys. This + * can either be provided through the legacy ECP solution or through the + * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_HAVE_ECC_KEYS +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ + /* The following blocks make it easier to disable all of TLS, * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all * key exchanges, options and extensions related to them. */ diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e503fdff5..264c2c938 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -425,8 +425,7 @@ #endif #if defined(MBEDTLS_PK_C) && \ - !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_LIGHT) && \ - !( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) + !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_PK_HAVE_ECC_KEYS) #error "MBEDTLS_PK_C defined, but not all prerequisites" #endif From a8c655edb04998268e7030d3971e19d6c4352aa7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Jul 2023 16:24:19 +0200 Subject: [PATCH 309/339] test: remove redundant code setting MBEDTLS_PSA_CRYPTO_CONFIG Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1342e2eb0..1aa6490c4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2559,8 +2559,6 @@ config_psa_crypto_no_ecp_at_all () { # start with full config for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - # enable support for drivers and configuring PSA-only algorithms - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG if [ "$DRIVER_ONLY" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C @@ -2664,8 +2662,6 @@ config_psa_crypto_config_accel_ecc_no_bignum() { # but excluding X509, TLS and key exchanges helper_libtestdriver1_adjust_config "crypto_full" - # enable support for drivers and configuring PSA-only algorithms - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG if [ "$DRIVER_ONLY" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C From 2e0275d2a10d4833c4ef6069b6f39ee90e6eafd5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Jul 2023 16:33:13 +0200 Subject: [PATCH 310/339] test: use unset-all option in config.py to optimize test code Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 32 +++++++------------------------- 1 file changed, 7 insertions(+), 25 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1aa6490c4..8e468bf29 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1796,9 +1796,7 @@ component_test_everest_curve25519_only () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable all curves - for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do - scripts/config.py unset "$c" - done + scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" @@ -2680,13 +2678,8 @@ config_psa_crypto_config_accel_ecc_no_bignum() { # RSA support is intentionally disabled on this test because RSA_C depends # on BIGNUM_C. - for KT in $(sed -n 's/^#define \(PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - scripts/config.py -f include/psa/crypto_config.h unset $KT - done - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY - for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - scripts/config.py -f include/psa/crypto_config.h unset $ALG - done + scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" + scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" scripts/config.py unset MBEDTLS_RSA_C scripts/config.py unset MBEDTLS_PKCS1_V15 scripts/config.py unset MBEDTLS_PKCS1_V21 @@ -2700,10 +2693,7 @@ config_psa_crypto_config_accel_ecc_no_bignum() { # Disable FFDH because it also depends on BIGNUM. scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH - for KT in $(sed -n 's/^#define \(PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - scripts/config.py -f include/psa/crypto_config.h unset $KT - done - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY + scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" scripts/config.py unset MBEDTLS_DHM_C # Also disable key exchanges that depend on FFDH scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED @@ -2830,14 +2820,8 @@ psa_crypto_config_accel_all_curves_except_one () { scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Disable RSA on the PSA side too - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY - for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - scripts/config.py -f "$CRYPTO_CONFIG_H" unset $ALG - done + scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" + scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" # Also disable key exchanges that depend on RSA scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED @@ -2846,9 +2830,7 @@ psa_crypto_config_accel_all_curves_except_one () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED # Explicitly disable all SW implementation for elliptic curves - for CURVE in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do - scripts/config.py unset "$CURVE" - done + scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" # Just leave SW implementation for the specified curve for allowing to # build with ECP_C. scripts/config.py set $BUILTIN_CURVE From 0f6d565d2656711fe7c7e233872905801be38e1d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Jul 2023 16:42:58 +0200 Subject: [PATCH 311/339] pk: return PK_USE_PSA_EC_DATA to pk.h Signed-off-by: Valerio Setti --- include/mbedtls/build_info.h | 27 +++------------------------ include/mbedtls/pk.h | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 0b1ef1d91..985edd233 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -208,32 +208,11 @@ #define MBEDTLS_PK_PARSE_C #endif -/* Internal helper to define which fields in the pk_context structure should - * be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) format. - * It should be noticed that this only affect how data is stored, not which - * functions are used for various operations. The overall picture looks like - * this: - * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure - * and legacy functions - * - if USE_PSA is defined and - * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly - * format and use PSA functions - * - if !ECP_C then use new raw data and PSA functions directly. - * - * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long - * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the - * ecp_keypair structure inside the pk_context so he/she can modify it using - * ECP functions which are not under PK module's control. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ - !defined(MBEDTLS_ECP_C) -#define MBEDTLS_PK_USE_PSA_EC_DATA -#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ - /* Helper symbol to state that the PK module has support for EC keys. This * can either be provided through the legacy ECP solution or through the - * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C) + * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */ +#if defined(MBEDTLS_ECP_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)) #define MBEDTLS_PK_HAVE_ECC_KEYS #endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index f56c94240..fc0ce7046 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -200,6 +200,28 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_HAVE_ECC_KEYS #endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ +/* Internal helper to define which fields in the pk_context structure below + * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) + * format. It should be noticed that this only affect how data is stored, not + * which functions are used for various operations. The overall picture looks + * like this: + * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure + * and legacy functions + * - if USE_PSA is defined and + * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly + * format and use PSA functions + * - if !ECP_C then use new raw data and PSA functions directly. + * + * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long + * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the + * ecp_keypair structure inside the pk_context so he/she can modify it using + * ECP functions which are not under PK module's control. + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ + !defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_USE_PSA_EC_DATA +#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ + /** * \brief Types for interfacing with the debug module */ From e1d7c9dabd5867722ec24a2ef4c7beadd354197d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 10 Aug 2023 07:40:18 +0200 Subject: [PATCH 312/339] pkwrite: fix internal buffer size in pk_write_ec_pubkey() Signed-off-by: Valerio Setti --- library/pkwrite.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 4ec0b81c5..439428cff 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -165,7 +165,7 @@ static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) { size_t len = 0; - uint8_t buf[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; + uint8_t buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) { From f5a29a5b837cd9b312e677cf1717fb5d2fffed09 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Aug 2023 12:07:49 +0200 Subject: [PATCH 313/339] Remove redundant test component component_test_crypto_full_no_cipher doesn't bring any extra value given the existence of component_test_full_no_cipher. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 386a94950..2db2f400a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1507,30 +1507,6 @@ component_test_full_no_cipher () { make test } -component_test_crypto_full_no_cipher () { - msg "build: crypto_full minus CIPHER" - scripts/config.py crypto_full - scripts/config.py unset MBEDTLS_CIPHER_C - # Direct dependencies - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CMAC_C - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py unset MBEDTLS_PKCS12_C - scripts/config.py unset MBEDTLS_PKCS5_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_C - # Indirect dependencies - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_LMS_C - scripts/config.py unset MBEDTLS_LMS_PRIVATE - make - - msg "test: crypto_full minus CIPHER" - make test -} - component_test_full_no_bignum () { msg "build: full minus bignum" scripts/config.py full From b7825ceb3edcfed059ff8ccbff01d0086263b217 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 10 Aug 2023 11:58:18 +0100 Subject: [PATCH 314/339] Rename uint->bool operators to reflect input types Signed-off-by: Dave Rodgman --- library/bignum.c | 2 +- library/bignum_core.c | 8 ++++---- library/constant_time.c | 4 ++-- library/constant_time_impl.h | 20 +++++++++---------- library/constant_time_internal.h | 15 +++++++------- library/rsa.c | 8 ++++---- library/ssl_msg.c | 12 +++++------ library/ssl_tls12_server.c | 6 +++--- .../suites/test_suite_constant_time.function | 12 +++++------ 9 files changed, 44 insertions(+), 43 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 8a061dfbd..2a7786f4c 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1728,7 +1728,7 @@ static int mpi_select(mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_ for (size_t i = 0; i < T_size; i++) { MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(R, &T[i], - (unsigned char) mbedtls_ct_bool_eq(i, idx))); + (unsigned char) mbedtls_ct_uint_eq(i, idx))); } cleanup: return ret; diff --git a/library/bignum_core.c b/library/bignum_core.c index cae8905c6..157ac078e 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -149,7 +149,7 @@ mbedtls_ct_condition_t mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min, size_t A_limbs) { /* min <= least significant limb? */ - mbedtls_ct_condition_t min_le_lsl = mbedtls_ct_bool_ge(A[0], min); + mbedtls_ct_condition_t min_le_lsl = mbedtls_ct_uint_ge(A[0], min); /* limbs other than the least significant one are all zero? */ mbedtls_ct_condition_t msll_mask = MBEDTLS_CT_FALSE; @@ -176,7 +176,7 @@ mbedtls_ct_condition_t mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = mbedtls_ct_bool_lt(B[i - 1], A[i - 1]); + cond = mbedtls_ct_uint_lt(B[i - 1], A[i - 1]); done = mbedtls_ct_bool_or(done, cond); /* @@ -185,7 +185,7 @@ mbedtls_ct_condition_t mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A, * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = mbedtls_ct_bool_lt(A[i - 1], B[i - 1]); + cond = mbedtls_ct_uint_lt(A[i - 1], B[i - 1]); ret = mbedtls_ct_bool_or(ret, mbedtls_ct_bool_and(cond, mbedtls_ct_bool_not(done))); done = mbedtls_ct_bool_or(done, cond); } @@ -634,7 +634,7 @@ void mbedtls_mpi_core_ct_uint_table_lookup(mbedtls_mpi_uint *dest, size_t index) { for (size_t i = 0; i < count; i++, table += limbs) { - mbedtls_ct_condition_t assign = mbedtls_ct_bool_eq(i, index); + mbedtls_ct_condition_t assign = mbedtls_ct_uint_eq(i, index); mbedtls_mpi_core_cond_assign(dest, table, limbs, assign); } } diff --git a/library/constant_time.c b/library/constant_time.c index d4bd331d2..20e215a79 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -131,7 +131,7 @@ void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) { volatile unsigned char *buf = start; for (size_t i = 0; i < total; i++) { - mbedtls_ct_condition_t no_op = mbedtls_ct_bool_gt(total - offset, i); + mbedtls_ct_condition_t no_op = mbedtls_ct_uint_gt(total - offset, i); /* The first `total - offset` passes are a no-op. The last * `offset` passes shift the data one byte to the left and * zero out the last byte. */ @@ -188,7 +188,7 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, size_t offsetval; for (offsetval = offset_min; offsetval <= offset_max; offsetval++) { - mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offsetval, offset), dest, src + offsetval, NULL, + mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offsetval, offset), dest, src + offsetval, NULL, len); } } diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 1fa655d66..1660c1260 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -143,7 +143,7 @@ static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition, return (mbedtls_ct_uint_t) ((condition & if1) | (not_cond & if0)); } -static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) +static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) { /* Ensure that the compiler cannot optimise the following operations over x and y, * even if it knows the value of x and y. @@ -175,7 +175,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbe return mbedtls_ct_bool(ret); } -static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) +static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) { /* diff = 0 if x == y, non-zero otherwise */ const mbedtls_ct_uint_t diff = mbedtls_ct_compiler_opaque(x) ^ mbedtls_ct_compiler_opaque(y); @@ -252,28 +252,28 @@ static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if0(mbedtls_ct_condition_t co #endif /* MBEDTLS_BIGNUM_C */ -static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x, +static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) { - return ~mbedtls_ct_bool_ne(x, y); + return ~mbedtls_ct_uint_ne(x, y); } -static inline mbedtls_ct_condition_t mbedtls_ct_bool_gt(mbedtls_ct_uint_t x, +static inline mbedtls_ct_condition_t mbedtls_ct_uint_gt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) { - return mbedtls_ct_bool_lt(y, x); + return mbedtls_ct_uint_lt(y, x); } -static inline mbedtls_ct_condition_t mbedtls_ct_bool_ge(mbedtls_ct_uint_t x, +static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) { - return ~mbedtls_ct_bool_lt(x, y); + return ~mbedtls_ct_uint_lt(x, y); } -static inline mbedtls_ct_condition_t mbedtls_ct_bool_le(mbedtls_ct_uint_t x, +static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) { - return ~mbedtls_ct_bool_gt(x, y); + return ~mbedtls_ct_uint_gt(x, y); } static inline mbedtls_ct_condition_t mbedtls_ct_bool_xor(mbedtls_ct_condition_t x, diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 6d549f16f..dc4c5f921 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -37,10 +37,11 @@ * It has three main parts: * * - boolean operations - * These are all named mbedtls_ct_bool_, and operate over + * These are all named mbedtls_ct__, and operate over * mbedtls_ct_condition_t. * All arguments are considered secret. * example: bool x = y | z => x = mbedtls_ct_bool_or(y, z) + * example: bool x = y == z => x = mbedtls_ct_uint_eq(y, z) * * - conditional data selection * These are all named mbedtls_ct__if and mbedtls_ct__if0 @@ -118,7 +119,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x); * * \return MBEDTLS_CT_TRUE if \p x != \p y, otherwise MBEDTLS_CT_FALSE. */ -static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y); +static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y); /** Boolean "equals" operation. * @@ -131,7 +132,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_uint_t x, mbe * * \return MBEDTLS_CT_TRUE if \p x == \p y, otherwise MBEDTLS_CT_FALSE. */ -static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x, +static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y); /** Boolean "less than" operation. @@ -145,7 +146,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x, * * \return MBEDTLS_CT_TRUE if \p x < \p y, otherwise MBEDTLS_CT_FALSE. */ -static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y); +static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y); /** Boolean "greater than" operation. * @@ -158,7 +159,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbe * * \return MBEDTLS_CT_TRUE if \p x > \p y, otherwise MBEDTLS_CT_FALSE. */ -static inline mbedtls_ct_condition_t mbedtls_ct_bool_gt(mbedtls_ct_uint_t x, +static inline mbedtls_ct_condition_t mbedtls_ct_uint_gt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y); /** Boolean "greater or equal" operation. @@ -173,7 +174,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_gt(mbedtls_ct_uint_t x, * \return MBEDTLS_CT_TRUE if \p x >= \p y, * otherwise MBEDTLS_CT_FALSE. */ -static inline mbedtls_ct_condition_t mbedtls_ct_bool_ge(mbedtls_ct_uint_t x, +static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y); /** Boolean "less than or equal" operation. @@ -188,7 +189,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_ge(mbedtls_ct_uint_t x, * \return MBEDTLS_CT_TRUE if \p x <= \p y, * otherwise MBEDTLS_CT_FALSE. */ -static inline mbedtls_ct_condition_t mbedtls_ct_bool_le(mbedtls_ct_uint_t x, +static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y); /** Boolean "xor" operation. diff --git a/library/rsa.c b/library/rsa.c index 182ab21dc..65caf901b 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -120,13 +120,13 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00 * where PS must be at least 8 nonzero bytes. */ - bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_ne(input[1], MBEDTLS_RSA_CRYPT)); + bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_ne(input[1], MBEDTLS_RSA_CRYPT)); /* Read the whole buffer. Set pad_done to nonzero if we find * the 0x00 byte and remember the padding length in pad_count. */ pad_done = MBEDTLS_CT_FALSE; for (i = 2; i < ilen; i++) { - mbedtls_ct_condition_t found = mbedtls_ct_bool_eq(input[i], 0); + mbedtls_ct_condition_t found = mbedtls_ct_uint_eq(input[i], 0); pad_done = mbedtls_ct_bool_or(pad_done, found); pad_count += mbedtls_ct_uint_if0(mbedtls_ct_bool_not(pad_done), 1); } @@ -135,7 +135,7 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_not(pad_done)); /* There must be at least 8 bytes of padding. */ - bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_gt(8, pad_count)); + bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_gt(8, pad_count)); /* If the padding is valid, set plaintext_size to the number of * remaining bytes after stripping the padding. If the padding @@ -150,7 +150,7 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, /* Set output_too_large to 0 if the plaintext fits in the output * buffer and to 1 otherwise. */ - output_too_large = mbedtls_ct_bool_gt(plaintext_size, + output_too_large = mbedtls_ct_uint_gt(plaintext_size, plaintext_max_size); /* Set ret without branches to avoid timing attacks. Return: diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 72d5f3275..a72500256 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -257,7 +257,7 @@ int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, MD_CHK(mbedtls_md_clone(&aux, ctx)); MD_CHK(mbedtls_md_finish(&aux, aux_out)); /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offset, data_len_secret), + mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offset, data_len_secret), output, aux_out, NULL, hash_size); if (offset < max_data_len) { @@ -1918,7 +1918,7 @@ hmac_failed_etm_enabled: padlen = data[rec->data_len - 1]; if (auth_done == 1) { - const mbedtls_ct_condition_t ge = mbedtls_ct_bool_ge( + const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge( rec->data_len, padlen + 1); correct = mbedtls_ct_size_if0(ge, correct); @@ -1934,7 +1934,7 @@ hmac_failed_etm_enabled: padlen + 1)); } #endif - const mbedtls_ct_condition_t ge = mbedtls_ct_bool_ge( + const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge( rec->data_len, transform->maclen + padlen + 1); correct = mbedtls_ct_size_if0(ge, correct); @@ -1967,13 +1967,13 @@ hmac_failed_etm_enabled: /* pad_count += (idx >= padding_idx) && * (check[idx] == padlen - 1); */ - const mbedtls_ct_condition_t a = mbedtls_ct_bool_ge(idx, padding_idx); + const mbedtls_ct_condition_t a = mbedtls_ct_uint_ge(idx, padding_idx); size_t increment = mbedtls_ct_size_if0(a, 1); - const mbedtls_ct_condition_t b = mbedtls_ct_bool_eq(check[idx], padlen - 1); + const mbedtls_ct_condition_t b = mbedtls_ct_uint_eq(check[idx], padlen - 1); increment = mbedtls_ct_size_if0(b, increment); pad_count += increment; } - correct = mbedtls_ct_size_if0(mbedtls_ct_bool_eq(pad_count, padlen), padlen); + correct = mbedtls_ct_size_if0(mbedtls_ct_uint_eq(pad_count, padlen), padlen); #if defined(MBEDTLS_SSL_DEBUG_ALL) if (padlen > 0 && correct == 0) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 8d0129b33..34ac0912a 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3537,9 +3537,9 @@ static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, * padding, to protect against timing-based Bleichenbacher-type * attacks. */ diff = mbedtls_ct_bool(ret); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pmslen, 48)); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pms[0], ver[0])); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pms[1], ver[1])); + diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48)); + diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0])); + diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1])); /* * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index 7cf69937b..80cba7930 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -60,22 +60,22 @@ void mbedtls_ct_bool_xxx(char *x_str, char *y_str) TEST_EQUAL(mbedtls_ct_bool_not(mbedtls_ct_bool(x)), expected); expected = x1 != y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; - TEST_EQUAL(mbedtls_ct_bool_ne(x, y), expected); + TEST_EQUAL(mbedtls_ct_uint_ne(x, y), expected); expected = x1 == y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; - TEST_EQUAL(mbedtls_ct_bool_eq(x, y), expected); + TEST_EQUAL(mbedtls_ct_uint_eq(x, y), expected); expected = x1 > y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; - TEST_EQUAL(mbedtls_ct_bool_gt(x, y), expected); + TEST_EQUAL(mbedtls_ct_uint_gt(x, y), expected); expected = x1 < y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; - TEST_EQUAL(mbedtls_ct_bool_lt(x, y), expected); + TEST_EQUAL(mbedtls_ct_uint_lt(x, y), expected); expected = x1 >= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; - TEST_EQUAL(mbedtls_ct_bool_ge(x, y), expected); + TEST_EQUAL(mbedtls_ct_uint_ge(x, y), expected); expected = x1 <= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; - TEST_EQUAL(mbedtls_ct_bool_le(x, y), expected); + TEST_EQUAL(mbedtls_ct_uint_le(x, y), expected); expected = (!!x1) ^ (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE; TEST_EQUAL(mbedtls_ct_bool_xor(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected); From 98ddc01a7c9b2d09e7874a696d3ac620a70c032f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 10 Aug 2023 12:11:31 +0100 Subject: [PATCH 315/339] Rename ...if0 to ...else_0 Signed-off-by: Dave Rodgman --- library/bignum.c | 6 +++--- library/bignum_core.c | 2 +- library/constant_time.c | 2 +- library/constant_time_impl.h | 8 ++++---- library/constant_time_internal.h | 6 +++--- library/rsa.c | 4 ++-- library/ssl_msg.c | 16 ++++++++-------- tests/suites/test_suite_constant_time.function | 4 ++-- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 2a7786f4c..10bb4312a 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -94,7 +94,7 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, /* This array is used to conditionally swap the pointers in const time */ void * const p[2] = { X->p, Y->p }; - size_t i = mbedtls_ct_size_if0(X_is_negative, 1); + size_t i = mbedtls_ct_size_if_else_0(X_is_negative, 1); mbedtls_ct_condition_t lt = mbedtls_mpi_core_lt_ct(p[i], p[i ^ 1], X->n); /* @@ -104,7 +104,7 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, result = mbedtls_ct_bool_or(result, mbedtls_ct_bool_and(mbedtls_ct_bool_not(different_sign), lt)); - *ret = mbedtls_ct_uint_if0(result, 1); + *ret = mbedtls_ct_uint_if_else_0(result, 1); return 0; } @@ -139,7 +139,7 @@ int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign); for (size_t i = Y->n; i < X->n; i++) { - X->p[i] = mbedtls_ct_mpi_uint_if0(do_not_assign, X->p[i]); + X->p[i] = mbedtls_ct_mpi_uint_if_else_0(do_not_assign, X->p[i]); } cleanup: diff --git a/library/bignum_core.c b/library/bignum_core.c index 157ac078e..a3c54036f 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -463,7 +463,7 @@ mbedtls_mpi_uint mbedtls_mpi_core_add_if(mbedtls_mpi_uint *X, mbedtls_ct_condition_t do_add = mbedtls_ct_bool(cond); for (size_t i = 0; i < limbs; i++) { - mbedtls_mpi_uint add = mbedtls_ct_mpi_uint_if0(do_add, A[i]); + mbedtls_mpi_uint add = mbedtls_ct_mpi_uint_if_else_0(do_add, A[i]); mbedtls_mpi_uint t = c + X[i]; c = (t < X[i]); t += add; diff --git a/library/constant_time.c b/library/constant_time.c index 20e215a79..86cc066b0 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -140,7 +140,7 @@ void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) unsigned char next = buf[n+1]; buf[n] = mbedtls_ct_uint_if(no_op, current, next); } - buf[total-1] = mbedtls_ct_uint_if0(no_op, buf[total-1]); + buf[total-1] = mbedtls_ct_uint_if_else_0(no_op, buf[total-1]); } } diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 1660c1260..0c3cde99d 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -232,20 +232,20 @@ static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t con #endif -static inline size_t mbedtls_ct_size_if0(mbedtls_ct_condition_t condition, size_t if1) +static inline size_t mbedtls_ct_size_if_else_0(mbedtls_ct_condition_t condition, size_t if1) { return (size_t) (condition & if1); } -static inline unsigned mbedtls_ct_uint_if0(mbedtls_ct_condition_t condition, unsigned if1) +static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t condition, unsigned if1) { return (unsigned) (condition & if1); } #if defined(MBEDTLS_BIGNUM_C) -static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if0(mbedtls_ct_condition_t condition, - mbedtls_mpi_uint if1) +static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0(mbedtls_ct_condition_t condition, + mbedtls_mpi_uint if1) { return (mbedtls_mpi_uint) (condition & if1); } diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index dc4c5f921..664ee5af5 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -323,7 +323,7 @@ static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t con * * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0. */ -static inline unsigned mbedtls_ct_uint_if0(mbedtls_ct_condition_t condition, unsigned if1); +static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t condition, unsigned if1); #if defined(MBEDTLS_BIGNUM_C) @@ -341,8 +341,8 @@ static inline unsigned mbedtls_ct_uint_if0(mbedtls_ct_condition_t condition, uns * * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0. */ -static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if0(mbedtls_ct_condition_t condition, - mbedtls_mpi_uint if1); +static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0(mbedtls_ct_condition_t condition, + mbedtls_mpi_uint if1); #endif diff --git a/library/rsa.c b/library/rsa.c index 65caf901b..d0782f53c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -128,7 +128,7 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, for (i = 2; i < ilen; i++) { mbedtls_ct_condition_t found = mbedtls_ct_uint_eq(input[i], 0); pad_done = mbedtls_ct_bool_or(pad_done, found); - pad_count += mbedtls_ct_uint_if0(mbedtls_ct_bool_not(pad_done), 1); + pad_count += mbedtls_ct_uint_if_else_0(mbedtls_ct_bool_not(pad_done), 1); } /* If pad_done is still zero, there's no data, only unfinished padding. */ @@ -161,7 +161,7 @@ static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, ret = -(int) mbedtls_ct_uint_if( bad, (unsigned) (-(MBEDTLS_ERR_RSA_INVALID_PADDING)), - mbedtls_ct_uint_if0( + mbedtls_ct_uint_if_else_0( output_too_large, (unsigned) (-(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE))) ); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a72500256..1a9c17e29 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1921,8 +1921,8 @@ hmac_failed_etm_enabled: const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge( rec->data_len, padlen + 1); - correct = mbedtls_ct_size_if0(ge, correct); - padlen = mbedtls_ct_size_if0(ge, padlen); + correct = mbedtls_ct_size_if_else_0(ge, correct); + padlen = mbedtls_ct_size_if_else_0(ge, padlen); } else { #if defined(MBEDTLS_SSL_DEBUG_ALL) if (rec->data_len < transform->maclen + padlen + 1) { @@ -1937,8 +1937,8 @@ hmac_failed_etm_enabled: const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge( rec->data_len, transform->maclen + padlen + 1); - correct = mbedtls_ct_size_if0(ge, correct); - padlen = mbedtls_ct_size_if0(ge, padlen); + correct = mbedtls_ct_size_if_else_0(ge, correct); + padlen = mbedtls_ct_size_if_else_0(ge, padlen); } padlen++; @@ -1968,19 +1968,19 @@ hmac_failed_etm_enabled: * (check[idx] == padlen - 1); */ const mbedtls_ct_condition_t a = mbedtls_ct_uint_ge(idx, padding_idx); - size_t increment = mbedtls_ct_size_if0(a, 1); + size_t increment = mbedtls_ct_size_if_else_0(a, 1); const mbedtls_ct_condition_t b = mbedtls_ct_uint_eq(check[idx], padlen - 1); - increment = mbedtls_ct_size_if0(b, increment); + increment = mbedtls_ct_size_if_else_0(b, increment); pad_count += increment; } - correct = mbedtls_ct_size_if0(mbedtls_ct_uint_eq(pad_count, padlen), padlen); + correct = mbedtls_ct_size_if_else_0(mbedtls_ct_uint_eq(pad_count, padlen), padlen); #if defined(MBEDTLS_SSL_DEBUG_ALL) if (padlen > 0 && correct == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected")); } #endif - padlen = mbedtls_ct_size_if0(mbedtls_ct_bool(correct), padlen); + padlen = mbedtls_ct_size_if_else_0(mbedtls_ct_bool(correct), padlen); #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index 80cba7930..a8ba575cf 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -135,9 +135,9 @@ void mbedtls_ct_if(char *c_str, char *t_str, char *f_str) TEST_EQUAL(mbedtls_ct_mpi_uint_if(c, t, f), (mbedtls_mpi_uint) expected); #endif - TEST_EQUAL(mbedtls_ct_uint_if0(c, t), (unsigned) expected0); + TEST_EQUAL(mbedtls_ct_uint_if_else_0(c, t), (unsigned) expected0); #if defined(MBEDTLS_BIGNUM_C) - TEST_EQUAL(mbedtls_ct_mpi_uint_if0(c, t), (mbedtls_mpi_uint) expected0); + TEST_EQUAL(mbedtls_ct_mpi_uint_if_else_0(c, t), (mbedtls_mpi_uint) expected0); #endif TEST_CF_PUBLIC(&c, sizeof(c)); From 065f91246532340df88deae8f7620451ef9529bf Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 10 Aug 2023 12:11:58 +0100 Subject: [PATCH 316/339] Fix comment typo Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 664ee5af5..23caa244e 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -315,7 +315,7 @@ static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t con * * condition ? if1 : 0. * - * Functionally equivalent tombedtls_ct_uint_if(condition, if1, 0) but + * Functionally equivalent to mbedtls_ct_uint_if(condition, if1, 0) but * results in smaller code size. * * \param condition Condition to test. @@ -333,7 +333,7 @@ static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t conditio * * condition ? if1 : 0. * - * Functionally equivalent tombedtls_ct_mpi_uint_if(condition, if1, 0) but + * Functionally equivalent to mbedtls_ct_mpi_uint_if(condition, if1, 0) but * results in smaller code size. * * \param condition Condition to test. From ac69b4548697d8bb01df958029b40b7905d19cd7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 10 Aug 2023 12:13:27 +0100 Subject: [PATCH 317/339] Document and test mbedtls_ct_size_if_else_0 Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 16 ++++++++++++++++ tests/suites/test_suite_constant_time.function | 1 + 2 files changed, 17 insertions(+) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 23caa244e..b6c7ecb21 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -325,6 +325,22 @@ static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t con */ static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t condition, unsigned if1); +/** Choose between an unsigned value and 0. + * + * Functionally equivalent to: + * + * condition ? if1 : 0. + * + * Functionally equivalent to mbedtls_ct_size_if(condition, if1, 0) but + * results in smaller code size. + * + * \param condition Condition to test. + * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE. + * + * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0. + */ +static inline size_t mbedtls_ct_size_if_else_0(mbedtls_ct_condition_t condition, size_t if1); + #if defined(MBEDTLS_BIGNUM_C) /** Choose between an mbedtls_mpi_uint value and 0. diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index a8ba575cf..0e2cfdc0c 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -136,6 +136,7 @@ void mbedtls_ct_if(char *c_str, char *t_str, char *f_str) #endif TEST_EQUAL(mbedtls_ct_uint_if_else_0(c, t), (unsigned) expected0); + TEST_EQUAL(mbedtls_ct_size_if_else_0(c, (size_t) t), (size_t) expected0); #if defined(MBEDTLS_BIGNUM_C) TEST_EQUAL(mbedtls_ct_mpi_uint_if_else_0(c, t), (mbedtls_mpi_uint) expected0); #endif From 38b227c16beb91f930d0cf661a1075c36b3ba8aa Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 10 Aug 2023 12:18:27 +0100 Subject: [PATCH 318/339] Improve docs Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index b6c7ecb21..9f5b1305f 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -37,8 +37,8 @@ * It has three main parts: * * - boolean operations - * These are all named mbedtls_ct__, and operate over - * mbedtls_ct_condition_t. + * These are all named mbedtls_ct__. + * They operate over and return mbedtls_ct_condition_t. * All arguments are considered secret. * example: bool x = y | z => x = mbedtls_ct_bool_or(y, z) * example: bool x = y == z => x = mbedtls_ct_uint_eq(y, z) From b364a22adf6a937f0593158822f38385ee2c7bd2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 10 Aug 2023 12:25:25 +0100 Subject: [PATCH 319/339] Fix mbedtls_ct_size_if_else_0 docs Co-authored-by: Tom Cosgrove Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 9f5b1305f..647b664e8 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -325,7 +325,7 @@ static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t con */ static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t condition, unsigned if1); -/** Choose between an unsigned value and 0. +/** Choose between a size_t value and 0. * * Functionally equivalent to: * From 29c1b4d04a6a8c8c142f9a45d7ffb46da805e731 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 10:08:45 +0200 Subject: [PATCH 320/339] test: enable X509 testing in ecc_no_bignum component Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8e468bf29..2afc18166 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2656,9 +2656,10 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { # - component_test_psa_crypto_config_reference_ecc_no_bignum config_psa_crypto_config_accel_ecc_no_bignum() { DRIVER_ONLY="$1" - # start with crypto_full config for maximum coverage (also enables USE_PSA), - # but excluding X509, TLS and key exchanges - helper_libtestdriver1_adjust_config "crypto_full" + # start with full config for maximum coverage (also enables USE_PSA), + # but keep TLS and key exchanges disabled + helper_libtestdriver1_adjust_config "full" + scripts/config.py unset MBEDTLS_SSL_TLS_C if [ "$DRIVER_ONLY" -eq 1 ]; then # Disable modules that are accelerated @@ -2711,7 +2712,7 @@ config_psa_crypto_config_accel_ecc_no_bignum() { # # Keep in sync with component_test_psa_crypto_config_reference_ecc_no_bignum() component_test_psa_crypto_config_accel_ecc_no_bignum () { - msg "build: crypto_full + accelerated EC algs + USE_PSA - ECP" + msg "build: full + accelerated EC algs + USE_PSA - ECP" # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ @@ -2753,7 +2754,7 @@ component_test_psa_crypto_config_accel_ecc_no_bignum () { # Run the tests # ------------- - msg "test suites: crypto_full + accelerated EC algs + USE_PSA - ECP" + msg "test suites: full + accelerated EC algs + USE_PSA - ECP" make test # The following will be enabled in #7756 @@ -2765,13 +2766,13 @@ component_test_psa_crypto_config_accel_ecc_no_bignum () { # in conjunction with component_test_psa_crypto_config_accel_ecc_no_bignum(). # Keep in sync with its accelerated counterpart. component_test_psa_crypto_config_reference_ecc_no_bignum () { - msg "build: crypto_full + non accelerated EC algs + USE_PSA" + msg "build: full + non accelerated EC algs + USE_PSA" config_psa_crypto_config_accel_ecc_no_bignum 0 make - msg "test suites: crypto_full + non accelerated EC algs + USE_PSA" + msg "test suites: full + non accelerated EC algs + USE_PSA" make test # The following will be enabled in #7756 From c6aeb0dc1dd0fdd9b9002ce86b3f7bd0f358d40c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 10:10:28 +0200 Subject: [PATCH 321/339] check_config: remove unnecessary BIGNUM_C requirements Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 264c2c938..3d6353ef7 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -986,15 +986,15 @@ #error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites" #endif -#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ +#if defined(MBEDTLS_X509_USE_C) && \ + (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ !defined(MBEDTLS_PK_PARSE_C) || \ ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) ) #error "MBEDTLS_X509_USE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \ +#if defined(MBEDTLS_X509_CREATE_C) && \ + (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \ !defined(MBEDTLS_PK_PARSE_C) || \ ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) ) #error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" @@ -1099,8 +1099,8 @@ #if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \ ( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \ - ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) ||\ - ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || ( !defined(MBEDTLS_BIGNUM_C) ) || \ + ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) || \ + ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || \ ( !defined(MBEDTLS_MD_C) ) ) #error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" #endif From 3580f448eb72bbc21dbbbae1ba7d089f8e58b60f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jul 2023 10:19:53 +0200 Subject: [PATCH 322/339] test: solve test disparities for x509[parse/write] suites Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.function | 5 ----- tests/suites/test_suite_x509write.function | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 88ca28cd4..9c385482c 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -415,11 +415,6 @@ int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_BIGNUM_C - * END_DEPENDENCIES - */ - /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ void x509_accessor_ext_types(int ext_type, int has_ext_type) { diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index ab4a2d0d3..04a793198 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -128,7 +128,7 @@ static int csr_set_extended_key_usage(mbedtls_x509write_csr *ctx, /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C + * depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C * END_DEPENDENCIES */ From 48fb8a34485a659179655743356f7afcb65b45e6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 10 Aug 2023 14:01:51 +0100 Subject: [PATCH 323/339] Fix some renames that were missed Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 6 +++--- library/ssl_msg.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 647b664e8..dabf720aa 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -44,10 +44,10 @@ * example: bool x = y == z => x = mbedtls_ct_uint_eq(y, z) * * - conditional data selection - * These are all named mbedtls_ct__if and mbedtls_ct__if0 + * These are all named mbedtls_ct__if and mbedtls_ct__if_else_0 * All arguments are considered secret. * example: size_t a = x ? b : c => a = mbedtls_ct_size_if(x, b, c) - * example: unsigned a = x ? b : 0 => a = mbedtls_ct_uint_if0(x, b) + * example: unsigned a = x ? b : 0 => a = mbedtls_ct_uint__if_else_0(x, b) * * - block memory operations * Only some arguments are considered secret, as documented for each @@ -201,7 +201,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x, * \param x The first value to analyze. * \param y The second value to analyze. * - * \note This is more efficient than mbedtls_ct_bool_ne if both arguments are + * \note This is more efficient than mbedtls_ct_uint_ne if both arguments are * mbedtls_ct_condition_t. * * \return MBEDTLS_CT_TRUE if \p x ^ \p y, diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1a9c17e29..c8ffc1ede 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -154,7 +154,7 @@ int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, PSA_CHK(psa_hash_finish(&aux_operation, aux_out, PSA_HASH_MAX_SIZE, &hash_length)); /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offset, data_len_secret), + mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offset, data_len_secret), output, aux_out, NULL, hash_size); if (offset < max_data_len) { From efe848f4300a8413ef635afd589be4eabca4919d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 10 Aug 2023 15:14:24 +0200 Subject: [PATCH 324/339] pk: fix some comments Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index fc0ce7046..41e980d62 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -173,7 +173,7 @@ typedef struct mbedtls_pk_rsassa_pss_options { /* Internal helper to define which fields in the pk_context structure below * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) - * format. It should be noticed that this only affect how data is stored, not + * format. It should be noticed that this only affects how data is stored, not * which functions are used for various operations. The overall picture looks * like this: * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure @@ -202,7 +202,7 @@ typedef struct mbedtls_pk_rsassa_pss_options { /* Internal helper to define which fields in the pk_context structure below * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) - * format. It should be noticed that this only affect how data is stored, not + * format. It should be noted that this only affect how data is stored, not * which functions are used for various operations. The overall picture looks * like this: * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure @@ -213,9 +213,9 @@ typedef struct mbedtls_pk_rsassa_pss_options { * - if !ECP_C then use new raw data and PSA functions directly. * * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long - * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the - * ecp_keypair structure inside the pk_context so he/she can modify it using - * ECP functions which are not under PK module's control. + * as ECP_C is defined mbedtls_pk_ec() gives the user read/write access to the + * ecp_keypair structure inside the pk_context so they can modify it using + * ECP functions which are not under the PK module's control. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ !defined(MBEDTLS_ECP_C) From 18535c352dd6d83460e8b245f7861acb7d1584a4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 31 Jul 2023 11:27:17 +0200 Subject: [PATCH 325/339] test: enable TLS, key exchances and ssl-opt teting in ecc_no_bignum() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2afc18166..78643f6e5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2656,10 +2656,8 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { # - component_test_psa_crypto_config_reference_ecc_no_bignum config_psa_crypto_config_accel_ecc_no_bignum() { DRIVER_ONLY="$1" - # start with full config for maximum coverage (also enables USE_PSA), - # but keep TLS and key exchanges disabled + # start with full config for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - scripts/config.py unset MBEDTLS_SSL_TLS_C if [ "$DRIVER_ONLY" -eq 1 ]; then # Disable modules that are accelerated @@ -2712,7 +2710,7 @@ config_psa_crypto_config_accel_ecc_no_bignum() { # # Keep in sync with component_test_psa_crypto_config_reference_ecc_no_bignum() component_test_psa_crypto_config_accel_ecc_no_bignum () { - msg "build: full + accelerated EC algs + USE_PSA - ECP" + msg "build: full + accelerated EC algs + USE_PSA - ECP - BIGNUM" # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ @@ -2754,12 +2752,12 @@ component_test_psa_crypto_config_accel_ecc_no_bignum () { # Run the tests # ------------- - msg "test suites: full + accelerated EC algs + USE_PSA - ECP" + msg "test suites: full + accelerated EC algs + USE_PSA - ECP - BIGNUM" make test # The following will be enabled in #7756 - #msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP" - #tests/ssl-opt.sh + msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP - BIGNUM" + tests/ssl-opt.sh } # Reference function used for driver's coverage analysis in analyze_outcomes.py @@ -2776,8 +2774,8 @@ component_test_psa_crypto_config_reference_ecc_no_bignum () { make test # The following will be enabled in #7756 - #msg "ssl-opt: full + non accelerated EC algs + USE_PSA" - #tests/ssl-opt.sh + msg "ssl-opt: full + non accelerated EC algs + USE_PSA" + tests/ssl-opt.sh } # Helper function used in: From 711f853b48e14c3c1b46b7631fbb2cb37345e9b9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 31 Jul 2023 11:28:07 +0200 Subject: [PATCH 326/339] ssl_tls13: fix guard for FFDH function Signed-off-by: Valerio Setti --- library/ssl_tls13_generic.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a06308490..20cecdbdf 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1521,6 +1521,7 @@ int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, return 0; } +#if defined(PSA_WANT_ALG_FFDH) static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id( uint16_t tls_id, size_t *bits, psa_key_type_t *key_type) { @@ -1549,6 +1550,7 @@ static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id( return PSA_ERROR_NOT_SUPPORTED; } } +#endif /* PSA_WANT_ALG_FFDH */ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( mbedtls_ssl_context *ssl, From 4f577f3e515dbe004b18adab3868eb28d223e334 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 31 Jul 2023 18:58:25 +0200 Subject: [PATCH 327/339] ssl-opt: add RSA_C requirement when RSA encryption is used in certificate Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6113eeba9..6f688d89b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -435,6 +435,13 @@ detect_required_features() { ;; esac + case "$CMD_LINE" in + *server2*|\ + *server7*) + # server2 and server7 certificates use RSA encryption + requires_config_enabled "MBEDTLS_RSA_C" + esac + unset tmp } @@ -2275,6 +2282,7 @@ run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 requires_config_disabled MBEDTLS_X509_REMOVE_INFO @@ -2295,6 +2303,7 @@ run_test "Opaque keys for server authentication: EC keys with different algs, requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \ @@ -2314,6 +2323,7 @@ run_test "Opaque keys for server authentication: EC keys with different algs, requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_384 requires_config_enabled MBEDTLS_CCM_C requires_config_disabled MBEDTLS_X509_REMOVE_INFO From e0be95e81dae83bd169eaa74508afb90b172ab10 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 1 Aug 2023 09:07:43 +0200 Subject: [PATCH 328/339] analyze_outcomes: skip tests that depend on BIGNUM_C Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index ee51513b7..c6891bb43 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -390,6 +390,16 @@ TASKS = { 'ASN.1 Write mpi, 255*8-1 bits', 'ASN.1 Write mpi, 256*8-1 bits', ], + 'test_suite_debug': [ + # Following tests depends on BIGNUM_C + 'Debug print mbedtls_mpi #2: 3 bits', + 'Debug print mbedtls_mpi: 0 (empty representation)', + 'Debug print mbedtls_mpi: 0 (non-empty representation)', + 'Debug print mbedtls_mpi: 49 bits', + 'Debug print mbedtls_mpi: 759 bits', + 'Debug print mbedtls_mpi: 764 bits #1', + 'Debug print mbedtls_mpi: 764 bits #2', + ], } } }, From 36344cecbd17cd28480ef993e3eaeb9af725a76e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 11 Aug 2023 06:36:30 +0200 Subject: [PATCH 329/339] ssl-opt: remove redundant requirement for RSA_C Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6f688d89b..0164b45cd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2282,7 +2282,6 @@ run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 requires_config_disabled MBEDTLS_X509_REMOVE_INFO @@ -2303,7 +2302,6 @@ run_test "Opaque keys for server authentication: EC keys with different algs, requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \ @@ -2323,7 +2321,6 @@ run_test "Opaque keys for server authentication: EC keys with different algs, requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_384 requires_config_enabled MBEDTLS_CCM_C requires_config_disabled MBEDTLS_X509_REMOVE_INFO From 6da3d83f33dff232aec246d3e36fdd69f623d3c3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 11 Aug 2023 16:28:06 +0100 Subject: [PATCH 330/339] Fix resource leak in test failure case Signed-off-by: Paul Elliott --- tests/suites/test_suite_bignum_mod.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 70152845b..eaf2bd5b9 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -737,5 +737,6 @@ exit: mbedtls_free(R); mbedtls_free(R_COPY); mbedtls_free(obuf); + mbedtls_free(ref_buf); } /* END_CASE */ From 2ad93674dc180e085e29d4986800f8cac9bb4891 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 11 Aug 2023 11:07:06 +0100 Subject: [PATCH 331/339] Fix potential corruption of IV for AES CBC If passed a zero length, AES CBC could potentially corrupt the passed in IV by memcpying it over itself. Although this might be ok with more recent compilers, its not for every compiler we support. Found by coverity. Signed-off-by: Paul Elliott --- library/aes.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/aes.c b/library/aes.c index 592ca6416..b55c08ab1 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1094,6 +1094,11 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, return MBEDTLS_ERR_AES_BAD_INPUT_DATA; } + /* Nothing to do if length is zero. */ + if (length == 0) { + return 0; + } + if (length % 16) { return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; } From 83c2e321d926d033510b080008707e56d63e6cce Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 11 Aug 2023 15:58:30 +0100 Subject: [PATCH 332/339] Add changelog Signed-off-by: Paul Elliott --- ChangeLog.d/fix-aes-cbc-iv-corruption | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-aes-cbc-iv-corruption diff --git a/ChangeLog.d/fix-aes-cbc-iv-corruption b/ChangeLog.d/fix-aes-cbc-iv-corruption new file mode 100644 index 000000000..11eb9463e --- /dev/null +++ b/ChangeLog.d/fix-aes-cbc-iv-corruption @@ -0,0 +1,3 @@ +Bugfix + * Fix a potential corruption of the passed-in IV when mbedtls_aes_crypt_cbc() + is called with zero length and padlock is not enabled. From 0b7bf876e4cdee4a94dc3414cdc96cece6858e7a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 14 Aug 2023 14:25:29 +0100 Subject: [PATCH 333/339] Fix compile fail for empty enum in cipher_wrap Signed-off-by: Dave Rodgman --- library/cipher_wrap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index da4e739c8..890be3c76 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -120,8 +120,10 @@ enum mbedtls_cipher_base_index { MBEDTLS_CIPHER_BASE_INDEX_NULL_BASE, #endif #if defined(MBEDTLS_CIPHER_MODE_XTS) && defined(MBEDTLS_AES_C) - MBEDTLS_CIPHER_BASE_INDEX_XTS_AES + MBEDTLS_CIPHER_BASE_INDEX_XTS_AES, #endif + /* Prevent compile failure due to empty enum */ + MBEDTLS_PREVENT_EMPTY_ENUM }; #if defined(MBEDTLS_GCM_C) From b8f23b9cfbcca01e6a893b31e192b91c4ee43265 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 14 Aug 2023 14:28:23 +0100 Subject: [PATCH 334/339] Changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/fix-empty-enum.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-empty-enum.txt diff --git a/ChangeLog.d/fix-empty-enum.txt b/ChangeLog.d/fix-empty-enum.txt new file mode 100644 index 000000000..f0aba1987 --- /dev/null +++ b/ChangeLog.d/fix-empty-enum.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix compile failure due to empty enum in cipher_wrap.o, when building + with a very minimal configuration. Fixes #7625. From f97eb58e514c2270f97c036beafab5a489b09c7a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 14 Aug 2023 15:19:23 +0100 Subject: [PATCH 335/339] Fix Changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/fix-empty-enum.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-empty-enum.txt b/ChangeLog.d/fix-empty-enum.txt index f0aba1987..458d58f3b 100644 --- a/ChangeLog.d/fix-empty-enum.txt +++ b/ChangeLog.d/fix-empty-enum.txt @@ -1,3 +1,3 @@ Bugfix - * Fix compile failure due to empty enum in cipher_wrap.o, when building + * Fix compile failure due to empty enum in cipher_wrap.c, when building with a very minimal configuration. Fixes #7625. From e3330f86d28af5e574c57cc6ea5c837fa9f9d5fb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 14 Aug 2023 15:26:28 +0100 Subject: [PATCH 336/339] Make naming more consistent Signed-off-by: Dave Rodgman --- library/cipher_wrap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 890be3c76..6ab2f5f13 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -123,7 +123,7 @@ enum mbedtls_cipher_base_index { MBEDTLS_CIPHER_BASE_INDEX_XTS_AES, #endif /* Prevent compile failure due to empty enum */ - MBEDTLS_PREVENT_EMPTY_ENUM + MBEDTLS_CIPHER_BASE_PREVENT_EMPTY_ENUM }; #if defined(MBEDTLS_GCM_C) From ba44e918b89bd4ec6d51e10dd953c5504a0fe3d0 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 15 Aug 2023 15:17:22 +0100 Subject: [PATCH 337/339] Remove unnecessary include from constant_time.c This was added in order to use TEST_CF_XYZ macros which have since been removed. Signed-off-by: David Horstmann --- library/constant_time.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 86cc066b0..832ded9e7 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -30,8 +30,6 @@ #include "mbedtls/error.h" #include "mbedtls/platform_util.h" -#include "../tests/include/test/constant_flow.h" - #include #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) From 6c104b9b3b4378b3bdf62a31fd6a94186191de56 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 16 Aug 2023 11:47:24 +0530 Subject: [PATCH 338/339] Modify derive output test cases and add actual output Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 302a9aa48..950a706e5 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6391,7 +6391,7 @@ derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, password as bytes, derive key depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"":"":0:0:1 +derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:0:1 PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #1, salt before cost depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1 @@ -6457,7 +6457,7 @@ derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01" PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, password as bytes, derive key depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"":"":0:0:1 +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:0:1 PSA key derivation: ECJPAKE to PMS, no input depends_on:PSA_WANT_ALG_SHA_256 From 9928ca1875cfbf998fa0e97f182892c047c3bad0 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 16 Aug 2023 11:48:27 +0530 Subject: [PATCH 339/339] Code styling Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_values.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 50df3e3d0..241b7c80d 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2117,7 +2117,7 @@ #define PSA_ALG_IS_PBKDF2(kdf_alg) \ (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || \ - (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128)) + ((kdf_alg) == PSA_ALG_PBKDF2_AES_CMAC_PRF_128)) #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff) #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000)