Merge pull request #139 from Patater/des-faster-and-typo-fix
Make DES self-test faster, and fix a typo
diff --git a/.gitignore b/.gitignore
index 789f57e..0f95b4c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,6 +31,17 @@
# Python build artifacts:
*.pyc
+# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
+*.dir/
+
+# Visual Studio artifacts
+/visualc/VS2010/.localhistory/
+/visualc/VS2010/.vs/
+/visualc/VS2010/Debug/
+/visualc/VS2010/Release/
+/visualc/VS2010/*.vcxproj.filters
+/visualc/VS2010/*.vcxproj.user
+
# Generated documentation:
/apidoc
diff --git a/3rdparty/.gitignore b/3rdparty/.gitignore
new file mode 100644
index 0000000..5fc607b
--- /dev/null
+++ b/3rdparty/.gitignore
@@ -0,0 +1 @@
+/Makefile
diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt
new file mode 100644
index 0000000..dca4bd7
--- /dev/null
+++ b/3rdparty/CMakeLists.txt
@@ -0,0 +1,11 @@
+list (APPEND thirdparty_src)
+list (APPEND thirdparty_lib)
+list (APPEND thirdparty_inc)
+list (APPEND thirdparty_def)
+
+add_subdirectory(everest)
+
+set(thirdparty_src ${thirdparty_src} PARENT_SCOPE)
+set(thirdparty_lib ${thirdparty_lib} PARENT_SCOPE)
+set(thirdparty_inc ${thirdparty_inc} PARENT_SCOPE)
+set(thirdparty_def ${thirdparty_def} PARENT_SCOPE)
diff --git a/3rdparty/Makefile.inc b/3rdparty/Makefile.inc
new file mode 100644
index 0000000..c93fcbc
--- /dev/null
+++ b/3rdparty/Makefile.inc
@@ -0,0 +1,5 @@
+ifeq ($(INCLUDING_FROM_MBEDTLS), 1)
+include ../crypto/3rdparty/everest/Makefile.inc
+else
+include ../3rdparty/everest/Makefile.inc
+endif
diff --git a/3rdparty/everest/.gitignore b/3rdparty/everest/.gitignore
new file mode 100644
index 0000000..6eb25f6
--- /dev/null
+++ b/3rdparty/everest/.gitignore
@@ -0,0 +1,2 @@
+*.o
+Makefile
diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt
new file mode 100644
index 0000000..18c8731
--- /dev/null
+++ b/3rdparty/everest/CMakeLists.txt
@@ -0,0 +1,31 @@
+list (APPEND everest_src)
+list (APPEND everest_inc)
+list (APPEND everest_def)
+
+set(everest_src
+ ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519_joined.c
+)
+
+list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib)
+
+execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
+
+if(${result} EQUAL 0)
+
+ if(INSTALL_MBEDTLS_HEADERS)
+
+ install(DIRECTORY include/everest
+ DESTINATION include
+ FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+ DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+ FILES_MATCHING PATTERN "*.h")
+
+ endif(INSTALL_MBEDTLS_HEADERS)
+
+endif()
+
+set(thirdparty_src ${thirdparty_src} ${everest_src} PARENT_SCOPE)
+set(thirdparty_inc ${thirdparty_inc} ${everest_inc} PARENT_SCOPE)
+set(thirdparty_def ${thirdparty_def} ${everest_def} PARENT_SCOPE)
diff --git a/3rdparty/everest/Makefile.inc b/3rdparty/everest/Makefile.inc
new file mode 100644
index 0000000..77a6b49
--- /dev/null
+++ b/3rdparty/everest/Makefile.inc
@@ -0,0 +1,6 @@
+THIRDPARTY_INCLUDES+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib
+
+THIRDPARTY_CRYPTO_OBJECTS+= \
+ ../3rdparty/everest/library/everest.o \
+ ../3rdparty/everest/library/x25519.o \
+ ../3rdparty/everest/library/Hacl_Curve25519_joined.o
diff --git a/3rdparty/everest/README.md b/3rdparty/everest/README.md
new file mode 100644
index 0000000..0e25466
--- /dev/null
+++ b/3rdparty/everest/README.md
@@ -0,0 +1,5 @@
+The files in this directory stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license.
+
+This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS.
+
+The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).
diff --git a/3rdparty/everest/include/everest/Hacl_Curve25519.h b/3rdparty/everest/include/everest/Hacl_Curve25519.h
new file mode 100644
index 0000000..e3f5ba4
--- /dev/null
+++ b/3rdparty/everest/include/everest/Hacl_Curve25519.h
@@ -0,0 +1,21 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
+ * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fbuiltin-uint128 -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c
+ * F* version: 059db0c8
+ * KreMLin version: 916c37ac
+ */
+
+
+
+#ifndef __Hacl_Curve25519_H
+#define __Hacl_Curve25519_H
+
+
+#include "kremlib.h"
+
+void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
+
+#define __Hacl_Curve25519_H_DEFINED
+#endif
diff --git a/3rdparty/everest/include/everest/everest.h b/3rdparty/everest/include/everest/everest.h
new file mode 100644
index 0000000..5806500
--- /dev/null
+++ b/3rdparty/everest/include/everest/everest.h
@@ -0,0 +1,234 @@
+/*
+ * Interface to code from Project Everest
+ *
+ * Copyright 2016-2018 INRIA and Microsoft Corporation
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org).
+ */
+
+#ifndef MBEDTLS_EVEREST_H
+#define MBEDTLS_EVEREST_H
+
+#include "everest/x25519.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Defines the source of the imported EC key.
+ */
+typedef enum
+{
+ MBEDTLS_EVEREST_ECDH_OURS, /**< Our key. */
+ MBEDTLS_EVEREST_ECDH_THEIRS, /**< The key of the peer. */
+} mbedtls_everest_ecdh_side;
+
+typedef struct {
+ mbedtls_x25519_context ctx;
+} mbedtls_ecdh_context_everest;
+
+
+/**
+ * \brief This function sets up the ECDH context with the information
+ * given.
+ *
+ * This function should be called after mbedtls_ecdh_init() but
+ * before mbedtls_ecdh_make_params(). There is no need to call
+ * this function before mbedtls_ecdh_read_params().
+ *
+ * This is the first function used by a TLS server for ECDHE
+ * ciphersuites.
+ *
+ * \param ctx The ECDH context to set up.
+ * \param grp_id The group id of the group to set up the context for.
+ *
+ * \return \c 0 on success.
+ */
+int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id );
+
+/**
+ * \brief This function frees a context.
+ *
+ * \param ctx The context to free.
+ */
+void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx );
+
+/**
+ * \brief This function generates a public key and a TLS
+ * ServerKeyExchange payload.
+ *
+ * This is the second function used by a TLS server for ECDHE
+ * ciphersuites. (It is called after mbedtls_ecdh_setup().)
+ *
+ * \note This function assumes that the ECP group (grp) of the
+ * \p ctx context has already been properly set,
+ * for example, using mbedtls_ecp_group_load().
+ *
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context.
+ * \param olen The number of characters written.
+ * \param buf The destination buffer.
+ * \param blen The length of the destination buffer.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ */
+int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )( void *, unsigned char *, size_t ),
+ void *p_rng );
+
+/**
+ * \brief This function parses and processes a TLS ServerKeyExhange
+ * payload.
+ *
+ * This is the first function used by a TLS client for ECDHE
+ * ciphersuites.
+ *
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context.
+ * \param buf The pointer to the start of the input buffer.
+ * \param end The address for one Byte past the end of the buffer.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ *
+ */
+int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
+ const unsigned char **buf, const unsigned char *end );
+
+/**
+ * \brief This function parses and processes a TLS ServerKeyExhange
+ * payload.
+ *
+ * This is the first function used by a TLS client for ECDHE
+ * ciphersuites.
+ *
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context.
+ * \param buf The pointer to the start of the input buffer.
+ * \param end The address for one Byte past the end of the buffer.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ *
+ */
+int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
+ const unsigned char **buf, const unsigned char *end );
+
+/**
+ * \brief This function sets up an ECDH context from an EC key.
+ *
+ * It is used by clients and servers in place of the
+ * ServerKeyEchange for static ECDH, and imports ECDH
+ * parameters from the EC key information of a certificate.
+ *
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context to set up.
+ * \param key The EC key to use.
+ * \param side Defines the source of the key: 1: Our key, or
+ * 0: The key of the peer.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ *
+ */
+int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx, const mbedtls_ecp_keypair *key,
+ mbedtls_everest_ecdh_side side );
+
+/**
+ * \brief This function generates a public key and a TLS
+ * ClientKeyExchange payload.
+ *
+ * This is the second function used by a TLS client for ECDH(E)
+ * ciphersuites.
+ *
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context.
+ * \param olen The number of Bytes written.
+ * \param buf The destination buffer.
+ * \param blen The size of the destination buffer.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ */
+int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )( void *, unsigned char *, size_t ),
+ void *p_rng );
+
+/**
+ * \brief This function parses and processes a TLS ClientKeyExchange
+ * payload.
+ *
+ * This is the third function used by a TLS server for ECDH(E)
+ * ciphersuites. (It is called after mbedtls_ecdh_setup() and
+ * mbedtls_ecdh_make_params().)
+ *
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context.
+ * \param buf The start of the input buffer.
+ * \param blen The length of the input buffer.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ */
+int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx,
+ const unsigned char *buf, size_t blen );
+
+/**
+ * \brief This function derives and exports the shared secret.
+ *
+ * This is the last function used by both TLS client
+ * and servers.
+ *
+ * \note If \p f_rng is not NULL, it is used to implement
+ * countermeasures against side-channel attacks.
+ * For more information, see mbedtls_ecp_mul().
+ *
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context.
+ * \param olen The number of Bytes written.
+ * \param buf The destination buffer.
+ * \param blen The length of the destination buffer.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ */
+int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )( void *, unsigned char *, size_t ),
+ void *p_rng );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_EVEREST_H */
diff --git a/3rdparty/everest/include/everest/kremlib.h b/3rdparty/everest/include/everest/kremlib.h
new file mode 100644
index 0000000..f06663f
--- /dev/null
+++ b/3rdparty/everest/include/everest/kremlib.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2016-2018 INRIA and Microsoft Corporation
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org) and
+ * originated from Project Everest (https://project-everest.github.io/)
+ */
+
+#ifndef __KREMLIB_H
+#define __KREMLIB_H
+
+#include "kremlin/internal/target.h"
+#include "kremlin/internal/types.h"
+#include "kremlin/c_endianness.h"
+
+#endif /* __KREMLIB_H */
diff --git a/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h b/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h
new file mode 100644
index 0000000..d71c882
--- /dev/null
+++ b/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h
@@ -0,0 +1,124 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
+ * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir dist/uint128 -skip-compilation -extract-uints -add-include <inttypes.h> -add-include <stdbool.h> -add-include "kremlin/internal/types.h" -bundle FStar.UInt128=* extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml
+ * F* version: 059db0c8
+ * KreMLin version: 916c37ac
+ */
+
+
+
+#ifndef __FStar_UInt128_H
+#define __FStar_UInt128_H
+
+
+#include <inttypes.h>
+#include <stdbool.h>
+#include "kremlin/internal/types.h"
+
+uint64_t FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee);
+
+uint64_t FStar_UInt128___proj__Mkuint128__item__high(FStar_UInt128_uint128 projectee);
+
+typedef FStar_UInt128_uint128 FStar_UInt128_t;
+
+FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128
+FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128
+FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a);
+
+FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s);
+
+FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s);
+
+bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a);
+
+uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a);
+
+extern FStar_UInt128_uint128
+(*FStar_UInt128_op_Plus_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern FStar_UInt128_uint128
+(*FStar_UInt128_op_Plus_Question_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern FStar_UInt128_uint128
+(*FStar_UInt128_op_Plus_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern FStar_UInt128_uint128
+(*FStar_UInt128_op_Subtraction_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern FStar_UInt128_uint128
+(*FStar_UInt128_op_Subtraction_Question_Hat)(
+ FStar_UInt128_uint128 x0,
+ FStar_UInt128_uint128 x1
+);
+
+extern FStar_UInt128_uint128
+(*FStar_UInt128_op_Subtraction_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern FStar_UInt128_uint128
+(*FStar_UInt128_op_Amp_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern FStar_UInt128_uint128
+(*FStar_UInt128_op_Hat_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern FStar_UInt128_uint128
+(*FStar_UInt128_op_Bar_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern FStar_UInt128_uint128
+(*FStar_UInt128_op_Less_Less_Hat)(FStar_UInt128_uint128 x0, uint32_t x1);
+
+extern FStar_UInt128_uint128
+(*FStar_UInt128_op_Greater_Greater_Hat)(FStar_UInt128_uint128 x0, uint32_t x1);
+
+extern bool (*FStar_UInt128_op_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern bool
+(*FStar_UInt128_op_Greater_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern bool (*FStar_UInt128_op_Less_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern bool
+(*FStar_UInt128_op_Greater_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern bool
+(*FStar_UInt128_op_Less_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y);
+
+FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y);
+
+#define __FStar_UInt128_H_DEFINED
+#endif
diff --git a/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h b/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h
new file mode 100644
index 0000000..21560c4
--- /dev/null
+++ b/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h
@@ -0,0 +1,280 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
+ * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir dist/minimal -skip-compilation -extract-uints -add-include <inttypes.h> -add-include <stdbool.h> -add-include "kremlin/internal/compat.h" -add-include "kremlin/internal/types.h" -bundle FStar.UInt64+FStar.UInt32+FStar.UInt16+FStar.UInt8=* extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml
+ * F* version: 059db0c8
+ * KreMLin version: 916c37ac
+ */
+
+
+
+#ifndef __FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8_H
+#define __FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8_H
+
+
+#include <inttypes.h>
+#include <stdbool.h>
+#include "kremlin/internal/compat.h"
+#include "kremlin/internal/types.h"
+
+extern Prims_int FStar_UInt64_n;
+
+extern Prims_int FStar_UInt64_v(uint64_t x0);
+
+extern uint64_t FStar_UInt64_uint_to_t(Prims_int x0);
+
+extern uint64_t FStar_UInt64_add(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_add_underspec(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_add_mod(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_sub(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_sub_underspec(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_sub_mod(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_mul(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_mul_underspec(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_mul_mod(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_mul_div(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_div(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_rem(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_logand(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_logxor(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_logor(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_lognot(uint64_t x0);
+
+extern uint64_t FStar_UInt64_shift_right(uint64_t x0, uint32_t x1);
+
+extern uint64_t FStar_UInt64_shift_left(uint64_t x0, uint32_t x1);
+
+extern bool FStar_UInt64_eq(uint64_t x0, uint64_t x1);
+
+extern bool FStar_UInt64_gt(uint64_t x0, uint64_t x1);
+
+extern bool FStar_UInt64_gte(uint64_t x0, uint64_t x1);
+
+extern bool FStar_UInt64_lt(uint64_t x0, uint64_t x1);
+
+extern bool FStar_UInt64_lte(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_minus(uint64_t x0);
+
+extern uint32_t FStar_UInt64_n_minus_one;
+
+uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
+
+uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
+
+extern Prims_string FStar_UInt64_to_string(uint64_t x0);
+
+extern uint64_t FStar_UInt64_of_string(Prims_string x0);
+
+extern Prims_int FStar_UInt32_n;
+
+extern Prims_int FStar_UInt32_v(uint32_t x0);
+
+extern uint32_t FStar_UInt32_uint_to_t(Prims_int x0);
+
+extern uint32_t FStar_UInt32_add(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_add_underspec(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_add_mod(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_sub(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_sub_underspec(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_sub_mod(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_mul(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_mul_underspec(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_mul_mod(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_mul_div(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_div(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_rem(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_logand(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_logxor(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_logor(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_lognot(uint32_t x0);
+
+extern uint32_t FStar_UInt32_shift_right(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_shift_left(uint32_t x0, uint32_t x1);
+
+extern bool FStar_UInt32_eq(uint32_t x0, uint32_t x1);
+
+extern bool FStar_UInt32_gt(uint32_t x0, uint32_t x1);
+
+extern bool FStar_UInt32_gte(uint32_t x0, uint32_t x1);
+
+extern bool FStar_UInt32_lt(uint32_t x0, uint32_t x1);
+
+extern bool FStar_UInt32_lte(uint32_t x0, uint32_t x1);
+
+extern uint32_t FStar_UInt32_minus(uint32_t x0);
+
+extern uint32_t FStar_UInt32_n_minus_one;
+
+uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
+
+uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
+
+extern Prims_string FStar_UInt32_to_string(uint32_t x0);
+
+extern uint32_t FStar_UInt32_of_string(Prims_string x0);
+
+extern Prims_int FStar_UInt16_n;
+
+extern Prims_int FStar_UInt16_v(uint16_t x0);
+
+extern uint16_t FStar_UInt16_uint_to_t(Prims_int x0);
+
+extern uint16_t FStar_UInt16_add(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_add_underspec(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_add_mod(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_sub(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_sub_underspec(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_sub_mod(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_mul(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_mul_underspec(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_mul_mod(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_mul_div(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_div(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_rem(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_logand(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_logxor(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_logor(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_lognot(uint16_t x0);
+
+extern uint16_t FStar_UInt16_shift_right(uint16_t x0, uint32_t x1);
+
+extern uint16_t FStar_UInt16_shift_left(uint16_t x0, uint32_t x1);
+
+extern bool FStar_UInt16_eq(uint16_t x0, uint16_t x1);
+
+extern bool FStar_UInt16_gt(uint16_t x0, uint16_t x1);
+
+extern bool FStar_UInt16_gte(uint16_t x0, uint16_t x1);
+
+extern bool FStar_UInt16_lt(uint16_t x0, uint16_t x1);
+
+extern bool FStar_UInt16_lte(uint16_t x0, uint16_t x1);
+
+extern uint16_t FStar_UInt16_minus(uint16_t x0);
+
+extern uint32_t FStar_UInt16_n_minus_one;
+
+uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
+
+uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b);
+
+extern Prims_string FStar_UInt16_to_string(uint16_t x0);
+
+extern uint16_t FStar_UInt16_of_string(Prims_string x0);
+
+extern Prims_int FStar_UInt8_n;
+
+extern Prims_int FStar_UInt8_v(uint8_t x0);
+
+extern uint8_t FStar_UInt8_uint_to_t(Prims_int x0);
+
+extern uint8_t FStar_UInt8_add(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_add_underspec(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_add_mod(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_sub(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_sub_underspec(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_sub_mod(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_mul(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_mul_underspec(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_mul_mod(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_mul_div(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_div(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_rem(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_logand(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_logxor(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_logor(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_lognot(uint8_t x0);
+
+extern uint8_t FStar_UInt8_shift_right(uint8_t x0, uint32_t x1);
+
+extern uint8_t FStar_UInt8_shift_left(uint8_t x0, uint32_t x1);
+
+extern bool FStar_UInt8_eq(uint8_t x0, uint8_t x1);
+
+extern bool FStar_UInt8_gt(uint8_t x0, uint8_t x1);
+
+extern bool FStar_UInt8_gte(uint8_t x0, uint8_t x1);
+
+extern bool FStar_UInt8_lt(uint8_t x0, uint8_t x1);
+
+extern bool FStar_UInt8_lte(uint8_t x0, uint8_t x1);
+
+extern uint8_t FStar_UInt8_minus(uint8_t x0);
+
+extern uint32_t FStar_UInt8_n_minus_one;
+
+uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
+
+uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b);
+
+extern Prims_string FStar_UInt8_to_string(uint8_t x0);
+
+extern uint8_t FStar_UInt8_of_string(Prims_string x0);
+
+typedef uint8_t FStar_UInt8_byte;
+
+#define __FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8_H_DEFINED
+#endif
diff --git a/3rdparty/everest/include/everest/kremlin/c_endianness.h b/3rdparty/everest/include/everest/kremlin/c_endianness.h
new file mode 100644
index 0000000..5cfde5d
--- /dev/null
+++ b/3rdparty/everest/include/everest/kremlin/c_endianness.h
@@ -0,0 +1,204 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+#ifndef __KREMLIN_ENDIAN_H
+#define __KREMLIN_ENDIAN_H
+
+#include <string.h>
+#include <inttypes.h>
+
+/******************************************************************************/
+/* Implementing C.fst (part 2: endian-ness macros) */
+/******************************************************************************/
+
+/* ... for Linux */
+#if defined(__linux__) || defined(__CYGWIN__)
+# include <endian.h>
+
+/* ... for OSX */
+#elif defined(__APPLE__)
+# include <libkern/OSByteOrder.h>
+# define htole64(x) OSSwapHostToLittleInt64(x)
+# define le64toh(x) OSSwapLittleToHostInt64(x)
+# define htobe64(x) OSSwapHostToBigInt64(x)
+# define be64toh(x) OSSwapBigToHostInt64(x)
+
+# define htole16(x) OSSwapHostToLittleInt16(x)
+# define le16toh(x) OSSwapLittleToHostInt16(x)
+# define htobe16(x) OSSwapHostToBigInt16(x)
+# define be16toh(x) OSSwapBigToHostInt16(x)
+
+# define htole32(x) OSSwapHostToLittleInt32(x)
+# define le32toh(x) OSSwapLittleToHostInt32(x)
+# define htobe32(x) OSSwapHostToBigInt32(x)
+# define be32toh(x) OSSwapBigToHostInt32(x)
+
+/* ... for Solaris */
+#elif defined(__sun__)
+# include <sys/byteorder.h>
+# define htole64(x) LE_64(x)
+# define le64toh(x) LE_64(x)
+# define htobe64(x) BE_64(x)
+# define be64toh(x) BE_64(x)
+
+# define htole16(x) LE_16(x)
+# define le16toh(x) LE_16(x)
+# define htobe16(x) BE_16(x)
+# define be16toh(x) BE_16(x)
+
+# define htole32(x) LE_32(x)
+# define le32toh(x) LE_32(x)
+# define htobe32(x) BE_32(x)
+# define be32toh(x) BE_32(x)
+
+/* ... for the BSDs */
+#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
+# include <sys/endian.h>
+#elif defined(__OpenBSD__)
+# include <endian.h>
+
+/* ... for Windows (MSVC)... not targeting XBOX 360! */
+#elif defined(_MSC_VER)
+
+# include <stdlib.h>
+# define htobe16(x) _byteswap_ushort(x)
+# define htole16(x) (x)
+# define be16toh(x) _byteswap_ushort(x)
+# define le16toh(x) (x)
+
+# define htobe32(x) _byteswap_ulong(x)
+# define htole32(x) (x)
+# define be32toh(x) _byteswap_ulong(x)
+# define le32toh(x) (x)
+
+# define htobe64(x) _byteswap_uint64(x)
+# define htole64(x) (x)
+# define be64toh(x) _byteswap_uint64(x)
+# define le64toh(x) (x)
+
+/* ... for Windows (GCC-like, e.g. mingw or clang) */
+#elif (defined(_WIN32) || defined(_WIN64)) && \
+ (defined(__GNUC__) || defined(__clang__))
+
+# define htobe16(x) __builtin_bswap16(x)
+# define htole16(x) (x)
+# define be16toh(x) __builtin_bswap16(x)
+# define le16toh(x) (x)
+
+# define htobe32(x) __builtin_bswap32(x)
+# define htole32(x) (x)
+# define be32toh(x) __builtin_bswap32(x)
+# define le32toh(x) (x)
+
+# define htobe64(x) __builtin_bswap64(x)
+# define htole64(x) (x)
+# define be64toh(x) __builtin_bswap64(x)
+# define le64toh(x) (x)
+
+/* ... generic big-endian fallback code */
+#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+
+/* byte swapping code inspired by:
+ * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h
+ * */
+
+# define htobe32(x) (x)
+# define be32toh(x) (x)
+# define htole32(x) \
+ (__extension__({ \
+ uint32_t _temp = (x); \
+ ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \
+ ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
+ }))
+# define le32toh(x) (htole32((x)))
+
+# define htobe64(x) (x)
+# define be64toh(x) (x)
+# define htole64(x) \
+ (__extension__({ \
+ uint64_t __temp = (x); \
+ uint32_t __low = htobe32((uint32_t)__temp); \
+ uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
+ (((uint64_t)__low) << 32) | __high; \
+ }))
+# define le64toh(x) (htole64((x)))
+
+/* ... generic little-endian fallback code */
+#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+
+# define htole32(x) (x)
+# define le32toh(x) (x)
+# define htobe32(x) \
+ (__extension__({ \
+ uint32_t _temp = (x); \
+ ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \
+ ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
+ }))
+# define be32toh(x) (htobe32((x)))
+
+# define htole64(x) (x)
+# define le64toh(x) (x)
+# define htobe64(x) \
+ (__extension__({ \
+ uint64_t __temp = (x); \
+ uint32_t __low = htobe32((uint32_t)__temp); \
+ uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
+ (((uint64_t)__low) << 32) | __high; \
+ }))
+# define be64toh(x) (htobe64((x)))
+
+/* ... couldn't determine endian-ness of the target platform */
+#else
+# error "Please define __BYTE_ORDER__!"
+
+#endif /* defined(__linux__) || ... */
+
+/* Loads and stores. These avoid undefined behavior due to unaligned memory
+ * accesses, via memcpy. */
+
+inline static uint16_t load16(uint8_t *b) {
+ uint16_t x;
+ memcpy(&x, b, 2);
+ return x;
+}
+
+inline static uint32_t load32(uint8_t *b) {
+ uint32_t x;
+ memcpy(&x, b, 4);
+ return x;
+}
+
+inline static uint64_t load64(uint8_t *b) {
+ uint64_t x;
+ memcpy(&x, b, 8);
+ return x;
+}
+
+inline static void store16(uint8_t *b, uint16_t i) {
+ memcpy(b, &i, 2);
+}
+
+inline static void store32(uint8_t *b, uint32_t i) {
+ memcpy(b, &i, 4);
+}
+
+inline static void store64(uint8_t *b, uint64_t i) {
+ memcpy(b, &i, 8);
+}
+
+#define load16_le(b) (le16toh(load16(b)))
+#define store16_le(b, i) (store16(b, htole16(i)))
+#define load16_be(b) (be16toh(load16(b)))
+#define store16_be(b, i) (store16(b, htobe16(i)))
+
+#define load32_le(b) (le32toh(load32(b)))
+#define store32_le(b, i) (store32(b, htole32(i)))
+#define load32_be(b) (be32toh(load32(b)))
+#define store32_be(b, i) (store32(b, htobe32(i)))
+
+#define load64_le(b) (le64toh(load64(b)))
+#define store64_le(b, i) (store64(b, htole64(i)))
+#define load64_be(b) (be64toh(load64(b)))
+#define store64_be(b, i) (store64(b, htobe64(i)))
+
+#endif
diff --git a/3rdparty/everest/include/everest/kremlin/internal/builtin.h b/3rdparty/everest/include/everest/kremlin/internal/builtin.h
new file mode 100644
index 0000000..219b266
--- /dev/null
+++ b/3rdparty/everest/include/everest/kremlin/internal/builtin.h
@@ -0,0 +1,16 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+#ifndef __KREMLIN_BUILTIN_H
+#define __KREMLIN_BUILTIN_H
+
+/* For alloca, when using KreMLin's -falloca */
+#if (defined(_WIN32) || defined(_WIN64))
+# include <malloc.h>
+#endif
+
+/* If some globals need to be initialized before the main, then kremlin will
+ * generate and try to link last a function with this type: */
+void kremlinit_globals(void);
+
+#endif
diff --git a/3rdparty/everest/include/everest/kremlin/internal/callconv.h b/3rdparty/everest/include/everest/kremlin/internal/callconv.h
new file mode 100644
index 0000000..bf631ff
--- /dev/null
+++ b/3rdparty/everest/include/everest/kremlin/internal/callconv.h
@@ -0,0 +1,46 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+#ifndef __KREMLIN_CALLCONV_H
+#define __KREMLIN_CALLCONV_H
+
+/******************************************************************************/
+/* Some macros to ease compatibility */
+/******************************************************************************/
+
+/* We want to generate __cdecl safely without worrying about it being undefined.
+ * When using MSVC, these are always defined. When using MinGW, these are
+ * defined too. They have no meaning for other platforms, so we define them to
+ * be empty macros in other situations. */
+#ifndef _MSC_VER
+#ifndef __cdecl
+#define __cdecl
+#endif
+#ifndef __stdcall
+#define __stdcall
+#endif
+#ifndef __fastcall
+#define __fastcall
+#endif
+#endif
+
+/* Since KreMLin emits the inline keyword unconditionally, we follow the
+ * guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this
+ * __inline__ to ensure the code compiles with -std=c90 and earlier. */
+#ifdef __GNUC__
+# define inline __inline__
+#endif
+
+/* GCC-specific attribute syntax; everyone else gets the standard C inline
+ * attribute. */
+#ifdef __GNU_C__
+# ifndef __clang__
+# define force_inline inline __attribute__((always_inline))
+# else
+# define force_inline inline
+# endif
+#else
+# define force_inline inline
+#endif
+
+#endif
diff --git a/3rdparty/everest/include/everest/kremlin/internal/compat.h b/3rdparty/everest/include/everest/kremlin/internal/compat.h
new file mode 100644
index 0000000..a5b8889
--- /dev/null
+++ b/3rdparty/everest/include/everest/kremlin/internal/compat.h
@@ -0,0 +1,34 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+#ifndef KRML_COMPAT_H
+#define KRML_COMPAT_H
+
+#include <inttypes.h>
+
+/* A series of macros that define C implementations of types that are not Low*,
+ * to facilitate porting programs to Low*. */
+
+typedef const char *Prims_string;
+
+typedef struct {
+ uint32_t length;
+ const char *data;
+} FStar_Bytes_bytes;
+
+typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int,
+ krml_checked_int_t;
+
+#define RETURN_OR(x) \
+ do { \
+ int64_t __ret = x; \
+ if (__ret < INT32_MIN || INT32_MAX < __ret) { \
+ KRML_HOST_PRINTF( \
+ "Prims.{int,nat,pos} integer overflow at %s:%d\n", __FILE__, \
+ __LINE__); \
+ KRML_HOST_EXIT(252); \
+ } \
+ return (int32_t)__ret; \
+ } while (0)
+
+#endif
diff --git a/3rdparty/everest/include/everest/kremlin/internal/debug.h b/3rdparty/everest/include/everest/kremlin/internal/debug.h
new file mode 100644
index 0000000..44ac22c
--- /dev/null
+++ b/3rdparty/everest/include/everest/kremlin/internal/debug.h
@@ -0,0 +1,57 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+#ifndef __KREMLIN_DEBUG_H
+#define __KREMLIN_DEBUG_H
+
+#include <inttypes.h>
+
+#include "kremlin/internal/target.h"
+
+/******************************************************************************/
+/* Debugging helpers - intended only for KreMLin developers */
+/******************************************************************************/
+
+/* In support of "-wasm -d force-c": we might need this function to be
+ * forward-declared, because the dependency on WasmSupport appears very late,
+ * after SimplifyWasm, and sadly, after the topological order has been done. */
+void WasmSupport_check_buffer_size(uint32_t s);
+
+/* A series of GCC atrocities to trace function calls (kremlin's [-d c-calls]
+ * option). Useful when trying to debug, say, Wasm, to compare traces. */
+/* clang-format off */
+#ifdef __GNUC__
+#define KRML_FORMAT(X) _Generic((X), \
+ uint8_t : "0x%08" PRIx8, \
+ uint16_t: "0x%08" PRIx16, \
+ uint32_t: "0x%08" PRIx32, \
+ uint64_t: "0x%08" PRIx64, \
+ int8_t : "0x%08" PRIx8, \
+ int16_t : "0x%08" PRIx16, \
+ int32_t : "0x%08" PRIx32, \
+ int64_t : "0x%08" PRIx64, \
+ default : "%s")
+
+#define KRML_FORMAT_ARG(X) _Generic((X), \
+ uint8_t : X, \
+ uint16_t: X, \
+ uint32_t: X, \
+ uint64_t: X, \
+ int8_t : X, \
+ int16_t : X, \
+ int32_t : X, \
+ int64_t : X, \
+ default : "unknown")
+/* clang-format on */
+
+# define KRML_DEBUG_RETURN(X) \
+ ({ \
+ __auto_type _ret = (X); \
+ KRML_HOST_PRINTF("returning: "); \
+ KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \
+ KRML_HOST_PRINTF(" \n"); \
+ _ret; \
+ })
+#endif
+
+#endif
diff --git a/3rdparty/everest/include/everest/kremlin/internal/target.h b/3rdparty/everest/include/everest/kremlin/internal/target.h
new file mode 100644
index 0000000..b552f52
--- /dev/null
+++ b/3rdparty/everest/include/everest/kremlin/internal/target.h
@@ -0,0 +1,102 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+#ifndef __KREMLIN_TARGET_H
+#define __KREMLIN_TARGET_H
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <inttypes.h>
+#include <limits.h>
+
+#include "kremlin/internal/callconv.h"
+
+/******************************************************************************/
+/* Macros that KreMLin will generate. */
+/******************************************************************************/
+
+/* For "bare" targets that do not have a C stdlib, the user might want to use
+ * [-add-early-include '"mydefinitions.h"'] and override these. */
+#ifndef KRML_HOST_PRINTF
+# define KRML_HOST_PRINTF printf
+#endif
+
+#if ( \
+ (defined __STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
+ (!(defined KRML_HOST_EPRINTF)))
+# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__)
+#endif
+
+#ifndef KRML_HOST_EXIT
+# define KRML_HOST_EXIT exit
+#endif
+
+#ifndef KRML_HOST_MALLOC
+# define KRML_HOST_MALLOC malloc
+#endif
+
+#ifndef KRML_HOST_CALLOC
+# define KRML_HOST_CALLOC calloc
+#endif
+
+#ifndef KRML_HOST_FREE
+# define KRML_HOST_FREE free
+#endif
+
+#ifndef KRML_HOST_TIME
+
+# include <time.h>
+
+/* Prims_nat not yet in scope */
+inline static int32_t krml_time() {
+ return (int32_t)time(NULL);
+}
+
+# define KRML_HOST_TIME krml_time
+#endif
+
+/* In statement position, exiting is easy. */
+#define KRML_EXIT \
+ do { \
+ KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, __LINE__); \
+ KRML_HOST_EXIT(254); \
+ } while (0)
+
+/* In expression position, use the comma-operator and a malloc to return an
+ * expression of the right size. KreMLin passes t as the parameter to the macro.
+ */
+#define KRML_EABORT(t, msg) \
+ (KRML_HOST_PRINTF("KreMLin abort at %s:%d\n%s\n", __FILE__, __LINE__, msg), \
+ KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t))))
+
+/* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of
+ * *elements*. Do an ugly, run-time check (some of which KreMLin can eliminate).
+ */
+
+#ifdef __GNUC__
+# define _KRML_CHECK_SIZE_PRAGMA \
+ _Pragma("GCC diagnostic ignored \"-Wtype-limits\"")
+#else
+# define _KRML_CHECK_SIZE_PRAGMA
+#endif
+
+#define KRML_CHECK_SIZE(size_elt, sz) \
+ do { \
+ _KRML_CHECK_SIZE_PRAGMA \
+ if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) { \
+ KRML_HOST_PRINTF( \
+ "Maximum allocatable size exceeded, aborting before overflow at " \
+ "%s:%d\n", \
+ __FILE__, __LINE__); \
+ KRML_HOST_EXIT(253); \
+ } \
+ } while (0)
+
+#if defined(_MSC_VER) && _MSC_VER < 1900
+# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) _snprintf_s(buf, sz, _TRUNCATE, fmt, arg)
+#else
+# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg)
+#endif
+
+#endif
diff --git a/3rdparty/everest/include/everest/kremlin/internal/types.h b/3rdparty/everest/include/everest/kremlin/internal/types.h
new file mode 100644
index 0000000..b936f00
--- /dev/null
+++ b/3rdparty/everest/include/everest/kremlin/internal/types.h
@@ -0,0 +1,61 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+#ifndef KRML_TYPES_H
+#define KRML_TYPES_H
+
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+/* Types which are either abstract, meaning that have to be implemented in C, or
+ * which are models, meaning that they are swapped out at compile-time for
+ * hand-written C types (in which case they're marked as noextract). */
+
+typedef uint64_t FStar_UInt64_t, FStar_UInt64_t_;
+typedef int64_t FStar_Int64_t, FStar_Int64_t_;
+typedef uint32_t FStar_UInt32_t, FStar_UInt32_t_;
+typedef int32_t FStar_Int32_t, FStar_Int32_t_;
+typedef uint16_t FStar_UInt16_t, FStar_UInt16_t_;
+typedef int16_t FStar_Int16_t, FStar_Int16_t_;
+typedef uint8_t FStar_UInt8_t, FStar_UInt8_t_;
+typedef int8_t FStar_Int8_t, FStar_Int8_t_;
+
+/* Only useful when building Kremlib, because it's in the dependency graph of
+ * FStar.Int.Cast. */
+typedef uint64_t FStar_UInt63_t, FStar_UInt63_t_;
+typedef int64_t FStar_Int63_t, FStar_Int63_t_;
+
+typedef double FStar_Float_float;
+typedef uint32_t FStar_Char_char;
+typedef FILE *FStar_IO_fd_read, *FStar_IO_fd_write;
+
+typedef void *FStar_Dyn_dyn;
+
+typedef const char *C_String_t, *C_String_t_;
+
+typedef int exit_code;
+typedef FILE *channel;
+
+typedef unsigned long long TestLib_cycles;
+
+typedef uint64_t FStar_Date_dateTime, FStar_Date_timeSpan;
+
+/* The uint128 type is a special case since we offer several implementations of
+ * it, depending on the compiler and whether the user wants the verified
+ * implementation or not. */
+#if !defined(KRML_VERIFIED_UINT128) && defined(_MSC_VER) && defined(_M_X64)
+# include <emmintrin.h>
+typedef __m128i FStar_UInt128_uint128;
+#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER)
+typedef unsigned __int128 FStar_UInt128_uint128;
+#else
+typedef struct FStar_UInt128_uint128_s {
+ uint64_t low;
+ uint64_t high;
+} FStar_UInt128_uint128;
+#endif
+
+typedef FStar_UInt128_uint128 FStar_UInt128_t, FStar_UInt128_t_, uint128_t;
+
+#endif
diff --git a/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h b/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h
new file mode 100644
index 0000000..b44fa3f
--- /dev/null
+++ b/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h
@@ -0,0 +1,5 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+/* This file is automatically included when compiling with -wasm -d force-c */
+#define WasmSupport_check_buffer_size(X)
diff --git a/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h b/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h
new file mode 100644
index 0000000..27ebe07
--- /dev/null
+++ b/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h
@@ -0,0 +1,21 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
+ * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c
+ * F* version: 059db0c8
+ * KreMLin version: 916c37ac
+ */
+
+
+
+#ifndef __Hacl_Curve25519_H
+#define __Hacl_Curve25519_H
+
+
+#include "kremlib.h"
+
+void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
+
+#define __Hacl_Curve25519_H_DEFINED
+#endif
diff --git a/3rdparty/everest/include/everest/vs2010/inttypes.h b/3rdparty/everest/include/everest/vs2010/inttypes.h
new file mode 100644
index 0000000..d53f87f
--- /dev/null
+++ b/3rdparty/everest/include/everest/vs2010/inttypes.h
@@ -0,0 +1,36 @@
+/*
+ * Custom inttypes.h for VS2010 KreMLin requires these definitions,
+ * but VS2010 doesn't provide them.
+ *
+ * Copyright 2016-2018 INRIA and Microsoft Corporation
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef _INTTYPES_H_VS2010
+#define _INTTYPES_H_VS2010
+
+#include <stdint.h>
+
+#ifdef _MSC_VER
+#define inline __inline
+#endif
+
+/* VS2010 unsigned long == 8 bytes */
+
+#define PRIu64 "I64u"
+
+#endif
diff --git a/3rdparty/everest/include/everest/vs2010/stdbool.h b/3rdparty/everest/include/everest/vs2010/stdbool.h
new file mode 100644
index 0000000..5b7039c
--- /dev/null
+++ b/3rdparty/everest/include/everest/vs2010/stdbool.h
@@ -0,0 +1,31 @@
+/*
+ * Custom stdbool.h for VS2010 KreMLin requires these definitions,
+ * but VS2010 doesn't provide them.
+ *
+ * Copyright 2016-2018 INRIA and Microsoft Corporation
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef _STDBOOL_H_VS2010
+#define _STDBOOL_H_VS2010
+
+typedef int bool;
+
+static bool true = 1;
+static bool false = 0;
+
+#endif
diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h
new file mode 100644
index 0000000..7a973dc
--- /dev/null
+++ b/3rdparty/everest/include/everest/x25519.h
@@ -0,0 +1,190 @@
+/*
+ * ECDH with curve-optimized implementation multiplexing
+ *
+ * Copyright 2016-2018 INRIA and Microsoft Corporation
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_X25519_H
+#define MBEDTLS_X25519_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define MBEDTLS_ECP_TLS_CURVE25519 0x1d
+#define MBEDTLS_X25519_KEY_SIZE_BYTES 32
+
+/**
+ * Defines the source of the imported EC key.
+ */
+typedef enum
+{
+ MBEDTLS_X25519_ECDH_OURS, /**< Our key. */
+ MBEDTLS_X25519_ECDH_THEIRS, /**< The key of the peer. */
+} mbedtls_x25519_ecdh_side;
+
+/**
+ * \brief The x25519 context structure.
+ */
+typedef struct
+{
+ unsigned char our_secret[MBEDTLS_X25519_KEY_SIZE_BYTES];
+ unsigned char peer_point[MBEDTLS_X25519_KEY_SIZE_BYTES];
+} mbedtls_x25519_context;
+
+/**
+ * \brief This function initializes an x25519 context.
+ *
+ * \param ctx The x25519 context to initialize.
+ */
+void mbedtls_x25519_init( mbedtls_x25519_context *ctx );
+
+/**
+ * \brief This function frees a context.
+ *
+ * \param ctx The context to free.
+ */
+void mbedtls_x25519_free( mbedtls_x25519_context *ctx );
+
+/**
+ * \brief This function generates a public key and a TLS
+ * ServerKeyExchange payload.
+ *
+ * This is the first function used by a TLS server for x25519.
+ *
+ *
+ * \param ctx The x25519 context.
+ * \param olen The number of characters written.
+ * \param buf The destination buffer.
+ * \param blen The length of the destination buffer.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ */
+int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief This function parses and processes a TLS ServerKeyExchange
+ * payload.
+ *
+ *
+ * \param ctx The x25519 context.
+ * \param buf The pointer to the start of the input buffer.
+ * \param end The address for one Byte past the end of the buffer.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ *
+ */
+int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx,
+ const unsigned char **buf, const unsigned char *end );
+
+/**
+ * \brief This function sets up an x25519 context from an EC key.
+ *
+ * It is used by clients and servers in place of the
+ * ServerKeyEchange for static ECDH, and imports ECDH
+ * parameters from the EC key information of a certificate.
+ *
+ * \see ecp.h
+ *
+ * \param ctx The x25519 context to set up.
+ * \param key The EC key to use.
+ * \param side Defines the source of the key: 1: Our key, or
+ * 0: The key of the peer.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ *
+ */
+int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key,
+ mbedtls_x25519_ecdh_side side );
+
+/**
+ * \brief This function derives and exports the shared secret.
+ *
+ * This is the last function used by both TLS client
+ * and servers.
+ *
+ *
+ * \param ctx The x25519 context.
+ * \param olen The number of Bytes written.
+ * \param buf The destination buffer.
+ * \param blen The length of the destination buffer.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ */
+int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief This function generates a public key and a TLS
+ * ClientKeyExchange payload.
+ *
+ * This is the second function used by a TLS client for x25519.
+ *
+ * \see ecp.h
+ *
+ * \param ctx The x25519 context.
+ * \param olen The number of Bytes written.
+ * \param buf The destination buffer.
+ * \param blen The size of the destination buffer.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ */
+int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
+ * \brief This function parses and processes a TLS ClientKeyExchange
+ * payload.
+ *
+ * This is the second function used by a TLS server for x25519.
+ *
+ * \see ecp.h
+ *
+ * \param ctx The x25519 context.
+ * \param buf The start of the input buffer.
+ * \param blen The length of the input buffer.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ */
+int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx,
+ const unsigned char *buf, size_t blen );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* x25519.h */
diff --git a/3rdparty/everest/library/Hacl_Curve25519.c b/3rdparty/everest/library/Hacl_Curve25519.c
new file mode 100644
index 0000000..450b9f8
--- /dev/null
+++ b/3rdparty/everest/library/Hacl_Curve25519.c
@@ -0,0 +1,760 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
+ * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fbuiltin-uint128 -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c
+ * F* version: 059db0c8
+ * KreMLin version: 916c37ac
+ */
+
+
+#include "Hacl_Curve25519.h"
+
+extern uint64_t FStar_UInt64_eq_mask(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_gte_mask(uint64_t x0, uint64_t x1);
+
+extern uint128_t FStar_UInt128_add(uint128_t x0, uint128_t x1);
+
+extern uint128_t FStar_UInt128_add_mod(uint128_t x0, uint128_t x1);
+
+extern uint128_t FStar_UInt128_logand(uint128_t x0, uint128_t x1);
+
+extern uint128_t FStar_UInt128_shift_right(uint128_t x0, uint32_t x1);
+
+extern uint128_t FStar_UInt128_uint64_to_uint128(uint64_t x0);
+
+extern uint64_t FStar_UInt128_uint128_to_uint64(uint128_t x0);
+
+extern uint128_t FStar_UInt128_mul_wide(uint64_t x0, uint64_t x1);
+
+static void Hacl_Bignum_Modulo_carry_top(uint64_t *b)
+{
+ uint64_t b4 = b[4U];
+ uint64_t b0 = b[0U];
+ uint64_t b4_ = b4 & (uint64_t)0x7ffffffffffffU;
+ uint64_t b0_ = b0 + (uint64_t)19U * (b4 >> (uint32_t)51U);
+ b[4U] = b4_;
+ b[0U] = b0_;
+}
+
+inline static void Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, uint128_t *input)
+{
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
+ {
+ uint128_t xi = input[i];
+ output[i] = (uint64_t)xi;
+ }
+}
+
+inline static void
+Hacl_Bignum_Fproduct_sum_scalar_multiplication_(uint128_t *output, uint64_t *input, uint64_t s)
+{
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
+ {
+ uint128_t xi = output[i];
+ uint64_t yi = input[i];
+ output[i] = xi + (uint128_t)yi * s;
+ }
+}
+
+inline static void Hacl_Bignum_Fproduct_carry_wide_(uint128_t *tmp)
+{
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U)
+ {
+ uint32_t ctr = i;
+ uint128_t tctr = tmp[ctr];
+ uint128_t tctrp1 = tmp[ctr + (uint32_t)1U];
+ uint64_t r0 = (uint64_t)tctr & (uint64_t)0x7ffffffffffffU;
+ uint128_t c = tctr >> (uint32_t)51U;
+ tmp[ctr] = (uint128_t)r0;
+ tmp[ctr + (uint32_t)1U] = tctrp1 + c;
+ }
+}
+
+inline static void Hacl_Bignum_Fmul_shift_reduce(uint64_t *output)
+{
+ uint64_t tmp = output[4U];
+ uint64_t b0;
+ {
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U)
+ {
+ uint32_t ctr = (uint32_t)5U - i - (uint32_t)1U;
+ uint64_t z = output[ctr - (uint32_t)1U];
+ output[ctr] = z;
+ }
+ }
+ output[0U] = tmp;
+ b0 = output[0U];
+ output[0U] = (uint64_t)19U * b0;
+}
+
+static void
+Hacl_Bignum_Fmul_mul_shift_reduce_(uint128_t *output, uint64_t *input, uint64_t *input2)
+{
+ uint32_t i;
+ uint64_t input2i;
+ {
+ uint32_t i0;
+ for (i0 = (uint32_t)0U; i0 < (uint32_t)4U; i0 = i0 + (uint32_t)1U)
+ {
+ uint64_t input2i0 = input2[i0];
+ Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i0);
+ Hacl_Bignum_Fmul_shift_reduce(input);
+ }
+ }
+ i = (uint32_t)4U;
+ input2i = input2[i];
+ Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+}
+
+inline static void Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input2)
+{
+ uint64_t tmp[5U] = { 0U };
+ memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]);
+ KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U);
+ {
+ uint128_t t[5U];
+ {
+ uint32_t _i;
+ for (_i = 0U; _i < (uint32_t)5U; ++_i)
+ t[_i] = (uint128_t)(uint64_t)0U;
+ }
+ {
+ uint128_t b4;
+ uint128_t b0;
+ uint128_t b4_;
+ uint128_t b0_;
+ uint64_t i0;
+ uint64_t i1;
+ uint64_t i0_;
+ uint64_t i1_;
+ Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2);
+ Hacl_Bignum_Fproduct_carry_wide_(t);
+ b4 = t[4U];
+ b0 = t[0U];
+ b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU;
+ b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U);
+ t[4U] = b4_;
+ t[0U] = b0_;
+ Hacl_Bignum_Fproduct_copy_from_wide_(output, t);
+ i0 = output[0U];
+ i1 = output[1U];
+ i0_ = i0 & (uint64_t)0x7ffffffffffffU;
+ i1_ = i1 + (i0 >> (uint32_t)51U);
+ output[0U] = i0_;
+ output[1U] = i1_;
+ }
+ }
+}
+
+inline static void Hacl_Bignum_Fsquare_fsquare__(uint128_t *tmp, uint64_t *output)
+{
+ uint64_t r0 = output[0U];
+ uint64_t r1 = output[1U];
+ uint64_t r2 = output[2U];
+ uint64_t r3 = output[3U];
+ uint64_t r4 = output[4U];
+ uint64_t d0 = r0 * (uint64_t)2U;
+ uint64_t d1 = r1 * (uint64_t)2U;
+ uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U;
+ uint64_t d419 = r4 * (uint64_t)19U;
+ uint64_t d4 = d419 * (uint64_t)2U;
+ uint128_t s0 = (uint128_t)r0 * r0 + (uint128_t)d4 * r1 + (uint128_t)d2 * r3;
+ uint128_t s1 = (uint128_t)d0 * r1 + (uint128_t)d4 * r2 + (uint128_t)(r3 * (uint64_t)19U) * r3;
+ uint128_t s2 = (uint128_t)d0 * r2 + (uint128_t)r1 * r1 + (uint128_t)d4 * r3;
+ uint128_t s3 = (uint128_t)d0 * r3 + (uint128_t)d1 * r2 + (uint128_t)r4 * d419;
+ uint128_t s4 = (uint128_t)d0 * r4 + (uint128_t)d1 * r3 + (uint128_t)r2 * r2;
+ tmp[0U] = s0;
+ tmp[1U] = s1;
+ tmp[2U] = s2;
+ tmp[3U] = s3;
+ tmp[4U] = s4;
+}
+
+inline static void Hacl_Bignum_Fsquare_fsquare_(uint128_t *tmp, uint64_t *output)
+{
+ uint128_t b4;
+ uint128_t b0;
+ uint128_t b4_;
+ uint128_t b0_;
+ uint64_t i0;
+ uint64_t i1;
+ uint64_t i0_;
+ uint64_t i1_;
+ Hacl_Bignum_Fsquare_fsquare__(tmp, output);
+ Hacl_Bignum_Fproduct_carry_wide_(tmp);
+ b4 = tmp[4U];
+ b0 = tmp[0U];
+ b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU;
+ b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U);
+ tmp[4U] = b4_;
+ tmp[0U] = b0_;
+ Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
+ i0 = output[0U];
+ i1 = output[1U];
+ i0_ = i0 & (uint64_t)0x7ffffffffffffU;
+ i1_ = i1 + (i0 >> (uint32_t)51U);
+ output[0U] = i0_;
+ output[1U] = i1_;
+}
+
+static void
+Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *input, uint128_t *tmp, uint32_t count1)
+{
+ uint32_t i;
+ Hacl_Bignum_Fsquare_fsquare_(tmp, input);
+ for (i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U)
+ Hacl_Bignum_Fsquare_fsquare_(tmp, input);
+}
+
+inline static void
+Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1)
+{
+ KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U);
+ {
+ uint128_t t[5U];
+ {
+ uint32_t _i;
+ for (_i = 0U; _i < (uint32_t)5U; ++_i)
+ t[_i] = (uint128_t)(uint64_t)0U;
+ }
+ memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
+ Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
+ }
+}
+
+inline static void Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1)
+{
+ KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U);
+ {
+ uint128_t t[5U];
+ {
+ uint32_t _i;
+ for (_i = 0U; _i < (uint32_t)5U; ++_i)
+ t[_i] = (uint128_t)(uint64_t)0U;
+ }
+ Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
+ }
+}
+
+inline static void Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z)
+{
+ uint64_t buf[20U] = { 0U };
+ uint64_t *a0 = buf;
+ uint64_t *t00 = buf + (uint32_t)5U;
+ uint64_t *b0 = buf + (uint32_t)10U;
+ uint64_t *t01;
+ uint64_t *b1;
+ uint64_t *c0;
+ uint64_t *a;
+ uint64_t *t0;
+ uint64_t *b;
+ uint64_t *c;
+ Hacl_Bignum_Fsquare_fsquare_times(a0, z, (uint32_t)1U);
+ Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)2U);
+ Hacl_Bignum_Fmul_fmul(b0, t00, z);
+ Hacl_Bignum_Fmul_fmul(a0, b0, a0);
+ Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)1U);
+ Hacl_Bignum_Fmul_fmul(b0, t00, b0);
+ Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U);
+ t01 = buf + (uint32_t)5U;
+ b1 = buf + (uint32_t)10U;
+ c0 = buf + (uint32_t)15U;
+ Hacl_Bignum_Fmul_fmul(b1, t01, b1);
+ Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U);
+ Hacl_Bignum_Fmul_fmul(c0, t01, b1);
+ Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20U);
+ Hacl_Bignum_Fmul_fmul(t01, t01, c0);
+ Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U);
+ Hacl_Bignum_Fmul_fmul(b1, t01, b1);
+ Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U);
+ a = buf;
+ t0 = buf + (uint32_t)5U;
+ b = buf + (uint32_t)10U;
+ c = buf + (uint32_t)15U;
+ Hacl_Bignum_Fmul_fmul(c, t0, b);
+ Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U);
+ Hacl_Bignum_Fmul_fmul(t0, t0, c);
+ Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50U);
+ Hacl_Bignum_Fmul_fmul(t0, t0, b);
+ Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5U);
+ Hacl_Bignum_Fmul_fmul(out, t0, a);
+}
+
+inline static void Hacl_Bignum_fsum(uint64_t *a, uint64_t *b)
+{
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
+ {
+ uint64_t xi = a[i];
+ uint64_t yi = b[i];
+ a[i] = xi + yi;
+ }
+}
+
+inline static void Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b)
+{
+ uint64_t tmp[5U] = { 0U };
+ uint64_t b0;
+ uint64_t b1;
+ uint64_t b2;
+ uint64_t b3;
+ uint64_t b4;
+ memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]);
+ b0 = tmp[0U];
+ b1 = tmp[1U];
+ b2 = tmp[2U];
+ b3 = tmp[3U];
+ b4 = tmp[4U];
+ tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U;
+ tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U;
+ tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U;
+ tmp[3U] = b3 + (uint64_t)0x3ffffffffffff8U;
+ tmp[4U] = b4 + (uint64_t)0x3ffffffffffff8U;
+ {
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
+ {
+ uint64_t xi = a[i];
+ uint64_t yi = tmp[i];
+ a[i] = yi - xi;
+ }
+ }
+}
+
+inline static void Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s)
+{
+ KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U);
+ {
+ uint128_t tmp[5U];
+ {
+ uint32_t _i;
+ for (_i = 0U; _i < (uint32_t)5U; ++_i)
+ tmp[_i] = (uint128_t)(uint64_t)0U;
+ }
+ {
+ uint128_t b4;
+ uint128_t b0;
+ uint128_t b4_;
+ uint128_t b0_;
+ {
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
+ {
+ uint64_t xi = b[i];
+ tmp[i] = (uint128_t)xi * s;
+ }
+ }
+ Hacl_Bignum_Fproduct_carry_wide_(tmp);
+ b4 = tmp[4U];
+ b0 = tmp[0U];
+ b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU;
+ b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U);
+ tmp[4U] = b4_;
+ tmp[0U] = b0_;
+ Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
+ }
+ }
+}
+
+inline static void Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b)
+{
+ Hacl_Bignum_Fmul_fmul(output, a, b);
+}
+
+inline static void Hacl_Bignum_crecip(uint64_t *output, uint64_t *input)
+{
+ Hacl_Bignum_Crecip_crecip(output, input);
+}
+
+static void
+Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
+{
+ uint32_t i = ctr - (uint32_t)1U;
+ uint64_t ai = a[i];
+ uint64_t bi = b[i];
+ uint64_t x = swap1 & (ai ^ bi);
+ uint64_t ai1 = ai ^ x;
+ uint64_t bi1 = bi ^ x;
+ a[i] = ai1;
+ b[i] = bi1;
+}
+
+static void
+Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
+{
+ if (!(ctr == (uint32_t)0U))
+ {
+ uint32_t i;
+ Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr);
+ i = ctr - (uint32_t)1U;
+ Hacl_EC_Point_swap_conditional_(a, b, swap1, i);
+ }
+}
+
+static void Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap)
+{
+ uint64_t swap1 = (uint64_t)0U - iswap;
+ Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5U);
+ Hacl_EC_Point_swap_conditional_(a + (uint32_t)5U, b + (uint32_t)5U, swap1, (uint32_t)5U);
+}
+
+static void Hacl_EC_Point_copy(uint64_t *output, uint64_t *input)
+{
+ memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
+ memcpy(output + (uint32_t)5U,
+ input + (uint32_t)5U,
+ (uint32_t)5U * sizeof (input + (uint32_t)5U)[0U]);
+}
+
+static void Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input)
+{
+ uint64_t i0 = load64_le(input);
+ uint8_t *x00 = input + (uint32_t)6U;
+ uint64_t i1 = load64_le(x00);
+ uint8_t *x01 = input + (uint32_t)12U;
+ uint64_t i2 = load64_le(x01);
+ uint8_t *x02 = input + (uint32_t)19U;
+ uint64_t i3 = load64_le(x02);
+ uint8_t *x0 = input + (uint32_t)24U;
+ uint64_t i4 = load64_le(x0);
+ uint64_t output0 = i0 & (uint64_t)0x7ffffffffffffU;
+ uint64_t output1 = i1 >> (uint32_t)3U & (uint64_t)0x7ffffffffffffU;
+ uint64_t output2 = i2 >> (uint32_t)6U & (uint64_t)0x7ffffffffffffU;
+ uint64_t output3 = i3 >> (uint32_t)1U & (uint64_t)0x7ffffffffffffU;
+ uint64_t output4 = i4 >> (uint32_t)12U & (uint64_t)0x7ffffffffffffU;
+ output[0U] = output0;
+ output[1U] = output1;
+ output[2U] = output2;
+ output[3U] = output3;
+ output[4U] = output4;
+}
+
+static void Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input)
+{
+ uint64_t t0 = input[0U];
+ uint64_t t1 = input[1U];
+ uint64_t t2 = input[2U];
+ uint64_t t3 = input[3U];
+ uint64_t t4 = input[4U];
+ uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
+ uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
+ uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
+ uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
+ uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
+ uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
+ uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
+ uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
+ input[0U] = t0_;
+ input[1U] = t1__;
+ input[2U] = t2__;
+ input[3U] = t3__;
+ input[4U] = t4_;
+}
+
+static void Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input)
+{
+ Hacl_EC_Format_fcontract_first_carry_pass(input);
+ Hacl_Bignum_Modulo_carry_top(input);
+}
+
+static void Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input)
+{
+ uint64_t t0 = input[0U];
+ uint64_t t1 = input[1U];
+ uint64_t t2 = input[2U];
+ uint64_t t3 = input[3U];
+ uint64_t t4 = input[4U];
+ uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
+ uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
+ uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
+ uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
+ uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
+ uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
+ uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
+ uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
+ input[0U] = t0_;
+ input[1U] = t1__;
+ input[2U] = t2__;
+ input[3U] = t3__;
+ input[4U] = t4_;
+}
+
+static void Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input)
+{
+ uint64_t i0;
+ uint64_t i1;
+ uint64_t i0_;
+ uint64_t i1_;
+ Hacl_EC_Format_fcontract_second_carry_pass(input);
+ Hacl_Bignum_Modulo_carry_top(input);
+ i0 = input[0U];
+ i1 = input[1U];
+ i0_ = i0 & (uint64_t)0x7ffffffffffffU;
+ i1_ = i1 + (i0 >> (uint32_t)51U);
+ input[0U] = i0_;
+ input[1U] = i1_;
+}
+
+static void Hacl_EC_Format_fcontract_trim(uint64_t *input)
+{
+ uint64_t a0 = input[0U];
+ uint64_t a1 = input[1U];
+ uint64_t a2 = input[2U];
+ uint64_t a3 = input[3U];
+ uint64_t a4 = input[4U];
+ uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffedU);
+ uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffffU);
+ uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffffU);
+ uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffffU);
+ uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffffU);
+ uint64_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4;
+ uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffedU & mask);
+ uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffffU & mask);
+ uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffffU & mask);
+ uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffffU & mask);
+ uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffffU & mask);
+ input[0U] = a0_;
+ input[1U] = a1_;
+ input[2U] = a2_;
+ input[3U] = a3_;
+ input[4U] = a4_;
+}
+
+static void Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input)
+{
+ uint64_t t0 = input[0U];
+ uint64_t t1 = input[1U];
+ uint64_t t2 = input[2U];
+ uint64_t t3 = input[3U];
+ uint64_t t4 = input[4U];
+ uint64_t o0 = t1 << (uint32_t)51U | t0;
+ uint64_t o1 = t2 << (uint32_t)38U | t1 >> (uint32_t)13U;
+ uint64_t o2 = t3 << (uint32_t)25U | t2 >> (uint32_t)26U;
+ uint64_t o3 = t4 << (uint32_t)12U | t3 >> (uint32_t)39U;
+ uint8_t *b0 = output;
+ uint8_t *b1 = output + (uint32_t)8U;
+ uint8_t *b2 = output + (uint32_t)16U;
+ uint8_t *b3 = output + (uint32_t)24U;
+ store64_le(b0, o0);
+ store64_le(b1, o1);
+ store64_le(b2, o2);
+ store64_le(b3, o3);
+}
+
+static void Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input)
+{
+ Hacl_EC_Format_fcontract_first_carry_full(input);
+ Hacl_EC_Format_fcontract_second_carry_full(input);
+ Hacl_EC_Format_fcontract_trim(input);
+ Hacl_EC_Format_fcontract_store(output, input);
+}
+
+static void Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point)
+{
+ uint64_t *x = point;
+ uint64_t *z = point + (uint32_t)5U;
+ uint64_t buf[10U] = { 0U };
+ uint64_t *zmone = buf;
+ uint64_t *sc = buf + (uint32_t)5U;
+ Hacl_Bignum_crecip(zmone, z);
+ Hacl_Bignum_fmul(sc, x, zmone);
+ Hacl_EC_Format_fcontract(scalar, sc);
+}
+
+static void
+Hacl_EC_AddAndDouble_fmonty(
+ uint64_t *pp,
+ uint64_t *ppq,
+ uint64_t *p,
+ uint64_t *pq,
+ uint64_t *qmqp
+)
+{
+ uint64_t *qx = qmqp;
+ uint64_t *x2 = pp;
+ uint64_t *z2 = pp + (uint32_t)5U;
+ uint64_t *x3 = ppq;
+ uint64_t *z3 = ppq + (uint32_t)5U;
+ uint64_t *x = p;
+ uint64_t *z = p + (uint32_t)5U;
+ uint64_t *xprime = pq;
+ uint64_t *zprime = pq + (uint32_t)5U;
+ uint64_t buf[40U] = { 0U };
+ uint64_t *origx = buf;
+ uint64_t *origxprime0 = buf + (uint32_t)5U;
+ uint64_t *xxprime0 = buf + (uint32_t)25U;
+ uint64_t *zzprime0 = buf + (uint32_t)30U;
+ uint64_t *origxprime;
+ uint64_t *xx0;
+ uint64_t *zz0;
+ uint64_t *xxprime;
+ uint64_t *zzprime;
+ uint64_t *zzzprime;
+ uint64_t *zzz;
+ uint64_t *xx;
+ uint64_t *zz;
+ uint64_t scalar;
+ memcpy(origx, x, (uint32_t)5U * sizeof x[0U]);
+ Hacl_Bignum_fsum(x, z);
+ Hacl_Bignum_fdifference(z, origx);
+ memcpy(origxprime0, xprime, (uint32_t)5U * sizeof xprime[0U]);
+ Hacl_Bignum_fsum(xprime, zprime);
+ Hacl_Bignum_fdifference(zprime, origxprime0);
+ Hacl_Bignum_fmul(xxprime0, xprime, z);
+ Hacl_Bignum_fmul(zzprime0, x, zprime);
+ origxprime = buf + (uint32_t)5U;
+ xx0 = buf + (uint32_t)15U;
+ zz0 = buf + (uint32_t)20U;
+ xxprime = buf + (uint32_t)25U;
+ zzprime = buf + (uint32_t)30U;
+ zzzprime = buf + (uint32_t)35U;
+ memcpy(origxprime, xxprime, (uint32_t)5U * sizeof xxprime[0U]);
+ Hacl_Bignum_fsum(xxprime, zzprime);
+ Hacl_Bignum_fdifference(zzprime, origxprime);
+ Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1U);
+ Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1U);
+ Hacl_Bignum_fmul(z3, zzzprime, qx);
+ Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U);
+ Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U);
+ zzz = buf + (uint32_t)10U;
+ xx = buf + (uint32_t)15U;
+ zz = buf + (uint32_t)20U;
+ Hacl_Bignum_fmul(x2, xx, zz);
+ Hacl_Bignum_fdifference(zz, xx);
+ scalar = (uint64_t)121665U;
+ Hacl_Bignum_fscalar(zzz, zz, scalar);
+ Hacl_Bignum_fsum(zzz, xx);
+ Hacl_Bignum_fmul(z2, zzz, zz);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(
+ uint64_t *nq,
+ uint64_t *nqpq,
+ uint64_t *nq2,
+ uint64_t *nqpq2,
+ uint64_t *q,
+ uint8_t byt
+)
+{
+ uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U);
+ uint64_t bit;
+ Hacl_EC_Point_swap_conditional(nq, nqpq, bit0);
+ Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q);
+ bit = (uint64_t)(byt >> (uint32_t)7U);
+ Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(
+ uint64_t *nq,
+ uint64_t *nqpq,
+ uint64_t *nq2,
+ uint64_t *nqpq2,
+ uint64_t *q,
+ uint8_t byt
+)
+{
+ uint8_t byt1;
+ Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt);
+ byt1 = byt << (uint32_t)1U;
+ Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop(
+ uint64_t *nq,
+ uint64_t *nqpq,
+ uint64_t *nq2,
+ uint64_t *nqpq2,
+ uint64_t *q,
+ uint8_t byt,
+ uint32_t i
+)
+{
+ if (!(i == (uint32_t)0U))
+ {
+ uint32_t i_ = i - (uint32_t)1U;
+ uint8_t byt_;
+ Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt);
+ byt_ = byt << (uint32_t)2U;
+ Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_);
+ }
+}
+
+static void
+Hacl_EC_Ladder_BigLoop_cmult_big_loop(
+ uint8_t *n1,
+ uint64_t *nq,
+ uint64_t *nqpq,
+ uint64_t *nq2,
+ uint64_t *nqpq2,
+ uint64_t *q,
+ uint32_t i
+)
+{
+ if (!(i == (uint32_t)0U))
+ {
+ uint32_t i1 = i - (uint32_t)1U;
+ uint8_t byte = n1[i1];
+ Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4U);
+ Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1);
+ }
+}
+
+static void Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q)
+{
+ uint64_t point_buf[40U] = { 0U };
+ uint64_t *nq = point_buf;
+ uint64_t *nqpq = point_buf + (uint32_t)10U;
+ uint64_t *nq2 = point_buf + (uint32_t)20U;
+ uint64_t *nqpq2 = point_buf + (uint32_t)30U;
+ Hacl_EC_Point_copy(nqpq, q);
+ nq[0U] = (uint64_t)1U;
+ Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32U);
+ Hacl_EC_Point_copy(result, nq);
+}
+
+void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
+{
+ uint64_t buf0[10U] = { 0U };
+ uint64_t *x0 = buf0;
+ uint64_t *z = buf0 + (uint32_t)5U;
+ uint64_t *q;
+ Hacl_EC_Format_fexpand(x0, basepoint);
+ z[0U] = (uint64_t)1U;
+ q = buf0;
+ {
+ uint8_t e[32U] = { 0U };
+ uint8_t e0;
+ uint8_t e31;
+ uint8_t e01;
+ uint8_t e311;
+ uint8_t e312;
+ uint8_t *scalar;
+ memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]);
+ e0 = e[0U];
+ e31 = e[31U];
+ e01 = e0 & (uint8_t)248U;
+ e311 = e31 & (uint8_t)127U;
+ e312 = e311 | (uint8_t)64U;
+ e[0U] = e01;
+ e[31U] = e312;
+ scalar = e;
+ {
+ uint64_t buf[15U] = { 0U };
+ uint64_t *nq = buf;
+ uint64_t *x = nq;
+ x[0U] = (uint64_t)1U;
+ Hacl_EC_Ladder_cmult(nq, scalar, q);
+ Hacl_EC_Format_scalar_of_point(mypublic, nq);
+ }
+ }
+}
+
diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c
new file mode 100644
index 0000000..18b32d2
--- /dev/null
+++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c
@@ -0,0 +1,45 @@
+/*
+ * Interface to code from Project Everest
+ *
+ * Copyright 2016-2018 INRIA and Microsoft Corporation
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+
+#if defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)
+#define MBEDTLS_HAVE_INT128
+#endif
+
+#if defined(MBEDTLS_HAVE_INT128)
+#include "Hacl_Curve25519.c"
+#else
+#define KRML_VERIFIED_UINT128
+#include "kremlib/FStar_UInt128_extracted.c"
+#include "legacy/Hacl_Curve25519.c"
+#endif
+
+#include "kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c"
+
+#endif /* defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) */
+
diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c
new file mode 100644
index 0000000..2e2422f
--- /dev/null
+++ b/3rdparty/everest/library/everest.c
@@ -0,0 +1,111 @@
+/*
+ * Interface to code from Project Everest
+ *
+ * Copyright 2016-2018 INRIA and Microsoft Corporation
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org).
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <string.h>
+
+#include "mbedtls/ecdh.h"
+
+#include "everest/x25519.h"
+#include "everest/everest.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#endif
+
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+
+int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id )
+{
+ if( grp_id != MBEDTLS_ECP_DP_CURVE25519 )
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ mbedtls_x25519_init( &ctx->ctx );
+ return 0;
+}
+
+void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx )
+{
+ mbedtls_x25519_free( &ctx->ctx );
+}
+
+int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )( void *, unsigned char *, size_t ),
+ void *p_rng )
+{
+ mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
+ return mbedtls_x25519_make_params( x25519_ctx, olen, buf, blen, f_rng, p_rng );
+}
+
+int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
+ const unsigned char **buf,
+ const unsigned char *end )
+{
+ mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
+ return mbedtls_x25519_read_params( x25519_ctx, buf, end );
+}
+
+int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx,
+ const mbedtls_ecp_keypair *key,
+ mbedtls_everest_ecdh_side side )
+{
+ mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
+ mbedtls_x25519_ecdh_side s = side == MBEDTLS_EVEREST_ECDH_OURS ?
+ MBEDTLS_X25519_ECDH_OURS :
+ MBEDTLS_X25519_ECDH_THEIRS;
+ return mbedtls_x25519_get_params( x25519_ctx, key, s );
+}
+
+int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )( void *, unsigned char *, size_t ),
+ void *p_rng )
+{
+ mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
+ return mbedtls_x25519_make_public( x25519_ctx, olen, buf, blen, f_rng, p_rng );
+}
+
+int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx,
+ const unsigned char *buf, size_t blen )
+{
+ mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
+ return mbedtls_x25519_read_public ( x25519_ctx, buf, blen );
+}
+
+int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )( void *, unsigned char *, size_t ),
+ void *p_rng )
+{
+ mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
+ return mbedtls_x25519_calc_secret( x25519_ctx, olen, buf, blen, f_rng, p_rng );
+}
+
+#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
+
diff --git a/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c b/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c
new file mode 100644
index 0000000..1060515
--- /dev/null
+++ b/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c
@@ -0,0 +1,413 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
+ * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir extracted -warn-error +9+11 -skip-compilation -extract-uints -add-include <inttypes.h> -add-include "kremlib.h" -add-include "kremlin/internal/compat.h" extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml
+ * F* version: 059db0c8
+ * KreMLin version: 916c37ac
+ */
+
+
+#include "FStar_UInt128.h"
+#include "kremlin/c_endianness.h"
+#include "FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h"
+
+uint64_t FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee)
+{
+ return projectee.low;
+}
+
+uint64_t FStar_UInt128___proj__Mkuint128__item__high(FStar_UInt128_uint128 projectee)
+{
+ return projectee.high;
+}
+
+static uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b)
+{
+ return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U;
+}
+
+static uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b)
+{
+ return FStar_UInt128_constant_time_carry(a, b);
+}
+
+FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ FStar_UInt128_uint128
+ flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) };
+ return flat;
+}
+
+FStar_UInt128_uint128
+FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ FStar_UInt128_uint128
+ flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) };
+ return flat;
+}
+
+FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ FStar_UInt128_uint128
+ flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) };
+ return flat;
+}
+
+FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ FStar_UInt128_uint128
+ flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) };
+ return flat;
+}
+
+FStar_UInt128_uint128
+FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ FStar_UInt128_uint128
+ flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) };
+ return flat;
+}
+
+static FStar_UInt128_uint128
+FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ FStar_UInt128_uint128
+ flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) };
+ return flat;
+}
+
+FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ return FStar_UInt128_sub_mod_impl(a, b);
+}
+
+FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ FStar_UInt128_uint128 flat = { a.low & b.low, a.high & b.high };
+ return flat;
+}
+
+FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ FStar_UInt128_uint128 flat = { a.low ^ b.low, a.high ^ b.high };
+ return flat;
+}
+
+FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ FStar_UInt128_uint128 flat = { a.low | b.low, a.high | b.high };
+ return flat;
+}
+
+FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a)
+{
+ FStar_UInt128_uint128 flat = { ~a.low, ~a.high };
+ return flat;
+}
+
+static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U;
+
+static uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s)
+{
+ return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s));
+}
+
+static uint64_t FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s)
+{
+ return FStar_UInt128_add_u64_shift_left(hi, lo, s);
+}
+
+static FStar_UInt128_uint128
+FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s)
+{
+ if (s == (uint32_t)0U)
+ {
+ return a;
+ }
+ else
+ {
+ FStar_UInt128_uint128
+ flat = { a.low << s, FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) };
+ return flat;
+ }
+}
+
+static FStar_UInt128_uint128
+FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s)
+{
+ FStar_UInt128_uint128 flat = { (uint64_t)0U, a.low << (s - FStar_UInt128_u32_64) };
+ return flat;
+}
+
+FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s)
+{
+ if (s < FStar_UInt128_u32_64)
+ {
+ return FStar_UInt128_shift_left_small(a, s);
+ }
+ else
+ {
+ return FStar_UInt128_shift_left_large(a, s);
+ }
+}
+
+static uint64_t FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s)
+{
+ return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s));
+}
+
+static uint64_t FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s)
+{
+ return FStar_UInt128_add_u64_shift_right(hi, lo, s);
+}
+
+static FStar_UInt128_uint128
+FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s)
+{
+ if (s == (uint32_t)0U)
+ {
+ return a;
+ }
+ else
+ {
+ FStar_UInt128_uint128
+ flat = { FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s), a.high >> s };
+ return flat;
+ }
+}
+
+static FStar_UInt128_uint128
+FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s)
+{
+ FStar_UInt128_uint128 flat = { a.high >> (s - FStar_UInt128_u32_64), (uint64_t)0U };
+ return flat;
+}
+
+FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s)
+{
+ if (s < FStar_UInt128_u32_64)
+ {
+ return FStar_UInt128_shift_right_small(a, s);
+ }
+ else
+ {
+ return FStar_UInt128_shift_right_large(a, s);
+ }
+}
+
+bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ return a.low == b.low && a.high == b.high;
+}
+
+bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ return a.high > b.high || (a.high == b.high && a.low > b.low);
+}
+
+bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ return a.high < b.high || (a.high == b.high && a.low < b.low);
+}
+
+bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ return a.high > b.high || (a.high == b.high && a.low >= b.low);
+}
+
+bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ return a.high < b.high || (a.high == b.high && a.low <= b.low);
+}
+
+FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ FStar_UInt128_uint128
+ flat =
+ {
+ FStar_UInt64_eq_mask(a.low,
+ b.low)
+ & FStar_UInt64_eq_mask(a.high, b.high),
+ FStar_UInt64_eq_mask(a.low,
+ b.low)
+ & FStar_UInt64_eq_mask(a.high, b.high)
+ };
+ return flat;
+}
+
+FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+ FStar_UInt128_uint128
+ flat =
+ {
+ (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high))
+ | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)),
+ (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high))
+ | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low))
+ };
+ return flat;
+}
+
+FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a)
+{
+ FStar_UInt128_uint128 flat = { a, (uint64_t)0U };
+ return flat;
+}
+
+uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a)
+{
+ return a.low;
+}
+
+FStar_UInt128_uint128
+(*FStar_UInt128_op_Plus_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_add;
+
+FStar_UInt128_uint128
+(*FStar_UInt128_op_Plus_Question_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_add_underspec;
+
+FStar_UInt128_uint128
+(*FStar_UInt128_op_Plus_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_add_mod;
+
+FStar_UInt128_uint128
+(*FStar_UInt128_op_Subtraction_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_sub;
+
+FStar_UInt128_uint128
+(*FStar_UInt128_op_Subtraction_Question_Hat)(
+ FStar_UInt128_uint128 x0,
+ FStar_UInt128_uint128 x1
+) = FStar_UInt128_sub_underspec;
+
+FStar_UInt128_uint128
+(*FStar_UInt128_op_Subtraction_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_sub_mod;
+
+FStar_UInt128_uint128
+(*FStar_UInt128_op_Amp_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_logand;
+
+FStar_UInt128_uint128
+(*FStar_UInt128_op_Hat_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_logxor;
+
+FStar_UInt128_uint128
+(*FStar_UInt128_op_Bar_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_logor;
+
+FStar_UInt128_uint128
+(*FStar_UInt128_op_Less_Less_Hat)(FStar_UInt128_uint128 x0, uint32_t x1) =
+ FStar_UInt128_shift_left;
+
+FStar_UInt128_uint128
+(*FStar_UInt128_op_Greater_Greater_Hat)(FStar_UInt128_uint128 x0, uint32_t x1) =
+ FStar_UInt128_shift_right;
+
+bool
+(*FStar_UInt128_op_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_eq;
+
+bool
+(*FStar_UInt128_op_Greater_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_gt;
+
+bool
+(*FStar_UInt128_op_Less_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_lt;
+
+bool
+(*FStar_UInt128_op_Greater_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_gte;
+
+bool
+(*FStar_UInt128_op_Less_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
+ FStar_UInt128_lte;
+
+static uint64_t FStar_UInt128_u64_mod_32(uint64_t a)
+{
+ return a & (uint64_t)0xffffffffU;
+}
+
+static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U;
+
+static uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo)
+{
+ return lo + (hi << FStar_UInt128_u32_32);
+}
+
+FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y)
+{
+ FStar_UInt128_uint128
+ flat =
+ {
+ FStar_UInt128_u32_combine((x >> FStar_UInt128_u32_32)
+ * (uint64_t)y
+ + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32),
+ FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)),
+ ((x >> FStar_UInt128_u32_32)
+ * (uint64_t)y
+ + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32))
+ >> FStar_UInt128_u32_32
+ };
+ return flat;
+}
+
+typedef struct K___uint64_t_uint64_t_uint64_t_uint64_t_s
+{
+ uint64_t fst;
+ uint64_t snd;
+ uint64_t thd;
+ uint64_t f3;
+}
+K___uint64_t_uint64_t_uint64_t_uint64_t;
+
+static K___uint64_t_uint64_t_uint64_t_uint64_t
+FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y)
+{
+ K___uint64_t_uint64_t_uint64_t_uint64_t
+ flat =
+ {
+ FStar_UInt128_u64_mod_32(x),
+ FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)),
+ x
+ >> FStar_UInt128_u32_32,
+ (x >> FStar_UInt128_u32_32)
+ * FStar_UInt128_u64_mod_32(y)
+ + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)
+ };
+ return flat;
+}
+
+static uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo)
+{
+ return lo + (hi << FStar_UInt128_u32_32);
+}
+
+static FStar_UInt128_uint128 FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y)
+{
+ K___uint64_t_uint64_t_uint64_t_uint64_t scrut = FStar_UInt128_mul_wide_impl_t_(x, y);
+ uint64_t u1 = scrut.fst;
+ uint64_t w3 = scrut.snd;
+ uint64_t x_ = scrut.thd;
+ uint64_t t_ = scrut.f3;
+ FStar_UInt128_uint128
+ flat =
+ {
+ FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_),
+ w3),
+ x_
+ * (y >> FStar_UInt128_u32_32)
+ + (t_ >> FStar_UInt128_u32_32)
+ + ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32)
+ };
+ return flat;
+}
+
+FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y)
+{
+ return FStar_UInt128_mul_wide_impl(x, y);
+}
+
diff --git a/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c b/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c
new file mode 100644
index 0000000..0826524
--- /dev/null
+++ b/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c
@@ -0,0 +1,100 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
+ * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir dist/minimal -skip-compilation -extract-uints -add-include <inttypes.h> -add-include <stdbool.h> -add-include "kremlin/internal/compat.h" -add-include "kremlin/internal/types.h" -bundle FStar.UInt64+FStar.UInt32+FStar.UInt16+FStar.UInt8=* extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml
+ * F* version: 059db0c8
+ * KreMLin version: 916c37ac
+ */
+
+
+#include "FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h"
+
+uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
+{
+ uint64_t x = a ^ b;
+ uint64_t minus_x = ~x + (uint64_t)1U;
+ uint64_t x_or_minus_x = x | minus_x;
+ uint64_t xnx = x_or_minus_x >> (uint32_t)63U;
+ return xnx - (uint64_t)1U;
+}
+
+uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
+{
+ uint64_t x = a;
+ uint64_t y = b;
+ uint64_t x_xor_y = x ^ y;
+ uint64_t x_sub_y = x - y;
+ uint64_t x_sub_y_xor_y = x_sub_y ^ y;
+ uint64_t q = x_xor_y | x_sub_y_xor_y;
+ uint64_t x_xor_q = x ^ q;
+ uint64_t x_xor_q_ = x_xor_q >> (uint32_t)63U;
+ return x_xor_q_ - (uint64_t)1U;
+}
+
+uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
+{
+ uint32_t x = a ^ b;
+ uint32_t minus_x = ~x + (uint32_t)1U;
+ uint32_t x_or_minus_x = x | minus_x;
+ uint32_t xnx = x_or_minus_x >> (uint32_t)31U;
+ return xnx - (uint32_t)1U;
+}
+
+uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
+{
+ uint32_t x = a;
+ uint32_t y = b;
+ uint32_t x_xor_y = x ^ y;
+ uint32_t x_sub_y = x - y;
+ uint32_t x_sub_y_xor_y = x_sub_y ^ y;
+ uint32_t q = x_xor_y | x_sub_y_xor_y;
+ uint32_t x_xor_q = x ^ q;
+ uint32_t x_xor_q_ = x_xor_q >> (uint32_t)31U;
+ return x_xor_q_ - (uint32_t)1U;
+}
+
+uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
+{
+ uint16_t x = a ^ b;
+ uint16_t minus_x = ~x + (uint16_t)1U;
+ uint16_t x_or_minus_x = x | minus_x;
+ uint16_t xnx = x_or_minus_x >> (uint32_t)15U;
+ return xnx - (uint16_t)1U;
+}
+
+uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b)
+{
+ uint16_t x = a;
+ uint16_t y = b;
+ uint16_t x_xor_y = x ^ y;
+ uint16_t x_sub_y = x - y;
+ uint16_t x_sub_y_xor_y = x_sub_y ^ y;
+ uint16_t q = x_xor_y | x_sub_y_xor_y;
+ uint16_t x_xor_q = x ^ q;
+ uint16_t x_xor_q_ = x_xor_q >> (uint32_t)15U;
+ return x_xor_q_ - (uint16_t)1U;
+}
+
+uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
+{
+ uint8_t x = a ^ b;
+ uint8_t minus_x = ~x + (uint8_t)1U;
+ uint8_t x_or_minus_x = x | minus_x;
+ uint8_t xnx = x_or_minus_x >> (uint32_t)7U;
+ return xnx - (uint8_t)1U;
+}
+
+uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b)
+{
+ uint8_t x = a;
+ uint8_t y = b;
+ uint8_t x_xor_y = x ^ y;
+ uint8_t x_sub_y = x - y;
+ uint8_t x_sub_y_xor_y = x_sub_y ^ y;
+ uint8_t q = x_xor_y | x_sub_y_xor_y;
+ uint8_t x_xor_q = x ^ q;
+ uint8_t x_xor_q_ = x_xor_q >> (uint32_t)7U;
+ return x_xor_q_ - (uint8_t)1U;
+}
+
diff --git a/3rdparty/everest/library/legacy/Hacl_Curve25519.c b/3rdparty/everest/library/legacy/Hacl_Curve25519.c
new file mode 100644
index 0000000..babebe4
--- /dev/null
+++ b/3rdparty/everest/library/legacy/Hacl_Curve25519.c
@@ -0,0 +1,805 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ Licensed under the Apache 2.0 License. */
+
+/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
+ * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c
+ * F* version: 059db0c8
+ * KreMLin version: 916c37ac
+ */
+
+
+#include "Hacl_Curve25519.h"
+
+extern uint64_t FStar_UInt64_eq_mask(uint64_t x0, uint64_t x1);
+
+extern uint64_t FStar_UInt64_gte_mask(uint64_t x0, uint64_t x1);
+
+extern FStar_UInt128_uint128
+FStar_UInt128_add(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern FStar_UInt128_uint128
+FStar_UInt128_add_mod(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern FStar_UInt128_uint128
+FStar_UInt128_logand(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
+
+extern FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 x0, uint32_t x1);
+
+extern FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t x0);
+
+extern uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 x0);
+
+extern FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x0, uint64_t x1);
+
+static void Hacl_Bignum_Modulo_carry_top(uint64_t *b)
+{
+ uint64_t b4 = b[4U];
+ uint64_t b0 = b[0U];
+ uint64_t b4_ = b4 & (uint64_t)0x7ffffffffffffU;
+ uint64_t b0_ = b0 + (uint64_t)19U * (b4 >> (uint32_t)51U);
+ b[4U] = b4_;
+ b[0U] = b0_;
+}
+
+inline static void
+Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, FStar_UInt128_uint128 *input)
+{
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
+ {
+ FStar_UInt128_uint128 xi = input[i];
+ output[i] = FStar_UInt128_uint128_to_uint64(xi);
+ }
+}
+
+inline static void
+Hacl_Bignum_Fproduct_sum_scalar_multiplication_(
+ FStar_UInt128_uint128 *output,
+ uint64_t *input,
+ uint64_t s
+)
+{
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
+ {
+ FStar_UInt128_uint128 xi = output[i];
+ uint64_t yi = input[i];
+ output[i] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
+ }
+}
+
+inline static void Hacl_Bignum_Fproduct_carry_wide_(FStar_UInt128_uint128 *tmp)
+{
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U)
+ {
+ uint32_t ctr = i;
+ FStar_UInt128_uint128 tctr = tmp[ctr];
+ FStar_UInt128_uint128 tctrp1 = tmp[ctr + (uint32_t)1U];
+ uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
+ FStar_UInt128_uint128 c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
+ tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
+ tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
+ }
+}
+
+inline static void Hacl_Bignum_Fmul_shift_reduce(uint64_t *output)
+{
+ uint64_t tmp = output[4U];
+ uint64_t b0;
+ {
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U)
+ {
+ uint32_t ctr = (uint32_t)5U - i - (uint32_t)1U;
+ uint64_t z = output[ctr - (uint32_t)1U];
+ output[ctr] = z;
+ }
+ }
+ output[0U] = tmp;
+ b0 = output[0U];
+ output[0U] = (uint64_t)19U * b0;
+}
+
+static void
+Hacl_Bignum_Fmul_mul_shift_reduce_(
+ FStar_UInt128_uint128 *output,
+ uint64_t *input,
+ uint64_t *input2
+)
+{
+ uint32_t i;
+ uint64_t input2i;
+ {
+ uint32_t i0;
+ for (i0 = (uint32_t)0U; i0 < (uint32_t)4U; i0 = i0 + (uint32_t)1U)
+ {
+ uint64_t input2i0 = input2[i0];
+ Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i0);
+ Hacl_Bignum_Fmul_shift_reduce(input);
+ }
+ }
+ i = (uint32_t)4U;
+ input2i = input2[i];
+ Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+}
+
+inline static void Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input2)
+{
+ uint64_t tmp[5U] = { 0U };
+ memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]);
+ KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U);
+ {
+ FStar_UInt128_uint128 t[5U];
+ {
+ uint32_t _i;
+ for (_i = 0U; _i < (uint32_t)5U; ++_i)
+ t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+ }
+ {
+ FStar_UInt128_uint128 b4;
+ FStar_UInt128_uint128 b0;
+ FStar_UInt128_uint128 b4_;
+ FStar_UInt128_uint128 b0_;
+ uint64_t i0;
+ uint64_t i1;
+ uint64_t i0_;
+ uint64_t i1_;
+ Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2);
+ Hacl_Bignum_Fproduct_carry_wide_(t);
+ b4 = t[4U];
+ b0 = t[0U];
+ b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
+ b0_ =
+ FStar_UInt128_add(b0,
+ FStar_UInt128_mul_wide((uint64_t)19U,
+ FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
+ t[4U] = b4_;
+ t[0U] = b0_;
+ Hacl_Bignum_Fproduct_copy_from_wide_(output, t);
+ i0 = output[0U];
+ i1 = output[1U];
+ i0_ = i0 & (uint64_t)0x7ffffffffffffU;
+ i1_ = i1 + (i0 >> (uint32_t)51U);
+ output[0U] = i0_;
+ output[1U] = i1_;
+ }
+ }
+}
+
+inline static void Hacl_Bignum_Fsquare_fsquare__(FStar_UInt128_uint128 *tmp, uint64_t *output)
+{
+ uint64_t r0 = output[0U];
+ uint64_t r1 = output[1U];
+ uint64_t r2 = output[2U];
+ uint64_t r3 = output[3U];
+ uint64_t r4 = output[4U];
+ uint64_t d0 = r0 * (uint64_t)2U;
+ uint64_t d1 = r1 * (uint64_t)2U;
+ uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U;
+ uint64_t d419 = r4 * (uint64_t)19U;
+ uint64_t d4 = d419 * (uint64_t)2U;
+ FStar_UInt128_uint128
+ s0 =
+ FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(r0, r0),
+ FStar_UInt128_mul_wide(d4, r1)),
+ FStar_UInt128_mul_wide(d2, r3));
+ FStar_UInt128_uint128
+ s1 =
+ FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r1),
+ FStar_UInt128_mul_wide(d4, r2)),
+ FStar_UInt128_mul_wide(r3 * (uint64_t)19U, r3));
+ FStar_UInt128_uint128
+ s2 =
+ FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r2),
+ FStar_UInt128_mul_wide(r1, r1)),
+ FStar_UInt128_mul_wide(d4, r3));
+ FStar_UInt128_uint128
+ s3 =
+ FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r3),
+ FStar_UInt128_mul_wide(d1, r2)),
+ FStar_UInt128_mul_wide(r4, d419));
+ FStar_UInt128_uint128
+ s4 =
+ FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r4),
+ FStar_UInt128_mul_wide(d1, r3)),
+ FStar_UInt128_mul_wide(r2, r2));
+ tmp[0U] = s0;
+ tmp[1U] = s1;
+ tmp[2U] = s2;
+ tmp[3U] = s3;
+ tmp[4U] = s4;
+}
+
+inline static void Hacl_Bignum_Fsquare_fsquare_(FStar_UInt128_uint128 *tmp, uint64_t *output)
+{
+ FStar_UInt128_uint128 b4;
+ FStar_UInt128_uint128 b0;
+ FStar_UInt128_uint128 b4_;
+ FStar_UInt128_uint128 b0_;
+ uint64_t i0;
+ uint64_t i1;
+ uint64_t i0_;
+ uint64_t i1_;
+ Hacl_Bignum_Fsquare_fsquare__(tmp, output);
+ Hacl_Bignum_Fproduct_carry_wide_(tmp);
+ b4 = tmp[4U];
+ b0 = tmp[0U];
+ b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
+ b0_ =
+ FStar_UInt128_add(b0,
+ FStar_UInt128_mul_wide((uint64_t)19U,
+ FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
+ tmp[4U] = b4_;
+ tmp[0U] = b0_;
+ Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
+ i0 = output[0U];
+ i1 = output[1U];
+ i0_ = i0 & (uint64_t)0x7ffffffffffffU;
+ i1_ = i1 + (i0 >> (uint32_t)51U);
+ output[0U] = i0_;
+ output[1U] = i1_;
+}
+
+static void
+Hacl_Bignum_Fsquare_fsquare_times_(
+ uint64_t *input,
+ FStar_UInt128_uint128 *tmp,
+ uint32_t count1
+)
+{
+ uint32_t i;
+ Hacl_Bignum_Fsquare_fsquare_(tmp, input);
+ for (i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U)
+ Hacl_Bignum_Fsquare_fsquare_(tmp, input);
+}
+
+inline static void
+Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1)
+{
+ KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U);
+ {
+ FStar_UInt128_uint128 t[5U];
+ {
+ uint32_t _i;
+ for (_i = 0U; _i < (uint32_t)5U; ++_i)
+ t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+ }
+ memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
+ Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
+ }
+}
+
+inline static void Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1)
+{
+ KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U);
+ {
+ FStar_UInt128_uint128 t[5U];
+ {
+ uint32_t _i;
+ for (_i = 0U; _i < (uint32_t)5U; ++_i)
+ t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+ }
+ Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
+ }
+}
+
+inline static void Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z)
+{
+ uint64_t buf[20U] = { 0U };
+ uint64_t *a0 = buf;
+ uint64_t *t00 = buf + (uint32_t)5U;
+ uint64_t *b0 = buf + (uint32_t)10U;
+ uint64_t *t01;
+ uint64_t *b1;
+ uint64_t *c0;
+ uint64_t *a;
+ uint64_t *t0;
+ uint64_t *b;
+ uint64_t *c;
+ Hacl_Bignum_Fsquare_fsquare_times(a0, z, (uint32_t)1U);
+ Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)2U);
+ Hacl_Bignum_Fmul_fmul(b0, t00, z);
+ Hacl_Bignum_Fmul_fmul(a0, b0, a0);
+ Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)1U);
+ Hacl_Bignum_Fmul_fmul(b0, t00, b0);
+ Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U);
+ t01 = buf + (uint32_t)5U;
+ b1 = buf + (uint32_t)10U;
+ c0 = buf + (uint32_t)15U;
+ Hacl_Bignum_Fmul_fmul(b1, t01, b1);
+ Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U);
+ Hacl_Bignum_Fmul_fmul(c0, t01, b1);
+ Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20U);
+ Hacl_Bignum_Fmul_fmul(t01, t01, c0);
+ Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U);
+ Hacl_Bignum_Fmul_fmul(b1, t01, b1);
+ Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U);
+ a = buf;
+ t0 = buf + (uint32_t)5U;
+ b = buf + (uint32_t)10U;
+ c = buf + (uint32_t)15U;
+ Hacl_Bignum_Fmul_fmul(c, t0, b);
+ Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U);
+ Hacl_Bignum_Fmul_fmul(t0, t0, c);
+ Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50U);
+ Hacl_Bignum_Fmul_fmul(t0, t0, b);
+ Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5U);
+ Hacl_Bignum_Fmul_fmul(out, t0, a);
+}
+
+inline static void Hacl_Bignum_fsum(uint64_t *a, uint64_t *b)
+{
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
+ {
+ uint64_t xi = a[i];
+ uint64_t yi = b[i];
+ a[i] = xi + yi;
+ }
+}
+
+inline static void Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b)
+{
+ uint64_t tmp[5U] = { 0U };
+ uint64_t b0;
+ uint64_t b1;
+ uint64_t b2;
+ uint64_t b3;
+ uint64_t b4;
+ memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]);
+ b0 = tmp[0U];
+ b1 = tmp[1U];
+ b2 = tmp[2U];
+ b3 = tmp[3U];
+ b4 = tmp[4U];
+ tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U;
+ tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U;
+ tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U;
+ tmp[3U] = b3 + (uint64_t)0x3ffffffffffff8U;
+ tmp[4U] = b4 + (uint64_t)0x3ffffffffffff8U;
+ {
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
+ {
+ uint64_t xi = a[i];
+ uint64_t yi = tmp[i];
+ a[i] = yi - xi;
+ }
+ }
+}
+
+inline static void Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s)
+{
+ KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U);
+ {
+ FStar_UInt128_uint128 tmp[5U];
+ {
+ uint32_t _i;
+ for (_i = 0U; _i < (uint32_t)5U; ++_i)
+ tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+ }
+ {
+ FStar_UInt128_uint128 b4;
+ FStar_UInt128_uint128 b0;
+ FStar_UInt128_uint128 b4_;
+ FStar_UInt128_uint128 b0_;
+ {
+ uint32_t i;
+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U)
+ {
+ uint64_t xi = b[i];
+ tmp[i] = FStar_UInt128_mul_wide(xi, s);
+ }
+ }
+ Hacl_Bignum_Fproduct_carry_wide_(tmp);
+ b4 = tmp[4U];
+ b0 = tmp[0U];
+ b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
+ b0_ =
+ FStar_UInt128_add(b0,
+ FStar_UInt128_mul_wide((uint64_t)19U,
+ FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
+ tmp[4U] = b4_;
+ tmp[0U] = b0_;
+ Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
+ }
+ }
+}
+
+inline static void Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b)
+{
+ Hacl_Bignum_Fmul_fmul(output, a, b);
+}
+
+inline static void Hacl_Bignum_crecip(uint64_t *output, uint64_t *input)
+{
+ Hacl_Bignum_Crecip_crecip(output, input);
+}
+
+static void
+Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
+{
+ uint32_t i = ctr - (uint32_t)1U;
+ uint64_t ai = a[i];
+ uint64_t bi = b[i];
+ uint64_t x = swap1 & (ai ^ bi);
+ uint64_t ai1 = ai ^ x;
+ uint64_t bi1 = bi ^ x;
+ a[i] = ai1;
+ b[i] = bi1;
+}
+
+static void
+Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
+{
+ if (!(ctr == (uint32_t)0U))
+ {
+ uint32_t i;
+ Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr);
+ i = ctr - (uint32_t)1U;
+ Hacl_EC_Point_swap_conditional_(a, b, swap1, i);
+ }
+}
+
+static void Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap)
+{
+ uint64_t swap1 = (uint64_t)0U - iswap;
+ Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5U);
+ Hacl_EC_Point_swap_conditional_(a + (uint32_t)5U, b + (uint32_t)5U, swap1, (uint32_t)5U);
+}
+
+static void Hacl_EC_Point_copy(uint64_t *output, uint64_t *input)
+{
+ memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
+ memcpy(output + (uint32_t)5U,
+ input + (uint32_t)5U,
+ (uint32_t)5U * sizeof (input + (uint32_t)5U)[0U]);
+}
+
+static void Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input)
+{
+ uint64_t i0 = load64_le(input);
+ uint8_t *x00 = input + (uint32_t)6U;
+ uint64_t i1 = load64_le(x00);
+ uint8_t *x01 = input + (uint32_t)12U;
+ uint64_t i2 = load64_le(x01);
+ uint8_t *x02 = input + (uint32_t)19U;
+ uint64_t i3 = load64_le(x02);
+ uint8_t *x0 = input + (uint32_t)24U;
+ uint64_t i4 = load64_le(x0);
+ uint64_t output0 = i0 & (uint64_t)0x7ffffffffffffU;
+ uint64_t output1 = i1 >> (uint32_t)3U & (uint64_t)0x7ffffffffffffU;
+ uint64_t output2 = i2 >> (uint32_t)6U & (uint64_t)0x7ffffffffffffU;
+ uint64_t output3 = i3 >> (uint32_t)1U & (uint64_t)0x7ffffffffffffU;
+ uint64_t output4 = i4 >> (uint32_t)12U & (uint64_t)0x7ffffffffffffU;
+ output[0U] = output0;
+ output[1U] = output1;
+ output[2U] = output2;
+ output[3U] = output3;
+ output[4U] = output4;
+}
+
+static void Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input)
+{
+ uint64_t t0 = input[0U];
+ uint64_t t1 = input[1U];
+ uint64_t t2 = input[2U];
+ uint64_t t3 = input[3U];
+ uint64_t t4 = input[4U];
+ uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
+ uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
+ uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
+ uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
+ uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
+ uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
+ uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
+ uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
+ input[0U] = t0_;
+ input[1U] = t1__;
+ input[2U] = t2__;
+ input[3U] = t3__;
+ input[4U] = t4_;
+}
+
+static void Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input)
+{
+ Hacl_EC_Format_fcontract_first_carry_pass(input);
+ Hacl_Bignum_Modulo_carry_top(input);
+}
+
+static void Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input)
+{
+ uint64_t t0 = input[0U];
+ uint64_t t1 = input[1U];
+ uint64_t t2 = input[2U];
+ uint64_t t3 = input[3U];
+ uint64_t t4 = input[4U];
+ uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
+ uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
+ uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
+ uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
+ uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
+ uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
+ uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
+ uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
+ input[0U] = t0_;
+ input[1U] = t1__;
+ input[2U] = t2__;
+ input[3U] = t3__;
+ input[4U] = t4_;
+}
+
+static void Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input)
+{
+ uint64_t i0;
+ uint64_t i1;
+ uint64_t i0_;
+ uint64_t i1_;
+ Hacl_EC_Format_fcontract_second_carry_pass(input);
+ Hacl_Bignum_Modulo_carry_top(input);
+ i0 = input[0U];
+ i1 = input[1U];
+ i0_ = i0 & (uint64_t)0x7ffffffffffffU;
+ i1_ = i1 + (i0 >> (uint32_t)51U);
+ input[0U] = i0_;
+ input[1U] = i1_;
+}
+
+static void Hacl_EC_Format_fcontract_trim(uint64_t *input)
+{
+ uint64_t a0 = input[0U];
+ uint64_t a1 = input[1U];
+ uint64_t a2 = input[2U];
+ uint64_t a3 = input[3U];
+ uint64_t a4 = input[4U];
+ uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffedU);
+ uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffffU);
+ uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffffU);
+ uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffffU);
+ uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffffU);
+ uint64_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4;
+ uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffedU & mask);
+ uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffffU & mask);
+ uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffffU & mask);
+ uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffffU & mask);
+ uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffffU & mask);
+ input[0U] = a0_;
+ input[1U] = a1_;
+ input[2U] = a2_;
+ input[3U] = a3_;
+ input[4U] = a4_;
+}
+
+static void Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input)
+{
+ uint64_t t0 = input[0U];
+ uint64_t t1 = input[1U];
+ uint64_t t2 = input[2U];
+ uint64_t t3 = input[3U];
+ uint64_t t4 = input[4U];
+ uint64_t o0 = t1 << (uint32_t)51U | t0;
+ uint64_t o1 = t2 << (uint32_t)38U | t1 >> (uint32_t)13U;
+ uint64_t o2 = t3 << (uint32_t)25U | t2 >> (uint32_t)26U;
+ uint64_t o3 = t4 << (uint32_t)12U | t3 >> (uint32_t)39U;
+ uint8_t *b0 = output;
+ uint8_t *b1 = output + (uint32_t)8U;
+ uint8_t *b2 = output + (uint32_t)16U;
+ uint8_t *b3 = output + (uint32_t)24U;
+ store64_le(b0, o0);
+ store64_le(b1, o1);
+ store64_le(b2, o2);
+ store64_le(b3, o3);
+}
+
+static void Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input)
+{
+ Hacl_EC_Format_fcontract_first_carry_full(input);
+ Hacl_EC_Format_fcontract_second_carry_full(input);
+ Hacl_EC_Format_fcontract_trim(input);
+ Hacl_EC_Format_fcontract_store(output, input);
+}
+
+static void Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point)
+{
+ uint64_t *x = point;
+ uint64_t *z = point + (uint32_t)5U;
+ uint64_t buf[10U] = { 0U };
+ uint64_t *zmone = buf;
+ uint64_t *sc = buf + (uint32_t)5U;
+ Hacl_Bignum_crecip(zmone, z);
+ Hacl_Bignum_fmul(sc, x, zmone);
+ Hacl_EC_Format_fcontract(scalar, sc);
+}
+
+static void
+Hacl_EC_AddAndDouble_fmonty(
+ uint64_t *pp,
+ uint64_t *ppq,
+ uint64_t *p,
+ uint64_t *pq,
+ uint64_t *qmqp
+)
+{
+ uint64_t *qx = qmqp;
+ uint64_t *x2 = pp;
+ uint64_t *z2 = pp + (uint32_t)5U;
+ uint64_t *x3 = ppq;
+ uint64_t *z3 = ppq + (uint32_t)5U;
+ uint64_t *x = p;
+ uint64_t *z = p + (uint32_t)5U;
+ uint64_t *xprime = pq;
+ uint64_t *zprime = pq + (uint32_t)5U;
+ uint64_t buf[40U] = { 0U };
+ uint64_t *origx = buf;
+ uint64_t *origxprime0 = buf + (uint32_t)5U;
+ uint64_t *xxprime0 = buf + (uint32_t)25U;
+ uint64_t *zzprime0 = buf + (uint32_t)30U;
+ uint64_t *origxprime;
+ uint64_t *xx0;
+ uint64_t *zz0;
+ uint64_t *xxprime;
+ uint64_t *zzprime;
+ uint64_t *zzzprime;
+ uint64_t *zzz;
+ uint64_t *xx;
+ uint64_t *zz;
+ uint64_t scalar;
+ memcpy(origx, x, (uint32_t)5U * sizeof x[0U]);
+ Hacl_Bignum_fsum(x, z);
+ Hacl_Bignum_fdifference(z, origx);
+ memcpy(origxprime0, xprime, (uint32_t)5U * sizeof xprime[0U]);
+ Hacl_Bignum_fsum(xprime, zprime);
+ Hacl_Bignum_fdifference(zprime, origxprime0);
+ Hacl_Bignum_fmul(xxprime0, xprime, z);
+ Hacl_Bignum_fmul(zzprime0, x, zprime);
+ origxprime = buf + (uint32_t)5U;
+ xx0 = buf + (uint32_t)15U;
+ zz0 = buf + (uint32_t)20U;
+ xxprime = buf + (uint32_t)25U;
+ zzprime = buf + (uint32_t)30U;
+ zzzprime = buf + (uint32_t)35U;
+ memcpy(origxprime, xxprime, (uint32_t)5U * sizeof xxprime[0U]);
+ Hacl_Bignum_fsum(xxprime, zzprime);
+ Hacl_Bignum_fdifference(zzprime, origxprime);
+ Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1U);
+ Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1U);
+ Hacl_Bignum_fmul(z3, zzzprime, qx);
+ Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U);
+ Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U);
+ zzz = buf + (uint32_t)10U;
+ xx = buf + (uint32_t)15U;
+ zz = buf + (uint32_t)20U;
+ Hacl_Bignum_fmul(x2, xx, zz);
+ Hacl_Bignum_fdifference(zz, xx);
+ scalar = (uint64_t)121665U;
+ Hacl_Bignum_fscalar(zzz, zz, scalar);
+ Hacl_Bignum_fsum(zzz, xx);
+ Hacl_Bignum_fmul(z2, zzz, zz);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(
+ uint64_t *nq,
+ uint64_t *nqpq,
+ uint64_t *nq2,
+ uint64_t *nqpq2,
+ uint64_t *q,
+ uint8_t byt
+)
+{
+ uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U);
+ uint64_t bit;
+ Hacl_EC_Point_swap_conditional(nq, nqpq, bit0);
+ Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q);
+ bit = (uint64_t)(byt >> (uint32_t)7U);
+ Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(
+ uint64_t *nq,
+ uint64_t *nqpq,
+ uint64_t *nq2,
+ uint64_t *nqpq2,
+ uint64_t *q,
+ uint8_t byt
+)
+{
+ uint8_t byt1;
+ Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt);
+ byt1 = byt << (uint32_t)1U;
+ Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop(
+ uint64_t *nq,
+ uint64_t *nqpq,
+ uint64_t *nq2,
+ uint64_t *nqpq2,
+ uint64_t *q,
+ uint8_t byt,
+ uint32_t i
+)
+{
+ if (!(i == (uint32_t)0U))
+ {
+ uint32_t i_ = i - (uint32_t)1U;
+ uint8_t byt_;
+ Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt);
+ byt_ = byt << (uint32_t)2U;
+ Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_);
+ }
+}
+
+static void
+Hacl_EC_Ladder_BigLoop_cmult_big_loop(
+ uint8_t *n1,
+ uint64_t *nq,
+ uint64_t *nqpq,
+ uint64_t *nq2,
+ uint64_t *nqpq2,
+ uint64_t *q,
+ uint32_t i
+)
+{
+ if (!(i == (uint32_t)0U))
+ {
+ uint32_t i1 = i - (uint32_t)1U;
+ uint8_t byte = n1[i1];
+ Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4U);
+ Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1);
+ }
+}
+
+static void Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q)
+{
+ uint64_t point_buf[40U] = { 0U };
+ uint64_t *nq = point_buf;
+ uint64_t *nqpq = point_buf + (uint32_t)10U;
+ uint64_t *nq2 = point_buf + (uint32_t)20U;
+ uint64_t *nqpq2 = point_buf + (uint32_t)30U;
+ Hacl_EC_Point_copy(nqpq, q);
+ nq[0U] = (uint64_t)1U;
+ Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32U);
+ Hacl_EC_Point_copy(result, nq);
+}
+
+void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
+{
+ uint64_t buf0[10U] = { 0U };
+ uint64_t *x0 = buf0;
+ uint64_t *z = buf0 + (uint32_t)5U;
+ uint64_t *q;
+ Hacl_EC_Format_fexpand(x0, basepoint);
+ z[0U] = (uint64_t)1U;
+ q = buf0;
+ {
+ uint8_t e[32U] = { 0U };
+ uint8_t e0;
+ uint8_t e31;
+ uint8_t e01;
+ uint8_t e311;
+ uint8_t e312;
+ uint8_t *scalar;
+ memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]);
+ e0 = e[0U];
+ e31 = e[31U];
+ e01 = e0 & (uint8_t)248U;
+ e311 = e31 & (uint8_t)127U;
+ e312 = e311 | (uint8_t)64U;
+ e[0U] = e01;
+ e[31U] = e312;
+ scalar = e;
+ {
+ uint64_t buf[15U] = { 0U };
+ uint64_t *nq = buf;
+ uint64_t *x = nq;
+ x[0U] = (uint64_t)1U;
+ Hacl_EC_Ladder_cmult(nq, scalar, q);
+ Hacl_EC_Format_scalar_of_point(mypublic, nq);
+ }
+ }
+}
+
diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c
new file mode 100644
index 0000000..990bb4d
--- /dev/null
+++ b/3rdparty/everest/library/x25519.c
@@ -0,0 +1,190 @@
+/*
+ * ECDH with curve-optimized implementation multiplexing
+ *
+ * Copyright 2016-2018 INRIA and Microsoft Corporation
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+
+#include <mbedtls/ecdh.h>
+
+#if !(defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16))
+#define KRML_VERIFIED_UINT128
+#endif
+
+#include <Hacl_Curve25519.h>
+#include <mbedtls/platform_util.h>
+
+#include "x25519.h"
+
+#include <string.h>
+
+/*
+ * Initialize context
+ */
+void mbedtls_x25519_init( mbedtls_x25519_context *ctx )
+{
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x25519_context ) );
+}
+
+/*
+ * Free context
+ */
+void mbedtls_x25519_free( mbedtls_x25519_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ mbedtls_platform_zeroize( ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES );
+ mbedtls_platform_zeroize( ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES );
+}
+
+int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret = 0;
+
+ uint8_t base[MBEDTLS_X25519_KEY_SIZE_BYTES] = {0};
+
+ if( ( ret = f_rng( p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ) ) != 0 )
+ return ret;
+
+ *olen = MBEDTLS_X25519_KEY_SIZE_BYTES + 4;
+ if( blen < *olen )
+ return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+ *buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
+ *buf++ = MBEDTLS_ECP_TLS_CURVE25519 >> 8;
+ *buf++ = MBEDTLS_ECP_TLS_CURVE25519 & 0xFF;
+ *buf++ = MBEDTLS_X25519_KEY_SIZE_BYTES;
+
+ base[0] = 9;
+ Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base );
+
+ base[0] = 0;
+ if( memcmp( buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 )
+ return MBEDTLS_ERR_ECP_RANDOM_FAILED;
+
+ return( 0 );
+}
+
+int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx,
+ const unsigned char **buf, const unsigned char *end )
+{
+ if( end - *buf < MBEDTLS_X25519_KEY_SIZE_BYTES + 1 )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ if( ( *(*buf)++ != MBEDTLS_X25519_KEY_SIZE_BYTES ) )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ memcpy( ctx->peer_point, *buf, MBEDTLS_X25519_KEY_SIZE_BYTES );
+ *buf += MBEDTLS_X25519_KEY_SIZE_BYTES;
+ return( 0 );
+}
+
+int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key,
+ mbedtls_x25519_ecdh_side side )
+{
+ size_t olen = 0;
+
+ switch( side ) {
+ case MBEDTLS_X25519_ECDH_THEIRS:
+ return mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES );
+ case MBEDTLS_X25519_ECDH_OURS:
+ return mbedtls_mpi_write_binary_le( &key->d, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES );
+ default:
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ }
+}
+
+int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ /* f_rng and p_rng are not used here because this implementation does not
+ need blinding since it has constant trace. */
+ (( void )f_rng);
+ (( void )p_rng);
+
+ *olen = MBEDTLS_X25519_KEY_SIZE_BYTES;
+
+ if( blen < *olen )
+ return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+ Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, ctx->peer_point);
+
+ /* Wipe the DH secret and don't let the peer chose a small subgroup point */
+ mbedtls_platform_zeroize( ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES );
+
+ if( memcmp( buf, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 )
+ return MBEDTLS_ERR_ECP_RANDOM_FAILED;
+
+ return( 0 );
+}
+
+int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int( *f_rng )(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret = 0;
+ unsigned char base[MBEDTLS_X25519_KEY_SIZE_BYTES] = { 0 };
+
+ if( ctx == NULL )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ if( ( ret = f_rng( p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ) ) != 0 )
+ return ret;
+
+ *olen = MBEDTLS_X25519_KEY_SIZE_BYTES + 1;
+ if( blen < *olen )
+ return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL);
+ *buf++ = MBEDTLS_X25519_KEY_SIZE_BYTES;
+
+ base[0] = 9;
+ Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base );
+
+ base[0] = 0;
+ if( memcmp( buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES ) == 0 )
+ return MBEDTLS_ERR_ECP_RANDOM_FAILED;
+
+ return( ret );
+}
+
+int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx,
+ const unsigned char *buf, size_t blen )
+{
+ if( blen < MBEDTLS_X25519_KEY_SIZE_BYTES + 1 )
+ return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL);
+ if( (*buf++ != MBEDTLS_X25519_KEY_SIZE_BYTES) )
+ return(MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
+ memcpy( ctx->peer_point, buf, MBEDTLS_X25519_KEY_SIZE_BYTES );
+ return( 0 );
+}
+
+
+#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5d29839..16d7197 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,6 +5,9 @@
project("mbed TLS" C)
endif()
+# Set the project root directory.
+set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+
option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
@@ -121,7 +124,10 @@
# note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
OUTPUT_VARIABLE GCC_VERSION)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings")
+ if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
+ endif()
if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
endif()
@@ -138,7 +144,7 @@
endif(CMAKE_COMPILER_IS_GNU)
if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
@@ -173,9 +179,15 @@
include_directories(include/)
include_directories(library/)
-add_subdirectory(library)
add_subdirectory(include)
+add_subdirectory(3rdparty)
+include_directories(${thirdparty_inc})
+list(APPEND libs ${thirdparty_lib})
+add_definitions(${thirdparty_def})
+
+add_subdirectory(library)
+
if(ENABLE_PROGRAMS)
add_subdirectory(programs)
endif()
@@ -216,13 +228,13 @@
COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl
)
endif(UNIX)
-endif()
-# Make scripts needed for testing available in an out-of-source build.
-if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
- link_to_source(scripts)
- # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
- # keep things simple with the sed commands in the memcheck target.
- configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
- ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
+ # Make scripts needed for testing available in an out-of-source build.
+ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
+ link_to_source(scripts)
+ # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
+ # keep things simple with the sed commands in the memcheck target.
+ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
+ ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
+ endif()
endif()
diff --git a/Makefile b/Makefile
index 64321cb..c9eb681 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,3 @@
-
DESTDIR=/usr/local
PREFIX=mbedtls_
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 6f44899..502ca03 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -81,6 +81,6 @@
/* Miscellaneous options */
#define MBEDTLS_AES_ROM_TABLES
-#include "check_config.h"
+#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h
index 97a1b2b..58a2c88 100644
--- a/configs/config-psa-crypto.h
+++ b/configs/config-psa-crypto.h
@@ -1971,6 +1971,6 @@
#include MBEDTLS_USER_CONFIG_FILE
#endif
-#include "check_config.h"
+#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */
diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md
index f4abd3e..e7315eb 100644
--- a/docs/architecture/mbed-crypto-storage-specification.md
+++ b/docs/architecture/mbed-crypto-storage-specification.md
@@ -161,21 +161,21 @@
It would simplify things to always have a 32-bit owner, with a nonzero value, and thus reserve the range 0–0xffffffff for internal library use.
-Mbed Crypto 1.0.1
+Mbed Crypto 1.1.0
-----------------
-Tags: TBD
+Tags: mbedcrypto-1.1.0
-Released in May 2019. <br>
+Released in early June 2019. <br>
Integrated in Mbed OS 5.13.
Identical to [1.0.0](#mbed-crypto-1.0.0) except for some changes in the key file format.
-### Key file format for 1.0.1
+### Key file format for 1.1.0
The key file format is identical to [1.0.0](#key-file-format-for-1.0.0), except for the following changes:
-* A new policy field, marked as [NEW:1.0.1] below.
+* A new policy field, marked as [NEW:1.1.0] below.
* The encoding of key types, algorithms and key material has changed, therefore the storage format is not compatible (despite using the same value in the version field so far).
A self-contained description of the file layout follows.
@@ -189,7 +189,96 @@
* type (4 bytes): `psa_key_type_t` value
* policy usage flags (4 bytes): `psa_key_usage_t` value
* policy usage algorithm (4 bytes): `psa_algorithm_t` value
-* policy enrollment algorithm (4 bytes): `psa_algorithm_t` value [NEW:1.0.1]
+* policy enrollment algorithm (4 bytes): `psa_algorithm_t` value [NEW:1.1.0]
* key material length (4 bytes)
* key material: output of `psa_export_key`
* Any trailing data is rejected on load.
+
+Mbed Crypto TBD
+---------------
+
+Tags: TBD
+
+Released in TBD 2019. <br>
+Integrated in Mbed OS TBD.
+
+### Changes introduced in TBD
+
+* The layout of a key file now has a lifetime field before the type field.
+* Key files can store references to keys in a secure element. In such key files, the key material contains the slot number.
+
+### File namespace on a PSA platform on TBD
+
+Assumption: ITS provides a 64-bit file identifier namespace. The Crypto service can use arbitrary file identifiers and no other part of the system accesses the same file identifier namespace.
+
+Assumption: the owner identifier is a nonzero value of type `int32_t`.
+
+* Files 0 through 0xfffeffff: unused.
+* Files 0xffff0000 through 0xffffffff: reserved for internal use of the crypto library or crypto service. See [non-key files](#non-key-files-on-tbd).
+* Files 0x100000000 through 0xffffffffffff: [content](#key-file-format-for-1.0.0) of the [key whose identifier is the file identifier](#key-names-for-1.0.0). The upper 32 bits determine the owner.
+
+### File namespace on ITS as a library on TBD
+
+Assumption: ITS provides a 64-bit file identifier namespace. The entity using the crypto library can use arbitrary file identifiers and no other part of the system accesses the same file identifier namespace.
+
+This is a library integration, so there is no owner. The key file identifier is identical to the key identifier.
+
+* File 0: unused.
+* Files 1 through 0xfffeffff: [content](#key-file-format-for-1.0.0) of the [key whose identifier is the file identifier](#key-names-for-1.0.0).
+* Files 0xffff0000 through 0xffffffff: reserved for internal use of the crypto library or crypto service. See [non-key files](#non-key-files-on-tbd).
+* Files 0x100000000 through 0xffffffffffffffff: unused.
+
+### Non-key files on TBD
+
+File identifiers in the range 0xffff0000 through 0xffffffff are reserved for internal use in Mbed Crypto.
+
+* Files 0xfffffe02 through 0xfffffeff (`PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + lifetime`): secure element driver storage. The content of the file is the secure element driver's persistent data.
+* File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random-seed-file-format-for-1.0.0).
+* File 0xffffff54 (`PSA_CRYPTO_ITS_TRANSACTION_UID`): [transaction file](#transaction-file-format-for-tbd).
+* Other files are unused and reserved for future use.
+
+### Key file format for TBD
+
+All integers are encoded in little-endian order in 8-bit bytes except where otherwise indicated.
+
+The layout of a key file is:
+
+* magic (8 bytes): `"PSA\0KEY\0"`.
+* version (4 bytes): 0.
+* lifetime (4 bytes): `psa_key_lifetime_t` value.
+* type (4 bytes): `psa_key_type_t` value.
+* policy usage flags (4 bytes): `psa_key_usage_t` value.
+* policy usage algorithm (4 bytes): `psa_algorithm_t` value.
+* policy enrollment algorithm (4 bytes): `psa_algorithm_t` value.
+* key material length (4 bytes).
+* key material:
+ * For a transparent key: output of `psa_export_key`.
+ * For an opaque key (key in a secure element): slot number (8 bytes), in platform endianness.
+* Any trailing data is rejected on load.
+
+### Transaction file format for TBD
+
+The transaction file contains data about an ongoing action that cannot be completed atomically. It exists only if there is an ongoing transaction.
+
+All integers are encoded in platform endianness.
+
+All currently existing transactions concern a key in a secure element.
+
+The layout of a transaction file is:
+
+* type (2 bytes): the [transaction type](#transaction-types-on-tbd).
+* unused (2 bytes)
+* lifetime (4 bytes): `psa_key_lifetime_t` value that corresponds to a key in a secure element.
+* slot number (8 bytes): `psa_key_slot_number_t` value. This is the unique designation of the key for the secure element driver.
+* key identifier (4 bytes in a library integration, 8 bytes on a PSA platform): the internal representation of the key identifier. On a PSA platform, this encodes the key owner in the same way as [in file identifiers for key files](#file-namespace-on-a-psa-platform-on-tbd)).
+
+#### Transaction types on TBD
+
+* 0x0001: key creation. The following locations may or may not contain data about the key that is being created:
+ * The slot in the secure element designated by the slot number.
+ * The file containing the key metadata designated by the key identifier.
+ * The driver persistent data.
+* 0x0002: key destruction. The following locations may or may not still contain data about the key that is being destroyed:
+ * The slot in the secure element designated by the slot number.
+ * The file containing the key metadata designated by the key identifier.
+ * The driver persistent data.
diff --git a/docs/getting_started.md b/docs/getting_started.md
index 3008a19..4d380e0 100644
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -63,35 +63,50 @@
### Importing a key
-To use a key for cryptography operations in Mbed Crypto, you need to first import it into a key slot. Each slot can store only one key at a time. The slot where the key is stored must be unoccupied, and valid for a key of the chosen type.
+To use a key for cryptography operations in Mbed Crypto, you need to first
+import it. Upon importing, you'll be given a handle to refer to the key for use
+with other function calls.
-Prerequisites to importing keys:
+Prerequisites for importing keys:
* Initialize the library with a successful call to `psa_crypto_init`.
-Importing a key and checking key information:
-1. Import a key pair into key slot `1`.
-1. Test the information stored in this slot:
+Importing a key:
```C
- int key_slot = 1;
- uint8_t *data = "KEYPAIR_KEY_DATA";
- size_t data_size;
- psa_key_type_t type = PSA_KEY_TYPE_RSA_PUBLIC_KEY;
- size_t got_bits;
- psa_key_type_t got_type;
- size_t expected_bits = data_size;
- psa_key_type_t type = PSA_KEY_TYPE_RAW_DATA;
- size_t export_size = data_size;
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t data[] = AES_KEY;
+ psa_key_handle_t handle;
- psa_crypto_init();
+ printf("Import an AES key...\t");
+ fflush(stdout);
+
+ /* Initialize PSA Crypto */
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("Failed to initialize PSA Crypto\n");
+ return;
+ }
+
+ /* Set key attributes */
+ psa_set_key_usage_flags(&attributes, 0);
+ psa_set_key_algorithm(&attributes, 0);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, 128);
/* Import the key */
- status = psa_import_key(key_slot, type, data, data_size);
+ status = psa_import_key(&attributes, data, sizeof(data), &handle);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to import key\n");
+ return;
+ }
+ printf("Imported a key\n");
- /* Test the key information */
- status = psa_get_key_information(slot, &got_type, &got_bits);
+ /* Free the attributes */
+ psa_reset_key_attributes(&attributes);
/* Destroy the key */
- psa_destroy_key(key_slot);
+ psa_destroy_key(handle);
+
mbedtls_psa_crypto_free();
```
@@ -99,48 +114,70 @@
Mbed Crypto provides support for encrypting, decrypting, signing and verifying messages using public key signature algorithms (such as RSA or ECDSA).
-Prerequisites to working with the asymmetric cipher API:
+Prerequisites for performing asymmetric signature operations:
* Initialize the library with a successful call to `psa_crypto_init`.
-* Configure the key policy accordingly:
- * `PSA_KEY_USAGE_SIGN` to allow signing.
- * `PSA_KEY_USAGE_VERIFY` to allow signature verification.
-* Have a valid key in the key slot.
+* Have a valid key with appropriate attributes set:
+ * Usage flag `PSA_KEY_USAGE_SIGN` to allow signing.
+ * Usage flag `PSA_KEY_USAGE_VERIFY` to allow signature verification.
+ * Algorithm set to desired signature algorithm.
-To sign a given message `payload` using RSA:
-1. Set the key policy of the chosen key slot by calling `psa_key_policy_set_usage()` with the `PSA_KEY_USAGE_SIGN` parameter and the algorithm `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`.
-This allows the key in the key slot to be used for RSA signing.
-1. Import the key into the key slot by calling `psa_import_key()`. You can use an already imported key instead of importing a new one.
-1. Call `psa_asymmetric_sign()` and get the output buffer that contains the signature:
+To sign a given `hash` using RSA:
+1. Call `psa_asymmetric_sign()` and get the output buffer that contains the
+ signature:
```C
psa_status_t status;
- int key_slot = 1;
- unsigned char key[] = "RSA_KEY";
- unsigned char payload[] = "ASYMMETRIC_INPUT_FOR_SIGN";
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t key[] = RSA_KEY;
+ uint8_t hash[] = "INPUT_FOR_SIGN";
+ uint8_t signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
size_t signature_length;
+ psa_key_handle_t handle;
+ printf("Sign a message...\t");
+ fflush(stdout);
+
+ /* Initialize PSA Crypto */
status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("Failed to initialize PSA Crypto\n");
+ return;
+ }
+
+ /* Set key attributes */
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN);
+ psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
+ psa_set_key_bits(&attributes, 1024);
/* Import the key */
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_SIGN,
- PSA_ALG_RSA_PKCS1V15_SIGN_RAW);
- status = psa_set_key_policy(key_slot, &policy);
+ status = psa_import_key(&attributes, key, sizeof(key), &handle);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to import key\n");
+ return;
+ }
- status = psa_import_key(key_slot, PSA_KEY_TYPE_RSA_KEYPAIR,
- key, sizeof(key));
-
- /* Sing message using the key */
- status = psa_asymmetric_sign(key_slot, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- payload, sizeof(payload),
+ /* Sign message using the key */
+ status = psa_asymmetric_sign(handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ hash, sizeof(hash),
signature, sizeof(signature),
&signature_length);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to sign\n");
+ return;
+ }
+
+ printf("Signed a message\n");
+
+ /* Free the attributes */
+ psa_reset_key_attributes(&attributes);
+
/* Destroy the key */
- psa_destroy_key(key_slot);
+ psa_destroy_key(handle);
+
mbedtls_psa_crypto_free();
```
-### Encrypting or decrypting using symmetric ciphers
+### Using symmetric ciphers
Mbed Crypto provides support for encrypting and decrypting messages using various symmetric cipher algorithms (both block and stream ciphers).
@@ -156,32 +193,78 @@
1. Call `psa_cipher_update` one or more times, passing either the whole or only a fragment of the message each time.
1. Call `psa_cipher_finish` to end the operation and output the encrypted message.
-Encrypting random data using an AES key in cipher block chain (CBC) mode with no padding (assuming all prerequisites have been fulfilled):
+Encrypting data using an AES key in cipher block chain (CBC) mode with no padding (assuming all prerequisites have been fulfilled):
```c
- psa_key_slot_t key_slot = 1;
+ enum {
+ block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES),
+ };
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
- psa_cipher_operation_t operation;
- size_t block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES);
- unsigned char input[block_size];
- unsigned char iv[block_size];
+ uint8_t plaintext[block_size] = SOME_PLAINTEXT;
+ uint8_t iv[block_size];
size_t iv_len;
- unsigned char output[block_size];
+ uint8_t key[] = AES_KEY;
+ uint8_t output[block_size];
size_t output_len;
+ psa_key_handle_t handle;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- /* generate some random data to be encrypted */
- psa_generate_random(input, sizeof(input));
+ printf("Encrypt with cipher...\t");
+ fflush(stdout);
- /* encrypt the key */
- psa_cipher_encrypt_setup(&operation, key_slot, alg);
- psa_cipher_generate_iv(&operation, iv, sizeof(iv), &iv_len);
- psa_cipher_update(&operation, input, sizeof(input),
- output, sizeof(output),
- &output_len);
- psa_cipher_finish(&operation,
- output + output_len, sizeof(output) - output_len,
- &output_len);
+ /* Initialize PSA Crypto */
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS)
+ {
+ printf("Failed to initialize PSA Crypto\n");
+ return;
+ }
+
+ /* Import a key */
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, 128);
+ status = psa_import_key(&attributes, key, sizeof(key), &handle);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to import a key\n");
+ return;
+ }
+ psa_reset_key_attributes(&attributes);
+
+ /* Encrypt the plaintext */
+ status = psa_cipher_encrypt_setup(&operation, handle, alg);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to begin cipher operation\n");
+ return;
+ }
+ status = psa_cipher_generate_iv(&operation, iv, sizeof(iv), &iv_len);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to generate IV\n");
+ return;
+ }
+ status = psa_cipher_update(&operation, plaintext, sizeof(plaintext),
+ output, sizeof(output), &output_len);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to update cipher operation\n");
+ return;
+ }
+ status = psa_cipher_finish(&operation, output + output_len,
+ sizeof(output) - output_len, &output_len);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to finish cipher operation\n");
+ return;
+ }
+ printf("Encrypted plaintext\n");
+
/* Clean up cipher operation context */
psa_cipher_abort(&operation);
+
+ /* Destroy the key */
+ psa_destroy_key(handle);
+
+ mbedtls_psa_crypto_free();
```
Decrypting a message with a symmetric cipher:
@@ -194,31 +277,75 @@
Decrypting encrypted data using an AES key in CBC mode with no padding
(assuming all prerequisites have been fulfilled):
```c
- psa_key_slot_t key_slot = 1;
+ enum {
+ block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES),
+ };
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
- psa_cipher_operation_t operation;
- size_t block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES);
- unsigned char input[block_size];
- unsigned char iv[block_size];
- size_t iv_len;
- unsigned char output[block_size];
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ uint8_t ciphertext[block_size] = SOME_CIPHERTEXT;
+ uint8_t iv[block_size] = ENCRYPTED_WITH_IV;
+ uint8_t key[] = AES_KEY;
+ uint8_t output[block_size];
size_t output_len;
+ psa_key_handle_t handle;
- /* setup input data */
- fetch_iv(iv, sizeof(iv)); /* fetch the IV used when the data was encrypted */
- fetch_input(input, sizeof(input)); /* fetch the data to be decrypted */
+ printf("Decrypt with cipher...\t");
+ fflush(stdout);
- /* encrypt the encrypted data */
- psa_cipher_decrypt_setup(&operation, key_slot, alg);
- psa_cipher_set_iv(&operation, iv, sizeof(iv));
- psa_cipher_update(&operation, input, sizeof(input),
- output, sizeof(output),
- &output_len);
- psa_cipher_finish(&operation,
- output + output_len, sizeof(output) - output_len,
- &output_len);
+ /* Initialize PSA Crypto */
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS)
+ {
+ printf("Failed to initialize PSA Crypto\n");
+ return;
+ }
+
+ /* Import a key */
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, 128);
+ status = psa_import_key(&attributes, key, sizeof(key), &handle);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to import a key\n");
+ return;
+ }
+ psa_reset_key_attributes(&attributes);
+
+ /* Decrypt the ciphertext */
+ status = psa_cipher_decrypt_setup(&operation, handle, alg);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to begin cipher operation\n");
+ return;
+ }
+ status = psa_cipher_set_iv(&operation, iv, sizeof(iv));
+ if (status != PSA_SUCCESS) {
+ printf("Failed to set IV\n");
+ return;
+ }
+ status = psa_cipher_update(&operation, ciphertext, sizeof(ciphertext),
+ output, sizeof(output), &output_len);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to update cipher operation\n");
+ return;
+ }
+ status = psa_cipher_finish(&operation, output + output_len,
+ sizeof(output) - output_len, &output_len);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to finish cipher operation\n");
+ return;
+ }
+ printf("Decrypted ciphertext\n");
+
/* Clean up cipher operation context */
psa_cipher_abort(&operation);
+
+ /* Destroy the key */
+ psa_destroy_key(handle);
+
+ mbedtls_psa_crypto_free();
```
#### Handling cipher operation contexts
@@ -237,9 +364,8 @@
### Hashing a message
-Mbed Crypto lets you compute and verify hashes using various hashing algorithms.
-
-The current implementation supports the following hash algorithms: `MD2`, `MD4`, `MD5`, `RIPEMD160`, `SHA-1`, `SHA-224`, `SHA-256`, `SHA-384`, and `SHA-512`.
+Mbed Crypto lets you compute and verify hashes using various hashing
+algorithms.
Prerequisites to working with the hash APIs:
* Initialize the library with a successful call to `psa_crypto_init`.
@@ -252,25 +378,54 @@
Calculate the `SHA-256` hash of a message:
```c
+ psa_status_t status;
psa_algorithm_t alg = PSA_ALG_SHA_256;
- psa_hash_operation_t operation;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
unsigned char input[] = { 'a', 'b', 'c' };
unsigned char actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_len;
+ printf("Hash a message...\t");
+ fflush(stdout);
+
+ /* Initialize PSA Crypto */
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("Failed to initialize PSA Crypto\n");
+ return;
+ }
+
/* Compute hash of message */
- psa_hash_setup(&operation, alg);
- psa_hash_update(&operation, input, sizeof(input));
- psa_hash_finish(&operation, actual_hash, sizeof(actual_hash), &actual_hash_len);
+ status = psa_hash_setup(&operation, alg);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to begin hash operation\n");
+ return;
+ }
+ status = psa_hash_update(&operation, input, sizeof(input));
+ if (status != PSA_SUCCESS) {
+ printf("Failed to update hash operation\n");
+ return;
+ }
+ status = psa_hash_finish(&operation, actual_hash, sizeof(actual_hash),
+ &actual_hash_len);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to finish hash operation\n");
+ return;
+ }
+
+ printf("Hashed a message\n");
/* Clean up hash operation context */
psa_hash_abort(&operation);
+
+ mbedtls_psa_crypto_free();
```
Verify the `SHA-256` hash of a message:
```c
+ psa_status_t status;
psa_algorithm_t alg = PSA_ALG_SHA_256;
- psa_hash_operation_t operation;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
unsigned char input[] = { 'a', 'b', 'c' };
unsigned char expected_hash[] = {
0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde,
@@ -279,10 +434,39 @@
};
size_t expected_hash_len = PSA_HASH_SIZE(alg);
+ printf("Verify a hash...\t");
+ fflush(stdout);
+
+ /* Initialize PSA Crypto */
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("Failed to initialize PSA Crypto\n");
+ return;
+ }
+
/* Verify message hash */
- psa_hash_setup(&operation, alg);
- psa_hash_update(&operation, input, sizeof(input));
- psa_hash_verify(&operation, expected_hash, expected_hash_len);
+ status = psa_hash_setup(&operation, alg);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to begin hash operation\n");
+ return;
+ }
+ status = psa_hash_update(&operation, input, sizeof(input));
+ if (status != PSA_SUCCESS) {
+ printf("Failed to update hash operation\n");
+ return;
+ }
+ status = psa_hash_verify(&operation, expected_hash, expected_hash_len);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to verify hash\n");
+ return;
+ }
+
+ printf("Verified a hash\n");
+
+ /* Clean up hash operation context */
+ psa_hash_abort(&operation);
+
+ mbedtls_psa_crypto_free();
```
The API provides the macro `PSA_HASH_SIZE`, which returns the expected hash length (in bytes) for the specified algorithm.
@@ -304,86 +488,172 @@
### Generating a random value
-Mbed Crypto can generate random data.
+Mbed Crypto can generate random data. To generate a random key, use
+`psa_generate_key()` instead of `psa_generate_random()`
Prerequisites to random generation:
-* Initialize the library with a successful call to `psa_crypto_init`.
+* Initialize the library with a successful call to `psa_crypto_init()`.
Generate a random, ten-byte piece of data:
1. Generate random bytes by calling `psa_generate_random()`:
```C
psa_status_t status;
uint8_t random[10] = { 0 };
- psa_crypto_init();
- status = psa_generate_random(random, sizeof(random));
+ printf("Generate random...\t");
+ fflush(stdout);
+
+ /* Initialize PSA Crypto */
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("Failed to initialize PSA Crypto\n");
+ return;
+ }
+
+ status = psa_generate_random(random, sizeof(random));
+ if (status != PSA_SUCCESS) {
+ printf("Failed to generate a random value\n");
+ return;
+ }
+
+ printf("Generated random data\n");
+
+ /* Clean up */
mbedtls_psa_crypto_free();
```
### Deriving a new key from an existing key
-Mbed Crypto provides a key derivation API that lets you derive new keys from existing ones. Key derivation is based upon the generator abstraction. A generator must first be initialized and set up (provided with a key and optionally other data) and then derived data can be read from it either to a buffer or directly imported into a key slot.
+Mbed Crypto provides a key derivation API that lets you derive new keys from
+existing ones. The key derivation API has functions to take inputs, including
+other keys and data, and functions to generate outputs, such as new keys or
+other data. A key derivation context must first be initialized and set up,
+provided with a key and optionally other data, and then derived data can be
+read from it either to a buffer or directly sent to a key slot. Refer to the
+documentation for the particular algorithm (such as HKDF or the TLS1.2 PRF) for
+information on which inputs to pass when and when you can obtain which outputs.
Prerequisites to working with the key derivation APIs:
* Initialize the library with a successful call to `psa_crypto_init`.
-* Configure the key policy for the key used for derivation (`PSA_KEY_USAGE_DERIVE`)
-* The key type must be `PSA_KEY_TYPE_DERIVE`.
+* Use a key with the appropriate attributes set:
+ * Usage flags set for key derivation (`PSA_KEY_USAGE_DERIVE`)
+ * Key type set to `PSA_KEY_TYPE_DERIVE`.
+ * Algorithm set to a key derivation algorithm
+ (`PSA_ALG_HKDF(PSA_ALG_SHA_256)`).
-Deriving a new AES-CTR 128-bit encryption key into a given key slot using HKDF with a given key, salt and label:
-1. Set the key policy for key derivation by calling `psa_key_policy_set_usage()` with `PSA_KEY_USAGE_DERIVE` parameter, and the algorithm `PSA_ALG_HKDF(PSA_ALG_SHA_256)`.
-1. Import the key into the key slot by calling `psa_import_key()`. You can skip this step and the previous one if the key has already been imported into a known key slot.
-1. Set up the generator using the `psa_key_derivation` function providing a key slot containing a key that can be used for key derivation and a salt and label (Note: salt and label are optional).
-1. Initiate a key policy to for the derived key by calling `psa_key_policy_set_usage()` with `PSA_KEY_USAGE_ENCRYPT` parameter and the algorithm `PSA_ALG_CTR`.
-1. Set the key policy to the derived key slot.
-1. Import a key from generator into the desired key slot using (`psa_generator_import_key`).
-1. Clean up generator.
+Deriving a new AES-CTR 128-bit encryption key into a given key slot using HKDF
+with a given key, salt and info:
+1. Set up the key derivation context using the `psa_key_derivation_setup`
+function, specifying the derivation algorithm `PSA_ALG_HKDF(PSA_ALG_SHA_256)`.
+1. Provide an optional salt with `psa_key_derivation_input_bytes`.
+1. Provide info with `psa_key_derivation_input_bytes`.
+1. Provide secret with `psa_key_derivation_input_key`, referencing a key that
+ can be used for key derivation.
+1. Set the key attributes desired for the new derived key. We'll set
+ `PSA_KEY_USAGE_ENCRYPT` parameter and the algorithm `PSA_ALG_CTR` for this
+ example.
+1. Derive the key by calling `psa_key_derivation_output_key()`.
+1. Clean up the key derivation context.
-At this point the derived key slot holds a new 128-bit AES-CTR encryption key derived from the key, salt and label provided:
+At this point the derived key slot holds a new 128-bit AES-CTR encryption key
+derived from the key, salt and info provided:
```C
- psa_key_slot_t base_key = 1;
- psa_key_slot_t derived_key = 2;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
- unsigned char key[] = {
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ static const unsigned char key[] = {
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b };
-
- unsigned char salt[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
- 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c };
-
- unsigned char label[] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6,
- 0xf7, 0xf8, 0xf9 };
-
+ static const unsigned char salt[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c };
+ static const unsigned char info[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6,
+ 0xf7, 0xf8, 0xf9 };
psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_derivation_operation_t operation =
+ PSA_KEY_DERIVATION_OPERATION_INIT;
size_t derived_bits = 128;
size_t capacity = PSA_BITS_TO_BYTES(derived_bits);
+ psa_key_handle_t base_key;
+ psa_key_handle_t derived_key;
+ printf("Derive a key (HKDF)...\t");
+ fflush(stdout);
+
+ /* Initialize PSA Crypto */
status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("Failed to initialize PSA Crypto\n");
+ return;
+ }
- /* Import a key for use in key derivation, if such a key has already been imported you can skip this part */
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DERIVE, alg);
- status = psa_set_key_policy(base_key, &policy);
+ /* Import a key for use in key derivation. If such a key has already been
+ * generated or imported, you can skip this part. */
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ status = psa_import_key(&attributes, key, sizeof(key), &base_key);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to import a key\n");
+ return;
+ }
+ psa_reset_key_attributes(&attributes);
- status = psa_import_key(base_key, PSA_KEY_TYPE_DERIVE, key, sizeof(key));
+ /* Derive a key */
+ status = psa_key_derivation_setup(&operation, alg);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to begin key derivation\n");
+ return;
+ }
+ status = psa_key_derivation_set_capacity(&operation, capacity);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to set capacity\n");
+ return;
+ }
+ status = psa_key_derivation_input_bytes(&operation,
+ PSA_KEY_DERIVATION_INPUT_SALT,
+ salt, sizeof(salt));
+ if (status != PSA_SUCCESS) {
+ printf("Failed to input salt (extract)\n");
+ return;
+ }
+ status = psa_key_derivation_input_key(&operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ base_key);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to input key (extract)\n");
+ return;
+ }
+ status = psa_key_derivation_input_bytes(&operation,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ info, sizeof(info));
+ if (status != PSA_SUCCESS) {
+ printf("Failed to input info (expand)\n");
+ return;
+ }
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, PSA_ALG_CTR);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, 128);
+ status = psa_key_derivation_output_key(&attributes, &operation,
+ &derived_key);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to derive key\n");
+ return;
+ }
+ psa_reset_key_attributes(&attributes);
- /* Derive a key into a key slot*/
- status = psa_key_derivation(&generator, base_key, alg, salt, sizeof(salt),
- label, sizeof(label), capacity);
+ printf("Derived key\n");
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR);
+ /* Clean up key derivation operation */
+ psa_key_derivation_abort(&operation);
- psa_set_key_policy(derived_key, &policy);
+ /* Destroy the keys */
+ psa_destroy_key(derived_key);
+ psa_destroy_key(base_key);
- psa_generator_import_key(derived_key, PSA_KEY_TYPE_AES, derived_bits, &generator);
-
- /* Clean up generator and key */
- psa_generator_abort(&generator);
- /* as part of clean up you may want to clean up the keys used by calling:
- * psa_destroy_key( base_key ); or psa_destroy_key( derived_key ); */
mbedtls_psa_crypto_free();
```
@@ -393,95 +663,152 @@
Prerequisites to working with the AEAD ciphers APIs:
* Initialize the library with a successful call to `psa_crypto_init`.
-* The key policy for the key used for derivation must be configured accordingly (`PSA_KEY_USAGE_ENCRYPT` or `PSA_KEY_USAGE_DECRYPT`).
+* The key attributes for the key used for derivation must have usage flags
+ `PSA_KEY_USAGE_ENCRYPT` or `PSA_KEY_USAGE_DECRYPT`.
To authenticate and encrypt a message:
```C
- int slot = 1;
psa_status_t status;
- unsigned char key[] = { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF };
-
- unsigned char nonce[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B };
-
- unsigned char additional_data[] = { 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25, 0x20,
- 0xC3, 0x3C, 0x49, 0xFD, 0x70 };
-
- unsigned char input_data[] = { 0xB9, 0x6B, 0x49, 0xE2, 0x1D, 0x62, 0x17, 0x41,
- 0x63, 0x28, 0x75, 0xDB, 0x7F, 0x6C, 0x92, 0x43,
- 0xD2, 0xD7, 0xC2 };
- unsigned char *output_data = NULL;
+ static const uint8_t key[] = {
+ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
+ 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF };
+ static const uint8_t nonce[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B };
+ static const uint8_t additional_data[] = {
+ 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25,
+ 0x20, 0xC3, 0x3C, 0x49, 0xFD, 0x70 };
+ static const uint8_t input_data[] = {
+ 0xB9, 0x6B, 0x49, 0xE2, 0x1D, 0x62, 0x17, 0x41,
+ 0x63, 0x28, 0x75, 0xDB, 0x7F, 0x6C, 0x92, 0x43,
+ 0xD2, 0xD7, 0xC2 };
+ uint8_t *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
size_t tag_length = 16;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_handle_t handle;
+
+ printf("Authenticate encrypt...\t");
+ fflush(stdout);
+
+ /* Initialize PSA Crypto */
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("Failed to initialize PSA Crypto\n");
+ return;
+ }
output_size = sizeof(input_data) + tag_length;
- output_data = malloc(output_size);
- status = psa_crypto_init();
+ output_data = (uint8_t *)malloc(output_size);
+ if (!output_data) {
+ printf("Out of memory\n");
+ return;
+ }
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM);
- status = psa_set_key_policy(slot, &policy);
+ /* Import a key */
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, PSA_ALG_CCM);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, 128);
+ status = psa_import_key(&attributes, key, sizeof(key), &handle);
+ psa_reset_key_attributes(&attributes);
- status = psa_import_key(slot, PSA_KEY_TYPE_AES, key, sizeof(key));
-
- status = psa_aead_encrypt(slot, PSA_ALG_CCM,
+ /* Authenticate and encrypt */
+ status = psa_aead_encrypt(handle, PSA_ALG_CCM,
nonce, sizeof(nonce),
additional_data, sizeof(additional_data),
input_data, sizeof(input_data),
output_data, output_size,
&output_length);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to authenticate and encrypt\n");
+ return;
+ }
- psa_destroy_key(slot);
- mbedtls_free(output_data);
+ printf("Authenticated and encrypted\n");
+
+ /* Clean up */
+ free(output_data);
+
+ /* Destroy the key */
+ psa_destroy_key(handle);
+
mbedtls_psa_crypto_free();
```
To authenticate and decrypt a message:
```C
- int slot = 1;
psa_status_t status;
- unsigned char key[] = {
+ static const uint8_t key[] = {
0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
- };
-
- unsigned char nonce[] = { 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25, 0x20, 0xC3,
- 0x3C, 0x49, 0xFD, 0x70
- };
-
- unsigned char additional_data[] = { 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25, 0x20,
- 0xC3, 0x3C, 0x49, 0xFD, 0x70
- };
- unsigned char input_data[] = { 0xB9, 0x6B, 0x49, 0xE2, 0x1D, 0x62, 0x17, 0x41,
- 0x63, 0x28, 0x75, 0xDB, 0x7F, 0x6C, 0x92, 0x43,
- 0xD2, 0xD7, 0xC2
- };
- unsigned char *output_data = NULL;
+ 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF };
+ static const uint8_t nonce[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B };
+ static const uint8_t additional_data[] = {
+ 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25,
+ 0x20, 0xC3, 0x3C, 0x49, 0xFD, 0x70 };
+ static const uint8_t input_data[] = {
+ 0x20, 0x30, 0xE0, 0x36, 0xED, 0x09, 0xA0, 0x45, 0xAF, 0x3C, 0xBA, 0xEE,
+ 0x0F, 0xC8, 0x48, 0xAF, 0xCD, 0x89, 0x54, 0xF4, 0xF6, 0x3F, 0x28, 0x9A,
+ 0xA1, 0xDD, 0xB2, 0xB8, 0x09, 0xCD, 0x7C, 0xE1, 0x46, 0xE9, 0x98 };
+ uint8_t *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_handle_t handle;
+
+ printf("Authenticate decrypt...\t");
+ fflush(stdout);
+
+ /* Initialize PSA Crypto */
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("Failed to initialize PSA Crypto\n");
+ return;
+ }
output_size = sizeof(input_data);
- output_data = malloc(output_size);
- status = psa_crypto_init();
+ output_data = (uint8_t *)malloc(output_size);
+ if (!output_data) {
+ printf("Out of memory\n");
+ return;
+ }
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM);
- status = psa_set_key_policy(slot, &policy);
+ /* Import a key */
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, PSA_ALG_CCM);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, 128);
+ status = psa_import_key(&attributes, key, sizeof(key), &handle);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to import a key\n");
+ return;
+ }
+ psa_reset_key_attributes(&attributes);
- status = psa_import_key(slot, PSA_KEY_TYPE_AES, key, sizeof(key));
-
- status = psa_aead_decrypt(slot, PSA_ALG_CCM,
+ /* Authenticate and decrypt */
+ status = psa_aead_decrypt(handle, PSA_ALG_CCM,
nonce, sizeof(nonce),
additional_data, sizeof(additional_data),
input_data, sizeof(input_data),
output_data, output_size,
&output_length);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to authenticate and decrypt %ld\n", status);
+ return;
+ }
- psa_destroy_key(slot);
- mbedtls_free(output_data);
+ printf("Authenticated and decrypted\n");
+
+ /* Clean up */
+ free(output_data);
+
+ /* Destroy the key */
+ psa_destroy_key(handle);
+
mbedtls_psa_crypto_free();
```
@@ -492,29 +819,61 @@
Prerequisites to using key generation and export APIs:
* Initialize the library with a successful call to `psa_crypto_init`.
-Generate a piece of random 128-bit AES data:
-1. Set the key policy for key generation by calling `psa_key_policy_set_usage()` with the `PSA_KEY_USAGE_EXPORT` parameter and the algorithm `PSA_ALG_GCM`.
-1. Generate a random AES key by calling `psa_generate_key()`.
-1. Export the generated key by calling `psa_export_key()`:
+Generate an ECDSA key:
+1. Set the desired key attributes for key generation by calling
+ `psa_set_key_algorithm()` with the chosen ECDSA algorithm (such as
+ `PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)`). We don't set
+ `PSA_KEY_USAGE_EXPORT` as we only want to export the public key, not the key
+ pair (or private key).
+1. Generate a key by calling `psa_generate_key()`.
+1. Export the generated public key by calling `psa_export_public_key()`
+:
```C
- int slot = 1;
- size_t bits = 128;
- size_t exported_size = bits;
+ enum {
+ key_bits = 256,
+ };
+ psa_status_t status;
size_t exported_length = 0;
- uint8_t *exported = malloc(exported_size);
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ static uint8_t exported[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits)];
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_handle_t handle;
- psa_crypto_init();
+ printf("Generate a key pair...\t");
+ fflush(stdout);
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_EXPORT, PSA_ALG_GCM);
- psa_set_key_policy(slot, &policy);
+ /* Initialize PSA Crypto */
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("Failed to initialize PSA Crypto\n");
+ return;
+ }
/* Generate a key */
- psa_generate_key(slot, PSA_KEY_TYPE_AES, bits, NULL, 0);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN);
+ psa_set_key_algorithm(&attributes,
+ PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
+ psa_set_key_type(&attributes,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1));
+ psa_set_key_bits(&attributes, key_bits);
+ status = psa_generate_key(&attributes, &handle);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to generate key\n");
+ return;
+ }
+ psa_reset_key_attributes(&attributes);
- psa_export_key(slot, exported, exported_size, &exported_length)
+ status = psa_export_public_key(handle, exported, sizeof(exported),
+ &exported_length);
+ if (status != PSA_SUCCESS) {
+ printf("Failed to export public key %ld\n", status);
+ return;
+ }
- psa_destroy_key(slot);
+ printf("Exported a public key\n");
+
+ /* Destroy the key */
+ psa_destroy_key(handle);
+
mbedtls_psa_crypto_free();
```
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index dac97f4..02f924d 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -16,7 +16,7 @@
endif(INSTALL_MBEDTLS_HEADERS)
# Make config.h available in an out-of-source build.
-if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
+if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(mbedtls)
link_to_source(psa)
endif()
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 94e7282..63c0f67 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -42,7 +42,7 @@
#define MBEDTLS_AES_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h
index a4ca012..955b7c9 100644
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
@@ -28,12 +28,12 @@
#define MBEDTLS_AESNI_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "aes.h"
+#include "mbedtls/aes.h"
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u
diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h
index fb044d5..acad623 100644
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@@ -29,7 +29,7 @@
#define MBEDTLS_ARC4_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 1e8956e..a72a8c2 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -31,7 +31,7 @@
#define MBEDTLS_ARIA_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -39,7 +39,7 @@
#include <stddef.h>
#include <stdint.h>
-#include "platform_util.h"
+#include "mbedtls/platform_util.h"
#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index f80acd7..ab947ab 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -25,7 +25,7 @@
#define MBEDTLS_ASN1_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -33,7 +33,7 @@
#include <stddef.h>
#if defined(MBEDTLS_BIGNUM_C)
-#include "bignum.h"
+#include "mbedtls/bignum.h"
#endif
/**
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index 8aa01b4..336f2da 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -25,12 +25,12 @@
#define MBEDTLS_ASN1_WRITE_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "asn1.h"
+#include "mbedtls/asn1.h"
#define MBEDTLS_ASN1_CHK_ADD(g, f) \
do \
diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index 0d02416..07ae3bf 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -25,7 +25,7 @@
#define MBEDTLS_BASE64_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index a04a145..2c5ace6 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -25,7 +25,7 @@
#define MBEDTLS_BIGNUM_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -129,7 +129,8 @@
defined(__ppc64__) || defined(__powerpc64__) || \
defined(__ia64__) || defined(__alpha__) || \
( defined(__sparc__) && defined(__arch64__) ) || \
- defined(__s390x__) || defined(__mips64) )
+ defined(__s390x__) || defined(__mips64) || \
+ defined(__aarch64__) )
#if !defined(MBEDTLS_HAVE_INT64)
#define MBEDTLS_HAVE_INT64
#endif /* MBEDTLS_HAVE_INT64 */
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index f01573d..1e5dba3 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -25,7 +25,7 @@
#define MBEDTLS_BLOWFISH_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -33,7 +33,7 @@
#include <stddef.h>
#include <stdint.h>
-#include "platform_util.h"
+#include "mbedtls/platform_util.h"
#define MBEDTLS_BLOWFISH_ENCRYPT 1
#define MBEDTLS_BLOWFISH_DECRYPT 0
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index c33bd8d..163869a 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -39,12 +39,12 @@
#define MBEDTLS_BN_MUL_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "bignum.h"
+#include "mbedtls/bignum.h"
#if defined(MBEDTLS_HAVE_ASM)
@@ -198,6 +198,30 @@
#endif /* AMD64 */
+#if defined(__aarch64__)
+
+#define MULADDC_INIT \
+ asm(
+
+#define MULADDC_CORE \
+ "ldr x4, [%2], #8 \n\t" \
+ "ldr x5, [%1] \n\t" \
+ "mul x6, x4, %3 \n\t" \
+ "umulh x7, x4, %3 \n\t" \
+ "adds x5, x5, x6 \n\t" \
+ "adc x7, x7, xzr \n\t" \
+ "adds x5, x5, %0 \n\t" \
+ "adc %0, x7, xzr \n\t" \
+ "str x5, [%1], #8 \n\t"
+
+#define MULADDC_STOP \
+ : "+r" (c), "+r" (d), "+r" (s) \
+ : "r" (b) \
+ : "x4", "x5", "x6", "x7", "cc" \
+ );
+
+#endif /* Aarch64 */
+
#if defined(__mc68020__) || defined(__mcpu32__)
#define MULADDC_INIT \
@@ -642,7 +666,8 @@
"r6", "r7", "r8", "r9", "cc" \
);
-#elif defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
+#elif (__ARM_ARCH >= 6) && \
+ defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
#define MULADDC_INIT \
asm(
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 3eeb663..a832454 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -25,7 +25,7 @@
#define MBEDTLS_CAMELLIA_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -33,7 +33,7 @@
#include <stddef.h>
#include <stdint.h>
-#include "platform_util.h"
+#include "mbedtls/platform_util.h"
#define MBEDTLS_CAMELLIA_ENCRYPT 1
#define MBEDTLS_CAMELLIA_DECRYPT 0
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index f03e3b5..ceac36c 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -50,12 +50,12 @@
#define MBEDTLS_CCM_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "cipher.h"
+#include "mbedtls/cipher.h"
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h
deleted file mode 100644
index b7c5708..0000000
--- a/include/mbedtls/certs.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/**
- * \file certs.h
- *
- * \brief Sample certificates and DHM parameters for testing
- */
-/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_CERTS_H
-#define MBEDTLS_CERTS_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-/* Concatenation of all CA certificates in PEM format if available */
-extern const char mbedtls_test_cas_pem[];
-extern const size_t mbedtls_test_cas_pem_len;
-#endif
-
-/* List of all CA certificates, terminated by NULL */
-extern const char * mbedtls_test_cas[];
-extern const size_t mbedtls_test_cas_len[];
-
-/*
- * Convenience for users who just want a certificate:
- * RSA by default, or ECDSA if RSA is not available
- */
-extern const char * mbedtls_test_ca_crt;
-extern const size_t mbedtls_test_ca_crt_len;
-extern const char * mbedtls_test_ca_key;
-extern const size_t mbedtls_test_ca_key_len;
-extern const char * mbedtls_test_ca_pwd;
-extern const size_t mbedtls_test_ca_pwd_len;
-extern const char * mbedtls_test_srv_crt;
-extern const size_t mbedtls_test_srv_crt_len;
-extern const char * mbedtls_test_srv_key;
-extern const size_t mbedtls_test_srv_key_len;
-extern const char * mbedtls_test_cli_crt;
-extern const size_t mbedtls_test_cli_crt_len;
-extern const char * mbedtls_test_cli_key;
-extern const size_t mbedtls_test_cli_key_len;
-
-#if defined(MBEDTLS_ECDSA_C)
-extern const char mbedtls_test_ca_crt_ec[];
-extern const size_t mbedtls_test_ca_crt_ec_len;
-extern const char mbedtls_test_ca_key_ec[];
-extern const size_t mbedtls_test_ca_key_ec_len;
-extern const char mbedtls_test_ca_pwd_ec[];
-extern const size_t mbedtls_test_ca_pwd_ec_len;
-extern const char mbedtls_test_srv_crt_ec[];
-extern const size_t mbedtls_test_srv_crt_ec_len;
-extern const char mbedtls_test_srv_key_ec[];
-extern const size_t mbedtls_test_srv_key_ec_len;
-extern const char mbedtls_test_cli_crt_ec[];
-extern const size_t mbedtls_test_cli_crt_ec_len;
-extern const char mbedtls_test_cli_key_ec[];
-extern const size_t mbedtls_test_cli_key_ec_len;
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-extern const char mbedtls_test_ca_crt_rsa[];
-extern const size_t mbedtls_test_ca_crt_rsa_len;
-extern const char mbedtls_test_ca_key_rsa[];
-extern const size_t mbedtls_test_ca_key_rsa_len;
-extern const char mbedtls_test_ca_pwd_rsa[];
-extern const size_t mbedtls_test_ca_pwd_rsa_len;
-extern const char mbedtls_test_srv_crt_rsa[];
-extern const size_t mbedtls_test_srv_crt_rsa_len;
-extern const char mbedtls_test_srv_key_rsa[];
-extern const size_t mbedtls_test_srv_key_rsa_len;
-extern const char mbedtls_test_cli_crt_rsa[];
-extern const size_t mbedtls_test_cli_crt_rsa_len;
-extern const char mbedtls_test_cli_key_rsa[];
-extern const size_t mbedtls_test_cli_key_rsa_len;
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* certs.h */
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 2ae5e6e..243ae63 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -34,7 +34,7 @@
#define MBEDTLS_CHACHA20_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 49e615d..3d842ef 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -34,13 +34,13 @@
#define MBEDTLS_CHACHAPOLY_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
/* for shared error codes */
-#include "poly1305.h"
+#include "mbedtls/poly1305.h"
#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054 /**< The requested operation is not permitted in the current state. */
#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056 /**< Authenticated decryption failed: data was not authentic. */
@@ -58,7 +58,7 @@
#if !defined(MBEDTLS_CHACHAPOLY_ALT)
-#include "chacha20.h"
+#include "mbedtls/chacha20.h"
typedef struct mbedtls_chachapoly_context
{
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 78bf131..4965e17 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -125,6 +125,11 @@
#error "MBEDTLS_ECP_RESTARTABLE defined, but not MBEDTLS_ECDH_LEGACY_CONTEXT"
#endif
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) && \
+ defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+#error "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED defined, but MBEDTLS_ECDH_LEGACY_CONTEXT not disabled"
+#endif
+
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
@@ -458,6 +463,12 @@
#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \
+ ! ( defined(MBEDTLS_PSA_CRYPTO_C) && \
+ defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) )
+#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
! defined(MBEDTLS_PSA_CRYPTO_C)
#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index ea00703..96efd93 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -30,13 +30,13 @@
#define MBEDTLS_CIPHER_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
-#include "platform_util.h"
+#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
#define MBEDTLS_CIPHER_MODE_AEAD
diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h
index d711339..5930f0e 100644
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@@ -27,12 +27,12 @@
#define MBEDTLS_CIPHER_WRAP_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "cipher.h"
+#include "mbedtls/cipher.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
@@ -124,14 +124,13 @@
MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
/* use raw key material internally imported */
- /* into a allocated key slot, and which */
- /* hence need to destroy that key slot */
- /* when they are no longer needed. */
+ /* as a volatile key, and which hence need */
+ /* to destroy that key when the context is */
+ /* freed. */
MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED, /* Used for PSA-based cipher contexts */
- /* which use a key from a key slot */
- /* provided by the user, and which */
- /* hence should not be destroyed when */
- /* the context is no longer needed. */
+ /* which use a key provided by the */
+ /* user, and which hence will not be */
+ /* destroyed when the context is freed. */
} mbedtls_cipher_psa_key_ownership;
typedef struct
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 9d42b3f..792fbdc 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -29,12 +29,12 @@
#define MBEDTLS_CMAC_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "cipher.h"
+#include "mbedtls/cipher.h"
#ifdef __cplusplus
extern "C" {
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index a58b472..361cf56 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -26,7 +26,7 @@
*/
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 56ad01c..3c1430c 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -277,28 +277,52 @@
* For example, when a function accepts as input a pointer to a buffer that may
* contain untrusted data, and its documentation mentions that this pointer
* must not be NULL:
- * - the pointer is checked to be non-NULL only if this option is enabled
- * - the content of the buffer is always validated
+ * - The pointer is checked to be non-NULL only if this option is enabled.
+ * - The content of the buffer is always validated.
*
* When this flag is defined, if a library function receives a parameter that
- * is invalid, it will:
- * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
- * call to the function mbedtls_param_failed()
- * - immediately return (with a specific error code unless the function
- * returns void and can't communicate an error).
+ * is invalid:
+ * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED().
+ * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function
+ * will immediately return. If the function returns an Mbed TLS error code,
+ * the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
*
- * When defining this flag, you also need to:
- * - either provide a definition of the function mbedtls_param_failed() in
- * your application (see platform_util.h for its prototype) as the library
- * calls that function, but does not provide a default definition for it,
- * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
- * below if the above mechanism is not flexible enough to suit your needs.
- * See the documentation of this macro later in this file.
+ * When defining this flag, you also need to arrange a definition for
+ * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods:
+ * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a
+ * function mbedtls_param_failed(), but the library does not define this
+ * function. If you do not make any other arrangements, you must provide
+ * the function mbedtls_param_failed() in your application.
+ * See `platform_util.h` for its prototype.
+ * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the
+ * library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
+ * You can still supply an alternative definition of
+ * MBEDTLS_PARAM_FAILED(), which may call `assert`.
+ * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h`
+ * or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`,
+ * the library will call the macro that you defined and will not supply
+ * its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`,
+ * you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source
+ * files include `<assert.h>`.
*
* Uncomment to enable validation of application-controlled parameters.
*/
//#define MBEDTLS_CHECK_PARAMS
+/**
+ * \def MBEDTLS_CHECK_PARAMS_ASSERT
+ *
+ * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to
+ * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined.
+ *
+ * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to
+ * calling a function mbedtls_param_failed(). See the documentation of
+ * #MBEDTLS_CHECK_PARAMS for details.
+ *
+ * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`.
+ */
+//#define MBEDTLS_CHECK_PARAMS_ASSERT
+
/* \} name SECTION: System support */
/**
@@ -983,6 +1007,16 @@
//#define MBEDTLS_SHA256_SMALLER
/**
+ * \def MBEDTLS_SHA512_SMALLER
+ *
+ * Enable an implementation of SHA-512 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * Uncomment to enable the smaller implementation of SHA512.
+ */
+//#define MBEDTLS_SHA512_SMALLER
+
+/**
* \def MBEDTLS_THREADING_ALT
*
* Provide your own alternate threading implementation.
@@ -1007,18 +1041,27 @@
/**
* \def MBEDTLS_USE_PSA_CRYPTO
*
- * Make the X.509 and TLS library use PSA for cryptographic operations, see
- * #MBEDTLS_PSA_CRYPTO_C.
+ * Make the X.509 and TLS library use PSA for cryptographic operations, and
+ * enable new APIs for using keys handled by PSA Crypto.
*
- * Note: this option is still in progress, the full X.509 and TLS modules are
- * not covered yet, but parts that are not ported to PSA yet will still work
- * as usual, so enabling this option should not break backwards compatibility.
+ * \note Development of this option is currently in progress, and parts of Mbed
+ * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
+ * will still continue to work as usual, so enabling this option should not
+ * break backwards compatibility.
*
- * \warning Support for PSA is still an experimental feature.
- * Any public API that depends on this option may change
- * at any time until this warning is removed.
+ * \warning Support for PSA is still an experimental feature.
+ * Any public API that depends on this option may change
+ * at any time until this warning is removed.
+ *
+ * \warning This option enables new Mbed TLS APIs that are dependent on the
+ * PSA Crypto API, so can't come with the same stability guarantees as the
+ * rest of the Mbed TLS APIs. You're welcome to experiment with them, but for
+ * now, access to these APIs is opt-in (via enabling the present option), in
+ * order to clearly differentiate them from the stable Mbed TLS APIs.
*
* Requires: MBEDTLS_PSA_CRYPTO_C.
+ *
+ * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
*/
//#define MBEDTLS_USE_PSA_CRYPTO
@@ -1702,6 +1745,10 @@
*
* Enable the Platform Security Architecture cryptography API.
*
+ * \warning The PSA Crypto API is still beta status. While you're welcome to
+ * experiment using it, incompatible API changes are still possible, and some
+ * parts may not have reached the same quality as the rest of Mbed TLS yet.
+ *
* Module: library/psa_crypto.c
*
* Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
@@ -1710,6 +1757,22 @@
#define MBEDTLS_PSA_CRYPTO_C
/**
+ * \def MBEDTLS_PSA_CRYPTO_SE_C
+ *
+ * Enable secure element support in the Platform Security Architecture
+ * cryptography API.
+ *
+ * \warning This feature is not yet suitable for production. It is provided
+ * for API evaluation and testing purposes only.
+ *
+ * Module: library/psa_crypto_se.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_SE_C
+
+/**
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C
*
* Enable the Platform Security Architecture persistent key storage.
@@ -1951,6 +2014,42 @@
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
/**
+ * \brief This macro is invoked by the library when an invalid parameter
+ * is detected that is only checked with #MBEDTLS_CHECK_PARAMS
+ * (see the documentation of that option for context).
+ *
+ * When you leave this undefined here, the library provides
+ * a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT
+ * is defined, the default definition is `assert(cond)`,
+ * otherwise the default definition calls a function
+ * mbedtls_param_failed(). This function is declared in
+ * `platform_util.h` for the benefit of the library, but
+ * you need to define in your application.
+ *
+ * When you define this here, this replaces the default
+ * definition in platform_util.h (which no longer declares the
+ * function mbedtls_param_failed()) and it is your responsibility
+ * to make sure this macro expands to something suitable (in
+ * particular, that all the necessary declarations are visible
+ * from within the library - you can ensure that by providing
+ * them in this file next to the macro definition).
+ * If you define this macro to call `assert`, also define
+ * #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files
+ * include `<assert.h>`.
+ *
+ * Note that you may define this macro to expand to nothing, in
+ * which case you don't have to worry about declarations or
+ * definitions. However, you will then be notified about invalid
+ * parameters only in non-void functions, and void function will
+ * just silently return early on invalid parameters, which
+ * partially negates the benefits of enabling
+ * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
+ *
+ * \param cond The expression that should evaluate to true, but doesn't.
+ */
+//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
+
+/**
* Uncomment the macro to let mbed TLS use your alternate implementation of
* mbedtls_platform_zeroize(). This replaces the default implementation in
* platform_util.c.
@@ -1989,6 +2088,15 @@
*/
//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+/**
+ * Enable the verified implementations of ECDH primitives from Project Everest
+ * (currently only Curve25519). This feature changes the layout of ECDH
+ * contexts and therefore is a compatibility break for applications that access
+ * fields of a mbedtls_ecdh_context structure directly. See also
+ * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
+ */
+//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+
/* \} name SECTION: Customisation configuration options */
/* Target and application specific configurations
@@ -2000,6 +2108,6 @@
#include MBEDTLS_USER_CONFIG_FILE
#endif
-#include "check_config.h"
+#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index cc3df7b..ffaf8ad 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -37,15 +37,15 @@
#define MBEDTLS_CTR_DRBG_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "aes.h"
+#include "mbedtls/aes.h"
#if defined(MBEDTLS_THREADING_C)
-#include "threading.h"
+#include "mbedtls/threading.h"
#endif
#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 54e6b78..1c80b53 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -30,7 +30,7 @@
#define MBEDTLS_DES_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 49eb6a4..831cfd7 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -66,11 +66,11 @@
#define MBEDTLS_DHM_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "bignum.h"
+#include "mbedtls/bignum.h"
/*
* DHM Error codes
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 384c3dc..3948d7c 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -35,12 +35,17 @@
#define MBEDTLS_ECDH_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "ecp.h"
+#include "mbedtls/ecp.h"
+
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+#undef MBEDTLS_ECDH_LEGACY_CONTEXT
+#include "everest/everest.h"
+#endif
#ifdef __cplusplus
extern "C" {
@@ -66,6 +71,9 @@
{
MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ MBEDTLS_ECDH_VARIANT_EVEREST /*!< Everest implementation */
+#endif
} mbedtls_ecdh_variant;
/**
@@ -119,6 +127,9 @@
union
{
mbedtls_ecdh_context_mbed mbed_ecdh;
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ mbedtls_ecdh_context_everest everest_ecdh;
+#endif
} ctx; /*!< Implementation-specific context. The
context in use is specified by the \c var
field. */
@@ -134,6 +145,15 @@
mbedtls_ecdh_context;
/**
+ * \brief Check whether a given group can be used for ECDH.
+ *
+ * \param gid The ECP group ID to check.
+ *
+ * \return \c 1 if the group can be used, \c 0 otherwise
+ */
+int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid );
+
+/**
* \brief This function generates an ECDH keypair on an elliptic
* curve.
*
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 2943945..ad51188 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -33,13 +33,13 @@
#define MBEDTLS_ECDSA_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "ecp.h"
-#include "md.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/md.h"
/**
* \brief Maximum ECDSA signature size for a given curve bit size
@@ -126,6 +126,16 @@
#endif /* MBEDTLS_ECP_RESTARTABLE */
/**
+ * \brief This function checks whether a given group can be used
+ * for ECDSA.
+ *
+ * \param gid The ECP group ID to check.
+ *
+ * \return \c 1 if the group can be used, \c 0 otherwise
+ */
+int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid );
+
+/**
* \brief This function computes the ECDSA signature of a
* previously-hashed message.
*
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index 3d8d02a..97387c3 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -41,13 +41,13 @@
* also be use outside TLS.
*/
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "ecp.h"
-#include "md.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/md.h"
#ifdef __cplusplus
extern "C" {
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 1a6ec13..d04cc49 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -37,12 +37,12 @@
#define MBEDTLS_ECP_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "bignum.h"
+#include "mbedtls/bignum.h"
/*
* ECP error codes
@@ -437,6 +437,12 @@
* mbedtls_ecp_curve_info() for all supported curves in order
* of preference.
*
+ * \note This function returns information about all curves
+ * supported by the library. Some curves may not be
+ * supported for all algorithms. Call mbedtls_ecdh_can_do()
+ * or mbedtls_ecdsa_can_do() to check if a curve is
+ * supported for ECDH or ECDSA.
+ *
* \return A statically allocated array. The last entry is 0.
*/
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
@@ -446,6 +452,12 @@
* identifiers of all supported curves in the order of
* preference.
*
+ * \note This function returns information about all curves
+ * supported by the library. Some curves may not be
+ * supported for all algorithms. Call mbedtls_ecdh_can_do()
+ * or mbedtls_ecdsa_can_do() to check if a curve is
+ * supported for ECDH or ECDSA.
+ *
* \return A statically allocated array,
* terminated with MBEDTLS_ECP_DP_NONE.
*/
diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h
index 7625ed4..3b6fbf1 100644
--- a/include/mbedtls/ecp_internal.h
+++ b/include/mbedtls/ecp_internal.h
@@ -62,7 +62,7 @@
#define MBEDTLS_ECP_INTERNAL_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index ca06dc3..06aaffa 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -25,7 +25,7 @@
#define MBEDTLS_ENTROPY_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -33,21 +33,21 @@
#include <stddef.h>
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-#include "sha512.h"
+#include "mbedtls/sha512.h"
#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
#else
#if defined(MBEDTLS_SHA256_C)
#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
-#include "sha256.h"
+#include "mbedtls/sha256.h"
#endif
#endif
#if defined(MBEDTLS_THREADING_C)
-#include "threading.h"
+#include "mbedtls/threading.h"
#endif
#if defined(MBEDTLS_HAVEGE_C)
-#include "havege.h"
+#include "mbedtls/havege.h"
#endif
#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */
diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h
index 94dd657..ba42805 100644
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@@ -25,7 +25,7 @@
#define MBEDTLS_ENTROPY_POLL_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index bee0fe4..20a245a 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -25,7 +25,7 @@
#define MBEDTLS_ERROR_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -100,8 +100,8 @@
* ECP 4 10 (Started from top)
* MD 5 5
* HKDF 5 1 (Started from top)
- * CIPHER 6 8
- * SSL 6 23 (Started from top)
+ * CIPHER 6 8 (Started from 0x6080)
+ * SSL 6 24 (Started from top, plus 0x6000)
* SSL 7 32
*
* Module dependent error code (5 bits 0x.00.-0x.F8.)
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index fd130ab..a71a2af 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -34,12 +34,12 @@
#define MBEDTLS_GCM_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "cipher.h"
+#include "mbedtls/cipher.h"
#include <stdint.h>
diff --git a/include/mbedtls/havege.h b/include/mbedtls/havege.h
index 4c1c860..acd7e48 100644
--- a/include/mbedtls/havege.h
+++ b/include/mbedtls/havege.h
@@ -25,12 +25,13 @@
#define MBEDTLS_HAVEGE_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
+#include <stdint.h>
#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
@@ -43,9 +44,9 @@
*/
typedef struct mbedtls_havege_state
{
- int PT1, PT2, offset[2];
- int pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
- int WALK[8192];
+ uint32_t PT1, PT2, offset[2];
+ uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
+ uint32_t WALK[8192];
}
mbedtls_havege_state;
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index 40ee64e..77a99ab 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -7,33 +7,33 @@
* specified by RFC 5869.
*/
/*
- * Copyright (C) 2016-2018, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright (C) 2018-2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
*
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_HKDF_H
#define MBEDTLS_HKDF_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "md.h"
+#include "mbedtls/md.h"
/**
* \name HKDF Error codes
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index f1289cb..46536a1 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -25,15 +25,15 @@
#define MBEDTLS_HMAC_DRBG_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "md.h"
+#include "mbedtls/md.h"
#if defined(MBEDTLS_THREADING_C)
-#include "threading.h"
+#include "mbedtls/threading.h"
#endif
/*
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 69ab21f..0b0ec91 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -30,7 +30,7 @@
#include <stddef.h>
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index fe97cf0..df1d5f7 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -30,7 +30,7 @@
#define MBEDTLS_MD2_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
index ce703c0..e7accd4 100644
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@@ -30,7 +30,7 @@
#define MBEDTLS_MD4_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 6eed6cc..4206c1f 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -29,7 +29,7 @@
#define MBEDTLS_MD5_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h
index 04de482..267ceba 100644
--- a/include/mbedtls/md_internal.h
+++ b/include/mbedtls/md_internal.h
@@ -29,12 +29,12 @@
#define MBEDTLS_MD_WRAP_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "md.h"
+#include "mbedtls/md.h"
#ifdef __cplusplus
extern "C" {
diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h
index 705f9a6..8e77f6f 100644
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@@ -25,7 +25,7 @@
#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index 3b67b59..b39406f 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -38,12 +38,12 @@
#define MBEDTLS_NIST_KW_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "cipher.h"
+#include "mbedtls/cipher.h"
#ifdef __cplusplus
extern "C" {
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 17cdba7..59ce020 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -25,22 +25,22 @@
#define MBEDTLS_OID_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "asn1.h"
-#include "pk.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/pk.h"
#include <stddef.h>
#if defined(MBEDTLS_CIPHER_C)
-#include "cipher.h"
+#include "mbedtls/cipher.h"
#endif
#if defined(MBEDTLS_MD_C)
-#include "md.h"
+#include "mbedtls/md.h"
#endif
#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */
diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h
index 721a5d4..513d72f 100644
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@@ -29,12 +29,12 @@
#define MBEDTLS_PADLOCK_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "aes.h"
+#include "mbedtls/aes.h"
#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index a29e9ce..f7bf1a6 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -25,7 +25,7 @@
#define MBEDTLS_PEM_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -112,17 +112,27 @@
* \brief Write a buffer of PEM information from a DER encoded
* buffer.
*
- * \param header header string to write
- * \param footer footer string to write
- * \param der_data DER data to write
- * \param der_len length of the DER data
- * \param buf buffer to write to
- * \param buf_len length of output buffer
- * \param olen total length written / required (if buf_len is not enough)
+ * \param header The header string to write.
+ * \param footer The footer string to write.
+ * \param der_data The DER data to encode.
+ * \param der_len The length of the DER data \p der_data in Bytes.
+ * \param buf The buffer to write to.
+ * \param buf_len The length of the output buffer \p buf in Bytes.
+ * \param olen The address at which to store the total length written
+ * or required (if \p buf_len is not enough).
*
- * \return 0 on success, or a specific PEM or BASE64 error code. On
- * MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
- * size.
+ * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len
+ * to request the length of the resulting PEM buffer in
+ * `*olen`.
+ *
+ * \note This function may be called with overlapping \p der_data
+ * and \p buf buffers.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
+ * enough to hold the PEM buffer. In this case, `*olen` holds
+ * the required minimum size of \p buf.
+ * \return Another PEM or BASE64 error code on other kinds of failure.
*/
int mbedtls_pem_write_buffer( const char *header, const char *footer,
const unsigned char *der_data, size_t der_len,
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 24951a6..d750004 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -26,23 +26,23 @@
#define MBEDTLS_PK_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "md.h"
+#include "mbedtls/md.h"
#if defined(MBEDTLS_RSA_C)
-#include "rsa.h"
+#include "mbedtls/rsa.h"
#endif
#if defined(MBEDTLS_ECP_C)
-#include "ecp.h"
+#include "mbedtls/ecp.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
-#include "ecdsa.h"
+#include "mbedtls/ecdsa.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -217,7 +217,7 @@
*
* \note For contexts that have been set up with
* mbedtls_pk_setup_opaque(), this does not free the underlying
- * key slot and you still need to call psa_destroy_key()
+ * PSA key and you still need to call psa_destroy_key()
* independently if you want to destroy that key.
*/
void mbedtls_pk_free( mbedtls_pk_context *ctx );
@@ -259,21 +259,21 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
- * \brief Initialize a PK context to wrap a PSA key slot.
+ * \brief Initialize a PK context to wrap a PSA key.
*
* \note This function replaces mbedtls_pk_setup() for contexts
- * that wrap a (possibly opaque) PSA key slot instead of
+ * that wrap a (possibly opaque) PSA key instead of
* storing and manipulating the key material directly.
*
* \param ctx The context to initialize. It must be empty (type NONE).
- * \param key The PSA key slot to wrap, which must hold an ECC key pair
+ * \param key The PSA key to wrap, which must hold an ECC key pair
* (see notes below).
*
- * \note The wrapped key slot must remain valid as long as the
+ * \note The wrapped key must remain valid as long as the
* wrapping PK context is in use, that is at least between
* the point this function is called and the point
* mbedtls_pk_free() is called on this context. The wrapped
- * key slot might then be independently used or destroyed.
+ * key might then be independently used or destroyed.
*
* \note This function is currently only available for ECC key
* pairs (that is, ECC keys containing private key material).
@@ -281,7 +281,7 @@
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input
- * (context already used, invalid key slot).
+ * (context already used, invalid key handle).
* \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an
* ECC key pair.
* \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
@@ -788,7 +788,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
- * \brief Turn an EC key into an Opaque one
+ * \brief Turn an EC key into an opaque one.
*
* \warning This is a temporary utility function for tests. It might
* change or be removed at any time without notice.
@@ -796,18 +796,19 @@
* \note Only ECDSA keys are supported so far. Signing with the
* specified hash is the only allowed use of that key.
*
- * \param pk Input: the EC key to transfer to a PSA key slot.
- * Output: a PK context wrapping that PSA key slot.
- * \param slot Output: the chosen slot for storing the key.
- * It's the caller's responsibility to destroy that slot
- * after calling mbedtls_pk_free() on the PK context.
+ * \param pk Input: the EC key to import to a PSA key.
+ * Output: a PK context wrapping that PSA key.
+ * \param handle Output: a PSA key handle.
+ * It's the caller's responsibility to call
+ * psa_destroy_key() on that handle after calling
+ * mbedtls_pk_free() on the PK context.
* \param hash_alg The hash algorithm to allow for use with that key.
*
* \return \c 0 if successful.
* \return An Mbed TLS error code otherwise.
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
- psa_key_handle_t *slot,
+ psa_key_handle_t *handle,
psa_algorithm_t hash_alg );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/include/mbedtls/pk_internal.h b/include/mbedtls/pk_internal.h
index fc9ba13..7ef6322 100644
--- a/include/mbedtls/pk_internal.h
+++ b/include/mbedtls/pk_internal.h
@@ -26,12 +26,12 @@
#define MBEDTLS_PK_WRAP_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "pk.h"
+#include "mbedtls/pk.h"
struct mbedtls_pk_info_t
{
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index d441357..9d42d7f 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -25,14 +25,14 @@
#define MBEDTLS_PKCS12_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "md.h"
-#include "cipher.h"
-#include "asn1.h"
+#include "mbedtls/md.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/asn1.h"
#include <stddef.h>
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index c92185f..bbec7e7 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -27,13 +27,13 @@
#define MBEDTLS_PKCS5_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "asn1.h"
-#include "md.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/md.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 801a948..b402f8f 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -34,13 +34,13 @@
#define MBEDTLS_PLATFORM_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_HAVE_TIME)
-#include "platform_time.h"
+#include "mbedtls/platform_time.h"
#endif
#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware accelerator failed */
@@ -256,6 +256,7 @@
* the destination buffer is too short.
*/
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
+#include <stdarg.h>
/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
#endif
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index 2ed36f5..fe484fd 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -25,7 +25,7 @@
#define MBEDTLS_PLATFORM_TIME_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index dba6d45..cf0130a 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -26,14 +26,14 @@
#define MBEDTLS_PLATFORM_UTIL_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
#if defined(MBEDTLS_HAVE_TIME_DATE)
-#include "platform_time.h"
+#include "mbedtls/platform_time.h"
#include <time.h>
#endif /* MBEDTLS_HAVE_TIME_DATE */
@@ -43,6 +43,12 @@
#if defined(MBEDTLS_CHECK_PARAMS)
+#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
+/* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert
+ * (which is what our config.h suggests). */
+#include <assert.h>
+#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
+
#if defined(MBEDTLS_PARAM_FAILED)
/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h.
*
@@ -50,6 +56,11 @@
* MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed().
*/
#define MBEDTLS_PARAM_FAILED_ALT
+
+#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT)
+#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
+#define MBEDTLS_PARAM_FAILED_ALT
+
#else /* MBEDTLS_PARAM_FAILED */
#define MBEDTLS_PARAM_FAILED( cond ) \
mbedtls_param_failed( #cond, __FILE__, __LINE__ )
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index f0ec44c..05866a2 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -34,7 +34,7 @@
#define MBEDTLS_POLY1305_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index b0c0428..8d18fcc 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -29,7 +29,7 @@
#define MBEDTLS_PSA_UTIL_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -38,10 +38,10 @@
#include "psa/crypto.h"
-#include "ecp.h"
-#include "md.h"
-#include "pk.h"
-#include "oid.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/md.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/oid.h"
#include <string.h>
@@ -413,7 +413,7 @@
/* All other failures */
case PSA_ERROR_COMMUNICATION_FAILURE:
case PSA_ERROR_HARDWARE_FAILURE:
- case PSA_ERROR_TAMPERING_DETECTED:
+ case PSA_ERROR_CORRUPTION_DETECTED:
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
default: /* We return the same as for the 'other failures',
* but list them separately nonetheless to indicate
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index b42f6d2..3c1f5bf 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -25,7 +25,7 @@
#define MBEDTLS_RIPEMD160_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -57,7 +57,7 @@
mbedtls_ripemd160_context;
#else /* MBEDTLS_RIPEMD160_ALT */
-#include "ripemd160.h"
+#include "ripemd160_alt.h"
#endif /* MBEDTLS_RIPEMD160_ALT */
/**
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 489f2ed..840540b 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -31,16 +31,16 @@
#define MBEDTLS_RSA_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "bignum.h"
-#include "md.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/md.h"
#if defined(MBEDTLS_THREADING_C)
-#include "threading.h"
+#include "mbedtls/threading.h"
#endif
/*
diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h
index 53abd3c..c1c844e 100644
--- a/include/mbedtls/rsa_internal.h
+++ b/include/mbedtls/rsa_internal.h
@@ -58,12 +58,12 @@
#define MBEDTLS_RSA_INTERNAL_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
-#include "bignum.h"
+#include "mbedtls/bignum.h"
#ifdef __cplusplus
extern "C" {
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index bb6ecf0..988d2f9 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -32,7 +32,7 @@
#define MBEDTLS_SHA1_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index d647398..1c59740 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -28,7 +28,7 @@
#define MBEDTLS_SHA256_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index c06ceed..48923e5 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -27,7 +27,7 @@
#define MBEDTLS_SHA512_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 92e6e6b..cab40f7 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -25,7 +25,7 @@
#define MBEDTLS_THREADING_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index a965fe0..b264a5a 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -25,7 +25,7 @@
#define MBEDTLS_TIMING_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 79b42b2..fd77830 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -29,7 +29,7 @@
#define MBEDTLS_VERSION_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h
index b47f553..2dc0afc 100644
--- a/include/mbedtls/xtea.h
+++ b/include/mbedtls/xtea.h
@@ -25,7 +25,7 @@
#define MBEDTLS_XTEA_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index b62788b..0d8cbfa 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -86,144 +86,265 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
*/
psa_status_t psa_crypto_init(void);
/**@}*/
-/** \defgroup policy Key policies
+/** \addtogroup attributes
* @{
*/
-/** The type of the key policy data structure.
+/** \def PSA_KEY_ATTRIBUTES_INIT
*
- * Before calling any function on a key policy, the application must initialize
- * it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- * \code
- * psa_key_policy_t policy;
- * memset(&policy, 0, sizeof(policy));
- * \endcode
- * - Initialize the structure to logical zero values, for example:
- * \code
- * psa_key_policy_t policy = {0};
- * \endcode
- * - Initialize the structure to the initializer #PSA_KEY_POLICY_INIT,
- * for example:
- * \code
- * psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- * \endcode
- * - Assign the result of the function psa_key_policy_init()
- * to the structure, for example:
- * \code
- * psa_key_policy_t policy;
- * policy = psa_key_policy_init();
- * \endcode
- *
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
-typedef struct psa_key_policy_s psa_key_policy_t;
-
-/** \def PSA_KEY_POLICY_INIT
- *
- * This macro returns a suitable initializer for a key policy object of type
- * #psa_key_policy_t.
+ * This macro returns a suitable initializer for a key attribute structure
+ * of type #psa_key_attributes_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
-#define PSA_KEY_POLICY_INIT {0}
+#define PSA_KEY_ATTRIBUTES_INIT {0}
#endif
-/** Return an initial value for a key policy that forbids all usage of the key.
+/** Return an initial value for a key attributes structure.
*/
-static psa_key_policy_t psa_key_policy_init(void);
+static psa_key_attributes_t psa_key_attributes_init(void);
-/** \brief Set the standard fields of a policy structure.
+/** Declare a key as persistent and set its key identifier.
*
- * Note that this function does not make any consistency check of the
- * parameters. The values are only checked when applying the policy to
- * a key slot with psa_set_key_policy().
+ * If the attribute structure currently declares the key as volatile (which
+ * is the default content of an attribute structure), this function sets
+ * the lifetime attribute to #PSA_KEY_LIFETIME_PERSISTENT.
*
- * \param[in,out] policy The key policy to modify. It must have been
- * initialized as per the documentation for
- * #psa_key_policy_t.
- * \param usage The permitted uses for the key.
- * \param alg The algorithm that the key may be used for.
+ * This function does not access storage, it merely stores the given
+ * value in the structure.
+ * The persistent key will be written to storage when the attribute
+ * structure is passed to a key creation function such as
+ * psa_import_key(), psa_generate_key(),
+ * psa_key_derivation_output_key() or psa_copy_key().
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes The attribute structure to write to.
+ * \param id The persistent identifier for the key.
*/
-void psa_key_policy_set_usage(psa_key_policy_t *policy,
- psa_key_usage_t usage,
- psa_algorithm_t alg);
+static void psa_set_key_id(psa_key_attributes_t *attributes,
+ psa_key_id_t id);
-/** \brief Retrieve the usage field of a policy structure.
+/** Set the location of a persistent key.
*
- * \param[in] policy The policy object to query.
+ * To make a key persistent, you must give it a persistent key identifier
+ * with psa_set_key_id(). By default, a key that has a persistent identifier
+ * is stored in the default storage area identifier by
+ * #PSA_KEY_LIFETIME_PERSISTENT. Call this function to choose a storage
+ * area, or to explicitly declare the key as volatile.
*
- * \return The permitted uses for a key with this policy.
+ * This function does not access storage, it merely stores the given
+ * value in the structure.
+ * The persistent key will be written to storage when the attribute
+ * structure is passed to a key creation function such as
+ * psa_import_key(), psa_generate_key(),
+ * psa_key_derivation_output_key() or psa_copy_key().
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes The attribute structure to write to.
+ * \param lifetime The lifetime for the key.
+ * If this is #PSA_KEY_LIFETIME_VOLATILE, the
+ * key will be volatile, and the key identifier
+ * attribute is reset to 0.
*/
-psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy);
+static void psa_set_key_lifetime(psa_key_attributes_t *attributes,
+ psa_key_lifetime_t lifetime);
-/** \brief Retrieve the algorithm field of a policy structure.
+/** Retrieve the key identifier from key attributes.
*
- * \param[in] policy The policy object to query.
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
*
- * \return The permitted algorithm for a key with this policy.
+ * \param[in] attributes The key attribute structure to query.
+ *
+ * \return The persistent identifier stored in the attribute structure.
+ * This value is unspecified if the attribute structure declares
+ * the key as volatile.
*/
-psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy);
+static psa_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes);
-/** \brief Set the usage policy on a key slot.
+/** Retrieve the lifetime from key attributes.
*
- * This function must be called on an empty key slot, before importing,
- * generating or creating a key in the slot. Changing the policy of an
- * existing key is not permitted.
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
*
- * Implementations may set restrictions on supported key policies
- * depending on the key type and the key slot.
+ * \param[in] attributes The key attribute structure to query.
*
- * \param handle Handle to the key whose policy is to be changed.
- * \param[in] policy The policy object to query.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * If the key is persistent, it is implementation-defined whether
- * the policy has been saved to persistent storage. Implementations
- * may defer saving the policy until the key material is created.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
+ * \return The lifetime value stored in the attribute structure.
*/
-psa_status_t psa_set_key_policy(psa_key_handle_t handle,
- const psa_key_policy_t *policy);
+static psa_key_lifetime_t psa_get_key_lifetime(
+ const psa_key_attributes_t *attributes);
-/** \brief Get the usage policy for a key slot.
+/** Declare usage flags for a key.
*
- * \param handle Handle to the key slot whose policy is being queried.
- * \param[out] policy On success, the key's policy.
+ * Usage flags are part of a key's usage policy. They encode what
+ * kind of operations are permitted on the key. For more details,
+ * refer to the documentation of the type #psa_key_usage_t.
+ *
+ * This function overwrites any usage flags
+ * previously set in \p attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes The attribute structure to write to.
+ * \param usage_flags The usage flags to write.
+ */
+static void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
+ psa_key_usage_t usage_flags);
+
+/** Retrieve the usage flags from key attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] attributes The key attribute structure to query.
+ *
+ * \return The usage flags stored in the attribute structure.
+ */
+static psa_key_usage_t psa_get_key_usage_flags(
+ const psa_key_attributes_t *attributes);
+
+/** Declare the permitted algorithm policy for a key.
+ *
+ * The permitted algorithm policy of a key encodes which algorithm or
+ * algorithms are permitted to be used with this key.
+ *
+ * This function overwrites any algorithm policy
+ * previously set in \p attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes The attribute structure to write to.
+ * \param alg The permitted algorithm policy to write.
+ */
+static void psa_set_key_algorithm(psa_key_attributes_t *attributes,
+ psa_algorithm_t alg);
+
+
+/** Retrieve the algorithm policy from key attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] attributes The key attribute structure to query.
+ *
+ * \return The algorithm stored in the attribute structure.
+ */
+static psa_algorithm_t psa_get_key_algorithm(
+ const psa_key_attributes_t *attributes);
+
+/** Declare the type of a key.
+ *
+ * This function overwrites any key type
+ * previously set in \p attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes The attribute structure to write to.
+ * \param type The key type to write.
+ */
+static void psa_set_key_type(psa_key_attributes_t *attributes,
+ psa_key_type_t type);
+
+
+/** Declare the size of a key.
+ *
+ * This function overwrites any key size previously set in \p attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes The attribute structure to write to.
+ * \param bits The key size in bits.
+ */
+static void psa_set_key_bits(psa_key_attributes_t *attributes,
+ size_t bits);
+
+/** Retrieve the key type from key attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] attributes The key attribute structure to query.
+ *
+ * \return The key type stored in the attribute structure.
+ */
+static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes);
+
+/** Retrieve the key size from key attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] attributes The key attribute structure to query.
+ *
+ * \return The key size stored in the attribute structure, in bits.
+ */
+static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
+
+/** Retrieve the attributes of a key.
+ *
+ * This function first resets the attribute structure as with
+ * psa_reset_key_attributes(). It then copies the attributes of
+ * the given key into the given attribute structure.
+ *
+ * \note This function may allocate memory or other resources.
+ * Once you have called this function on an attribute structure,
+ * you must call psa_reset_key_attributes() to free these resources.
+ *
+ * \param[in] handle Handle to the key to query.
+ * \param[in,out] attributes On success, the attributes of the key.
+ * On failure, equivalent to a
+ * freshly-initialized structure.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
*/
-psa_status_t psa_get_key_policy(psa_key_handle_t handle,
- psa_key_policy_t *policy);
+psa_status_t psa_get_key_attributes(psa_key_handle_t handle,
+ psa_key_attributes_t *attributes);
+
+/** Reset a key attribute structure to a freshly initialized state.
+ *
+ * You must initialize the attribute structure as described in the
+ * documentation of the type #psa_key_attributes_t before calling this
+ * function. Once the structure has been initialized, you may call this
+ * function at any time.
+ *
+ * This function frees any auxiliary resources that the structure
+ * may contain.
+ *
+ * \param[in,out] attributes The attribute structure to reset.
+ */
+void psa_reset_key_attributes(psa_key_attributes_t *attributes);
/**@}*/
@@ -231,122 +352,67 @@
* @{
*/
-/** \brief Retrieve the lifetime of an open key.
- *
- * \param handle Handle to query.
- * \param[out] lifetime On success, the lifetime value.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_get_key_lifetime(psa_key_handle_t handle,
- psa_key_lifetime_t *lifetime);
-
-
-/** Allocate a key slot for a transient key, i.e. a key which is only stored
- * in volatile memory.
- *
- * The allocated key slot and its handle remain valid until the
- * application calls psa_close_key() or psa_destroy_key() or until the
- * application terminates.
- *
- * \param[out] handle On success, a handle to a volatile key slot.
- *
- * \retval #PSA_SUCCESS
- * Success. The application can now use the value of `*handle`
- * to access the newly allocated key slot.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * There was not enough memory, or the maximum number of key slots
- * has been reached.
- */
-psa_status_t psa_allocate_key(psa_key_handle_t *handle);
-
/** Open a handle to an existing persistent key.
*
- * Open a handle to a key which was previously created with psa_create_key().
+ * Open a handle to a persistent key. A key is persistent if it was created
+ * with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key
+ * always has a nonzero key identifier, set with psa_set_key_id() when
+ * creating the key. Implementations may provide additional pre-provisioned
+ * keys that can be opened with psa_open_key(). Such keys have a key identifier
+ * in the vendor range, as documented in the description of #psa_key_id_t.
*
- * \param lifetime The lifetime of the key. This designates a storage
- * area where the key material is stored. This must not
- * be #PSA_KEY_LIFETIME_VOLATILE.
+ * The application must eventually close the handle with psa_close_key()
+ * to release associated resources. If the application dies without calling
+ * psa_close_key(), the implementation should perform the equivalent of a
+ * call to psa_close_key().
+ *
+ * Some implementations permit an application to open the same key multiple
+ * times. Applications that rely on this behavior will not be portable to
+ * implementations that only permit a single key handle to be opened. See
+ * also :ref:\`key-handles\`.
+ *
* \param id The persistent identifier of the key.
- * \param[out] handle On success, a handle to a key slot which contains
- * the data and metadata loaded from the specified
- * persistent location.
+ * \param[out] handle On success, a handle to the key.
*
* \retval #PSA_SUCCESS
* Success. The application can now use the value of `*handle`
- * to access the newly allocated key slot.
+ * to access the key.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * The implementation does not have sufficient resources to open the
+ * key. This can be due to reaching an implementation limit on the
+ * number of open keys, the number of open key handles, or available
+ * memory.
* \retval #PSA_ERROR_DOES_NOT_EXIST
+ * There is no persistent key with key identifier \p id.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p id is invalid for the specified lifetime.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \p lifetime is not supported.
+ * \p id is not a valid persistent key identifier.
* \retval #PSA_ERROR_NOT_PERMITTED
* The specified key exists, but the application does not have the
* permission to access it. Note that this specification does not
* define any way to create such a key, but it may be possible
* through implementation-specific means.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_STORAGE_FAILURE
*/
-psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
- psa_key_id_t id,
+psa_status_t psa_open_key(psa_key_id_t id,
psa_key_handle_t *handle);
-/** Create a new persistent key slot.
- *
- * Create a new persistent key slot and return a handle to it. The handle
- * remains valid until the application calls psa_close_key() or terminates.
- * The application can open the key again with psa_open_key() until it
- * removes the key by calling psa_destroy_key().
- *
- * \param lifetime The lifetime of the key. This designates a storage
- * area where the key material is stored. This must not
- * be #PSA_KEY_LIFETIME_VOLATILE.
- * \param id The persistent identifier of the key.
- * \param[out] handle On success, a handle to the newly created key slot.
- * When key material is later created in this key slot,
- * it will be saved to the specified persistent location.
- *
- * \retval #PSA_SUCCESS
- * Success. The application can now use the value of `*handle`
- * to access the newly allocated key slot.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * There is already a key with the identifier \p id in the storage
- * area designated by \p lifetime.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p id is invalid for the specified lifetime.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \p lifetime is not supported.
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \p lifetime is valid, but the application does not have the
- * permission to create a key there.
- */
-psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
- psa_key_id_t id,
- psa_key_handle_t *handle);
/** Close a key handle.
*
- * If the handle designates a volatile key, destroy the key material and
- * free all associated resources, just like psa_destroy_key().
+ * If the handle designates a volatile key, this will destroy the key material
+ * and free all associated resources, just like psa_destroy_key().
*
- * If the handle designates a persistent key, free all resources associated
- * with the key in volatile memory. The key slot in persistent storage is
- * not affected and can be opened again later with psa_open_key().
+ * If this is the last open handle to a persistent key, then closing the handle
+ * will free all resources associated with the key in volatile memory. The key
+ * data in persistent storage is not affected and can be opened again later
+ * with a call to psa_open_key().
+ *
+ * Closing the key handle makes the handle invalid, and the key handle
+ * must not be used again by the application.
+ *
+ * If the key is currently in use in a multipart operation, then closing the
+ * last remaining handle to the key will abort the multipart operation.
*
* \param handle The key handle to close.
*
@@ -377,65 +443,80 @@
* minimize the risk that an invalid input is accidentally interpreted
* according to a different format.
*
- * \param handle Handle to the slot where the key will be stored.
- * It must have been obtained by calling
- * psa_allocate_key() or psa_create_key() and must
- * not contain key material yet.
- * \param type Key type (a \c PSA_KEY_TYPE_XXX value). On a successful
- * import, the key slot will contain a key of this type.
+
+ * \param[in] attributes The attributes for the new key.
+ * The key size is always determined from the
+ * \p data buffer.
+ * If the key size in \p attributes is nonzero,
+ * it must be equal to the size from \p data.
+ * \param[out] handle On success, a handle to the newly created key.
+ * \c 0 on failure.
* \param[in] data Buffer containing the key data. The content of this
- * buffer is interpreted according to \p type. It must
- * contain the format described in the documentation
+ * buffer is interpreted according to the type declared
+ * in \p attributes.
+ * All implementations must support at least the format
+ * described in the documentation
* of psa_export_key() or psa_export_public_key() for
- * the chosen type.
+ * the chosen type. Implementations may allow other
+ * formats, but should be conservative: implementations
+ * should err on the side of rejecting content if it
+ * may be erroneous (e.g. wrong type or truncated data).
* \param data_length Size of the \p data buffer in bytes.
*
* \retval #PSA_SUCCESS
* Success.
* If the key is persistent, the key material and the key's metadata
* have been saved to persistent storage.
- * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * This is an attempt to create a persistent key, and there is
+ * already a persistent key with the given identifier.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The key type or key size is not supported, either by the
- * implementation in general or in this particular slot.
+ * implementation in general or in this particular persistent location.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * The key slot is invalid,
- * or the key data is not correctly formatted.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * There is already a key in the specified slot.
+ * The key attributes, as a whole, are invalid.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The key data is not correctly formatted.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The size in \p attributes is nonzero and does not match the size
+ * of the key data.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_import_key(psa_key_handle_t handle,
- psa_key_type_t type,
+psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
const uint8_t *data,
- size_t data_length);
+ size_t data_length,
+ psa_key_handle_t *handle);
/**
* \brief Destroy a key.
*
- * This function destroys the content of the key slot from both volatile
+ * This function destroys a key from both volatile
* memory and, if applicable, non-volatile storage. Implementations shall
- * make a best effort to ensure that any previous content of the slot is
- * unrecoverable.
+ * make a best effort to ensure that that the key material cannot be recovered.
*
* This function also erases any metadata such as policies and frees all
* resources associated with the key.
*
- * \param handle Handle to the key slot to erase.
+ * Destroying a key will invalidate all existing handles to the key.
+ *
+ * If the key is currently in use in a multipart operation, then destroying the
+ * key will abort the multipart operation.
+ *
+ * \param handle Handle to the key to erase.
*
* \retval #PSA_SUCCESS
- * The slot's content, if any, has been erased.
+ * The key material has been erased.
* \retval #PSA_ERROR_NOT_PERMITTED
- * The slot holds content and cannot be erased because it is
+ * The key cannot be erased because it is
* read-only, either due to a policy or due to physical restrictions.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -446,7 +527,7 @@
* to erase key material even in this stage, however applications
* should be aware that it may be impossible to guarantee that the
* key material is not recoverable in such cases.
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* An unexpected condition which is not a storage corruption or
* a communication failure occurred. The cryptoprocessor may have
* been compromised.
@@ -458,33 +539,6 @@
psa_status_t psa_destroy_key(psa_key_handle_t handle);
/**
- * \brief Get basic metadata about a key.
- *
- * \param handle Handle to the key slot to query.
- * \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX value).
- * This may be a null pointer, in which case the key type
- * is not written.
- * \param[out] bits On success, the key size in bits.
- * This may be a null pointer, in which case the key size
- * is not written.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- * The handle is to a key slot which does not contain key material yet.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_get_key_information(psa_key_handle_t handle,
- psa_key_type_t *type,
- size_t *bits);
-
-/**
* \brief Export a key in binary format.
*
* The output of this function can be passed to psa_import_key() to
@@ -503,7 +557,7 @@
* correct.
* - For Triple-DES, the format is the concatenation of the
* two or three DES keys.
- * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEYPAIR), the format
+ * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format
* is the non-encrypted DER encoding of the representation defined by
* PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0.
* ```
@@ -519,21 +573,8 @@
* coefficient INTEGER, -- (inverse of q) mod p
* }
* ```
- * - For DSA private keys (#PSA_KEY_TYPE_DSA_KEYPAIR), the format
- * is the non-encrypted DER encoding of the representation used by
- * OpenSSL and OpenSSH, whose structure is described in ASN.1 as follows:
- * ```
- * DSAPrivateKey ::= SEQUENCE {
- * version INTEGER, -- must be 0
- * prime INTEGER, -- p
- * subprime INTEGER, -- q
- * generator INTEGER, -- g
- * public INTEGER, -- y
- * private INTEGER, -- x
- * }
- * ```
* - For elliptic curve key pairs (key types for which
- * #PSA_KEY_TYPE_IS_ECC_KEYPAIR is true), the format is
+ * #PSA_KEY_TYPE_IS_ECC_KEY_PAIR is true), the format is
* a representation of the private value as a `ceiling(m/8)`-byte string
* where `m` is the bit size associated with the curve, i.e. the bit size
* of the order of the curve's coordinate field. This byte string is
@@ -543,9 +584,16 @@
* and `PSA_ECC_CURVE_BRAINPOOL_PXXX`).
* This is the content of the `privateKey` field of the `ECPrivateKey`
* format defined by RFC 5915.
+ * - For Diffie-Hellman key exchange key pairs (key types for which
+ * #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
+ * format is the representation of the private key `x` as a big-endian byte
+ * string. The length of the byte string is the private key size in bytes
+ * (leading zeroes are not stripped).
* - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
* true), the format is the same as for psa_export_public_key().
*
+ * The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set.
+ *
* \param handle Handle to the key to export.
* \param[out] data Buffer where the key data is to be written.
* \param data_size Size of the \p data buffer in bytes.
@@ -556,6 +604,7 @@
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
+ * The key does not have the #PSA_KEY_USAGE_EXPORT flag.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p data buffer is too small. You can determine a
@@ -565,7 +614,7 @@
* and \c bits is the key size in bits.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -599,39 +648,20 @@
* ```
* - For elliptic curve public keys (key types for which
* #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
- * representation defined by SEC1 §2.3.3 as the content of an ECPoint:
+ * representation defined by SEC1 §2.3.3 as the content of an ECPoint.
* Let `m` be the bit size associated with the curve, i.e. the bit size of
* `q` for a curve over `F_q`. The representation consists of:
* - The byte 0x04;
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
+ * - For Diffie-Hellman key exchange public keys (key types for which
+ * #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true),
+ * the format is the representation of the public key `y = g^x mod p` as a
+ * big-endian byte string. The length of the byte string is the length of the
+ * base prime `p` in bytes.
*
- * For other public key types, the format is the DER representation defined by
- * RFC 5280 as `SubjectPublicKeyInfo`, with the `subjectPublicKey` format
- * specified below.
- * ```
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- * ```
- * - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY),
- * the `subjectPublicKey` format is defined by RFC 3279 §2.3.2 as
- * `DSAPublicKey`,
- * with the OID `id-dsa`,
- * and with the parameters `DSS-Parms`.
- * ```
- * id-dsa OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1 }
- *
- * Dss-Parms ::= SEQUENCE {
- * p INTEGER,
- * q INTEGER,
- * g INTEGER }
- * DSAPublicKey ::= INTEGER -- public key, Y
- * ```
+ * Exporting a public key object or the public part of a key pair is
+ * always permitted, regardless of the key's usage flags.
*
* \param handle Handle to the key to export.
* \param[out] data Buffer where the key data is to be written.
@@ -648,12 +678,12 @@
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p data buffer is too small. You can determine a
* sufficient buffer size by calling
- * #PSA_KEY_EXPORT_MAX_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(\c type), \c bits)
+ * #PSA_KEY_EXPORT_MAX_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
* where \c type is the key type
* and \c bits is the key size in bits.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -672,51 +702,68 @@
* to another, since it populates a key using the material from
* another key which may have a different lifetime.
*
- * In an implementation where slots have different ownerships,
- * this function may be used to share a key with a different party,
+ * This function may be used to share a key with a different party,
* subject to implementation-defined restrictions on key sharing.
- * In this case \p constraint would typically prevent the recipient
- * from exporting the key.
*
- * The resulting key may only be used in a way that conforms to all
- * three of: the policy of the source key, the policy previously set
- * on the target, and the \p constraint parameter passed when calling
- * this function.
+ * The policy on the source key must have the usage flag
+ * #PSA_KEY_USAGE_COPY set.
+ * This flag is sufficient to permit the copy if the key has the lifetime
+ * #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT.
+ * Some secure elements do not provide a way to copy a key without
+ * making it extractable from the secure element. If a key is located
+ * in such a secure element, then the key must have both usage flags
+ * #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make
+ * a copy of the key outside the secure element.
+ *
+ * The resulting key may only be used in a way that conforms to
+ * both the policy of the original key and the policy specified in
+ * the \p attributes parameter:
* - The usage flags on the resulting key are the bitwise-and of the
- * usage flags on the source policy, the previously-set target policy
- * and the policy constraint.
- * - If all three policies allow the same algorithm or wildcard-based
+ * usage flags on the source policy and the usage flags in \p attributes.
+ * - If both allow the same algorithm or wildcard-based
* algorithm policy, the resulting key has the same algorithm policy.
- * - If one of the policies allows an algorithm and all the other policies
- * either allow the same algorithm or a wildcard-based algorithm policy
- * that includes this algorithm, the resulting key allows the same
- * algorithm.
+ * - If either of the policies allows an algorithm and the other policy
+ * allows a wildcard-based algorithm policy that includes this algorithm,
+ * the resulting key allows the same algorithm.
+ * - If the policies do not allow any algorithm in common, this function
+ * fails with the status #PSA_ERROR_INVALID_ARGUMENT.
*
- * The effect of this function on implementation-defined metadata is
+ * The effect of this function on implementation-defined attributes is
* implementation-defined.
*
- * \param source_handle The key to copy. It must be a handle to an
- * occupied slot.
- * \param target_handle A handle to the target slot. It must not contain
- * key material yet.
- * \param[in] constraint An optional policy constraint. If this parameter
- * is non-null then the resulting key will conform
- * to this policy in addition to the source policy
- * and the policy already present on the target
- * slot. If this parameter is null then the
- * function behaves in the same way as if it was
- * the target policy, i.e. only the source and
- * target policies apply.
+ * \param source_handle The key to copy. It must be a valid key handle.
+ * \param[in] attributes The attributes for the new key.
+ * They are used as follows:
+ * - The key type and size may be 0. If either is
+ * nonzero, it must match the corresponding
+ * attribute of the source key.
+ * - The key location (the lifetime and, for
+ * persistent keys, the key identifier) is
+ * used directly.
+ * - The policy constraints (usage flags and
+ * algorithm policy) are combined from
+ * the source key and \p attributes so that
+ * both sets of restrictions apply, as
+ * described in the documentation of this function.
+ * \param[out] target_handle On success, a handle to the newly created key.
+ * \c 0 on failure.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
+ * \p source_handle is invalid.
* \retval #PSA_ERROR_ALREADY_EXISTS
- * \p target already contains key material.
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- * \p source does not contain key material.
+ * This is an attempt to create a persistent key, and there is
+ * already a persistent key with the given identifier.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * The policy constraints on the source, on the target and
- * \p constraints are incompatible.
+ * The lifetime or identifier in \p attributes are invalid.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The policy constraints on the source and specified in
+ * \p attributes are incompatible.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p attributes specifies a key type or key size
+ * which does not match the attributes of the source key.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The source key does not have the #PSA_KEY_USAGE_COPY usage flag.
* \retval #PSA_ERROR_NOT_PERMITTED
* The source key is not exportable and its lifetime does not
* allow copying it to the target's lifetime.
@@ -724,11 +771,11 @@
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_copy_key(psa_key_handle_t source_handle,
- psa_key_handle_t target_handle,
- const psa_key_policy_t *constraint);
+ const psa_key_attributes_t *attributes,
+ psa_key_handle_t *target_handle);
/**@}*/
@@ -736,6 +783,65 @@
* @{
*/
+/** Calculate the hash (digest) of a message.
+ *
+ * \note To verify the hash of a message against an
+ * expected value, use psa_hash_compare() instead.
+ *
+ * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_HASH(\p alg) is true).
+ * \param[in] input Buffer containing the message to hash.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] hash Buffer where the hash is to be written.
+ * \param hash_size Size of the \p hash buffer in bytes.
+ * \param[out] hash_length On success, the number of bytes
+ * that make up the hash value. This is always
+ * #PSA_HASH_SIZE(\p alg).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a hash algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_hash_compute(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length);
+
+/** Calculate the hash (digest) of a message and compare it with a
+ * reference value.
+ *
+ * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_HASH(\p alg) is true).
+ * \param[in] input Buffer containing the message to hash.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] hash Buffer containing the expected hash value.
+ * \param hash_length Size of the \p hash buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The expected hash is identical to the actual hash of the input.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The hash of the message was calculated successfully, but it
+ * differs from the expected hash.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a hash algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_hash_compare(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *hash,
+ const size_t hash_length);
+
/** The type of the state data structure for multipart hash operations.
*
* Before calling any function on a hash operation object, the application must
@@ -822,7 +928,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
psa_algorithm_t alg);
@@ -844,7 +950,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_hash_update(psa_hash_operation_t *operation,
const uint8_t *input,
@@ -885,7 +991,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
uint8_t *hash,
@@ -921,7 +1027,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
@@ -952,7 +1058,7 @@
* \p operation is not an active hash operation.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_hash_abort(psa_hash_operation_t *operation);
@@ -978,7 +1084,7 @@
* \p target_operation is active.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation);
@@ -989,6 +1095,84 @@
* @{
*/
+/** Calculate the MAC (message authentication code) of a message.
+ *
+ * \note To verify the MAC of a message against an
+ * expected value, use psa_mac_verify() instead.
+ * Beware that comparing integrity or authenticity data such as
+ * MAC values with a function such as \c memcmp is risky
+ * because the time taken by the comparison may leak information
+ * about the MAC value which could allow an attacker to guess
+ * a valid MAC and thereby bypass security controls.
+ *
+ * \param handle Handle to the key to use for the operation.
+ * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_MAC(\p alg) is true).
+ * \param[in] input Buffer containing the input message.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] mac Buffer where the MAC value is to be written.
+ * \param mac_size Size of the \p mac buffer in bytes.
+ * \param[out] mac_length On success, the number of bytes
+ * that make up the MAC value.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p handle is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a MAC algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_mac_compute(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length);
+
+/** Calculate the MAC of a message and compare it with a reference value.
+ *
+ * \param handle Handle to the key to use for the operation.
+ * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_MAC(\p alg) is true).
+ * \param[in] input Buffer containing the input message.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] mac Buffer containing the expected MAC value.
+ * \param mac_length Size of the \p mac buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The expected MAC is identical to the actual MAC of the input.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The MAC of the message was calculated successfully, but it
+ * differs from the expected value.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p handle is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a MAC algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_mac_verify(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *mac,
+ const size_t mac_length);
+
/** The type of the state data structure for multipart MAC operations.
*
* Before calling any function on a MAC operation object, the application must
@@ -1048,8 +1232,6 @@
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT.
* -# Call psa_mac_sign_setup() to specify the algorithm and key.
- * The key remains associated with the operation even if the content
- * of the key slot changes.
* -# Call psa_mac_update() zero, one or more times, passing a fragment
* of the message each time. The MAC that is calculated is the MAC
* of the concatenation of these messages in order.
@@ -1068,8 +1250,10 @@
* been initialized as per the documentation for
* #psa_mac_operation_t and not yet in use.
* \param handle Handle to the key to use for the operation.
+ * It must remain valid until the operation
+ * terminates.
* \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
- * such that #PSA_ALG_IS_MAC(alg) is true).
+ * such that #PSA_ALG_IS_MAC(\p alg) is true).
*
* \retval #PSA_SUCCESS
* Success.
@@ -1077,13 +1261,13 @@
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
+ * \p handle is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a MAC algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (already set up and not
* subsequently completed).
@@ -1107,8 +1291,6 @@
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT.
* -# Call psa_mac_verify_setup() to specify the algorithm and key.
- * The key remains associated with the operation even if the content
- * of the key slot changes.
* -# Call psa_mac_update() zero, one or more times, passing a fragment
* of the message each time. The MAC that is calculated is the MAC
* of the concatenation of these messages in order.
@@ -1128,6 +1310,8 @@
* been initialized as per the documentation for
* #psa_mac_operation_t and not yet in use.
* \param handle Handle to the key to use for the operation.
+ * It must remain valid until the operation
+ * terminates.
* \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_MAC(\p alg) is true).
*
@@ -1143,7 +1327,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (already set up and not
* subsequently completed).
@@ -1175,7 +1359,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
@@ -1217,7 +1401,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
uint8_t *mac,
@@ -1253,7 +1437,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
@@ -1285,7 +1469,7 @@
* \p operation is not an active MAC operation.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
@@ -1295,6 +1479,89 @@
* @{
*/
+/** Encrypt a message using a symmetric cipher.
+ *
+ * This function encrypts a message with a random IV (initialization
+ * vector).
+ *
+ * \param handle Handle to the key to use for the operation.
+ * It must remain valid until the operation
+ * terminates.
+ * \param alg The cipher algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param[in] input Buffer containing the message to encrypt.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] output Buffer where the output is to be written.
+ * The output contains the IV followed by
+ * the ciphertext proper.
+ * \param output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the output.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p handle is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a cipher algorithm.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_cipher_encrypt(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/** Decrypt a message using a symmetric cipher.
+ *
+ * This function decrypts a message encrypted with a symmetric cipher.
+ *
+ * \param handle Handle to the key to use for the operation.
+ * It must remain valid until the operation
+ * terminates.
+ * \param alg The cipher algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param[in] input Buffer containing the message to decrypt.
+ * This consists of the IV followed by the
+ * ciphertext proper.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] output Buffer where the plaintext is to be written.
+ * \param output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the output.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p handle is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a cipher algorithm.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_cipher_decrypt(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
/** The type of the state data structure for multipart cipher operations.
*
* Before calling any function on a cipher operation object, the application
@@ -1351,8 +1618,6 @@
* documentation for #psa_cipher_operation_t, e.g.
* PSA_CIPHER_OPERATION_INIT.
* -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
- * The key remains associated with the operation even if the content
- * of the key slot changes.
* -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
* generate or set the IV (initialization vector). You should use
* psa_cipher_generate_iv() unless the protocol you are implementing
@@ -1367,14 +1632,15 @@
* After a successful call to psa_cipher_encrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
- * - A failed call to psa_cipher_generate_iv(), psa_cipher_set_iv()
- * or psa_cipher_update().
+ * - A failed call to any of the \c psa_cipher_xxx functions.
* - A call to psa_cipher_finish() or psa_cipher_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_cipher_operation_t and not yet in use.
* \param handle Handle to the key to use for the operation.
+ * It must remain valid until the operation
+ * terminates.
* \param alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
@@ -1385,13 +1651,13 @@
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
+ * \p handle is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (already set up and not
* subsequently completed).
@@ -1414,9 +1680,7 @@
* documentation for #psa_cipher_operation_t, e.g.
* PSA_CIPHER_OPERATION_INIT.
* -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
- * The key remains associated with the operation even if the content
- * of the key slot changes.
- * -# Call psa_cipher_update() with the IV (initialization vector) for the
+ * -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
* decryption. If the IV is prepended to the ciphertext, you can call
* psa_cipher_update() on a buffer containing the IV followed by the
* beginning of the message.
@@ -1430,13 +1694,15 @@
* After a successful call to psa_cipher_decrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
- * - A failed call to psa_cipher_update().
+ * - A failed call to any of the \c psa_cipher_xxx functions.
* - A call to psa_cipher_finish() or psa_cipher_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_cipher_operation_t and not yet in use.
* \param handle Handle to the key to use for the operation.
+ * It must remain valid until the operation
+ * terminates.
* \param alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
@@ -1447,13 +1713,13 @@
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
+ * \p handle is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (already set up and not
* subsequently completed).
@@ -1492,16 +1758,16 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
- unsigned char *iv,
+ uint8_t *iv,
size_t iv_size,
size_t *iv_length);
/** Set the IV for a symmetric encryption or decryption operation.
*
- * This function sets the random IV (initialization vector), nonce
+ * This function sets the IV (initialization vector), nonce
* or initial counter value for the encryption or decryption operation.
*
* The application must call psa_cipher_encrypt_setup() before
@@ -1527,10 +1793,10 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
- const unsigned char *iv,
+ const uint8_t *iv,
size_t iv_length);
/** Encrypt or decrypt a message fragment in an active cipher operation.
@@ -1563,12 +1829,12 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
- unsigned char *output,
+ uint8_t *output,
size_t output_size,
size_t *output_length);
@@ -1601,7 +1867,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
uint8_t *output,
@@ -1634,7 +1900,7 @@
* \p operation is not an active cipher operation.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
@@ -1670,7 +1936,7 @@
* #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg,
* \p plaintext_length).
* \param[out] ciphertext_length On success, the size of the output
- * in the \b ciphertext buffer.
+ * in the \p ciphertext buffer.
*
* \retval #PSA_SUCCESS
* Success.
@@ -1678,13 +1944,13 @@
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
+ * \p handle is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not an AEAD algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -1726,7 +1992,7 @@
* #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg,
* \p ciphertext_length).
* \param[out] plaintext_length On success, the size of the output
- * in the \b plaintext buffer.
+ * in the \p plaintext buffer.
*
* \retval #PSA_SUCCESS
* Success.
@@ -1736,13 +2002,13 @@
* The ciphertext is not authentic.
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
+ * \p handle is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not an AEAD algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -1760,6 +2026,556 @@
size_t plaintext_size,
size_t *plaintext_length);
+/** The type of the state data structure for multipart AEAD operations.
+ *
+ * Before calling any function on an AEAD operation object, the application
+ * must initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_aead_operation_t operation;
+ * memset(&operation, 0, sizeof(operation));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_aead_operation_t operation = {0};
+ * \endcode
+ * - Initialize the structure to the initializer #PSA_AEAD_OPERATION_INIT,
+ * for example:
+ * \code
+ * psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ * \endcode
+ * - Assign the result of the function psa_aead_operation_init()
+ * to the structure, for example:
+ * \code
+ * psa_aead_operation_t operation;
+ * operation = psa_aead_operation_init();
+ * \endcode
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure except
+ * as directed by the documentation of a specific implementation. */
+typedef struct psa_aead_operation_s psa_aead_operation_t;
+
+/** \def PSA_AEAD_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for an AEAD operation object of
+ * type #psa_aead_operation_t.
+ */
+#ifdef __DOXYGEN_ONLY__
+/* This is an example definition for documentation purposes.
+ * Implementations should define a suitable value in `crypto_struct.h`.
+ */
+#define PSA_AEAD_OPERATION_INIT {0}
+#endif
+
+/** Return an initial value for an AEAD operation object.
+ */
+static psa_aead_operation_t psa_aead_operation_init(void);
+
+/** Set the key for a multipart authenticated encryption operation.
+ *
+ * The sequence of operations to encrypt a message with authentication
+ * is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_aead_operation_t, e.g.
+ * PSA_AEAD_OPERATION_INIT.
+ * -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
+ * -# If needed, call psa_aead_set_lengths() to specify the length of the
+ * inputs to the subsequent calls to psa_aead_update_ad() and
+ * psa_aead_update(). See the documentation of psa_aead_set_lengths()
+ * for details.
+ * -# Call either psa_aead_generate_nonce() or psa_aead_set_nonce() to
+ * generate or set the nonce. You should use
+ * psa_aead_generate_nonce() unless the protocol you are implementing
+ * requires a specific nonce value.
+ * -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
+ * of the non-encrypted additional authenticated data each time.
+ * -# Call psa_aead_update() zero, one or more times, passing a fragment
+ * of the message to encrypt each time.
+ * -# Call psa_aead_finish().
+ *
+ * The application may call psa_aead_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_aead_encrypt_setup(), the application must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A failed call to any of the \c psa_aead_xxx functions.
+ * - A call to psa_aead_finish(), psa_aead_verify() or psa_aead_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_aead_operation_t and not yet in use.
+ * \param handle Handle to the key to use for the operation.
+ * It must remain valid until the operation
+ * terminates.
+ * \param alg The AEAD algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p handle is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not an AEAD algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg);
+
+/** Set the key for a multipart authenticated decryption operation.
+ *
+ * The sequence of operations to decrypt a message with authentication
+ * is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_aead_operation_t, e.g.
+ * PSA_AEAD_OPERATION_INIT.
+ * -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
+ * -# If needed, call psa_aead_set_lengths() to specify the length of the
+ * inputs to the subsequent calls to psa_aead_update_ad() and
+ * psa_aead_update(). See the documentation of psa_aead_set_lengths()
+ * for details.
+ * -# Call psa_aead_set_nonce() with the nonce for the decryption.
+ * -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
+ * of the non-encrypted additional authenticated data each time.
+ * -# Call psa_aead_update() zero, one or more times, passing a fragment
+ * of the ciphertext to decrypt each time.
+ * -# Call psa_aead_verify().
+ *
+ * The application may call psa_aead_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_aead_decrypt_setup(), the application must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A failed call to any of the \c psa_aead_xxx functions.
+ * - A call to psa_aead_finish(), psa_aead_verify() or psa_aead_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_aead_operation_t and not yet in use.
+ * \param handle Handle to the key to use for the operation.
+ * It must remain valid until the operation
+ * terminates.
+ * \param alg The AEAD algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p handle is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not an AEAD algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg);
+
+/** Generate a random nonce for an authenticated encryption operation.
+ *
+ * This function generates a random nonce for the authenticated encryption
+ * operation with an appropriate size for the chosen algorithm, key type
+ * and key size.
+ *
+ * The application must call psa_aead_encrypt_setup() before
+ * calling this function.
+ *
+ * If this function returns an error status, the operation becomes inactive.
+ *
+ * \param[in,out] operation Active AEAD operation.
+ * \param[out] nonce Buffer where the generated nonce is to be
+ * written.
+ * \param nonce_size Size of the \p nonce buffer in bytes.
+ * \param[out] nonce_length On success, the number of bytes of the
+ * generated nonce.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, or nonce already set).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p nonce buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
+ uint8_t *nonce,
+ size_t nonce_size,
+ size_t *nonce_length);
+
+/** Set the nonce for an authenticated encryption or decryption operation.
+ *
+ * This function sets the nonce for the authenticated
+ * encryption or decryption operation.
+ *
+ * The application must call psa_aead_encrypt_setup() before
+ * calling this function.
+ *
+ * If this function returns an error status, the operation becomes inactive.
+ *
+ * \note When encrypting, applications should use psa_aead_generate_nonce()
+ * instead of this function, unless implementing a protocol that requires
+ * a non-random IV.
+ *
+ * \param[in,out] operation Active AEAD operation.
+ * \param[in] nonce Buffer containing the nonce to use.
+ * \param nonce_length Size of the nonce in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, or nonce already set).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The size of \p nonce is not acceptable for the chosen algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
+ const uint8_t *nonce,
+ size_t nonce_length);
+
+/** Declare the lengths of the message and additional data for AEAD.
+ *
+ * The application must call this function before calling
+ * psa_aead_update_ad() or psa_aead_update() if the algorithm for
+ * the operation requires it. If the algorithm does not require it,
+ * calling this function is optional, but if this function is called
+ * then the implementation must enforce the lengths.
+ *
+ * You may call this function before or after setting the nonce with
+ * psa_aead_set_nonce() or psa_aead_generate_nonce().
+ *
+ * - For #PSA_ALG_CCM, calling this function is required.
+ * - For the other AEAD algorithms defined in this specification, calling
+ * this function is not required.
+ * - For vendor-defined algorithm, refer to the vendor documentation.
+ *
+ * \param[in,out] operation Active AEAD operation.
+ * \param ad_length Size of the non-encrypted additional
+ * authenticated data in bytes.
+ * \param plaintext_length Size of the plaintext to encrypt in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, already completed,
+ * or psa_aead_update_ad() or psa_aead_update() already called).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * At least one of the lengths is not acceptable for the chosen
+ * algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
+ size_t ad_length,
+ size_t plaintext_length);
+
+/** Pass additional data to an active AEAD operation.
+ *
+ * Additional data is authenticated, but not encrypted.
+ *
+ * You may call this function multiple times to pass successive fragments
+ * of the additional data. You may not call this function after passing
+ * data to encrypt or decrypt with psa_aead_update().
+ *
+ * Before calling this function, you must:
+ * 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
+ * 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
+ *
+ * If this function returns an error status, the operation becomes inactive.
+ *
+ * \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
+ * there is no guarantee that the input is valid. Therefore, until
+ * you have called psa_aead_verify() and it has returned #PSA_SUCCESS,
+ * treat the input as untrusted and prepare to undo any action that
+ * depends on the input if psa_aead_verify() returns an error status.
+ *
+ * \param[in,out] operation Active AEAD operation.
+ * \param[in] input Buffer containing the fragment of
+ * additional data.
+ * \param input_length Size of the \p input buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, nonce not set,
+ * psa_aead_update() already called, or operation already completed).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The total input length overflows the additional data length that
+ * was previously specified with psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length);
+
+/** Encrypt or decrypt a message fragment in an active AEAD operation.
+ *
+ * Before calling this function, you must:
+ * 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
+ * The choice of setup function determines whether this function
+ * encrypts or decrypts its input.
+ * 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
+ * 3. Call psa_aead_update_ad() to pass all the additional data.
+ *
+ * If this function returns an error status, the operation becomes inactive.
+ *
+ * \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
+ * there is no guarantee that the input is valid. Therefore, until
+ * you have called psa_aead_verify() and it has returned #PSA_SUCCESS:
+ * - Do not use the output in any way other than storing it in a
+ * confidential location. If you take any action that depends
+ * on the tentative decrypted data, this action will need to be
+ * undone if the input turns out not to be valid. Furthermore,
+ * if an adversary can observe that this action took place
+ * (for example through timing), they may be able to use this
+ * fact as an oracle to decrypt any message encrypted with the
+ * same key.
+ * - In particular, do not copy the output anywhere but to a
+ * memory or storage space that you have exclusive access to.
+ *
+ * This function does not require the input to be aligned to any
+ * particular block boundary. If the implementation can only process
+ * a whole block at a time, it must consume all the input provided, but
+ * it may delay the end of the corresponding output until a subsequent
+ * call to psa_aead_update(), psa_aead_finish() or psa_aead_verify()
+ * provides sufficient input. The amount of data that can be delayed
+ * in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
+ *
+ * \param[in,out] operation Active AEAD operation.
+ * \param[in] input Buffer containing the message fragment to
+ * encrypt or decrypt.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] output Buffer where the output is to be written.
+ * \param output_size Size of the \p output buffer in bytes.
+ * This must be at least
+ * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg,
+ * \p input_length) where \c alg is the
+ * algorithm that is being calculated.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, nonce not set
+ * or already completed).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small.
+ * You can determine a sufficient buffer size by calling
+ * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, \p input_length)
+ * where \c alg is the algorithm that is being calculated.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The total length of input to psa_aead_update_ad() so far is
+ * less than the additional data length that was previously
+ * specified with psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The total input length overflows the plaintext length that
+ * was previously specified with psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_aead_update(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/** Finish encrypting a message in an AEAD operation.
+ *
+ * The operation must have been set up with psa_aead_encrypt_setup().
+ *
+ * This function finishes the authentication of the additional data
+ * formed by concatenating the inputs passed to preceding calls to
+ * psa_aead_update_ad() with the plaintext formed by concatenating the
+ * inputs passed to preceding calls to psa_aead_update().
+ *
+ * This function has two output buffers:
+ * - \p ciphertext contains trailing ciphertext that was buffered from
+ * preceding calls to psa_aead_update().
+ * - \p tag contains the authentication tag. Its length is always
+ * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is the AEAD algorithm
+ * that the operation performs.
+ *
+ * When this function returns, the operation becomes inactive.
+ *
+ * \param[in,out] operation Active AEAD operation.
+ * \param[out] ciphertext Buffer where the last part of the ciphertext
+ * is to be written.
+ * \param ciphertext_size Size of the \p ciphertext buffer in bytes.
+ * This must be at least
+ * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) where
+ * \c alg is the algorithm that is being
+ * calculated.
+ * \param[out] ciphertext_length On success, the number of bytes of
+ * returned ciphertext.
+ * \param[out] tag Buffer where the authentication tag is
+ * to be written.
+ * \param tag_size Size of the \p tag buffer in bytes.
+ * This must be at least
+ * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is
+ * the algorithm that is being calculated.
+ * \param[out] tag_length On success, the number of bytes
+ * that make up the returned tag.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, nonce not set,
+ * decryption, or already completed).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p ciphertext or \p tag buffer is too small.
+ * You can determine a sufficient buffer size for \p ciphertext by
+ * calling #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg)
+ * where \c alg is the algorithm that is being calculated.
+ * You can determine a sufficient buffer size for \p tag by
+ * calling #PSA_AEAD_TAG_LENGTH(\c alg).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The total length of input to psa_aead_update_ad() so far is
+ * less than the additional data length that was previously
+ * specified with psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The total length of input to psa_aead_update() so far is
+ * less than the plaintext length that was previously
+ * specified with psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length,
+ uint8_t *tag,
+ size_t tag_size,
+ size_t *tag_length);
+
+/** Finish authenticating and decrypting a message in an AEAD operation.
+ *
+ * The operation must have been set up with psa_aead_decrypt_setup().
+ *
+ * This function finishes the authentication of the additional data
+ * formed by concatenating the inputs passed to preceding calls to
+ * psa_aead_update_ad() with the ciphertext formed by concatenating the
+ * inputs passed to preceding calls to psa_aead_update().
+ *
+ * When this function returns, the operation becomes inactive.
+ *
+ * \param[in,out] operation Active AEAD operation.
+ * \param[out] plaintext Buffer where the last part of the plaintext
+ * is to be written. This is the remaining data
+ * from previous calls to psa_aead_update()
+ * that could not be processed until the end
+ * of the input.
+ * \param plaintext_size Size of the \p plaintext buffer in bytes.
+ * This must be at least
+ * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) where
+ * \c alg is the algorithm that is being
+ * calculated.
+ * \param[out] plaintext_length On success, the number of bytes of
+ * returned plaintext.
+ * \param[in] tag Buffer containing the authentication tag.
+ * \param tag_length Size of the \p tag buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, nonce not set,
+ * encryption, or already completed).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p plaintext buffer is too small.
+ * You can determine a sufficient buffer size for \p plaintext by
+ * calling #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg)
+ * where \c alg is the algorithm that is being calculated.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The total length of input to psa_aead_update_ad() so far is
+ * less than the additional data length that was previously
+ * specified with psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The total length of input to psa_aead_update() so far is
+ * less than the plaintext length that was previously
+ * specified with psa_aead_set_lengths().
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length,
+ const uint8_t *tag,
+ size_t tag_length);
+
+/** Abort an AEAD operation.
+ *
+ * Aborting an operation frees all associated resources except for the
+ * \p operation structure itself. Once aborted, the operation object
+ * can be reused for another operation by calling
+ * psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again.
+ *
+ * You may call this function any time after the operation object has
+ * been initialized by any of the following methods:
+ * - A call to psa_aead_encrypt_setup() or psa_aead_decrypt_setup(),
+ * whether it succeeds or not.
+ * - Initializing the \c struct to all-bits-zero.
+ * - Initializing the \c struct to logical zeros, e.g.
+ * `psa_aead_operation_t operation = {0}`.
+ *
+ * In particular, calling psa_aead_abort() after the operation has been
+ * terminated by a call to psa_aead_abort() or psa_aead_finish()
+ * is safe and has no effect.
+ *
+ * \param[in,out] operation Initialized AEAD operation.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * \p operation is not an active AEAD operation.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
+
/**@}*/
/** \defgroup asymmetric Asymmetric cryptography
@@ -1778,7 +2594,7 @@
* \param handle Handle to the key to use for the operation.
* It must be an asymmetric key pair.
* \param alg A signature algorithm that is compatible with
- * the type of \p key.
+ * the type of \p handle.
* \param[in] hash The hash or message to sign.
* \param hash_length Size of the \p hash buffer in bytes.
* \param[out] signature Buffer where the signature is to be written.
@@ -1792,13 +2608,13 @@
* determine a sufficient buffer size by calling
* #PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* where \c key_type and \c key_bits are the type and bit-size
- * respectively of \p key.
+ * respectively of \p handle.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
@@ -1825,7 +2641,7 @@
* \param handle Handle to the key to use for the operation.
* It must be a public key or an asymmetric key pair.
* \param alg A signature algorithm that is compatible with
- * the type of \p key.
+ * the type of \p handle.
* \param[in] hash The hash or message whose signature is to be
* verified.
* \param hash_length Size of the \p hash buffer in bytes.
@@ -1842,7 +2658,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -1862,7 +2678,7 @@
* It must be a public key or an asymmetric
* key pair.
* \param alg An asymmetric encryption algorithm that is
- * compatible with the type of \p key.
+ * compatible with the type of \p handle.
* \param[in] input The message to encrypt.
* \param input_length Size of the \p input buffer in bytes.
* \param[in] salt A salt or label, if supported by the
@@ -1889,13 +2705,13 @@
* determine a sufficient buffer size by calling
* #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* where \c key_type and \c key_bits are the type and bit-size
- * respectively of \p key.
+ * respectively of \p handle.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
@@ -1918,7 +2734,7 @@
* \param handle Handle to the key to use for the operation.
* It must be an asymmetric key pair.
* \param alg An asymmetric encryption algorithm that is
- * compatible with the type of \p key.
+ * compatible with the type of \p handle.
* \param[in] input The message to decrypt.
* \param input_length Size of the \p input buffer in bytes.
* \param[in] salt A salt or label, if supported by the
@@ -1945,13 +2761,13 @@
* determine a sufficient buffer size by calling
* #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* where \c key_type and \c key_bits are the type and bit-size
- * respectively of \p key.
+ * respectively of \p handle.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_INVALID_PADDING
* \retval #PSA_ERROR_BAD_STATE
@@ -1971,218 +2787,214 @@
/**@}*/
-/** \defgroup generators Generators
+/** \defgroup key_derivation Key derivation and pseudorandom generation
* @{
*/
-/** The type of the state data structure for generators.
+/** The type of the state data structure for key derivation operations.
*
- * Before calling any function on a generator, the application must
- * initialize it by any of the following means:
+ * Before calling any function on a key derivation operation object, the
+ * application must initialize it by any of the following means:
* - Set the structure to all-bits-zero, for example:
* \code
- * psa_crypto_generator_t generator;
- * memset(&generator, 0, sizeof(generator));
+ * psa_key_derivation_operation_t operation;
+ * memset(&operation, 0, sizeof(operation));
* \endcode
* - Initialize the structure to logical zero values, for example:
* \code
- * psa_crypto_generator_t generator = {0};
+ * psa_key_derivation_operation_t operation = {0};
* \endcode
- * - Initialize the structure to the initializer #PSA_CRYPTO_GENERATOR_INIT,
+ * - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT,
* for example:
* \code
- * psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ * psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
* \endcode
- * - Assign the result of the function psa_crypto_generator_init()
+ * - Assign the result of the function psa_key_derivation_operation_init()
* to the structure, for example:
* \code
- * psa_crypto_generator_t generator;
- * generator = psa_crypto_generator_init();
+ * psa_key_derivation_operation_t operation;
+ * operation = psa_key_derivation_operation_init();
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation.
*/
-typedef struct psa_crypto_generator_s psa_crypto_generator_t;
+typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
-/** \def PSA_CRYPTO_GENERATOR_INIT
+/** \def PSA_KEY_DERIVATION_OPERATION_INIT
*
- * This macro returns a suitable initializer for a generator object
- * of type #psa_crypto_generator_t.
+ * This macro returns a suitable initializer for a key derivation operation
+ * object of type #psa_key_derivation_operation_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
-#define PSA_CRYPTO_GENERATOR_INIT {0}
+#define PSA_KEY_DERIVATION_OPERATION_INIT {0}
#endif
-/** Return an initial value for a generator object.
+/** Return an initial value for a key derivation operation object.
*/
-static psa_crypto_generator_t psa_crypto_generator_init(void);
+static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
-/** Retrieve the current capacity of a generator.
+/** Set up a key derivation operation.
*
- * The capacity of a generator is the maximum number of bytes that it can
- * return. Reading *N* bytes from a generator reduces its capacity by *N*.
+ * A key derivation algorithm takes some inputs and uses them to generate
+ * a byte stream in a deterministic way.
+ * This byte stream can be used to produce keys and other
+ * cryptographic material.
*
- * \param[in] generator The generator to query.
- * \param[out] capacity On success, the capacity of the generator.
+ * To derive a key:
+ * - Start with an initialized object of type #psa_key_derivation_operation_t.
+ * - Call psa_key_derivation_setup() to select the algorithm.
+ * - Provide the inputs for the key derivation by calling
+ * psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
+ * as appropriate. Which inputs are needed, in what order, and whether
+ * they may be keys and if so of what type depends on the algorithm.
+ * - Optionally set the operation's maximum capacity with
+ * psa_key_derivation_set_capacity(). You may do this before, in the middle
+ * of or after providing inputs. For some algorithms, this step is mandatory
+ * because the output depends on the maximum capacity.
+ * - To derive a key, call psa_key_derivation_output_key().
+ * To derive a byte string for a different purpose, call
+ * - psa_key_derivation_output_bytes().
+ * Successive calls to these functions use successive output bytes
+ * calculated by the key derivation algorithm.
+ * - Clean up the key derivation operation object with
+ * psa_key_derivation_abort().
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- */
-psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
- size_t *capacity);
-
-/** Read some data from a generator.
- *
- * This function reads and returns a sequence of bytes from a generator.
- * The data that is read is discarded from the generator. The generator's
- * capacity is decreased by the number of bytes read.
- *
- * \param[in,out] generator The generator object to read from.
- * \param[out] output Buffer where the generator output will be
- * written.
- * \param output_length Number of bytes to output.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_DATA
- * There were fewer than \p output_length bytes
- * in the generator. Note that in this case, no
- * output is written to the output buffer.
- * The generator's capacity is set to 0, thus
- * subsequent calls to this function will not
- * succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_BAD_STATE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- */
-psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
- uint8_t *output,
- size_t output_length);
-
-/** Create a symmetric key from data read from a generator.
- *
- * This function reads a sequence of bytes from a generator and imports
- * these bytes as a key.
- * The data that is read is discarded from the generator. The generator's
- * capacity is decreased by the number of bytes read.
- *
- * This function is equivalent to calling #psa_generator_read and
- * passing the resulting output to #psa_import_key, but
- * if the implementation provides an isolation boundary then
- * the key material is not exposed outside the isolation boundary.
- *
- * \param handle Handle to the slot where the key will be stored.
- * It must have been obtained by calling
- * psa_allocate_key() or psa_create_key() and must
- * not contain key material yet.
- * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
- * This must be a symmetric key type.
- * \param bits Key size in bits.
- * \param[in,out] generator The generator object to read from.
+ * \param[in,out] operation The key derivation operation object
+ * to set up. It must
+ * have been initialized but not set up yet.
+ * \param alg The key derivation algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
*
* \retval #PSA_SUCCESS
* Success.
- * If the key is persistent, the key material and the key's metadata
- * have been saved to persistent storage.
- * \retval #PSA_ERROR_INSUFFICIENT_DATA
- * There were fewer than \p output_length bytes
- * in the generator. Note that in this case, no
- * output is written to the output buffer.
- * The generator's capacity is set to 0, thus
- * subsequent calls to this function will not
- * succeed, even with a smaller output buffer.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c alg is not a key derivation algorithm.
* \retval #PSA_ERROR_NOT_SUPPORTED
- * The key type or key size is not supported, either by the
- * implementation in general or in this particular slot.
- * \retval #PSA_ERROR_BAD_STATE
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * There is already a key in the specified slot.
+ * \c alg is not supported or is not a key derivation algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ */
+psa_status_t psa_key_derivation_setup(
+ psa_key_derivation_operation_t *operation,
+ psa_algorithm_t alg);
+
+/** Retrieve the current capacity of a key derivation operation.
+ *
+ * The capacity of a key derivation is the maximum number of bytes that it can
+ * return. When you get *N* bytes of output from a key derivation operation,
+ * this reduces its capacity by *N*.
+ *
+ * \param[in] operation The operation to query.
+ * \param[out] capacity On success, the capacity of the operation.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ */
+psa_status_t psa_key_derivation_get_capacity(
+ const psa_key_derivation_operation_t *operation,
+ size_t *capacity);
+
+/** Set the maximum capacity of a key derivation operation.
+ *
+ * The capacity of a key derivation operation is the maximum number of bytes
+ * that the key derivation operation can return from this point onwards.
+ *
+ * \param[in,out] operation The key derivation operation object to modify.
+ * \param capacity The new capacity of the operation.
+ * It must be less or equal to the operation's
+ * current capacity.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p capacity is larger than the operation's current capacity.
+ * In this case, the operation object remains valid and its capacity
+ * remains unchanged.
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ */
+psa_status_t psa_key_derivation_set_capacity(
+ psa_key_derivation_operation_t *operation,
+ size_t capacity);
+
+/** Use the maximum possible capacity for a key derivation operation.
+ *
+ * Use this value as the capacity argument when setting up a key derivation
+ * to indicate that the operation should have the maximum possible capacity.
+ * The value of the maximum possible capacity depends on the key derivation
+ * algorithm.
+ */
+#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(-1))
+
+/** Provide an input for key derivation or key agreement.
+ *
+ * Which inputs are required and in what order depends on the algorithm.
+ * Refer to the documentation of each key derivation or key agreement
+ * algorithm for information.
+ *
+ * This function passes direct inputs. Some inputs must be passed as keys
+ * using psa_key_derivation_input_key() instead of this function. Refer to
+ * the documentation of individual step types for information.
+ *
+ * \param[in,out] operation The key derivation operation object to use.
+ * It must have been set up with
+ * psa_key_derivation_setup() and must not
+ * have produced any output yet.
+ * \param step Which step the input data is for.
+ * \param[in] data Input data to use.
+ * \param data_length Size of the \p data buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step is not compatible with the operation's algorithm.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step does not allow direct inputs.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The value of \p step is not valid given the state of \p operation.
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_generator_import_key(psa_key_handle_t handle,
- psa_key_type_t type,
- size_t bits,
- psa_crypto_generator_t *generator);
+psa_status_t psa_key_derivation_input_bytes(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length);
-/** Abort a generator.
+/** Provide an input for key derivation in the form of a key.
*
- * Once a generator has been aborted, its capacity is zero.
- * Aborting a generator frees all associated resources except for the
- * \c generator structure itself.
+ * Which inputs are required and in what order depends on the algorithm.
+ * Refer to the documentation of each key derivation or key agreement
+ * algorithm for information.
*
- * This function may be called at any time as long as the generator
- * object has been initialized to #PSA_CRYPTO_GENERATOR_INIT, to
- * psa_crypto_generator_init() or a zero value. In particular, it is valid
- * to call psa_generator_abort() twice, or to call psa_generator_abort()
- * on a generator that has not been set up.
+ * This function passes key inputs. Some inputs must be passed as keys
+ * of the appropriate type using this function, while others must be
+ * passed as direct inputs using psa_key_derivation_input_bytes(). Refer to
+ * the documentation of individual step types for information.
*
- * Once aborted, the generator object may be called.
- *
- * \param[in,out] generator The generator to abort.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- */
-psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
-
-/** Use the maximum possible capacity for a generator.
- *
- * Use this value as the capacity argument when setting up a generator
- * to indicate that the generator should have the maximum possible capacity.
- * The value of the maximum possible capacity depends on the generator
- * algorithm.
- */
-#define PSA_GENERATOR_UNBRIDLED_CAPACITY ((size_t)(-1))
-
-/**@}*/
-
-/** \defgroup derivation Key derivation
- * @{
- */
-
-/** Set up a key derivation operation.
- *
- * A key derivation algorithm takes three inputs: a secret input \p key and
- * two non-secret inputs \p label and p salt.
- * The result of this function is a byte generator which can
- * be used to produce keys and other cryptographic material.
- *
- * The role of \p label and \p salt is as follows:
- * - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step
- * and \p label is the info string used in the "expand" step.
- *
- * \param[in,out] generator The generator object to set up. It must have
- * been initialized as per the documentation for
- * #psa_crypto_generator_t and not yet in use.
- * \param handle Handle to the secret key.
- * \param alg The key derivation algorithm to compute
- * (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
- * \param[in] salt Salt to use.
- * \param salt_length Size of the \p salt buffer in bytes.
- * \param[in] label Label to use.
- * \param label_length Size of the \p label buffer in bytes.
- * \param capacity The maximum number of bytes that the
- * generator will be able to provide.
+ * \param[in,out] operation The key derivation operation object to use.
+ * It must have been set up with
+ * psa_key_derivation_setup() and must not
+ * have produced any output yet.
+ * \param step Which step the input data is for.
+ * \param handle Handle to the key. It must have an
+ * appropriate type for \p step and must
+ * allow the usage #PSA_KEY_USAGE_DERIVE.
*
* \retval #PSA_SUCCESS
* Success.
@@ -2190,60 +3002,61 @@
* \retval #PSA_ERROR_DOES_NOT_EXIST
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c key is not compatible with \c alg,
- * or \p capacity is too large for the specified algorithm and key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \c alg is not supported or is not a key derivation algorithm.
+ * \c step is not compatible with the operation's algorithm.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step does not allow key inputs.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The value of \p step is not valid given the state of \p operation.
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
- psa_key_handle_t handle,
- psa_algorithm_t alg,
- const uint8_t *salt,
- size_t salt_length,
- const uint8_t *label,
- size_t label_length,
- size_t capacity);
+psa_status_t psa_key_derivation_input_key(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_handle_t handle);
-/** Set up a key agreement operation.
+/** Perform a key agreement and use the shared secret as input to a key
+ * derivation.
*
* A key agreement algorithm takes two inputs: a private key \p private_key
* a public key \p peer_key.
- * The result of this function is a byte generator which can
- * be used to produce keys and other cryptographic material.
+ * The result of this function is passed as input to a key derivation.
+ * The output of this key derivation can be extracted by reading from the
+ * resulting operation to produce keys and other cryptographic material.
*
- * The resulting generator always has the maximum capacity permitted by
- * the algorithm.
- *
- * \param[in,out] generator The generator object to set up. It must have been
- * initialized as per the documentation for
- * #psa_crypto_generator_t and not yet in use.
- * \param private_key Handle to the private key to use.
+ * \param[in,out] operation The key derivation operation object to use.
+ * It must have been set up with
+ * psa_key_derivation_setup() with a
+ * key agreement and derivation algorithm
+ * \c alg (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true
+ * and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg)
+ * is false).
+ * The operation must be ready for an
+ * input of the type given by \p step.
+ * \param step Which step the input data is for.
+ * \param private_key Handle to the private key to use.
* \param[in] peer_key Public key of the peer. The peer key must be in the
* same format that psa_import_key() accepts for the
* public key type corresponding to the type of
- * \p private_key. That is, this function performs the
+ * private_key. That is, this function performs the
* equivalent of
- * `psa_import_key(internal_public_key_handle,
- * PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(private_key_type),
- * peer_key, peer_key_length)` where
- * `private_key_type` is the type of \p private_key.
- * For example, for EC keys, this means that \p
- * peer_key is interpreted as a point on the curve
- * that the private key is associated with. The
- * standard formats for public keys are documented in
- * the documentation of psa_export_public_key().
- * \param peer_key_length Size of \p peer_key in bytes.
- * \param alg The key agreement algorithm to compute
- * (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true).
+ * #psa_import_key(...,
+ * `peer_key`, `peer_key_length`) where
+ * with key attributes indicating the public key
+ * type corresponding to the type of `private_key`.
+ * For example, for EC keys, this means that peer_key
+ * is interpreted as a point on the curve that the
+ * private key is on. The standard formats for public
+ * keys are documented in the documentation of
+ * psa_export_public_key().
+ * \param peer_key_length Size of \p peer_key in bytes.
*
* \retval #PSA_SUCCESS
* Success.
@@ -2259,13 +3072,243 @@
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
-psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
- psa_key_handle_t private_key,
- const uint8_t *peer_key,
- size_t peer_key_length,
- psa_algorithm_t alg);
+psa_status_t psa_key_derivation_key_agreement(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_handle_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length);
+
+/** Read some data from a key derivation operation.
+ *
+ * This function calculates output bytes from a key derivation algorithm and
+ * return those bytes.
+ * If you view the key derivation's output as a stream of bytes, this
+ * function destructively reads the requested number of bytes from the
+ * stream.
+ * The operation's capacity decreases by the number of bytes read.
+ *
+ * \param[in,out] operation The key derivation operation object to read from.
+ * \param[out] output Buffer where the output will be written.
+ * \param output_length Number of bytes to output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
+ * The operation's capacity was less than
+ * \p output_length bytes. Note that in this case,
+ * no output is written to the output buffer.
+ * The operation's capacity is set to 0, thus
+ * subsequent calls to this function will not
+ * succeed, even with a smaller output buffer.
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_key_derivation_output_bytes(
+ psa_key_derivation_operation_t *operation,
+ uint8_t *output,
+ size_t output_length);
+
+/** Derive a key from an ongoing key derivation operation.
+ *
+ * This function calculates output bytes from a key derivation algorithm
+ * and uses those bytes to generate a key deterministically.
+ * If you view the key derivation's output as a stream of bytes, this
+ * function destructively reads as many bytes as required from the
+ * stream.
+ * The operation's capacity decreases by the number of bytes read.
+ *
+ * How much output is produced and consumed from the operation, and how
+ * the key is derived, depends on the key type:
+ *
+ * - For key types for which the key is an arbitrary sequence of bytes
+ * of a given size, this function is functionally equivalent to
+ * calling #psa_key_derivation_output_bytes
+ * and passing the resulting output to #psa_import_key.
+ * However, this function has a security benefit:
+ * if the implementation provides an isolation boundary then
+ * the key material is not exposed outside the isolation boundary.
+ * As a consequence, for these key types, this function always consumes
+ * exactly (\p bits / 8) bytes from the operation.
+ * The following key types defined in this specification follow this scheme:
+ *
+ * - #PSA_KEY_TYPE_AES;
+ * - #PSA_KEY_TYPE_ARC4;
+ * - #PSA_KEY_TYPE_CAMELLIA;
+ * - #PSA_KEY_TYPE_DERIVE;
+ * - #PSA_KEY_TYPE_HMAC.
+ *
+ * - For ECC keys on a Montgomery elliptic curve
+ * (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+ * Montgomery curve), this function always draws a byte string whose
+ * length is determined by the curve, and sets the mandatory bits
+ * accordingly. That is:
+ *
+ * - #PSA_ECC_CURVE_CURVE25519: draw a 32-byte string
+ * and process it as specified in RFC 7748 §5.
+ * - #PSA_ECC_CURVE_CURVE448: draw a 56-byte string
+ * and process it as specified in RFC 7748 §5.
+ *
+ * - For key types for which the key is represented by a single sequence of
+ * \p bits bits with constraints as to which bit sequences are acceptable,
+ * this function draws a byte string of length (\p bits / 8) bytes rounded
+ * up to the nearest whole number of bytes. If the resulting byte string
+ * is acceptable, it becomes the key, otherwise the drawn bytes are discarded.
+ * This process is repeated until an acceptable byte string is drawn.
+ * The byte string drawn from the operation is interpreted as specified
+ * for the output produced by psa_export_key().
+ * The following key types defined in this specification follow this scheme:
+ *
+ * - #PSA_KEY_TYPE_DES.
+ * Force-set the parity bits, but discard forbidden weak keys.
+ * For 2-key and 3-key triple-DES, the three keys are generated
+ * successively (for example, for 3-key triple-DES,
+ * if the first 8 bytes specify a weak key and the next 8 bytes do not,
+ * discard the first 8 bytes, use the next 8 bytes as the first key,
+ * and continue reading output from the operation to derive the other
+ * two keys).
+ * - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEY_PAIR(\c group)
+ * where \c group designates any Diffie-Hellman group) and
+ * ECC keys on a Weierstrass elliptic curve
+ * (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+ * Weierstrass curve).
+ * For these key types, interpret the byte string as integer
+ * in big-endian order. Discard it if it is not in the range
+ * [0, *N* - 2] where *N* is the boundary of the private key domain
+ * (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
+ * or the order of the curve's base point for ECC).
+ * Add 1 to the resulting integer and use this as the private key *x*.
+ * This method allows compliance to NIST standards, specifically
+ * the methods titled "key-pair generation by testing candidates"
+ * in NIST SP 800-56A §5.6.1.1.4 for Diffie-Hellman,
+ * in FIPS 186-4 §B.1.2 for DSA, and
+ * in NIST SP 800-56A §5.6.1.2.2 or
+ * FIPS 186-4 §B.4.2 for elliptic curve keys.
+ *
+ * - For other key types, including #PSA_KEY_TYPE_RSA_KEY_PAIR,
+ * the way in which the operation output is consumed is
+ * implementation-defined.
+ *
+ * In all cases, the data that is read is discarded from the operation.
+ * The operation's capacity is decreased by the number of bytes read.
+ *
+ * \param[in] attributes The attributes for the new key.
+ * \param[in,out] operation The key derivation operation object to read from.
+ * \param[out] handle On success, a handle to the newly created key.
+ * \c 0 on failure.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * If the key is persistent, the key material and the key's metadata
+ * have been saved to persistent storage.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * This is an attempt to create a persistent key, and there is
+ * already a persistent key with the given identifier.
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
+ * There was not enough data to create the desired key.
+ * Note that in this case, no output is written to the output buffer.
+ * The operation's capacity is set to 0, thus subsequent calls to
+ * this function will not succeed, even with a smaller output buffer.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The key type or key size is not supported, either by the
+ * implementation in general or in this particular location.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The provided key attributes are not valid for the operation.
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_key_derivation_output_key(
+ const psa_key_attributes_t *attributes,
+ psa_key_derivation_operation_t *operation,
+ psa_key_handle_t *handle);
+
+/** Abort a key derivation operation.
+ *
+ * Once a key derivation operation has been aborted, its capacity is zero.
+ * Aborting an operation frees all associated resources except for the
+ * \c operation structure itself.
+ *
+ * This function may be called at any time as long as the operation
+ * object has been initialized to #PSA_KEY_DERIVATION_OPERATION_INIT, to
+ * psa_key_derivation_operation_init() or a zero value. In particular,
+ * it is valid to call psa_key_derivation_abort() twice, or to call
+ * psa_key_derivation_abort() on an operation that has not been set up.
+ *
+ * Once aborted, the key derivation operation object may be called.
+ *
+ * \param[in,out] operation The operation to abort.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_key_derivation_abort(
+ psa_key_derivation_operation_t *operation);
+
+/** Perform a key agreement and return the raw shared secret.
+ *
+ * \warning The raw result of a key agreement algorithm such as finite-field
+ * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
+ * not be used directly as key material. It should instead be passed as
+ * input to a key derivation algorithm. To chain a key agreement with
+ * a key derivation, use psa_key_derivation_key_agreement() and other
+ * functions from the key derivation interface.
+ *
+ * \param alg The key agreement algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg)
+ * is true).
+ * \param private_key Handle to the private key to use.
+ * \param[in] peer_key Public key of the peer. It must be
+ * in the same format that psa_import_key()
+ * accepts. The standard formats for public
+ * keys are documented in the documentation
+ * of psa_export_public_key().
+ * \param peer_key_length Size of \p peer_key in bytes.
+ * \param[out] output Buffer where the decrypted message is to
+ * be written.
+ * \param output_size Size of the \c output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p alg is not a key agreement algorithm
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p private_key is not compatible with \p alg,
+ * or \p peer_key is not valid for \p alg or not compatible with
+ * \p private_key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not a supported key agreement algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
+ psa_key_handle_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
/**@}*/
@@ -2290,7 +3333,7 @@
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -2299,73 +3342,44 @@
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size);
-/** Extra parameters for RSA key generation.
- *
- * You may pass a pointer to a structure of this type as the \c extra
- * parameter to psa_generate_key().
- */
-typedef struct {
- uint32_t e; /**< Public exponent value. Default: 65537. */
-} psa_generate_key_extra_rsa;
-
/**
* \brief Generate a key or key pair.
*
- * \param handle Handle to the slot where the key will be stored.
- * It must have been obtained by calling
- * psa_allocate_key() or psa_create_key() and must
- * not contain key material yet.
- * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
- * \param bits Key size in bits.
- * \param[in] extra Extra parameters for key generation. The
- * interpretation of this parameter depends on
- * \p type. All types support \c NULL to use
- * default parameters. Implementation that support
- * the generation of vendor-specific key types
- * that allow extra parameters shall document
- * the format of these extra parameters and
- * the default values. For standard parameters,
- * the meaning of \p extra is as follows:
- * - For a symmetric key type (a type such
- * that #PSA_KEY_TYPE_IS_ASYMMETRIC(\p type) is
- * false), \p extra must be \c NULL.
- * - For an elliptic curve key type (a type
- * such that #PSA_KEY_TYPE_IS_ECC(\p type) is
- * false), \p extra must be \c NULL.
- * - For an RSA key (\p type is
- * #PSA_KEY_TYPE_RSA_KEYPAIR), \p extra is an
- * optional #psa_generate_key_extra_rsa structure
- * specifying the public exponent. The
- * default public exponent used when \p extra
- * is \c NULL is 65537.
- * \param extra_size Size of the buffer that \p extra
- * points to, in bytes. Note that if \p extra is
- * \c NULL then \p extra_size must be zero.
+ * The key is generated randomly.
+ * Its location, policy, type and size are taken from \p attributes.
+ *
+ * The following type-specific considerations apply:
+ * - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),
+ * the public exponent is 65537.
+ * The modulus is a product of two probabilistic primes
+ * between 2^{n-1} and 2^n where n is the bit size specified in the
+ * attributes.
+ *
+ * \param[in] attributes The attributes for the new key.
+ * \param[out] handle On success, a handle to the newly created key.
+ * \c 0 on failure.
*
* \retval #PSA_SUCCESS
* Success.
* If the key is persistent, the key material and the key's metadata
* have been saved to persistent storage.
- * \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_ALREADY_EXISTS
- * There is already a key in the specified slot.
+ * This is an attempt to create a persistent key, and there is
+ * already a persistent key with the given identifier.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_generate_key(psa_key_handle_t handle,
- psa_key_type_t type,
- size_t bits,
- const void *extra,
- size_t extra_size);
+psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
+ psa_key_handle_t *handle);
/**@}*/
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 35eee11..636c881 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -62,21 +62,19 @@
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA )
#endif
-/** \addtogroup policy
+/** \addtogroup attributes
* @{
*/
-/** \brief Set the enrollment algorithm in a key policy.
+/** \brief Declare the enrollment algorithm for a key.
*
* An operation on a key may indifferently use the algorithm set with
- * psa_key_policy_set_usage() or with this function.
+ * psa_set_key_algorithm() or with this function.
*
- * \param[in,out] policy The key policy to modify. It must have been
- * initialized as per the documentation for
- * #psa_key_policy_t.
- * \param alg2 A second algorithm that the key may be used for,
- * in addition to the algorithm set with
- * psa_key_policy_set_usage().
+ * \param[out] attributes The attribute structure to write to.
+ * \param alg2 A second algorithm that the key may be used
+ * for, in addition to the algorithm set with
+ * psa_set_key_algorithm().
*
* \warning Setting an enrollment algorithm is not recommended, because
* using the same key with different algorithms can allow some
@@ -87,17 +85,135 @@
* verified that the usage of the key with multiple algorithms
* is safe.
*/
-void psa_key_policy_set_enrollment_algorithm(psa_key_policy_t *policy,
- psa_algorithm_t alg2);
+static inline void psa_set_key_enrollment_algorithm(
+ psa_key_attributes_t *attributes,
+ psa_algorithm_t alg2)
+{
+ attributes->core.policy.alg2 = alg2;
+}
-/** \brief Retrieve the enrollment algorithm field of a policy structure.
+/** Retrieve the enrollment algorithm policy from key attributes.
*
- * \param[in] policy The policy object to query.
+ * \param[in] attributes The key attribute structure to query.
*
- * \return The enrollment algorithm for a key with this policy.
+ * \return The enrollment algorithm stored in the attribute structure.
*/
-psa_algorithm_t psa_key_policy_get_enrollment_algorithm(
- const psa_key_policy_t *policy);
+static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
+ const psa_key_attributes_t *attributes)
+{
+ return( attributes->core.policy.alg2 );
+}
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+
+/** Retrieve the slot number where a key is stored.
+ *
+ * A slot number is only defined for keys that are stored in a secure
+ * element.
+ *
+ * This information is only useful if the secure element is not entirely
+ * managed through the PSA Cryptography API. It is up to the secure
+ * element driver to decide how PSA slot numbers map to any other interface
+ * that the secure element may have.
+ *
+ * \param[in] attributes The key attribute structure to query.
+ * \param[out] slot_number On success, the slot number containing the key.
+ *
+ * \retval #PSA_SUCCESS
+ * The key is located in a secure element, and \p *slot_number
+ * indicates the slot number that contains it.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The caller is not permitted to query the slot number.
+ * Mbed Crypto currently does not return this error.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The key is not located in a secure element.
+ */
+psa_status_t psa_get_key_slot_number(
+ const psa_key_attributes_t *attributes,
+ psa_key_slot_number_t *slot_number );
+
+/** Choose the slot number where a key is stored.
+ *
+ * This function declares a slot number in the specified attribute
+ * structure.
+ *
+ * A slot number is only meaningful for keys that are stored in a secure
+ * element. It is up to the secure element driver to decide how PSA slot
+ * numbers map to any other interface that the secure element may have.
+ *
+ * \note Setting a slot number in key attributes for a key creation can
+ * cause the following errors when creating the key:
+ * - #PSA_ERROR_NOT_SUPPORTED if the selected secure element does
+ * not support choosing a specific slot number.
+ * - #PSA_ERROR_NOT_PERMITTED if the caller is not permitted to
+ * choose slot numbers in general or to choose this specific slot.
+ * - #PSA_ERROR_INVALID_ARGUMENT if the chosen slot number is not
+ * valid in general or not valid for this specific key.
+ * - #PSA_ERROR_ALREADY_EXISTS if there is already a key in the
+ * selected slot.
+ *
+ * \param[out] attributes The attribute structure to write to.
+ * \param slot_number The slot number to set.
+ */
+static inline void psa_set_key_slot_number(
+ psa_key_attributes_t *attributes,
+ psa_key_slot_number_t slot_number )
+{
+ attributes->core.flags |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+ attributes->slot_number = slot_number;
+}
+
+/** Remove the slot number attribute from a key attribute structure.
+ *
+ * This function undoes the action of psa_set_key_slot_number().
+ *
+ * \param[out] attributes The attribute structure to write to.
+ */
+static inline void psa_clear_key_slot_number(
+ psa_key_attributes_t *attributes )
+{
+ attributes->core.flags &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+}
+
+/** Register a key that is already present in a secure element.
+ *
+ * The key must be located in a secure element designated by the
+ * lifetime field in \p attributes, in the slot set with
+ * psa_set_key_slot_number() in the attribute structure.
+ * This function makes the key available through the key identifier
+ * specified in \p attributes.
+ *
+ * \param[in] attributes The attributes of the existing key.
+ *
+ * \retval #PSA_SUCCESS
+ * The key was successfully registered.
+ * Note that depending on the design of the driver, this may or may
+ * not guarantee that a key actually exists in the designated slot
+ * and is compatible with the specified attributes.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * There is already a key with the identifier specified in
+ * \p attributes.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p attributes specifies a lifetime which is not located
+ * in a secure element.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * No slot number is specified in \p attributes,
+ * or the specified slot number is not valid.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The caller is not authorized to register the specified key slot.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t mbedtls_psa_register_se_key(
+ const psa_key_attributes_t *attributes);
+
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
/**@}*/
@@ -111,6 +227,43 @@
*/
void mbedtls_psa_crypto_free( void );
+/** \brief Statistics about
+ * resource consumption related to the PSA keystore.
+ *
+ * \note The content of this structure is not part of the stable API and ABI
+ * of Mbed Crypto and may change arbitrarily from version to version.
+ */
+typedef struct mbedtls_psa_stats_s
+{
+ /** Number of slots containing key material for a volatile key. */
+ size_t volatile_slots;
+ /** Number of slots containing key material for a key which is in
+ * internal persistent storage. */
+ size_t persistent_slots;
+ /** Number of slots containing a reference to a key in a
+ * secure element. */
+ size_t external_slots;
+ /** Number of slots which are occupied, but do not contain
+ * key material yet. */
+ size_t half_filled_slots;
+ /** Number of slots that contain cache data. */
+ size_t cache_slots;
+ /** Number of slots that are not used for anything. */
+ size_t empty_slots;
+ /** Largest key id value among open keys in internal persistent storage. */
+ psa_app_key_id_t max_open_internal_key_id;
+ /** Largest key id value among open keys in secure elements. */
+ psa_app_key_id_t max_open_external_key_id;
+} mbedtls_psa_stats_t;
+
+/** \brief Get statistics about
+ * resource consumption related to the PSA keystore.
+ *
+ * \note When Mbed Crypto is built as part of a service, with isolation
+ * between the application and the keystore, the service may or
+ * may not expose this function.
+ */
+void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
/**
* \brief Inject an initial entropy seed for the random generator into
@@ -179,9 +332,249 @@
* The library has already been initialized. It is no longer
* possible to call this function.
*/
-psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed,
+psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
size_t seed_size);
+/** \addtogroup crypto_types
+ * @{
+ */
+
+/** DSA public key.
+ *
+ * The import and export format is the
+ * representation of the public key `y = g^x mod p` as a big-endian byte
+ * string. The length of the byte string is the length of the base prime `p`
+ * in bytes.
+ */
+#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000)
+
+/** DSA key pair (private and public key).
+ *
+ * The import and export format is the
+ * representation of the private key `x` as a big-endian byte string. The
+ * length of the byte string is the private key size in bytes (leading zeroes
+ * are not stripped).
+ *
+ * Determinstic DSA key derivation with psa_generate_derived_key follows
+ * FIPS 186-4 §B.1.2: interpret the byte string as integer
+ * in big-endian order. Discard it if it is not in the range
+ * [0, *N* - 2] where *N* is the boundary of the private key domain
+ * (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
+ * or the order of the curve's base point for ECC).
+ * Add 1 to the resulting integer and use this as the private key *x*.
+ *
+ */
+#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x70020000)
+
+/** Whether a key type is an DSA key (pair or public-only). */
+#define PSA_KEY_TYPE_IS_DSA(type) \
+ (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
+
+#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x10040000)
+/** DSA signature with hashing.
+ *
+ * This is the signature scheme defined by FIPS 186-4,
+ * with a random per-message secret number (*k*).
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ * This includes #PSA_ALG_ANY_HASH
+ * when specifying the algorithm in a usage policy.
+ *
+ * \return The corresponding DSA signature algorithm.
+ * \return Unspecified if \p hash_alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_DSA(hash_alg) \
+ (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x10050000)
+#define PSA_ALG_DSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00010000)
+/** Deterministic DSA signature with hashing.
+ *
+ * This is the deterministic variant defined by RFC 6979 of
+ * the signature scheme defined by FIPS 186-4.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ * This includes #PSA_ALG_ANY_HASH
+ * when specifying the algorithm in a usage policy.
+ *
+ * \return The corresponding DSA signature algorithm.
+ * \return Unspecified if \p hash_alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
+ (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_IS_DSA(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
+ PSA_ALG_DSA_BASE)
+#define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
+ (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
+#define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
+ (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
+#define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
+ (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
+
+
+/* We need to expand the sample definition of this macro from
+ * the API definition. */
+#undef PSA_ALG_IS_HASH_AND_SIGN
+#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
+ (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
+ PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg))
+
+/**@}*/
+
+/** \addtogroup attributes
+ * @{
+ */
+
+/** Custom Diffie-Hellman group.
+ *
+ * For keys of type #PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_GROUP_CUSTOM) or
+ * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_GROUP_CUSTOM), the group data comes
+ * from domain parameters set by psa_set_key_domain_parameters().
+ */
+/* This value is reserved for private use in the TLS named group registry. */
+#define PSA_DH_GROUP_CUSTOM ((psa_dh_group_t) 0x01fc)
+
+
+/**
+ * \brief Set domain parameters for a key.
+ *
+ * Some key types require additional domain parameters in addition to
+ * the key type identifier and the key size. Use this function instead
+ * of psa_set_key_type() when you need to specify domain parameters.
+ *
+ * The format for the required domain parameters varies based on the key type.
+ *
+ * - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR),
+ * the domain parameter data consists of the public exponent,
+ * represented as a big-endian integer with no leading zeros.
+ * This information is used when generating an RSA key pair.
+ * When importing a key, the public exponent is read from the imported
+ * key data and the exponent recorded in the attribute structure is ignored.
+ * As an exception, the public exponent 65537 is represented by an empty
+ * byte string.
+ * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
+ * the `Dss-Parms` format as defined by RFC 3279 §2.3.2.
+ * ```
+ * Dss-Parms ::= SEQUENCE {
+ * p INTEGER,
+ * q INTEGER,
+ * g INTEGER
+ * }
+ * ```
+ * - For Diffie-Hellman key exchange keys
+ * (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_GROUP_CUSTOM) or
+ * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_GROUP_CUSTOM)), the
+ * `DomainParameters` format as defined by RFC 3279 §2.3.3.
+ * ```
+ * DomainParameters ::= SEQUENCE {
+ * p INTEGER, -- odd prime, p=jq +1
+ * g INTEGER, -- generator, g
+ * q INTEGER, -- factor of p-1
+ * j INTEGER OPTIONAL, -- subgroup factor
+ * validationParms ValidationParms OPTIONAL
+ * }
+ * ValidationParms ::= SEQUENCE {
+ * seed BIT STRING,
+ * pgenCounter INTEGER
+ * }
+ * ```
+ *
+ * \note This function may allocate memory or other resources.
+ * Once you have called this function on an attribute structure,
+ * you must call psa_reset_key_attributes() to free these resources.
+ *
+ * \note This is an experimental extension to the interface. It may change
+ * in future versions of the library.
+ *
+ * \param[in,out] attributes Attribute structure where the specified domain
+ * parameters will be stored.
+ * If this function fails, the content of
+ * \p attributes is not modified.
+ * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
+ * \param[in] data Buffer containing the key domain parameters.
+ * The content of this buffer is interpreted
+ * according to \p type as described above.
+ * \param data_length Size of the \p data buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+ psa_key_type_t type,
+ const uint8_t *data,
+ size_t data_length);
+
+/**
+ * \brief Get domain parameters for a key.
+ *
+ * Get the domain parameters for a key with this function, if any. The format
+ * of the domain parameters written to \p data is specified in the
+ * documentation for psa_set_key_domain_parameters().
+ *
+ * \note This is an experimental extension to the interface. It may change
+ * in future versions of the library.
+ *
+ * \param[in] attributes The key attribute structure to query.
+ * \param[out] data On success, the key domain parameters.
+ * \param data_size Size of the \p data buffer in bytes.
+ * The buffer is guaranteed to be large
+ * enough if its size in bytes is at least
+ * the value given by
+ * PSA_KEY_DOMAIN_PARAMETERS_SIZE().
+ * \param[out] data_length On success, the number of bytes
+ * that make up the key domain parameters data.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ */
+psa_status_t psa_get_key_domain_parameters(
+ const psa_key_attributes_t *attributes,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length);
+
+/** Safe output buffer size for psa_get_key_domain_parameters().
+ *
+ * This macro returns a compile-time constant if its arguments are
+ * compile-time constants.
+ *
+ * \warning This function may call its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * \note This is an experimental extension to the interface. It may change
+ * in future versions of the library.
+ *
+ * \param key_type A supported key type.
+ * \param key_bits The size of the key in bits.
+ *
+ * \return If the parameters are valid and supported, return
+ * a buffer size in bytes that guarantees that
+ * psa_get_key_domain_parameters() will not fail with
+ * #PSA_ERROR_BUFFER_TOO_SMALL.
+ * If the parameters are a valid combination that is not supported
+ * by the implementation, this macro shall return either a
+ * sensible size or 0.
+ * If the parameters are not valid, the
+ * return value is unspecified.
+ */
+#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
+ (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
+ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
+ PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
+ 0)
+#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
+ (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
+#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
+ (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
+
+/**@}*/
#ifdef __cplusplus
}
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index 8a9c401..d85a719 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -38,7 +38,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "../mbedtls/config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -89,6 +89,7 @@
* `psa_key_file_id_t` argument. As a workaround, make `psa_key_id_t` an
* alias for `psa_key_file_id_t` when building for a multi-client service. */
typedef psa_key_file_id_t psa_key_id_t;
+#define PSA_KEY_ID_INIT {0, 0}
#else /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index 5fb7bc3..a43e0db 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -8,11 +8,11 @@
* space in which the PSA Crypto implementation runs, typically secure
* elements (SEs).
*
- * This file is part of the PSA Crypto Driver Model, containing functions for
- * driver developers to implement to enable hardware to be called in a
- * standardized way by a PSA Cryptographic API implementation. The functions
- * comprising the driver model, which driver authors implement, are not
- * intended to be called by application developers.
+ * This file is part of the PSA Crypto Driver HAL (hardware abstraction layer),
+ * containing functions for driver developers to implement to enable hardware
+ * to be called in a standardized way by a PSA Cryptography API
+ * implementation. The functions comprising the driver HAL, which driver
+ * authors implement, are not intended to be called by application developers.
*/
/*
@@ -40,10 +40,113 @@
extern "C" {
#endif
+/** \defgroup se_init Secure element driver initialization
+ */
+/**@{*/
+
+/** \brief Driver context structure
+ *
+ * Driver functions receive a pointer to this structure.
+ * Each registered driver has one instance of this structure.
+ *
+ * Implementations must include the fields specified here and
+ * may include other fields.
+ */
+typedef struct {
+ /** A read-only pointer to the driver's persistent data.
+ *
+ * Drivers typically use this persistent data to keep track of
+ * which slot numbers are available. This is only a guideline:
+ * drivers may use the persistent data for any purpose, keeping
+ * in mind the restrictions on when the persistent data is saved
+ * to storage: the persistent data is only saved after calling
+ * certain functions that receive a writable pointer to the
+ * persistent data.
+ *
+ * The core allocates a memory buffer for the persistent data.
+ * The pointer is guaranteed to be suitably aligned for any data type,
+ * like a pointer returned by `malloc` (but the core can use any
+ * method to allocate the buffer, not necessarily `malloc`).
+ *
+ * The size of this buffer is in the \c persistent_data_size field of
+ * this structure.
+ *
+ * Before the driver is initialized for the first time, the content of
+ * the persistent data is all-bits-zero. After a driver upgrade, if the
+ * size of the persistent data has increased, the original data is padded
+ * on the right with zeros; if the size has decreased, the original data
+ * is truncated to the new size.
+ *
+ * This pointer is to read-only data. Only a few driver functions are
+ * allowed to modify the persistent data. These functions receive a
+ * writable pointer. These functions are:
+ * - psa_drv_se_t::p_init
+ * - psa_drv_se_key_management_t::p_allocate
+ * - psa_drv_se_key_management_t::p_destroy
+ *
+ * The PSA Cryptography core saves the persistent data from one
+ * session to the next. It does this before returning from API functions
+ * that call a driver method that is allowed to modify the persistent
+ * data, specifically:
+ * - psa_crypto_init() causes a call to psa_drv_se_t::p_init, and may call
+ * psa_drv_se_key_management_t::p_destroy to complete an action
+ * that was interrupted by a power failure.
+ * - Key creation functions cause a call to
+ * psa_drv_se_key_management_t::p_allocate, and may cause a call to
+ * psa_drv_se_key_management_t::p_destroy in case an error occurs.
+ * - psa_destroy_key() causes a call to
+ * psa_drv_se_key_management_t::p_destroy.
+ */
+ const void *const persistent_data;
+
+ /** The size of \c persistent_data in bytes.
+ *
+ * This is always equal to the value of the `persistent_data_size` field
+ * of the ::psa_drv_se_t structure when the driver is registered.
+ */
+ const size_t persistent_data_size;
+
+ /** Driver transient data.
+ *
+ * The core initializes this value to 0 and does not read or modify it
+ * afterwards. The driver may store whatever it wants in this field.
+ */
+ uintptr_t transient_data;
+} psa_drv_se_context_t;
+
+/** \brief A driver initialization function.
+ *
+ * \param[in,out] drv_context The driver context structure.
+ * \param[in,out] persistent_data A pointer to the persistent data
+ * that allows writing.
+ * \param lifetime The lifetime value for which this driver
+ * is registered.
+ *
+ * \retval #PSA_SUCCESS
+ * The driver is operational.
+ * The core will update the persistent data in storage.
+ * \return
+ * Any other return value prevents the driver from being used in
+ * this session.
+ * The core will NOT update the persistent data in storage.
+ */
+typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context,
+ void *persistent_data,
+ psa_key_lifetime_t lifetime);
+
+#if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)
+/* Mbed Crypto with secure element support enabled defines this type in
+ * crypto_types.h because it is also visible to applications through an
+ * implementation-specific extension.
+ * For the PSA Cryptography specification, this type is only visible
+ * via crypto_se_driver.h. */
/** An internal designation of a key slot between the core part of the
* PSA Crypto implementation and the driver. The meaning of this value
* is driver-dependent. */
-typedef uint32_t psa_key_slot_number_t; // Change this to psa_key_slot_t after psa_key_slot_t is removed from Mbed crypto
+typedef uint64_t psa_key_slot_number_t;
+#endif /* __DOXYGEN_ONLY__ || !MBEDTLS_PSA_CRYPTO_SE_C */
+
+/**@}*/
/** \defgroup se_mac Secure Element Message Authentication Codes
* Generation and authentication of Message Authentication Codes (MACs) using
@@ -65,7 +168,8 @@
/** \brief A function that starts a secure element MAC operation for a PSA
* Crypto Driver implementation
*
- * \param[in,out] p_context A structure that will contain the
+ * \param[in,out] drv_context The driver context structure.
+ * \param[in,out] op_context A structure that will contain the
* hardware-specific MAC context
* \param[in] key_slot The slot of the key to be used for the
* operation
@@ -75,28 +179,29 @@
* \retval PSA_SUCCESS
* Success.
*/
-typedef psa_status_t (*psa_drv_se_mac_setup_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_mac_setup_t)(psa_drv_se_context_t *drv_context,
+ void *op_context,
psa_key_slot_number_t key_slot,
psa_algorithm_t algorithm);
/** \brief A function that continues a previously started secure element MAC
* operation
*
- * \param[in,out] p_context A hardware-specific structure for the
+ * \param[in,out] op_context A hardware-specific structure for the
* previously-established MAC operation to be
* updated
* \param[in] p_input A buffer containing the message to be appended
* to the MAC operation
- * \param[in] input_length The size in bytes of the input message buffer
+ * \param[in] input_length The size in bytes of the input message buffer
*/
-typedef psa_status_t (*psa_drv_se_mac_update_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_mac_update_t)(void *op_context,
const uint8_t *p_input,
size_t input_length);
/** \brief a function that completes a previously started secure element MAC
* operation by returning the resulting MAC.
*
- * \param[in,out] p_context A hardware-specific structure for the
+ * \param[in,out] op_context A hardware-specific structure for the
* previously started MAC operation to be
* finished
* \param[out] p_mac A buffer where the generated MAC will be
@@ -109,7 +214,7 @@
* \retval PSA_SUCCESS
* Success.
*/
-typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context,
uint8_t *p_mac,
size_t mac_size,
size_t *p_mac_length);
@@ -117,11 +222,11 @@
/** \brief A function that completes a previously started secure element MAC
* operation by comparing the resulting MAC against a provided value
*
- * \param[in,out] p_context A hardware-specific structure for the previously
- * started MAC operation to be fiinished
- * \param[in] p_mac The MAC value against which the resulting MAC will
- * be compared against
- * \param[in] mac_length The size in bytes of the value stored in `p_mac`
+ * \param[in,out] op_context A hardware-specific structure for the previously
+ * started MAC operation to be fiinished
+ * \param[in] p_mac The MAC value against which the resulting MAC
+ * will be compared against
+ * \param[in] mac_length The size in bytes of the value stored in `p_mac`
*
* \retval PSA_SUCCESS
* The operation completed successfully and the MACs matched each
@@ -130,21 +235,22 @@
* The operation completed successfully, but the calculated MAC did
* not match the provided MAC
*/
-typedef psa_status_t (*psa_drv_se_mac_finish_verify_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_mac_finish_verify_t)(void *op_context,
const uint8_t *p_mac,
size_t mac_length);
/** \brief A function that aborts a previous started secure element MAC
* operation
*
- * \param[in,out] p_context A hardware-specific structure for the previously
- * started MAC operation to be aborted
+ * \param[in,out] op_context A hardware-specific structure for the previously
+ * started MAC operation to be aborted
*/
-typedef psa_status_t (*psa_drv_se_mac_abort_t)(void *p_context);
+typedef psa_status_t (*psa_drv_se_mac_abort_t)(void *op_context);
/** \brief A function that performs a secure element MAC operation in one
* command and returns the calculated MAC
*
+ * \param[in,out] drv_context The driver context structure.
* \param[in] p_input A buffer containing the message to be MACed
* \param[in] input_length The size in bytes of `p_input`
* \param[in] key_slot The slot of the key to be used
@@ -159,7 +265,8 @@
* \retval PSA_SUCCESS
* Success.
*/
-typedef psa_status_t (*psa_drv_se_mac_generate_t)(const uint8_t *p_input,
+typedef psa_status_t (*psa_drv_se_mac_generate_t)(psa_drv_se_context_t *drv_context,
+ const uint8_t *p_input,
size_t input_length,
psa_key_slot_number_t key_slot,
psa_algorithm_t alg,
@@ -170,6 +277,7 @@
/** \brief A function that performs a secure element MAC operation in one
* command and compares the resulting MAC against a provided value
*
+ * \param[in,out] drv_context The driver context structure.
* \param[in] p_input A buffer containing the message to be MACed
* \param[in] input_length The size in bytes of `input`
* \param[in] key_slot The slot of the key to be used
@@ -186,7 +294,8 @@
* The operation completed successfully, but the calculated MAC did
* not match the provided MAC
*/
-typedef psa_status_t (*psa_drv_se_mac_verify_t)(const uint8_t *p_input,
+typedef psa_status_t (*psa_drv_se_mac_verify_t)(psa_drv_se_context_t *drv_context,
+ const uint8_t *p_input,
size_t input_length,
psa_key_slot_number_t key_slot,
psa_algorithm_t alg,
@@ -263,7 +372,8 @@
/** \brief A function that provides the cipher setup function for a
* secure element driver
*
- * \param[in,out] p_context A structure that will contain the
+ * \param[in,out] drv_context The driver context structure.
+ * \param[in,out] op_context A structure that will contain the
* hardware-specific cipher context.
* \param[in] key_slot The slot of the key to be used for the
* operation
@@ -275,7 +385,8 @@
* \retval PSA_SUCCESS
* \retval PSA_ERROR_NOT_SUPPORTED
*/
-typedef psa_status_t (*psa_drv_se_cipher_setup_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_context,
+ void *op_context,
psa_key_slot_number_t key_slot,
psa_algorithm_t algorithm,
psa_encrypt_or_decrypt_t direction);
@@ -288,21 +399,21 @@
* generate function is not necessary for the drivers to implement as the PSA
* Crypto implementation can do the generation using its RNG features.
*
- * \param[in,out] p_context A structure that contains the previously set up
+ * \param[in,out] op_context A structure that contains the previously set up
* hardware-specific cipher context
* \param[in] p_iv A buffer containing the initialization vector
* \param[in] iv_length The size (in bytes) of the `p_iv` buffer
*
* \retval PSA_SUCCESS
*/
-typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context,
const uint8_t *p_iv,
size_t iv_length);
/** \brief A function that continues a previously started secure element cipher
* operation
*
- * \param[in,out] p_context A hardware-specific structure for the
+ * \param[in,out] op_context A hardware-specific structure for the
* previously started cipher operation
* \param[in] p_input A buffer containing the data to be
* encrypted/decrypted
@@ -317,7 +428,7 @@
*
* \retval PSA_SUCCESS
*/
-typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context,
const uint8_t *p_input,
size_t input_size,
uint8_t *p_output,
@@ -327,7 +438,7 @@
/** \brief A function that completes a previously started secure element cipher
* operation
*
- * \param[in,out] p_context A hardware-specific structure for the
+ * \param[in,out] op_context A hardware-specific structure for the
* previously started cipher operation
* \param[out] p_output The caller-allocated buffer where the output
* will be placed
@@ -338,7 +449,7 @@
*
* \retval PSA_SUCCESS
*/
-typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *op_context,
uint8_t *p_output,
size_t output_size,
size_t *p_output_length);
@@ -346,10 +457,10 @@
/** \brief A function that aborts a previously started secure element cipher
* operation
*
- * \param[in,out] p_context A hardware-specific structure for the
+ * \param[in,out] op_context A hardware-specific structure for the
* previously started cipher operation
*/
-typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *p_context);
+typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *op_context);
/** \brief A function that performs the ECB block mode for secure element
* cipher operations
@@ -357,23 +468,25 @@
* Note: this function should only be used with implementations that do not
* provide a needed higher-level operation.
*
- * \param[in] key_slot The slot of the key to be used for the operation
- * \param[in] algorithm The algorithm to be used in the cipher operation
- * \param[in] direction Indicates whether the operation is an encrypt or
- * decrypt
- * \param[in] p_input A buffer containing the data to be
- * encrypted/decrypted
- * \param[in] input_size The size in bytes of the buffer pointed to by
- * `p_input`
- * \param[out] p_output The caller-allocated buffer where the output will
- * be placed
- * \param[in] output_size The allocated size in bytes of the `p_output`
- * buffer
+ * \param[in,out] drv_context The driver context structure.
+ * \param[in] key_slot The slot of the key to be used for the operation
+ * \param[in] algorithm The algorithm to be used in the cipher operation
+ * \param[in] direction Indicates whether the operation is an encrypt or
+ * decrypt
+ * \param[in] p_input A buffer containing the data to be
+ * encrypted/decrypted
+ * \param[in] input_size The size in bytes of the buffer pointed to by
+ * `p_input`
+ * \param[out] p_output The caller-allocated buffer where the output
+ * will be placed
+ * \param[in] output_size The allocated size in bytes of the `p_output`
+ * buffer
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_NOT_SUPPORTED
*/
-typedef psa_status_t (*psa_drv_se_cipher_ecb_t)(psa_key_slot_number_t key_slot,
+typedef psa_status_t (*psa_drv_se_cipher_ecb_t)(psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
psa_algorithm_t algorithm,
psa_encrypt_or_decrypt_t direction,
const uint8_t *p_input,
@@ -427,6 +540,7 @@
* \brief A function that signs a hash or short message with a private key in
* a secure element
*
+ * \param[in,out] drv_context The driver context structure.
* \param[in] key_slot Key slot of an asymmetric key pair
* \param[in] alg A signature algorithm that is compatible
* with the type of `key`
@@ -439,7 +553,8 @@
*
* \retval PSA_SUCCESS
*/
-typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_key_slot_number_t key_slot,
+typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
psa_algorithm_t alg,
const uint8_t *p_hash,
size_t hash_length,
@@ -451,6 +566,7 @@
* \brief A function that verifies the signature a hash or short message using
* an asymmetric public key in a secure element
*
+ * \param[in,out] drv_context The driver context structure.
* \param[in] key_slot Key slot of a public key or an asymmetric key
* pair
* \param[in] alg A signature algorithm that is compatible with
@@ -463,7 +579,8 @@
* \retval PSA_SUCCESS
* The signature is valid.
*/
-typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_key_slot_number_t key_slot,
+typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
psa_algorithm_t alg,
const uint8_t *p_hash,
size_t hash_length,
@@ -474,6 +591,7 @@
* \brief A function that encrypts a short message with an asymmetric public
* key in a secure element
*
+ * \param[in,out] drv_context The driver context structure.
* \param[in] key_slot Key slot of a public key or an asymmetric key
* pair
* \param[in] alg An asymmetric encryption algorithm that is
@@ -499,7 +617,8 @@
*
* \retval PSA_SUCCESS
*/
-typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_key_slot_number_t key_slot,
+typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
psa_algorithm_t alg,
const uint8_t *p_input,
size_t input_length,
@@ -513,6 +632,7 @@
* \brief A function that decrypts a short message with an asymmetric private
* key in a secure element.
*
+ * \param[in,out] drv_context The driver context structure.
* \param[in] key_slot Key slot of an asymmetric key pair
* \param[in] alg An asymmetric encryption algorithm that is
* compatible with the type of `key`
@@ -537,7 +657,8 @@
*
* \retval PSA_SUCCESS
*/
-typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_key_slot_number_t key_slot,
+typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
psa_algorithm_t alg,
const uint8_t *p_input,
size_t input_length,
@@ -581,6 +702,7 @@
/** \brief A function that performs a secure element authenticated encryption
* operation
*
+ * \param[in,out] drv_context The driver context structure.
* \param[in] key_slot Slot containing the key to use.
* \param[in] algorithm The AEAD algorithm to compute
* (\c PSA_ALG_XXX value such that
@@ -608,7 +730,8 @@
* \retval #PSA_SUCCESS
* Success.
*/
-typedef psa_status_t (*psa_drv_se_aead_encrypt_t)(psa_key_slot_number_t key_slot,
+typedef psa_status_t (*psa_drv_se_aead_encrypt_t)(psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
psa_algorithm_t algorithm,
const uint8_t *p_nonce,
size_t nonce_length,
@@ -622,6 +745,7 @@
/** A function that peforms a secure element authenticated decryption operation
*
+ * \param[in,out] drv_context The driver context structure.
* \param[in] key_slot Slot containing the key to use
* \param[in] algorithm The AEAD algorithm to compute
* (\c PSA_ALG_XXX value such that
@@ -648,7 +772,8 @@
* \retval #PSA_SUCCESS
* Success.
*/
-typedef psa_status_t (*psa_drv_se_aead_decrypt_t)(psa_key_slot_number_t key_slot,
+typedef psa_status_t (*psa_drv_se_aead_decrypt_t)(psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
psa_algorithm_t algorithm,
const uint8_t *p_nonce,
size_t nonce_length,
@@ -685,31 +810,182 @@
*/
/**@{*/
+/** An enumeration indicating how a key is created.
+ */
+typedef enum
+{
+ PSA_KEY_CREATION_IMPORT, /**< During psa_import_key() */
+ PSA_KEY_CREATION_GENERATE, /**< During psa_generate_key() */
+ PSA_KEY_CREATION_DERIVE, /**< During psa_key_derivation_output_key() */
+ PSA_KEY_CREATION_COPY, /**< During psa_copy_key() */
+
+#ifndef __DOXYGEN_ONLY__
+ /** A key is being registered with mbedtls_psa_register_se_key().
+ *
+ * The core only passes this value to
+ * psa_drv_se_key_management_t::p_validate_slot_number, not to
+ * psa_drv_se_key_management_t::p_allocate. The call to
+ * `p_validate_slot_number` is not followed by any other call to the
+ * driver: the key is considered successfully registered if the call to
+ * `p_validate_slot_number` succeeds, or if `p_validate_slot_number` is
+ * null.
+ *
+ * With this creation method, the driver must return #PSA_SUCCESS if
+ * the given attributes are compatible with the existing key in the slot,
+ * and #PSA_ERROR_DOES_NOT_EXIST if the driver can determine that there
+ * is no key with the specified slot number.
+ *
+ * This is an Mbed Crypto extension.
+ */
+ PSA_KEY_CREATION_REGISTER,
+#endif
+} psa_key_creation_method_t;
+
+/** \brief A function that allocates a slot for a key.
+ *
+ * To create a key in a specific slot in a secure element, the core
+ * first calls this function to determine a valid slot number,
+ * then calls a function to create the key material in that slot.
+ * In nominal conditions (that is, if no error occurs),
+ * the effect of a call to a key creation function in the PSA Cryptography
+ * API with a lifetime that places the key in a secure element is the
+ * following:
+ * -# The core calls psa_drv_se_key_management_t::p_allocate
+ * (or in some implementations
+ * psa_drv_se_key_management_t::p_validate_slot_number). The driver
+ * selects (or validates) a suitable slot number given the key attributes
+ * and the state of the secure element.
+ * -# The core calls a key creation function in the driver.
+ *
+ * The key creation functions in the PSA Cryptography API are:
+ * - psa_import_key(), which causes
+ * a call to `p_allocate` with \p method = #PSA_KEY_CREATION_IMPORT
+ * then a call to psa_drv_se_key_management_t::p_import.
+ * - psa_generate_key(), which causes
+ * a call to `p_allocate` with \p method = #PSA_KEY_CREATION_GENERATE
+ * then a call to psa_drv_se_key_management_t::p_import.
+ * - psa_key_derivation_output_key(), which causes
+ * a call to `p_allocate` with \p method = #PSA_KEY_CREATION_DERIVE
+ * then a call to psa_drv_se_key_derivation_t::p_derive.
+ * - psa_copy_key(), which causes
+ * a call to `p_allocate` with \p method = #PSA_KEY_CREATION_COPY
+ * then a call to psa_drv_se_key_management_t::p_export.
+ *
+ * In case of errors, other behaviors are possible.
+ * - If the PSA Cryptography subsystem dies after the first step,
+ * for example because the device has lost power abruptly,
+ * the second step may never happen, or may happen after a reset
+ * and re-initialization. Alternatively, after a reset and
+ * re-initialization, the core may call
+ * psa_drv_se_key_management_t::p_destroy on the slot number that
+ * was allocated (or validated) instead of calling a key creation function.
+ * - If an error occurs, the core may call
+ * psa_drv_se_key_management_t::p_destroy on the slot number that
+ * was allocated (or validated) instead of calling a key creation function.
+ *
+ * Errors and system resets also have an impact on the driver's persistent
+ * data. If a reset happens before the overall key creation process is
+ * completed (before or after the second step above), it is unspecified
+ * whether the persistent data after the reset is identical to what it
+ * was before or after the call to `p_allocate` (or `p_validate_slot_number`).
+ *
+ * \param[in,out] drv_context The driver context structure.
+ * \param[in,out] persistent_data A pointer to the persistent data
+ * that allows writing.
+ * \param[in] attributes Attributes of the key.
+ * \param method The way in which the key is being created.
+ * \param[out] key_slot Slot where the key will be stored.
+ * This must be a valid slot for a key of the
+ * chosen type. It must be unoccupied.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * The core will record \c *key_slot as the key slot where the key
+ * is stored and will update the persistent data in storage.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ */
+typedef psa_status_t (*psa_drv_se_allocate_key_t)(
+ psa_drv_se_context_t *drv_context,
+ void *persistent_data,
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_key_slot_number_t *key_slot);
+
+/** \brief A function that determines whether a slot number is valid
+ * for a key.
+ *
+ * To create a key in a specific slot in a secure element, the core
+ * first calls this function to validate the choice of slot number,
+ * then calls a function to create the key material in that slot.
+ * See the documentation of #psa_drv_se_allocate_key_t for more details.
+ *
+ * As of the PSA Cryptography API specification version 1.0, there is no way
+ * for applications to trigger a call to this function. However some
+ * implementations offer the capability to create or declare a key in
+ * a specific slot via implementation-specific means, generally for the
+ * sake of initial device provisioning or onboarding. Such a mechanism may
+ * be added to a future version of the PSA Cryptography API specification.
+ *
+ * \param[in,out] drv_context The driver context structure.
+ * \param[in] attributes Attributes of the key.
+ * \param method The way in which the key is being created.
+ * \param[in] key_slot Slot where the key is to be stored.
+ *
+ * \retval #PSA_SUCCESS
+ * The given slot number is valid for a key with the given
+ * attributes.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The given slot number is not valid for a key with the
+ * given attributes. This includes the case where the slot
+ * number is not valid at all.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * There is already a key with the specified slot number.
+ * Drivers may choose to return this error from the key
+ * creation function instead.
+ */
+typedef psa_status_t (*psa_drv_se_validate_slot_number_t)(
+ psa_drv_se_context_t *drv_context,
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_key_slot_number_t key_slot);
+
/** \brief A function that imports a key into a secure element in binary format
*
* This function can support any output from psa_export_key(). Refer to the
* documentation of psa_export_key() for the format for each key type.
*
- * \param[in] key_slot Slot where the key will be stored
- * This must be a valid slot for a key of the chosen
- * type. It must be unoccupied.
- * \param[in] lifetime The required lifetime of the key storage
- * \param[in] type Key type (a \c PSA_KEY_TYPE_XXX value)
- * \param[in] algorithm Key algorithm (a \c PSA_ALG_XXX value)
- * \param[in] usage The allowed uses of the key
- * \param[in] p_data Buffer containing the key data
- * \param[in] data_length Size of the `data` buffer in bytes
+ * \param[in,out] drv_context The driver context structure.
+ * \param key_slot Slot where the key will be stored.
+ * This must be a valid slot for a key of the
+ * chosen type. It must be unoccupied.
+ * \param[in] attributes The key attributes, including the lifetime,
+ * the key type and the usage policy.
+ * Drivers should not access the key size stored
+ * in the attributes: it may not match the
+ * data passed in \p data.
+ * Drivers can call psa_get_key_lifetime(),
+ * psa_get_key_type(),
+ * psa_get_key_usage_flags() and
+ * psa_get_key_algorithm() to access this
+ * information.
+ * \param[in] data Buffer containing the key data.
+ * \param[in] data_length Size of the \p data buffer in bytes.
+ * \param[out] bits On success, the key size in bits. The driver
+ * must determine this value after parsing the
+ * key according to the key type.
+ * This value is not used if the function fails.
*
* \retval #PSA_SUCCESS
* Success.
*/
-typedef psa_status_t (*psa_drv_se_import_key_t)(psa_key_slot_number_t key_slot,
- psa_key_lifetime_t lifetime,
- psa_key_type_t type,
- psa_algorithm_t algorithm,
- psa_key_usage_t usage,
- const uint8_t *p_data,
- size_t data_length);
+typedef psa_status_t (*psa_drv_se_import_key_t)(
+ psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ size_t *bits);
/**
* \brief A function that destroys a secure element key and restore the slot to
@@ -721,12 +997,18 @@
*
* This function returns the specified slot to its default state.
*
- * \param[in] key_slot The key slot to erase.
+ * \param[in,out] drv_context The driver context structure.
+ * \param[in,out] persistent_data A pointer to the persistent data
+ * that allows writing.
+ * \param key_slot The key slot to erase.
*
* \retval #PSA_SUCCESS
* The slot's content, if any, has been erased.
*/
-typedef psa_status_t (*psa_drv_se_destroy_key_t)(psa_key_slot_number_t key);
+typedef psa_status_t (*psa_drv_se_destroy_key_t)(
+ psa_drv_se_context_t *drv_context,
+ void *persistent_data,
+ psa_key_slot_number_t key_slot);
/**
* \brief A function that exports a secure element key in binary format
@@ -743,6 +1025,7 @@
* `psa_export_key()` does. Refer to the
* documentation of `psa_export_key()` for the format for each key type.
*
+ * \param[in,out] drv_context The driver context structure.
* \param[in] key Slot whose content is to be exported. This must
* be an occupied key slot.
* \param[out] p_data Buffer where the key data is to be written.
@@ -756,9 +1039,10 @@
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
*/
-typedef psa_status_t (*psa_drv_se_export_key_t)(psa_key_slot_number_t key,
+typedef psa_status_t (*psa_drv_se_export_key_t)(psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key,
uint8_t *p_data,
size_t data_size,
size_t *p_data_length);
@@ -767,39 +1051,52 @@
* \brief A function that generates a symmetric or asymmetric key on a secure
* element
*
- * If \p type is asymmetric (`#PSA_KEY_TYPE_IS_ASYMMETRIC(\p type) == 1`),
- * the public component of the generated key will be placed in `p_pubkey_out`.
- * The format of the public key information will match the format specified for
- * the psa_export_key() function for the key type.
+ * If \p type is asymmetric (#PSA_KEY_TYPE_IS_ASYMMETRIC(\p type) = 1),
+ * the driver may export the public key at the time of generation,
+ * in the format documented for psa_export_public_key() by writing it
+ * to the \p pubkey buffer.
+ * This is optional, intended for secure elements that output the
+ * public key at generation time and that cannot export the public key
+ * later. Drivers that do not need this feature should leave
+ * \p *pubkey_length set to 0 and should
+ * implement the psa_drv_key_management_t::p_export_public function.
+ * Some implementations do not support this feature, in which case
+ * \p pubkey is \c NULL and \p pubkey_size is 0.
*
- * \param[in] key_slot Slot where the generated key will be placed
- * \param[in] type The type of the key to be generated
- * \param[in] usage The prescribed usage of the generated key
- * Note: Not all Secure Elements support the same
- * restrictions that PSA Crypto does (and vice versa).
- * Driver developers should endeavor to match the
- * usages as close as possible.
- * \param[in] bits The size in bits of the key to be generated.
- * \param[in] extra Extra parameters for key generation. The
- * interpretation of this parameter should match the
- * interpretation in the `extra` parameter is the
- * `psa_generate_key` function
- * \param[in] extra_size The size in bytes of the \p extra buffer
- * \param[out] p_pubkey_out The buffer where the public key information will
- * be placed
- * \param[in] pubkey_out_size The size in bytes of the `p_pubkey_out` buffer
- * \param[out] p_pubkey_length Upon successful completion, will contain the
- * size of the data placed in `p_pubkey_out`.
+ * \param[in,out] drv_context The driver context structure.
+ * \param key_slot Slot where the key will be stored.
+ * This must be a valid slot for a key of the
+ * chosen type. It must be unoccupied.
+ * \param[in] attributes The key attributes, including the lifetime,
+ * the key type and size, and the usage policy.
+ * Drivers can call psa_get_key_lifetime(),
+ * psa_get_key_type(), psa_get_key_bits(),
+ * psa_get_key_usage_flags() and
+ * psa_get_key_algorithm() to access this
+ * information.
+ * \param[out] pubkey A buffer where the driver can write the
+ * public key, when generating an asymmetric
+ * key pair.
+ * This is \c NULL when generating a symmetric
+ * key or if the core does not support
+ * exporting the public key at generation time.
+ * \param pubkey_size The size of the `pubkey` buffer in bytes.
+ * This is 0 when generating a symmetric
+ * key or if the core does not support
+ * exporting the public key at generation time.
+ * \param[out] pubkey_length On entry, this is always 0.
+ * On success, the number of bytes written to
+ * \p pubkey. If this is 0 or unchanged on return,
+ * the core will not read the \p pubkey buffer,
+ * and will instead call the driver's
+ * psa_drv_key_management_t::p_export_public
+ * function to export the public key when needed.
*/
-typedef psa_status_t (*psa_drv_se_generate_key_t)(psa_key_slot_number_t key_slot,
- psa_key_type_t type,
- psa_key_usage_t usage,
- size_t bits,
- const void *extra,
- size_t extra_size,
- uint8_t *p_pubkey_out,
- size_t pubkey_out_size,
- size_t *p_pubkey_length);
+typedef psa_status_t (*psa_drv_se_generate_key_t)(
+ psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
+ const psa_key_attributes_t *attributes,
+ uint8_t *pubkey, size_t pubkey_size, size_t *pubkey_length);
/**
* \brief A struct containing all of the function pointers needed to for secure
@@ -811,6 +1108,10 @@
* If one of the functions is not implemented, it should be set to NULL.
*/
typedef struct {
+ /** Function that allocates a slot for a key. */
+ psa_drv_se_allocate_key_t p_allocate;
+ /** Function that checks the validity of a slot for a key. */
+ psa_drv_se_validate_slot_number_t p_validate_slot_number;
/** Function that performs a key import operation */
psa_drv_se_import_key_t p_import;
/** Function that performs a generation */
@@ -819,6 +1120,8 @@
psa_drv_se_destroy_key_t p_destroy;
/** Function that performs a key export operation */
psa_drv_se_export_key_t p_export;
+ /** Function that performs a public key export operation */
+ psa_drv_se_export_key_t p_export_public;
} psa_drv_se_key_management_t;
/**@}*/
@@ -875,15 +1178,17 @@
/** \brief A function that Sets up a secure element key derivation operation by
* specifying the algorithm and the source key sot
*
- * \param[in,out] p_context A hardware-specific structure containing any
- * context information for the implementation
- * \param[in] kdf_alg The algorithm to be used for the key derivation
- * \param[in] souce_key The key to be used as the source material for the
- * key derivation
+ * \param[in,out] drv_context The driver context structure.
+ * \param[in,out] op_context A hardware-specific structure containing any
+ * context information for the implementation
+ * \param[in] kdf_alg The algorithm to be used for the key derivation
+ * \param[in] source_key The key to be used as the source material for
+ * the key derivation
*
* \retval PSA_SUCCESS
*/
-typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t *drv_context,
+ void *op_context,
psa_algorithm_t kdf_alg,
psa_key_slot_number_t source_key);
@@ -894,7 +1199,7 @@
* expeced that this function may be called multiple times for the same
* operation, each with a different algorithm-specific `collateral_id`
*
- * \param[in,out] p_context A hardware-specific structure containing any
+ * \param[in,out] op_context A hardware-specific structure containing any
* context information for the implementation
* \param[in] collateral_id An ID for the collateral being provided
* \param[in] p_collateral A buffer containing the collateral data
@@ -902,7 +1207,7 @@
*
* \retval PSA_SUCCESS
*/
-typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *op_context,
uint32_t collateral_id,
const uint8_t *p_collateral,
size_t collateral_size);
@@ -910,14 +1215,14 @@
/** \brief A function that performs the final secure element key derivation
* step and place the generated key material in a slot
*
- * \param[in,out] p_context A hardware-specific structure containing any
+ * \param[in,out] op_context A hardware-specific structure containing any
* context information for the implementation
* \param[in] dest_key The slot where the generated key material
* should be placed
*
* \retval PSA_SUCCESS
*/
-typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context,
psa_key_slot_number_t dest_key);
/** \brief A function that performs the final step of a secure element key
@@ -931,7 +1236,7 @@
*
* \retval PSA_SUCCESS
*/
-typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *p_context,
+typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *op_context,
uint8_t *p_output,
size_t output_size,
size_t *p_output_length);
@@ -961,6 +1266,113 @@
/**@}*/
+/** \defgroup se_registration Secure element driver registration
+ */
+/**@{*/
+
+/** A structure containing pointers to all the entry points of a
+ * secure element driver.
+ *
+ * Future versions of this specification may add extra substructures at
+ * the end of this structure.
+ */
+typedef struct {
+ /** The version of the driver HAL that this driver implements.
+ * This is a protection against loading driver binaries built against
+ * a different version of this specification.
+ * Use #PSA_DRV_SE_HAL_VERSION.
+ */
+ uint32_t hal_version;
+
+ /** The size of the driver's persistent data in bytes.
+ *
+ * This can be 0 if the driver does not need persistent data.
+ *
+ * See the documentation of psa_drv_se_context_t::persistent_data
+ * for more information about why and how a driver can use
+ * persistent data.
+ */
+ size_t persistent_data_size;
+
+ /** The driver initialization function.
+ *
+ * This function is called once during the initialization of the
+ * PSA Cryptography subsystem, before any other function of the
+ * driver is called. If this function returns a failure status,
+ * the driver will be unusable, at least until the next system reset.
+ *
+ * If this field is \c NULL, it is equivalent to a function that does
+ * nothing and returns #PSA_SUCCESS.
+ */
+ psa_drv_se_init_t p_init;
+
+ const psa_drv_se_key_management_t *key_management;
+ const psa_drv_se_mac_t *mac;
+ const psa_drv_se_cipher_t *cipher;
+ const psa_drv_se_aead_t *aead;
+ const psa_drv_se_asymmetric_t *asymmetric;
+ const psa_drv_se_key_derivation_t *derivation;
+} psa_drv_se_t;
+
+/** The current version of the secure element driver HAL.
+ */
+/* 0.0.0 patchlevel 5 */
+#define PSA_DRV_SE_HAL_VERSION 0x00000005
+
+/** Register an external cryptoprocessor (secure element) driver.
+ *
+ * This function is only intended to be used by driver code, not by
+ * application code. In implementations with separation between the
+ * PSA cryptography module and applications, this function should
+ * only be available to callers that run in the same memory space as
+ * the cryptography module, and should not be exposed to applications
+ * running in a different memory space.
+ *
+ * This function may be called before psa_crypto_init(). It is
+ * implementation-defined whether this function may be called
+ * after psa_crypto_init().
+ *
+ * \note Implementations store metadata about keys including the lifetime
+ * value. Therefore, from one instantiation of the PSA Cryptography
+ * library to the next one, if there is a key in storage with a certain
+ * lifetime value, you must always register the same driver (or an
+ * updated version that communicates with the same secure element)
+ * with the same lifetime value.
+ *
+ * \param lifetime The lifetime value through which this driver will
+ * be exposed to applications.
+ * The values #PSA_KEY_LIFETIME_VOLATILE and
+ * #PSA_KEY_LIFETIME_PERSISTENT are reserved and
+ * may not be used for drivers. Implementations
+ * may reserve other values.
+ * \param[in] methods The method table of the driver. This structure must
+ * remain valid for as long as the cryptography
+ * module keeps running. It is typically a global
+ * constant.
+ *
+ * \return PSA_SUCCESS
+ * The driver was successfully registered. Applications can now
+ * use \p lifetime to access keys through the methods passed to
+ * this function.
+ * \return PSA_ERROR_BAD_STATE
+ * This function was called after the initialization of the
+ * cryptography module, and this implementation does not support
+ * driver registration at this stage.
+ * \return PSA_ERROR_ALREADY_EXISTS
+ * There is already a registered driver for this value of \p lifetime.
+ * \return PSA_ERROR_INVALID_ARGUMENT
+ * \p lifetime is a reserved value.
+ * \return PSA_ERROR_NOT_SUPPORTED
+ * `methods->hal_version` is not supported by this implementation.
+ * \return PSA_ERROR_INSUFFICIENT_MEMORY
+ * \return PSA_ERROR_NOT_PERMITTED
+ */
+psa_status_t psa_register_se_driver(
+ psa_key_lifetime_t lifetime,
+ const psa_drv_se_t *methods);
+
+/**@}*/
+
#ifdef __cplusplus
}
#endif
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 3cb0c73..bcca724 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -45,7 +45,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "../mbedtls/config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -53,6 +53,9 @@
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
+#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
+ (((length) + (block_size) - 1) / (block_size) * (block_size))
+
/** The size of the output of psa_hash_finish(), in bytes.
*
* This is also the hash size that psa_hash_verify() expects.
@@ -269,7 +272,7 @@
* \param key_type The type of the MAC key.
* \param key_bits The size of the MAC key in bits.
* \param alg A MAC algorithm (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_MAC(alg) is true).
+ * #PSA_ALG_IS_MAC(\p alg) is true).
*
* \return The MAC size for the specified algorithm with
* the specified key parameters.
@@ -294,7 +297,7 @@
*
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_AEAD(alg) is true).
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
* \param plaintext_length Size of the plaintext in bytes.
*
* \return The AEAD ciphertext size for the specified
@@ -318,7 +321,7 @@
*
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_AEAD(alg) is true).
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
* \param ciphertext_length Size of the plaintext in bytes.
*
* \return The AEAD ciphertext size for the specified
@@ -330,7 +333,81 @@
*/
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
- (plaintext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
+ (ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
+ 0)
+
+/** A sufficient output buffer size for psa_aead_update().
+ *
+ * If the size of the output buffer is at least this large, it is
+ * guaranteed that psa_aead_update() will not fail due to an
+ * insufficient buffer size. The actual size of the output may be smaller
+ * in any given call.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param input_length Size of the input in bytes.
+ *
+ * \return A sufficient output buffer size for the specified
+ * algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ * An implementation may return either 0 or a
+ * correct size for an AEAD algorithm that it
+ * recognizes, but does not support.
+ */
+/* For all the AEAD modes defined in this specification, it is possible
+ * to emit output without delay. However, hardware may not always be
+ * capable of this. So for modes based on a block cipher, allow the
+ * implementation to delay the output until it has a full block. */
+#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
+ (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE, (input_length)) : \
+ (input_length))
+
+/** A sufficient ciphertext buffer size for psa_aead_finish().
+ *
+ * If the size of the ciphertext buffer is at least this large, it is
+ * guaranteed that psa_aead_finish() will not fail due to an
+ * insufficient ciphertext buffer size. The actual size of the output may
+ * be smaller in any given call.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \return A sufficient ciphertext buffer size for the
+ * specified algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ * An implementation may return either 0 or a
+ * correct size for an AEAD algorithm that it
+ * recognizes, but does not support.
+ */
+#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
+ (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
+ 0)
+
+/** A sufficient plaintext buffer size for psa_aead_verify().
+ *
+ * If the size of the plaintext buffer is at least this large, it is
+ * guaranteed that psa_aead_verify() will not fail due to an
+ * insufficient plaintext buffer size. The actual size of the output may
+ * be smaller in any given call.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \return A sufficient plaintext buffer size for the
+ * specified algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ * An implementation may return either 0 or a
+ * correct size for an AEAD algorithm that it
+ * recognizes, but does not support.
+ */
+#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
+ (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
0)
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
@@ -349,9 +426,9 @@
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
(PSA_BITS_TO_BYTES(curve_bits) * 2)
-/** Safe signature buffer size for psa_asymmetric_sign().
+/** Sufficient signature buffer size for psa_asymmetric_sign().
*
- * This macro returns a safe buffer size for a signature using a key
+ * This macro returns a sufficient buffer size for a signature using a key
* of the specified type and size, with the specified algorithm.
* Note that the actual size of the signature may be smaller
* (some algorithms produce a variable-size signature).
@@ -370,7 +447,7 @@
* psa_asymmetric_sign() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
* If the parameters are a valid combination that is not supported
- * by the implementation, this macro either shall return either a
+ * by the implementation, this macro shall return either a
* sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
@@ -380,9 +457,9 @@
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
((void)alg, 0))
-/** Safe output buffer size for psa_asymmetric_encrypt().
+/** Sufficient output buffer size for psa_asymmetric_encrypt().
*
- * This macro returns a safe buffer size for a ciphertext produced using
+ * This macro returns a sufficient buffer size for a ciphertext produced using
* a key of the specified type and size, with the specified algorithm.
* Note that the actual size of the ciphertext may be smaller, depending
* on the algorithm.
@@ -401,7 +478,7 @@
* psa_asymmetric_encrypt() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
* If the parameters are a valid combination that is not supported
- * by the implementation, this macro either shall return either a
+ * by the implementation, this macro shall return either a
* sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
@@ -411,9 +488,9 @@
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
0)
-/** Safe output buffer size for psa_asymmetric_decrypt().
+/** Sufficient output buffer size for psa_asymmetric_decrypt().
*
- * This macro returns a safe buffer size for a ciphertext produced using
+ * This macro returns a sufficient buffer size for a ciphertext produced using
* a key of the specified type and size, with the specified algorithm.
* Note that the actual size of the ciphertext may be smaller, depending
* on the algorithm.
@@ -432,7 +509,7 @@
* psa_asymmetric_decrypt() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
* If the parameters are a valid combination that is not supported
- * by the implementation, this macro either shall return either a
+ * by the implementation, this macro shall return either a
* sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
@@ -491,7 +568,7 @@
* overapproximated as 9 half-size INTEGERS;
* - 7 bytes for the public exponent.
*/
-#define PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits) \
+#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
(9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
/* Maximum size of the export encoding of a DSA public key.
@@ -529,7 +606,7 @@
* - 3 full-size INTEGERs (p, g, y);
* - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
*/
-#define PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits) \
+#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
/* Maximum size of the export encoding of an ECC public key.
@@ -549,10 +626,10 @@
*
* An ECC key pair is represented by the secret value.
*/
-#define PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits) \
+#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
(PSA_BITS_TO_BYTES(key_bits))
-/** Safe output buffer size for psa_export_key() or psa_export_public_key().
+/** Sufficient output buffer size for psa_export_key() or psa_export_public_key().
*
* This macro returns a compile-time constant if its arguments are
* compile-time constants.
@@ -564,32 +641,36 @@
* The following code illustrates how to allocate enough memory to export
* a key by querying the key type and size at runtime.
* \code{c}
- * psa_key_type_t key_type;
- * size_t key_bits;
+ * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
* psa_status_t status;
- * status = psa_get_key_information(key, &key_type, &key_bits);
+ * status = psa_get_key_attributes(key, &attributes);
* if (status != PSA_SUCCESS) handle_error(...);
+ * psa_key_type_t key_type = psa_get_key_type(&attributes);
+ * size_t key_bits = psa_get_key_bits(&attributes);
* size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits);
- * unsigned char *buffer = malloc(buffer_size);
- * if (buffer != NULL) handle_error(...);
+ * psa_reset_key_attributes(&attributes);
+ * uint8_t *buffer = malloc(buffer_size);
+ * if (buffer == NULL) handle_error(...);
* size_t buffer_length;
* status = psa_export_key(key, buffer, buffer_size, &buffer_length);
* if (status != PSA_SUCCESS) handle_error(...);
* \endcode
*
* For psa_export_public_key(), calculate the buffer size from the
- * public key type. You can use the macro #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR
+ * public key type. You can use the macro #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR
* to convert a key pair type to the corresponding public key type.
* \code{c}
- * psa_key_type_t key_type;
- * size_t key_bits;
+ * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
* psa_status_t status;
- * status = psa_get_key_information(key, &key_type, &key_bits);
+ * status = psa_get_key_attributes(key, &attributes);
* if (status != PSA_SUCCESS) handle_error(...);
- * psa_key_type_t public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(key_type);
+ * psa_key_type_t key_type = psa_get_key_type(&attributes);
+ * psa_key_type_t public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type);
+ * size_t key_bits = psa_get_key_bits(&attributes);
* size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(public_key_type, key_bits);
- * unsigned char *buffer = malloc(buffer_size);
- * if (buffer != NULL) handle_error(...);
+ * psa_reset_key_attributes(&attributes);
+ * uint8_t *buffer = malloc(buffer_size);
+ * if (buffer == NULL) handle_error(...);
* size_t buffer_length;
* status = psa_export_public_key(key, buffer, buffer_size, &buffer_length);
* if (status != PSA_SUCCESS) handle_error(...);
@@ -603,18 +684,18 @@
* psa_asymmetric_sign() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
* If the parameters are a valid combination that is not supported
- * by the implementation, this macro either shall return either a
+ * by the implementation, this macro shall return either a
* sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
*/
#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
- (key_type) == PSA_KEY_TYPE_RSA_KEYPAIR ? PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits) : \
+ (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
- (key_type) == PSA_KEY_TYPE_DSA_KEYPAIR ? PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits) : \
+ (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
- PSA_KEY_TYPE_IS_ECC_KEYPAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits) : \
+ PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
0)
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 8850357..f177d5d 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -12,6 +12,26 @@
* In implementations with isolation between the application and the
* cryptography module, it is expected that the front-end and the back-end
* would have different versions of this file.
+ *
+ * <h3>Design notes about multipart operation structures</h3>
+ *
+ * Each multipart operation structure contains a `psa_algorithm_t alg`
+ * field which indicates which specific algorithm the structure is for.
+ * When the structure is not in use, `alg` is 0. Most of the structure
+ * consists of a union which is discriminated by `alg`.
+ *
+ * Note that when `alg` is 0, the content of other fields is undefined.
+ * In particular, it is not guaranteed that a freshly-initialized structure
+ * is all-zero: we initialize structures to something like `{0, 0}`, which
+ * is only guaranteed to initializes the first member of the union;
+ * GCC and Clang initialize the whole structure to 0 (at the time of writing),
+ * but MSVC and CompCert don't.
+ *
+ * In Mbed Crypto, multipart operation structures live independently from
+ * the key. This allows Mbed Crypto to free the key objects when destroying
+ * a key slot. If a multipart operation needs to remember the key after
+ * the setup function returns, the operation structure needs to contain a
+ * copy of the key.
*/
/*
* Copyright (C) 2018, ARM Limited, All Rights Reserved
@@ -35,10 +55,14 @@
#ifndef PSA_CRYPTO_STRUCT_H
#define PSA_CRYPTO_STRUCT_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "../mbedtls/config.h"
+#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -152,6 +176,27 @@
return( v );
}
+struct psa_aead_operation_s
+{
+ psa_algorithm_t alg;
+ unsigned int key_set : 1;
+ unsigned int iv_set : 1;
+ uint8_t iv_size;
+ uint8_t block_size;
+ union
+ {
+ unsigned dummy; /* Enable easier initializing of the union. */
+ mbedtls_cipher_context_t cipher;
+ } ctx;
+};
+
+#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}}
+static inline struct psa_aead_operation_s psa_aead_operation_init( void )
+{
+ const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
+ return( v );
+}
+
#if defined(MBEDTLS_MD_C)
typedef struct
{
@@ -165,62 +210,68 @@
#endif
uint8_t offset_in_block;
uint8_t block_number;
-} psa_hkdf_generator_t;
+ unsigned int state : 2;
+ unsigned int info_set : 1;
+} psa_hkdf_key_derivation_t;
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_MD_C)
-typedef struct psa_tls12_prf_generator_s
+typedef enum
{
- /* The TLS 1.2 PRF uses the key for each HMAC iteration,
- * hence we must store it for the lifetime of the generator.
- * This is different from HKDF, where the key is only used
- * in the extraction phase, but not during expansion. */
- unsigned char *key;
- size_t key_len;
+ TLS12_PRF_STATE_INIT, /* no input provided */
+ TLS12_PRF_STATE_SEED_SET, /* seed has been set */
+ TLS12_PRF_STATE_KEY_SET, /* key has been set */
+ TLS12_PRF_STATE_LABEL_SET, /* label has been set */
+ TLS12_PRF_STATE_OUTPUT /* output has been started */
+} psa_tls12_prf_key_derivation_state_t;
- /* `A(i) + seed` in the notation of RFC 5246, Sect. 5 */
- uint8_t *Ai_with_seed;
- size_t Ai_with_seed_len;
-
- /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
- uint8_t output_block[PSA_HASH_MAX_SIZE];
-
+typedef struct psa_tls12_prf_key_derivation_s
+{
#if PSA_HASH_MAX_SIZE > 0xff
#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
#endif
/* Indicates how many bytes in the current HMAC block have
- * already been read by the user. */
- uint8_t offset_in_block;
+ * not yet been read by the user. */
+ uint8_t left_in_block;
/* The 1-based number of the block. */
uint8_t block_number;
-} psa_tls12_prf_generator_t;
+ psa_tls12_prf_key_derivation_state_t state;
+
+ uint8_t *seed;
+ size_t seed_length;
+ uint8_t *label;
+ size_t label_length;
+ psa_hmac_internal_data hmac;
+ uint8_t Ai[PSA_HASH_MAX_SIZE];
+
+ /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
+ uint8_t output_block[PSA_HASH_MAX_SIZE];
+} psa_tls12_prf_key_derivation_t;
#endif /* MBEDTLS_MD_C */
-struct psa_crypto_generator_s
+struct psa_key_derivation_s
{
psa_algorithm_t alg;
size_t capacity;
union
{
- struct
- {
- uint8_t *data;
- size_t size;
- } buffer;
+ /* Make the union non-empty even with no supported algorithms. */
+ uint8_t dummy;
#if defined(MBEDTLS_MD_C)
- psa_hkdf_generator_t hkdf;
- psa_tls12_prf_generator_t tls12_prf;
+ psa_hkdf_key_derivation_t hkdf;
+ psa_tls12_prf_key_derivation_t tls12_prf;
#endif
} ctx;
};
-#define PSA_CRYPTO_GENERATOR_INIT {0, 0, {{0, 0}}}
-static inline struct psa_crypto_generator_s psa_crypto_generator_init( void )
+/* This only zeroes out the first byte in the union, the rest is unspecified. */
+#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, {0}}
+static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
{
- const struct psa_crypto_generator_s v = PSA_CRYPTO_GENERATOR_INIT;
+ const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
return( v );
}
@@ -230,6 +281,7 @@
psa_algorithm_t alg;
psa_algorithm_t alg2;
};
+typedef struct psa_key_policy_s psa_key_policy_t;
#define PSA_KEY_POLICY_INIT {0, 0, 0}
static inline struct psa_key_policy_s psa_key_policy_init( void )
@@ -238,4 +290,183 @@
return( v );
}
+/* The type used internally for key sizes.
+ * Public interfaces use size_t, but internally we use a smaller type. */
+typedef uint16_t psa_key_bits_t;
+/* The maximum value of the type used to represent bit-sizes.
+ * This is used to mark an invalid key size. */
+#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) )
+/* The maximum size of a key in bits.
+ * Currently defined as the maximum that can be represented, rounded down
+ * to a whole number of bytes.
+ * This is an uncast value so that it can be used in preprocessor
+ * conditionals. */
+#define PSA_MAX_KEY_BITS 0xfff8
+
+/** A mask of flags that can be stored in key attributes.
+ *
+ * This type is also used internally to store flags in slots. Internal
+ * flags are defined in library/psa_crypto_core.h. Internal flags may have
+ * the same value as external flags if they are properly handled during
+ * key creation and in psa_get_key_attributes.
+ */
+typedef uint16_t psa_key_attributes_flag_t;
+
+#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \
+ ( (psa_key_attributes_flag_t) 0x0001 )
+
+/* A mask of key attribute flags used externally only.
+ * Only meant for internal checks inside the library. */
+#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \
+ MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \
+ 0 )
+
+/* A mask of key attribute flags used both internally and externally.
+ * Currently there aren't any. */
+#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \
+ 0 )
+
+typedef struct
+{
+ psa_key_type_t type;
+ psa_key_lifetime_t lifetime;
+ psa_key_id_t id;
+ psa_key_policy_t policy;
+ psa_key_bits_t bits;
+ psa_key_attributes_flag_t flags;
+} psa_core_key_attributes_t;
+
+#define PSA_CORE_KEY_ATTRIBUTES_INIT {0, 0, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0, 0}
+
+struct psa_key_attributes_s
+{
+ psa_core_key_attributes_t core;
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ psa_key_slot_number_t slot_number;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ void *domain_parameters;
+ size_t domain_parameters_size;
+};
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0}
+#else
+#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
+#endif
+
+static inline struct psa_key_attributes_s psa_key_attributes_init( void )
+{
+ const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
+ return( v );
+}
+
+static inline void psa_set_key_id(psa_key_attributes_t *attributes,
+ psa_key_id_t id)
+{
+ attributes->core.id = id;
+ if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+}
+
+static inline psa_key_id_t psa_get_key_id(
+ const psa_key_attributes_t *attributes)
+{
+ return( attributes->core.id );
+}
+
+static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
+ psa_key_lifetime_t lifetime)
+{
+ attributes->core.lifetime = lifetime;
+ if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ {
+#ifdef MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+ attributes->core.id.key_id = 0;
+ attributes->core.id.owner = 0;
+#else
+ attributes->core.id = 0;
+#endif
+ }
+}
+
+static inline psa_key_lifetime_t psa_get_key_lifetime(
+ const psa_key_attributes_t *attributes)
+{
+ return( attributes->core.lifetime );
+}
+
+static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
+ psa_key_usage_t usage_flags)
+{
+ attributes->core.policy.usage = usage_flags;
+}
+
+static inline psa_key_usage_t psa_get_key_usage_flags(
+ const psa_key_attributes_t *attributes)
+{
+ return( attributes->core.policy.usage );
+}
+
+static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
+ psa_algorithm_t alg)
+{
+ attributes->core.policy.alg = alg;
+}
+
+static inline psa_algorithm_t psa_get_key_algorithm(
+ const psa_key_attributes_t *attributes)
+{
+ return( attributes->core.policy.alg );
+}
+
+/* This function is declared in crypto_extra.h, which comes after this
+ * header file, but we need the function here, so repeat the declaration. */
+psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+ psa_key_type_t type,
+ const uint8_t *data,
+ size_t data_length);
+
+static inline void psa_set_key_type(psa_key_attributes_t *attributes,
+ psa_key_type_t type)
+{
+ if( attributes->domain_parameters == NULL )
+ {
+ /* Common case: quick path */
+ attributes->core.type = type;
+ }
+ else
+ {
+ /* Call the bigger function to free the old domain paramteres.
+ * Ignore any errors which may arise due to type requiring
+ * non-default domain parameters, since this function can't
+ * report errors. */
+ (void) psa_set_key_domain_parameters( attributes, type, NULL, 0 );
+ }
+}
+
+static inline psa_key_type_t psa_get_key_type(
+ const psa_key_attributes_t *attributes)
+{
+ return( attributes->core.type );
+}
+
+static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
+ size_t bits)
+{
+ if( bits > PSA_MAX_KEY_BITS )
+ attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
+ else
+ attributes->core.bits = (psa_key_bits_t) bits;
+}
+
+static inline size_t psa_get_key_bits(
+ const psa_key_attributes_t *attributes)
+{
+ return( attributes->core.bits );
+}
+
+#ifdef __cplusplus
+}
+#endif
+
#endif /* PSA_CRYPTO_STRUCT_H */
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index 923b94a..b79c3b5 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -45,9 +45,9 @@
* \brief Function return status.
*
* This is either #PSA_SUCCESS (which is zero), indicating success,
- * or a nonzero value indicating that an error occurred. Errors are
- * encoded as one of the \c PSA_ERROR_xxx values defined here.
- * If #PSA_SUCCESS is already defined, it means that #psa_status_t
+ * or a small negative value indicating that an error occurred. Errors are
+ * encoded as one of the \c PSA_ERROR_xxx values defined here. */
+/* If #PSA_SUCCESS is already defined, it means that #psa_status_t
* is also defined in an external header, so prevent its multiple
* definition.
*/
@@ -68,6 +68,9 @@
/** The type of PSA elliptic curve identifiers. */
typedef uint16_t psa_ecc_curve_t;
+/** The type of PSA Diffie-Hellman group identifiers. */
+typedef uint16_t psa_dh_group_t;
+
/** \brief Encoding of a cryptographic algorithm.
*
* For algorithms that can be applied to multiple key types, this type
@@ -85,10 +88,30 @@
*/
/** Encoding of key lifetimes.
+ *
+ * The lifetime of a key indicates where it is stored and what system actions
+ * may create and destroy it.
+ *
+ * Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are automatically
+ * destroyed when the application terminates or on a power reset.
+ *
+ * Keys with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE are said
+ * to be _persistent_.
+ * Persistent keys are preserved if the application or the system restarts.
+ * Persistent keys have a key identifier of type #psa_key_id_t.
+ * The application can call psa_open_key() to open a persistent key that
+ * it created previously.
*/
typedef uint32_t psa_key_lifetime_t;
/** Encoding of identifiers of persistent keys.
+ *
+ * - Applications may freely choose key identifiers in the range
+ * #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
+ * - Implementations may define additional key identifiers in the range
+ * #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
+ * - 0 is reserved as an invalid key identifier.
+ * - Key identifiers outside these ranges are reserved for future use.
*/
/* Implementation-specific quirk: The Mbed Crypto library can be built as
* part of a multi-client service that exposes the PSA Crypto API in each
@@ -97,6 +120,7 @@
* psa_key_id_t in crypto_platform.h instead of here. */
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
typedef uint32_t psa_key_id_t;
+#define PSA_KEY_ID_INIT 0
#endif
/**@}*/
@@ -110,4 +134,137 @@
/**@}*/
+/** \defgroup attributes Key attributes
+ * @{
+ */
+
+/** The type of a structure containing key attributes.
+ *
+ * This is an opaque structure that can represent the metadata of a key
+ * object. Metadata that can be stored in attributes includes:
+ * - The location of the key in storage, indicated by its key identifier
+ * and its lifetime.
+ * - The key's policy, comprising usage flags and a specification of
+ * the permitted algorithm(s).
+ * - Information about the key itself: the key type and its size.
+ * - Implementations may define additional attributes.
+ *
+ * The actual key material is not considered an attribute of a key.
+ * Key attributes do not contain information that is generally considered
+ * highly confidential.
+ *
+ * An attribute structure can be a simple data structure where each function
+ * `psa_set_key_xxx` sets a field and the corresponding function
+ * `psa_get_key_xxx` retrieves the value of the corresponding field.
+ * However, implementations may report values that are equivalent to the
+ * original one, but have a different encoding. For example, an
+ * implementation may use a more compact representation for types where
+ * many bit-patterns are invalid or not supported, and store all values
+ * that it does not support as a special marker value. In such an
+ * implementation, after setting an invalid value, the corresponding
+ * get function returns an invalid value which may not be the one that
+ * was originally stored.
+ *
+ * An attribute structure may contain references to auxiliary resources,
+ * for example pointers to allocated memory or indirect references to
+ * pre-calculated values. In order to free such resources, the application
+ * must call psa_reset_key_attributes(). As an exception, calling
+ * psa_reset_key_attributes() on an attribute structure is optional if
+ * the structure has only been modified by the following functions
+ * since it was initialized or last reset with psa_reset_key_attributes():
+ * - psa_set_key_id()
+ * - psa_set_key_lifetime()
+ * - psa_set_key_type()
+ * - psa_set_key_bits()
+ * - psa_set_key_usage_flags()
+ * - psa_set_key_algorithm()
+ *
+ * Before calling any function on a key attribute structure, the application
+ * must initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_key_attributes_t attributes;
+ * memset(&attributes, 0, sizeof(attributes));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_key_attributes_t attributes = {0};
+ * \endcode
+ * - Initialize the structure to the initializer #PSA_KEY_ATTRIBUTES_INIT,
+ * for example:
+ * \code
+ * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ * \endcode
+ * - Assign the result of the function psa_key_attributes_init()
+ * to the structure, for example:
+ * \code
+ * psa_key_attributes_t attributes;
+ * attributes = psa_key_attributes_init();
+ * \endcode
+ *
+ * A freshly initialized attribute structure contains the following
+ * values:
+ *
+ * - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
+ * - key identifier: unspecified.
+ * - type: \c 0.
+ * - key size: \c 0.
+ * - usage flags: \c 0.
+ * - algorithm: \c 0.
+ *
+ * A typical sequence to create a key is as follows:
+ * -# Create and initialize an attribute structure.
+ * -# If the key is persistent, call psa_set_key_id().
+ * Also call psa_set_key_lifetime() to place the key in a non-default
+ * location.
+ * -# Set the key policy with psa_set_key_usage_flags() and
+ * psa_set_key_algorithm().
+ * -# Set the key type with psa_set_key_type().
+ * Skip this step if copying an existing key with psa_copy_key().
+ * -# When generating a random key with psa_generate_key() or deriving a key
+ * with psa_key_derivation_output_key(), set the desired key size with
+ * psa_set_key_bits().
+ * -# Call a key creation function: psa_import_key(), psa_generate_key(),
+ * psa_key_derivation_output_key() or psa_copy_key(). This function reads
+ * the attribute structure, creates a key with these attributes, and
+ * outputs a handle to the newly created key.
+ * -# The attribute structure is now no longer necessary.
+ * You may call psa_reset_key_attributes(), although this is optional
+ * with the workflow presented here because the attributes currently
+ * defined in this specification do not require any additional resources
+ * beyond the structure itself.
+ *
+ * A typical sequence to query a key's attributes is as follows:
+ * -# Call psa_get_key_attributes().
+ * -# Call `psa_get_key_xxx` functions to retrieve the attribute(s) that
+ * you are interested in.
+ * -# Call psa_reset_key_attributes() to free any resources that may be
+ * used by the attribute structure.
+ *
+ * Once a key has been created, it is impossible to change its attributes.
+ */
+typedef struct psa_key_attributes_s psa_key_attributes_t;
+
+
+#ifndef __DOXYGEN_ONLY__
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+/* Mbed Crypto defines this type in crypto_types.h because it is also
+ * visible to applications through an implementation-specific extension.
+ * For the PSA Cryptography specification, this type is only visible
+ * via crypto_se_driver.h. */
+typedef uint64_t psa_key_slot_number_t;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+#endif /* !__DOXYGEN_ONLY__ */
+
+/**@}*/
+
+/** \defgroup derivation Key derivation
+ * @{
+ */
+
+/** \brief Encoding of the step of a key derivation. */
+typedef uint16_t psa_key_derivation_step_t;
+
+/**@}*/
+
#endif /* PSA_CRYPTO_TYPES_H */
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index d42d8c2..b53e1c7 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -105,9 +105,13 @@
* descriptions for permitted sequencing of functions.
*
* Implementations shall not return this error code to indicate
- * that a key slot is occupied when it needs to be free or vice versa,
- * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
- * as applicable. */
+ * that a key either exists or not,
+ * but shall instead return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
+ * as applicable.
+ *
+ * Implementations shall not return this error code to indicate that a
+ * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
+ * instead. */
#define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
/** The parameters passed to the function are invalid.
@@ -115,12 +119,7 @@
* Implementations may return this error any time a parameter or
* combination of parameters are recognized as invalid.
*
- * Implementations shall not return this error code to indicate
- * that a key slot is occupied when it needs to be free or vice versa,
- * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
- * as applicable.
- *
- * Implementation shall not return this error code to indicate that a
+ * Implementations shall not return this error code to indicate that a
* key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
* instead.
*/
@@ -162,7 +161,7 @@
*
* This error indicates that some persistent storage is corrupted.
* It should not be used for a corruption of volatile memory
- * (use #PSA_ERROR_TAMPERING_DETECTED), for a communication error
+ * (use #PSA_ERROR_CORRUPTION_DETECTED), for a communication error
* between the cryptoprocessor and its external storage (use
* #PSA_ERROR_COMMUNICATION_FAILURE), or when the storage is
* in a valid state but is full (use #PSA_ERROR_INSUFFICIENT_STORAGE).
@@ -175,7 +174,7 @@
* the global integrity of the keystore. Depending on the global
* integrity guarantees offered by the implementation, access to other
* data may or may not fail even if the data is still readable but
- * its integrity canont be guaranteed.
+ * its integrity cannot be guaranteed.
*
* Implementations should only use this error code to report a
* permanent storage corruption. However application writers should
@@ -218,7 +217,7 @@
* This error indicates an attack against the application. Implementations
* shall not return this error code as a consequence of the behavior of
* the application itself. */
-#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)-151)
+#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151)
/** There is not enough entropy to generate random data needed
* for the requested action.
@@ -269,7 +268,7 @@
* to read from a resource. */
#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
-/** The key handle is not valid.
+/** The key handle is not valid. See also :ref:\`key-handles\`.
*/
#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
@@ -324,7 +323,7 @@
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
/** Whether a key type is a key pair containing a private part and a public
* part. */
-#define PSA_KEY_TYPE_IS_KEYPAIR(type) \
+#define PSA_KEY_TYPE_IS_KEY_PAIR(type) \
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)
/** The key pair type corresponding to a public key type.
*
@@ -336,7 +335,7 @@
* If \p type is not a public key or a key pair,
* the return value is undefined.
*/
-#define PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY(type) \
+#define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type) \
((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
/** The public key type corresponding to a key pair type.
*
@@ -348,7 +347,7 @@
* If \p type is not a public key or a key pair,
* the return value is undefined.
*/
-#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) \
+#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) \
((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
/** Raw data.
@@ -374,7 +373,7 @@
*/
#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x52000000)
-/** Key for an cipher, AEAD or MAC algorithm based on the AES block cipher.
+/** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
*
* The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
* 32 bytes (AES-256).
@@ -392,7 +391,7 @@
*/
#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x40000002)
-/** Key for an cipher, AEAD or MAC algorithm based on the
+/** Key for a cipher, AEAD or MAC algorithm based on the
* Camellia block cipher. */
#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x40000003)
@@ -402,40 +401,41 @@
* legacy protocols. */
#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x40000004)
+/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
+ *
+ * ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.
+ *
+ * Implementations must support 12-byte nonces, may support 8-byte nonces,
+ * and should reject other sizes.
+ */
+#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x40000005)
+
/** RSA public key. */
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x60010000)
/** RSA key pair (private and public key). */
-#define PSA_KEY_TYPE_RSA_KEYPAIR ((psa_key_type_t)0x70010000)
+#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x70010000)
/** Whether a key type is an RSA key (pair or public-only). */
#define PSA_KEY_TYPE_IS_RSA(type) \
- (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
-
-/** DSA public key. */
-#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000)
-/** DSA key pair (private and public key). */
-#define PSA_KEY_TYPE_DSA_KEYPAIR ((psa_key_type_t)0x70020000)
-/** Whether a key type is an DSA key (pair or public-only). */
-#define PSA_KEY_TYPE_IS_DSA(type) \
- (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
+ (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x60030000)
-#define PSA_KEY_TYPE_ECC_KEYPAIR_BASE ((psa_key_type_t)0x70030000)
+#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x70030000)
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x0000ffff)
/** Elliptic curve key pair. */
-#define PSA_KEY_TYPE_ECC_KEYPAIR(curve) \
- (PSA_KEY_TYPE_ECC_KEYPAIR_BASE | (curve))
+#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \
+ (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
/** Elliptic curve public key. */
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
(PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
/** Whether a key type is an elliptic curve key (pair or public-only). */
#define PSA_KEY_TYPE_IS_ECC(type) \
- ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) & \
+ ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
/** Whether a key type is an elliptic curve key pair. */
-#define PSA_KEY_TYPE_IS_ECC_KEYPAIR(type) \
+#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) \
(((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
- PSA_KEY_TYPE_ECC_KEYPAIR_BASE)
+ PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)
/** Whether a key type is an elliptic curve public key. */
#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \
(((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
@@ -480,9 +480,61 @@
#define PSA_ECC_CURVE_BRAINPOOL_P256R1 ((psa_ecc_curve_t) 0x001a)
#define PSA_ECC_CURVE_BRAINPOOL_P384R1 ((psa_ecc_curve_t) 0x001b)
#define PSA_ECC_CURVE_BRAINPOOL_P512R1 ((psa_ecc_curve_t) 0x001c)
+/** Curve25519.
+ *
+ * This is the curve defined in Bernstein et al.,
+ * _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006.
+ * The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve.
+ */
#define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d)
+/** Curve448
+ *
+ * This is the curve defined in Hamburg,
+ * _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
+ * The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
+ */
#define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e)
+#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x60040000)
+#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x70040000)
+#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x0000ffff)
+/** Diffie-Hellman key pair. */
+#define PSA_KEY_TYPE_DH_KEY_PAIR(group) \
+ (PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group))
+/** Diffie-Hellman public key. */
+#define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \
+ (PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))
+
+/** Whether a key type is a Diffie-Hellman key (pair or public-only). */
+#define PSA_KEY_TYPE_IS_DH(type) \
+ ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
+ ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
+/** Whether a key type is a Diffie-Hellman key pair. */
+#define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type) \
+ (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
+ PSA_KEY_TYPE_DH_KEY_PAIR_BASE)
+/** Whether a key type is a Diffie-Hellman public key. */
+#define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) \
+ (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
+ PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
+
+/** Extract the group from a Diffie-Hellman key type. */
+#define PSA_KEY_TYPE_GET_GROUP(type) \
+ ((psa_dh_group_t) (PSA_KEY_TYPE_IS_DH(type) ? \
+ ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
+ 0))
+
+/* The encoding of group identifiers is currently aligned with the
+ * TLS Supported Groups Registry (formerly known as the
+ * TLS EC Named Curve Registry)
+ * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ * The values are defined by RFC 7919. */
+#define PSA_DH_GROUP_FFDHE2048 ((psa_dh_group_t) 0x0100)
+#define PSA_DH_GROUP_FFDHE3072 ((psa_dh_group_t) 0x0101)
+#define PSA_DH_GROUP_FFDHE4096 ((psa_dh_group_t) 0x0102)
+#define PSA_DH_GROUP_FFDHE6144 ((psa_dh_group_t) 0x0103)
+#define PSA_DH_GROUP_FFDHE8192 ((psa_dh_group_t) 0x0104)
+
/** The block size of a block cipher.
*
* \param type A cipher key type (value of type #psa_key_type_t).
@@ -517,9 +569,8 @@
#define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x06000000)
#define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x10000000)
#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x12000000)
-#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x22000000)
-#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x30000000)
-#define PSA_ALG_CATEGORY_KEY_SELECTION ((psa_algorithm_t)0x31000000)
+#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x20000000)
+#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x30000000)
#define PSA_ALG_IS_VENDOR_DEFINED(alg) \
(((alg) & PSA_ALG_VENDOR_FLAG) != 0)
@@ -591,7 +642,6 @@
#define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg) \
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)
-#define PSA_ALG_KEY_SELECTION_FLAG ((psa_algorithm_t)0x01000000)
/** Whether the specified algorithm is a key agreement algorithm.
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
@@ -601,8 +651,7 @@
* algorithm identifier.
*/
#define PSA_ALG_IS_KEY_AGREEMENT(alg) \
- (((alg) & PSA_ALG_CATEGORY_MASK & ~PSA_ALG_KEY_SELECTION_FLAG) == \
- PSA_ALG_CATEGORY_KEY_AGREEMENT)
+ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)
/** Whether the specified algorithm is a key derivation algorithm.
*
@@ -615,17 +664,6 @@
#define PSA_ALG_IS_KEY_DERIVATION(alg) \
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
-/** Whether the specified algorithm is a key selection algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is a key selection algorithm, 0 otherwise.
- * This macro may return either 0 or 1 if \p alg is not a supported
- * algorithm identifier.
- */
-#define PSA_ALG_IS_KEY_SELECTION(alg) \
- (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_SELECTION)
-
#define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
#define PSA_ALG_MD2 ((psa_algorithm_t)0x01000001)
@@ -663,15 +701,12 @@
*
* That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros:
* - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS,
- * - #PSA_ALG_DSA, #PSA_ALG_DETERMINISTIC_DSA,
* - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA.
* Then you may create and use a key as follows:
* - Set the key usage field using #PSA_ALG_ANY_HASH, for example:
* ```
- * psa_key_policy_set_usage(&policy,
- * PSA_KEY_USAGE_SIGN, //or PSA_KEY_USAGE_VERIFY
- * PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));
- * psa_set_key_policy(handle, &policy);
+ * psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN); // or VERIFY
+ * psa_set_key_algorithm(&attributes, PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));
* ```
* - Import or generate key material.
* - Call psa_asymmetric_sign() or psa_asymmetric_verify(), passing
@@ -685,7 +720,7 @@
*
* This value may not be used to build other algorithms that are
* parametrized over a hash. For any valid use of this macro to build
- * an algorithm `\p alg`, #PSA_ALG_IS_HASH_AND_SIGN(\p alg) is true.
+ * an algorithm \c alg, #PSA_ALG_IS_HASH_AND_SIGN(\c alg) is true.
*
* This value may not be used to build an algorithm specification to
* perform an operation. It is only valid to build policies.
@@ -702,7 +737,7 @@
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
*
* \return The corresponding HMAC algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_HMAC(hash_alg) \
@@ -802,9 +837,14 @@
(((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x02c00000)
+/** The CBC-MAC construction over a block cipher
+ *
+ * \warning CBC-MAC is insecure in many cases.
+ * A more secure mode, such as #PSA_ALG_CMAC, is recommended.
+ */
#define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x02c00001)
+/** The CMAC construction over a block cipher */
#define PSA_ALG_CMAC ((psa_algorithm_t)0x02c00002)
-#define PSA_ALG_GMAC ((psa_algorithm_t)0x02c00003)
/** Whether the specified algorithm is a MAC algorithm based on a block cipher.
*
@@ -841,6 +881,18 @@
*/
#define PSA_ALG_ARC4 ((psa_algorithm_t)0x04800001)
+/** The ChaCha20 stream cipher.
+ *
+ * ChaCha20 is defined in RFC 7539.
+ *
+ * The nonce size for psa_cipher_set_iv() or psa_cipher_generate_iv()
+ * must be 12.
+ *
+ * The initial block counter is always 0.
+ *
+ */
+#define PSA_ALG_CHACHA20 ((psa_algorithm_t)0x04800005)
+
/** The CTR stream cipher mode.
*
* CTR is a stream cipher which is built from a block cipher.
@@ -850,8 +902,16 @@
*/
#define PSA_ALG_CTR ((psa_algorithm_t)0x04c00001)
+/** The CFB stream cipher mode.
+ *
+ * The underlying block cipher is determined by the key type.
+ */
#define PSA_ALG_CFB ((psa_algorithm_t)0x04c00002)
+/** The OFB stream cipher mode.
+ *
+ * The underlying block cipher is determined by the key type.
+ */
#define PSA_ALG_OFB ((psa_algorithm_t)0x04c00003)
/** The XTS cipher mode.
@@ -879,8 +939,43 @@
*/
#define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t)0x04600101)
-#define PSA_ALG_CCM ((psa_algorithm_t)0x06001001)
-#define PSA_ALG_GCM ((psa_algorithm_t)0x06001002)
+#define PSA_ALG_AEAD_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000)
+
+/** Whether the specified algorithm is an AEAD mode on a block cipher.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is an AEAD algorithm which is an AEAD mode based on
+ * a block cipher, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) \
+ (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) == \
+ (PSA_ALG_CATEGORY_AEAD | PSA_ALG_AEAD_FROM_BLOCK_FLAG))
+
+/** The CCM authenticated encryption algorithm.
+ *
+ * The underlying block cipher is determined by the key type.
+ */
+#define PSA_ALG_CCM ((psa_algorithm_t)0x06401001)
+
+/** The GCM authenticated encryption algorithm.
+ *
+ * The underlying block cipher is determined by the key type.
+ */
+#define PSA_ALG_GCM ((psa_algorithm_t)0x06401002)
+
+/** The Chacha20-Poly1305 AEAD algorithm.
+ *
+ * The ChaCha20_Poly1305 construction is defined in RFC 7539.
+ *
+ * Implementations must support 12-byte nonces, may support 8-byte nonces,
+ * and should reject other sizes.
+ *
+ * Implementations must support 16-byte tags and should reject other sizes.
+ */
+#define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t)0x06001005)
/* In the encoding of a AEAD algorithm, the bits corresponding to
* PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
@@ -920,14 +1015,15 @@
* \return The corresponding AEAD algorithm with the default
* tag length for that algorithm.
*/
-#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg) \
- ( \
- PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CCM) \
- PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_GCM) \
+#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg) \
+ ( \
+ PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, PSA_ALG_CCM) \
+ PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, PSA_ALG_GCM) \
+ PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
0)
-#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, ref) \
- PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) == \
- PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ? \
+#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, ref) \
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) == \
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ? \
ref :
#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x10020000)
@@ -943,7 +1039,7 @@
* when specifying the algorithm in a usage policy.
*
* \return The corresponding RSA PKCS#1 v1.5 signature algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \
@@ -974,7 +1070,7 @@
* when specifying the algorithm in a usage policy.
*
* \return The corresponding RSA PSS signature algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_RSA_PSS(hash_alg) \
@@ -982,37 +1078,6 @@
#define PSA_ALG_IS_RSA_PSS(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
-#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x10040000)
-/** DSA signature with hashing.
- *
- * This is the signature scheme defined by FIPS 186-4,
- * with a random per-message secret number (*k*).
- *
- * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_HASH(\p hash_alg) is true).
- * This includes #PSA_ALG_ANY_HASH
- * when specifying the algorithm in a usage policy.
- *
- * \return The corresponding DSA signature algorithm.
- * \return Unspecified if \p alg is not a supported
- * hash algorithm.
- */
-#define PSA_ALG_DSA(hash_alg) \
- (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x10050000)
-#define PSA_ALG_DSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00010000)
-#define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
- (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_IS_DSA(alg) \
- (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
- PSA_ALG_DSA_BASE)
-#define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
- (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
-#define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
- (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
-#define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
- (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
-
#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x10060000)
/** ECDSA signature with hashing.
*
@@ -1031,7 +1096,7 @@
* when specifying the algorithm in a usage policy.
*
* \return The corresponding ECDSA signature algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_ECDSA(hash_alg) \
@@ -1066,7 +1131,7 @@
*
* \return The corresponding deterministic ECDSA signature
* algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \
@@ -1096,7 +1161,7 @@
*/
#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
- PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg))
+ PSA_ALG_IS_ECDSA(alg))
/** Get the hash used by a hash-and-sign signature algorithm.
*
@@ -1138,7 +1203,7 @@
* for MGF1.
*
* \return The corresponding RSA OAEP signature algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_RSA_OAEP(hash_alg) \
@@ -1150,16 +1215,25 @@
((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
0)
-#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x30000100)
+#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x20000100)
/** Macro to build an HKDF algorithm.
*
* For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256.
*
+ * This key derivation algorithm uses the following inputs:
+ * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt used in the "extract" step.
+ * It is optional; if omitted, the derivation uses an empty salt.
+ * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key used in the "extract" step.
+ * - #PSA_KEY_DERIVATION_INPUT_INFO is the info string used in the "expand" step.
+ * You must pass #PSA_KEY_DERIVATION_INPUT_SALT before #PSA_KEY_DERIVATION_INPUT_SECRET.
+ * You may pass #PSA_KEY_DERIVATION_INPUT_INFO at any time after steup and before
+ * starting to generate output.
+ *
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
*
* \return The corresponding HKDF algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_HKDF(hash_alg) \
@@ -1180,18 +1254,22 @@
#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x30000200)
+#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x20000200)
/** Macro to build a TLS-1.2 PRF algorithm.
*
* TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule,
* specified in Section 5 of RFC 5246. It is based on HMAC and can be
* used with either SHA-256 or SHA-384.
*
- * For the application to TLS-1.2, the salt and label arguments passed
- * to psa_key_derivation() are what's called 'seed' and 'label' in RFC 5246,
- * respectively. For example, for TLS key expansion, the salt is the
+ * This key derivation algorithm uses the following inputs, which must be
+ * passed in the order given here:
+ * - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
+ * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
+ * - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
+ *
+ * For the application to TLS-1.2 key expansion, the seed is the
* concatenation of ServerHello.Random + ClientHello.Random,
- * while the label is "key expansion".
+ * and the label is "key expansion".
*
* For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the
* TLS 1.2 PRF using HMAC-SHA-256.
@@ -1200,7 +1278,7 @@
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
*
* \return The corresponding TLS-1.2 PRF algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_TLS12_PRF(hash_alg) \
@@ -1219,7 +1297,7 @@
#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x30000300)
+#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x20000300)
/** Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
*
* In a pure-PSK handshake in TLS 1.2, the master secret is derived
@@ -1228,10 +1306,16 @@
* The latter is based on HMAC and can be used with either SHA-256
* or SHA-384.
*
- * For the application to TLS-1.2, the salt passed to psa_key_derivation()
- * (and forwarded to the TLS-1.2 PRF) is the concatenation of the
- * ClientHello.Random + ServerHello.Random, while the label is "master secret"
- * or "extended master secret".
+ * This key derivation algorithm uses the following inputs, which must be
+ * passed in the order given here:
+ * - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
+ * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
+ * - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
+ *
+ * For the application to TLS-1.2, the seed (which is
+ * forwarded to the TLS-1.2 PRF) is the concatenation of the
+ * ClientHello.Random + ServerHello.Random,
+ * and the label is "master secret" or "extended master secret".
*
* For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
* TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
@@ -1240,7 +1324,7 @@
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
*
* \return The corresponding TLS-1.2 PSK to MS algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_TLS12_PSK_TO_MS(hash_alg) \
@@ -1259,55 +1343,67 @@
#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x010fffff)
+#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x0803ffff)
+#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0x10fc0000)
-/** Use a shared secret as is.
+/** Macro to build a combined algorithm that chains a key agreement with
+ * a key derivation.
*
- * Specify this algorithm as the selection component of a key agreement
- * to use the raw result of the key agreement as key material.
+ * \param ka_alg A key agreement algorithm (\c PSA_ALG_XXX value such
+ * that #PSA_ALG_IS_KEY_AGREEMENT(\p ka_alg) is true).
+ * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
+ * that #PSA_ALG_IS_KEY_DERIVATION(\p kdf_alg) is true).
*
- * \warning The raw result of a key agreement algorithm such as finite-field
- * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
- * not be used directly as key material. It can however be used as the secret
- * input in a key derivation algorithm.
+ * \return The corresponding key agreement and derivation
+ * algorithm.
+ * \return Unspecified if \p ka_alg is not a supported
+ * key agreement algorithm or \p kdf_alg is not a
+ * supported key derivation algorithm.
*/
-#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001)
+#define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) \
+ ((ka_alg) | (kdf_alg))
#define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \
(((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)
-#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
- ((alg) & ~PSA_ALG_KEY_DERIVATION_MASK)
+#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
+ (((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)
-#define PSA_ALG_FFDH_BASE ((psa_algorithm_t)0x22100000)
-/** The Diffie-Hellman key agreement algorithm.
+/** Whether the specified algorithm is a raw key agreement algorithm.
*
- * This algorithm combines the finite-field Diffie-Hellman (DH) key
- * agreement, also known as Diffie-Hellman-Merkle (DHM) key agreement,
- * to produce a shared secret from a private key and the peer's
- * public key, with a key selection or key derivation algorithm to produce
- * one or more shared keys and other shared cryptographic material.
+ * A raw key agreement algorithm is one that does not specify
+ * a key derivation function.
+ * Usually, raw key agreement algorithms are constructed directly with
+ * a \c PSA_ALG_xxx macro while non-raw key agreement algorithms are
+ * constructed with PSA_ALG_KEY_AGREEMENT().
*
- * The shared secret produced by key agreement and passed as input to the
- * derivation or selection algorithm \p kdf_alg is the shared secret
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a raw key agreement algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \
+ (PSA_ALG_IS_KEY_AGREEMENT(alg) && \
+ PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)
+
+#define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \
+ ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))
+
+/** The finite-field Diffie-Hellman (DH) key agreement algorithm.
+ *
+ * The shared secret produced by key agreement is
* `g^{ab}` in big-endian format.
* It is `ceiling(m / 8)` bytes long where `m` is the size of the prime `p`
* in bits.
- *
- * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
- * that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true)
- * or a key selection algorithm (\c PSA_ALG_XXX value such
- * that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true).
- *
- * \return The Diffie-Hellman algorithm with the specified
- * selection or derivation algorithm.
*/
-#define PSA_ALG_FFDH(kdf_alg) \
- (PSA_ALG_FFDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK))
+#define PSA_ALG_FFDH ((psa_algorithm_t)0x30100000)
+
/** Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
*
- * This includes every supported key selection or key agreement algorithm
- * for the output of the Diffie-Hellman calculation.
+ * This includes the raw finite field Diffie-Hellman algorithm as well as
+ * finite-field Diffie-Hellman followed by any supporter key derivation
+ * algorithm.
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
*
@@ -1316,18 +1412,11 @@
* key agreement algorithm identifier.
*/
#define PSA_ALG_IS_FFDH(alg) \
- (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH_BASE)
+ (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)
-#define PSA_ALG_ECDH_BASE ((psa_algorithm_t)0x22200000)
/** The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.
*
- * This algorithm combines the elliptic curve Diffie-Hellman key
- * agreement to produce a shared secret from a private key and the peer's
- * public key, with a key selection or key derivation algorithm to produce
- * one or more shared keys and other shared cryptographic material.
- *
- * The shared secret produced by key agreement and passed as input to the
- * derivation or selection algorithm \p kdf_alg is the x-coordinate of
+ * The shared secret produced by key agreement is the x-coordinate of
* the shared secret point. It is always `ceiling(m / 8)` bytes long where
* `m` is the bit size associated with the curve, i.e. the bit size of the
* order of the curve's coordinate field. When `m` is not a multiple of 8,
@@ -1349,22 +1438,15 @@
* the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A`
* in big-endian byte order.
* The bit size is `m` for the field `F_{2^m}`.
- *
- * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
- * that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true)
- * or a selection algorithm (\c PSA_ALG_XXX value such
- * that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true).
- *
- * \return The Diffie-Hellman algorithm with the specified
- * selection or derivation algorithm.
*/
-#define PSA_ALG_ECDH(kdf_alg) \
- (PSA_ALG_ECDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK))
+#define PSA_ALG_ECDH ((psa_algorithm_t)0x30200000)
+
/** Whether the specified algorithm is an elliptic curve Diffie-Hellman
* algorithm.
*
- * This includes every supported key selection or key agreement algorithm
- * for the output of the Diffie-Hellman calculation.
+ * This includes the raw elliptic curve Diffie-Hellman algorithm as well as
+ * elliptic curve Diffie-Hellman followed by any supporter key derivation
+ * algorithm.
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
*
@@ -1374,7 +1456,7 @@
* key agreement algorithm identifier.
*/
#define PSA_ALG_IS_ECDH(alg) \
- (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH_BASE)
+ (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)
/** Whether the specified algorithm encoding is a wildcard.
*
@@ -1419,6 +1501,19 @@
*/
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
+/** The minimum value for a key identifier chosen by the application.
+ */
+#define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001)
+/** The maximum value for a key identifier chosen by the application.
+ */
+#define PSA_KEY_ID_USER_MAX ((psa_app_key_id_t)0x3fffffff)
+/** The minimum value for a key identifier chosen by the implementation.
+ */
+#define PSA_KEY_ID_VENDOR_MIN ((psa_app_key_id_t)0x40000000)
+/** The maximum value for a key identifier chosen by the implementation.
+ */
+#define PSA_KEY_ID_VENDOR_MAX ((psa_app_key_id_t)0x7fffffff)
+
/**@}*/
/** \defgroup policy Key policies
@@ -1438,6 +1533,22 @@
*/
#define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t)0x00000001)
+/** Whether the key may be copied.
+ *
+ * This flag allows the use of psa_copy_key() to make a copy of the key
+ * with the same policy or a more restrictive policy.
+ *
+ * For lifetimes for which the key is located in a secure element which
+ * enforce the non-exportability of keys, copying a key outside the secure
+ * element also requires the usage flag #PSA_KEY_USAGE_EXPORT.
+ * Copying the key inside the secure element is permitted with just
+ * #PSA_KEY_USAGE_COPY if the secure element supports it.
+ * For keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE or
+ * #PSA_KEY_LIFETIME_PERSISTENT, the usage flag #PSA_KEY_USAGE_COPY
+ * is sufficient to permit the copy.
+ */
+#define PSA_KEY_USAGE_COPY ((psa_key_usage_t)0x00000002)
+
/** Whether the key may be used to encrypt a message.
*
* This flag allows the key to be used for a symmetric encryption operation,
@@ -1486,4 +1597,40 @@
/**@}*/
+/** \defgroup derivation Key derivation
+ * @{
+ */
+
+/** A secret input for key derivation.
+ *
+ * This must be a key of type #PSA_KEY_TYPE_DERIVE.
+ */
+#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101)
+
+/** A label for key derivation.
+ *
+ * This must be a direct input.
+ */
+#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201)
+
+/** A salt for key derivation.
+ *
+ * This must be a direct input.
+ */
+#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202)
+
+/** An information string for key derivation.
+ *
+ * This must be a direct input.
+ */
+#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203)
+
+/** A seed for key derivation.
+ *
+ * This must be a direct input.
+ */
+#define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t)0x0204)
+
+/**@}*/
+
#endif /* PSA_CRYPTO_VALUES_H */
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 61bc13d..f4bb472 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,6 +1,14 @@
option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
+option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
+
+# Set the project root directory if it's not already defined, as may happen if
+# the library folder is included directly by a parent project, without
+# including the top level CMakeLists.txt.
+if(NOT DEFINED MBEDTLS_DIR)
+ set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
+endif()
set(src_crypto
aes.c
@@ -53,6 +61,7 @@
platform_util.c
poly1305.c
psa_crypto.c
+ psa_crypto_se.c
psa_crypto_slot_management.c
psa_crypto_storage.c
psa_its_file.c
@@ -72,9 +81,9 @@
if(USE_CRYPTO_SUBMODULE)
set(src_crypto
${src_crypto}
- ${CMAKE_SOURCE_DIR}/library/version.c
- ${CMAKE_SOURCE_DIR}/library/version_features.c
- ${CMAKE_SOURCE_DIR}/library/error.c
+ ${MBEDTLS_DIR}/library/version.c
+ ${MBEDTLS_DIR}/library/version_features.c
+ ${MBEDTLS_DIR}/library/error.c
)
else()
set(src_crypto
@@ -85,6 +94,8 @@
)
endif()
+list(APPEND src_crypto ${thirdparty_src})
+
if(CMAKE_COMPILER_IS_GNUCC)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
endif(CMAKE_COMPILER_IS_GNUCC)
@@ -118,6 +129,10 @@
set(libs ${libs} pthread)
endif()
+if(LINK_WITH_TRUSTED_STORAGE)
+ set(libs ${libs} trusted_storage)
+endif()
+
if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
message(FATAL_ERROR "Need to choose static or shared mbedtls build!")
endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
@@ -133,8 +148,8 @@
set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
target_link_libraries(${mbedcrypto_static_target} ${libs})
target_include_directories(${mbedcrypto_static_target}
- PUBLIC ${CMAKE_SOURCE_DIR}/include/
- PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
+ PUBLIC ${MBEDTLS_DIR}/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/include/)
install(TARGETS ${mbedcrypto_static_target}
DESTINATION ${LIB_INSTALL_DIR}
@@ -146,8 +161,8 @@
set_target_properties(mbedcrypto PROPERTIES VERSION 2.17.0 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs})
target_include_directories(mbedcrypto
- PUBLIC ${CMAKE_SOURCE_DIR}/include/
- PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
+ PUBLIC ${MBEDTLS_DIR}/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/include/)
install(TARGETS mbedcrypto
DESTINATION ${LIB_INSTALL_DIR}
diff --git a/library/Makefile b/library/Makefile
index 921b68e..8e27694 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -2,7 +2,7 @@
# Also see "include/mbedtls/config.h"
CFLAGS ?= -O2
-WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
+WARNING_CFLAGS ?= -Wall -Wextra
LDFLAGS ?=
CRYPTO_INCLUDES ?= -I../include
@@ -80,7 +80,7 @@
pk.o pk_wrap.o pkcs12.o \
pkcs5.o pkparse.o pkwrite.o \
platform.o platform_util.o poly1305.o \
- psa_crypto.o \
+ psa_crypto.o psa_crypto_se.o \
psa_crypto_slot_management.o \
psa_crypto_storage.o \
psa_its_file.o \
@@ -101,6 +101,10 @@
OBJS_CRYPTO += version_features.o
endif
+include ../3rdparty/Makefile.inc
+LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
+OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
+
.SILENT:
.PHONY: all static shared clean
@@ -148,8 +152,9 @@
clean:
ifndef WINDOWS
- rm -f *.o libmbed*
+ rm -f *.o libmbed* $(OBJS_CRYPTO)
else
if exist *.o del /Q /F *.o
if exist libmbed* del /Q /F libmbed*
+ if exist $(OBJS_CRYPTO) del /Q /F $(OBJS_CRYPTO)
endif
diff --git a/library/bignum.c b/library/bignum.c
index 98ee12a..5f5df78 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2139,13 +2139,13 @@
{
int ret;
size_t lz, lzt;
- mbedtls_mpi TG, TA, TB;
+ mbedtls_mpi TA, TB;
MPI_VALIDATE_RET( G != NULL );
MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL );
- mbedtls_mpi_init( &TG ); mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
+ mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
@@ -2183,7 +2183,7 @@
cleanup:
- mbedtls_mpi_free( &TG ); mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB );
+ mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB );
return( ret );
}
@@ -2410,8 +2410,6 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) );
- i = mbedtls_mpi_bitlen( X );
-
for( i = 0; i < rounds; i++ )
{
/*
@@ -2428,7 +2426,8 @@
}
if (count++ > 30) {
- return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+ ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+ goto cleanup;
}
} while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 ||
diff --git a/library/cipher.c b/library/cipher.c
index ae89b93..69079aa 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -297,8 +297,7 @@
psa_status_t status;
psa_key_type_t key_type;
- psa_key_usage_t key_usage;
- psa_key_policy_t key_policy;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* PSA Crypto API only accepts byte-aligned keys. */
if( key_bitlen % 8 != 0 )
@@ -312,40 +311,33 @@
ctx->cipher_info->type );
if( key_type == 0 )
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
- /* Allocate a key slot to use. */
- status = psa_allocate_key( &cipher_psa->slot );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
-
- /* Indicate that we own the key slot and need to
- * destroy it in mbedtls_cipher_free(). */
- cipher_psa->slot_state = MBEDTLS_CIPHER_PSA_KEY_OWNED;
-
- /* From that point on, the responsibility for destroying the
- * key slot is on mbedtls_cipher_free(). This includes the case
- * where the policy setup or key import below fail, as
- * mbedtls_cipher_free() needs to be called in any case. */
-
- /* Setup policy for the new key slot. */
- key_policy = psa_key_policy_init();
+ psa_set_key_type( &attributes, key_type );
/* Mbed TLS' cipher layer doesn't enforce the mode of operation
* (encrypt vs. decrypt): it is possible to setup a key for encryption
* and use it for AEAD decryption. Until tests relying on this
* are changed, allow any usage in PSA. */
- /* key_usage = mbedtls_psa_translate_cipher_operation( operation ); */
- key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
- psa_key_policy_set_usage( &key_policy, key_usage, cipher_psa->alg );
- status = psa_set_key_policy( cipher_psa->slot, &key_policy );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+ psa_set_key_usage_flags( &attributes,
+ /* mbedtls_psa_translate_cipher_operation( operation ); */
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, cipher_psa->alg );
- /* Populate new key slot. */
- status = psa_import_key( cipher_psa->slot,
- key_type, key, key_bytelen );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+ status = psa_import_key( &attributes, key, key_bytelen,
+ &cipher_psa->slot );
+ switch( status )
+ {
+ case PSA_SUCCESS:
+ break;
+ case PSA_ERROR_INSUFFICIENT_MEMORY:
+ return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+ case PSA_ERROR_NOT_SUPPORTED:
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ default:
+ return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+ }
+ /* Indicate that we own the key slot and need to
+ * destroy it in mbedtls_cipher_free(). */
+ cipher_psa->slot_state = MBEDTLS_CIPHER_PSA_KEY_OWNED;
ctx->key_bitlen = key_bitlen;
ctx->operation = operation;
diff --git a/library/ecdh.c b/library/ecdh.c
index eecae91..914eb50 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -59,6 +59,13 @@
#endif
}
+int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid )
+{
+ /* At this time, all groups support ECDH. */
+ (void) gid;
+ return( 1 );
+}
+
#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
/*
* Generate public key (restartable version)
@@ -215,6 +222,13 @@
#else
switch( grp_id )
{
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ case MBEDTLS_ECP_DP_CURVE25519:
+ ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED;
+ ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST;
+ ctx->grp_id = grp_id;
+ return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) );
+#endif
default:
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
@@ -266,6 +280,11 @@
#else
switch( ctx->var )
{
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ case MBEDTLS_ECDH_VARIANT_EVEREST:
+ mbedtls_everest_free( &ctx->ctx.everest_ecdh );
+ break;
+#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
ecdh_free_internal( &ctx->ctx.mbed_ecdh );
break;
@@ -331,7 +350,7 @@
}
/*
- * Setup and write the ServerKeyExhange parameters (RFC 4492)
+ * Setup and write the ServerKeyExchange parameters (RFC 4492)
* struct {
* ECParameters curve_params;
* ECPoint public;
@@ -360,6 +379,11 @@
#else
switch( ctx->var )
{
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ case MBEDTLS_ECDH_VARIANT_EVEREST:
+ return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen,
+ buf, blen, f_rng, p_rng ) );
+#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
ctx->point_format, buf, blen,
@@ -409,6 +433,11 @@
#else
switch( ctx->var )
{
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ case MBEDTLS_ECDH_VARIANT_EVEREST:
+ return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh,
+ buf, end) );
+#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
buf, end ) );
@@ -473,6 +502,16 @@
#else
switch( ctx->var )
{
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ case MBEDTLS_ECDH_VARIANT_EVEREST:
+ {
+ mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ?
+ MBEDTLS_EVEREST_ECDH_OURS :
+ MBEDTLS_EVEREST_ECDH_THEIRS;
+ return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh,
+ key, s) );
+ }
+#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
key, side ) );
@@ -544,6 +583,11 @@
#else
switch( ctx->var )
{
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ case MBEDTLS_ECDH_VARIANT_EVEREST:
+ return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen,
+ buf, blen, f_rng, p_rng ) );
+#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
ctx->point_format, buf, blen,
@@ -585,6 +629,11 @@
#else
switch( ctx->var )
{
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ case MBEDTLS_ECDH_VARIANT_EVEREST:
+ return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh,
+ buf, blen ) );
+#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
buf, blen ) );
@@ -667,6 +716,11 @@
#else
switch( ctx->var )
{
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ case MBEDTLS_ECDH_VARIANT_EVEREST:
+ return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen,
+ buf, blen, f_rng, p_rng ) );
+#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
blen, f_rng, p_rng,
diff --git a/library/ecdsa.c b/library/ecdsa.c
index dc19384..5c30380 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -172,11 +172,11 @@
}
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-#define ECDSA_RS_ECP &rs_ctx->ecp
+#define ECDSA_RS_ECP ( rs_ctx == NULL ? NULL : &rs_ctx->ecp )
/* Utility macro for checking and updating ops budget */
#define ECDSA_BUDGET( ops ) \
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, &rs_ctx->ecp, ops ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, ECDSA_RS_ECP, ops ) );
/* Call this when entering a function that needs its own sub-context */
#define ECDSA_RS_ENTER( SUB ) do { \
@@ -263,7 +263,7 @@
mbedtls_mpi *pk = &k, *pr = r;
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
- if( grp->N.p == NULL )
+ if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
/* Make sure d is in range 1..n-1 */
@@ -378,6 +378,20 @@
return( ret );
}
+int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid )
+{
+ switch( gid )
+ {
+#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ case MBEDTLS_ECP_DP_CURVE25519: return 0;
+#endif
+#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
+ case MBEDTLS_ECP_DP_CURVE448: return 0;
+#endif
+ default: return 1;
+ }
+}
+
/*
* Compute ECDSA signature of a hashed message
*/
@@ -502,7 +516,7 @@
mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
- if( grp->N.p == NULL )
+ if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
ECDSA_RS_ENTER( ver );
diff --git a/library/ecp.c b/library/ecp.c
index 03f5fef..c281d84 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -366,7 +366,7 @@
/*
* List of supported curves:
* - internal ID
- * - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2)
+ * - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2, RFC 8446 sec. 4.2.7)
* - size in bits
* - readable name
*
@@ -410,6 +410,9 @@
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
{ MBEDTLS_ECP_DP_SECP192K1, 18, 192, "secp192k1" },
#endif
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ { MBEDTLS_ECP_DP_CURVE25519, 29, 256, "x25519" },
+#endif
{ MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
};
@@ -1080,6 +1083,18 @@
INC_MUL_COUNT \
} while( 0 )
+static inline int mbedtls_mpi_mul_mod( const mbedtls_ecp_group *grp,
+ mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B )
+{
+ int ret;
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( X, A, B ) );
+ MOD_MUL( *X );
+cleanup:
+ return( ret );
+}
+
/*
* Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi
* N->s < 0 is a very fast test, which fails only if N is 0
@@ -1088,6 +1103,18 @@
while( (N).s < 0 && mbedtls_mpi_cmp_int( &(N), 0 ) != 0 ) \
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &(N), &(N), &grp->P ) )
+static inline int mbedtls_mpi_sub_mod( const mbedtls_ecp_group *grp,
+ mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B )
+{
+ int ret;
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( X, A, B ) );
+ MOD_SUB( *X );
+cleanup:
+ return( ret );
+}
+
/*
* Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int.
* We known P, N and the result are positive, so sub_abs is correct, and
@@ -1097,6 +1124,29 @@
while( mbedtls_mpi_cmp_mpi( &(N), &grp->P ) >= 0 ) \
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &(N), &(N), &grp->P ) )
+static inline int mbedtls_mpi_add_mod( const mbedtls_ecp_group *grp,
+ mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B )
+{
+ int ret;
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, A, B ) );
+ MOD_ADD( *X );
+cleanup:
+ return( ret );
+}
+
+static inline int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *grp,
+ mbedtls_mpi *X,
+ size_t count )
+{
+ int ret;
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, count ) );
+ MOD_ADD( *X );
+cleanup:
+ return( ret );
+}
+
#if defined(ECP_SHORTWEIERSTRASS)
/*
* For curves in short Weierstrass form, we do all the internal operations in
@@ -1129,14 +1179,14 @@
* X = X / Z^2 mod p
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi, &pt->Z, &grp->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ZZi, &Zi, &Zi ) ); MOD_MUL( ZZi );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->X, &pt->X, &ZZi ) ); MOD_MUL( pt->X );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ZZi ) );
/*
* Y = Y / Z^3 mod p
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y, &pt->Y, &ZZi ) ); MOD_MUL( pt->Y );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y, &pt->Y, &Zi ) ); MOD_MUL( pt->Y );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ZZi ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &Zi ) );
/*
* Z = 1
@@ -1190,8 +1240,7 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &c[0], &T[0]->Z ) );
for( i = 1; i < T_size; i++ )
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &c[i], &c[i-1], &T[i]->Z ) );
- MOD_MUL( c[i] );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &c[i], &c[i-1], &T[i]->Z ) );
}
/*
@@ -1210,17 +1259,17 @@
}
else
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &Zi, &u, &c[i-1] ) ); MOD_MUL( Zi );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u, &u, &T[i]->Z ) ); MOD_MUL( u );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Zi, &u, &c[i-1] ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &u, &u, &T[i]->Z ) );
}
/*
* proceed as in normalize()
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ZZi, &Zi, &Zi ) ); MOD_MUL( ZZi );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->X, &T[i]->X, &ZZi ) ); MOD_MUL( T[i]->X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->Y, &T[i]->Y, &ZZi ) ); MOD_MUL( T[i]->Y );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->Y, &T[i]->Y, &Zi ) ); MOD_MUL( T[i]->Y );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->X, &T[i]->X, &ZZi ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &ZZi ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &Zi ) );
/*
* Post-precessing: reclaim some memory by shrinking coordinates
@@ -1306,52 +1355,52 @@
if( grp->A.p == NULL )
{
/* M = 3(X + Z^2)(X - Z^2) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->Z, &P->Z ) ); MOD_MUL( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &P->X, &S ) ); MOD_ADD( T );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U, &P->X, &S ) ); MOD_SUB( U );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &T, &U ) ); MOD_MUL( S );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &T, &P->X, &S ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &U, &P->X, &S ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &U ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M );
}
else
{
/* M = 3.X^2 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->X, &P->X ) ); MOD_MUL( S );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &P->X ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M );
/* Optimize away for "koblitz" curves with A = 0 */
if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 )
{
/* M += A.Z^4 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->Z, &P->Z ) ); MOD_MUL( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &S, &S ) ); MOD_MUL( T );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &T, &grp->A ) ); MOD_MUL( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &S ) ); MOD_ADD( M );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &S, &S ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &grp->A ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &M, &M, &S ) );
}
}
/* S = 4.X.Y^2 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &P->Y, &P->Y ) ); MOD_MUL( T );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T, 1 ) ); MOD_ADD( T );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->X, &T ) ); MOD_MUL( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &S, 1 ) ); MOD_ADD( S );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &P->Y, &P->Y ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &T ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &S, 1 ) );
/* U = 8.Y^4 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &U, &T, &T ) ); MOD_MUL( U );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &U, 1 ) ); MOD_ADD( U );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &T, &T ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) );
/* T = M^2 - 2.S */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &M, &M ) ); MOD_MUL( T );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T, &S ) ); MOD_SUB( T );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T, &S ) ); MOD_SUB( T );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &M, &M ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) );
/* S = M(S - T) - U */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S, &S, &T ) ); MOD_SUB( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &S, &M ) ); MOD_MUL( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S, &S, &U ) ); MOD_SUB( S );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &T ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &S, &M ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &U ) );
/* U = 2.Y.Z */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &U, &P->Y, &P->Z ) ); MOD_MUL( U );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &U, 1 ) ); MOD_ADD( U );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &P->Y, &P->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &T ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &S ) );
@@ -1414,12 +1463,12 @@
mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &T3 ); mbedtls_mpi_init( &T4 );
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2, &T1, &P->Z ) ); MOD_MUL( T2 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T1, &Q->X ) ); MOD_MUL( T1 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2, &T2, &Q->Y ) ); MOD_MUL( T2 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T1, &T1, &P->X ) ); MOD_SUB( T1 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T2, &T2, &P->Y ) ); MOD_SUB( T2 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &P->Z, &P->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T1, &P->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &T1, &Q->X ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T2, &Q->Y ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T1, &T1, &P->X ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T2, &T2, &P->Y ) );
/* Special cases (2) and (3) */
if( mbedtls_mpi_cmp_int( &T1, 0 ) == 0 )
@@ -1436,18 +1485,19 @@
}
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &Z, &P->Z, &T1 ) ); MOD_MUL( Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3, &T1, &T1 ) ); MOD_MUL( T3 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T4, &T3, &T1 ) ); MOD_MUL( T4 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3, &T3, &P->X ) ); MOD_MUL( T3 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T3, 2 ) ); MOD_ADD( T1 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T4 ) ); MOD_SUB( X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T3, &T3, &X ) ); MOD_SUB( T3 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3, &T3, &T2 ) ); MOD_MUL( T3 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T4, &T4, &P->Y ) ); MOD_MUL( T4 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &Y, &T3, &T4 ) ); MOD_SUB( Y );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Z, &P->Z, &T1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T1, &T1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T3, &T1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &P->X ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &T3 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T1, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &X, &T2, &T2 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T4 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T3, &T3, &X ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &T2 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T4, &P->Y ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &Y, &T3, &T4 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) );
@@ -1498,15 +1548,15 @@
while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
/* Z = l * Z */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Z, &pt->Z, &l ) ); MOD_MUL( pt->Z );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Z, &pt->Z, &l ) );
/* X = l^2 * X */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ll, &l, &l ) ); MOD_MUL( ll );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->X, &pt->X, &ll ) ); MOD_MUL( pt->X );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &l, &l ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ll ) );
/* Y = l^3 * Y */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ll, &ll, &l ) ); MOD_MUL( ll );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y, &pt->Y, &ll ) ); MOD_MUL( pt->Y );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &ll, &l ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ll ) );
cleanup:
mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll );
@@ -2004,8 +2054,10 @@
* Make sure w is within bounds.
* (The last test is useful only for very small curves in the test suite.)
*/
+#if( MBEDTLS_ECP_WINDOW_SIZE < 6 )
if( w > MBEDTLS_ECP_WINDOW_SIZE )
w = MBEDTLS_ECP_WINDOW_SIZE;
+#endif
if( w >= grp->nbits )
w = 2;
@@ -2171,7 +2223,7 @@
#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &P->Z ) ); MOD_MUL( P->X );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &P->Z ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
cleanup:
@@ -2215,8 +2267,8 @@
}
while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &l ) ); MOD_MUL( P->X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->Z, &P->Z, &l ) ); MOD_MUL( P->Z );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &l ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->Z, &P->Z, &l ) );
cleanup:
mbedtls_mpi_free( &l );
@@ -2256,24 +2308,24 @@
mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &A, &P->X, &P->Z ) ); MOD_ADD( A );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &AA, &A, &A ) ); MOD_MUL( AA );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &B, &P->X, &P->Z ) ); MOD_SUB( B );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &BB, &B, &B ) ); MOD_MUL( BB );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &E, &AA, &BB ) ); MOD_SUB( E );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &C, &Q->X, &Q->Z ) ); MOD_ADD( C );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &D, &Q->X, &Q->Z ) ); MOD_SUB( D );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DA, &D, &A ) ); MOD_MUL( DA );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &CB, &C, &B ) ); MOD_MUL( CB );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &A, &P->X, &P->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &AA, &A, &A ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &B, &P->X, &P->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &BB, &B, &B ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &E, &AA, &BB ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &C, &Q->X, &Q->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D, &Q->X, &Q->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA, &D, &A ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB, &C, &B ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &S->X, &DA, &CB ) ); MOD_MUL( S->X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->X, &S->X, &S->X ) ); MOD_MUL( S->X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S->Z, &DA, &CB ) ); MOD_SUB( S->Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->Z, &S->Z, &S->Z ) ); MOD_MUL( S->Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->Z, d, &S->Z ) ); MOD_MUL( S->Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->X, &AA, &BB ) ); MOD_MUL( R->X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->Z, &grp->A, &E ) ); MOD_MUL( R->Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &R->Z, &BB, &R->Z ) ); MOD_ADD( R->Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->Z, &E, &R->Z ) ); MOD_MUL( R->Z );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X, &S->X ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA, &CB ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z, &S->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, d, &S->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->X, &AA, &BB ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &grp->A, &E ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &R->Z, &BB, &R->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &E, &R->Z ) );
cleanup:
mbedtls_mpi_free( &A ); mbedtls_mpi_free( &AA ); mbedtls_mpi_free( &B );
@@ -2448,8 +2500,8 @@
* YY = Y^2
* RHS = X (X^2 + A) + B = X^3 + A X + B
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &YY, &pt->Y, &pt->Y ) ); MOD_MUL( YY );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &RHS, &pt->X, &pt->X ) ); MOD_MUL( RHS );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &YY, &pt->Y, &pt->Y ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &pt->X, &pt->X ) );
/* Special case for A = -3 */
if( grp->A.p == NULL )
@@ -2458,11 +2510,11 @@
}
else
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &RHS, &RHS, &grp->A ) ); MOD_ADD( RHS );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->A ) );
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &RHS, &RHS, &pt->X ) ); MOD_MUL( RHS );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &RHS, &RHS, &grp->B ) ); MOD_ADD( RHS );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &RHS, &pt->X ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->B ) );
if( mbedtls_mpi_cmp_mpi( &YY, &RHS ) != 0 )
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
diff --git a/library/havege.c b/library/havege.c
index 54f897c..ca7dd17 100644
--- a/library/havege.c
+++ b/library/havege.c
@@ -38,6 +38,7 @@
#include "mbedtls/timing.h"
#include "mbedtls/platform_util.h"
+#include <stdint.h>
#include <string.h>
/* ------------------------------------------------------------------------
@@ -54,7 +55,7 @@
* ------------------------------------------------------------------------
*/
-#define SWAP(X,Y) { int *T = (X); (X) = (Y); (Y) = T; }
+#define SWAP(X,Y) { uint32_t *T = (X); (X) = (Y); (Y) = T; }
#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
@@ -77,7 +78,7 @@
PTX = (PT1 >> 18) & 7; \
PT1 &= 0x1FFF; \
PT2 &= 0x1FFF; \
- CLK = (int) mbedtls_timing_hardclock(); \
+ CLK = (uint32_t) mbedtls_timing_hardclock(); \
\
i = 0; \
A = &WALK[PT1 ]; RES[i++] ^= *A; \
@@ -100,7 +101,7 @@
\
IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \
*A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \
- *B = IN; CLK = (int) mbedtls_timing_hardclock(); \
+ *B = IN; CLK = (uint32_t) mbedtls_timing_hardclock(); \
*C = (*C >> (7)) ^ (*C << (25)) ^ CLK; \
*D = (*D >> (8)) ^ (*D << (24)) ^ CLK; \
\
@@ -158,10 +159,11 @@
*/
static void havege_fill( mbedtls_havege_state *hs )
{
- int i, n = 0;
- int U1, U2, *A, *B, *C, *D;
- int PT1, PT2, *WALK, RES[16];
- int PTX, PTY, CLK, PTEST, IN;
+ size_t n = 0;
+ size_t i;
+ uint32_t U1, U2, *A, *B, *C, *D;
+ uint32_t PT1, PT2, *WALK, RES[16];
+ uint32_t PTX, PTY, CLK, PTEST, IN;
WALK = hs->WALK;
PT1 = hs->PT1;
@@ -212,7 +214,7 @@
*/
int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len )
{
- int val;
+ uint32_t val;
size_t use_len;
mbedtls_havege_state *hs = (mbedtls_havege_state *) p_rng;
unsigned char *p = buf;
@@ -220,8 +222,8 @@
while( len > 0 )
{
use_len = len;
- if( use_len > sizeof(int) )
- use_len = sizeof(int);
+ if( use_len > sizeof( val ) )
+ use_len = sizeof( val );
if( hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE )
havege_fill( hs );
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index c50330e..50d88bd 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -149,20 +149,32 @@
}
/*
- * HMAC_DRBG reseeding: 10.1.2.4 (arabic) + 9.2 (Roman)
+ * Internal function used both for seeding and reseeding the DRBG.
+ * Comments starting with arabic numbers refer to section 10.1.2.4
+ * of SP800-90A, while roman numbers refer to section 9.2.
*/
-int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t len )
+static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional, size_t len,
+ int use_nonce )
{
unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
- size_t seedlen;
+ size_t seedlen = 0;
int ret;
- /* III. Check input length */
- if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
- ctx->entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT )
{
- return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+ size_t total_entropy_len;
+
+ if( use_nonce == 0 )
+ total_entropy_len = ctx->entropy_len;
+ else
+ total_entropy_len = ctx->entropy_len * 3 / 2;
+
+ /* III. Check input length */
+ if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
+ total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT )
+ {
+ return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+ }
}
memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
@@ -170,9 +182,32 @@
/* IV. Gather entropy_len bytes of entropy for the seed */
if( ( ret = ctx->f_entropy( ctx->p_entropy,
seed, ctx->entropy_len ) ) != 0 )
+ {
return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
+ }
+ seedlen += ctx->entropy_len;
- seedlen = ctx->entropy_len;
+ /* For initial seeding, allow adding of nonce generated
+ * from the entropy source. See Sect 8.6.7 in SP800-90A. */
+ if( use_nonce )
+ {
+ /* Note: We don't merge the two calls to f_entropy() in order
+ * to avoid requesting too much entropy from f_entropy()
+ * at once. Specifically, if the underlying digest is not
+ * SHA-1, 3 / 2 * entropy_len is at least 36 Bytes, which
+ * is larger than the maximum of 32 Bytes that our own
+ * entropy source implementation can emit in a single
+ * call in configurations disabling SHA-512. */
+ if( ( ret = ctx->f_entropy( ctx->p_entropy,
+ seed + seedlen,
+ ctx->entropy_len / 2 ) ) != 0 )
+ {
+ return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
+ }
+
+ seedlen += ctx->entropy_len / 2;
+ }
+
/* 1. Concatenate entropy and additional data if any */
if( additional != NULL && len != 0 )
@@ -195,7 +230,19 @@
}
/*
+ * HMAC_DRBG reseeding: 10.1.2.4 + 9.2
+ */
+int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional, size_t len )
+{
+ return( hmac_drbg_reseed_core( ctx, additional, len, 0 ) );
+}
+
+/*
* HMAC_DRBG initialisation (10.1.2.3 + 9.1)
+ *
+ * The nonce is not passed as a separate parameter but extracted
+ * from the entropy source as suggested in 8.6.7.
*/
int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info,
@@ -205,7 +252,7 @@
size_t len )
{
int ret;
- size_t entropy_len, md_size;
+ size_t md_size;
if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
return( ret );
@@ -233,20 +280,15 @@
*
* (This also matches the sizes used in the NIST test vectors.)
*/
- entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
- md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
- 32; /* better (256+) -> 256 bits */
+ ctx->entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
+ md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
+ 32; /* better (256+) -> 256 bits */
- /*
- * For initialisation, use more entropy to emulate a nonce
- * (Again, matches test vectors.)
- */
- ctx->entropy_len = entropy_len * 3 / 2;
-
- if( ( ret = mbedtls_hmac_drbg_reseed( ctx, custom, len ) ) != 0 )
+ if( ( ret = hmac_drbg_reseed_core( ctx, custom, len,
+ 1 /* add nonce */ ) ) != 0 )
+ {
return( ret );
-
- ctx->entropy_len = entropy_len;
+ }
return( 0 );
}
diff --git a/library/pk.c b/library/pk.c
index a1e278e..e93ccfd 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -158,17 +158,20 @@
int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key )
{
const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t *pk_ctx;
psa_key_type_t type;
if( ctx == NULL || ctx->pk_info != NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
- if( PSA_SUCCESS != psa_get_key_information( key, &type, NULL ) )
+ if( PSA_SUCCESS != psa_get_key_attributes( key, &attributes ) )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ type = psa_get_key_type( &attributes );
+ psa_reset_key_attributes( &attributes );
/* Current implementation of can_do() relies on this. */
- if( ! PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
+ if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ;
if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
@@ -589,19 +592,18 @@
* Currently only works for EC private keys.
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
- psa_key_handle_t *slot,
+ psa_key_handle_t *handle,
psa_algorithm_t hash_alg )
{
#if !defined(MBEDTLS_ECP_C)
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
#else
- psa_key_handle_t key;
const mbedtls_ecp_keypair *ec;
unsigned char d[MBEDTLS_ECP_MAX_BYTES];
size_t d_len;
psa_ecc_curve_t curve_id;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
- psa_key_policy_t policy;
int ret;
/* export the private key material in the format PSA wants */
@@ -614,32 +616,23 @@
return( ret );
curve_id = mbedtls_ecp_curve_info_from_grp_id( ec->grp.id )->tls_id;
- key_type = PSA_KEY_TYPE_ECC_KEYPAIR(
+ key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_psa_parse_tls_ecc_group ( curve_id ) );
- /* allocate a key slot */
- if( PSA_SUCCESS != psa_allocate_key( &key ) )
- return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+ /* prepare the key attributes */
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) );
- /* set policy */
- policy = psa_key_policy_init();
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN,
- PSA_ALG_ECDSA(hash_alg) );
- if( PSA_SUCCESS != psa_set_key_policy( key, &policy ) )
+ /* import private key into PSA */
+ if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, handle ) )
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
- /* import private key in slot */
- if( PSA_SUCCESS != psa_import_key( key, key_type, d, d_len ) )
- return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
-
- /* remember slot number to be destroyed later by caller */
- *slot = key;
-
/* make PK context wrap the key slot */
mbedtls_pk_free( pk );
mbedtls_pk_init( pk );
- return( mbedtls_pk_setup_opaque( pk, key ) );
+ return( mbedtls_pk_setup_opaque( pk, *handle ) );
#endif /* MBEDTLS_ECP_C */
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index c7f879a..5a699c0 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -546,9 +546,9 @@
const unsigned char *sig, size_t sig_len )
{
int ret;
- psa_key_handle_t key_slot;
- psa_key_policy_t policy;
- psa_key_type_t psa_type;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_handle_t key_handle = 0;
+ psa_status_t status;
mbedtls_pk_context key;
int key_len;
/* see ECP_PUB_DER_MAX_BYTES in pkwrite.c */
@@ -576,23 +576,17 @@
if( psa_md == 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
psa_sig_md = PSA_ALG_ECDSA( psa_md );
- psa_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
- if( ( ret = psa_allocate_key( &key_slot ) ) != PSA_SUCCESS )
- return( mbedtls_psa_err_translate_pk( ret ) );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+ psa_set_key_algorithm( &attributes, psa_sig_md );
- policy = psa_key_policy_init();
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, psa_sig_md );
- if( ( ret = psa_set_key_policy( key_slot, &policy ) ) != PSA_SUCCESS )
+ status = psa_import_key( &attributes,
+ buf + sizeof( buf ) - key_len, key_len,
+ &key_handle );
+ if( status != PSA_SUCCESS )
{
- ret = mbedtls_psa_err_translate_pk( ret );
- goto cleanup;
- }
-
- if( psa_import_key( key_slot, psa_type, buf + sizeof( buf ) - key_len, key_len )
- != PSA_SUCCESS )
- {
- ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ ret = mbedtls_psa_err_translate_pk( status );
goto cleanup;
}
@@ -611,7 +605,7 @@
goto cleanup;
}
- if( psa_asymmetric_verify( key_slot, psa_sig_md,
+ if( psa_asymmetric_verify( key_handle, psa_sig_md,
hash, hash_len,
buf, 2 * signature_part_size )
!= PSA_SUCCESS )
@@ -628,7 +622,7 @@
ret = 0;
cleanup:
- psa_destroy_key( key_slot );
+ psa_destroy_key( key_handle );
return( ret );
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
@@ -898,10 +892,13 @@
{
const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
size_t bits;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- if( PSA_SUCCESS != psa_get_key_information( *key, NULL, &bits ) )
+ if( PSA_SUCCESS != psa_get_key_attributes( *key, &attributes ) )
return( 0 );
+ bits = psa_get_key_bits( &attributes );
+ psa_reset_key_attributes( &attributes );
return( bits );
}
@@ -1002,8 +999,9 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
- size_t bits, buf_len;
+ size_t buf_len;
psa_status_t status;
/* PSA has its own RNG */
@@ -1014,11 +1012,11 @@
* that information. Assume that the buffer is large enough for a
* maximal-length signature with that key (otherwise the application is
* buggy anyway). */
- status = psa_get_key_information( *key, NULL, &bits );
+ status = psa_get_key_attributes( *key, &attributes );
if( status != PSA_SUCCESS )
return( mbedtls_psa_err_translate_pk( status ) );
-
- buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( bits );
+ buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( psa_get_key_bits( &attributes ) );
+ psa_reset_key_attributes( &attributes );
/* make the signature */
status = psa_asymmetric_sign( *key, alg, hash, hash_len,
diff --git a/library/pkwrite.c b/library/pkwrite.c
index b87f81b..4388160 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -246,17 +246,16 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( pk_type == MBEDTLS_PK_OPAQUE )
{
- psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
psa_key_handle_t handle;
psa_ecc_curve_t curve;
handle = *((psa_key_handle_t*) key->pk_ctx );
-
- status = psa_get_key_information( handle, &key_type,
- NULL /* bitsize not needed */ );
- if( status != PSA_SUCCESS )
+ if( PSA_SUCCESS != psa_get_key_attributes( handle, &attributes ) )
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+ key_type = psa_get_key_type( &attributes );
+ psa_reset_key_attributes( &attributes );
curve = PSA_KEY_TYPE_GET_CURVE( key_type );
if( curve == 0 )
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c9ee8c9..ef2d50e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -32,16 +32,19 @@
#include "psa_crypto_core.h"
#include "psa_crypto_invasive.h"
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+#include "psa_crypto_se.h"
+#endif
#include "psa_crypto_slot_management.h"
/* Include internal declarations that are useful for implementing persistently
* stored keys. */
#include "psa_crypto_storage.h"
+#include <assert.h>
#include <stdlib.h>
#include <string.h>
-#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
-#else
+#if !defined(MBEDTLS_PLATFORM_C)
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
@@ -52,6 +55,8 @@
#include "mbedtls/bignum.h"
#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/chachapoly.h"
#include "mbedtls/cipher.h"
#include "mbedtls/ccm.h"
#include "mbedtls/cmac.h"
@@ -180,6 +185,14 @@
case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED:
return( PSA_ERROR_HARDWARE_FAILURE );
+ case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE:
+ return( PSA_ERROR_BAD_STATE );
+ case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED:
+ return( PSA_ERROR_INVALID_SIGNATURE );
+
case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
return( PSA_ERROR_NOT_SUPPORTED );
case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
@@ -193,7 +206,7 @@
case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
return( PSA_ERROR_INVALID_SIGNATURE );
case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
- return( PSA_ERROR_TAMPERING_DETECTED );
+ return( PSA_ERROR_CORRUPTION_DETECTED );
case MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED:
return( PSA_ERROR_HARDWARE_FAILURE );
@@ -284,6 +297,11 @@
case MBEDTLS_ERR_PK_HW_ACCEL_FAILED:
return( PSA_ERROR_HARDWARE_FAILURE );
+ case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+ case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
+ return( PSA_ERROR_NOT_SUPPORTED );
+
case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED:
return( PSA_ERROR_HARDWARE_FAILURE );
@@ -297,7 +315,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
case MBEDTLS_ERR_RSA_PUBLIC_FAILED:
case MBEDTLS_ERR_RSA_PRIVATE_FAILED:
- return( PSA_ERROR_TAMPERING_DETECTED );
+ return( PSA_ERROR_CORRUPTION_DETECTED );
case MBEDTLS_ERR_RSA_VERIFY_FAILED:
return( PSA_ERROR_INVALID_SIGNATURE );
case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
@@ -346,6 +364,13 @@
/* Key management */
/****************************************************************/
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+static inline int psa_key_slot_is_external( const psa_key_slot_t *slot )
+{
+ return( psa_key_lifetime_is_external( slot->attr.lifetime ) );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
#if defined(MBEDTLS_ECP_C)
static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid )
{
@@ -462,6 +487,12 @@
return( PSA_ERROR_INVALID_ARGUMENT );
break;
#endif
+#if defined(MBEDTLS_CHACHA20_C)
+ case PSA_KEY_TYPE_CHACHA20:
+ if( bits != 256 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ break;
+#endif
default:
return( PSA_ERROR_NOT_SUPPORTED );
}
@@ -515,7 +546,7 @@
mbedtls_pk_init( &pk );
/* Parse the data. */
- if( PSA_KEY_TYPE_IS_KEYPAIR( type ) )
+ if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
status = mbedtls_to_psa_error(
mbedtls_pk_parse_key( &pk, data, data_length, NULL, 0 ) );
else
@@ -568,7 +599,7 @@
size_t data_length,
mbedtls_ecp_keypair **p_ecp )
{
- psa_status_t status = PSA_ERROR_TAMPERING_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
@@ -617,7 +648,7 @@
size_t data_length,
mbedtls_ecp_keypair **p_ecp )
{
- psa_status_t status = PSA_ERROR_TAMPERING_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
@@ -665,7 +696,45 @@
}
#endif /* defined(MBEDTLS_ECP_C) */
-/** Import key data into a slot. `slot->type` must have been set
+
+/** Return the size of the key in the given slot, in bits.
+ *
+ * \param[in] slot A key slot.
+ *
+ * \return The key size in bits, read from the metadata in the slot.
+ */
+static inline size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
+{
+ return( slot->attr.bits );
+}
+
+/** Calculate the size of the key in the given slot, in bits.
+ *
+ * \param[in] slot A key slot containing a transparent key.
+ *
+ * \return The key size in bits, calculated from the key data.
+ */
+static psa_key_bits_t psa_calculate_key_bits( const psa_key_slot_t *slot )
+{
+ size_t bits = 0; /* return 0 on an empty slot */
+
+ if( key_type_is_raw_bytes( slot->attr.type ) )
+ bits = PSA_BYTES_TO_BITS( slot->data.raw.bytes );
+#if defined(MBEDTLS_RSA_C)
+ else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
+ bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( slot->data.rsa ) );
+#endif /* defined(MBEDTLS_RSA_C) */
+#if defined(MBEDTLS_ECP_C)
+ else if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
+ bits = slot->data.ecp->grp.pbits;
+#endif /* defined(MBEDTLS_ECP_C) */
+
+ /* We know that the size fits in psa_key_bits_t thanks to checks
+ * when the key was created. */
+ return( (psa_key_bits_t) bits );
+}
+
+/** Import key data into a slot. `slot->attr.type` must have been set
* previously. This function assumes that the slot does not contain
* any key material yet. On failure, the slot content is unchanged. */
psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
@@ -674,13 +743,17 @@
{
psa_status_t status = PSA_SUCCESS;
- if( key_type_is_raw_bytes( slot->type ) )
+ if( key_type_is_raw_bytes( slot->attr.type ) )
{
- /* Ensure that a bytes-to-bit conversion won't overflow. */
+ size_t bit_size = PSA_BYTES_TO_BITS( data_length );
+ /* Ensure that the bytes-to-bit conversion didn't overflow. */
if( data_length > SIZE_MAX / 8 )
return( PSA_ERROR_NOT_SUPPORTED );
- status = prepare_raw_data_slot( slot->type,
- PSA_BYTES_TO_BITS( data_length ),
+ /* Enforce a size limit, and in particular ensure that the bit
+ * size fits in its representation type. */
+ if( bit_size > PSA_MAX_KEY_BITS )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ status = prepare_raw_data_slot( slot->attr.type, bit_size,
&slot->data.raw );
if( status != PSA_SUCCESS )
return( status );
@@ -689,25 +762,25 @@
}
else
#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( slot->type ) )
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( slot->attr.type ) )
{
- status = psa_import_ec_private_key( PSA_KEY_TYPE_GET_CURVE( slot->type ),
+ status = psa_import_ec_private_key( PSA_KEY_TYPE_GET_CURVE( slot->attr.type ),
data, data_length,
&slot->data.ecp );
}
- else if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( slot->type ) )
+ else if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( slot->attr.type ) )
{
status = psa_import_ec_public_key(
- PSA_KEY_TYPE_GET_CURVE( slot->type ),
+ PSA_KEY_TYPE_GET_CURVE( slot->attr.type ),
data, data_length,
&slot->data.ecp );
}
else
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
- if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+ if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
- status = psa_import_rsa_key( slot->type,
+ status = psa_import_rsa_key( slot->attr.type,
data, data_length,
&slot->data.rsa );
}
@@ -716,27 +789,14 @@
{
return( PSA_ERROR_NOT_SUPPORTED );
}
- return( status );
-}
-/* Retrieve an empty key slot (slot with no key data, but possibly
- * with some metadata such as a policy). */
-static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
- psa_key_slot_t **p_slot )
-{
- psa_status_t status;
- psa_key_slot_t *slot = NULL;
-
- *p_slot = NULL;
-
- status = psa_get_key_slot( handle, &slot );
- if( status != PSA_SUCCESS )
- return( status );
-
- if( slot->type != PSA_KEY_TYPE_NONE )
- return( PSA_ERROR_ALREADY_EXISTS );
-
- *p_slot = slot;
+ if( status == PSA_SUCCESS )
+ {
+ /* Write the actual key size to the slot.
+ * psa_start_key_creation() wrote the size declared by the
+ * caller, which may be 0 (meaning unspecified) or wrong. */
+ slot->attr.bits = psa_calculate_key_bits( slot );
+ }
return( status );
}
@@ -842,40 +902,75 @@
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
- if( slot->type == PSA_KEY_TYPE_NONE )
- return( PSA_ERROR_DOES_NOT_EXIST );
/* Enforce that usage policy for the key slot contains all the flags
* required by the usage parameter. There is one exception: public
* keys can always be exported, so we treat public key objects as
* if they had the export flag. */
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) )
+ if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
usage &= ~PSA_KEY_USAGE_EXPORT;
- if( ( slot->policy.usage & usage ) != usage )
+ if( ( slot->attr.policy.usage & usage ) != usage )
return( PSA_ERROR_NOT_PERMITTED );
/* Enforce that the usage policy permits the requested algortihm. */
- if( alg != 0 && ! psa_key_policy_permits( &slot->policy, alg ) )
+ if( alg != 0 && ! psa_key_policy_permits( &slot->attr.policy, alg ) )
return( PSA_ERROR_NOT_PERMITTED );
*p_slot = slot;
return( PSA_SUCCESS );
}
+/** Retrieve a slot which must contain a transparent key.
+ *
+ * A transparent key is a key for which the key material is directly
+ * available, as opposed to a key in a secure element.
+ *
+ * This is a temporary function to use instead of psa_get_key_from_slot()
+ * until secure element support is fully implemented.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+static psa_status_t psa_get_transparent_key( psa_key_handle_t handle,
+ psa_key_slot_t **p_slot,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ psa_status_t status = psa_get_key_from_slot( handle, p_slot, usage, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+ if( psa_key_slot_is_external( *p_slot ) )
+ {
+ *p_slot = NULL;
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ return( PSA_SUCCESS );
+}
+#else /* MBEDTLS_PSA_CRYPTO_SE_C */
+/* With no secure element support, all keys are transparent. */
+#define psa_get_transparent_key( handle, p_slot, usage, alg ) \
+ psa_get_key_from_slot( handle, p_slot, usage, alg )
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
/** Wipe key data from a slot. Preserve metadata such as the policy. */
static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
{
- if( slot->type == PSA_KEY_TYPE_NONE )
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( psa_key_slot_is_external( slot ) )
{
/* No key material to clean. */
}
- else if( key_type_is_raw_bytes( slot->type ) )
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ if( slot->attr.type == PSA_KEY_TYPE_NONE )
+ {
+ /* No key material to clean. */
+ }
+ else if( key_type_is_raw_bytes( slot->attr.type ) )
{
mbedtls_free( slot->data.raw.data );
}
else
#if defined(MBEDTLS_RSA_C)
- if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+ if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
mbedtls_rsa_free( slot->data.rsa );
mbedtls_free( slot->data.rsa );
@@ -883,7 +978,7 @@
else
#endif /* defined(MBEDTLS_RSA_C) */
#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{
mbedtls_ecp_keypair_free( slot->data.ecp );
mbedtls_free( slot->data.ecp );
@@ -893,7 +988,7 @@
{
/* Shouldn't happen: the key type is not any type that we
* put in. */
- return( PSA_ERROR_TAMPERING_DETECTED );
+ return( PSA_ERROR_CORRUPTION_DETECTED );
}
return( PSA_SUCCESS );
@@ -904,6 +999,11 @@
psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
{
psa_status_t status = psa_remove_key_data_from_memory( slot );
+ /* Multipart operations may still be using the key. This is safe
+ * because all multipart operation objects are independent from
+ * the key slot: if they need to access the key after the setup
+ * phase, they have a copy of the key. Note that this means that
+ * key material can linger until all operations are completed. */
/* At this point, key material and other type-specific content has
* been wiped. Clear remaining metadata. We can call memset and not
* zeroize because the metadata is not particularly sensitive. */
@@ -911,108 +1011,244 @@
return( status );
}
-psa_status_t psa_import_key( psa_key_handle_t handle,
- psa_key_type_t type,
- const uint8_t *data,
- size_t data_length )
-{
- psa_key_slot_t *slot;
- psa_status_t status;
-
- status = psa_get_empty_key_slot( handle, &slot );
- if( status != PSA_SUCCESS )
- return( status );
-
- slot->type = type;
-
- status = psa_import_key_into_slot( slot, data, data_length );
- if( status != PSA_SUCCESS )
- {
- slot->type = PSA_KEY_TYPE_NONE;
- return( status );
- }
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
- {
- /* Store in file location */
- status = psa_save_persistent_key( slot->persistent_storage_id,
- slot->type, &slot->policy, data,
- data_length );
- if( status != PSA_SUCCESS )
- {
- (void) psa_remove_key_data_from_memory( slot );
- slot->type = PSA_KEY_TYPE_NONE;
- }
- }
-#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
-
- return( status );
-}
-
psa_status_t psa_destroy_key( psa_key_handle_t handle )
{
psa_key_slot_t *slot;
- psa_status_t status = PSA_SUCCESS;
- psa_status_t storage_status = PSA_SUCCESS;
+ psa_status_t status; /* status of the last operation */
+ psa_status_t overall_status = PSA_SUCCESS;
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ psa_se_drv_table_entry_t *driver;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ driver = psa_get_se_driver_entry( slot->attr.lifetime );
+ if( driver != NULL )
{
- storage_status =
- psa_destroy_persistent_key( slot->persistent_storage_id );
+ /* For a key in a secure element, we need to do three things:
+ * remove the key file in internal storage, destroy the
+ * key inside the secure element, and update the driver's
+ * persistent data. Start a transaction that will encompass these
+ * three actions. */
+ psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY );
+ psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
+ psa_crypto_transaction.key.slot = slot->data.se.slot_number;
+ psa_crypto_transaction.key.id = slot->attr.id;
+ status = psa_crypto_save_transaction( );
+ if( status != PSA_SUCCESS )
+ {
+ (void) psa_crypto_stop_transaction( );
+ /* We should still try to destroy the key in the secure
+ * element and the key metadata in storage. This is especially
+ * important if the error is that the storage is full.
+ * But how to do it exactly without risking an inconsistent
+ * state after a reset?
+ * https://github.com/ARMmbed/mbed-crypto/issues/215
+ */
+ overall_status = status;
+ goto exit;
+ }
+
+ status = psa_destroy_se_key( driver, slot->data.se.slot_number );
+ if( overall_status == PSA_SUCCESS )
+ overall_status = status;
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ if( slot->attr.lifetime != PSA_KEY_LIFETIME_VOLATILE )
+ {
+ status = psa_destroy_persistent_key( slot->attr.id );
+ if( overall_status == PSA_SUCCESS )
+ overall_status = status;
+
+ /* TODO: other slots may have a copy of the same key. We should
+ * invalidate them.
+ * https://github.com/ARMmbed/mbed-crypto/issues/214
+ */
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( driver != NULL )
+ {
+ status = psa_save_se_persistent_data( driver );
+ if( overall_status == PSA_SUCCESS )
+ overall_status = status;
+ status = psa_crypto_stop_transaction( );
+ if( overall_status == PSA_SUCCESS )
+ overall_status = status;
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+exit:
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_wipe_key_slot( slot );
- if( status != PSA_SUCCESS )
- return( status );
- return( storage_status );
+ /* Prioritize CORRUPTION_DETECTED from wiping over a storage error */
+ if( overall_status == PSA_SUCCESS )
+ overall_status = status;
+ return( overall_status );
}
-/* Return the size of the key in the given slot, in bits. */
-static size_t psa_get_key_bits( const psa_key_slot_t *slot )
+void psa_reset_key_attributes( psa_key_attributes_t *attributes )
{
- if( key_type_is_raw_bytes( slot->type ) )
- return( slot->data.raw.bytes * 8 );
-#if defined(MBEDTLS_RSA_C)
- if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
- return( PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( slot->data.rsa ) ) );
-#endif /* defined(MBEDTLS_RSA_C) */
-#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
- return( slot->data.ecp->grp.pbits );
-#endif /* defined(MBEDTLS_ECP_C) */
- /* Shouldn't happen except on an empty slot. */
- return( 0 );
+ mbedtls_free( attributes->domain_parameters );
+ memset( attributes, 0, sizeof( *attributes ) );
}
-psa_status_t psa_get_key_information( psa_key_handle_t handle,
- psa_key_type_t *type,
- size_t *bits )
+psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
+ psa_key_type_t type,
+ const uint8_t *data,
+ size_t data_length )
+{
+ uint8_t *copy = NULL;
+
+ if( data_length != 0 )
+ {
+ copy = mbedtls_calloc( 1, data_length );
+ if( copy == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ memcpy( copy, data, data_length );
+ }
+ /* After this point, this function is guaranteed to succeed, so it
+ * can start modifying `*attributes`. */
+
+ if( attributes->domain_parameters != NULL )
+ {
+ mbedtls_free( attributes->domain_parameters );
+ attributes->domain_parameters = NULL;
+ attributes->domain_parameters_size = 0;
+ }
+
+ attributes->domain_parameters = copy;
+ attributes->domain_parameters_size = data_length;
+ attributes->core.type = type;
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_get_key_domain_parameters(
+ const psa_key_attributes_t *attributes,
+ uint8_t *data, size_t data_size, size_t *data_length )
+{
+ if( attributes->domain_parameters_size > data_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ *data_length = attributes->domain_parameters_size;
+ if( attributes->domain_parameters_size != 0 )
+ memcpy( data, attributes->domain_parameters,
+ attributes->domain_parameters_size );
+ return( PSA_SUCCESS );
+}
+
+#if defined(MBEDTLS_RSA_C)
+static psa_status_t psa_get_rsa_public_exponent(
+ const mbedtls_rsa_context *rsa,
+ psa_key_attributes_t *attributes )
+{
+ mbedtls_mpi mpi;
+ int ret;
+ uint8_t *buffer = NULL;
+ size_t buflen;
+ mbedtls_mpi_init( &mpi );
+
+ ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &mpi );
+ if( ret != 0 )
+ goto exit;
+ if( mbedtls_mpi_cmp_int( &mpi, 65537 ) == 0 )
+ {
+ /* It's the default value, which is reported as an empty string,
+ * so there's nothing to do. */
+ goto exit;
+ }
+
+ buflen = mbedtls_mpi_size( &mpi );
+ buffer = mbedtls_calloc( 1, buflen );
+ if( buffer == NULL )
+ {
+ ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
+ goto exit;
+ }
+ ret = mbedtls_mpi_write_binary( &mpi, buffer, buflen );
+ if( ret != 0 )
+ goto exit;
+ attributes->domain_parameters = buffer;
+ attributes->domain_parameters_size = buflen;
+
+exit:
+ mbedtls_mpi_free( &mpi );
+ if( ret != 0 )
+ mbedtls_free( buffer );
+ return( mbedtls_to_psa_error( ret ) );
+}
+#endif /* MBEDTLS_RSA_C */
+
+/** Retrieve all the publicly-accessible attributes of a key.
+ */
+psa_status_t psa_get_key_attributes( psa_key_handle_t handle,
+ psa_key_attributes_t *attributes )
{
psa_key_slot_t *slot;
psa_status_t status;
- if( type != NULL )
- *type = 0;
- if( bits != NULL )
- *bits = 0;
- status = psa_get_key_slot( handle, &slot );
+ psa_reset_key_attributes( attributes );
+
+ status = psa_get_key_from_slot( handle, &slot, 0, 0 );
if( status != PSA_SUCCESS )
return( status );
- if( slot->type == PSA_KEY_TYPE_NONE )
- return( PSA_ERROR_DOES_NOT_EXIST );
- if( type != NULL )
- *type = slot->type;
- if( bits != NULL )
- *bits = psa_get_key_bits( slot );
- return( PSA_SUCCESS );
+ attributes->core = slot->attr;
+ attributes->core.flags &= ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
+ MBEDTLS_PSA_KA_MASK_DUAL_USE );
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( psa_key_slot_is_external( slot ) )
+ psa_set_key_slot_number( attributes, slot->data.se.slot_number );
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
+ switch( slot->attr.type )
+ {
+#if defined(MBEDTLS_RSA_C)
+ case PSA_KEY_TYPE_RSA_KEY_PAIR:
+ case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ /* TODO: reporting the public exponent for opaque keys
+ * is not yet implemented.
+ * https://github.com/ARMmbed/mbed-crypto/issues/216
+ */
+ if( psa_key_slot_is_external( slot ) )
+ break;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ status = psa_get_rsa_public_exponent( slot->data.rsa, attributes );
+ break;
+#endif /* MBEDTLS_RSA_C */
+ default:
+ /* Nothing else to do. */
+ break;
+ }
+
+ if( status != PSA_SUCCESS )
+ psa_reset_key_attributes( attributes );
+ return( status );
}
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+psa_status_t psa_get_key_slot_number(
+ const psa_key_attributes_t *attributes,
+ psa_key_slot_number_t *slot_number )
+{
+ if( attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER )
+ {
+ *slot_number = attributes->slot_number;
+ return( PSA_SUCCESS );
+ }
+ else
+ return( PSA_ERROR_INVALID_ARGUMENT );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
static int pk_write_pubkey_simple( mbedtls_pk_context *key,
unsigned char *buf, size_t size )
@@ -1035,12 +1271,34 @@
size_t *data_length,
int export_public_key )
{
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ const psa_drv_se_t *drv;
+ psa_drv_se_context_t *drv_context;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
*data_length = 0;
- if( export_public_key && ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->type ) )
+ if( export_public_key && ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
- if( key_type_is_raw_bytes( slot->type ) )
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
+ {
+ psa_drv_se_export_key_t method;
+ if( drv->key_management == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ method = ( export_public_key ?
+ drv->key_management->p_export_public :
+ drv->key_management->p_export );
+ if( method == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ return( method( drv_context,
+ slot->data.se.slot_number,
+ data, data_size, data_length ) );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
+ if( key_type_is_raw_bytes( slot->attr.type ) )
{
if( slot->data.raw.bytes > data_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
@@ -1054,11 +1312,11 @@
return( PSA_SUCCESS );
}
#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( slot->type ) && !export_public_key )
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( slot->attr.type ) && !export_public_key )
{
psa_status_t status;
- size_t bytes = PSA_BITS_TO_BYTES( psa_get_key_bits( slot ) );
+ size_t bytes = PSA_BITS_TO_BYTES( slot->attr.bits );
if( bytes > data_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
status = mbedtls_to_psa_error(
@@ -1073,12 +1331,12 @@
else
{
#if defined(MBEDTLS_PK_WRITE_C)
- if( PSA_KEY_TYPE_IS_RSA( slot->type ) ||
- PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ||
+ PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{
mbedtls_pk_context pk;
int ret;
- if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+ if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
#if defined(MBEDTLS_RSA_C)
mbedtls_pk_init( &pk );
@@ -1098,7 +1356,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
#endif
}
- if( export_public_key || PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) )
+ if( export_public_key || PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
{
ret = pk_write_pubkey_simple( &pk, data, data_size );
}
@@ -1187,56 +1445,525 @@
data_length, 1 ) );
}
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-static psa_status_t psa_save_generated_persistent_key( psa_key_slot_t *slot,
- size_t bits )
+#if defined(static_assert)
+static_assert( ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
+ "One or more key attribute flag is listed as both external-only and dual-use" );
+static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
+ "One or more key attribute flag is listed as both internal-only and dual-use" );
+static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ) == 0,
+ "One or more key attribute flag is listed as both internal-only and external-only" );
+#endif
+
+/** Validate that a key policy is internally well-formed.
+ *
+ * This function only rejects invalid policies. It does not validate the
+ * consistency of the policy with respect to other attributes of the key
+ * such as the key type.
+ */
+static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy )
+{
+ if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_COPY |
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_SIGN |
+ PSA_KEY_USAGE_VERIFY |
+ PSA_KEY_USAGE_DERIVE ) ) != 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ return( PSA_SUCCESS );
+}
+
+/** Validate the internal consistency of key attributes.
+ *
+ * This function only rejects invalid attribute values. If does not
+ * validate the consistency of the attributes with any key data that may
+ * be involved in the creation of the key.
+ *
+ * Call this function early in the key creation process.
+ *
+ * \param[in] attributes Key attributes for the new key.
+ * \param[out] p_drv On any return, the driver for the key, if any.
+ * NULL for a transparent key.
+ *
+ */
+static psa_status_t psa_validate_key_attributes(
+ const psa_key_attributes_t *attributes,
+ psa_se_drv_table_entry_t **p_drv )
{
psa_status_t status;
- uint8_t *data;
- size_t key_length;
- size_t data_size = PSA_KEY_EXPORT_MAX_SIZE( slot->type, bits );
- data = mbedtls_calloc( 1, data_size );
- if( data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- /* Get key data in export format */
- status = psa_internal_export_key( slot, data, data_size, &key_length, 0 );
- if( status != PSA_SUCCESS )
+
+ if( attributes->core.lifetime != PSA_KEY_LIFETIME_VOLATILE )
{
- slot->type = PSA_KEY_TYPE_NONE;
- goto exit;
+ status = psa_validate_persistent_key_parameters(
+ attributes->core.lifetime, attributes->core.id,
+ p_drv, 1 );
+ if( status != PSA_SUCCESS )
+ return( status );
}
- /* Store in file location */
- status = psa_save_persistent_key( slot->persistent_storage_id,
- slot->type, &slot->policy,
- data, key_length );
+
+ status = psa_validate_key_policy( &attributes->core.policy );
if( status != PSA_SUCCESS )
+ return( status );
+
+ /* Refuse to create overly large keys.
+ * Note that this doesn't trigger on import if the attributes don't
+ * explicitly specify a size (so psa_get_key_bits returns 0), so
+ * psa_import_key() needs its own checks. */
+ if( psa_get_key_bits( attributes ) > PSA_MAX_KEY_BITS )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ /* Reject invalid flags. These should not be reachable through the API. */
+ if( attributes->core.flags & ~ ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
+ MBEDTLS_PSA_KA_MASK_DUAL_USE ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ return( PSA_SUCCESS );
+}
+
+/** Prepare a key slot to receive key material.
+ *
+ * This function allocates a key slot and sets its metadata.
+ *
+ * If this function fails, call psa_fail_key_creation().
+ *
+ * This function is intended to be used as follows:
+ * -# Call psa_start_key_creation() to allocate a key slot, prepare
+ * it with the specified attributes, and assign it a handle.
+ * -# Populate the slot with the key material.
+ * -# Call psa_finish_key_creation() to finalize the creation of the slot.
+ * In case of failure at any step, stop the sequence and call
+ * psa_fail_key_creation().
+ *
+ * \param method An identification of the calling function.
+ * \param[in] attributes Key attributes for the new key.
+ * \param[out] handle On success, a handle for the allocated slot.
+ * \param[out] p_slot On success, a pointer to the prepared slot.
+ * \param[out] p_drv On any return, the driver for the key, if any.
+ * NULL for a transparent key.
+ *
+ * \retval #PSA_SUCCESS
+ * The key slot is ready to receive key material.
+ * \return If this function fails, the key slot is an invalid state.
+ * You must call psa_fail_key_creation() to wipe and free the slot.
+ */
+static psa_status_t psa_start_key_creation(
+ psa_key_creation_method_t method,
+ const psa_key_attributes_t *attributes,
+ psa_key_handle_t *handle,
+ psa_key_slot_t **p_slot,
+ psa_se_drv_table_entry_t **p_drv )
+{
+ psa_status_t status;
+ psa_key_slot_t *slot;
+
+ (void) method;
+ *p_drv = NULL;
+
+ status = psa_validate_key_attributes( attributes, p_drv );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ status = psa_get_empty_key_slot( handle, p_slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+ slot = *p_slot;
+
+ /* We're storing the declared bit-size of the key. It's up to each
+ * creation mechanism to verify that this information is correct.
+ * It's automatically correct for mechanisms that use the bit-size as
+ * an input (generate, device) but not for those where the bit-size
+ * is optional (import, copy). */
+
+ slot->attr = attributes->core;
+
+ /* Erase external-only flags from the internal copy. To access
+ * external-only flags, query `attributes`. Thanks to the check
+ * in psa_validate_key_attributes(), this leaves the dual-use
+ * flags and any internal flag that psa_get_empty_key_slot()
+ * may have set. */
+ slot->attr.flags &= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY;
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ /* For a key in a secure element, we need to do three things
+ * when creating a key (but not when registering an existing key):
+ * create the key file in internal storage, create the
+ * key inside the secure element, and update the driver's
+ * persistent data. Start a transaction that will encompass these
+ * three actions. */
+ /* The first thing to do is to find a slot number for the new key.
+ * We save the slot number in persistent storage as part of the
+ * transaction data. It will be needed to recover if the power
+ * fails during the key creation process, to clean up on the secure
+ * element side after restarting. Obtaining a slot number from the
+ * secure element driver updates its persistent state, but we do not yet
+ * save the driver's persistent state, so that if the power fails,
+ * we can roll back to a state where the key doesn't exist. */
+ if( *p_drv != NULL && method != PSA_KEY_CREATION_REGISTER )
{
- slot->type = PSA_KEY_TYPE_NONE;
+ status = psa_find_se_slot_for_key( attributes, method, *p_drv,
+ &slot->data.se.slot_number );
+ if( status != PSA_SUCCESS )
+ return( status );
+ psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY );
+ psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
+ psa_crypto_transaction.key.slot = slot->data.se.slot_number;
+ psa_crypto_transaction.key.id = slot->attr.id;
+ status = psa_crypto_save_transaction( );
+ if( status != PSA_SUCCESS )
+ {
+ (void) psa_crypto_stop_transaction( );
+ return( status );
+ }
}
-exit:
- mbedtls_platform_zeroize( data, key_length );
- mbedtls_free( data );
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
return( status );
}
+
+/** Finalize the creation of a key once its key material has been set.
+ *
+ * This entails writing the key to persistent storage.
+ *
+ * If this function fails, call psa_fail_key_creation().
+ * See the documentation of psa_start_key_creation() for the intended use
+ * of this function.
+ *
+ * \param[in,out] slot Pointer to the slot with key material.
+ * \param[in] driver The secure element driver for the key,
+ * or NULL for a transparent key.
+ *
+ * \retval #PSA_SUCCESS
+ * The key was successfully created. The handle is now valid.
+ * \return If this function fails, the key slot is an invalid state.
+ * You must call psa_fail_key_creation() to wipe and free the slot.
+ */
+static psa_status_t psa_finish_key_creation(
+ psa_key_slot_t *slot,
+ psa_se_drv_table_entry_t *driver )
+{
+ psa_status_t status = PSA_SUCCESS;
+ (void) slot;
+ (void) driver;
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ if( slot->attr.lifetime != PSA_KEY_LIFETIME_VOLATILE )
+ {
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( driver != NULL )
+ {
+ psa_se_key_data_storage_t data;
+#if defined(static_assert)
+ static_assert( sizeof( slot->data.se.slot_number ) ==
+ sizeof( data.slot_number ),
+ "Slot number size does not match psa_se_key_data_storage_t" );
+ static_assert( sizeof( slot->attr.bits ) == sizeof( data.bits ),
+ "Bit-size size does not match psa_se_key_data_storage_t" );
+#endif
+ memcpy( &data.slot_number, &slot->data.se.slot_number,
+ sizeof( slot->data.se.slot_number ) );
+ memcpy( &data.bits, &slot->attr.bits,
+ sizeof( slot->attr.bits ) );
+ status = psa_save_persistent_key( &slot->attr,
+ (uint8_t*) &data,
+ sizeof( data ) );
+ }
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ {
+ size_t buffer_size =
+ PSA_KEY_EXPORT_MAX_SIZE( slot->attr.type,
+ slot->attr.bits );
+ uint8_t *buffer = mbedtls_calloc( 1, buffer_size );
+ size_t length = 0;
+ if( buffer == NULL && buffer_size != 0 )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ status = psa_internal_export_key( slot,
+ buffer, buffer_size, &length,
+ 0 );
+ if( status == PSA_SUCCESS )
+ status = psa_save_persistent_key( &slot->attr,
+ buffer, length );
+
+ if( buffer_size != 0 )
+ mbedtls_platform_zeroize( buffer, buffer_size );
+ mbedtls_free( buffer );
+ }
+ }
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ /* Finish the transaction for a key creation. This does not
+ * happen when registering an existing key. Detect this case
+ * by checking whether a transaction is in progress (actual
+ * creation of a key in a secure element requires a transaction,
+ * but registration doesn't use one). */
+ if( driver != NULL &&
+ psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY )
+ {
+ status = psa_save_se_persistent_data( driver );
+ if( status != PSA_SUCCESS )
+ {
+ psa_destroy_persistent_key( slot->attr.id );
+ return( status );
+ }
+ status = psa_crypto_stop_transaction( );
+ if( status != PSA_SUCCESS )
+ return( status );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
+ return( status );
+}
+
+/** Abort the creation of a key.
+ *
+ * You may call this function after calling psa_start_key_creation(),
+ * or after psa_finish_key_creation() fails. In other circumstances, this
+ * function may not clean up persistent storage.
+ * See the documentation of psa_start_key_creation() for the intended use
+ * of this function.
+ *
+ * \param[in,out] slot Pointer to the slot with key material.
+ * \param[in] driver The secure element driver for the key,
+ * or NULL for a transparent key.
+ */
+static void psa_fail_key_creation( psa_key_slot_t *slot,
+ psa_se_drv_table_entry_t *driver )
+{
+ (void) driver;
+
+ if( slot == NULL )
+ return;
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ /* TODO: If the key has already been created in the secure
+ * element, and the failure happened later (when saving metadata
+ * to internal storage), we need to destroy the key in the secure
+ * element.
+ * https://github.com/ARMmbed/mbed-crypto/issues/217
+ */
+
+ /* Abort the ongoing transaction if any (there may not be one if
+ * the creation process failed before starting one, or if the
+ * key creation is a registration of a key in a secure element).
+ * Earlier functions must already have done what it takes to undo any
+ * partial creation. All that's left is to update the transaction data
+ * itself. */
+ (void) psa_crypto_stop_transaction( );
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
+ psa_wipe_key_slot( slot );
+}
+
+/** Validate optional attributes during key creation.
+ *
+ * Some key attributes are optional during key creation. If they are
+ * specified in the attributes structure, check that they are consistent
+ * with the data in the slot.
+ *
+ * This function should be called near the end of key creation, after
+ * the slot in memory is fully populated but before saving persistent data.
+ */
+static psa_status_t psa_validate_optional_attributes(
+ const psa_key_slot_t *slot,
+ const psa_key_attributes_t *attributes )
+{
+ if( attributes->core.type != 0 )
+ {
+ if( attributes->core.type != slot->attr.type )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ if( attributes->domain_parameters_size != 0 )
+ {
+#if defined(MBEDTLS_RSA_C)
+ if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
+ {
+ mbedtls_mpi actual, required;
+ int ret;
+ mbedtls_mpi_init( &actual );
+ mbedtls_mpi_init( &required );
+ ret = mbedtls_rsa_export( slot->data.rsa,
+ NULL, NULL, NULL, NULL, &actual );
+ if( ret != 0 )
+ goto rsa_exit;
+ ret = mbedtls_mpi_read_binary( &required,
+ attributes->domain_parameters,
+ attributes->domain_parameters_size );
+ if( ret != 0 )
+ goto rsa_exit;
+ if( mbedtls_mpi_cmp_mpi( &actual, &required ) != 0 )
+ ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ rsa_exit:
+ mbedtls_mpi_free( &actual );
+ mbedtls_mpi_free( &required );
+ if( ret != 0)
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ else
+#endif
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ }
+
+ if( attributes->core.bits != 0 )
+ {
+ if( attributes->core.bits != slot->attr.bits )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ psa_key_handle_t *handle )
+{
+ psa_status_t status;
+ psa_key_slot_t *slot = NULL;
+ psa_se_drv_table_entry_t *driver = NULL;
+
+ status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
+ handle, &slot, &driver );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( driver != NULL )
+ {
+ const psa_drv_se_t *drv = psa_get_se_driver_methods( driver );
+ /* The driver should set the number of key bits, however in
+ * case it doesn't, we initialize bits to an invalid value. */
+ size_t bits = PSA_MAX_KEY_BITS + 1;
+ if( drv->key_management == NULL ||
+ drv->key_management->p_import == NULL )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ status = drv->key_management->p_import(
+ psa_get_se_driver_context( driver ),
+ slot->data.se.slot_number, attributes, data, data_length,
+ &bits );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ if( bits > PSA_MAX_KEY_BITS )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ slot->attr.bits = (psa_key_bits_t) bits;
+ }
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ {
+ status = psa_import_key_into_slot( slot, data, data_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ }
+ status = psa_validate_optional_attributes( slot, attributes );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_finish_key_creation( slot, driver );
+exit:
+ if( status != PSA_SUCCESS )
+ {
+ psa_fail_key_creation( slot, driver );
+ *handle = 0;
+ }
+ return( status );
+}
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+psa_status_t mbedtls_psa_register_se_key(
+ const psa_key_attributes_t *attributes )
+{
+ psa_status_t status;
+ psa_key_slot_t *slot = NULL;
+ psa_se_drv_table_entry_t *driver = NULL;
+ const psa_drv_se_t *drv;
+ psa_key_handle_t handle = 0;
+
+ /* Leaving attributes unspecified is not currently supported.
+ * It could make sense to query the key type and size from the
+ * secure element, but not all secure elements support this
+ * and the driver HAL doesn't currently support it. */
+ if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_NONE )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( psa_get_key_bits( attributes ) == 0 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ status = psa_start_key_creation( PSA_KEY_CREATION_REGISTER, attributes,
+ &handle, &slot, &driver );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( driver == NULL )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+ drv = psa_get_se_driver_methods( driver );
+
+ if ( psa_get_key_slot_number( attributes,
+ &slot->data.se.slot_number ) != PSA_SUCCESS )
+ {
+ /* The application didn't specify a slot number. This doesn't
+ * make sense when registering a slot. */
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ /* If the driver has a slot number validation method, call it.
+ * If it doesn't, it means the secure element is unable to validate
+ * anything and so we have to trust the application. */
+ if( drv->key_management != NULL &&
+ drv->key_management->p_validate_slot_number != NULL )
+ {
+ status = drv->key_management->p_validate_slot_number(
+ psa_get_se_driver_context( driver ),
+ attributes,
+ PSA_KEY_CREATION_REGISTER,
+ slot->data.se.slot_number );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ }
+
+ status = psa_finish_key_creation( slot, driver );
+
+exit:
+ if( status != PSA_SUCCESS )
+ {
+ psa_fail_key_creation( slot, driver );
+ }
+ /* Registration doesn't keep the key in RAM. */
+ psa_close_key( handle );
+ return( status );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
- psa_key_handle_t target )
+ psa_key_slot_t *target )
{
psa_status_t status;
uint8_t *buffer = NULL;
size_t buffer_size = 0;
size_t length;
- buffer_size = PSA_KEY_EXPORT_MAX_SIZE( source->type,
- psa_get_key_bits( source ) );
+ buffer_size = PSA_KEY_EXPORT_MAX_SIZE( source->attr.type,
+ psa_get_key_slot_bits( source ) );
buffer = mbedtls_calloc( 1, buffer_size );
if( buffer == NULL && buffer_size != 0 )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = psa_internal_export_key( source, buffer, buffer_size, &length, 0 );
if( status != PSA_SUCCESS )
goto exit;
- status = psa_import_key( target, source->type, buffer, length );
+ target->attr.type = source->attr.type;
+ status = psa_import_key_into_slot( target, buffer, length );
exit:
if( buffer_size != 0 )
@@ -1245,38 +1972,58 @@
return( status );
}
-psa_status_t psa_copy_key(psa_key_handle_t source_handle,
- psa_key_handle_t target_handle,
- const psa_key_policy_t *constraint)
+psa_status_t psa_copy_key( psa_key_handle_t source_handle,
+ const psa_key_attributes_t *specified_attributes,
+ psa_key_handle_t *target_handle )
{
+ psa_status_t status;
psa_key_slot_t *source_slot = NULL;
psa_key_slot_t *target_slot = NULL;
- psa_key_policy_t new_policy;
- psa_status_t status;
- status = psa_get_key_from_slot( source_handle, &source_slot, 0, 0 );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_get_empty_key_slot( target_handle, &target_slot );
- if( status != PSA_SUCCESS )
- return( status );
+ psa_key_attributes_t actual_attributes = *specified_attributes;
+ psa_se_drv_table_entry_t *driver = NULL;
- new_policy = target_slot->policy;
- status = psa_restrict_key_policy( &new_policy, &source_slot->policy );
+ status = psa_get_transparent_key( source_handle, &source_slot,
+ PSA_KEY_USAGE_COPY, 0 );
if( status != PSA_SUCCESS )
- return( status );
- if( constraint != NULL )
+ goto exit;
+
+ status = psa_validate_optional_attributes( source_slot,
+ specified_attributes );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_restrict_key_policy( &actual_attributes.core.policy,
+ &source_slot->attr.policy );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_start_key_creation( PSA_KEY_CREATION_COPY,
+ &actual_attributes,
+ target_handle, &target_slot, &driver );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( driver != NULL )
{
- status = psa_restrict_key_policy( &new_policy, constraint );
- if( status != PSA_SUCCESS )
- return( status );
+ /* Copying to a secure element is not implemented yet. */
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
}
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- status = psa_copy_key_material( source_slot, target_handle );
+ status = psa_copy_key_material( source_slot, target_slot );
if( status != PSA_SUCCESS )
- return( status );
+ goto exit;
- target_slot->policy = new_policy;
- return( PSA_SUCCESS );
+ status = psa_finish_key_creation( target_slot, driver );
+exit:
+ if( status != PSA_SUCCESS )
+ {
+ psa_fail_key_creation( target_slot, driver );
+ *target_handle = 0;
+ }
+ return( status );
}
@@ -1703,6 +2450,7 @@
switch( alg )
{
case PSA_ALG_ARC4:
+ case PSA_ALG_CHACHA20:
mode = MBEDTLS_MODE_STREAM;
break;
case PSA_ALG_CTR:
@@ -1726,14 +2474,15 @@
case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ):
mode = MBEDTLS_MODE_GCM;
break;
+ case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CHACHA20_POLY1305, 0 ):
+ mode = MBEDTLS_MODE_CHACHAPOLY;
+ break;
default:
return( NULL );
}
}
else if( alg == PSA_ALG_CMAC )
mode = MBEDTLS_MODE_ECB;
- else if( alg == PSA_ALG_GMAC )
- mode = MBEDTLS_MODE_GCM;
else
return( NULL );
@@ -1761,6 +2510,9 @@
case PSA_KEY_TYPE_ARC4:
cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4;
break;
+ case PSA_KEY_TYPE_CHACHA20:
+ cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
+ break;
default:
return( NULL );
}
@@ -1848,12 +2600,6 @@
mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
return( psa_hash_abort( &hmac->hash_ctx ) );
}
-
-static void psa_hmac_init_internal( psa_hmac_internal_data *hmac )
-{
- /* Instances of psa_hash_operation_s can be initialized by zeroization. */
- memset( hmac, 0, sizeof( *hmac ) );
-}
#endif /* MBEDTLS_MD_C */
psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
@@ -1931,7 +2677,7 @@
size_t key_length,
psa_algorithm_t hash_alg )
{
- unsigned char ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
+ uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
size_t i;
size_t hash_size = PSA_HASH_SIZE( hash_alg );
size_t block_size = psa_get_hash_block_size( hash_alg );
@@ -2005,7 +2751,7 @@
size_t key_bits;
psa_key_usage_t usage =
is_sign ? PSA_KEY_USAGE_SIGN : PSA_KEY_USAGE_VERIFY;
- unsigned char truncated = PSA_MAC_TRUNCATED_LENGTH( alg );
+ uint8_t truncated = PSA_MAC_TRUNCATED_LENGTH( alg );
psa_algorithm_t full_length_alg = PSA_ALG_FULL_LENGTH_MAC( alg );
/* A context must be freshly initialized before it can be set up. */
@@ -2020,17 +2766,17 @@
if( is_sign )
operation->is_sign = 1;
- status = psa_get_key_from_slot( handle, &slot, usage, alg );
+ status = psa_get_transparent_key( handle, &slot, usage, alg );
if( status != PSA_SUCCESS )
goto exit;
- key_bits = psa_get_key_bits( slot );
+ key_bits = psa_get_key_slot_bits( slot );
#if defined(MBEDTLS_CMAC_C)
if( full_length_alg == PSA_ALG_CMAC )
{
const mbedtls_cipher_info_t *cipher_info =
mbedtls_cipher_info_from_psa( full_length_alg,
- slot->type, key_bits, NULL );
+ slot->attr.type, key_bits, NULL );
int ret;
if( cipher_info == NULL )
{
@@ -2062,7 +2808,7 @@
goto exit;
}
- if( slot->type != PSA_KEY_TYPE_HMAC )
+ if( slot->attr.type != PSA_KEY_TYPE_HMAC )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
@@ -2170,7 +2916,7 @@
uint8_t *mac,
size_t mac_size )
{
- unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
+ uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
psa_algorithm_t hash_alg = hmac->hash_ctx.alg;
size_t hash_size = 0;
size_t block_size = psa_get_hash_block_size( hash_alg );
@@ -2596,20 +3342,42 @@
{
psa_key_slot_t *slot;
psa_status_t status;
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ const psa_drv_se_t *drv;
+ psa_drv_se_context_t *drv_context;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
*signature_length = signature_size;
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN, alg );
if( status != PSA_SUCCESS )
goto exit;
- if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
+ if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
+ {
+ if( drv->asymmetric == NULL ||
+ drv->asymmetric->p_sign == NULL )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ status = drv->asymmetric->p_sign( drv_context,
+ slot->data.se.slot_number,
+ alg,
+ hash, hash_length,
+ signature, signature_size,
+ signature_length );
+ }
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_RSA_C)
- if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
status = psa_rsa_sign( slot->data.rsa,
alg,
@@ -2620,7 +3388,7 @@
else
#endif /* defined(MBEDTLS_RSA_C) */
#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{
#if defined(MBEDTLS_ECDSA_C)
if(
@@ -2671,13 +3439,31 @@
{
psa_key_slot_t *slot;
psa_status_t status;
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ const psa_drv_se_t *drv;
+ psa_drv_se_context_t *drv_context;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY, alg );
if( status != PSA_SUCCESS )
return( status );
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
+ {
+ if( drv->asymmetric == NULL ||
+ drv->asymmetric->p_verify == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ return( drv->asymmetric->p_verify( drv_context,
+ slot->data.se.slot_number,
+ alg,
+ hash, hash_length,
+ signature, signature_length ) );
+ }
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_RSA_C)
- if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+ if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
return( psa_rsa_verify( slot->data.rsa,
alg,
@@ -2687,7 +3473,7 @@
else
#endif /* defined(MBEDTLS_RSA_C) */
#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{
#if defined(MBEDTLS_ECDSA_C)
if( PSA_ALG_IS_ECDSA( alg ) )
@@ -2742,20 +3528,20 @@
if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
- status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
+ status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
- if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) ||
- PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) ) )
+ if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) ||
+ PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) )
return( PSA_ERROR_INVALID_ARGUMENT );
#if defined(MBEDTLS_RSA_C)
- if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+ if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
mbedtls_rsa_context *rsa = slot->data.rsa;
int ret;
if( output_size < mbedtls_rsa_get_len( rsa ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
#if defined(MBEDTLS_PKCS1_V15)
if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
{
@@ -2822,14 +3608,14 @@
if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
- status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_DECRYPT, alg );
+ status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_DECRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
- if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
+ if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
#if defined(MBEDTLS_RSA_C)
- if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
mbedtls_rsa_context *rsa = slot->data.rsa;
int ret;
@@ -2931,12 +3717,12 @@
if( status != PSA_SUCCESS )
return( status );
- status = psa_get_key_from_slot( handle, &slot, usage, alg);
+ status = psa_get_transparent_key( handle, &slot, usage, alg);
if( status != PSA_SUCCESS )
goto exit;
- key_bits = psa_get_key_bits( slot );
+ key_bits = psa_get_key_slot_bits( slot );
- cipher_info = mbedtls_cipher_info_from_psa( alg, slot->type, key_bits, NULL );
+ cipher_info = mbedtls_cipher_info_from_psa( alg, slot->attr.type, key_bits, NULL );
if( cipher_info == NULL )
{
status = PSA_ERROR_NOT_SUPPORTED;
@@ -2948,10 +3734,10 @@
goto exit;
#if defined(MBEDTLS_DES_C)
- if( slot->type == PSA_KEY_TYPE_DES && key_bits == 128 )
+ if( slot->attr.type == PSA_KEY_TYPE_DES && key_bits == 128 )
{
/* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
- unsigned char keys[24];
+ uint8_t keys[24];
memcpy( keys, slot->data.raw.data, 16 );
memcpy( keys + 16, slot->data.raw.data, 8 );
ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
@@ -2990,11 +3776,16 @@
operation->key_set = 1;
operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
- PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->type ) );
+ PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ) );
if( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG )
{
- operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->type );
+ operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type );
}
+#if defined(MBEDTLS_CHACHA20_C)
+ else
+ if( alg == PSA_ALG_CHACHA20 )
+ operation->iv_size = 12;
+#endif
exit:
if( status == 0 )
@@ -3019,7 +3810,7 @@
}
psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
- unsigned char *iv,
+ uint8_t *iv,
size_t iv_size,
size_t *iv_length )
{
@@ -3052,7 +3843,7 @@
}
psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
- const unsigned char *iv,
+ const uint8_t *iv,
size_t iv_length )
{
psa_status_t status;
@@ -3079,7 +3870,7 @@
psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
- unsigned char *output,
+ uint8_t *output,
size_t output_size,
size_t *output_length )
{
@@ -3211,108 +4002,6 @@
-/****************************************************************/
-/* Key Policy */
-/****************************************************************/
-
-#if !defined(MBEDTLS_PSA_CRYPTO_SPM)
-void psa_key_policy_set_usage( psa_key_policy_t *policy,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
-{
- policy->usage = usage;
- policy->alg = alg;
-}
-
-psa_key_usage_t psa_key_policy_get_usage( const psa_key_policy_t *policy )
-{
- return( policy->usage );
-}
-
-psa_algorithm_t psa_key_policy_get_algorithm( const psa_key_policy_t *policy )
-{
- return( policy->alg );
-}
-
-void psa_key_policy_set_enrollment_algorithm( psa_key_policy_t *policy,
- psa_algorithm_t alg2 )
-{
- policy->alg2 = alg2;
-}
-
-psa_algorithm_t psa_key_policy_get_enrollment_algorithm(
- const psa_key_policy_t *policy )
-{
- return( policy->alg2 );
-}
-#endif /* !defined(MBEDTLS_PSA_CRYPTO_SPM) */
-
-psa_status_t psa_set_key_policy( psa_key_handle_t handle,
- const psa_key_policy_t *policy )
-{
- psa_key_slot_t *slot;
- psa_status_t status;
-
- if( policy == NULL )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
- status = psa_get_empty_key_slot( handle, &slot );
- if( status != PSA_SUCCESS )
- return( status );
-
- if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT |
- PSA_KEY_USAGE_ENCRYPT |
- PSA_KEY_USAGE_DECRYPT |
- PSA_KEY_USAGE_SIGN |
- PSA_KEY_USAGE_VERIFY |
- PSA_KEY_USAGE_DERIVE ) ) != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
- slot->policy = *policy;
-
- return( PSA_SUCCESS );
-}
-
-psa_status_t psa_get_key_policy( psa_key_handle_t handle,
- psa_key_policy_t *policy )
-{
- psa_key_slot_t *slot;
- psa_status_t status;
-
- if( policy == NULL )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
- status = psa_get_key_slot( handle, &slot );
- if( status != PSA_SUCCESS )
- return( status );
-
- *policy = slot->policy;
-
- return( PSA_SUCCESS );
-}
-
-
-
-/****************************************************************/
-/* Key Lifetime */
-/****************************************************************/
-
-psa_status_t psa_get_key_lifetime( psa_key_handle_t handle,
- psa_key_lifetime_t *lifetime )
-{
- psa_key_slot_t *slot;
- psa_status_t status;
-
- status = psa_get_key_slot( handle, &slot );
- if( status != PSA_SUCCESS )
- return( status );
-
- *lifetime = slot->lifetime;
-
- return( PSA_SUCCESS );
-}
-
-
/****************************************************************/
/* AEAD */
@@ -3330,13 +4019,16 @@
#if defined(MBEDTLS_GCM_C)
mbedtls_gcm_context gcm;
#endif /* MBEDTLS_GCM_C */
+#if defined(MBEDTLS_CHACHAPOLY_C)
+ mbedtls_chachapoly_context chachapoly;
+#endif /* MBEDTLS_CHACHAPOLY_C */
} ctx;
psa_algorithm_t core_alg;
uint8_t full_tag_length;
uint8_t tag_length;
} aead_operation_t;
-static void psa_aead_abort( aead_operation_t *operation )
+static void psa_aead_abort_internal( aead_operation_t *operation )
{
switch( operation->core_alg )
{
@@ -3362,14 +4054,14 @@
size_t key_bits;
mbedtls_cipher_id_t cipher_id;
- status = psa_get_key_from_slot( handle, &operation->slot, usage, alg );
+ status = psa_get_transparent_key( handle, &operation->slot, usage, alg );
if( status != PSA_SUCCESS )
return( status );
- key_bits = psa_get_key_bits( operation->slot );
+ key_bits = psa_get_key_slot_bits( operation->slot );
operation->cipher_info =
- mbedtls_cipher_info_from_psa( alg, operation->slot->type, key_bits,
+ mbedtls_cipher_info_from_psa( alg, operation->slot->attr.type, key_bits,
&cipher_id );
if( operation->cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
@@ -3380,7 +4072,10 @@
case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 0 ):
operation->core_alg = PSA_ALG_CCM;
operation->full_tag_length = 16;
- if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->type ) != 16 )
+ /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
+ * The call to mbedtls_ccm_encrypt_and_tag or
+ * mbedtls_ccm_auth_decrypt will validate the tag length. */
+ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->attr.type ) != 16 )
return( PSA_ERROR_INVALID_ARGUMENT );
mbedtls_ccm_init( &operation->ctx.ccm );
status = mbedtls_to_psa_error(
@@ -3396,16 +4091,37 @@
case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ):
operation->core_alg = PSA_ALG_GCM;
operation->full_tag_length = 16;
- if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->type ) != 16 )
+ /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
+ * The call to mbedtls_gcm_crypt_and_tag or
+ * mbedtls_gcm_auth_decrypt will validate the tag length. */
+ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->attr.type ) != 16 )
return( PSA_ERROR_INVALID_ARGUMENT );
mbedtls_gcm_init( &operation->ctx.gcm );
status = mbedtls_to_psa_error(
mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
operation->slot->data.raw.data,
(unsigned int) key_bits ) );
+ if( status != 0 )
+ goto cleanup;
break;
#endif /* MBEDTLS_GCM_C */
+#if defined(MBEDTLS_CHACHAPOLY_C)
+ case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CHACHA20_POLY1305, 0 ):
+ operation->core_alg = PSA_ALG_CHACHA20_POLY1305;
+ operation->full_tag_length = 16;
+ /* We only support the default tag length. */
+ if( alg != PSA_ALG_CHACHA20_POLY1305 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ mbedtls_chachapoly_init( &operation->ctx.chachapoly );
+ status = mbedtls_to_psa_error(
+ mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
+ operation->slot->data.raw.data ) );
+ if( status != 0 )
+ goto cleanup;
+ break;
+#endif /* MBEDTLS_CHACHAPOLY_C */
+
default:
return( PSA_ERROR_NOT_SUPPORTED );
}
@@ -3416,14 +4132,11 @@
goto cleanup;
}
operation->tag_length = PSA_AEAD_TAG_LENGTH( alg );
- /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
- * GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
- * In both cases, mbedtls_xxx will validate the tag length below. */
return( PSA_SUCCESS );
cleanup:
- psa_aead_abort( operation );
+ psa_aead_abort_internal( operation );
return( status );
}
@@ -3486,6 +4199,26 @@
}
else
#endif /* MBEDTLS_CCM_C */
+#if defined(MBEDTLS_CHACHAPOLY_C)
+ if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
+ {
+ if( nonce_length != 12 || operation.tag_length != 16 )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ status = mbedtls_to_psa_error(
+ mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly,
+ plaintext_length,
+ nonce,
+ additional_data,
+ additional_data_length,
+ plaintext,
+ ciphertext,
+ tag ) );
+ }
+ else
+#endif /* MBEDTLS_CHACHAPOLY_C */
{
return( PSA_ERROR_NOT_SUPPORTED );
}
@@ -3494,7 +4227,7 @@
memset( ciphertext, 0, ciphertext_size );
exit:
- psa_aead_abort( &operation );
+ psa_aead_abort_internal( &operation );
if( status == PSA_SUCCESS )
*ciphertext_length = plaintext_length + operation.tag_length;
return( status );
@@ -3543,15 +4276,15 @@
if( status != PSA_SUCCESS )
return( status );
+ status = psa_aead_unpadded_locate_tag( operation.tag_length,
+ ciphertext, ciphertext_length,
+ plaintext_size, &tag );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
#if defined(MBEDTLS_GCM_C)
if( operation.core_alg == PSA_ALG_GCM )
{
- status = psa_aead_unpadded_locate_tag( operation.tag_length,
- ciphertext, ciphertext_length,
- plaintext_size, &tag );
- if( status != PSA_SUCCESS )
- goto exit;
-
status = mbedtls_to_psa_error(
mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
ciphertext_length - operation.tag_length,
@@ -3566,12 +4299,6 @@
#if defined(MBEDTLS_CCM_C)
if( operation.core_alg == PSA_ALG_CCM )
{
- status = psa_aead_unpadded_locate_tag( operation.tag_length,
- ciphertext, ciphertext_length,
- plaintext_size, &tag );
- if( status != PSA_SUCCESS )
- goto exit;
-
status = mbedtls_to_psa_error(
mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
ciphertext_length - operation.tag_length,
@@ -3583,6 +4310,26 @@
}
else
#endif /* MBEDTLS_CCM_C */
+#if defined(MBEDTLS_CHACHAPOLY_C)
+ if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
+ {
+ if( nonce_length != 12 || operation.tag_length != 16 )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ status = mbedtls_to_psa_error(
+ mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly,
+ ciphertext_length - operation.tag_length,
+ nonce,
+ additional_data,
+ additional_data_length,
+ tag,
+ ciphertext,
+ plaintext ) );
+ }
+ else
+#endif /* MBEDTLS_CHACHAPOLY_C */
{
return( PSA_ERROR_NOT_SUPPORTED );
}
@@ -3591,7 +4338,7 @@
memset( plaintext, 0, plaintext_size );
exit:
- psa_aead_abort( &operation );
+ psa_aead_abort_internal( &operation );
if( status == PSA_SUCCESS )
*plaintext_length = ciphertext_length - operation.tag_length;
return( status );
@@ -3603,77 +4350,98 @@
/* Generators */
/****************************************************************/
-psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
+#define HKDF_STATE_INIT 0 /* no input yet */
+#define HKDF_STATE_STARTED 1 /* got salt */
+#define HKDF_STATE_KEYED 2 /* got key */
+#define HKDF_STATE_OUTPUT 3 /* output started */
+
+static psa_algorithm_t psa_key_derivation_get_kdf_alg(
+ const psa_key_derivation_operation_t *operation )
+{
+ if ( PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
+ return( PSA_ALG_KEY_AGREEMENT_GET_KDF( operation->alg ) );
+ else
+ return( operation->alg );
+}
+
+
+psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation )
{
psa_status_t status = PSA_SUCCESS;
- if( generator->alg == 0 )
+ psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
+ if( kdf_alg == 0 )
{
/* The object has (apparently) been initialized but it is not
* in use. It's ok to call abort on such an object, and there's
* nothing to do. */
}
else
- if( generator->alg == PSA_ALG_SELECT_RAW )
- {
- if( generator->ctx.buffer.data != NULL )
- {
- mbedtls_platform_zeroize( generator->ctx.buffer.data,
- generator->ctx.buffer.size );
- mbedtls_free( generator->ctx.buffer.data );
- }
- }
- else
#if defined(MBEDTLS_MD_C)
- if( PSA_ALG_IS_HKDF( generator->alg ) )
+ if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
- mbedtls_free( generator->ctx.hkdf.info );
- status = psa_hmac_abort_internal( &generator->ctx.hkdf.hmac );
+ mbedtls_free( operation->ctx.hkdf.info );
+ status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac );
}
- else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) ||
- /* TLS-1.2 PSK-to-MS KDF uses the same generator as TLS-1.2 PRF */
- PSA_ALG_IS_TLS12_PSK_TO_MS( generator->alg ) )
+ else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
+ /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
+ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
- if( generator->ctx.tls12_prf.key != NULL )
+ if( operation->ctx.tls12_prf.seed != NULL )
{
- mbedtls_platform_zeroize( generator->ctx.tls12_prf.key,
- generator->ctx.tls12_prf.key_len );
- mbedtls_free( generator->ctx.tls12_prf.key );
+ mbedtls_platform_zeroize( operation->ctx.tls12_prf.seed,
+ operation->ctx.tls12_prf.seed_length );
+ mbedtls_free( operation->ctx.tls12_prf.seed );
}
- if( generator->ctx.tls12_prf.Ai_with_seed != NULL )
+ if( operation->ctx.tls12_prf.label != NULL )
{
- mbedtls_platform_zeroize( generator->ctx.tls12_prf.Ai_with_seed,
- generator->ctx.tls12_prf.Ai_with_seed_len );
- mbedtls_free( generator->ctx.tls12_prf.Ai_with_seed );
+ mbedtls_platform_zeroize( operation->ctx.tls12_prf.label,
+ operation->ctx.tls12_prf.label_length );
+ mbedtls_free( operation->ctx.tls12_prf.label );
}
+
+ status = psa_hmac_abort_internal( &operation->ctx.tls12_prf.hmac );
+
+ /* We leave the fields Ai and output_block to be erased safely by the
+ * mbedtls_platform_zeroize() in the end of this function. */
}
else
#endif /* MBEDTLS_MD_C */
{
status = PSA_ERROR_BAD_STATE;
}
- memset( generator, 0, sizeof( *generator ) );
+ mbedtls_platform_zeroize( operation, sizeof( *operation ) );
return( status );
}
-
-psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
+psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
size_t *capacity)
{
- if( generator->alg == 0 )
+ if( operation->alg == 0 )
{
- /* This is a blank generator. */
+ /* This is a blank key derivation operation. */
return PSA_ERROR_BAD_STATE;
}
- *capacity = generator->capacity;
+ *capacity = operation->capacity;
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation,
+ size_t capacity )
+{
+ if( operation->alg == 0 )
+ return( PSA_ERROR_BAD_STATE );
+ if( capacity > operation->capacity )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ operation->capacity = capacity;
return( PSA_SUCCESS );
}
#if defined(MBEDTLS_MD_C)
-/* Read some bytes from an HKDF-based generator. This performs a chunk
+/* Read some bytes from an HKDF-based operation. This performs a chunk
* of the expand phase of the HKDF algorithm. */
-static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf,
+static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf,
psa_algorithm_t hash_alg,
uint8_t *output,
size_t output_length )
@@ -3681,6 +4449,10 @@
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
psa_status_t status;
+ if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set )
+ return( PSA_ERROR_BAD_STATE );
+ hkdf->state = HKDF_STATE_OUTPUT;
+
while( output_length != 0 )
{
/* Copy what remains of the current block */
@@ -3694,8 +4466,8 @@
if( output_length == 0 )
break;
/* We can't be wanting more output after block 0xff, otherwise
- * the capacity check in psa_generator_read() would have
- * prevented this call. It could happen only if the generator
+ * the capacity check in psa_key_derivation_output_bytes() would have
+ * prevented this call. It could happen only if the operation
* object was corrupted or if this function is called directly
* inside the library. */
if( hkdf->block_number == 0xff )
@@ -3736,29 +4508,26 @@
return( PSA_SUCCESS );
}
-static psa_status_t psa_generator_tls12_prf_generate_next_block(
- psa_tls12_prf_generator_t *tls12_prf,
+static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
+ psa_tls12_prf_key_derivation_t *tls12_prf,
psa_algorithm_t alg )
{
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
- psa_hmac_internal_data hmac;
+ psa_hash_operation_t backup = PSA_HASH_OPERATION_INIT;
psa_status_t status, cleanup_status;
- unsigned char *Ai;
- size_t Ai_len;
-
/* We can't be wanting more output after block 0xff, otherwise
- * the capacity check in psa_generator_read() would have
- * prevented this call. It could happen only if the generator
+ * the capacity check in psa_key_derivation_output_bytes() would have
+ * prevented this call. It could happen only if the operation
* object was corrupted or if this function is called directly
* inside the library. */
if( tls12_prf->block_number == 0xff )
- return( PSA_ERROR_BAD_STATE );
+ return( PSA_ERROR_CORRUPTION_DETECTED );
/* We need a new block */
++tls12_prf->block_number;
- tls12_prf->offset_in_block = 0;
+ tls12_prf->left_in_block = hash_length;
/* Recall the definition of the TLS-1.2-PRF from RFC 5246:
*
@@ -3769,187 +4538,171 @@
* HMAC_hash(secret, A(3) + seed) + ...
*
* A(0) = seed
- * A(i) = HMAC_hash( secret, A(i-1) )
+ * A(i) = HMAC_hash(secret, A(i-1))
*
- * The `psa_tls12_prf_generator` structures saves the block
+ * The `psa_tls12_prf_key_derivation` structure saves the block
* `HMAC_hash(secret, A(i) + seed)` from which the output
- * is currently extracted as `output_block`, while
- * `A(i) + seed` is stored in `Ai_with_seed`.
- *
- * Generating a new block means recalculating `Ai_with_seed`
- * from the A(i)-part of it, and afterwards recalculating
- * `output_block`.
- *
- * A(0) is computed at setup time.
- *
+ * is currently extracted as `output_block` and where i is
+ * `block_number`.
*/
- psa_hmac_init_internal( &hmac );
+ /* Save the hash context before using it, to preserve the hash state with
+ * only the inner padding in it. We need this, because inner padding depends
+ * on the key (secret in the RFC's terminology). */
+ status = psa_hash_clone( &tls12_prf->hmac.hash_ctx, &backup );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
- /* We must distinguish the calculation of A(1) from those
- * of A(2) and higher, because A(0)=seed has a different
- * length than the other A(i). */
+ /* Calculate A(i) where i = tls12_prf->block_number. */
if( tls12_prf->block_number == 1 )
{
- Ai = tls12_prf->Ai_with_seed + hash_length;
- Ai_len = tls12_prf->Ai_with_seed_len - hash_length;
+ /* A(1) = HMAC_hash(secret, A(0)), where A(0) = seed. (The RFC overloads
+ * the variable seed and in this instance means it in the context of the
+ * P_hash function, where seed = label + seed.) */
+ status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
+ tls12_prf->label, tls12_prf->label_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
+ tls12_prf->seed, tls12_prf->seed_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
}
else
{
- Ai = tls12_prf->Ai_with_seed;
- Ai_len = hash_length;
+ /* A(i) = HMAC_hash(secret, A(i-1)) */
+ status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
+ tls12_prf->Ai, hash_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
}
- /* Compute A(i+1) = HMAC_hash(secret, A(i)) */
- status = psa_hmac_setup_internal( &hmac,
- tls12_prf->key,
- tls12_prf->key_len,
- hash_alg );
+ status = psa_hmac_finish_internal( &tls12_prf->hmac,
+ tls12_prf->Ai, hash_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ status = psa_hash_clone( &backup, &tls12_prf->hmac.hash_ctx );
if( status != PSA_SUCCESS )
goto cleanup;
- status = psa_hash_update( &hmac.hash_ctx,
- Ai, Ai_len );
+ /* Calculate HMAC_hash(secret, A(i) + label + seed). */
+ status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
+ tls12_prf->Ai, hash_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
+ tls12_prf->label, tls12_prf->label_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
+ tls12_prf->seed, tls12_prf->seed_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ status = psa_hmac_finish_internal( &tls12_prf->hmac,
+ tls12_prf->output_block, hash_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ status = psa_hash_clone( &backup, &tls12_prf->hmac.hash_ctx );
if( status != PSA_SUCCESS )
goto cleanup;
- status = psa_hmac_finish_internal( &hmac,
- tls12_prf->Ai_with_seed,
- hash_length );
- if( status != PSA_SUCCESS )
- goto cleanup;
-
- /* Compute the next block `HMAC_hash(secret, A(i+1) + seed)`. */
- status = psa_hmac_setup_internal( &hmac,
- tls12_prf->key,
- tls12_prf->key_len,
- hash_alg );
- if( status != PSA_SUCCESS )
- goto cleanup;
-
- status = psa_hash_update( &hmac.hash_ctx,
- tls12_prf->Ai_with_seed,
- tls12_prf->Ai_with_seed_len );
- if( status != PSA_SUCCESS )
- goto cleanup;
-
- status = psa_hmac_finish_internal( &hmac,
- tls12_prf->output_block,
- hash_length );
- if( status != PSA_SUCCESS )
- goto cleanup;
cleanup:
- cleanup_status = psa_hmac_abort_internal( &hmac );
+ cleanup_status = psa_hash_abort( &backup );
if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS )
status = cleanup_status;
return( status );
}
-/* Read some bytes from an TLS-1.2-PRF-based generator.
- * See Section 5 of RFC 5246. */
-static psa_status_t psa_generator_tls12_prf_read(
- psa_tls12_prf_generator_t *tls12_prf,
- psa_algorithm_t alg,
- uint8_t *output,
- size_t output_length )
+static psa_status_t psa_key_derivation_tls12_prf_read(
+ psa_tls12_prf_key_derivation_t *tls12_prf,
+ psa_algorithm_t alg,
+ uint8_t *output,
+ size_t output_length )
{
psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
psa_status_t status;
+ uint8_t offset, length;
while( output_length != 0 )
{
- /* Copy what remains of the current block */
- uint8_t n = hash_length - tls12_prf->offset_in_block;
-
/* Check if we have fully processed the current block. */
- if( n == 0 )
+ if( tls12_prf->left_in_block == 0 )
{
- status = psa_generator_tls12_prf_generate_next_block( tls12_prf,
- alg );
+ status = psa_key_derivation_tls12_prf_generate_next_block( tls12_prf,
+ alg );
if( status != PSA_SUCCESS )
return( status );
continue;
}
- if( n > output_length )
- n = (uint8_t) output_length;
- memcpy( output, tls12_prf->output_block + tls12_prf->offset_in_block,
- n );
- output += n;
- output_length -= n;
- tls12_prf->offset_in_block += n;
+ if( tls12_prf->left_in_block > output_length )
+ length = (uint8_t) output_length;
+ else
+ length = tls12_prf->left_in_block;
+
+ offset = hash_length - tls12_prf->left_in_block;
+ memcpy( output, tls12_prf->output_block + offset, length );
+ output += length;
+ output_length -= length;
+ tls12_prf->left_in_block -= length;
}
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_MD_C */
-psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
- uint8_t *output,
- size_t output_length )
+psa_status_t psa_key_derivation_output_bytes(
+ psa_key_derivation_operation_t *operation,
+ uint8_t *output,
+ size_t output_length )
{
psa_status_t status;
+ psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
- if( generator->alg == 0 )
+ if( operation->alg == 0 )
{
- /* This is a blank generator. */
+ /* This is a blank operation. */
return PSA_ERROR_BAD_STATE;
}
- if( output_length > generator->capacity )
+ if( output_length > operation->capacity )
{
- generator->capacity = 0;
+ operation->capacity = 0;
/* Go through the error path to wipe all confidential data now
- * that the generator object is useless. */
+ * that the operation object is useless. */
status = PSA_ERROR_INSUFFICIENT_DATA;
goto exit;
}
- if( output_length == 0 && generator->capacity == 0 )
+ if( output_length == 0 && operation->capacity == 0 )
{
- /* Edge case: this is a finished generator, and 0 bytes
+ /* Edge case: this is a finished operation, and 0 bytes
* were requested. The right error in this case could
* be either INSUFFICIENT_CAPACITY or BAD_STATE. Return
* INSUFFICIENT_CAPACITY, which is right for a finished
- * generator, for consistency with the case when
+ * operation, for consistency with the case when
* output_length > 0. */
return( PSA_ERROR_INSUFFICIENT_DATA );
}
- generator->capacity -= output_length;
+ operation->capacity -= output_length;
- if( generator->alg == PSA_ALG_SELECT_RAW )
- {
- /* Initially, the capacity of a selection generator is always
- * the size of the buffer, i.e. `generator->ctx.buffer.size`,
- * abbreviated in this comment as `size`. When the remaining
- * capacity is `c`, the next bytes to serve start `c` bytes
- * from the end of the buffer, i.e. `size - c` from the
- * beginning of the buffer. Since `generator->capacity` was just
- * decremented above, we need to serve the bytes from
- * `size - generator->capacity - output_length` to
- * `size - generator->capacity`. */
- size_t offset =
- generator->ctx.buffer.size - generator->capacity - output_length;
- memcpy( output, generator->ctx.buffer.data + offset, output_length );
- status = PSA_SUCCESS;
- }
- else
#if defined(MBEDTLS_MD_C)
- if( PSA_ALG_IS_HKDF( generator->alg ) )
+ if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
- psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( generator->alg );
- status = psa_generator_hkdf_read( &generator->ctx.hkdf, hash_alg,
+ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
+ status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg,
output, output_length );
}
- else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( generator->alg ) )
+ else
+ if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
- status = psa_generator_tls12_prf_read( &generator->ctx.tls12_prf,
- generator->alg, output,
+ status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf,
+ kdf_alg, output,
output_length );
}
else
@@ -3962,12 +4715,12 @@
if( status != PSA_SUCCESS )
{
/* Preserve the algorithm upon errors, but clear all sensitive state.
- * This allows us to differentiate between exhausted generators and
- * blank generators, so we can return PSA_ERROR_BAD_STATE on blank
- * generators. */
- psa_algorithm_t alg = generator->alg;
- psa_generator_abort( generator );
- generator->alg = alg;
+ * This allows us to differentiate between exhausted operations and
+ * blank operations, so we can return PSA_ERROR_BAD_STATE on blank
+ * operations. */
+ psa_algorithm_t alg = operation->alg;
+ psa_key_derivation_abort( operation );
+ operation->alg = alg;
memset( output, '!', output_length );
}
return( status );
@@ -3985,16 +4738,16 @@
}
#endif /* MBEDTLS_DES_C */
-psa_status_t psa_generator_import_key( psa_key_handle_t handle,
- psa_key_type_t type,
- size_t bits,
- psa_crypto_generator_t *generator )
+static psa_status_t psa_generate_derived_key_internal(
+ psa_key_slot_t *slot,
+ size_t bits,
+ psa_key_derivation_operation_t *operation )
{
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES( bits );
psa_status_t status;
- if( ! key_type_is_raw_bytes( type ) )
+ if( ! key_type_is_raw_bytes( slot->attr.type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
if( bits % 8 != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
@@ -4002,143 +4755,234 @@
if( data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
- status = psa_generator_read( generator, data, bytes );
+ status = psa_key_derivation_output_bytes( operation, data, bytes );
if( status != PSA_SUCCESS )
goto exit;
#if defined(MBEDTLS_DES_C)
- if( type == PSA_KEY_TYPE_DES )
+ if( slot->attr.type == PSA_KEY_TYPE_DES )
psa_des_set_key_parity( data, bytes );
#endif /* MBEDTLS_DES_C */
- status = psa_import_key( handle, type, data, bytes );
+ status = psa_import_key_into_slot( slot, data, bytes );
exit:
mbedtls_free( data );
return( status );
}
+psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes,
+ psa_key_derivation_operation_t *operation,
+ psa_key_handle_t *handle )
+{
+ psa_status_t status;
+ psa_key_slot_t *slot = NULL;
+ psa_se_drv_table_entry_t *driver = NULL;
+ status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE,
+ attributes, handle, &slot, &driver );
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( driver != NULL )
+ {
+ /* Deriving a key in a secure element is not implemented yet. */
+ status = PSA_ERROR_NOT_SUPPORTED;
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ if( status == PSA_SUCCESS )
+ {
+ status = psa_generate_derived_key_internal( slot,
+ attributes->core.bits,
+ operation );
+ }
+ if( status == PSA_SUCCESS )
+ status = psa_finish_key_creation( slot, driver );
+ if( status != PSA_SUCCESS )
+ {
+ psa_fail_key_creation( slot, driver );
+ *handle = 0;
+ }
+ return( status );
+}
+
/****************************************************************/
/* Key derivation */
/****************************************************************/
+static psa_status_t psa_key_derivation_setup_kdf(
+ psa_key_derivation_operation_t *operation,
+ psa_algorithm_t kdf_alg )
+{
+ /* Make sure that operation->ctx is properly zero-initialised. (Macro
+ * initialisers for this union leave some bytes unspecified.) */
+ memset( &operation->ctx, 0, sizeof( operation->ctx ) );
+
+ /* Make sure that kdf_alg is a supported key derivation algorithm. */
#if defined(MBEDTLS_MD_C)
-/* Set up an HKDF-based generator. This is exactly the extract phase
- * of the HKDF algorithm.
- *
- * Note that if this function fails, you must call psa_generator_abort()
- * to potentially free embedded data structures and wipe confidential data.
- */
-static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf,
- const uint8_t *secret,
- size_t secret_length,
- psa_algorithm_t hash_alg,
- const uint8_t *salt,
- size_t salt_length,
- const uint8_t *label,
- size_t label_length )
+ if( PSA_ALG_IS_HKDF( kdf_alg ) ||
+ PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
+ {
+ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
+ size_t hash_size = PSA_HASH_SIZE( hash_alg );
+ if( hash_size == 0 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
+ ! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) )
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ operation->capacity = 255 * hash_size;
+ return( PSA_SUCCESS );
+ }
+#endif /* MBEDTLS_MD_C */
+ else
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation,
+ psa_algorithm_t alg )
{
psa_status_t status;
- status = psa_hmac_setup_internal( &hkdf->hmac,
- salt, salt_length,
- PSA_ALG_HMAC_GET_HASH( hash_alg ) );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_hash_update( &hkdf->hmac.hash_ctx, secret, secret_length );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_hmac_finish_internal( &hkdf->hmac,
- hkdf->prk,
- sizeof( hkdf->prk ) );
- if( status != PSA_SUCCESS )
- return( status );
- hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg );
- hkdf->block_number = 0;
- hkdf->info_length = label_length;
- if( label_length != 0 )
+
+ if( operation->alg != 0 )
+ return( PSA_ERROR_BAD_STATE );
+
+ if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
{
- hkdf->info = mbedtls_calloc( 1, label_length );
- if( hkdf->info == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- memcpy( hkdf->info, label, label_length );
+ psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
+ status = psa_key_derivation_setup_kdf( operation, kdf_alg );
}
- return( PSA_SUCCESS );
-}
-#endif /* MBEDTLS_MD_C */
-
-#if defined(MBEDTLS_MD_C)
-/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5).
- *
- * Note that if this function fails, you must call psa_generator_abort()
- * to potentially free embedded data structures and wipe confidential data.
- */
-static psa_status_t psa_generator_tls12_prf_setup(
- psa_tls12_prf_generator_t *tls12_prf,
- const unsigned char *key,
- size_t key_len,
- psa_algorithm_t hash_alg,
- const uint8_t *salt,
- size_t salt_length,
- const uint8_t *label,
- size_t label_length )
-{
- uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
- size_t Ai_with_seed_len = hash_length + salt_length + label_length;
- int overflow;
-
- tls12_prf->key = mbedtls_calloc( 1, key_len );
- if( tls12_prf->key == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- tls12_prf->key_len = key_len;
- memcpy( tls12_prf->key, key, key_len );
-
- overflow = ( salt_length + label_length < salt_length ) ||
- ( salt_length + label_length + hash_length < hash_length );
- if( overflow )
+ else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
+ {
+ status = psa_key_derivation_setup_kdf( operation, alg );
+ }
+ else
return( PSA_ERROR_INVALID_ARGUMENT );
- tls12_prf->Ai_with_seed = mbedtls_calloc( 1, Ai_with_seed_len );
- if( tls12_prf->Ai_with_seed == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- tls12_prf->Ai_with_seed_len = Ai_with_seed_len;
+ if( status == PSA_SUCCESS )
+ operation->alg = alg;
+ return( status );
+}
- /* Write `label + seed' at the end of the `A(i) + seed` buffer,
- * leaving the initial `hash_length` bytes unspecified for now. */
- if( label_length != 0 )
+#if defined(MBEDTLS_MD_C)
+static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
+ psa_algorithm_t hash_alg,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length )
+{
+ psa_status_t status;
+ switch( step )
{
- memcpy( tls12_prf->Ai_with_seed + hash_length,
- label, label_length );
+ case PSA_KEY_DERIVATION_INPUT_SALT:
+ if( hkdf->state != HKDF_STATE_INIT )
+ return( PSA_ERROR_BAD_STATE );
+ status = psa_hmac_setup_internal( &hkdf->hmac,
+ data, data_length,
+ hash_alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+ hkdf->state = HKDF_STATE_STARTED;
+ return( PSA_SUCCESS );
+ case PSA_KEY_DERIVATION_INPUT_SECRET:
+ /* If no salt was provided, use an empty salt. */
+ if( hkdf->state == HKDF_STATE_INIT )
+ {
+ status = psa_hmac_setup_internal( &hkdf->hmac,
+ NULL, 0,
+ hash_alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+ hkdf->state = HKDF_STATE_STARTED;
+ }
+ if( hkdf->state != HKDF_STATE_STARTED )
+ return( PSA_ERROR_BAD_STATE );
+ status = psa_hash_update( &hkdf->hmac.hash_ctx,
+ data, data_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+ status = psa_hmac_finish_internal( &hkdf->hmac,
+ hkdf->prk,
+ sizeof( hkdf->prk ) );
+ if( status != PSA_SUCCESS )
+ return( status );
+ hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg );
+ hkdf->block_number = 0;
+ hkdf->state = HKDF_STATE_KEYED;
+ return( PSA_SUCCESS );
+ case PSA_KEY_DERIVATION_INPUT_INFO:
+ if( hkdf->state == HKDF_STATE_OUTPUT )
+ return( PSA_ERROR_BAD_STATE );
+ if( hkdf->info_set )
+ return( PSA_ERROR_BAD_STATE );
+ hkdf->info_length = data_length;
+ if( data_length != 0 )
+ {
+ hkdf->info = mbedtls_calloc( 1, data_length );
+ if( hkdf->info == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ memcpy( hkdf->info, data, data_length );
+ }
+ hkdf->info_set = 1;
+ return( PSA_SUCCESS );
+ default:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+static psa_status_t psa_tls12_prf_set_seed( psa_tls12_prf_key_derivation_t *prf,
+ const uint8_t *data,
+ size_t data_length )
+{
+ if( prf->state != TLS12_PRF_STATE_INIT )
+ return( PSA_ERROR_BAD_STATE );
+
+ if( data_length != 0 )
+ {
+ prf->seed = mbedtls_calloc( 1, data_length );
+ if( prf->seed == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ memcpy( prf->seed, data, data_length );
+ prf->seed_length = data_length;
}
- if( salt_length != 0 )
- {
- memcpy( tls12_prf->Ai_with_seed + hash_length + label_length,
- salt, salt_length );
- }
-
- /* The first block gets generated when
- * psa_generator_read() is called. */
- tls12_prf->block_number = 0;
- tls12_prf->offset_in_block = hash_length;
+ prf->state = TLS12_PRF_STATE_SEED_SET;
return( PSA_SUCCESS );
}
-/* Set up a TLS-1.2-PSK-to-MS-based generator. */
-static psa_status_t psa_generator_tls12_psk_to_ms_setup(
- psa_tls12_prf_generator_t *tls12_prf,
- const unsigned char *psk,
- size_t psk_len,
- psa_algorithm_t hash_alg,
- const uint8_t *salt,
- size_t salt_length,
- const uint8_t *label,
- size_t label_length )
+static psa_status_t psa_tls12_prf_set_key( psa_tls12_prf_key_derivation_t *prf,
+ psa_algorithm_t hash_alg,
+ const uint8_t *data,
+ size_t data_length )
{
psa_status_t status;
- unsigned char pms[ 4 + 2 * PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ];
+ if( prf->state != TLS12_PRF_STATE_SEED_SET )
+ return( PSA_ERROR_BAD_STATE );
- if( psk_len > PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN )
+ status = psa_hmac_setup_internal( &prf->hmac, data, data_length, hash_alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ prf->state = TLS12_PRF_STATE_KEY_SET;
+
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
+ psa_tls12_prf_key_derivation_t *prf,
+ psa_algorithm_t hash_alg,
+ const uint8_t *data,
+ size_t data_length )
+{
+ psa_status_t status;
+ uint8_t pms[ 4 + 2 * PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ];
+ uint8_t *cur = pms;
+
+ if( data_length > PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN )
return( PSA_ERROR_INVALID_ARGUMENT );
/* Quoting RFC 4279, Section 2:
@@ -4148,161 +4992,158 @@
* uint16 with the value N, and the PSK itself.
*/
- pms[0] = ( psk_len >> 8 ) & 0xff;
- pms[1] = ( psk_len >> 0 ) & 0xff;
- memset( pms + 2, 0, psk_len );
- pms[2 + psk_len + 0] = pms[0];
- pms[2 + psk_len + 1] = pms[1];
- memcpy( pms + 4 + psk_len, psk, psk_len );
+ *cur++ = ( data_length >> 8 ) & 0xff;
+ *cur++ = ( data_length >> 0 ) & 0xff;
+ memset( cur, 0, data_length );
+ cur += data_length;
+ *cur++ = pms[0];
+ *cur++ = pms[1];
+ memcpy( cur, data, data_length );
+ cur += data_length;
- status = psa_generator_tls12_prf_setup( tls12_prf,
- pms, 4 + 2 * psk_len,
- hash_alg,
- salt, salt_length,
- label, label_length );
+ status = psa_tls12_prf_set_key( prf, hash_alg, pms, cur - pms );
mbedtls_platform_zeroize( pms, sizeof( pms ) );
return( status );
}
-#endif /* MBEDTLS_MD_C */
-/* Note that if this function fails, you must call psa_generator_abort()
- * to potentially free embedded data structures and wipe confidential data.
- */
-static psa_status_t psa_key_derivation_internal(
- psa_crypto_generator_t *generator,
- const uint8_t *secret, size_t secret_length,
- psa_algorithm_t alg,
- const uint8_t *salt, size_t salt_length,
- const uint8_t *label, size_t label_length,
- size_t capacity )
+static psa_status_t psa_tls12_prf_set_label( psa_tls12_prf_key_derivation_t *prf,
+ const uint8_t *data,
+ size_t data_length )
{
- psa_status_t status;
- size_t max_capacity;
+ if( prf->state != TLS12_PRF_STATE_KEY_SET )
+ return( PSA_ERROR_BAD_STATE );
- /* Set generator->alg even on failure so that abort knows what to do. */
- generator->alg = alg;
-
- if( alg == PSA_ALG_SELECT_RAW )
+ if( data_length != 0 )
{
- (void) salt;
- if( salt_length != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
- (void) label;
- if( label_length != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
- generator->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
- if( generator->ctx.buffer.data == NULL )
+ prf->label = mbedtls_calloc( 1, data_length );
+ if( prf->label == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
- memcpy( generator->ctx.buffer.data, secret, secret_length );
- generator->ctx.buffer.size = secret_length;
- max_capacity = secret_length;
- status = PSA_SUCCESS;
- }
- else
-#if defined(MBEDTLS_MD_C)
- if( PSA_ALG_IS_HKDF( alg ) )
- {
- psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
- size_t hash_size = PSA_HASH_SIZE( hash_alg );
- if( hash_size == 0 )
- return( PSA_ERROR_NOT_SUPPORTED );
- max_capacity = 255 * hash_size;
- status = psa_generator_hkdf_setup( &generator->ctx.hkdf,
- secret, secret_length,
- hash_alg,
- salt, salt_length,
- label, label_length );
- }
- /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */
- else if( PSA_ALG_IS_TLS12_PRF( alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
- {
- psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
- size_t hash_size = PSA_HASH_SIZE( hash_alg );
- /* TLS-1.2 PRF supports only SHA-256 and SHA-384. */
- if( hash_alg != PSA_ALG_SHA_256 &&
- hash_alg != PSA_ALG_SHA_384 )
- {
- return( PSA_ERROR_NOT_SUPPORTED );
- }
-
- max_capacity = 255 * hash_size;
-
- if( PSA_ALG_IS_TLS12_PRF( alg ) )
- {
- status = psa_generator_tls12_prf_setup( &generator->ctx.tls12_prf,
- secret, secret_length,
- hash_alg, salt, salt_length,
- label, label_length );
- }
- else
- {
- status = psa_generator_tls12_psk_to_ms_setup(
- &generator->ctx.tls12_prf,
- secret, secret_length,
- hash_alg, salt, salt_length,
- label, label_length );
- }
- }
- else
-#endif
- {
- return( PSA_ERROR_NOT_SUPPORTED );
+ memcpy( prf->label, data, data_length );
+ prf->label_length = data_length;
}
- if( status != PSA_SUCCESS )
- return( status );
-
- if( capacity <= max_capacity )
- generator->capacity = capacity;
- else if( capacity == PSA_GENERATOR_UNBRIDLED_CAPACITY )
- generator->capacity = max_capacity;
- else
- return( PSA_ERROR_INVALID_ARGUMENT );
+ prf->state = TLS12_PRF_STATE_LABEL_SET;
return( PSA_SUCCESS );
}
-psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
- psa_key_handle_t handle,
- psa_algorithm_t alg,
- const uint8_t *salt,
- size_t salt_length,
- const uint8_t *label,
- size_t label_length,
- size_t capacity )
+static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf,
+ psa_algorithm_t hash_alg,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length )
+{
+ switch( step )
+ {
+ case PSA_KEY_DERIVATION_INPUT_SEED:
+ return( psa_tls12_prf_set_seed( prf, data, data_length ) );
+ case PSA_KEY_DERIVATION_INPUT_SECRET:
+ return( psa_tls12_prf_set_key( prf, hash_alg, data, data_length ) );
+ case PSA_KEY_DERIVATION_INPUT_LABEL:
+ return( psa_tls12_prf_set_label( prf, data, data_length ) );
+ default:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+static psa_status_t psa_tls12_prf_psk_to_ms_input(
+ psa_tls12_prf_key_derivation_t *prf,
+ psa_algorithm_t hash_alg,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length )
+{
+ if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
+ {
+ return( psa_tls12_prf_psk_to_ms_set_key( prf, hash_alg,
+ data, data_length ) );
+ }
+
+ return( psa_tls12_prf_input( prf, hash_alg, step, data, data_length ) );
+}
+#endif /* MBEDTLS_MD_C */
+
+static psa_status_t psa_key_derivation_input_internal(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length )
+{
+ psa_status_t status;
+ psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
+
+#if defined(MBEDTLS_MD_C)
+ if( PSA_ALG_IS_HKDF( kdf_alg ) )
+ {
+ status = psa_hkdf_input( &operation->ctx.hkdf,
+ PSA_ALG_HKDF_GET_HASH( kdf_alg ),
+ step, data, data_length );
+ }
+ else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
+ {
+ status = psa_tls12_prf_input( &operation->ctx.tls12_prf,
+ PSA_ALG_HKDF_GET_HASH( kdf_alg ),
+ step, data, data_length );
+ }
+ else if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
+ {
+ status = psa_tls12_prf_psk_to_ms_input( &operation->ctx.tls12_prf,
+ PSA_ALG_HKDF_GET_HASH( kdf_alg ),
+ step, data, data_length );
+ }
+ else
+#endif /* MBEDTLS_MD_C */
+ {
+ /* This can't happen unless the operation object was not initialized */
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ if( status != PSA_SUCCESS )
+ psa_key_derivation_abort( operation );
+ return( status );
+}
+
+psa_status_t psa_key_derivation_input_bytes(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length )
+{
+ if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ return( psa_key_derivation_input_internal( operation, step,
+ data, data_length ) );
+}
+
+psa_status_t psa_key_derivation_input_key(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_handle_t handle )
{
psa_key_slot_t *slot;
psa_status_t status;
-
- if( generator->alg != 0 )
- return( PSA_ERROR_BAD_STATE );
-
- /* Make sure that alg is a key derivation algorithm. This prevents
- * key selection algorithms, which psa_key_derivation_internal
- * accepts for the sake of key agreement. */
- if( ! PSA_ALG_IS_KEY_DERIVATION( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
- status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_DERIVE, alg );
+ status = psa_get_transparent_key( handle, &slot,
+ PSA_KEY_USAGE_DERIVE,
+ operation->alg );
if( status != PSA_SUCCESS )
return( status );
-
- if( slot->type != PSA_KEY_TYPE_DERIVE )
+ if( slot->attr.type != PSA_KEY_TYPE_DERIVE )
return( PSA_ERROR_INVALID_ARGUMENT );
-
- status = psa_key_derivation_internal( generator,
- slot->data.raw.data,
- slot->data.raw.bytes,
- alg,
- salt, salt_length,
- label, label_length,
- capacity );
- if( status != PSA_SUCCESS )
- psa_generator_abort( generator );
- return( status );
+ /* Don't allow a key to be used as an input that is usually public.
+ * This is debatable. It's ok from a cryptographic perspective to
+ * use secret material as an input that is usually public. However
+ * the material should be dedicated to a particular input step,
+ * otherwise this may allow the key to be used in an unintended way
+ * and leak values derived from the key. So be conservative. */
+ if( step != PSA_KEY_DERIVATION_INPUT_SECRET )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ return( psa_key_derivation_input_internal( operation,
+ step,
+ slot->data.raw.data,
+ slot->data.raw.bytes ) );
}
@@ -4357,78 +5198,135 @@
#define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES
-/* Note that if this function fails, you must call psa_generator_abort()
- * to potentially free embedded data structures and wipe confidential data.
- */
-static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generator,
- psa_key_slot_t *private_key,
- const uint8_t *peer_key,
- size_t peer_key_length,
- psa_algorithm_t alg )
+static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
+ psa_key_slot_t *private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *shared_secret,
+ size_t shared_secret_size,
+ size_t *shared_secret_length )
{
- psa_status_t status;
- uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
- size_t shared_secret_length = 0;
-
- /* Step 1: run the secret agreement algorithm to generate the shared
- * secret. */
- switch( PSA_ALG_KEY_AGREEMENT_GET_BASE( alg ) )
+ switch( alg )
{
#if defined(MBEDTLS_ECDH_C)
- case PSA_ALG_ECDH_BASE:
- if( ! PSA_KEY_TYPE_IS_ECC_KEYPAIR( private_key->type ) )
+ case PSA_ALG_ECDH:
+ if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
- status = psa_key_agreement_ecdh( peer_key, peer_key_length,
- private_key->data.ecp,
- shared_secret,
- sizeof( shared_secret ),
- &shared_secret_length );
- break;
+ return( psa_key_agreement_ecdh( peer_key, peer_key_length,
+ private_key->data.ecp,
+ shared_secret, shared_secret_size,
+ shared_secret_length ) );
#endif /* MBEDTLS_ECDH_C */
default:
(void) private_key;
(void) peer_key;
(void) peer_key_length;
+ (void) shared_secret;
+ (void) shared_secret_size;
+ (void) shared_secret_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
+}
+
+/* Note that if this function fails, you must call psa_key_derivation_abort()
+ * to potentially free embedded data structures and wipe confidential data.
+ */
+static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_slot_t *private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length )
+{
+ psa_status_t status;
+ uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
+ size_t shared_secret_length = 0;
+ psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
+
+ /* Step 1: run the secret agreement algorithm to generate the shared
+ * secret. */
+ status = psa_key_agreement_raw_internal( ka_alg,
+ private_key,
+ peer_key, peer_key_length,
+ shared_secret,
+ sizeof( shared_secret ),
+ &shared_secret_length );
if( status != PSA_SUCCESS )
goto exit;
/* Step 2: set up the key derivation to generate key material from
* the shared secret. */
- status = psa_key_derivation_internal( generator,
- shared_secret, shared_secret_length,
- PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ),
- NULL, 0, NULL, 0,
- PSA_GENERATOR_UNBRIDLED_CAPACITY );
+ status = psa_key_derivation_input_internal( operation, step,
+ shared_secret,
+ shared_secret_length );
+
exit:
mbedtls_platform_zeroize( shared_secret, shared_secret_length );
return( status );
}
-psa_status_t psa_key_agreement( psa_crypto_generator_t *generator,
- psa_key_handle_t private_key,
- const uint8_t *peer_key,
- size_t peer_key_length,
- psa_algorithm_t alg )
+psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_handle_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length )
{
psa_key_slot_t *slot;
psa_status_t status;
- if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) )
+ if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
- status = psa_get_key_from_slot( private_key, &slot,
- PSA_KEY_USAGE_DERIVE, alg );
+ status = psa_get_transparent_key( private_key, &slot,
+ PSA_KEY_USAGE_DERIVE, operation->alg );
if( status != PSA_SUCCESS )
return( status );
- status = psa_key_agreement_internal( generator,
+ status = psa_key_agreement_internal( operation, step,
slot,
- peer_key, peer_key_length,
- alg );
+ peer_key, peer_key_length );
if( status != PSA_SUCCESS )
- psa_generator_abort( generator );
+ psa_key_derivation_abort( operation );
return( status );
}
+psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
+ psa_key_handle_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+ status = psa_get_transparent_key( private_key, &slot,
+ PSA_KEY_USAGE_DERIVE, alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_key_agreement_raw_internal( alg, slot,
+ peer_key, peer_key_length,
+ output, output_size,
+ output_length );
+
+exit:
+ if( status != PSA_SUCCESS )
+ {
+ /* If an error happens and is not handled properly, the output
+ * may be used as a key to protect sensitive data. Arrange for such
+ * a key to be random, which is likely to result in decryption or
+ * verification errors. This is better than filling the buffer with
+ * some constant data such as zeros, which would result in the data
+ * being protected with a reproducible, easily knowable key.
+ */
+ psa_generate_random( output, output_size );
+ *output_length = output_size;
+ }
+ return( status );
+}
/****************************************************************/
@@ -4441,6 +5339,17 @@
int ret;
GUARD_MODULE_INITIALIZED;
+ while( output_size > MBEDTLS_CTR_DRBG_MAX_REQUEST )
+ {
+ ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg,
+ output,
+ MBEDTLS_CTR_DRBG_MAX_REQUEST );
+ if( ret != 0 )
+ return( mbedtls_to_psa_error( ret ) );
+ output += MBEDTLS_CTR_DRBG_MAX_REQUEST;
+ output_size -= MBEDTLS_CTR_DRBG_MAX_REQUEST;
+ }
+
ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, output, output_size );
return( mbedtls_to_psa_error( ret ) );
}
@@ -4448,7 +5357,7 @@
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
#include "mbedtls/entropy_poll.h"
-psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
+psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed,
size_t seed_size )
{
if( global_data.initialized )
@@ -4463,34 +5372,53 @@
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-psa_status_t psa_generate_key( psa_key_handle_t handle,
- psa_key_type_t type,
- size_t bits,
- const void *extra,
- size_t extra_size )
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
+static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
+ size_t domain_parameters_size,
+ int *exponent )
{
- psa_key_slot_t *slot;
- psa_status_t status;
+ size_t i;
+ uint32_t acc = 0;
- if( extra == NULL && extra_size != 0 )
+ if( domain_parameters_size == 0 )
+ {
+ *exponent = 65537;
+ return( PSA_SUCCESS );
+ }
+
+ /* Mbed TLS encodes the public exponent as an int. For simplicity, only
+ * support values that fit in a 32-bit integer, which is larger than
+ * int on just about every platform anyway. */
+ if( domain_parameters_size > sizeof( acc ) )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ for( i = 0; i < domain_parameters_size; i++ )
+ acc = ( acc << 8 ) | domain_parameters[i];
+ if( acc > INT_MAX )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ *exponent = acc;
+ return( PSA_SUCCESS );
+}
+#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
+
+static psa_status_t psa_generate_key_internal(
+ psa_key_slot_t *slot, size_t bits,
+ const uint8_t *domain_parameters, size_t domain_parameters_size )
+{
+ psa_key_type_t type = slot->attr.type;
+
+ if( domain_parameters == NULL && domain_parameters_size != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
- status = psa_get_empty_key_slot( handle, &slot );
- if( status != PSA_SUCCESS )
- return( status );
-
if( key_type_is_raw_bytes( type ) )
{
+ psa_status_t status;
status = prepare_raw_data_slot( type, bits, &slot->data.raw );
if( status != PSA_SUCCESS )
return( status );
status = psa_generate_random( slot->data.raw.data,
slot->data.raw.bytes );
if( status != PSA_SUCCESS )
- {
- mbedtls_free( slot->data.raw.data );
return( status );
- }
#if defined(MBEDTLS_DES_C)
if( type == PSA_KEY_TYPE_DES )
psa_des_set_key_parity( slot->data.raw.data,
@@ -4500,30 +5428,23 @@
else
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
- if ( type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
mbedtls_rsa_context *rsa;
int ret;
- int exponent = 65537;
+ int exponent;
+ psa_status_t status;
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
return( PSA_ERROR_NOT_SUPPORTED );
/* Accept only byte-aligned keys, for the same reasons as
* in psa_import_rsa_key(). */
if( bits % 8 != 0 )
return( PSA_ERROR_NOT_SUPPORTED );
- if( extra != NULL )
- {
- const psa_generate_key_extra_rsa *p = extra;
- if( extra_size != sizeof( *p ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
-#if INT_MAX < 0xffffffff
- /* Check that the uint32_t value passed by the caller fits
- * in the range supported by this implementation. */
- if( p->e > INT_MAX )
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif
- exponent = p->e;
- }
+ status = psa_read_rsa_exponent( domain_parameters,
+ domain_parameters_size,
+ &exponent );
+ if( status != PSA_SUCCESS )
+ return( status );
rsa = mbedtls_calloc( 1, sizeof( *rsa ) );
if( rsa == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
@@ -4545,7 +5466,7 @@
#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
#if defined(MBEDTLS_ECP_C)
- if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEYPAIR( type ) )
+ if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
{
psa_ecc_curve_t curve = PSA_KEY_TYPE_GET_CURVE( type );
mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
@@ -4553,7 +5474,7 @@
mbedtls_ecp_curve_info_from_grp_id( grp_id );
mbedtls_ecp_keypair *ecp;
int ret;
- if( extra != NULL )
+ if( domain_parameters_size != 0 )
return( PSA_ERROR_NOT_SUPPORTED );
if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
@@ -4579,19 +5500,58 @@
return( PSA_ERROR_NOT_SUPPORTED );
- slot->type = type;
+ return( PSA_SUCCESS );
+}
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
+psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
+ psa_key_handle_t *handle )
+{
+ psa_status_t status;
+ psa_key_slot_t *slot = NULL;
+ psa_se_drv_table_entry_t *driver = NULL;
+
+ status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE,
+ attributes, handle, &slot, &driver );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( driver != NULL )
{
- return( psa_save_generated_persistent_key( slot, bits ) );
+ const psa_drv_se_t *drv = psa_get_se_driver_methods( driver );
+ size_t pubkey_length = 0; /* We don't support this feature yet */
+ if( drv->key_management == NULL ||
+ drv->key_management->p_generate == NULL )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ status = drv->key_management->p_generate(
+ psa_get_se_driver_context( driver ),
+ slot->data.se.slot_number, attributes,
+ NULL, 0, &pubkey_length );
}
-#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ {
+ status = psa_generate_key_internal(
+ slot, attributes->core.bits,
+ attributes->domain_parameters, attributes->domain_parameters_size );
+ }
+exit:
+ if( status == PSA_SUCCESS )
+ status = psa_finish_key_creation( slot, driver );
+ if( status != PSA_SUCCESS )
+ {
+ psa_fail_key_creation( slot, driver );
+ *handle = 0;
+ }
return( status );
}
+
/****************************************************************/
/* Module setup */
/****************************************************************/
@@ -4619,8 +5579,39 @@
* In particular, this sets all state indicator to the value
* indicating "uninitialized". */
mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ /* Unregister all secure element drivers, so that we restart from
+ * a pristine state. */
+ psa_unregister_all_se_drivers( );
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
}
+#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
+/** Recover a transaction that was interrupted by a power failure.
+ *
+ * This function is called during initialization, before psa_crypto_init()
+ * returns. If this function returns a failure status, the initialization
+ * fails.
+ */
+static psa_status_t psa_crypto_recover_transaction(
+ const psa_crypto_transaction_t *transaction )
+{
+ switch( transaction->unknown.type )
+ {
+ case PSA_CRYPTO_TRANSACTION_CREATE_KEY:
+ case PSA_CRYPTO_TRANSACTION_DESTROY_KEY:
+ /* TODO - fall through to the failure case until this
+ * is implemented.
+ * https://github.com/ARMmbed/mbed-crypto/issues/218
+ */
+ default:
+ /* We found an unsupported transaction in the storage.
+ * We don't know what state the storage is in. Give up. */
+ return( PSA_ERROR_STORAGE_FAILURE );
+ }
+}
+#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
+
psa_status_t psa_crypto_init( void )
{
psa_status_t status;
@@ -4639,6 +5630,15 @@
/* Initialize the random generator. */
global_data.entropy_init( &global_data.entropy );
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
+ defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
+ /* The PSA entropy injection feature depends on using NV seed as an entropy
+ * source. Add NV seed as an entropy source for PSA entropy injection. */
+ mbedtls_entropy_add_source( &global_data.entropy,
+ mbedtls_nv_seed_poll, NULL,
+ MBEDTLS_ENTROPY_BLOCK_SIZE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG );
+#endif
mbedtls_ctr_drbg_init( &global_data.ctr_drbg );
global_data.rng_state = RNG_INITIALIZED;
status = mbedtls_to_psa_error(
@@ -4654,6 +5654,22 @@
if( status != PSA_SUCCESS )
goto exit;
+#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
+ status = psa_crypto_load_transaction( );
+ if( status == PSA_SUCCESS )
+ {
+ status = psa_crypto_recover_transaction( &psa_crypto_transaction );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ status = psa_crypto_stop_transaction( );
+ }
+ else if( status == PSA_ERROR_DOES_NOT_EXIST )
+ {
+ /* There's no transaction to complete. It's all good. */
+ status = PSA_SUCCESS;
+ }
+#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
+
/* All done. */
global_data.initialized = 1;
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 0f75624..edf3ab6 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -29,6 +29,7 @@
#endif
#include "psa/crypto.h"
+#include "psa/crypto_se_driver.h"
#include "mbedtls/ecp.h"
#include "mbedtls/rsa.h"
@@ -38,27 +39,102 @@
*/
typedef struct
{
- psa_key_type_t type;
- psa_key_policy_t policy;
- psa_key_lifetime_t lifetime;
- psa_key_file_id_t persistent_storage_id;
- unsigned allocated : 1;
+ psa_core_key_attributes_t attr;
union
{
+ /* Raw-data key (key_type_is_raw_bytes() in psa_crypto.c) */
struct raw_data
{
uint8_t *data;
size_t bytes;
} raw;
#if defined(MBEDTLS_RSA_C)
+ /* RSA public key or key pair */
mbedtls_rsa_context *rsa;
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
+ /* EC public key or key pair */
mbedtls_ecp_keypair *ecp;
#endif /* MBEDTLS_ECP_C */
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ /* Any key type in a secure element */
+ struct se
+ {
+ psa_key_slot_number_t slot_number;
+ } se;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
} data;
} psa_key_slot_t;
+/* A mask of key attribute flags used only internally.
+ * Currently there aren't any. */
+#define PSA_KA_MASK_INTERNAL_ONLY ( \
+ 0 )
+
+/** Test whether a key slot is occupied.
+ *
+ * A key slot is occupied iff the key type is nonzero. This works because
+ * no valid key can have 0 as its key type.
+ *
+ * \param[in] slot The key slot to test.
+ *
+ * \return 1 if the slot is occupied, 0 otherwise.
+ */
+static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )
+{
+ return( slot->attr.type != 0 );
+}
+
+/** Retrieve flags from psa_key_slot_t::attr::core::flags.
+ *
+ * \param[in] slot The key slot to query.
+ * \param mask The mask of bits to extract.
+ *
+ * \return The key attribute flags in the given slot,
+ * bitwise-anded with \p mask.
+ */
+static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot,
+ uint16_t mask )
+{
+ return( slot->attr.flags & mask );
+}
+
+/** Set flags in psa_key_slot_t::attr::core::flags.
+ *
+ * \param[in,out] slot The key slot to modify.
+ * \param mask The mask of bits to modify.
+ * \param value The new value of the selected bits.
+ */
+static inline void psa_key_slot_set_flags( psa_key_slot_t *slot,
+ uint16_t mask,
+ uint16_t value )
+{
+ slot->attr.flags = ( ( ~mask & slot->attr.flags ) |
+ ( mask & value ) );
+}
+
+/** Turn on flags in psa_key_slot_t::attr::core::flags.
+ *
+ * \param[in,out] slot The key slot to modify.
+ * \param mask The mask of bits to set.
+ */
+static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot,
+ uint16_t mask )
+{
+ slot->attr.flags |= mask;
+}
+
+/** Turn off flags in psa_key_slot_t::attr::core::flags.
+ *
+ * \param[in,out] slot The key slot to modify.
+ * \param mask The mask of bits to clear.
+ */
+static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
+ uint16_t mask )
+{
+ slot->attr.flags &= ~mask;
+}
+
/** Completely wipe a slot in memory, including its policy.
*
* Persistent storage is not affected.
@@ -68,7 +144,7 @@
* \retval PSA_SUCCESS
* Success. This includes the case of a key slot that was
* already fully wiped.
- * \retval PSA_ERROR_TAMPERING_DETECTED
+ * \retval PSA_ERROR_CORRUPTION_DETECTED
*/
psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h
index 44d5198..3809787 100644
--- a/library/psa_crypto_its.h
+++ b/library/psa_crypto_its.h
@@ -91,6 +91,7 @@
* \param[in] data_offset The starting offset of the data requested
* \param[in] data_length the amount of data requested (and the minimum allocated size of the `p_data` buffer)
* \param[out] p_data The buffer where the data will be placed upon successful completion
+ * \param[out] p_data_length The amount of data returned in the p_data buffer
*
*
* \return A status indicating the success/failure of the operation
@@ -106,7 +107,8 @@
psa_status_t psa_its_get(psa_storage_uid_t uid,
uint32_t data_offset,
uint32_t data_length,
- void *p_data);
+ void *p_data,
+ size_t *p_data_length );
/**
* \brief Retrieve the metadata about the provided uid
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
new file mode 100644
index 0000000..523c621
--- /dev/null
+++ b/library/psa_crypto_se.c
@@ -0,0 +1,356 @@
+/*
+ * PSA crypto support for secure element drivers
+ */
+/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+
+#include <assert.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "psa/crypto_se_driver.h"
+
+#include "psa_crypto_se.h"
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+#include "psa_crypto_its.h"
+#else /* Native ITS implementation */
+#include "psa/error.h"
+#include "psa/internal_trusted_storage.h"
+#endif
+
+#include "mbedtls/platform.h"
+#if !defined(MBEDTLS_PLATFORM_C)
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#endif
+
+
+
+/****************************************************************/
+/* Driver lookup */
+/****************************************************************/
+
+/* This structure is identical to psa_drv_se_context_t declared in
+ * `crypto_se_driver.h`, except that some parts are writable here
+ * (non-const, or pointer to non-const). */
+typedef struct
+{
+ void *persistent_data;
+ size_t persistent_data_size;
+ uintptr_t transient_data;
+} psa_drv_se_internal_context_t;
+
+typedef struct psa_se_drv_table_entry_s
+{
+ psa_key_lifetime_t lifetime;
+ const psa_drv_se_t *methods;
+ union
+ {
+ psa_drv_se_internal_context_t internal;
+ psa_drv_se_context_t context;
+ };
+} psa_se_drv_table_entry_t;
+
+static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS];
+
+psa_se_drv_table_entry_t *psa_get_se_driver_entry(
+ psa_key_lifetime_t lifetime )
+{
+ size_t i;
+ /* In the driver table, lifetime=0 means an entry that isn't used.
+ * No driver has a lifetime of 0 because it's a reserved value
+ * (which designates volatile keys). Make sure we never return
+ * a driver entry for lifetime 0. */
+ if( lifetime == 0 )
+ return( NULL );
+ for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
+ {
+ if( driver_table[i].lifetime == lifetime )
+ return( &driver_table[i] );
+ }
+ return( NULL );
+}
+
+const psa_drv_se_t *psa_get_se_driver_methods(
+ const psa_se_drv_table_entry_t *driver )
+{
+ return( driver->methods );
+}
+
+psa_drv_se_context_t *psa_get_se_driver_context(
+ psa_se_drv_table_entry_t *driver )
+{
+ return( &driver->context );
+}
+
+int psa_get_se_driver( psa_key_lifetime_t lifetime,
+ const psa_drv_se_t **p_methods,
+ psa_drv_se_context_t **p_drv_context)
+{
+ psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
+ if( p_methods != NULL )
+ *p_methods = ( driver ? driver->methods : NULL );
+ if( p_drv_context != NULL )
+ *p_drv_context = ( driver ? &driver->context : NULL );
+ return( driver != NULL );
+}
+
+
+
+/****************************************************************/
+/* Persistent data management */
+/****************************************************************/
+
+static psa_status_t psa_get_se_driver_its_file_uid(
+ const psa_se_drv_table_entry_t *driver,
+ psa_storage_uid_t *uid )
+{
+ if( driver->lifetime > PSA_MAX_SE_LIFETIME )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+#if SIZE_MAX > UINT32_MAX
+ /* ITS file sizes are limited to 32 bits. */
+ if( driver->internal.persistent_data_size > UINT32_MAX )
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+
+ /* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */
+ *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->lifetime;
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_load_se_persistent_data(
+ const psa_se_drv_table_entry_t *driver )
+{
+ psa_status_t status;
+ psa_storage_uid_t uid;
+ size_t length;
+
+ status = psa_get_se_driver_its_file_uid( driver, &uid );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ /* Read the amount of persistent data that the driver requests.
+ * If the data in storage is larger, it is truncated. If the data
+ * in storage is smaller, silently keep what is already at the end
+ * of the output buffer. */
+ /* psa_get_se_driver_its_file_uid ensures that the size_t
+ * persistent_data_size is in range, but compilers don't know that,
+ * so cast to reassure them. */
+ return( psa_its_get( uid, 0,
+ (uint32_t) driver->internal.persistent_data_size,
+ driver->internal.persistent_data,
+ &length ) );
+}
+
+psa_status_t psa_save_se_persistent_data(
+ const psa_se_drv_table_entry_t *driver )
+{
+ psa_status_t status;
+ psa_storage_uid_t uid;
+
+ status = psa_get_se_driver_its_file_uid( driver, &uid );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ /* psa_get_se_driver_its_file_uid ensures that the size_t
+ * persistent_data_size is in range, but compilers don't know that,
+ * so cast to reassure them. */
+ return( psa_its_set( uid,
+ (uint32_t) driver->internal.persistent_data_size,
+ driver->internal.persistent_data,
+ 0 ) );
+}
+
+psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime )
+{
+ psa_storage_uid_t uid;
+ if( lifetime > PSA_MAX_SE_LIFETIME )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + lifetime;
+ return( psa_its_remove( uid ) );
+}
+
+psa_status_t psa_find_se_slot_for_key(
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_se_drv_table_entry_t *driver,
+ psa_key_slot_number_t *slot_number )
+{
+ psa_status_t status;
+
+ /* If the lifetime is wrong, it's a bug in the library. */
+ if( driver->lifetime != psa_get_key_lifetime( attributes ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+
+ /* If the driver doesn't support key creation in any way, give up now. */
+ if( driver->methods->key_management == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ if( psa_get_key_slot_number( attributes, slot_number ) == PSA_SUCCESS )
+ {
+ /* The application wants to use a specific slot. Allow it if
+ * the driver supports it. On a system with isolation,
+ * the crypto service must check that the application is
+ * permitted to request this slot. */
+ psa_drv_se_validate_slot_number_t p_validate_slot_number =
+ driver->methods->key_management->p_validate_slot_number;
+ if( p_validate_slot_number == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ status = p_validate_slot_number( &driver->context,
+ attributes, method,
+ *slot_number );
+ }
+ else
+ {
+ /* The application didn't tell us which slot to use. Let the driver
+ * choose. This is the normal case. */
+ psa_drv_se_allocate_key_t p_allocate =
+ driver->methods->key_management->p_allocate;
+ if( p_allocate == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ status = p_allocate( &driver->context,
+ driver->internal.persistent_data,
+ attributes, method,
+ slot_number );
+ }
+ return( status );
+}
+
+psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
+ psa_key_slot_number_t slot_number )
+{
+ psa_status_t status;
+ psa_status_t storage_status;
+ /* Normally a missing method would mean that the action is not
+ * supported. But psa_destroy_key() is not supposed to return
+ * PSA_ERROR_NOT_SUPPORTED: if you can create a key, you should
+ * be able to destroy it. The only use case for a driver that
+ * does not have a way to destroy keys at all is if the keys are
+ * locked in a read-only state: we can use the keys but not
+ * destroy them. Hence, if the driver doesn't support destroying
+ * keys, it's really a lack of permission. */
+ if( driver->methods->key_management == NULL ||
+ driver->methods->key_management->p_destroy == NULL )
+ return( PSA_ERROR_NOT_PERMITTED );
+ status = driver->methods->key_management->p_destroy(
+ &driver->context,
+ driver->internal.persistent_data,
+ slot_number );
+ storage_status = psa_save_se_persistent_data( driver );
+ return( status == PSA_SUCCESS ? storage_status : status );
+}
+
+
+
+/****************************************************************/
+/* Driver registration */
+/****************************************************************/
+
+psa_status_t psa_register_se_driver(
+ psa_key_lifetime_t lifetime,
+ const psa_drv_se_t *methods)
+{
+ size_t i;
+ psa_status_t status;
+
+ if( methods->hal_version != PSA_DRV_SE_HAL_VERSION )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ /* Driver table entries are 0-initialized. 0 is not a valid driver
+ * lifetime because it means a volatile key. */
+#if defined(static_assert)
+ static_assert( PSA_KEY_LIFETIME_VOLATILE == 0,
+ "Secure element support requires 0 to mean a volatile key" );
+#endif
+ if( lifetime == PSA_KEY_LIFETIME_VOLATILE ||
+ lifetime == PSA_KEY_LIFETIME_PERSISTENT )
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ if( lifetime > PSA_MAX_SE_LIFETIME )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
+ {
+ if( driver_table[i].lifetime == 0 )
+ break;
+ /* Check that lifetime isn't already in use up to the first free
+ * entry. Since entries are created in order and never deleted,
+ * there can't be a used entry after the first free entry. */
+ if( driver_table[i].lifetime == lifetime )
+ return( PSA_ERROR_ALREADY_EXISTS );
+ }
+ if( i == PSA_MAX_SE_DRIVERS )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ driver_table[i].lifetime = lifetime;
+ driver_table[i].methods = methods;
+
+ if( methods->persistent_data_size != 0 )
+ {
+ driver_table[i].internal.persistent_data =
+ mbedtls_calloc( 1, methods->persistent_data_size );
+ if( driver_table[i].internal.persistent_data == NULL )
+ {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto error;
+ }
+ /* Load the driver's persistent data. On first use, the persistent
+ * data does not exist in storage, and is initialized to
+ * all-bits-zero by the calloc call just above. */
+ status = psa_load_se_persistent_data( &driver_table[i] );
+ if( status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST )
+ goto error;
+ }
+ driver_table[i].internal.persistent_data_size =
+ methods->persistent_data_size;
+
+ return( PSA_SUCCESS );
+
+error:
+ memset( &driver_table[i], 0, sizeof( driver_table[i] ) );
+ return( status );
+}
+
+void psa_unregister_all_se_drivers( void )
+{
+ size_t i;
+ for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
+ {
+ if( driver_table[i].internal.persistent_data != NULL )
+ mbedtls_free( driver_table[i].internal.persistent_data );
+ }
+ memset( driver_table, 0, sizeof( driver_table ) );
+}
+
+
+
+/****************************************************************/
+/* The end */
+/****************************************************************/
+
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
new file mode 100644
index 0000000..900a72b
--- /dev/null
+++ b/library/psa_crypto_se.h
@@ -0,0 +1,184 @@
+/*
+ * PSA crypto support for secure element drivers
+ */
+/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_SE_H
+#define PSA_CRYPTO_SE_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "psa/crypto.h"
+#include "psa/crypto_se_driver.h"
+
+/** The maximum lifetime value that this implementation supports
+ * for a secure element.
+ *
+ * This is not a characteristic that each PSA implementation has, but a
+ * limitation of the current implementation due to the constraints imposed
+ * by storage. See #PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE.
+ *
+ * The minimum lifetime value for a secure element is 2, like on any
+ * PSA implementation (0=volatile and 1=internal-storage are taken).
+ */
+#define PSA_MAX_SE_LIFETIME 255
+
+/** The base of the range of ITS file identifiers for secure element
+ * driver persistent data.
+ *
+ * We use a slice of the implemenation reserved range 0xffff0000..0xffffffff,
+ * specifically the range 0xfffffe00..0xfffffeff. The length of this range
+ * drives the value of #PSA_MAX_SE_LIFETIME.
+ * The identifiers 0xfffffe00 and 0xfffffe01 are actually not used since
+ * they correspond to #PSA_KEY_LIFETIME_VOLATILE and
+ * #PSA_KEY_LIFETIME_PERSISTENT which don't have a driver.
+ */
+#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 )
+
+/** The maximum number of registered secure element driver lifetimes. */
+#define PSA_MAX_SE_DRIVERS 4
+
+/** Unregister all secure element drivers.
+ *
+ * \warning Do not call this function while the library is in the initialized
+ * state. This function is only intended to be called at the end
+ * of mbedtls_psa_crypto_free().
+ */
+void psa_unregister_all_se_drivers( void );
+
+/** A structure that describes a registered secure element driver.
+ *
+ * A secure element driver table entry contains a pointer to the
+ * driver's method table as well as the driver context structure.
+ */
+typedef struct psa_se_drv_table_entry_s psa_se_drv_table_entry_t;
+
+/** Return the secure element driver information for a lifetime value.
+ *
+ * \param lifetime The lifetime value to query.
+ * \param[out] p_methods On output, if there is a driver,
+ * \c *methods points to its method table.
+ * Otherwise \c *methods is \c NULL.
+ * \param[out] p_drv_context On output, if there is a driver,
+ * \c *drv_context points to its context
+ * structure.
+ * Otherwise \c *drv_context is \c NULL.
+ *
+ * \retval 1
+ * \p lifetime corresponds to a registered driver.
+ * \retval 0
+ * \p lifetime does not correspond to a registered driver.
+ */
+int psa_get_se_driver( psa_key_lifetime_t lifetime,
+ const psa_drv_se_t **p_methods,
+ psa_drv_se_context_t **p_drv_context);
+
+/** Return the secure element driver table entry for a lifetime value.
+ *
+ * \param lifetime The lifetime value to query.
+ *
+ * \return The driver table entry for \p lifetime, or
+ * \p NULL if \p lifetime does not correspond to a registered driver.
+ */
+psa_se_drv_table_entry_t *psa_get_se_driver_entry(
+ psa_key_lifetime_t lifetime );
+
+/** Return the method table for a secure element driver.
+ *
+ * \param[in] driver The driver table entry to access, or \c NULL.
+ *
+ * \return The driver's method table.
+ * \c NULL if \p driver is \c NULL.
+ */
+const psa_drv_se_t *psa_get_se_driver_methods(
+ const psa_se_drv_table_entry_t *driver );
+
+/** Return the context of a secure element driver.
+ *
+ * \param[in] driver The driver table entry to access, or \c NULL.
+ *
+ * \return A pointer to the driver context.
+ * \c NULL if \p driver is \c NULL.
+ */
+psa_drv_se_context_t *psa_get_se_driver_context(
+ psa_se_drv_table_entry_t *driver );
+
+/** Find a free slot for a key that is to be created.
+ *
+ * This function calls the relevant method in the driver to find a suitable
+ * slot for a key with the given attributes.
+ *
+ * \param[in] attributes Metadata about the key that is about to be created.
+ * \param[in] driver The driver table entry to query.
+ * \param[out] slot_number On success, a slot number that is free in this
+ * secure element.
+ */
+psa_status_t psa_find_se_slot_for_key(
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_se_drv_table_entry_t *driver,
+ psa_key_slot_number_t *slot_number );
+
+/** Destoy a key in a secure element.
+ *
+ * This function calls the relevant driver method to destroy a key
+ * and updates the driver's persistent data.
+ */
+psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
+ psa_key_slot_number_t slot_number );
+
+/** Load the persistent data of a secure element driver.
+ *
+ * \param driver The driver table entry containing the persistent
+ * data to load from storage.
+ */
+psa_status_t psa_load_se_persistent_data(
+ const psa_se_drv_table_entry_t *driver );
+
+/** Save the persistent data of a secure element driver.
+ *
+ * \param[in] driver The driver table entry containing the persistent
+ * data to save to storage.
+ */
+psa_status_t psa_save_se_persistent_data(
+ const psa_se_drv_table_entry_t *driver );
+
+/** Destroy the persistent data of a secure element driver.
+ *
+ * This is currently only used for testing.
+ *
+ * \param[in] lifetime The driver lifetime whose persistent data should
+ * be erased.
+ */
+psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime );
+
+
+/** The storage representation of a key whose data is in a secure element.
+ */
+typedef struct
+{
+ uint8_t slot_number[sizeof( psa_key_slot_number_t )];
+ uint8_t bits[sizeof( psa_key_bits_t )];
+} psa_se_key_data_storage_t;
+
+#endif /* PSA_CRYPTO_SE_H */
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 33c03a7..59be319 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -33,6 +33,9 @@
#include "psa_crypto_core.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h"
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+#include "psa_crypto_se.h"
+#endif
#include <stdlib.h>
#include <string.h>
@@ -71,8 +74,8 @@
return( PSA_ERROR_INVALID_HANDLE );
slot = &global_data.key_slots[handle - 1];
- /* If the slot hasn't been allocated, the handle is invalid. */
- if( ! slot->allocated )
+ /* If the slot isn't occupied, the handle is invalid. */
+ if( ! psa_is_key_slot_occupied( slot ) )
return( PSA_ERROR_INVALID_HANDLE );
*p_slot = slot;
@@ -99,71 +102,55 @@
global_data.key_slots_initialized = 0;
}
-/** Find a free key slot and mark it as in use.
- *
- * \param[out] handle On success, a slot number that is not in use. This
- * value can be used as a handle to the slot.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-static psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle )
+psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
+ psa_key_slot_t **p_slot )
{
+ if( ! global_data.key_slots_initialized )
+ return( PSA_ERROR_BAD_STATE );
+
for( *handle = PSA_KEY_SLOT_COUNT; *handle != 0; --( *handle ) )
{
- psa_key_slot_t *slot = &global_data.key_slots[*handle - 1];
- if( ! slot->allocated )
- {
- slot->allocated = 1;
+ *p_slot = &global_data.key_slots[*handle - 1];
+ if( ! psa_is_key_slot_occupied( *p_slot ) )
return( PSA_SUCCESS );
- }
}
+ *p_slot = NULL;
return( PSA_ERROR_INSUFFICIENT_MEMORY );
}
-/** Wipe a key slot and mark it as available.
- *
- * This does not affect persistent storage.
- *
- * \param handle The handle to the key slot to release.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- */
-static psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle )
-{
- psa_key_slot_t *slot;
- psa_status_t status;
-
- status = psa_get_key_slot( handle, &slot );
- if( status != PSA_SUCCESS )
- return( status );
-
- return( psa_wipe_key_slot( slot ) );
-}
-
-psa_status_t psa_allocate_key( psa_key_handle_t *handle )
-{
- *handle = 0;
- return( psa_internal_allocate_key_slot( handle ) );
-}
-
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
+static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
{
psa_status_t status = PSA_SUCCESS;
uint8_t *key_data = NULL;
size_t key_data_length = 0;
- status = psa_load_persistent_key( p_slot->persistent_storage_id,
- &( p_slot )->type,
- &( p_slot )->policy, &key_data,
- &key_data_length );
+ status = psa_load_persistent_key( &slot->attr,
+ &key_data, &key_data_length );
if( status != PSA_SUCCESS )
goto exit;
- status = psa_import_key_into_slot( p_slot,
- key_data, key_data_length );
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( psa_key_lifetime_is_external( slot->attr.lifetime ) )
+ {
+ psa_se_key_data_storage_t *data;
+ if( key_data_length != sizeof( *data ) )
+ {
+ status = PSA_ERROR_STORAGE_FAILURE;
+ goto exit;
+ }
+ data = (psa_se_key_data_storage_t *) key_data;
+ memcpy( &slot->data.se.slot_number, &data->slot_number,
+ sizeof( slot->data.se.slot_number ) );
+ memcpy( &slot->attr.bits, &data->bits,
+ sizeof( slot->attr.bits ) );
+ }
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ {
+ status = psa_import_key_into_slot( slot, key_data, key_data_length );
+ }
+
exit:
psa_free_persistent_key_data( key_data, key_data_length );
return( status );
@@ -176,120 +163,134 @@
* is provided.
*
* \param file_id The key identifier to check.
+ * \param vendor_ok Nonzero to allow key ids in the vendor range.
+ * 0 to allow only key ids in the application range.
*
* \return 1 if \p file_id is acceptable, otherwise 0.
*/
-static int psa_is_key_id_valid( psa_key_file_id_t file_id )
+static int psa_is_key_id_valid( psa_key_file_id_t file_id,
+ int vendor_ok )
{
psa_app_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id );
- /* Reject id=0 because by general library conventions, 0 is an invalid
- * value wherever possible. */
- if( key_id == 0 )
+ if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX )
+ return( 1 );
+ else if( vendor_ok &&
+ PSA_KEY_ID_VENDOR_MIN <= key_id &&
+ key_id <= PSA_KEY_ID_VENDOR_MAX )
+ return( 1 );
+ else
return( 0 );
- /* Reject high values because the file names are reserved for the
- * library's internal use. */
- if( key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
- return( 0 );
- return( 1 );
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
-/** Declare a slot as persistent and load it from storage.
- *
- * This function may only be called immediately after a successful call
- * to psa_internal_allocate_key_slot().
- *
- * \param handle A handle to a key slot freshly allocated with
- * psa_internal_allocate_key_slot().
- *
- * \retval #PSA_SUCCESS
- * The slot content was loaded successfully.
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- * There is no content for this slot in persistent storage.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p id is not acceptable.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_STORAGE_FAILURE
- */
-static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
- psa_key_file_id_t id )
+psa_status_t psa_validate_persistent_key_parameters(
+ psa_key_lifetime_t lifetime,
+ psa_key_file_id_t id,
+ psa_se_drv_table_entry_t **p_drv,
+ int creating )
+{
+ if( p_drv != NULL )
+ *p_drv = NULL;
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( psa_key_lifetime_is_external( lifetime ) )
+ {
+ *p_drv = psa_get_se_driver_entry( lifetime );
+ if( *p_drv == NULL )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ if( lifetime != PSA_KEY_LIFETIME_PERSISTENT )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ if( ! psa_is_key_id_valid( id, ! creating ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ return( PSA_SUCCESS );
+
+#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+ (void) id;
+ (void) creating;
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
+}
+
+psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- psa_key_slot_t *slot;
psa_status_t status;
+ psa_key_slot_t *slot;
- if( ! psa_is_key_id_valid( id ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ *handle = 0;
+
+ status = psa_validate_persistent_key_parameters(
+ PSA_KEY_LIFETIME_PERSISTENT, id, NULL, 0 );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ status = psa_get_empty_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ slot->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+ slot->attr.id = id;
+
+ status = psa_load_persistent_key_into_slot( slot );
+ if( status != PSA_SUCCESS )
+ {
+ psa_wipe_key_slot( slot );
+ *handle = 0;
+ }
+ return( status );
+
+#else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+ (void) id;
+ *handle = 0;
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+}
+
+psa_status_t psa_close_key( psa_key_handle_t handle )
+{
+ psa_status_t status;
+ psa_key_slot_t *slot;
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
- slot->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
- slot->persistent_storage_id = id;
- status = psa_load_persistent_key_into_slot( slot );
-
- return( status );
-
-#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
- (void) handle;
- (void) id;
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
+ return( psa_wipe_key_slot( slot ) );
}
-static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
- psa_key_file_id_t id,
- psa_key_handle_t *handle,
- psa_status_t wanted_load_status )
+void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
{
- psa_status_t status;
-
- *handle = 0;
-
- if( lifetime != PSA_KEY_LIFETIME_PERSISTENT )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
- status = psa_internal_allocate_key_slot( handle );
- if( status != PSA_SUCCESS )
- return( status );
-
- status = psa_internal_make_key_persistent( *handle, id );
- if( status != wanted_load_status )
+ psa_key_handle_t key;
+ memset( stats, 0, sizeof( *stats ) );
+ for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
{
- psa_internal_release_key_slot( *handle );
- *handle = 0;
+ const psa_key_slot_t *slot = &global_data.key_slots[key - 1];
+ if( ! psa_is_key_slot_occupied( slot ) )
+ {
+ ++stats->empty_slots;
+ continue;
+ }
+ if( slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ ++stats->volatile_slots;
+ else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT )
+ {
+ psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
+ ++stats->persistent_slots;
+ if( id > stats->max_open_internal_key_id )
+ stats->max_open_internal_key_id = id;
+ }
+ else
+ {
+ psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
+ ++stats->external_slots;
+ if( id > stats->max_open_external_key_id )
+ stats->max_open_external_key_id = id;
+ }
}
- return( status );
-}
-
-psa_status_t psa_open_key( psa_key_lifetime_t lifetime,
- psa_key_file_id_t id,
- psa_key_handle_t *handle )
-{
- return( persistent_key_setup( lifetime, id, handle, PSA_SUCCESS ) );
-}
-
-psa_status_t psa_create_key( psa_key_lifetime_t lifetime,
- psa_key_file_id_t id,
- psa_key_handle_t *handle )
-{
- psa_status_t status;
-
- status = persistent_key_setup( lifetime, id, handle,
- PSA_ERROR_DOES_NOT_EXIST );
- switch( status )
- {
- case PSA_SUCCESS: return( PSA_ERROR_ALREADY_EXISTS );
- case PSA_ERROR_DOES_NOT_EXIST: return( PSA_SUCCESS );
- default: return( status );
- }
-}
-
-psa_status_t psa_close_key( psa_key_handle_t handle )
-{
- return( psa_internal_release_key_slot( handle ) );
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 6746bad..472253d 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -22,6 +22,9 @@
#ifndef PSA_CRYPTO_SLOT_MANAGEMENT_H
#define PSA_CRYPTO_SLOT_MANAGEMENT_H
+#include "psa/crypto.h"
+#include "psa_crypto_se.h"
+
/* Number of key slots (plus one because 0 is not used).
* The value is a compile-time constant for now, for simplicity. */
#define PSA_KEY_SLOT_COUNT 32
@@ -55,4 +58,72 @@
* This does not affect persistent storage. */
void psa_wipe_all_key_slots( void );
+/** Find a free key slot.
+ *
+ * This function returns a key slot that is available for use and is in its
+ * ground state (all-bits-zero).
+ *
+ * \param[out] handle On success, a slot number that can be used as a
+ * handle to the slot.
+ * \param[out] p_slot On success, a pointer to the slot.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_BAD_STATE
+ */
+psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle,
+ psa_key_slot_t **p_slot );
+
+/** Test whether a lifetime designates a key in an external cryptoprocessor.
+ *
+ * \param lifetime The lifetime to test.
+ *
+ * \retval 1
+ * The lifetime designates an external key. There should be a
+ * registered driver for this lifetime, otherwise the key cannot
+ * be created or manipulated.
+ * \retval 0
+ * The lifetime designates a key that is volatile or in internal
+ * storage.
+ */
+static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
+{
+ return( lifetime != PSA_KEY_LIFETIME_VOLATILE &&
+ lifetime != PSA_KEY_LIFETIME_PERSISTENT );
+}
+
+/** Test whether the given parameters are acceptable for a persistent key.
+ *
+ * This function does not access the storage in any way. It only tests
+ * whether the parameters are meaningful and permitted by general policy.
+ * It does not test whether the a file by the given id exists or could be
+ * created.
+ *
+ * If the key is in external storage, this function returns the corresponding
+ * driver.
+ *
+ * \param lifetime The lifetime to test.
+ * \param id The key id to test.
+ * \param[out] p_drv On output, if \p lifetime designates a key
+ * in an external processor, \c *p_drv is a pointer
+ * to the driver table entry fot this lifetime.
+ * If \p lifetime designates a transparent key,
+ * \c *p_drv is \c NULL.
+ * \param creating 0 if attempting to open an existing key.
+ * Nonzero if attempting to create a key.
+ *
+ * \retval PSA_SUCCESS
+ * The given parameters are valid.
+ * \retval PSA_ERROR_INVALID_ARGUMENT
+ * \p lifetime is volatile or is invalid.
+ * \retval PSA_ERROR_INVALID_ARGUMENT
+ * \p id is invalid.
+ */
+psa_status_t psa_validate_persistent_key_parameters(
+ psa_key_lifetime_t lifetime,
+ psa_key_file_id_t id,
+ psa_se_drv_table_entry_t **p_drv,
+ int creating );
+
+
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index babc5bb..a27442c 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -50,6 +50,12 @@
#define mbedtls_free free
#endif
+
+
+/****************************************************************/
+/* Key storage */
+/****************************************************************/
+
/* Determine a file name (ITS file identifier) for the given key file
* identifier. The file name must be distinct from any file that is used
* for a purpose other than storing a key. Currently, the only such file
@@ -96,12 +102,15 @@
psa_status_t status;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
struct psa_storage_info_t data_identifier_info;
+ size_t data_length = 0;
status = psa_its_get_info( data_identifier, &data_identifier_info );
if( status != PSA_SUCCESS )
return( status );
- status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data );
+ status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
+ if( data_size != data_length )
+ return( PSA_ERROR_STORAGE_FAILURE );
return( status );
}
@@ -221,7 +230,7 @@
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_UINT32_LE
-#define GET_UINT32_LE(n,b,i) \
+#define GET_UINT32_LE( n, b, i ) \
{ \
(n) = ( (uint32_t) (b)[(i) ] ) \
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
@@ -231,7 +240,7 @@
#endif
#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i) \
+#define PUT_UINT32_LE( n, b, i ) \
{ \
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
@@ -249,6 +258,7 @@
typedef struct {
uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
uint8_t version[4];
+ uint8_t lifetime[sizeof( psa_key_lifetime_t )];
uint8_t type[sizeof( psa_key_type_t )];
uint8_t policy[sizeof( psa_key_policy_t )];
uint8_t data_len[4];
@@ -257,20 +267,20 @@
void psa_format_key_data_for_storage( const uint8_t *data,
const size_t data_length,
- const psa_key_type_t type,
- const psa_key_policy_t *policy,
+ const psa_core_key_attributes_t *attr,
uint8_t *storage_data )
{
psa_persistent_key_storage_format *storage_format =
(psa_persistent_key_storage_format *) storage_data;
memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
- PUT_UINT32_LE(0, storage_format->version, 0);
- PUT_UINT32_LE(type, storage_format->type, 0);
- PUT_UINT32_LE(policy->usage, storage_format->policy, 0);
- PUT_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
- PUT_UINT32_LE(policy->alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
- PUT_UINT32_LE(data_length, storage_format->data_len, 0);
+ PUT_UINT32_LE( 0, storage_format->version, 0 );
+ PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
+ PUT_UINT32_LE( attr->type, storage_format->type, 0 );
+ PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
+ PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
+ PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
+ PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
memcpy( storage_format->key_data, data, data_length );
}
@@ -286,8 +296,7 @@
size_t storage_data_length,
uint8_t **key_data,
size_t *key_data_length,
- psa_key_type_t *type,
- psa_key_policy_t *policy )
+ psa_core_key_attributes_t *attr )
{
psa_status_t status;
const psa_persistent_key_storage_format *storage_format =
@@ -301,32 +310,37 @@
if( status != PSA_SUCCESS )
return( status );
- GET_UINT32_LE(version, storage_format->version, 0);
+ GET_UINT32_LE( version, storage_format->version, 0 );
if( version != 0 )
return( PSA_ERROR_STORAGE_FAILURE );
- GET_UINT32_LE(*key_data_length, storage_format->data_len, 0);
+ GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 );
if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
*key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
return( PSA_ERROR_STORAGE_FAILURE );
- *key_data = mbedtls_calloc( 1, *key_data_length );
- if( *key_data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ if( *key_data_length == 0 )
+ {
+ *key_data = NULL;
+ }
+ else
+ {
+ *key_data = mbedtls_calloc( 1, *key_data_length );
+ if( *key_data == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ memcpy( *key_data, storage_format->key_data, *key_data_length );
+ }
- GET_UINT32_LE(*type, storage_format->type, 0);
- GET_UINT32_LE(policy->usage, storage_format->policy, 0);
- GET_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
- GET_UINT32_LE(policy->alg2, storage_format->policy, 2 * sizeof( uint32_t ));
-
- memcpy( *key_data, storage_format->key_data, *key_data_length );
+ GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
+ GET_UINT32_LE( attr->type, storage_format->type, 0 );
+ GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
+ GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
+ GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
return( PSA_SUCCESS );
}
-psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
- const psa_key_type_t type,
- const psa_key_policy_t *policy,
+psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
const uint8_t *data,
const size_t data_length )
{
@@ -342,10 +356,9 @@
if( storage_data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
- psa_format_key_data_for_storage( data, data_length, type, policy,
- storage_data );
+ psa_format_key_data_for_storage( data, data_length, attr, storage_data );
- status = psa_crypto_storage_store( key,
+ status = psa_crypto_storage_store( attr->id,
storage_data, storage_data_length );
mbedtls_free( storage_data );
@@ -362,15 +375,14 @@
mbedtls_free( key_data );
}
-psa_status_t psa_load_persistent_key( psa_key_file_id_t key,
- psa_key_type_t *type,
- psa_key_policy_t *policy,
+psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
uint8_t **data,
size_t *data_length )
{
psa_status_t status = PSA_SUCCESS;
uint8_t *loaded_data;
size_t storage_data_length = 0;
+ psa_key_id_t key = attr->id;
status = psa_crypto_storage_get_data_length( key, &storage_data_length );
if( status != PSA_SUCCESS )
@@ -386,13 +398,74 @@
goto exit;
status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
- data, data_length, type, policy );
+ data, data_length, attr );
exit:
mbedtls_free( loaded_data );
return( status );
}
+
+
+/****************************************************************/
+/* Transactions */
+/****************************************************************/
+
+#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
+
+psa_crypto_transaction_t psa_crypto_transaction;
+
+psa_status_t psa_crypto_save_transaction( void )
+{
+ struct psa_storage_info_t p_info;
+ psa_status_t status;
+ status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
+ if( status == PSA_SUCCESS )
+ {
+ /* This shouldn't happen: we're trying to start a transaction while
+ * there is still a transaction that hasn't been replayed. */
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ }
+ else if( status != PSA_ERROR_DOES_NOT_EXIST )
+ return( status );
+ return( psa_its_set( PSA_CRYPTO_ITS_TRANSACTION_UID,
+ sizeof( psa_crypto_transaction ),
+ &psa_crypto_transaction,
+ 0 ) );
+}
+
+psa_status_t psa_crypto_load_transaction( void )
+{
+ psa_status_t status;
+ size_t length;
+ status = psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
+ sizeof( psa_crypto_transaction ),
+ &psa_crypto_transaction, &length );
+ if( status != PSA_SUCCESS )
+ return( status );
+ if( length != sizeof( psa_crypto_transaction ) )
+ return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_crypto_stop_transaction( void )
+{
+ psa_status_t status = psa_its_remove( PSA_CRYPTO_ITS_TRANSACTION_UID );
+ /* Whether or not updating the storage succeeded, the transaction is
+ * finished now. It's too late to go back, so zero out the in-memory
+ * data. */
+ memset( &psa_crypto_transaction, 0, sizeof( psa_crypto_transaction ) );
+ return( status );
+}
+
+#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
+
+
+
+/****************************************************************/
+/* Random generator state */
+/****************************************************************/
+
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
size_t seed_size )
@@ -415,4 +488,10 @@
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
+
+/****************************************************************/
+/* The end */
+/****************************************************************/
+
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index 5434d05..1b7dbd6 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -29,20 +29,20 @@
extern "C" {
#endif
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
-
#include "psa/crypto.h"
-#include <stdint.h>
+#include "psa/crypto_se_driver.h"
-/* Limit the maximum key size to 30kB (just in case someone tries to
- * inadvertently store an obscene amount of data) */
-#define PSA_CRYPTO_MAX_STORAGE_SIZE ( 30 * 1024 )
+#include <stdint.h>
+#include <string.h>
+
+/* Limit the maximum key size in storage. This should have no effect
+ * since the key size is limited in memory. */
+#define PSA_CRYPTO_MAX_STORAGE_SIZE ( PSA_BITS_TO_BYTES( PSA_MAX_KEY_BITS ) )
+/* Sanity check: a file size must fit in 32 bits. Allow a generous
+ * 64kB of metadata. */
+#if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
+#error PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
+#endif
/** The maximum permitted persistent slot number.
*
@@ -59,7 +59,7 @@
* This limitation will probably become moot when we implement client
* separation for key storage.
*/
-#define PSA_MAX_PERSISTENT_KEY_IDENTIFIER 0xfffeffff
+#define PSA_MAX_PERSISTENT_KEY_IDENTIFIER PSA_KEY_ID_VENDOR_MAX
/**
* \brief Checks if persistent data is stored for the given key slot number
@@ -88,12 +88,11 @@
* already occupied non-persistent key, as well as validating the key data.
*
*
- * \param key Persistent identifier of the key to be stored. This
- * should be an unoccupied storage location.
- * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
- * \param[in] policy The key policy to save.
- * \param[in] data Buffer containing the key data.
- * \param data_length The number of bytes that make up the key data.
+ * \param[in] attr The attributes of the key to save.
+ * The key identifier field in the attributes
+ * determines the key's location.
+ * \param[in] data Buffer containing the key data.
+ * \param data_length The number of bytes that make up the key data.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
@@ -101,9 +100,7 @@
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_ALREADY_EXISTS
*/
-psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
- const psa_key_type_t type,
- const psa_key_policy_t *policy,
+psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
const uint8_t *data,
const size_t data_length );
@@ -119,11 +116,10 @@
* this function to zeroize and free this buffer, regardless of whether this
* function succeeds or fails.
*
- * \param key Persistent identifier of the key to be loaded. This
- * should be an occupied storage location.
- * \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX
- * value).
- * \param[out] policy On success, the key's policy.
+ * \param[in,out] attr On input, the key identifier field identifies
+ * the key to load. Other fields are ignored.
+ * On success, the attribute structure contains
+ * the key metadata that was loaded from storage.
* \param[out] data Pointer to an allocated key data buffer on return.
* \param[out] data_length The number of bytes that make up the key data.
*
@@ -132,9 +128,7 @@
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_DOES_NOT_EXIST
*/
-psa_status_t psa_load_persistent_key( psa_key_file_id_t key,
- psa_key_type_t *type,
- psa_key_policy_t *policy,
+psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
uint8_t **data,
size_t *data_length );
@@ -166,17 +160,15 @@
/**
* \brief Formats key data and metadata for persistent storage
*
- * \param[in] data Buffer for the key data.
+ * \param[in] data Buffer containing the key data.
* \param data_length Length of the key data buffer.
- * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
- * \param policy The key policy.
+ * \param[in] attr The core attributes of the key.
* \param[out] storage_data Output buffer for the formatted data.
*
*/
void psa_format_key_data_for_storage( const uint8_t *data,
const size_t data_length,
- const psa_key_type_t type,
- const psa_key_policy_t *policy,
+ const psa_core_key_attributes_t *attr,
uint8_t *storage_data );
/**
@@ -188,8 +180,8 @@
* containing the key data. This must be freed
* using psa_free_persistent_key_data()
* \param[out] key_data_length Length of the key data buffer
- * \param[out] type Key type (a \c PSA_KEY_TYPE_XXX value).
- * \param[out] policy The key policy.
+ * \param[out] attr On success, the attribute structure is filled
+ * with the loaded key metadata.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
@@ -200,8 +192,180 @@
size_t storage_data_length,
uint8_t **key_data,
size_t *key_data_length,
- psa_key_type_t *type,
- psa_key_policy_t *policy );
+ psa_core_key_attributes_t *attr );
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+/** This symbol is defined if transaction support is required. */
+#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS
+#endif
+
+#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
+
+/** The type of transaction that is in progress.
+ */
+/* This is an integer type rather than an enum for two reasons: to support
+ * unknown values when loading a transaction file, and to ensure that the
+ * type has a known size.
+ */
+typedef uint16_t psa_crypto_transaction_type_t;
+
+/** No transaction is in progress.
+ *
+ * This has the value 0, so zero-initialization sets a transaction's type to
+ * this value.
+ */
+#define PSA_CRYPTO_TRANSACTION_NONE ( (psa_crypto_transaction_type_t) 0x0000 )
+
+/** A key creation transaction.
+ *
+ * This is only used for keys in an external cryptoprocessor (secure element).
+ * Keys in RAM or in internal storage are created atomically in storage
+ * (simple file creation), so they do not need a transaction mechanism.
+ */
+#define PSA_CRYPTO_TRANSACTION_CREATE_KEY ( (psa_crypto_transaction_type_t) 0x0001 )
+
+/** A key destruction transaction.
+ *
+ * This is only used for keys in an external cryptoprocessor (secure element).
+ * Keys in RAM or in internal storage are destroyed atomically in storage
+ * (simple file deletion), so they do not need a transaction mechanism.
+ */
+#define PSA_CRYPTO_TRANSACTION_DESTROY_KEY ( (psa_crypto_transaction_type_t) 0x0002 )
+
+/** Transaction data.
+ *
+ * This type is designed to be serialized by writing the memory representation
+ * and reading it back on the same device.
+ *
+ * \note The transaction mechanism is designed for a single active transaction
+ * at a time. The transaction object is #psa_crypto_transaction.
+ *
+ * \note If an API call starts a transaction, it must complete this transaction
+ * before returning to the application.
+ *
+ * The lifetime of a transaction is the following (note that only one
+ * transaction may be active at a time):
+ *
+ * -# Call psa_crypto_prepare_transaction() to initialize the transaction
+ * object in memory and declare the type of transaction that is starting.
+ * -# Fill in the type-specific fields of #psa_crypto_transaction.
+ * -# Call psa_crypto_save_transaction() to start the transaction. This
+ * saves the transaction data to internal storage.
+ * -# Perform the work of the transaction by modifying files, contacting
+ * external entities, or whatever needs doing. Note that the transaction
+ * may be interrupted by a power failure, so you need to have a way
+ * recover from interruptions either by undoing what has been done
+ * so far or by resuming where you left off.
+ * -# If there are intermediate stages in the transaction, update
+ * the fields of #psa_crypto_transaction and call
+ * psa_crypto_save_transaction() again when each stage is reached.
+ * -# When the transaction is over, call psa_crypto_stop_transaction() to
+ * remove the transaction data in storage and in memory.
+ *
+ * If the system crashes while a transaction is in progress, psa_crypto_init()
+ * calls psa_crypto_load_transaction() and takes care of completing or
+ * rewinding the transaction. This is done in psa_crypto_recover_transaction()
+ * in psa_crypto.c. If you add a new type of transaction, be
+ * sure to add code for it in psa_crypto_recover_transaction().
+ */
+typedef union
+{
+ /* Each element of this union must have the following properties
+ * to facilitate serialization and deserialization:
+ *
+ * - The element is a struct.
+ * - The first field of the struct is `psa_crypto_transaction_type_t type`.
+ * - Elements of the struct are arranged such a way that there is
+ * no padding.
+ */
+ struct psa_crypto_transaction_unknown_s
+ {
+ psa_crypto_transaction_type_t type;
+ uint16_t unused1;
+ uint32_t unused2;
+ uint64_t unused3;
+ uint64_t unused4;
+ } unknown;
+ /* ::type is #PSA_CRYPTO_TRANSACTION_CREATE_KEY or
+ * #PSA_CRYPTO_TRANSACTION_DESTROY_KEY. */
+ struct psa_crypto_transaction_key_s
+ {
+ psa_crypto_transaction_type_t type;
+ uint16_t unused1;
+ psa_key_lifetime_t lifetime;
+ psa_key_slot_number_t slot;
+ psa_key_id_t id;
+ } key;
+} psa_crypto_transaction_t;
+
+/** The single active transaction.
+ */
+extern psa_crypto_transaction_t psa_crypto_transaction;
+
+/** Prepare for a transaction.
+ *
+ * There must not be an ongoing transaction.
+ *
+ * \param type The type of transaction to start.
+ */
+static inline void psa_crypto_prepare_transaction(
+ psa_crypto_transaction_type_t type )
+{
+ psa_crypto_transaction.unknown.type = type;
+}
+
+/** Save the transaction data to storage.
+ *
+ * You may call this function multiple times during a transaction to
+ * atomically update the transaction state.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ */
+psa_status_t psa_crypto_save_transaction( void );
+
+/** Load the transaction data from storage, if any.
+ *
+ * This function is meant to be called from psa_crypto_init() to recover
+ * in case a transaction was interrupted by a system crash.
+ *
+ * \retval #PSA_SUCCESS
+ * The data about the ongoing transaction has been loaded to
+ * #psa_crypto_transaction.
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * There is no ongoing transaction.
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ */
+psa_status_t psa_crypto_load_transaction( void );
+
+/** Indicate that the current transaction is finished.
+ *
+ * Call this function at the very end of transaction processing.
+ * This function does not "commit" or "abort" the transaction: the storage
+ * subsystem has no concept of "commit" and "abort", just saving and
+ * removing the transaction information in storage.
+ *
+ * This function erases the transaction data in storage (if any) and
+ * resets the transaction data in memory.
+ *
+ * \retval #PSA_SUCCESS
+ * There was transaction data in storage.
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * There was no transaction data in storage.
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * It was impossible to determine whether there was transaction data
+ * in storage, or the transaction data could not be erased.
+ */
+psa_status_t psa_crypto_stop_transaction( void );
+
+/** The ITS file identifier for the transaction data.
+ *
+ * 0xffffffNN = special file; 0x74 = 't' for transaction.
+ */
+#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 )
+
+#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
/** Backend side of mbedtls_psa_inject_entropy().
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index 8cdf783..05ca8af 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -44,7 +44,9 @@
#include <stdio.h>
#include <string.h>
+#if !defined(PSA_ITS_STORAGE_PREFIX)
#define PSA_ITS_STORAGE_PREFIX ""
+#endif
#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
@@ -137,7 +139,8 @@
psa_status_t psa_its_get( psa_storage_uid_t uid,
uint32_t data_offset,
uint32_t data_length,
- void *p_data )
+ void *p_data,
+ size_t *p_data_length )
{
psa_status_t status;
FILE *stream = NULL;
@@ -172,6 +175,8 @@
if( n != data_length )
goto exit;
status = PSA_SUCCESS;
+ if( p_data_length != NULL )
+ *p_data_length = n;
exit:
if( stream != NULL )
diff --git a/library/sha512.c b/library/sha512.c
index bdd20b2..2e2b797 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -92,6 +92,15 @@
}
#endif /* PUT_UINT64_BE */
+#if defined(MBEDTLS_SHA512_SMALLER)
+static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i )
+{
+ PUT_UINT64_BE(n, b, i);
+}
+#else
+#define sha512_put_uint64_be PUT_UINT64_BE
+#endif /* MBEDTLS_SHA512_SMALLER */
+
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
{
SHA512_VALIDATE( ctx != NULL );
@@ -219,7 +228,7 @@
{
int i;
uint64_t temp1, temp2, W[80];
- uint64_t A, B, C, D, E, F, G, H;
+ uint64_t A[8];
SHA512_VALIDATE_RET( ctx != NULL );
SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
@@ -244,6 +253,28 @@
(d) += temp1; (h) = temp1 + temp2; \
} while( 0 )
+ for( i = 0; i < 8; i++ )
+ A[i] = ctx->state[i];
+
+#if defined(MBEDTLS_SHA512_SMALLER)
+ for( i = 0; i < 80; i++ )
+ {
+ if( i < 16 )
+ {
+ GET_UINT64_BE( W[i], data, i << 3 );
+ }
+ else
+ {
+ W[i] = S1(W[i - 2]) + W[i - 7] +
+ S0(W[i - 15]) + W[i - 16];
+ }
+
+ P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
+
+ temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
+ A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
+ }
+#else /* MBEDTLS_SHA512_SMALLER */
for( i = 0; i < 16; i++ )
{
GET_UINT64_BE( W[i], data, i << 3 );
@@ -255,37 +286,23 @@
S0(W[i - 15]) + W[i - 16];
}
- A = ctx->state[0];
- B = ctx->state[1];
- C = ctx->state[2];
- D = ctx->state[3];
- E = ctx->state[4];
- F = ctx->state[5];
- G = ctx->state[6];
- H = ctx->state[7];
i = 0;
-
do
{
- P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
- P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
- P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
- P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
- P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
- P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
- P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
- P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
+ P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] ); i++;
+ P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i], K[i] ); i++;
+ P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i], K[i] ); i++;
+ P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i], K[i] ); i++;
+ P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i], K[i] ); i++;
+ P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i], K[i] ); i++;
+ P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i], K[i] ); i++;
+ P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i], K[i] ); i++;
}
while( i < 80 );
+#endif /* MBEDTLS_SHA512_SMALLER */
- ctx->state[0] += A;
- ctx->state[1] += B;
- ctx->state[2] += C;
- ctx->state[3] += D;
- ctx->state[4] += E;
- ctx->state[5] += F;
- ctx->state[6] += G;
- ctx->state[7] += H;
+ for( i = 0; i < 8; i++ )
+ ctx->state[i] += A[i];
return( 0 );
}
@@ -403,8 +420,8 @@
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
- PUT_UINT64_BE( high, ctx->buffer, 112 );
- PUT_UINT64_BE( low, ctx->buffer, 120 );
+ sha512_put_uint64_be( high, ctx->buffer, 112 );
+ sha512_put_uint64_be( low, ctx->buffer, 120 );
if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
return( ret );
@@ -412,17 +429,17 @@
/*
* Output final state
*/
- PUT_UINT64_BE( ctx->state[0], output, 0 );
- PUT_UINT64_BE( ctx->state[1], output, 8 );
- PUT_UINT64_BE( ctx->state[2], output, 16 );
- PUT_UINT64_BE( ctx->state[3], output, 24 );
- PUT_UINT64_BE( ctx->state[4], output, 32 );
- PUT_UINT64_BE( ctx->state[5], output, 40 );
+ sha512_put_uint64_be( ctx->state[0], output, 0 );
+ sha512_put_uint64_be( ctx->state[1], output, 8 );
+ sha512_put_uint64_be( ctx->state[2], output, 16 );
+ sha512_put_uint64_be( ctx->state[3], output, 24 );
+ sha512_put_uint64_be( ctx->state[4], output, 32 );
+ sha512_put_uint64_be( ctx->state[5], output, 40 );
if( ctx->is384 == 0 )
{
- PUT_UINT64_BE( ctx->state[6], output, 48 );
- PUT_UINT64_BE( ctx->state[7], output, 56 );
+ sha512_put_uint64_be( ctx->state[6], output, 48 );
+ sha512_put_uint64_be( ctx->state[7], output, 56 );
}
return( 0 );
diff --git a/library/timing.c b/library/timing.c
index 413d133..009516a 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -51,7 +51,6 @@
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
-#include <winbase.h>
#include <process.h>
struct _hr_time
diff --git a/library/version_features.c b/library/version_features.c
index 4f1da6a..5404d79 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -31,7 +31,7 @@
#include <string.h>
-static const char *features[] = {
+static const char * const features[] = {
#if defined(MBEDTLS_VERSION_FEATURES)
#if defined(MBEDTLS_HAVE_ASM)
"MBEDTLS_HAVE_ASM",
@@ -90,6 +90,9 @@
#if defined(MBEDTLS_CHECK_PARAMS)
"MBEDTLS_CHECK_PARAMS",
#endif /* MBEDTLS_CHECK_PARAMS */
+#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
+ "MBEDTLS_CHECK_PARAMS_ASSERT",
+#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
#if defined(MBEDTLS_TIMING_ALT)
"MBEDTLS_TIMING_ALT",
#endif /* MBEDTLS_TIMING_ALT */
@@ -405,6 +408,9 @@
#if defined(MBEDTLS_SHA256_SMALLER)
"MBEDTLS_SHA256_SMALLER",
#endif /* MBEDTLS_SHA256_SMALLER */
+#if defined(MBEDTLS_SHA512_SMALLER)
+ "MBEDTLS_SHA512_SMALLER",
+#endif /* MBEDTLS_SHA512_SMALLER */
#if defined(MBEDTLS_THREADING_ALT)
"MBEDTLS_THREADING_ALT",
#endif /* MBEDTLS_THREADING_ALT */
@@ -555,6 +561,9 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
"MBEDTLS_PSA_CRYPTO_C",
#endif /* MBEDTLS_PSA_CRYPTO_C */
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ "MBEDTLS_PSA_CRYPTO_SE_C",
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
"MBEDTLS_PSA_CRYPTO_STORAGE_C",
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
@@ -594,7 +603,7 @@
int mbedtls_version_check_feature( const char *feature )
{
- const char **idx = features;
+ const char * const *idx = features;
if( *idx == NULL )
return( -2 );
diff --git a/programs/Makefile b/programs/Makefile
index c7cc995..add1a86 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -2,8 +2,8 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
CFLAGS ?= -O2
-WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
-WARNING_CXXFLAGS ?= -Wall -W
+WARNING_CFLAGS ?= -Wall -Wextra
+WARNING_CXXFLAGS ?= -Wall -Wextra
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
@@ -11,6 +11,9 @@
LOCAL_LDFLAGS = -L../library \
-lmbedcrypto$(SHARED_SUFFIX)
+include ../3rdparty/Makefile.inc
+LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
+
ifndef SHARED
DEP=../library/libmbedcrypto.a
else
@@ -244,6 +247,7 @@
clean:
ifndef WINDOWS
rm -f $(APPS) $(EXTRA_GENERATED)
+ -rm -f test/cpp_dummy_build$(EXEXT)
else
if exist *.o del /S /Q /F *.o
if exist *.exe del /S /Q /F *.exe
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index bdeac3a..8242ea7 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -80,17 +80,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index f58e616..a5acf5b 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -82,17 +82,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index 4b7fe37..709a149 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -52,17 +52,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum )
{
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 6046f86..55a0c7e 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -48,17 +48,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( void )
{
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index cca43ca..bf5482e 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -69,17 +69,6 @@
*/
#define GENERATOR "4"
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char **argv )
{
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 9267c7e..9f849dd 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -53,17 +53,6 @@
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/ecdh.h"
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 4471a20..b851c31 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -100,17 +100,6 @@
#define dump_pubkey( a, b )
#endif
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 35fc149..23e4e14 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -137,17 +137,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
/*
* global options
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index b4860fe..19dcdfe 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -64,7 +64,6 @@
" password_file=%%s default: \"\"\n" \
"\n"
-
#if !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO)
int main( void )
@@ -75,17 +74,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
/*
* global options
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index b81530c..6096429 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -98,17 +98,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
/*
* global options
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index 80573c0..ecdcd32 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -50,17 +50,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( void )
{
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 978f39e..bf42507 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -48,7 +48,6 @@
#include <string.h>
#endif
-
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
@@ -61,17 +60,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 806c59a..a32b147 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -61,17 +61,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 7354082..47a098a 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -60,17 +60,6 @@
#include <stdio.h>
#include <string.h>
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 9fcf029..a6bfe3f 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -56,17 +56,6 @@
#include <stdio.h>
#include <string.h>
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
@@ -112,7 +101,6 @@
goto exit;
}
-
i = fread( buf, 1, sizeof(buf), f );
fclose( f );
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index dc8a920..ff71bd0 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -59,17 +59,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index e9effe8..4a71c15 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -59,17 +59,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index c66f4e7..f2b7b50 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -63,17 +63,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( void )
{
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index f014872..9bcd7a6 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -56,17 +56,6 @@
#include <stdio.h>
#include <string.h>
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index cb69fa6..5019f28 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -60,17 +60,6 @@
#include <stdio.h>
#include <string.h>
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 5d1c085..94f0ef9 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -55,17 +55,6 @@
#include <stdio.h>
#include <string.h>
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index d745274..de28337 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -59,17 +59,6 @@
#include <stdio.h>
#include <string.h>
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
@@ -124,7 +113,6 @@
goto exit;
}
-
i = fread( buf, 1, MBEDTLS_MPI_MAX_SIZE, f );
fclose( f );
diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
index 2f7c445..f156b7b 100644
--- a/programs/psa/crypto_examples.c
+++ b/programs/psa/crypto_examples.c
@@ -39,20 +39,6 @@
}
#else
-static psa_status_t set_key_policy( psa_key_handle_t key_handle,
- psa_key_usage_t key_usage,
- psa_algorithm_t alg )
-{
- psa_status_t status;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
- psa_key_policy_set_usage( &policy, key_usage, alg );
- status = psa_set_key_policy( key_handle, &policy );
- ASSERT_STATUS( status, PSA_SUCCESS );
-exit:
- return( status );
-}
-
static psa_status_t cipher_operation( psa_cipher_operation_t *operation,
const uint8_t * input,
size_t input_size,
@@ -161,6 +147,7 @@
const psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t key_handle = 0;
size_t output_len = 0;
uint8_t iv[block_size];
@@ -171,16 +158,13 @@
status = psa_generate_random( input, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
- status = psa_allocate_key( &key_handle );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
+ psa_set_key_bits( &attributes, key_bits );
- status = set_key_policy( key_handle,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
- alg );
- ASSERT_STATUS( status, PSA_SUCCESS );
-
- status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
- NULL, 0 );
+ status = psa_generate_key( &attributes, &key_handle );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
@@ -213,6 +197,7 @@
const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t key_handle = 0;
size_t output_len = 0;
uint8_t iv[block_size], input[input_size],
@@ -221,16 +206,13 @@
status = psa_generate_random( input, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
- status = psa_allocate_key( &key_handle );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
+ psa_set_key_bits( &attributes, key_bits );
- status = set_key_policy( key_handle,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
- alg );
- ASSERT_STATUS( status, PSA_SUCCESS );
-
- status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
- NULL, 0 );
+ status = psa_generate_key( &attributes, &key_handle );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
@@ -262,6 +244,7 @@
const psa_algorithm_t alg = PSA_ALG_CTR;
psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t key_handle = 0;
size_t output_len = 0;
uint8_t iv[block_size], input[input_size], encrypt[input_size],
@@ -270,15 +253,13 @@
status = psa_generate_random( input, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
- status = psa_allocate_key( &key_handle );
- ASSERT_STATUS( status, PSA_SUCCESS );
- status = set_key_policy( key_handle,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
- alg );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
+ psa_set_key_bits( &attributes, key_bits );
- status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
- NULL, 0 );
+ status = psa_generate_key( &attributes, &key_handle );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index 23c2347..f492e0e 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -63,6 +63,8 @@
#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
+#include <psa/crypto.h>
+
/* If the build options we need are not enabled, compile a placeholder. */
#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \
@@ -71,17 +73,14 @@
{
printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
- "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO not defined.\n");
+ "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO "
+ "not defined.\n");
return( 0 );
}
#else
/* The real program starts here. */
-
-
-#include <psa/crypto.h>
-
/* Run a system function and bail out if it fails. */
#define SYS_CHECK( expr ) \
do \
@@ -200,18 +199,15 @@
{
psa_status_t status = PSA_SUCCESS;
psa_key_handle_t key_handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_CHECK( psa_allocate_key( &key_handle ) );
- psa_key_policy_set_usage( &policy,
- PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
- KDF_ALG );
- PSA_CHECK( psa_set_key_policy( key_handle, &policy ) );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &attributes, KDF_ALG );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
+ psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
- PSA_CHECK( psa_generate_key( key_handle,
- PSA_KEY_TYPE_DERIVE,
- PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
- NULL, 0 ) );
+ PSA_CHECK( psa_generate_key( &attributes, &key_handle ) );
PSA_CHECK( save_key( key_handle, key_file_name ) );
@@ -231,7 +227,7 @@
psa_key_handle_t *master_key_handle )
{
psa_status_t status = PSA_SUCCESS;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t key_data[KEY_SIZE_BYTES];
size_t key_size;
FILE *key_file = NULL;
@@ -252,19 +248,18 @@
SYS_CHECK( fclose( key_file ) == 0 );
key_file = NULL;
- PSA_CHECK( psa_allocate_key( master_key_handle ) );
- psa_key_policy_set_usage( &policy, usage, alg );
- PSA_CHECK( psa_set_key_policy( *master_key_handle, &policy ) );
- PSA_CHECK( psa_import_key( *master_key_handle,
- PSA_KEY_TYPE_DERIVE,
- key_data, key_size ) );
+ psa_set_key_usage_flags( &attributes, usage );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
+ PSA_CHECK( psa_import_key( &attributes, key_data, key_size,
+ master_key_handle ) );
exit:
if( key_file != NULL )
fclose( key_file );
mbedtls_platform_zeroize( key_data, sizeof( key_data ) );
if( status != PSA_SUCCESS )
{
- /* If psa_allocate_key hasn't been called yet or has failed,
+ /* If the key creation hasn't happened yet or has failed,
* *master_key_handle is 0. psa_destroy_key(0) is guaranteed to do
* nothing and return PSA_ERROR_INVALID_HANDLE. */
(void) psa_destroy_key( *master_key_handle );
@@ -282,43 +277,43 @@
psa_key_handle_t *key_handle )
{
psa_status_t status = PSA_SUCCESS;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
size_t i;
- psa_key_policy_set_usage( &policy,
- PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
- KDF_ALG );
+
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &attributes, KDF_ALG );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
+ psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
/* For each label in turn, ... */
for( i = 0; i < ladder_depth; i++ )
{
/* Start deriving material from the master key (if i=0) or from
* the current intermediate key (if i>0). */
- PSA_CHECK( psa_key_derivation(
- &generator,
- *key_handle,
- KDF_ALG,
- DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH,
- (uint8_t*) ladder[i], strlen( ladder[i] ),
- KEY_SIZE_BYTES ) );
+ PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
+ PSA_CHECK( psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_SALT,
+ DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH ) );
+ PSA_CHECK( psa_key_derivation_input_key(
+ &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ *key_handle ) );
+ PSA_CHECK( psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ (uint8_t*) ladder[i], strlen( ladder[i] ) ) );
/* When the parent key is not the master key, destroy it,
* since it is no longer needed. */
PSA_CHECK( psa_close_key( *key_handle ) );
*key_handle = 0;
- PSA_CHECK( psa_allocate_key( key_handle ) );
- PSA_CHECK( psa_set_key_policy( *key_handle, &policy ) );
- /* Use the generator obtained from the parent key to create
- * the next intermediate key. */
- PSA_CHECK( psa_generator_import_key(
- *key_handle,
- PSA_KEY_TYPE_DERIVE,
- PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
- &generator ) );
- PSA_CHECK( psa_generator_abort( &generator ) );
+ /* Derive the next intermediate key from the parent key. */
+ PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
+ key_handle ) );
+ PSA_CHECK( psa_key_derivation_abort( &operation ) );
}
exit:
- psa_generator_abort( &generator );
+ psa_key_derivation_abort( &operation );
if( status != PSA_SUCCESS )
{
psa_close_key( *key_handle );
@@ -333,34 +328,34 @@
psa_key_handle_t *wrapping_key_handle )
{
psa_status_t status = PSA_SUCCESS;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
*wrapping_key_handle = 0;
- PSA_CHECK( psa_allocate_key( wrapping_key_handle ) );
- psa_key_policy_set_usage( &policy, usage, WRAPPING_ALG );
- PSA_CHECK( psa_set_key_policy( *wrapping_key_handle, &policy ) );
- PSA_CHECK( psa_key_derivation(
- &generator,
- derived_key_handle,
- KDF_ALG,
- WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH,
- NULL, 0,
- PSA_BITS_TO_BYTES( WRAPPING_KEY_BITS ) ) );
- PSA_CHECK( psa_generator_import_key(
- *wrapping_key_handle,
- PSA_KEY_TYPE_AES,
- WRAPPING_KEY_BITS,
- &generator ) );
+ /* Set up a key derivation operation from the key derived from
+ * the master key. */
+ PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
+ PSA_CHECK( psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_SALT,
+ WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH ) );
+ PSA_CHECK( psa_key_derivation_input_key(
+ &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ derived_key_handle ) );
+ PSA_CHECK( psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ NULL, 0 ) );
+
+ /* Create the wrapping key. */
+ psa_set_key_usage_flags( &attributes, usage );
+ psa_set_key_algorithm( &attributes, WRAPPING_ALG );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
+ psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
+ PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
+ wrapping_key_handle ) );
exit:
- psa_generator_abort( &generator );
- if( status != PSA_SUCCESS )
- {
- psa_close_key( *wrapping_key_handle );
- *wrapping_key_handle = 0;
- }
+ psa_key_derivation_abort( &operation );
return( status );
}
diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c
index 5514100..73692d0 100644
--- a/programs/psa/psa_constant_names.c
+++ b/programs/psa/psa_constant_names.c
@@ -64,6 +64,7 @@
/* The code of these function is automatically generated and included below. */
static const char *psa_ecc_curve_name(psa_ecc_curve_t curve);
+static const char *psa_dh_group_name(psa_dh_group_t group);
static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg);
static void append_with_curve(char **buffer, size_t buffer_size,
@@ -84,24 +85,41 @@
append(buffer, buffer_size, required_size, ")", 1);
}
-static void append_with_hash(char **buffer, size_t buffer_size,
- size_t *required_size,
- const char *string, size_t length,
- psa_algorithm_t hash_alg)
+static void append_with_group(char **buffer, size_t buffer_size,
+ size_t *required_size,
+ const char *string, size_t length,
+ psa_dh_group_t group)
{
- const char *hash_name = psa_hash_algorithm_name(hash_alg);
+ const char *group_name = psa_dh_group_name(group);
append(buffer, buffer_size, required_size, string, length);
append(buffer, buffer_size, required_size, "(", 1);
- if (hash_name != NULL) {
+ if (group_name != NULL) {
append(buffer, buffer_size, required_size,
- hash_name, strlen(hash_name));
+ group_name, strlen(group_name));
} else {
append_integer(buffer, buffer_size, required_size,
- "0x%08lx", hash_alg);
+ "0x%04x", group);
}
append(buffer, buffer_size, required_size, ")", 1);
}
+typedef const char *(*psa_get_algorithm_name_func_ptr)(psa_algorithm_t alg);
+
+static void append_with_alg(char **buffer, size_t buffer_size,
+ size_t *required_size,
+ psa_get_algorithm_name_func_ptr get_name,
+ psa_algorithm_t alg)
+{
+ const char *name = get_name(alg);
+ if (name != NULL) {
+ append(buffer, buffer_size, required_size,
+ name, strlen(name));
+ } else {
+ append_integer(buffer, buffer_size, required_size,
+ "0x%08lx", alg);
+ }
+}
+
#include "psa_constant_names_generated.c"
static int psa_snprint_status(char *buffer, size_t buffer_size,
@@ -138,6 +156,23 @@
}
}
+static int psa_snprint_dh_group(char *buffer, size_t buffer_size,
+ psa_dh_group_t group)
+{
+ const char *name = psa_dh_group_name(group);
+ if (name == NULL) {
+ return snprintf(buffer, buffer_size, "0x%04x", (unsigned) group);
+ } else {
+ size_t length = strlen(name);
+ if (length < buffer_size) {
+ memcpy(buffer, name, length + 1);
+ return (int) length;
+ } else {
+ return (int) buffer_size;
+ }
+ }
+}
+
static void usage(const char *program_name)
{
printf("Usage: %s TYPE VALUE [VALUE...]\n",
@@ -146,6 +181,7 @@
printf("Supported types (with = between aliases):\n");
printf(" alg=algorithm Algorithm (psa_algorithm_t)\n");
printf(" curve=ecc_curve Elliptic curve identifier (psa_ecc_curve_t)\n");
+ printf(" group=dh_group Diffie-Hellman group identifier (psa_dh_group_t)\n");
printf(" type=key_type Key type (psa_key_type_t)\n");
printf(" usage=key_usage Key usage (psa_key_usage_t)\n");
printf(" error=status Status code (psa_status_t)\n");
@@ -189,6 +225,7 @@
typedef enum {
TYPE_ALGORITHM,
TYPE_ECC_CURVE,
+ TYPE_DH_GROUP,
TYPE_KEY_TYPE,
TYPE_KEY_USAGE,
} unsigned_value_type;
@@ -217,6 +254,10 @@
psa_snprint_ecc_curve(buffer, sizeof(buffer),
(psa_ecc_curve_t) value);
break;
+ case TYPE_DH_GROUP:
+ psa_snprint_dh_group(buffer, sizeof(buffer),
+ (psa_dh_group_t) value);
+ break;
case TYPE_KEY_TYPE:
psa_snprint_key_type(buffer, sizeof(buffer),
(psa_key_type_t) value);
@@ -253,6 +294,9 @@
} else if (!strcmp(argv[1], "curve") || !strcmp(argv[1], "ecc_curve")) {
return process_unsigned(TYPE_ECC_CURVE, (psa_ecc_curve_t) (-1),
argv + 2);
+ } else if (!strcmp(argv[1], "group") || !strcmp(argv[1], "dh_group")) {
+ return process_unsigned(TYPE_DH_GROUP, (psa_dh_group_t) (-1),
+ argv + 2);
} else if (!strcmp(argv[1], "type") || !strcmp(argv[1], "key_type")) {
return process_unsigned(TYPE_KEY_TYPE, (psa_key_type_t) (-1),
argv + 2);
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index 3b350ed..6ae63b7 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -51,17 +51,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index a50402f..59df34b 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -54,17 +54,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index ef888ff..5ea52ae 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -52,17 +52,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index e31faaf..b005c20 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -25,18 +25,13 @@
#include MBEDTLS_CONFIG_FILE
#endif
-#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
-#else
+#if !defined(MBEDTLS_PLATFORM_C)
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_exit exit
#define mbedtls_printf printf
-#define mbedtls_snprintf snprintf
#define mbedtls_free free
-#define mbedtls_exit exit
-#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if !defined(MBEDTLS_TIMING_C)
@@ -97,7 +92,7 @@
/*
* Size to use for the alloc buffer if MEMORY_BUFFER_ALLOC_C is defined.
*/
-#define HEAP_SIZE (1u << 16) // 64k
+#define HEAP_SIZE (1u << 16) /* 64k */
#define BUFSIZE 1024
#define HEADER_FORMAT " %-24s : "
@@ -190,7 +185,12 @@
CODE; \
} \
\
- if( ret != 0 ) \
+ if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) \
+ { \
+ mbedtls_printf( "Feature Not Supported. Skipping.\n" ); \
+ ret = 0; \
+ } \
+ else if( ret != 0 ) \
{ \
PRINT_ERROR; \
} \
@@ -225,6 +225,18 @@
return( 0 );
}
+#define CHECK_AND_CONTINUE( R ) \
+ { \
+ int CHECK_AND_CONTINUE_ret = ( R ); \
+ if( CHECK_AND_CONTINUE_ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) { \
+ mbedtls_printf( "Feature not supported. Skipping.\n" ); \
+ continue; \
+ } \
+ else if( CHECK_AND_CONTINUE_ret != 0 ) { \
+ mbedtls_exit( 1 ); \
+ } \
+ }
+
/*
* Clear some memory that was used to prepare the context
*/
@@ -258,17 +270,6 @@
rsa, dhm, ecdsa, ecdh;
} todo_list;
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
int main( int argc, char *argv[] )
{
@@ -838,6 +839,9 @@
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
+ if( ! mbedtls_ecdsa_can_do( curve_info->grp_id ) )
+ continue;
+
mbedtls_ecdsa_init( &ecdsa );
if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 )
@@ -857,6 +861,9 @@
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
+ if( ! mbedtls_ecdsa_can_do( curve_info->grp_id ) )
+ continue;
+
mbedtls_ecdsa_init( &ecdsa );
if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 ||
@@ -899,24 +906,24 @@
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
+ if( ! mbedtls_ecdh_can_do( curve_info->grp_id ) )
+ continue;
+
mbedtls_ecdh_init( &ecdh );
- if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
- mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL ) != 0 ||
- mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 )
- {
- mbedtls_exit( 1 );
- }
+ CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
+ myrand, NULL ) );
+ CHECK_AND_CONTINUE( mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) );
ecp_clear_precomputed( &ecdh.grp );
mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s",
curve_info->name );
TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL );
- ret |= mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
+ CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
myrand, NULL ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
+ myrand, NULL ) ) );
mbedtls_ecdh_free( &ecdh );
}
@@ -928,19 +935,16 @@
mbedtls_ecdh_init( &ecdh );
mbedtls_mpi_init( &z );
- if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
- mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 )
- {
- mbedtls_exit( 1 );
- }
+ CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) );
mbedtls_snprintf( title, sizeof(title), "ECDHE-%s",
curve_info->name );
TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q,
- myrand, NULL );
- ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
- myrand, NULL ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q,
+ myrand, NULL ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
+ myrand, NULL ) ) );
mbedtls_ecdh_free( &ecdh );
mbedtls_mpi_free( &z );
@@ -950,24 +954,24 @@
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
+ if( ! mbedtls_ecdh_can_do( curve_info->grp_id ) )
+ continue;
+
mbedtls_ecdh_init( &ecdh );
- if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
- mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL ) != 0 ||
- mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 ||
- mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL ) != 0 )
- {
- mbedtls_exit( 1 );
- }
+ CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
+ myrand, NULL ) );
+ CHECK_AND_CONTINUE( mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
+ myrand, NULL ) );
ecp_clear_precomputed( &ecdh.grp );
mbedtls_snprintf( title, sizeof( title ), "ECDH-%s",
curve_info->name );
TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
- myrand, NULL ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
+ myrand, NULL ) ) );
mbedtls_ecdh_free( &ecdh );
}
@@ -979,19 +983,16 @@
mbedtls_ecdh_init( &ecdh );
mbedtls_mpi_init( &z );
- if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
- mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp,
- myrand, NULL ) != 0 ||
- mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 )
- {
- mbedtls_exit( 1 );
- }
+ CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp,
+ myrand, NULL ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) );
mbedtls_snprintf( title, sizeof(title), "ECDH-%s",
curve_info->name );
TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
- myrand, NULL ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
+ myrand, NULL ) ) );
mbedtls_ecdh_free( &ecdh );
mbedtls_mpi_free( &z );
@@ -999,6 +1000,48 @@
}
#endif
+#if defined(MBEDTLS_ECDH_C)
+ if( todo.ecdh )
+ {
+ mbedtls_ecdh_context ecdh_srv, ecdh_cli;
+ unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE];
+ const mbedtls_ecp_curve_info * curve_list = mbedtls_ecp_curve_list();
+ const mbedtls_ecp_curve_info *curve_info;
+ size_t olen;
+
+ for( curve_info = curve_list;
+ curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info++ )
+ {
+ if( ! mbedtls_ecdh_can_do( curve_info->grp_id ) )
+ continue;
+
+ mbedtls_ecdh_init( &ecdh_srv );
+ mbedtls_ecdh_init( &ecdh_cli );
+
+ mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name );
+ TIME_PUBLIC( title, "full handshake",
+ const unsigned char * p_srv = buf_srv;
+
+ CHECK_AND_CONTINUE( mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_make_params( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) );
+
+ CHECK_AND_CONTINUE( mbedtls_ecdh_read_params( &ecdh_cli, &p_srv, p_srv + olen ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) );
+
+ CHECK_AND_CONTINUE( mbedtls_ecdh_read_public( &ecdh_srv, buf_cli, olen ) );
+ CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) );
+
+ CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) );
+ mbedtls_ecdh_free( &ecdh_cli );
+
+ mbedtls_ecdh_free( &ecdh_srv );
+ );
+
+ }
+ }
+#endif
+
mbedtls_printf( "\n" );
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
diff --git a/programs/test/cmake_subproject/.gitignore b/programs/test/cmake_subproject/.gitignore
new file mode 100644
index 0000000..464833b
--- /dev/null
+++ b/programs/test/cmake_subproject/.gitignore
@@ -0,0 +1,3 @@
+build
+Makefile
+cmake_subproject
diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt
new file mode 100644
index 0000000..3afbdb2
--- /dev/null
+++ b/programs/test/cmake_subproject/CMakeLists.txt
@@ -0,0 +1,17 @@
+cmake_minimum_required(VERSION 2.6)
+
+# We use the parent Mbed TLS directory as the MBEDTLS_DIR for this test. Other
+# projects that use Mbed TLS as a subproject are likely to add by their own
+# relative paths.
+set(MBEDTLS_DIR ../../../)
+
+# Add Mbed TLS as a subdirectory.
+add_subdirectory(${MBEDTLS_DIR} build)
+
+# Link against the Mbed Crypto library.
+set(libs
+ mbedcrypto
+)
+
+add_executable(cmake_subproject cmake_subproject.c)
+target_link_libraries(cmake_subproject ${libs})
diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c
new file mode 100644
index 0000000..ca899bc
--- /dev/null
+++ b/programs/test/cmake_subproject/cmake_subproject.c
@@ -0,0 +1,56 @@
+/*
+ * Simple program to test that CMake builds with Mbed TLS as a subdirectory
+ * work correctly.
+ *
+ * Copyright (C) 2006-2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
+
+#include "mbedtls/version.h"
+
+/* The main reason to build this is for testing the CMake build, so the program
+ * doesn't need to do very much. It calls a single library function to ensure
+ * linkage works, but that is all. */
+int main()
+{
+ /* This version string is 18 bytes long, as advised by version.h. */
+ char version[18];
+
+ mbedtls_version_get_string_full( version );
+
+ mbedtls_printf( "Built against %s\n", version );
+
+ return( 0 );
+}
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
index c1dc743..81ca32c 100644
--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -38,13 +38,13 @@
#include "mbedtls/bn_mul.h"
#include "mbedtls/camellia.h"
#include "mbedtls/ccm.h"
-#include "mbedtls/certs.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/chachapoly.h"
#include "mbedtls/check_config.h"
#include "mbedtls/cipher.h"
#include "mbedtls/cipher_internal.h"
#include "mbedtls/cmac.h"
+#include "mbedtls/compat-1.3.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/des.h"
#include "mbedtls/dhm.h"
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index fc25353..da3dfb0 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -47,7 +47,6 @@
#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
#include "mbedtls/ccm.h"
-#include "mbedtls/certs.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/chachapoly.h"
#include "mbedtls/cipher.h"
@@ -269,6 +268,14 @@
}
#endif /* MBEDTLS_CHECK_PARAMS */
+#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
+ if( strcmp( "MBEDTLS_CHECK_PARAMS_ASSERT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_PARAMS_ASSERT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
+
#if defined(MBEDTLS_TIMING_ALT)
if( strcmp( "MBEDTLS_TIMING_ALT", config ) == 0 )
{
@@ -1109,6 +1116,14 @@
}
#endif /* MBEDTLS_SHA256_SMALLER */
+#if defined(MBEDTLS_SHA512_SMALLER)
+ if( strcmp( "MBEDTLS_SHA512_SMALLER", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_SMALLER );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA512_SMALLER */
+
#if defined(MBEDTLS_THREADING_ALT)
if( strcmp( "MBEDTLS_THREADING_ALT", config ) == 0 )
{
@@ -1509,6 +1524,14 @@
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_SE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_SE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_C", config ) == 0 )
{
@@ -1957,6 +1980,14 @@
}
#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ if( strcmp( "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
+
/* If the symbol is not found, return an error */
return( 1 );
}
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index fac7e92..638ef70 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -76,17 +76,6 @@
#include "mbedtls/memory_buffer_alloc.h"
#endif
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
{
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index 0cc9d06..f184939 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -65,17 +65,6 @@
}
#else
-#if defined(MBEDTLS_CHECK_PARAMS)
-#define mbedtls_exit exit
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
/*
* global options
diff --git a/scripts/abi_check.py b/scripts/abi_check.py
index 30c3fe5..e19f2c0 100755
--- a/scripts/abi_check.py
+++ b/scripts/abi_check.py
@@ -59,9 +59,7 @@
@staticmethod
def check_repo_path():
- current_dir = os.path.realpath('.')
- root_dir = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
- if current_dir != root_dir:
+ if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
raise Exception("Must be run from Mbed TLS root")
def _setup_logger(self):
@@ -108,6 +106,12 @@
stderr=subprocess.STDOUT
)
self.log.debug(worktree_output.decode("utf-8"))
+ version.commit = subprocess.check_output(
+ [self.git_command, "rev-parse", "HEAD"],
+ cwd=git_worktree_path,
+ stderr=subprocess.STDOUT
+ ).decode("ascii").rstrip()
+ self.log.debug("Commit is {}".format(version.commit))
return git_worktree_path
def _update_git_submodules(self, git_worktree_path, version):
@@ -163,6 +167,13 @@
os.path.join(root, file)
)
+ @staticmethod
+ def _pretty_revision(version):
+ if version.revision == version.commit:
+ return version.revision
+ else:
+ return "{} ({})".format(version.revision, version.commit)
+
def _get_abi_dumps_from_shared_libraries(self, version):
"""Generate the ABI dumps for the specified git revision.
The shared libraries must have been built and the module paths
@@ -177,7 +188,7 @@
"abi-dumper",
module_path,
"-o", output_path,
- "-lver", version.revision
+ "-lver", self._pretty_revision(version),
]
abi_dump_output = subprocess.check_output(
abi_dump_command,
@@ -214,7 +225,7 @@
def _remove_extra_detail_from_report(self, report_root):
for tag in ['test_info', 'test_results', 'problem_summary',
- 'added_symbols', 'removed_symbols', 'affected']:
+ 'added_symbols', 'affected']:
self._remove_children_with_tag(report_root, tag)
for report in report_root:
@@ -222,69 +233,84 @@
if not problems.getchildren():
report.remove(problems)
+ def _abi_compliance_command(self, mbed_module, output_path):
+ """Build the command to run to analyze the library mbed_module.
+ The report will be placed in output_path."""
+ abi_compliance_command = [
+ "abi-compliance-checker",
+ "-l", mbed_module,
+ "-old", self.old_version.abi_dumps[mbed_module],
+ "-new", self.new_version.abi_dumps[mbed_module],
+ "-strict",
+ "-report-path", output_path,
+ ]
+ if self.skip_file:
+ abi_compliance_command += ["-skip-symbols", self.skip_file,
+ "-skip-types", self.skip_file]
+ if self.brief:
+ abi_compliance_command += ["-report-format", "xml",
+ "-stdout"]
+ return abi_compliance_command
+
+ def _is_library_compatible(self, mbed_module, compatibility_report):
+ """Test if the library mbed_module has remained compatible.
+ Append a message regarding compatibility to compatibility_report."""
+ output_path = os.path.join(
+ self.report_dir, "{}-{}-{}.html".format(
+ mbed_module, self.old_version.revision,
+ self.new_version.revision
+ )
+ )
+ try:
+ subprocess.check_output(
+ self._abi_compliance_command(mbed_module, output_path),
+ stderr=subprocess.STDOUT
+ )
+ except subprocess.CalledProcessError as err:
+ if err.returncode != 1:
+ raise err
+ if self.brief:
+ self.log.info(
+ "Compatibility issues found for {}".format(mbed_module)
+ )
+ report_root = ET.fromstring(err.output.decode("utf-8"))
+ self._remove_extra_detail_from_report(report_root)
+ self.log.info(ET.tostring(report_root).decode("utf-8"))
+ else:
+ self.can_remove_report_dir = False
+ compatibility_report.append(
+ "Compatibility issues found for {}, "
+ "for details see {}".format(mbed_module, output_path)
+ )
+ return False
+ compatibility_report.append(
+ "No compatibility issues for {}".format(mbed_module)
+ )
+ if not (self.keep_all_reports or self.brief):
+ os.remove(output_path)
+ return True
+
def get_abi_compatibility_report(self):
"""Generate a report of the differences between the reference ABI
and the new ABI. ABI dumps from self.old_version and self.new_version
must be available."""
- compatibility_report = ""
+ compatibility_report = ["Checking evolution from {} to {}".format(
+ self._pretty_revision(self.old_version),
+ self._pretty_revision(self.new_version)
+ )]
compliance_return_code = 0
shared_modules = list(set(self.old_version.modules.keys()) &
set(self.new_version.modules.keys()))
for mbed_module in shared_modules:
- output_path = os.path.join(
- self.report_dir, "{}-{}-{}.html".format(
- mbed_module, self.old_version.revision,
- self.new_version.revision
- )
- )
- abi_compliance_command = [
- "abi-compliance-checker",
- "-l", mbed_module,
- "-old", self.old_version.abi_dumps[mbed_module],
- "-new", self.new_version.abi_dumps[mbed_module],
- "-strict",
- "-report-path", output_path,
- ]
- if self.skip_file:
- abi_compliance_command += ["-skip-symbols", self.skip_file,
- "-skip-types", self.skip_file]
- if self.brief:
- abi_compliance_command += ["-report-format", "xml",
- "-stdout"]
- try:
- subprocess.check_output(
- abi_compliance_command,
- stderr=subprocess.STDOUT
- )
- except subprocess.CalledProcessError as err:
- if err.returncode == 1:
- compliance_return_code = 1
- if self.brief:
- self.log.info(
- "Compatibility issues found for {}".format(mbed_module)
- )
- report_root = ET.fromstring(err.output.decode("utf-8"))
- self._remove_extra_detail_from_report(report_root)
- self.log.info(ET.tostring(report_root).decode("utf-8"))
- else:
- self.can_remove_report_dir = False
- compatibility_report += (
- "Compatibility issues found for {}, "
- "for details see {}\n".format(mbed_module, output_path)
- )
- else:
- raise err
- else:
- compatibility_report += (
- "No compatibility issues for {}\n".format(mbed_module)
- )
- if not (self.keep_all_reports or self.brief):
- os.remove(output_path)
- os.remove(self.old_version.abi_dumps[mbed_module])
- os.remove(self.new_version.abi_dumps[mbed_module])
+ if not self._is_library_compatible(mbed_module,
+ compatibility_report):
+ compliance_return_code = 1
+ for version in [self.old_version, self.new_version]:
+ for mbed_module, mbed_module_dump in version.abi_dumps.items():
+ os.remove(mbed_module_dump)
if self.can_remove_report_dir:
os.rmdir(self.report_dir)
- self.log.info(compatibility_report)
+ self.log.info("\n".join(compatibility_report))
return compliance_return_code
def check_for_abi_changes(self):
@@ -356,7 +382,9 @@
)
parser.add_argument(
"-s", "--skip-file", type=str,
- help="path to file containing symbols and types to skip"
+ help=("path to file containing symbols and types to skip "
+ "(typically \"-s identifiers\" after running "
+ "\"tests/scripts/list-identifiers.sh --internal\")")
)
parser.add_argument(
"-b", "--brief", action="store_true",
@@ -370,6 +398,7 @@
version="old",
repository=abi_args.old_repo,
revision=abi_args.old_rev,
+ commit=None,
crypto_repository=abi_args.old_crypto_repo,
crypto_revision=abi_args.old_crypto_rev,
abi_dumps={},
@@ -379,6 +408,7 @@
version="new",
repository=abi_args.new_repo,
revision=abi_args.new_rev,
+ commit=None,
crypto_repository=abi_args.new_crypto_repo,
crypto_revision=abi_args.new_crypto_rev,
abi_dumps={},
diff --git a/scripts/config.pl b/scripts/config.pl
index b667905..ed0967d 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -29,8 +29,9 @@
# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
# MBEDTLS_NO_PLATFORM_ENTROPY
# MBEDTLS_RSA_NO_CRT
-# MBEDTLS_USE_PSA_CRYPTO
-# - experimental, and more an alternative implementation than a feature
+# MBEDTLS_PSA_CRYPTO_SPM
+# MBEDTLS_PSA_INJECT_ENTROPY
+# MBEDTLS_ECP_RESTARTABLE
# and any symbol beginning _ALT
#
@@ -85,10 +86,12 @@
MBEDTLS_RSA_NO_CRT
MBEDTLS_NO_UDBL_DIVISION
MBEDTLS_NO_64BIT_MULTIPLICATION
+MBEDTLS_PSA_CRYPTO_SE_C
MBEDTLS_PSA_CRYPTO_SPM
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
MBEDTLS_PSA_INJECT_ENTROPY
-MBEDTLS_USE_PSA_CRYPTO
+MBEDTLS_ECP_RESTARTABLE
+MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
_ALT\s*$
);
@@ -107,9 +110,9 @@
MBEDTLS_MEMORY_BUFFER_ALLOC_C
MBEDTLS_PLATFORM_TIME_ALT
MBEDTLS_PLATFORM_FPRINTF_ALT
-MBEDTLS_PSA_CRYPTO_STORAGE_C
-MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
MBEDTLS_PSA_ITS_FILE_C
+MBEDTLS_PSA_CRYPTO_SE_C
+MBEDTLS_PSA_CRYPTO_STORAGE_C
);
# Things that should be enabled in "full" even if they match @excluded
diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index 600f130..911900f 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -47,7 +47,6 @@
#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
#include "mbedtls/ccm.h"
-#include "mbedtls/certs.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/chachapoly.h"
#include "mbedtls/cipher.h"
diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt
index 767eda1..63ae94c 100644
--- a/scripts/data_files/version_features.fmt
+++ b/scripts/data_files/version_features.fmt
@@ -31,7 +31,7 @@
#include <string.h>
-static const char *features[] = {
+static const char * const features[] = {
#if defined(MBEDTLS_VERSION_FEATURES)
FEATURE_DEFINES
#endif /* MBEDTLS_VERSION_FEATURES */
@@ -40,7 +40,7 @@
int mbedtls_version_check_feature( const char *feature )
{
- const char **idx = features;
+ const char * const *idx = features;
if( *idx == NULL )
return( -2 );
diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj
index fac9812..5480a44 100644
--- a/scripts/data_files/vs2010-app-template.vcxproj
+++ b/scripts/data_files/vs2010-app-template.vcxproj
Binary files differ
diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj
index 773b58a..7071cd2 100644
--- a/scripts/data_files/vs2010-main-template.vcxproj
+++ b/scripts/data_files/vs2010-main-template.vcxproj
@@ -85,8 +85,8 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
@@ -100,8 +100,8 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
@@ -117,8 +117,8 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -135,8 +135,8 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py
index 382fd23..bf76c2d 100755
--- a/scripts/generate_psa_constants.py
+++ b/scripts/generate_psa_constants.py
@@ -1,9 +1,15 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
+
+"""Generate programs/psa/psa_constant_names_generated.c
+which is included by programs/psa/psa_constant_names.c.
+The code generated by this module is only meant to be used in the context
+of that program.
+"""
+
import os
import re
-import sys
-output_template = '''\
+OUTPUT_TEMPLATE = '''\
/* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */
static const char *psa_strerror(psa_status_t status)
@@ -22,6 +28,14 @@
}
}
+static const char *psa_dh_group_name(psa_dh_group_t group)
+{
+ switch (group) {
+ %(dh_group_cases)s
+ default: return NULL;
+ }
+}
+
static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg)
{
switch (hash_alg) {
@@ -30,6 +44,14 @@
}
}
+static const char *psa_ka_algorithm_name(psa_algorithm_t ka_alg)
+{
+ switch (ka_alg) {
+ %(ka_algorithm_cases)s
+ default: return NULL;
+ }
+}
+
static int psa_snprint_key_type(char *buffer, size_t buffer_size,
psa_key_type_t type)
{
@@ -47,12 +69,13 @@
return (int) required_size;
}
+#define NO_LENGTH_MODIFIER 0xfffffffflu
static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
psa_algorithm_t alg)
{
size_t required_size = 0;
psa_algorithm_t core_alg = alg;
- unsigned long length_modifier = 0;
+ unsigned long length_modifier = NO_LENGTH_MODIFIER;
if (PSA_ALG_IS_MAC(alg)) {
core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0);
if (core_alg != alg) {
@@ -70,6 +93,15 @@
"PSA_ALG_AEAD_WITH_TAG_LENGTH(", 29);
length_modifier = PSA_AEAD_TAG_LENGTH(alg);
}
+ } else if (PSA_ALG_IS_KEY_AGREEMENT(alg) &&
+ !PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
+ core_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg);
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_KEY_AGREEMENT(", 22);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_ka_algorithm_name,
+ PSA_ALG_KEY_AGREEMENT_GET_BASE(alg));
+ append(&buffer, buffer_size, &required_size, ", ", 2);
}
switch (core_alg) {
%(algorithm_cases)s
@@ -81,9 +113,11 @@
break;
}
if (core_alg != alg) {
- append(&buffer, buffer_size, &required_size, ", ", 2);
- append_integer(&buffer, buffer_size, &required_size,
- "%%lu", length_modifier);
+ if (length_modifier != NO_LENGTH_MODIFIER) {
+ append(&buffer, buffer_size, &required_size, ", ", 2);
+ append_integer(&buffer, buffer_size, &required_size,
+ "%%lu", length_modifier);
+ }
append(&buffer, buffer_size, &required_size, ")", 1);
}
buffer[0] = 0;
@@ -119,19 +153,28 @@
/* End of automatically generated file. */
'''
-key_type_from_curve_template = '''if (%(tester)s(type)) {
+KEY_TYPE_FROM_CURVE_TEMPLATE = '''if (%(tester)s(type)) {
append_with_curve(&buffer, buffer_size, &required_size,
"%(builder)s", %(builder_length)s,
PSA_KEY_TYPE_GET_CURVE(type));
} else '''
-algorithm_from_hash_template = '''if (%(tester)s(core_alg)) {
- append_with_hash(&buffer, buffer_size, &required_size,
- "%(builder)s", %(builder_length)s,
- PSA_ALG_GET_HASH(core_alg));
+KEY_TYPE_FROM_GROUP_TEMPLATE = '''if (%(tester)s(type)) {
+ append_with_group(&buffer, buffer_size, &required_size,
+ "%(builder)s", %(builder_length)s,
+ PSA_KEY_TYPE_GET_GROUP(type));
} else '''
-bit_test_template = '''\
+ALGORITHM_FROM_HASH_TEMPLATE = '''if (%(tester)s(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "%(builder)s(", %(builder_length)s + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else '''
+
+BIT_TEST_TEMPLATE = '''\
if (%(var)s & %(flag)s) {
if (required_size != 0) {
append(&buffer, buffer_size, &required_size, " | ", 3);
@@ -142,13 +185,22 @@
'''
class MacroCollector:
+ """Collect PSA crypto macro definitions from C header files.
+
+ 1. Call `read_file` on the input header file(s).
+ 2. Call `write_file` to write ``psa_constant_names_generated.c``.
+ """
+
def __init__(self):
self.statuses = set()
self.key_types = set()
self.key_types_from_curve = {}
+ self.key_types_from_group = {}
self.ecc_curves = set()
+ self.dh_groups = set()
self.algorithms = set()
self.hash_algorithms = set()
+ self.ka_algorithms = set()
self.algorithms_from_hash = {}
self.key_usages = set()
@@ -158,6 +210,11 @@
definition_re = re.compile(r'\s*#\s*define\s+(\w+)(?:\s+|\((\w+)\)\s*)(.+)(?:/[*/])?')
def read_line(self, line):
+ """Parse a C header line and record the PSA identifier it defines if any.
+ This function analyzes lines that start with "#define PSA_"
+ (up to non-significant whitespace) and skips all non-matching lines.
+ """
+ # pylint: disable=too-many-branches
m = re.match(self.definition_re, line)
if not m:
return
@@ -167,12 +224,11 @@
return
elif (name.startswith('PSA_ERROR_') or name == 'PSA_SUCCESS') \
and not parameter:
- if name in [
- 'PSA_ERROR_UNKNOWN_ERROR',
+ if name in ['PSA_ERROR_UNKNOWN_ERROR',
'PSA_ERROR_OCCUPIED_SLOT',
'PSA_ERROR_EMPTY_SLOT',
'PSA_ERROR_INSUFFICIENT_CAPACITY',
- ]:
+ ]:
# Ad hoc skipping of deprecated error codes, which share
# numerical values with non-deprecated error codes
return
@@ -182,8 +238,12 @@
self.key_types.add(name)
elif name.startswith('PSA_KEY_TYPE_') and parameter == 'curve':
self.key_types_from_curve[name] = name[:13] + 'IS_' + name[13:]
+ elif name.startswith('PSA_KEY_TYPE_') and parameter == 'group':
+ self.key_types_from_group[name] = name[:13] + 'IS_' + name[13:]
elif name.startswith('PSA_ECC_CURVE_') and not parameter:
self.ecc_curves.add(name)
+ elif name.startswith('PSA_DH_GROUP_') and not parameter:
+ self.dh_groups.add(name)
elif name.startswith('PSA_ALG_') and not parameter:
if name in ['PSA_ALG_ECDSA_BASE',
'PSA_ALG_RSA_PKCS1V15_SIGN_BASE']:
@@ -193,6 +253,9 @@
# Ad hoc detection of hash algorithms
if re.search(r'0x010000[0-9A-Fa-f]{2}', definition):
self.hash_algorithms.add(name)
+ # Ad hoc detection of key agreement algorithms
+ if re.search(r'0x30[0-9A-Fa-f]{2}0000', definition):
+ self.ka_algorithms.add(name)
elif name.startswith('PSA_ALG_') and parameter == 'hash_alg':
if name in ['PSA_ALG_DSA', 'PSA_ALG_ECDSA']:
# A naming irregularity
@@ -210,81 +273,105 @@
for line in header_file:
self.read_line(line)
- def make_return_case(self, name):
+ @staticmethod
+ def _make_return_case(name):
return 'case %(name)s: return "%(name)s";' % {'name': name}
- def make_append_case(self, name):
+ @staticmethod
+ def _make_append_case(name):
template = ('case %(name)s: '
'append(&buffer, buffer_size, &required_size, "%(name)s", %(length)d); '
'break;')
return template % {'name': name, 'length': len(name)}
- def make_inner_append_case(self, name):
- template = ('case %(name)s: '
- 'append(buffer, buffer_size, required_size, "%(name)s", %(length)d); '
- 'break;')
- return template % {'name': name, 'length': len(name)}
-
- def make_bit_test(self, var, flag):
- return bit_test_template % {'var': var,
+ @staticmethod
+ def _make_bit_test(var, flag):
+ return BIT_TEST_TEMPLATE % {'var': var,
'flag': flag,
'length': len(flag)}
- def make_status_cases(self):
- return '\n '.join(map(self.make_return_case,
+ def _make_status_cases(self):
+ return '\n '.join(map(self._make_return_case,
sorted(self.statuses)))
- def make_ecc_curve_cases(self):
- return '\n '.join(map(self.make_return_case,
+ def _make_ecc_curve_cases(self):
+ return '\n '.join(map(self._make_return_case,
sorted(self.ecc_curves)))
- def make_key_type_cases(self):
- return '\n '.join(map(self.make_append_case,
+ def _make_dh_group_cases(self):
+ return '\n '.join(map(self._make_return_case,
+ sorted(self.dh_groups)))
+
+ def _make_key_type_cases(self):
+ return '\n '.join(map(self._make_append_case,
sorted(self.key_types)))
- def make_key_type_from_curve_code(self, builder, tester):
- return key_type_from_curve_template % {'builder': builder,
+ @staticmethod
+ def _make_key_type_from_curve_code(builder, tester):
+ return KEY_TYPE_FROM_CURVE_TEMPLATE % {'builder': builder,
'builder_length': len(builder),
'tester': tester}
- def make_key_type_code(self):
+ @staticmethod
+ def _make_key_type_from_group_code(builder, tester):
+ return KEY_TYPE_FROM_GROUP_TEMPLATE % {'builder': builder,
+ 'builder_length': len(builder),
+ 'tester': tester}
+
+ def _make_ecc_key_type_code(self):
d = self.key_types_from_curve
- make = self.make_key_type_from_curve_code
+ make = self._make_key_type_from_curve_code
return ''.join([make(k, d[k]) for k in sorted(d.keys())])
- def make_hash_algorithm_cases(self):
- return '\n '.join(map(self.make_return_case,
+ def _make_dh_key_type_code(self):
+ d = self.key_types_from_group
+ make = self._make_key_type_from_group_code
+ return ''.join([make(k, d[k]) for k in sorted(d.keys())])
+
+ def _make_hash_algorithm_cases(self):
+ return '\n '.join(map(self._make_return_case,
sorted(self.hash_algorithms)))
- def make_algorithm_cases(self):
- return '\n '.join(map(self.make_append_case,
+ def _make_ka_algorithm_cases(self):
+ return '\n '.join(map(self._make_return_case,
+ sorted(self.ka_algorithms)))
+
+ def _make_algorithm_cases(self):
+ return '\n '.join(map(self._make_append_case,
sorted(self.algorithms)))
- def make_algorithm_from_hash_code(self, builder, tester):
- return algorithm_from_hash_template % {'builder': builder,
+ @staticmethod
+ def _make_algorithm_from_hash_code(builder, tester):
+ return ALGORITHM_FROM_HASH_TEMPLATE % {'builder': builder,
'builder_length': len(builder),
'tester': tester}
- def make_algorithm_code(self):
+ def _make_algorithm_code(self):
d = self.algorithms_from_hash
- make = self.make_algorithm_from_hash_code
+ make = self._make_algorithm_from_hash_code
return ''.join([make(k, d[k]) for k in sorted(d.keys())])
- def make_key_usage_code(self):
- return '\n'.join([self.make_bit_test('usage', bit)
+ def _make_key_usage_code(self):
+ return '\n'.join([self._make_bit_test('usage', bit)
for bit in sorted(self.key_usages)])
def write_file(self, output_file):
+ """Generate the pretty-printer function code from the gathered
+ constant definitions.
+ """
data = {}
- data['status_cases'] = self.make_status_cases()
- data['ecc_curve_cases'] = self.make_ecc_curve_cases()
- data['key_type_cases'] = self.make_key_type_cases()
- data['key_type_code'] = self.make_key_type_code()
- data['hash_algorithm_cases'] = self.make_hash_algorithm_cases()
- data['algorithm_cases'] = self.make_algorithm_cases()
- data['algorithm_code'] = self.make_algorithm_code()
- data['key_usage_code'] = self.make_key_usage_code()
- output_file.write(output_template % data)
+ data['status_cases'] = self._make_status_cases()
+ data['ecc_curve_cases'] = self._make_ecc_curve_cases()
+ data['dh_group_cases'] = self._make_dh_group_cases()
+ data['key_type_cases'] = self._make_key_type_cases()
+ data['key_type_code'] = (self._make_ecc_key_type_code() +
+ self._make_dh_key_type_code())
+ data['hash_algorithm_cases'] = self._make_hash_algorithm_cases()
+ data['ka_algorithm_cases'] = self._make_ka_algorithm_cases()
+ data['algorithm_cases'] = self._make_algorithm_cases()
+ data['algorithm_code'] = self._make_algorithm_code()
+ data['key_usage_code'] = self._make_key_usage_code()
+ output_file.write(OUTPUT_TEMPLATE % data)
def generate_psa_constants(header_file_names, output_file_name):
collector = MacroCollector()
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 42f3024..2134f53 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -22,6 +22,8 @@
my $mbedtls_header_dir = 'include/mbedtls';
my $psa_header_dir = 'include/psa';
my $source_dir = 'library';
+my $everest_header_dir = '3rdparty/everest/include/everest';
+my @everest_source_dirs = ('3rdparty/everest/library', '3rdparty/everest/library/kremlib', '3rdparty/everest/library/legacy');
# Need windows line endings!
my $vsx_hdr_tpl = <<EOT;
@@ -53,9 +55,11 @@
exit( main() );
sub check_dirs {
+ foreach my $d (@everest_source_dirs) { if (not (-d $d)) { return 0; } }
return -d $vsx_dir
&& -d $mbedtls_header_dir
&& -d $psa_header_dir
+ && -d $everest_header_dir
&& -d $source_dir
&& -d $programs_dir;
}
@@ -139,12 +143,14 @@
}
sub gen_main_file {
- my ($mbedtls_headers, $psa_headers, $source_headers, $sources, $hdr_tpl, $src_tpl, $main_tpl, $main_out) = @_;
+ my ($mbedtls_headers, $psa_headers, $source_headers, $everest_headers, $sources, $everest_sources, $hdr_tpl, $src_tpl, $main_tpl, $main_out) = @_;
my $header_entries = gen_entry_list( $hdr_tpl, @$mbedtls_headers );
$header_entries .= gen_entry_list( $hdr_tpl, @$psa_headers );
$header_entries .= gen_entry_list( $hdr_tpl, @$source_headers );
+ $header_entries .= gen_entry_list( $hdr_tpl, @$everest_headers );
my $source_entries = gen_entry_list( $src_tpl, @$sources );
+ $source_entries .= gen_entry_list( $src_tpl, @$everest_sources );
my $out = slurp_file( $main_tpl );
$out =~ s/SOURCE_ENTRIES\r\n/$source_entries/m;
@@ -205,11 +211,18 @@
map { s!/!\\!g } @psa_headers;
map { s!/!\\!g } @sources;
+ my @everest_headers = <$everest_header_dir/*.h>;
+ my @everest_sources = ();
+ foreach my $d (@everest_source_dirs) { push @everest_sources, <$d/*.c>; }
+ @everest_sources = grep !/3rdparty\/everest\/library\/Hacl_Curve25519.c/, @everest_sources;
+ map { s!/!\\!g } @everest_headers;
+ map { s!/!\\!g } @everest_sources;
+
gen_app_files( @app_list );
gen_main_file( \@mbedtls_headers, \@psa_headers, \@source_headers,
- \@sources, $vsx_hdr_tpl, $vsx_src_tpl,
- $vsx_main_tpl_file, $vsx_main_file );
+ \@everest_headers, \@sources, \@everest_sources, $vsx_hdr_tpl,
+ $vsx_src_tpl, $vsx_main_tpl_file, $vsx_main_file );
gen_vsx_solution( @app_list );
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 42d99d6..7dcc98d 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -2,6 +2,13 @@
mbedcrypto
)
+# Set the project root directory if it's not already defined, as may happen if
+# the tests folder is included directly by a parent project, without including
+# the top level CMakeLists.txt.
+if(NOT DEFINED MBEDTLS_DIR)
+ set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
+endif()
+
find_package(Perl)
if(NOT PERL_FOUND)
message(FATAL_ERROR "Cannot build test suites without Perl")
@@ -43,9 +50,9 @@
add_executable(${exe_name} test_suite_${data_name}.c)
target_link_libraries(${exe_name} ${libs})
target_include_directories(${exe_name}
- PUBLIC ${CMAKE_SOURCE_DIR}/include/
- PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/
- PRIVATE ${CMAKE_SOURCE_DIR}/crypto/library/)
+ PUBLIC ${MBEDTLS_DIR}/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/library/)
if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX})
message(STATUS "The test suite ${data_name} will not be executed.")
@@ -135,6 +142,8 @@
add_test_suite(psa_crypto_init)
add_test_suite(psa_crypto_metadata)
add_test_suite(psa_crypto_persistent_key)
+add_test_suite(psa_crypto_se_driver_hal)
+add_test_suite(psa_crypto_se_driver_hal_mocks)
add_test_suite(psa_crypto_slot_management)
add_test_suite(psa_its)
add_test_suite(shax)
diff --git a/tests/Makefile b/tests/Makefile
index aba002b..4eb9142 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -2,7 +2,7 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
CFLAGS ?= -O2
-WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value
+WARNING_CFLAGS ?= -Wall -Wextra
LDFLAGS ?=
CRYPTO_INCLUDES ?= -I../include
@@ -10,6 +10,9 @@
LOCAL_LDFLAGS = -L../library \
-lmbedcrypto$(SHARED_SUFFIX)
+include ../3rdparty/Makefile.inc
+LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
+
# Enable definition of various functions used throughout the testsuite
# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless
# on non-POSIX platforms.
@@ -104,6 +107,11 @@
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+# Some test suites require additional header files.
+$(filter test_suite_psa_crypto%, $(BINARIES)): psa_crypto_helpers.h
+$(addprefix embedded_,$(filter test_suite_psa_crypto%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_crypto_helpers.h
+$(filter test_suite_psa_%, $(BINARIES)): psa_helpers.h
+$(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_helpers.h
clean:
ifndef WINDOWS
@@ -141,3 +149,17 @@
generate-target-tests: $(EMBEDDED_TESTS)
+define copy_header_to_target
+TESTS/mbedtls/$(1)/$(2): $(2)
+ echo " Copy ./$$@"
+ifndef WINDOWS
+ mkdir -p $$(@D)
+ cp $$< $$@
+else
+ mkdir $$(@D)
+ copy $$< $$@
+endif
+
+endef
+$(foreach app, $(APPS), $(foreach file, $(wildcard *.h), \
+ $(eval $(call copy_header_to_target,$(app),$(file)))))
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 512bb29..8694d01 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -48,17 +48,19 @@
all_intermediate += test-ca.req.sha256
test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
- $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
-test-ca.der: test-ca.crt
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
+all_final += test-ca.crt
+
+test-ca.crt.der: test-ca.crt
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
-all_final += test-ca.crt test-ca.der
+all_final += test-ca.der
test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
- $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
all_final += test-ca-sha1.crt
test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
- $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA256 version=3 output_file=$@
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
all_final += test-ca-sha256.crt
cli_crt_key_file_rsa = cli-rsa.key
@@ -68,10 +70,10 @@
all_intermediate += cli-rsa.csr
cli-rsa-sha1.crt: cli-rsa.csr
- $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
+ $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
cli-rsa-sha256.crt: cli-rsa.csr
- $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
+ $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
all_final += cli-rsa-sha256.crt
test_ca_int_rsa1 = test-int-ca.crt
@@ -671,13 +673,15 @@
# server2*
server2.crt: server2.req.sha256
- $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
+ $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+all_final += server2.crt
+
server2.der: server2.crt
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
-all_final += server2.crt server2.der
+all_final += server2.der
server2-sha256.crt: server2.req.sha256
- $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
+ $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
all_final += server2-sha256.crt
diff --git a/tests/data_files/rsa_pkcs1_1024_clear.pem b/tests/data_files/rsa_pkcs1_1024_clear.pem
index 2d1a176..e26eac3 100644
--- a/tests/data_files/rsa_pkcs1_1024_clear.pem
+++ b/tests/data_files/rsa_pkcs1_1024_clear.pem
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCvBX05buhPt1/btcKxPH/lplSqiqJHC1Qe4f6wsS0lx5cRUxJJ
-4RKWKAQtu7bBINFENSTvTA5uHYlW7rIHevEjSd3u5USDvAbCxhlIzQKyAueWrr2U
-06fL+FnCwYGcMky4K5zTTt4mOiq//kcz8HeGnoZg99aDTaU9aQ73mF9rwwIDAQAB
-AoGBAIdL8P/C8qcdFGcd3QFxyVTX/b9QKB5PbZnqDh68+C+qWOe1lf+yk9Gr4X8R
-CzfEjMDzbDfoTYdmIdMn9ku+CEV9PsQJi6L6CjGfukEcKEHte+gxlqjN+dql0AaU
-vDNfxMMiF/4EiLzpy3IC5ZRoserRGQAEd9ssp5f6wZ7aP1jBAkEA4qt2CEG7nTCo
-HSIt4etzgdgiFEB/G5dcu/5OGpRn/ZitvXj2B4Nspb4ZKLnRYNl/1FwS1rUuLJhx
-oXTGa0iBEwJBAMWrJ2AhWa59byDDwu6FHkbcES5onijV/Lv5kKme+KkLi7RP02Rn
-5/wXic62Y6vaM4ZSw8c/ERd0kC6EBWWScJECQQC2zb01T331eaY7SLNkPjU7hImH
-d7SLFflOC/wFZ6auWRHVetZAnPdke/liZOm9h+uV4mO3EQuaH5+UrM7Q+vpNAkBx
-GV7sN+jSV97PxnKweuY58Qy7mwxznQyAmWjWRKlOP9btkocHehRYPzeQWPdqiuzU
-PGLcjA9BdmZQ1yUnWsShAkEAuzLRM+3C4EjUYziLe+nLS+KfS2JQvmA+cONkdQHJ
-fd3iCk5xvpX9XnF4TiWspLryW+Vziq5Zu/4cmXeBRHorJA==
+MIICXAIBAAKBgQDHOJLFw/RwEAhr+BM17PMBHIolD5WCNh6qHpYSVRqs+Ht1Mwtw
+VzOc2ZXxTUxEN8i+xKA/5GQ80/PJAkM9w3xbjnmqCYSughM3Cr+Fab0qNWJssf7k
+rOBCskF8e+SdJxSbLAdrjkM9P2x2OkaaHHANJZ28CMdA/NgCN2L/fev8LQIDAQAB
+AoGBAL2/t6Qf6PDXhH350apaHnYfjcCQ4FEeZQSZj0y0vGylW0mcrbd5hxJM+BDW
+E98h1tVEiHFygrqhEiCRRCROzmDhjlPVymxBXP+Jev4xeV5mvf2PzgwOR8MTdbFo
+dOSI6t9bhpCyp0Ln8eQzGXtuWsH6arJsyJJ9JzCrzeI48sjNAkEA+lgGSPNyWHZW
+E0zdtznvGphYKPMuDUTGzm1gTZ0oes6qjr4OA9rD3NTGHVW1FVLq63leTiqK8sOS
+uJduIauW4wJBAMu4214tyhB720BuLH7vD0mCKipzD0cEuAdf3NEel3KZxnHD4AK+
+xeiEfFCstMg5uMCNLkShGjMZ5zNfRIqxfa8CQDJjW0h9r6s8jlCuLQY/I/A/b6c2
+YzOKf1V3UGXu1wH47P10JZADDV86eHHZGWykVuJ0eFXVXEhGsxZybFlcly8CQDet
+Ks7fZsUAhJhkQ+bhAOWPHGUDkx5OrNjfGyNP4AYi/rgi1zsI1l/IrY0C1lmOZO7C
+5u08tkNXBfflRn89KOMCQAwCFgbZqd/VDFyemqwMZAXp+Y1HvGeZI0pr3vBJzO3W
+OvIa0KckJ793UjS6Iijfnyy9pWmKJLdKEMe/AtSRDi0=
-----END RSA PRIVATE KEY-----
diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile
new file mode 100644
index 0000000..1b2d40f
--- /dev/null
+++ b/tests/docker/bionic/Dockerfile
@@ -0,0 +1,168 @@
+# Dockerfile
+#
+# Purpose
+# -------
+# Defines a Docker container suitable to build and run all tests (all.sh),
+# except for those that use a proprietary toolchain.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+ARG MAKEFLAGS_PARALLEL=""
+ARG MY_REGISTRY=
+
+FROM ${MY_REGISTRY}ubuntu:bionic
+
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update \
+ && apt-get -y install software-properties-common \
+ && rm -rf /var/lib/apt/lists
+
+RUN add-apt-repository -y ppa:team-gcc-arm-embedded/ppa
+
+RUN apt-get update \
+ && apt-get -y install \
+ # mbedtls build/test dependencies
+ build-essential \
+ clang \
+ cmake \
+ doxygen \
+ gcc-arm-none-eabi \
+ gcc-mingw-w64-i686 \
+ gcc-multilib \
+ g++-multilib \
+ gdb \
+ git \
+ graphviz \
+ lsof \
+ python \
+ python3-pip \
+ python3 \
+ pylint3 \
+ valgrind \
+ wget \
+ # libnettle build dependencies
+ libgmp-dev \
+ m4 \
+ pkg-config \
+ && rm -rf /var/lib/apt/lists/*
+
+# Build a static, legacy openssl from sources with sslv3 enabled
+# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
+# Note: openssl-1.0.2 and earlier has known build issues with parallel make.
+RUN cd /tmp \
+ && wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1j.tar.gz -qO- | tar xz \
+ && cd openssl-1.0.1j \
+ && ./config --openssldir=/usr/local/openssl-1.0.1j no-shared \
+ && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \
+ && make install_sw \
+ && rm -rf /tmp/openssl*
+ENV OPENSSL_LEGACY=/usr/local/openssl-1.0.1j/bin/openssl
+
+# Build OPENSSL as 1.0.2g
+RUN cd /tmp \
+ && wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2g.tar.gz -qO- | tar xz \
+ && cd openssl-1.0.2g \
+ && ./config --openssldir=/usr/local/openssl-1.0.2g no-shared \
+ && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \
+ && make install_sw \
+ && rm -rf /tmp/openssl*
+ENV OPENSSL=/usr/local/openssl-1.0.2g/bin/openssl
+
+# Build a new openssl binary for ARIA/CHACHA20 support
+# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
+RUN cd /tmp \
+ && wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz -qO- | tar xz \
+ && cd openssl-1.1.1a \
+ && ./config --prefix=/usr/local/openssl-1.1.1a -Wl,--enable-new-dtags,-rpath,'${LIBRPATH}' no-shared \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install_sw \
+ && rm -rf /tmp/openssl*
+ENV OPENSSL_NEXT=/usr/local/openssl-1.1.1a/bin/openssl
+
+# Build libnettle 2.7.1 (needed by legacy gnutls)
+RUN cd /tmp \
+ && wget https://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gz -qO- | tar xz \
+ && cd nettle-2.7.1 \
+ && ./configure --disable-documentation \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && /sbin/ldconfig \
+ && rm -rf /tmp/nettle*
+
+# Build legacy gnutls (3.3.8)
+RUN cd /tmp \
+ && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.3/gnutls-3.3.8.tar.xz -qO- | tar xJ \
+ && cd gnutls-3.3.8 \
+ && ./configure --prefix=/usr/local/gnutls-3.3.8 --exec_prefix=/usr/local/gnutls-3.3.8 --disable-shared --disable-guile --disable-doc \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && rm -rf /tmp/gnutls*
+ENV GNUTLS_LEGACY_CLI=/usr/local/gnutls-3.3.8/bin/gnutls-cli
+ENV GNUTLS_LEGACY_SERV=/usr/local/gnutls-3.3.8/bin/gnutls-serv
+
+# Build libnettle 3.1 (needed by gnutls)
+RUN cd /tmp \
+ && wget https://ftp.gnu.org/gnu/nettle/nettle-3.1.tar.gz -qO- | tar xz \
+ && cd nettle-3.1 \
+ && ./configure --disable-documentation \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && /sbin/ldconfig \
+ && rm -rf /tmp/nettle*
+
+# Build gnutls (3.4.10)
+RUN cd /tmp \
+ && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.4/gnutls-3.4.10.tar.xz -qO- | tar xJ \
+ && cd gnutls-3.4.10 \
+ && ./configure --prefix=/usr/local/gnutls-3.4.10 --exec_prefix=/usr/local/gnutls-3.4.10 \
+ --with-included-libtasn1 --without-p11-kit \
+ --disable-shared --disable-guile --disable-doc \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && rm -rf /tmp/gnutls*
+ENV GNUTLS_CLI=/usr/local/gnutls-3.4.10/bin/gnutls-cli
+ENV GNUTLS_SERV=/usr/local/gnutls-3.4.10/bin/gnutls-serv
+
+# Build libnettle 3.4 (needed by gnutls next)
+RUN cd /tmp \
+ && wget https://ftp.gnu.org/gnu/nettle/nettle-3.4.1.tar.gz -qO- | tar xz \
+ && cd nettle-3.4.1 \
+ && ./configure --disable-documentation \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && /sbin/ldconfig \
+ && rm -rf /tmp/nettle*
+
+# Build gnutls next (3.6.5)
+RUN cd /tmp \
+ && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz -qO- | tar xJ \
+ && cd gnutls-3.6.5 \
+ && ./configure --prefix=/usr/local/gnutls-3.6.5 --exec_prefix=/usr/local/gnutls-3.6.5 \
+ --with-included-libtasn1 --with-included-unistring --without-p11-kit \
+ --disable-shared --disable-guile --disable-doc \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && rm -rf /tmp/gnutls*
+
+ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.6.5/bin/gnutls-cli
+ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.6.5/bin/gnutls-serv
+
+RUN pip3 install --no-cache-dir \
+ mbed-host-tests \
+ mock
diff --git a/tests/make-in-docker.sh b/tests/make-in-docker.sh
new file mode 100755
index 0000000..4fbfe1c
--- /dev/null
+++ b/tests/make-in-docker.sh
@@ -0,0 +1,31 @@
+#!/bin/bash -eu
+
+# make-in-docker.sh
+#
+# Purpose
+# -------
+# This runs make in a Docker container.
+#
+# See also:
+# - scripts/docker_env.sh for general Docker prerequisites and other information.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+source tests/scripts/docker_env.sh
+
+run_in_docker make $@
diff --git a/tests/psa_crypto_helpers.h b/tests/psa_crypto_helpers.h
new file mode 100644
index 0000000..3780d16
--- /dev/null
+++ b/tests/psa_crypto_helpers.h
@@ -0,0 +1,75 @@
+/*
+ * Helper functions for tests that use the PSA Crypto API.
+ */
+/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_HELPERS_H
+#define PSA_CRYPTO_HELPERS_H
+
+#include "psa_helpers.h"
+
+#include <psa/crypto.h>
+
+static int test_helper_is_psa_pristine( int line, const char *file )
+{
+ mbedtls_psa_stats_t stats;
+ const char *msg = NULL;
+
+ mbedtls_psa_get_stats( &stats );
+
+ if( stats.volatile_slots != 0 )
+ msg = "A volatile slot has not been closed properly.";
+ else if( stats.persistent_slots != 0 )
+ msg = "A persistent slot has not been closed properly.";
+ else if( stats.external_slots != 0 )
+ msg = "An external slot has not been closed properly.";
+ else if( stats.half_filled_slots != 0 )
+ msg = "A half-filled slot has not been cleared properly.";
+
+ /* If the test has already failed, don't overwrite the failure
+ * information. Do keep the stats lookup above, because it can be
+ * convenient to break on it when debugging a failure. */
+ if( msg != NULL && test_info.result == TEST_RESULT_SUCCESS )
+ test_fail( msg, line, file );
+
+ return( msg == NULL );
+}
+
+/** Check that no PSA Crypto key slots are in use.
+ */
+#define ASSERT_PSA_PRISTINE( ) \
+ do \
+ { \
+ if( ! test_helper_is_psa_pristine( __LINE__, __FILE__ ) ) \
+ goto exit; \
+ } \
+ while( 0 )
+
+static void test_helper_psa_done( int line, const char *file )
+{
+ (void) test_helper_is_psa_pristine( line, file );
+ mbedtls_psa_crypto_free( );
+}
+
+/** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots
+ * in use.
+ */
+#define PSA_DONE( ) test_helper_psa_done( __LINE__, __FILE__ )
+
+#endif /* PSA_CRYPTO_HELPERS_H */
diff --git a/tests/psa_helpers.h b/tests/psa_helpers.h
new file mode 100644
index 0000000..79f6837
--- /dev/null
+++ b/tests/psa_helpers.h
@@ -0,0 +1,37 @@
+/*
+ * Helper functions for tests that use any PSA API.
+ */
+/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_HELPERS_H
+#define PSA_HELPERS_H
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+#include "spm/psa_defs.h"
+#endif
+
+/** Evaluate an expression and fail the test case if it returns an error.
+ *
+ * \param expr The expression to evaluate. This is typically a call
+ * to a \c psa_xxx function that returns a value of type
+ * #psa_status_t.
+ */
+#define PSA_ASSERT( expr ) TEST_EQUAL( ( expr ), PSA_SUCCESS )
+
+#endif /* PSA_HELPERS_H */
diff --git a/tests/scripts/all-in-docker.sh b/tests/scripts/all-in-docker.sh
new file mode 100755
index 0000000..ee9a092
--- /dev/null
+++ b/tests/scripts/all-in-docker.sh
@@ -0,0 +1,37 @@
+#!/bin/bash -eu
+
+# all-in-docker.sh
+#
+# Purpose
+# -------
+# This runs all.sh (except for armcc) in a Docker container.
+#
+# Notes for users
+# ---------------
+# See docker_env.sh for prerequisites and other information.
+#
+# See also all.sh for notes about invocation of that script.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+source tests/scripts/docker_env.sh
+
+# Run tests that are possible with openly available compilers
+run_in_docker tests/scripts/all.sh \
+ --no-armcc \
+ $@
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index b38c7d4..244fdc3 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -218,6 +218,16 @@
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile
+ # Remove any artifacts from the component_test_cmake_as_subdirectory test.
+ rm -rf programs/test/cmake_subproject/build
+ rm -f programs/test/cmake_subproject/Makefile
+ rm -f programs/test/cmake_subproject/cmake_subproject
+
+ # Remove any artifacts from the component_test_cmake_as_subdirectory test.
+ rm -rf programs/test/cmake_subproject/build
+ rm -f programs/test/cmake_subproject/Makefile
+ rm -f programs/test/cmake_subproject/cmake_subproject
+
if [ -f "$CONFIG_BAK" ]; then
mv "$CONFIG_BAK" "$CONFIG_H"
fi
@@ -536,7 +546,7 @@
component_check_names () {
msg "test/build: declared and exported names" # < 3s
- record_status tests/scripts/check-names.sh
+ record_status tests/scripts/check-names.sh -v
}
component_check_doxygen_warnings () {
@@ -575,6 +585,19 @@
record_status tests/scripts/test-ref-configs.pl
}
+component_test_no_pem_no_fs () {
+ msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
+ scripts/config.pl unset MBEDTLS_PEM_PARSE_C
+ scripts/config.pl unset MBEDTLS_FS_IO
+ scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
+ make test
+}
+
component_test_rsa_no_crt () {
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
scripts/config.pl set MBEDTLS_RSA_NO_CRT
@@ -595,6 +618,17 @@
make test
}
+component_test_everest () {
+ msg "build: Everest ECDH context (ASan build)" # ~ 6 min
+ scripts/config.pl unset MBEDTLS_ECDH_LEGACY_CONTEXT
+ scripts/config.pl set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+ CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
+ make test
+}
+
component_test_full_cmake_clang () {
msg "build: cmake, full config, clang" # ~ 50s
scripts/config.pl full
@@ -602,13 +636,23 @@
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
make
- msg "test: main suites (full config)" # ~ 5s
+ msg "test: main suites (full config, clang)" # ~ 5s
make test
- msg "test: psa_constant_names (full config)" # ~ 1s
+ msg "test: psa_constant_names (full config, clang)" # ~ 1s
record_status tests/scripts/test_psa_constant_names.py
}
+component_test_full_make_gcc_o0 () {
+ msg "build: make, full config, gcc -O0" # ~ 50s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ make CC=gcc CFLAGS='-O0'
+
+ msg "test: main suites (full config, gcc -O0)" # ~ 5s
+ make test
+}
+
component_build_deprecated () {
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
scripts/config.pl full
@@ -627,7 +671,6 @@
make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
}
-
component_test_depends_curves () {
msg "test/build: curves.pl (gcc)" # ~ 4 min
record_status tests/scripts/curves.pl
@@ -654,24 +697,38 @@
make TEST_CPP=1
}
-component_test_use_psa_crypto_full_cmake_asan() {
- # MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
+component_test_no_use_psa_crypto_full_cmake_asan() {
+ # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
- scripts/config.pl unset MBEDTLS_ECP_RESTARTABLE # restartable ECC not supported through PSA
+ scripts/config.pl set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
- scripts/config.pl set MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
- msg "test: main suites (MBEDTLS_USE_PSA_CRYPTO)"
+ msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)"
make test
}
+component_test_check_params_functionality () {
+ msg "build+test: MBEDTLS_CHECK_PARAMS functionality"
+ scripts/config.pl full # includes CHECK_PARAMS
+ # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed().
+ scripts/config.pl unset MBEDTLS_CHECK_PARAMS_ASSERT
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ # Only build and run tests. Do not build sample programs, because
+ # they don't have a mbedtls_param_failed() function.
+ make CC=gcc CFLAGS='-Werror -O1' lib test
+}
+
component_test_check_params_without_platform () {
msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
scripts/config.pl full # includes CHECK_PARAMS
+ # Keep MBEDTLS_PARAM_FAILED as assert.
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
@@ -689,6 +746,7 @@
msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
scripts/config.pl full # includes CHECK_PARAMS
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ # Set MBEDTLS_PARAM_FAILED to nothing.
sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
make CC=gcc CFLAGS='-Werror -O1' all test
}
@@ -709,9 +767,9 @@
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_FS_IO
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
# to re-enable platform integration features otherwise disabled in C99 builds
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
@@ -782,16 +840,54 @@
make test
}
+component_test_se_default () {
+ msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C"
+ scripts/config.pl set MBEDTLS_PSA_CRYPTO_SE_C
+ make CC=clang CFLAGS='-Werror -Wall -Wextra -Wno-unused-function -Os -fsanitize=address' LDFLAGS='-fsanitize=address'
+
+ msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C"
+ make test
+}
+
+component_test_se_full () {
+ msg "build: full config + MBEDTLS_PSA_CRYPTO_SE_C"
+ scripts/config.pl set MBEDTLS_PSA_CRYPTO_SE_C
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -O2 -fsanitize=address' LDFLAGS='-fsanitize=address'
+
+ msg "test: full config + MBEDTLS_PSA_CRYPTO_SE_C"
+ make test
+}
+
component_test_make_shared () {
msg "build/test: make shared" # ~ 40s
- make SHARED=1 all check
+ make SHARED=1 all check -j1
+ ldd programs/util/strerror | grep libmbedcrypto
+}
+
+component_test_cmake_shared () {
+ msg "build/test: cmake shared" # ~ 2min
+ cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
+ make
+ ldd programs/util/strerror | grep libmbedcrypto
+ make test
+}
+
+component_build_mbedtls_config_file () {
+ msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s
+ # Use the full config so as to catch a maximum of places where
+ # the check of MBEDTLS_CONFIG_FILE might be missing.
+ scripts/config.pl full
+ sed 's!"check_config.h"!"mbedtls/check_config.h"!' <"$CONFIG_H" >full_config.h
+ echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H"
+ make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'"
+ rm -f full_config.h
}
component_test_m32_o0 () {
# Build once with -O0, to compile out the i386 specific inline assembly
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
scripts/config.pl full
- make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address'
+ make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O0 (ASan build)"
make test
@@ -810,7 +906,7 @@
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_MEMORY_DEBUG
- make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address'
+ make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O1 (ASan build)"
make test
@@ -819,10 +915,23 @@
support_test_m32_o0 "$@"
}
+component_test_m32_everest () {
+ msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
+ scripts/config.pl unset MBEDTLS_ECDH_LEGACY_CONTEXT
+ scripts/config.pl set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+ make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -m32 -fsanitize=address'
+
+ msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
+ make test
+}
+support_test_m32_everest () {
+ support_test_m32_o0 "$@"
+}
+
component_test_mx32 () {
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
scripts/config.pl full
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32'
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
msg "test: 64-bit ILP32, make, gcc"
make test
@@ -890,39 +999,24 @@
component_build_arm_none_eabi_gcc () {
msg "build: arm-none-eabi-gcc, make" # ~ 10s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_TIMING_C
- scripts/config.pl unset MBEDTLS_FS_IO
- scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
- # following things are not in the default config
- scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
- scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
- scripts/config.pl unset MBEDTLS_THREADING_C
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
+ scripts/config.pl baremetal
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
}
+component_build_arm_none_eabi_gcc_arm5vte () {
+ msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s
+ scripts/config.pl baremetal
+ # Build for a target platform that's close to what Debian uses
+ # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
+ # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
+ # It would be better to build with arm-linux-gnueabi-gcc but
+ # we don't have that on our CI at this time.
+ make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
+}
+
component_build_arm_none_eabi_gcc_no_udbl_division () {
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_TIMING_C
- scripts/config.pl unset MBEDTLS_FS_IO
- scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
- # following things are not in the default config
- scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
- scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
- scripts/config.pl unset MBEDTLS_THREADING_C
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
+ scripts/config.pl baremetal
scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
@@ -931,20 +1025,7 @@
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_TIMING_C
- scripts/config.pl unset MBEDTLS_FS_IO
- scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
- # following things are not in the default config
- scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
- scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
- scripts/config.pl unset MBEDTLS_THREADING_C
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
+ scripts/config.pl baremetal
scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
@@ -953,24 +1034,7 @@
component_build_armcc () {
msg "build: ARM Compiler 5, make"
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_TIMING_C
- scripts/config.pl unset MBEDTLS_FS_IO
- scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.pl unset MBEDTLS_HAVE_TIME
- scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE
- scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
- # following things are not in the default config
- scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
- scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
- scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
- scripts/config.pl unset MBEDTLS_THREADING_C
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
- scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME
+ scripts/config.pl baremetal
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
make clean
@@ -993,15 +1057,15 @@
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs -j1
# note Make tests only builds the tests, but doesn't run them
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests -j1
make WINDOWS_BUILD=1 clean
msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs -j1
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests -j1
make WINDOWS_BUILD=1 clean
}
support_build_mingw() {
@@ -1046,6 +1110,19 @@
unset MBEDTLS_ROOT_DIR
}
+component_test_cmake_as_subdirectory () {
+ msg "build: cmake 'as-subdirectory' build"
+ MBEDTLS_ROOT_DIR="$PWD"
+
+ cd programs/test/cmake_subproject
+ cmake .
+ make
+ if_build_succeeded ./cmake_subproject
+
+ cd "$MBEDTLS_ROOT_DIR"
+ unset MBEDTLS_ROOT_DIR
+}
+
component_test_zeroize () {
# Test that the function mbedtls_platform_zeroize() is not optimized away by
# different combinations of compilers and optimization flags by using an
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index a653001..54ca934 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -43,6 +43,7 @@
# Step 1 - Make and instrumented build for code coverage
export CFLAGS=' --coverage -g3 -O0 '
+export LDFLAGS=' --coverage'
make clean
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
@@ -53,6 +54,9 @@
# Step 2 - Execute the tests
TEST_OUTPUT=out_${PPID}
cd tests
+if [ ! -f "seedfile" ]; then
+ dd if=/dev/urandom of="seedfile" bs=32 count=1
+fi
# Step 2a - Unit Tests
perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT
diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh
new file mode 100755
index 0000000..096f8ed
--- /dev/null
+++ b/tests/scripts/basic-in-docker.sh
@@ -0,0 +1,47 @@
+#!/bin/bash -eu
+
+# basic-in-docker.sh
+#
+# Purpose
+# -------
+# This runs a rough equivalent of the travis.yml in a Docker container.
+# The tests are run for both clang and gcc.
+#
+# Notes for users
+# ---------------
+# See docker_env.sh for prerequisites and other information.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+source tests/scripts/docker_env.sh
+
+run_in_docker tests/scripts/recursion.pl library/*.c
+run_in_docker tests/scripts/check-generated-files.sh
+run_in_docker tests/scripts/check-doxy-blocks.pl
+run_in_docker tests/scripts/check-names.sh
+run_in_docker tests/scripts/check-files.py
+run_in_docker tests/scripts/doxygen.sh
+
+for compiler in clang gcc; do
+ run_in_docker -e CC=${compiler} cmake -D CMAKE_BUILD_TYPE:String="Check" .
+ run_in_docker -e CC=${compiler} make
+ run_in_docker -e CC=${compiler} make test
+ run_in_docker programs/test/selftest
+ run_in_docker tests/scripts/test-ref-configs.pl
+ run_in_docker tests/scripts/curves.pl
+done
diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py
index 00fd0ed..6e35f52 100755
--- a/tests/scripts/check-files.py
+++ b/tests/scripts/check-files.py
@@ -1,14 +1,12 @@
#!/usr/bin/env python3
+
+# This file is part of Mbed TLS (https://tls.mbed.org)
+# Copyright (c) 2018, Arm Limited, All Rights Reserved
+
"""
-This file is part of Mbed TLS (https://tls.mbed.org)
-
-Copyright (c) 2018, Arm Limited, All Rights Reserved
-
-Purpose
-
This script checks the current state of the source code for minor issues,
including incorrect file permissions, presence of tabs, non-Unix line endings,
-trailing whitespace, presence of UTF-8 BOM, and TODO comments.
+trailing whitespace, and presence of UTF-8 BOM.
Note: requires python 3, must be run from Mbed TLS root.
"""
@@ -146,6 +144,7 @@
heading = "Tabs present:"
files_exemptions = frozenset([
"Makefile",
+ "Makefile.inc",
"generate_visualc_files.pl",
])
@@ -170,19 +169,6 @@
return True
return False
-class TodoIssueTracker(LineIssueTracker):
- """Track lines containing ``TODO``."""
-
- heading = "TODO present:"
- files_exemptions = frozenset([
- os.path.basename(__file__),
- "benchmark.c",
- "pull_request_template.md",
- ])
-
- def issue_with_line(self, line, _filepath):
- return b"todo" in line.lower()
-
class IntegrityChecker(object):
"""Sanity-check files under the current directory."""
@@ -196,7 +182,7 @@
self.setup_logger(log_file)
self.files_to_check = (
".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data",
- "Makefile", "CMakeLists.txt", "ChangeLog"
+ "Makefile", "Makefile.inc", "CMakeLists.txt", "ChangeLog"
)
self.excluded_directories = ['.git', 'mbed-os']
self.excluded_paths = list(map(os.path.normpath, [
@@ -211,7 +197,6 @@
TrailingWhitespaceIssueTracker(),
TabIssueTracker(),
MergeArtifactIssueTracker(),
- TodoIssueTracker(),
]
@staticmethod
@@ -257,15 +242,7 @@
def run_main():
- parser = argparse.ArgumentParser(
- description=(
- "This script checks the current state of the source code for "
- "minor issues, including incorrect file permissions, "
- "presence of tabs, non-Unix line endings, trailing whitespace, "
- "presence of UTF-8 BOM, and TODO comments. "
- "Note: requires python 3, must be run from Mbed TLS root."
- )
- )
+ parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument(
"-l", "--log_file", type=str, help="path to optional output log",
)
diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index 925037c..ee72607 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -2,26 +2,42 @@
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
-# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# This script confirms that the naming of all symbols and identifiers in mbed
-# TLS are consistent with the house style and are also self-consistent.
-#
+# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved
+
set -eu
+if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
+ cat <<EOF
+$0 [-v]
+This script confirms that the naming of all symbols and identifiers in mbed
+TLS are consistent with the house style and are also self-consistent.
+
+ -v If the script fails unexpectedly, print a command trace.
+EOF
+ exit
+fi
+
if grep --version|head -n1|grep GNU >/dev/null; then :; else
echo "This script requires GNU grep.">&2
exit 1
fi
+trace=
+if [ $# -ne 0 ] && [ "$1" = "-v" ]; then
+ shift
+ trace='-x'
+ exec 2>check-names.err
+ trap 'echo "FAILED UNEXPECTEDLY, status=$?";
+ cat check-names.err' EXIT
+ set -x
+fi
+
printf "Analysing source code...\n"
-tests/scripts/list-macros.sh
+sh $trace tests/scripts/list-macros.sh
tests/scripts/list-enum-consts.pl
-tests/scripts/list-identifiers.sh
-tests/scripts/list-symbols.sh
+sh $trace tests/scripts/list-identifiers.sh
+sh $trace tests/scripts/list-symbols.sh
FAIL=0
@@ -41,11 +57,14 @@
printf "Names of $THING: "
test -r $THING
BAD=$( grep -E -v '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
- if [ "x$BAD" = "x" ]; then
+ UNDERSCORES=$( grep -E '.*__.*' $THING || true )
+
+ if [ "x$BAD" = "x" ] && [ "x$UNDERSCORES" = "x" ]; then
echo "PASS"
else
echo "FAIL"
echo "$BAD"
+ echo "$UNDERSCORES"
FAIL=1
fi
done
@@ -66,10 +85,12 @@
printf "Likely typos: "
sort -u actual-macros enum-consts > _caps
HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-1\.3\.h' )
+HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
+LIBRARY="$( ls library/*.c ) 3rdparty/everest/library/everest.c 3rdparty/everest/library/x25519.c"
NL='
'
sed -n 's/MBED..._[A-Z0-9_]*/\'"$NL"'&\'"$NL"/gp \
- $HEADERS library/*.c \
+ $HEADERS $LIBRARY \
| grep MBEDTLS | sort -u > _MBEDTLS_XXX
TYPOS=$( diff _caps _MBEDTLS_XXX | sed -n 's/^> //p' \
| egrep -v 'XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$' || true )
@@ -82,6 +103,12 @@
FAIL=1
fi
+if [ -n "$trace" ]; then
+ set +x
+ trap - EXIT
+ rm check-names.err
+fi
+
printf "\nOverall: "
if [ "$FAIL" -eq 0 ]; then
rm macros actual-macros enum-consts identifiers exported-symbols
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index ddc90c5..4791d55 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -57,7 +57,7 @@
system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
and abort "Failed to build lib: $curve\n";
- system( "cd tests && make" ) and abort "Failed to build tests: $curve\n";
+ system( "make" ) and abort "Failed to build tests: $curve\n";
system( "make test" ) and abort "Failed test suite: $curve\n";
}
diff --git a/tests/scripts/docker_env.sh b/tests/scripts/docker_env.sh
new file mode 100755
index 0000000..8bdc425
--- /dev/null
+++ b/tests/scripts/docker_env.sh
@@ -0,0 +1,93 @@
+#!/bin/bash -eu
+
+# docker_env.sh
+#
+# Purpose
+# -------
+#
+# This is a helper script to enable running tests under a Docker container,
+# thus making it easier to get set up as well as isolating test dependencies
+# (which include legacy/insecure configurations of openssl and gnutls).
+#
+# Notes for users
+# ---------------
+# This script expects a Linux x86_64 system with a recent version of Docker
+# installed and available for use, as well as http/https access. If a proxy
+# server must be used, invoke this script with the usual environment variables
+# (http_proxy and https_proxy) set appropriately. If an alternate Docker
+# registry is needed, specify MBEDTLS_DOCKER_REGISTRY to point at the
+# host name.
+#
+#
+# Running this script directly will check for Docker availability and set up
+# the Docker image.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+
+# default values, can be overridden by the environment
+: ${MBEDTLS_DOCKER_GUEST:=bionic}
+
+
+DOCKER_IMAGE_TAG="armmbed/mbedtls-test:${MBEDTLS_DOCKER_GUEST}"
+
+# Make sure docker is available
+if ! which docker > /dev/null; then
+ echo "Docker is required but doesn't seem to be installed. See https://www.docker.com/ to get started"
+ exit 1
+fi
+
+# Figure out if we need to 'sudo docker'
+if groups | grep docker > /dev/null; then
+ DOCKER="docker"
+else
+ echo "Using sudo to invoke docker since you're not a member of the docker group..."
+ DOCKER="sudo docker"
+fi
+
+# Build the Docker image
+echo "Getting docker image up to date (this may take a few minutes)..."
+${DOCKER} image build \
+ -t ${DOCKER_IMAGE_TAG} \
+ --cache-from=${DOCKER_IMAGE_TAG} \
+ --build-arg MAKEFLAGS_PARALLEL="-j $(nproc)" \
+ --network host \
+ ${http_proxy+--build-arg http_proxy=${http_proxy}} \
+ ${https_proxy+--build-arg https_proxy=${https_proxy}} \
+ ${MBEDTLS_DOCKER_REGISTRY+--build-arg MY_REGISTRY="${MBEDTLS_DOCKER_REGISTRY}/"} \
+ tests/docker/${MBEDTLS_DOCKER_GUEST}
+
+run_in_docker()
+{
+ ENV_ARGS=""
+ while [ "$1" == "-e" ]; do
+ ENV_ARGS="${ENV_ARGS} $1 $2"
+ shift 2
+ done
+
+ ${DOCKER} container run -it --rm \
+ --cap-add SYS_PTRACE \
+ --user "$(id -u):$(id -g)" \
+ --volume $PWD:$PWD \
+ --workdir $PWD \
+ -e MAKEFLAGS \
+ -e PYLINTHOME=/tmp/.pylintd \
+ ${ENV_ARGS} \
+ ${DOCKER_IMAGE_TAG} \
+ $@
+}
diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl
index 21c25b3..e59517b 100755
--- a/tests/scripts/list-enum-consts.pl
+++ b/tests/scripts/list-enum-consts.pl
@@ -9,6 +9,9 @@
-d 'include/mbedtls' or die "$0: must be run from root\n";
@ARGV = grep { ! /compat-1\.3\.h/ } <include/mbedtls/*.h>;
+push @ARGV, "3rdparty/everest/include/everest/everest.h";
+push @ARGV, "3rdparty/everest/include/everest/x25519.h";
+
my @consts;
my $state = 'out';
@@ -22,7 +25,7 @@
$state = 'in';
} elsif( $state eq 'in' and /}/ ) {
$state = 'out';
- } elsif( $state eq 'in' ) {
+ } elsif( $state eq 'in' and not /^#/) {
s/=.*//; s!/\*.*!!; s/,.*//; s/\s+//g; chomp;
push @consts, $_ if $_;
}
diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
index eaf270c..24e7404 100755
--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@@ -35,13 +35,14 @@
HEADERS=$( ls include/mbedtls/*_internal.h library/*.h | egrep -v 'compat-1\.3\.h|bn_mul' )
else
HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h | egrep -v 'compat-1\.3\.h|bn_mul' )
+ HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
fi
rm -f identifiers
grep '^[^ /#{]' $HEADERS | \
sed -e 's/^[^:]*://' | \
- egrep -v '^(extern "C"|(typedef )?(struct|enum)( {)?$|};?$)' \
+ egrep -v '^(extern "C"|(typedef )?(struct|union|enum)( {)?$|};?$)' \
> _decls
if true; then
diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh
index 3fa66f1..9a89737 100755
--- a/tests/scripts/list-macros.sh
+++ b/tests/scripts/list-macros.sh
@@ -8,6 +8,7 @@
fi
HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-1\.3\.h' )
+HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
# White-list macros we want to be able to refer to that don't exist in the
# crypto library, useful when referring to macros in Mbed TLS from comments.
diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh
index c258719..6ecc199 100755
--- a/tests/scripts/list-symbols.sh
+++ b/tests/scripts/list-symbols.sh
@@ -14,12 +14,25 @@
cp include/mbedtls/config.h include/mbedtls/config.h.bak
scripts/config.pl full
-CFLAGS=-fno-asynchronous-unwind-tables make clean lib >/dev/null 2>&1
+make clean
+make_ret=
+CFLAGS=-fno-asynchronous-unwind-tables make lib \
+ >list-symbols.make.log 2>&1 ||
+ {
+ make_ret=$?
+ echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make lib"
+ cat list-symbols.make.log >&2
+ }
+rm list-symbols.make.log
mv include/mbedtls/config.h.bak include/mbedtls/config.h
+if [ -n "$make_ret" ]; then
+ exit "$make_ret"
+fi
+
if uname | grep -F Darwin >/dev/null; then
- nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p'
+ nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p' | grep -v -e ^FStar -e ^Hacl
elif uname | grep -F Linux >/dev/null; then
- nm -og library/libmbed*.a | grep -v '^[^ ]*: *U \|^$\|^[^ ]*:$' | sed 's/^[^ ]* . //'
+ nm -og library/libmbed*.a | grep -v '^[^ ]*: *U \|^$\|^[^ ]*:$' | sed 's/^[^ ]* . //' | grep -v -e ^FStar -e ^Hacl
fi | sort > exported-symbols
make clean
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index ac2912d..6ac68a4 100755
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -79,7 +79,7 @@
split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x)
if len(split_char) > 1:
raise ValueError('Expected split character. Found string!')
- out = map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str))
+ out = list(map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str)))
out = [x for x in out if x]
return out
@@ -99,11 +99,11 @@
# Check dependencies
dependencies = []
- line = data_f.next().strip()
+ line = next(data_f).strip()
match = re.search('depends_on:(.*)', line)
if match:
dependencies = [int(x) for x in match.group(1).split(':')]
- line = data_f.next().strip()
+ line = next(data_f).strip()
# Read test vectors
line = line.replace('\\n', '\n')
@@ -115,7 +115,7 @@
err_str_fmt = "Number of test arguments({}) should be even: {}"
raise TestDataParserError(err_str_fmt.format(args_count, line))
grouped_args = [(args[i * 2], args[(i * 2) + 1])
- for i in range(len(args)/2)]
+ for i in range(int(len(args)/2))]
self.tests.append((name, function_name, dependencies,
grouped_args))
@@ -261,21 +261,21 @@
data_bytes += bytearray([function_id, len(parameters)])
for typ, param in parameters:
if typ == 'int' or typ == 'exp':
- i = int(param)
- data_bytes += 'I' if typ == 'int' else 'E'
+ i = int(param, 0)
+ data_bytes += b'I' if typ == 'int' else b'E'
self.align_32bit(data_bytes)
data_bytes += self.int32_to_big_endian_bytes(i)
elif typ == 'char*':
param = param.strip('"')
i = len(param) + 1 # + 1 for null termination
- data_bytes += 'S'
+ data_bytes += b'S'
self.align_32bit(data_bytes)
data_bytes += self.int32_to_big_endian_bytes(i)
- data_bytes += bytearray(list(param))
- data_bytes += '\0' # Null terminate
+ data_bytes += bytearray(param, encoding='ascii')
+ data_bytes += b'\0' # Null terminate
elif typ == 'hex':
binary_data = self.hex_str_bytes(param)
- data_bytes += 'H'
+ data_bytes += b'H'
self.align_32bit(data_bytes)
i = len(binary_data)
data_bytes += self.int32_to_big_endian_bytes(i)
@@ -310,7 +310,7 @@
param_bytes, length = self.test_vector_to_bytes(function_id,
dependencies, args)
- self.send_kv(length, param_bytes)
+ self.send_kv(''.join('{:02x}'.format(x) for x in length), ''.join('{:02x}'.format(x) for x in param_bytes))
@staticmethod
def get_result(value):
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index 5e128eb..cf3a224 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -1,10 +1,11 @@
#!/usr/bin/env python3
-'''Test the program psa_constant_names.
+"""Test the program psa_constant_names.
Gather constant names from header files and test cases. Compile a C program
to print out their numerical values, feed these numerical values to
psa_constant_names, and check that the output is the original name.
Return 0 if all test cases pass, 1 if the output was not always as expected,
-or 1 (with a Python backtrace) if there was an operational error.'''
+or 1 (with a Python backtrace) if there was an operational error.
+"""
import argparse
import itertools
@@ -23,19 +24,28 @@
self.line_number = line_number
class read_file_lines:
- '''Context manager to read a text file line by line.
-with read_file_lines(filename) as lines:
- for line in lines:
- process(line)
-is equivalent to
-with open(filename, 'r') as input_file:
- for line in input_file:
- process(line)
-except that if process(line) raises an exception, then the read_file_lines
-snippet annotates the exception with the file name and line number.'''
+ # Dear Pylint, conventionally, a context manager class name is lowercase.
+ # pylint: disable=invalid-name,too-few-public-methods
+ """Context manager to read a text file line by line.
+
+ ```
+ with read_file_lines(filename) as lines:
+ for line in lines:
+ process(line)
+ ```
+ is equivalent to
+ ```
+ with open(filename, 'r') as input_file:
+ for line in input_file:
+ process(line)
+ ```
+ except that if process(line) raises an exception, then the read_file_lines
+ snippet annotates the exception with the file name and line number.
+ """
def __init__(self, filename):
self.filename = filename
self.line_number = 'entry'
+ self.generator = None
def __enter__(self):
self.generator = enumerate(open(self.filename, 'r'))
return self
@@ -44,26 +54,30 @@
self.line_number = line_number
yield content
self.line_number = 'exit'
- def __exit__(self, type, value, traceback):
- if type is not None:
+ def __exit__(self, exc_type, exc_value, exc_traceback):
+ if exc_type is not None:
raise ReadFileLineException(self.filename, self.line_number) \
- from value
+ from exc_value
class Inputs:
- '''Accumulate information about macros to test.
-This includes macro names as well as information about their arguments
-when applicable.'''
+ """Accumulate information about macros to test.
+ This includes macro names as well as information about their arguments
+ when applicable.
+ """
+
def __init__(self):
# Sets of names per type
self.statuses = set(['PSA_SUCCESS'])
self.algorithms = set(['0xffffffff'])
self.ecc_curves = set(['0xffff'])
+ self.dh_groups = set(['0xffff'])
self.key_types = set(['0xffffffff'])
self.key_usage_flags = set(['0x80000000'])
# Hard-coded value for unknown algorithms
self.hash_algorithms = set(['0x010000fe'])
self.mac_algorithms = set(['0x02ff00ff'])
- self.kdf_algorithms = set(['0x300000ff', '0x310000ff'])
+ self.ka_algorithms = set(['0x30fc0000'])
+ self.kdf_algorithms = set(['0x200000ff'])
# For AEAD algorithms, the only variability is over the tag length,
# and this only applies to known algorithms, so don't test an
# unknown algorithm.
@@ -73,6 +87,7 @@
'ERROR': self.statuses,
'ALG': self.algorithms,
'CURVE': self.ecc_curves,
+ 'GROUP': self.dh_groups,
'KEY_TYPE': self.key_types,
'KEY_USAGE': self.key_usage_flags,
}
@@ -85,23 +100,29 @@
}
def gather_arguments(self):
- '''Populate the list of values for macro arguments.
-Call this after parsing all the inputs.'''
+ """Populate the list of values for macro arguments.
+ Call this after parsing all the inputs.
+ """
self.arguments_for['hash_alg'] = sorted(self.hash_algorithms)
self.arguments_for['mac_alg'] = sorted(self.mac_algorithms)
+ self.arguments_for['ka_alg'] = sorted(self.ka_algorithms)
self.arguments_for['kdf_alg'] = sorted(self.kdf_algorithms)
self.arguments_for['aead_alg'] = sorted(self.aead_algorithms)
self.arguments_for['curve'] = sorted(self.ecc_curves)
+ self.arguments_for['group'] = sorted(self.dh_groups)
- def format_arguments(self, name, arguments):
- '''Format a macro call with arguments..'''
+ @staticmethod
+ def _format_arguments(name, arguments):
+ """Format a macro call with arguments.."""
return name + '(' + ', '.join(arguments) + ')'
def distribute_arguments(self, name):
- '''Generate macro calls with each tested argument set.
-If name is a macro without arguments, just yield "name".
-If name is a macro with arguments, yield a series of "name(arg1,...,argN)"
-where each argument takes each possible value at least once.'''
+ """Generate macro calls with each tested argument set.
+ If name is a macro without arguments, just yield "name".
+ If name is a macro with arguments, yield a series of
+ "name(arg1,...,argN)" where each argument takes each possible
+ value at least once.
+ """
try:
if name not in self.argspecs:
yield name
@@ -112,60 +133,69 @@
return
argument_lists = [self.arguments_for[arg] for arg in argspec]
arguments = [values[0] for values in argument_lists]
- yield self.format_arguments(name, arguments)
+ yield self._format_arguments(name, arguments)
+ # Dear Pylint, enumerate won't work here since we're modifying
+ # the array.
+ # pylint: disable=consider-using-enumerate
for i in range(len(arguments)):
for value in argument_lists[i][1:]:
arguments[i] = value
- yield self.format_arguments(name, arguments)
+ yield self._format_arguments(name, arguments)
arguments[i] = argument_lists[0][0]
except BaseException as e:
raise Exception('distribute_arguments({})'.format(name)) from e
+ _argument_split_re = re.compile(r' *, *')
+ @classmethod
+ def _argument_split(cls, arguments):
+ return re.split(cls._argument_split_re, arguments)
+
# Regex for interesting header lines.
# Groups: 1=macro name, 2=type, 3=argument list (optional).
- header_line_re = \
+ _header_line_re = \
re.compile(r'#define +' +
r'(PSA_((?:KEY_)?[A-Z]+)_\w+)' +
r'(?:\(([^\n()]*)\))?')
# Regex of macro names to exclude.
- excluded_name_re = re.compile('_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
+ _excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
# Additional excluded macros.
# PSA_ALG_ECDH and PSA_ALG_FFDH are excluded for now as the script
# currently doesn't support them. Deprecated errors are also excluded.
- excluded_names = set(['PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH',
- 'PSA_ALG_FULL_LENGTH_MAC',
- 'PSA_ALG_ECDH',
- 'PSA_ALG_FFDH',
- 'PSA_ERROR_UNKNOWN_ERROR',
- 'PSA_ERROR_OCCUPIED_SLOT',
- 'PSA_ERROR_EMPTY_SLOT',
- 'PSA_ERROR_INSUFFICIENT_CAPACITY',
+ _excluded_names = set(['PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH',
+ 'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE',
+ 'PSA_ALG_FULL_LENGTH_MAC',
+ 'PSA_ALG_ECDH',
+ 'PSA_ALG_FFDH',
+ 'PSA_ERROR_UNKNOWN_ERROR',
+ 'PSA_ERROR_OCCUPIED_SLOT',
+ 'PSA_ERROR_EMPTY_SLOT',
+ 'PSA_ERROR_INSUFFICIENT_CAPACITY',
])
- argument_split_re = re.compile(r' *, *')
+
def parse_header_line(self, line):
- '''Parse a C header line, looking for "#define PSA_xxx".'''
- m = re.match(self.header_line_re, line)
+ """Parse a C header line, looking for "#define PSA_xxx"."""
+ m = re.match(self._header_line_re, line)
if not m:
return
name = m.group(1)
- if re.search(self.excluded_name_re, name) or \
- name in self.excluded_names:
+ if re.search(self._excluded_name_re, name) or \
+ name in self._excluded_names:
return
dest = self.table_by_prefix.get(m.group(2))
if dest is None:
return
dest.add(name)
if m.group(3):
- self.argspecs[name] = re.split(self.argument_split_re, m.group(3))
+ self.argspecs[name] = self._argument_split(m.group(3))
def parse_header(self, filename):
- '''Parse a C header file, looking for "#define PSA_xxx".'''
+ """Parse a C header file, looking for "#define PSA_xxx"."""
with read_file_lines(filename) as lines:
for line in lines:
self.parse_header_line(line)
def add_test_case_line(self, function, argument):
- '''Parse a test case data line, looking for algorithm metadata tests.'''
+ """Parse a test case data line, looking for algorithm metadata tests."""
if function.endswith('_algorithm'):
# As above, ECDH and FFDH algorithms are excluded for now.
# Support for them will be added in the future.
@@ -182,21 +212,23 @@
self.key_types.add(argument)
elif function == 'ecc_key_types':
self.ecc_curves.add(argument)
+ elif function == 'dh_key_types':
+ self.dh_groups.add(argument)
# Regex matching a *.data line containing a test function call and
# its arguments. The actual definition is partly positional, but this
# regex is good enough in practice.
- test_case_line_re = re.compile('(?!depends_on:)(\w+):([^\n :][^:\n]*)')
+ _test_case_line_re = re.compile(r'(?!depends_on:)(\w+):([^\n :][^:\n]*)')
def parse_test_cases(self, filename):
- '''Parse a test case file (*.data), looking for algorithm metadata tests.'''
+ """Parse a test case file (*.data), looking for algorithm metadata tests."""
with read_file_lines(filename) as lines:
for line in lines:
- m = re.match(self.test_case_line_re, line)
+ m = re.match(self._test_case_line_re, line)
if m:
self.add_test_case_line(m.group(1), m.group(2))
def gather_inputs(headers, test_suites):
- '''Read the list of inputs to test psa_constant_names with.'''
+ """Read the list of inputs to test psa_constant_names with."""
inputs = Inputs()
for header in headers:
inputs.parse_header(header)
@@ -206,17 +238,17 @@
return inputs
def remove_file_if_exists(filename):
- '''Remove the specified file, ignoring errors.'''
+ """Remove the specified file, ignoring errors."""
if not filename:
return
try:
os.remove(filename)
- except:
+ except OSError:
pass
-def run_c(options, type, names):
- '''Generate and run a program to print out numerical values for names.'''
- if type == 'status':
+def run_c(options, type_word, names):
+ """Generate and run a program to print out numerical values for names."""
+ if type_word == 'status':
cast_to = 'long'
printf_format = '%ld'
else:
@@ -225,7 +257,7 @@
c_name = None
exe_name = None
try:
- c_fd, c_name = tempfile.mkstemp(prefix='tmp-{}-'.format(type),
+ c_fd, c_name = tempfile.mkstemp(prefix='tmp-{}-'.format(type_word),
suffix='.c',
dir='programs/psa')
exe_suffix = '.exe' if platform.system() == 'Windows' else ''
@@ -233,7 +265,7 @@
remove_file_if_exists(exe_name)
c_file = os.fdopen(c_fd, 'w', encoding='ascii')
c_file.write('/* Generated by test_psa_constant_names.py for {} values */'
- .format(type))
+ .format(type_word))
c_file.write('''
#include <stdio.h>
#include <psa/crypto.h>
@@ -253,7 +285,7 @@
['-o', exe_name, c_name])
if options.keep_c:
sys.stderr.write('List of {} tests kept at {}\n'
- .format(type, c_name))
+ .format(type_word, c_name))
else:
os.remove(c_name)
output = subprocess.check_output([exe_name])
@@ -261,50 +293,55 @@
finally:
remove_file_if_exists(exe_name)
-normalize_strip_re = re.compile(r'\s+')
+NORMALIZE_STRIP_RE = re.compile(r'\s+')
def normalize(expr):
- '''Normalize the C expression so as not to care about trivial differences.
-Currently "trivial differences" means whitespace.'''
- expr = re.sub(normalize_strip_re, '', expr, len(expr))
+ """Normalize the C expression so as not to care about trivial differences.
+ Currently "trivial differences" means whitespace.
+ """
+ expr = re.sub(NORMALIZE_STRIP_RE, '', expr, len(expr))
return expr.strip().split('\n')
-def do_test(options, inputs, type, names):
- '''Test psa_constant_names for the specified type.
-Run program on names.
-Use inputs to figure out what arguments to pass to macros that take arguments.'''
+def do_test(options, inputs, type_word, names):
+ """Test psa_constant_names for the specified type.
+ Run program on names.
+ Use inputs to figure out what arguments to pass to macros that
+ take arguments.
+ """
names = sorted(itertools.chain(*map(inputs.distribute_arguments, names)))
- values = run_c(options, type, names)
- output = subprocess.check_output([options.program, type] + values)
+ values = run_c(options, type_word, names)
+ output = subprocess.check_output([options.program, type_word] + values)
outputs = output.decode('ascii').strip().split('\n')
- errors = [(type, name, value, output)
+ errors = [(type_word, name, value, output)
for (name, value, output) in zip(names, values, outputs)
if normalize(name) != normalize(output)]
return len(names), errors
def report_errors(errors):
- '''Describe each case where the output is not as expected.'''
- for type, name, value, output in errors:
+ """Describe each case where the output is not as expected."""
+ for type_word, name, value, output in errors:
print('For {} "{}", got "{}" (value: {})'
- .format(type, name, output, value))
+ .format(type_word, name, output, value))
def run_tests(options, inputs):
- '''Run psa_constant_names on all the gathered inputs.
-Return a tuple (count, errors) where count is the total number of inputs
-that were tested and errors is the list of cases where the output was
-not as expected.'''
+ """Run psa_constant_names on all the gathered inputs.
+ Return a tuple (count, errors) where count is the total number of inputs
+ that were tested and errors is the list of cases where the output was
+ not as expected.
+ """
count = 0
errors = []
- for type, names in [('status', inputs.statuses),
- ('algorithm', inputs.algorithms),
- ('ecc_curve', inputs.ecc_curves),
- ('key_type', inputs.key_types),
- ('key_usage', inputs.key_usage_flags)]:
- c, e = do_test(options, inputs, type, names)
+ for type_word, names in [('status', inputs.statuses),
+ ('algorithm', inputs.algorithms),
+ ('ecc_curve', inputs.ecc_curves),
+ ('dh_group', inputs.dh_groups),
+ ('key_type', inputs.key_types),
+ ('key_usage', inputs.key_usage_flags)]:
+ c, e = do_test(options, inputs, type_word, names)
count += c
errors += e
return count, errors
-if __name__ == '__main__':
+def main():
parser = argparse.ArgumentParser(description=globals()['__doc__'])
parser.add_argument('--include', '-I',
action='append', default=['include'],
@@ -330,3 +367,6 @@
else:
print('{} test cases, {} FAIL'.format(count, len(errors)))
exit(1)
+
+if __name__ == '__main__':
+ main()
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 122a17d..1a524a6 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -126,14 +126,6 @@
#define TEST_EQUAL( expr1, expr2 ) \
TEST_ASSERT( ( expr1 ) == ( expr2 ) )
-/** Evaluate an expression and fail the test case if it returns an error.
- *
- * \param expr The expression to evaluate. This is typically a call
- * to a \c psa_xxx function that returns a value of type
- * #psa_status_t.
- */
-#define PSA_ASSERT( expr ) TEST_EQUAL( ( expr ), PSA_SUCCESS )
-
/** Allocate memory dynamically and fail the test case if this fails.
*
* You must set \p pointer to \c NULL before calling this macro and
@@ -187,6 +179,21 @@
} \
while( 0 )
+/**
+ * \brief This macro tests the expression passed to it and skips the
+ * running test if it doesn't evaluate to 'true'.
+ *
+ * \param TEST The test expression to be tested.
+ */
+#define TEST_ASSUME( TEST ) \
+ do { \
+ if( ! (TEST) ) \
+ { \
+ test_skip( #TEST, __LINE__, __FILE__ ); \
+ goto exit; \
+ } \
+ } while( 0 )
+
#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT)
/**
* \brief This macro tests the statement passed to it as a test step or
@@ -286,7 +293,7 @@
#define TEST_VALID_PARAM( TEST ) \
TEST_ASSERT( ( TEST, 1 ) );
-#define assert(a) if( !( a ) ) \
+#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
{ \
mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
__FILE__, __LINE__, #a ); \
@@ -372,10 +379,17 @@
/*----------------------------------------------------------------------------*/
/* Global variables */
+typedef enum
+{
+ TEST_RESULT_SUCCESS = 0,
+ TEST_RESULT_FAILED,
+ TEST_RESULT_SKIPPED
+} test_result_t;
+
static struct
{
paramfail_test_state_t paramfail_test_state;
- int failed;
+ test_result_t result;
const char *test;
const char *filename;
int line_no;
@@ -409,9 +423,17 @@
/*----------------------------------------------------------------------------*/
/* Helper Functions */
-static void test_fail( const char *test, int line_no, const char* filename )
+void test_fail( const char *test, int line_no, const char* filename )
{
- test_info.failed = 1;
+ test_info.result = TEST_RESULT_FAILED;
+ test_info.test = test;
+ test_info.line_no = line_no;
+ test_info.filename = filename;
+}
+
+void test_skip( const char *test, int line_no, const char* filename )
+{
+ test_info.result = TEST_RESULT_SKIPPED;
test_info.test = test;
test_info.line_no = line_no;
test_info.filename = filename;
@@ -450,7 +472,7 @@
/* Record the location of the failure, but not as a failure yet, in case
* it was part of the test */
test_fail( failure_condition, line, file );
- test_info.failed = 0;
+ test_info.result = TEST_RESULT_SUCCESS;
longjmp( param_fail_jmp, 1 );
}
@@ -500,11 +522,11 @@
}
#endif /* __unix__ || __APPLE__ __MACH__ */
-static int unhexify( unsigned char *obuf, const char *ibuf )
+int unhexify( unsigned char *obuf, const char *ibuf )
{
unsigned char c, c2;
int len = strlen( ibuf ) / 2;
- assert( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */
+ TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */
while( *ibuf != 0 )
{
@@ -516,7 +538,7 @@
else if( c >= 'A' && c <= 'F' )
c -= 'A' - 10;
else
- assert( 0 );
+ TEST_HELPER_ASSERT( 0 );
c2 = *ibuf++;
if( c2 >= '0' && c2 <= '9' )
@@ -526,7 +548,7 @@
else if( c2 >= 'A' && c2 <= 'F' )
c2 -= 'A' - 10;
else
- assert( 0 );
+ TEST_HELPER_ASSERT( 0 );
*obuf++ = ( c << 4 ) | c2;
}
@@ -534,7 +556,7 @@
return len;
}
-static void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
+void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
{
unsigned char l, h;
@@ -571,7 +593,7 @@
size_t actual_len = ( len != 0 ) ? len : 1;
p = mbedtls_calloc( 1, actual_len );
- assert( p != NULL );
+ TEST_HELPER_ASSERT( p != NULL );
memset( p, 0x00, actual_len );
@@ -588,7 +610,7 @@
*
* For convenience, dies if allocation fails.
*/
-static unsigned char *unhexify_alloc( const char *ibuf, size_t *olen )
+unsigned char *unhexify_alloc( const char *ibuf, size_t *olen )
{
unsigned char *obuf;
@@ -598,7 +620,7 @@
return( zero_alloc( *olen ) );
obuf = mbedtls_calloc( 1, *olen );
- assert( obuf != NULL );
+ TEST_HELPER_ASSERT( obuf != NULL );
(void) unhexify( obuf, ibuf );
@@ -639,7 +661,7 @@
*
* rng_state shall be NULL.
*/
-static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
+int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
{
if( rng_state != NULL )
rng_state = NULL;
@@ -666,7 +688,7 @@
*
* After the buffer is empty it will return rand();
*/
-static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
+int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
{
rnd_buf_info *info = (rnd_buf_info *) rng_state;
size_t use_len;
@@ -712,7 +734,7 @@
*
* rng_state shall be a pointer to a rnd_pseudo_info structure.
*/
-static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
+int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
{
rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
uint32_t i, *k, sum, delta=0x9E3779B9;
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 3c43032..0f98d23 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -179,7 +179,7 @@
if( p + 1 < buf + len )
{
cur = p + 1;
- assert( cnt < params_len );
+ TEST_HELPER_ASSERT( cnt < params_len );
params[cnt++] = cur;
}
*p = '\0';
@@ -498,7 +498,8 @@
if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
break;
- mbedtls_fprintf( stdout, "%s%.66s", test_info.failed ? "\n" : "", buf );
+ mbedtls_fprintf( stdout, "%s%.66s",
+ test_info.result == TEST_RESULT_FAILED ? "\n" : "", buf );
mbedtls_fprintf( stdout, " " );
for( i = strlen( buf ) + 1; i < 67; i++ )
mbedtls_fprintf( stdout, "." );
@@ -545,7 +546,7 @@
// If there are no unmet dependencies execute the test
if( unmet_dep_count == 0 )
{
- test_info.failed = 0;
+ test_info.result = TEST_RESULT_SUCCESS;
test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_IDLE;
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
@@ -610,10 +611,15 @@
}
else if( ret == DISPATCH_TEST_SUCCESS )
{
- if( test_info.failed == 0 )
+ if( test_info.result == TEST_RESULT_SUCCESS )
{
mbedtls_fprintf( stdout, "PASS\n" );
}
+ else if( test_info.result == TEST_RESULT_SKIPPED )
+ {
+ mbedtls_fprintf( stdout, "----\n" );
+ total_skipped++;
+ }
else
{
total_errors++;
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 1574556..5d15f2b 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -159,7 +159,7 @@
else
{
/* Unexpected parameter validation error */
- test_info.failed = 1;
+ test_info.result = TEST_RESULT_FAILED;
}
memset( param_fail_jmp, 0, sizeof(jmp_buf) );
diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function
index 56abf29..91f7198 100644
--- a/tests/suites/target_test.function
+++ b/tests/suites/target_test.function
@@ -13,11 +13,11 @@
*/
#define INCR_ASSERT(p, start, len, step) do \
{ \
- assert( ( p ) >= ( start ) ); \
- assert( sizeof( *( p ) ) == sizeof( *( start ) ) ); \
+ TEST_HELPER_ASSERT( ( p ) >= ( start ) ); \
+ TEST_HELPER_ASSERT( sizeof( *( p ) ) == sizeof( *( start ) ) ); \
/* <= is checked to support use inside a loop where \
pointer is incremented after reading data. */ \
- assert( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\
+ TEST_HELPER_ASSERT( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\
( p ) += ( step ); \
} \
while( 0 )
@@ -59,10 +59,29 @@
return( DEPENDENCY_SUPPORTED );
}
+/**
+ * \brief Receives hex string on serial interface, and converts to a byte.
+ *
+ * \param none
+ *
+ * \return unsigned int8
+ */
+uint8_t receive_byte()
+{
+ uint8_t byte;
+ uint8_t c[3];
+ char *endptr;
+ c[0] = greentea_getc();
+ c[1] = greentea_getc();
+ c[2] = '\0';
+
+ assert( unhexify( &byte, c ) != 2 );
+ return( byte );
+}
/**
* \brief Receives unsigned integer on serial interface.
- * Integers are encoded in network order.
+ * Integers are encoded in network order, and sent as hex ascii string.
*
* \param none
*
@@ -71,10 +90,17 @@
uint32_t receive_uint32()
{
uint32_t value;
- value = (uint8_t)greentea_getc() << 24;
- value |= (uint8_t)greentea_getc() << 16;
- value |= (uint8_t)greentea_getc() << 8;
- value |= (uint8_t)greentea_getc();
+ const uint8_t c[9] = { greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ '\0'
+ };
+ assert( unhexify( &value, c ) != 8 );
return( (uint32_t)value );
}
@@ -127,12 +153,12 @@
/* Read data length */
*data_len = receive_uint32();
data = (uint8_t *)malloc( *data_len );
- assert( data != NULL );
+ TEST_HELPER_ASSERT( data != NULL );
greentea_getc(); // read ';' received after key i.e. *data_len
for( i = 0; i < *data_len; i++ )
- data[i] = greentea_getc();
+ data[i] = receive_byte();
/* Read closing braces */
for( i = 0; i < 2; i++ )
@@ -221,7 +247,7 @@
hex_count = find_hex_count(count, data, data_len);
params = (void **)malloc( sizeof( void *) * ( count + hex_count ) );
- assert( params != NULL );
+ TEST_HELPER_ASSERT( params != NULL );
cur = params;
p = data;
@@ -348,7 +374,7 @@
while ( 1 )
{
ret = 0;
- test_info.failed = 0;
+ test_info.result = TEST_RESULT_SUCCESS;
data_len = 0;
data = receive_data( &data_len );
@@ -360,7 +386,7 @@
{
/* Read dependency count */
count = *p;
- assert( count < data_len );
+ TEST_HELPER_ASSERT( count < data_len );
INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
ret = verify_dependencies( count, p );
if ( ret != DEPENDENCY_SUPPORTED )
@@ -406,7 +432,7 @@
if ( ret )
send_failure( ret );
else
- send_status( test_info.failed );
+ send_status( test_info.result );
}
return( 0 );
}
diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index 1a8ff1e..6293408 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -1,6 +1,10 @@
-Decrypt empty buffer
+AES-128 CBC - Decrypt empty buffer
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-dec_empty_buf:
+dec_empty_buf:MBEDTLS_CIPHER_AES_128_CBC:0:0
+
+AES-128 XTS - Decrypt empty buffer
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_XTS
+dec_empty_buf:MBEDTLS_CIPHER_AES_128_XTS:MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:0
AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
diff --git a/tests/suites/test_suite_cipher.arc4.data b/tests/suites/test_suite_cipher.arc4.data
index 6e69b81..adeed83 100644
--- a/tests/suites/test_suite_cipher.arc4.data
+++ b/tests/suites/test_suite_cipher.arc4.data
@@ -1,3 +1,7 @@
+ARC4 Decrypt empty buffer
+depends_on:MBEDTLS_ARC4_C
+dec_empty_buf:MBEDTLS_CIPHER_ARC4_128:0:0
+
ARC4 Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_ARC4_C
enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:0:-1
diff --git a/tests/suites/test_suite_cipher.aria.data b/tests/suites/test_suite_cipher.aria.data
new file mode 100644
index 0000000..2c50a21
--- /dev/null
+++ b/tests/suites/test_suite_cipher.aria.data
@@ -0,0 +1,3 @@
+Aria CBC Decrypt empty buffer
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC
+dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_CBC:0:0
diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data
index b94bc47..bbb3934 100644
--- a/tests/suites/test_suite_cipher.blowfish.data
+++ b/tests/suites/test_suite_cipher.blowfish.data
@@ -1,3 +1,7 @@
+BLOWFISH CBC Decrypt empty buffer
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+dec_empty_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:0:0
+
BLOWFISH Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:-1
diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data
index e6342da..8fbbbe9 100644
--- a/tests/suites/test_suite_cipher.camellia.data
+++ b/tests/suites/test_suite_cipher.camellia.data
@@ -1,3 +1,7 @@
+CAMELLIA CBC Decrypt empty buffer
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:0:0
+
CAMELLIA Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:-1
diff --git a/tests/suites/test_suite_cipher.chacha20.data b/tests/suites/test_suite_cipher.chacha20.data
index c67e582..11de103 100644
--- a/tests/suites/test_suite_cipher.chacha20.data
+++ b/tests/suites/test_suite_cipher.chacha20.data
@@ -1,7 +1,3 @@
-Decrypt empty buffer
-depends_on:MBEDTLS_CHACHA20_C
-dec_empty_buf:
-
Chacha20 RFC 7539 Test Vector #1
depends_on:MBEDTLS_CHACHA20_C
decrypt_test_vec:MBEDTLS_CIPHER_CHACHA20:-1:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"":"":0:0
diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data
index 7310a84..8c246ad 100644
--- a/tests/suites/test_suite_cipher.chachapoly.data
+++ b/tests/suites/test_suite_cipher.chachapoly.data
@@ -1,6 +1,6 @@
Decrypt empty buffer
depends_on:MBEDTLS_CHACHAPOLY_C
-dec_empty_buf:
+dec_empty_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:0:0
ChaCha20+Poly1305 Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_CHACHAPOLY_C
diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data
index ba9020e..c272a3e 100644
--- a/tests/suites/test_suite_cipher.des.data
+++ b/tests/suites/test_suite_cipher.des.data
@@ -1,3 +1,15 @@
+DES CBC Decrypt empty buffer
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+dec_empty_buf:MBEDTLS_CIPHER_DES_CBC:0:0
+
+DES EDE CBC Decrypt empty buffer
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+dec_empty_buf:MBEDTLS_CIPHER_DES_EDE_CBC:0:0
+
+DES EDE3 CBC Decrypt empty buffer
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+dec_empty_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:0:0
+
DES Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:-1
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index ca39937..8405f69 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -1,9 +1,18 @@
/* BEGIN_HEADER */
#include "mbedtls/cipher.h"
+#if defined(MBEDTLS_AES_C)
+#include "mbedtls/aes.h"
+#endif
+
#if defined(MBEDTLS_GCM_C)
#include "mbedtls/gcm.h"
#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa_crypto_helpers.h"
+#endif
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -710,7 +719,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void dec_empty_buf( )
+void dec_empty_buf( int cipher,
+ int expected_update_ret,
+ int expected_finish_ret )
{
unsigned char key[32];
unsigned char iv[16];
@@ -732,12 +743,15 @@
memset( decbuf, 0, 64 );
/* Initialise context */
- cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC );
+ cipher_info = mbedtls_cipher_info_from_type( cipher );
TEST_ASSERT( NULL != cipher_info);
+ TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen );
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, 128, MBEDTLS_DECRYPT ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec,
+ key, cipher_info->key_bitlen,
+ MBEDTLS_DECRYPT ) );
TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
@@ -748,10 +762,24 @@
#endif
/* decode 0-byte string */
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
+ TEST_ASSERT( expected_update_ret ==
+ mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
TEST_ASSERT( 0 == outlen );
- TEST_ASSERT( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED == mbedtls_cipher_finish(
- &ctx_dec, decbuf + outlen, &outlen ) );
+
+ if ( expected_finish_ret == 0 &&
+ ( cipher_info->mode == MBEDTLS_MODE_CBC ||
+ cipher_info->mode == MBEDTLS_MODE_ECB ) )
+ {
+ /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and
+ * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when
+ * decrypting an empty buffer.
+ * On the other hand, CBC and ECB ciphers need a full block of input.
+ */
+ expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+ }
+
+ TEST_ASSERT( expected_finish_ret == mbedtls_cipher_finish(
+ &ctx_dec, decbuf + outlen, &outlen ) );
TEST_ASSERT( 0 == outlen );
exit:
@@ -962,7 +990,7 @@
#else
if( use_psa == 1 )
{
- TEST_ASSERT( psa_crypto_init() == 0 );
+ PSA_ASSERT( psa_crypto_init( ) );
/* PSA requires that the tag immediately follows the ciphertext. */
tmp_cipher = mbedtls_calloc( 1, cipher->len + tag->len );
@@ -1046,14 +1074,15 @@
exit:
+ mbedtls_cipher_free( &ctx );
+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( use_psa == 1 )
{
mbedtls_free( tmp_cipher );
+ PSA_DONE( );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
- mbedtls_cipher_free( &ctx );
}
/* END_CASE */
@@ -1123,7 +1152,7 @@
#else
if( use_psa == 1 )
{
- TEST_ASSERT( psa_crypto_init() == 0 );
+ PSA_ASSERT( psa_crypto_init( ) );
TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
}
@@ -1152,6 +1181,9 @@
exit:
mbedtls_cipher_free( &ctx );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ PSA_DONE( );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
/* END_CASE */
diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data
index 03d08ce..83889de 100644
--- a/tests/suites/test_suite_cipher.gcm.data
+++ b/tests/suites/test_suite_cipher.gcm.data
@@ -1,3 +1,11 @@
+CAMELLIA GCM Decrypt empty buffer
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
+dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:0:0
+
+Aria GCM Decrypt empty buffer
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_GCM_C
+dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_GCM:0:0
+
AES 128 GCM Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
enc_dec_buf:MBEDTLS_CIPHER_AES_128_GCM:"AES-128-GCM":128:0:-1
diff --git a/tests/suites/test_suite_cipher.nist_kw.data b/tests/suites/test_suite_cipher.nist_kw.data
index 59ef931..8201891 100644
--- a/tests/suites/test_suite_cipher.nist_kw.data
+++ b/tests/suites/test_suite_cipher.nist_kw.data
@@ -1,3 +1,11 @@
+KW AES-128 wrap - Decrypt empty buffer
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+dec_empty_buf:MBEDTLS_CIPHER_AES_128_KW:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+
+KWP AES-128 wrap - Decrypt empty buffer
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+dec_empty_buf:MBEDTLS_CIPHER_AES_128_KWP:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+
KW AES-128 wrap rfc 3394
depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"000102030405060708090A0B0C0D0E0F":"":"":"1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5":"":"":"00112233445566778899AABBCCDDEEFF":0
@@ -268,4 +276,3 @@
KWP AES-256 wrap CAVS 17.4 FAIL COUNT 4 CLEN 32
depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"c32cb3e1e41a4b9f4de79989957866f5dd48dba38c22a6ebb80e14c84bdd9534":"":"":"c29b05c2619a58ecc1d239e7a34273cd":"":"FAIL":"":0
-
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 0b1cfe8..0d86ead 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -48,7 +48,7 @@
* This might break memory checks in the future if sources need 'free-ing' then
* as well.
*/
-static void entropy_clear_sources( mbedtls_entropy_context *ctx )
+void entropy_clear_sources( mbedtls_entropy_context *ctx )
{
ctx->source_count = 0;
}
@@ -58,7 +58,7 @@
*/
static unsigned char buffer_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
-static int buffer_nv_seed_read( unsigned char *buf, size_t buf_len )
+int buffer_nv_seed_read( unsigned char *buf, size_t buf_len )
{
if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE )
return( -1 );
@@ -67,7 +67,7 @@
return( 0 );
}
-static int buffer_nv_seed_write( unsigned char *buf, size_t buf_len )
+int buffer_nv_seed_write( unsigned char *buf, size_t buf_len )
{
if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE )
return( -1 );
@@ -98,7 +98,7 @@
return( 0 );
}
-static int read_nv_seed( unsigned char *buf, size_t buf_len )
+int read_nv_seed( unsigned char *buf, size_t buf_len )
{
FILE *f;
@@ -301,11 +301,24 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
+/* BEGIN_CASE depends_on:MBEDTLS_MD_C:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT */
void entropy_nv_seed( data_t * read_seed )
{
- mbedtls_sha512_context accumulator;
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
+#elif defined(MBEDTLS_ENTROPY_SHA256_ACCUMULATOR)
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
+#else
+#error "Unsupported entropy accumulator"
+#endif
+ mbedtls_md_context_t accumulator;
mbedtls_entropy_context ctx;
+ int (*original_mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) =
+ mbedtls_nv_seed_read;
+ int (*original_mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) =
+ mbedtls_nv_seed_write;
unsigned char header[2];
unsigned char entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
@@ -316,17 +329,14 @@
memset( entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
- memset( buffer_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
memset( empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
memset( check_seed, 2, MBEDTLS_ENTROPY_BLOCK_SIZE );
memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE );
- // Set the initial NV seed to read
- memcpy( buffer_seed, read_seed->x, read_seed->len );
-
// Make sure we read/write NV seed from our buffers
mbedtls_platform_set_nv_seed( buffer_nv_seed_read, buffer_nv_seed_write );
+ mbedtls_md_init( &accumulator );
mbedtls_entropy_init( &ctx );
entropy_clear_sources( &ctx );
@@ -334,45 +344,57 @@
MBEDTLS_ENTROPY_BLOCK_SIZE,
MBEDTLS_ENTROPY_SOURCE_STRONG ) == 0 );
+ // Set the initial NV seed to read
+ TEST_ASSERT( read_seed->len >= MBEDTLS_ENTROPY_BLOCK_SIZE );
+ memcpy( buffer_seed, read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE );
+
// Do an entropy run
TEST_ASSERT( mbedtls_entropy_func( &ctx, entropy, sizeof( entropy ) ) == 0 );
-
// Determine what should have happened with manual entropy internal logic
- // Only use the SHA-512 version to check
// Init accumulator
header[1] = MBEDTLS_ENTROPY_BLOCK_SIZE;
- mbedtls_sha512_starts( &accumulator, 0 );
+ TEST_ASSERT( mbedtls_md_setup( &accumulator, md_info, 0 ) == 0 );
// First run for updating write_seed
header[0] = 0;
- mbedtls_sha512_update( &accumulator, header, 2 );
- mbedtls_sha512_update( &accumulator, read_seed->x, read_seed->len );
- mbedtls_sha512_finish( &accumulator, buf );
+ TEST_ASSERT( mbedtls_md_starts( &accumulator ) == 0 );
+ TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 );
+ TEST_ASSERT( mbedtls_md_update( &accumulator,
+ read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
+ TEST_ASSERT( mbedtls_md_finish( &accumulator, buf ) == 0 );
- memset( &accumulator, 0, sizeof( mbedtls_sha512_context ) );
- mbedtls_sha512_starts( &accumulator, 0 );
- mbedtls_sha512_update( &accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ TEST_ASSERT( mbedtls_md_starts( &accumulator ) == 0 );
+ TEST_ASSERT( mbedtls_md_update( &accumulator,
+ buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
- mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_seed, 0 );
+ TEST_ASSERT( mbedtls_md( md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+ check_seed ) == 0 );
// Second run for actual entropy (triggers mbedtls_entropy_update_nv_seed)
header[0] = MBEDTLS_ENTROPY_SOURCE_MANUAL;
- mbedtls_sha512_update( &accumulator, header, 2 );
- mbedtls_sha512_update( &accumulator, empty, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 );
+ TEST_ASSERT( mbedtls_md_update( &accumulator,
+ empty, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
header[0] = 0;
- mbedtls_sha512_update( &accumulator, header, 2 );
- mbedtls_sha512_update( &accumulator, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
- mbedtls_sha512_finish( &accumulator, buf );
+ TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 );
+ TEST_ASSERT( mbedtls_md_update( &accumulator,
+ check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
+ TEST_ASSERT( mbedtls_md_finish( &accumulator, buf ) == 0 );
- mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_entropy, 0 );
+ TEST_ASSERT( mbedtls_md( md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+ check_entropy ) == 0 );
// Check result of both NV file and entropy received with the manual calculations
TEST_ASSERT( memcmp( check_seed, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
TEST_ASSERT( memcmp( check_entropy, entropy, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
+exit:
+ mbedtls_md_free( &accumulator );
mbedtls_entropy_free( &ctx );
+ mbedtls_nv_seed_read = original_mbedtls_nv_seed_read;
+ mbedtls_nv_seed_write = original_mbedtls_nv_seed_write;
}
/* END_CASE */
diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function
index f1acde9..9c34ea6 100644
--- a/tests/suites/test_suite_nist_kw.function
+++ b/tests/suites/test_suite_nist_kw.function
@@ -170,10 +170,6 @@
TEST_ASSERT( ciphertext != NULL );
}
- memset( plaintext, 0, in_len );
- memset( ciphertext, 0, output_len );
-
-
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
key, 8 * sizeof( key ), 1 ) == 0 );
@@ -225,10 +221,6 @@
TEST_ASSERT( ciphertext != NULL );
}
- memset( plaintext, 0, output_len );
- memset( ciphertext, 0, in_len );
-
-
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
key, 8 * sizeof( key ), 0 ) == 0 );
unwrap_ret = mbedtls_nist_kw_unwrap( &ctx, mode, ciphertext, in_len,
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index d85d9ed..162cb56 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -10,6 +10,18 @@
#include <limits.h>
#include <stdint.h>
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "mbedtls/psa_util.h"
+#include "psa_crypto_helpers.h"
+#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) )
+#else
+/* Define empty macros so that we can use them in the preamble and teardown
+ * of every test function that uses PSA conditionally based on
+ * MBEDTLS_USE_PSA_CRYPTO. */
+#define PSA_INIT( ) ( (void) 0 )
+#define PSA_DONE( ) ( (void) 0 )
+#endif
+
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
#define RSA_KEY_SIZE 512
@@ -67,39 +79,26 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "mbedtls/psa_util.h"
-
-#define PK_PSA_INVALID_SLOT 0 /* guaranteed invalid */
-
/*
- * Generate a key in a free key slot and return this key slot,
- * or PK_PSA_INVALID_SLOT if no slot was available.
+ * Generate a key using PSA and return a handle to that key,
+ * or 0 if the key generation failed.
* The key uses NIST P-256 and is usable for signing with SHA-256.
*/
psa_key_handle_t pk_psa_genkey( void )
{
psa_key_handle_t key;
-
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const int curve = PSA_ECC_CURVE_SECP256R1;
- const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEYPAIR(curve);
+ const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve);
const size_t bits = 256;
- psa_key_policy_t policy;
- /* Allocate a key slot */
- if( PSA_SUCCESS != psa_allocate_key( &key ) )
- return( PK_PSA_INVALID_SLOT );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256) );
+ psa_set_key_type( &attributes, type );
+ psa_set_key_bits( &attributes, bits );
+ PSA_ASSERT( psa_generate_key( &attributes, &key ) );
- /* set up policy on key slot */
- policy = psa_key_policy_init();
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN,
- PSA_ALG_ECDSA(PSA_ALG_SHA_256) );
- if( PSA_SUCCESS != psa_set_key_policy( key, &policy ) )
- return( PK_PSA_INVALID_SLOT );
-
- /* generate key */
- if( PSA_SUCCESS != psa_generate_key( key, type, bits, NULL, 0 ) )
- return( PK_PSA_INVALID_SLOT );
-
+exit:
return( key );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -115,6 +114,7 @@
{
mbedtls_pk_context pk, pk2;
psa_key_handle_t key;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const char * const name = "Opaque";
const size_t bitlen = 256; /* harcoded in genkey() */
@@ -124,11 +124,13 @@
size_t len;
mbedtls_pk_debug_item dbg;
- TEST_ASSERT( psa_crypto_init() == 0 );
+ PSA_ASSERT( psa_crypto_init( ) );
mbedtls_pk_init( &pk );
mbedtls_pk_init( &pk2 );
+ TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+
TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, 0 ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -136,7 +138,8 @@
mbedtls_pk_init( &pk );
key = pk_psa_genkey();
- TEST_ASSERT( key != 0 );
+ if( key == 0 )
+ goto exit;
TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 );
@@ -173,12 +176,13 @@
/* test that freeing the context does not destroy the key */
mbedtls_pk_free( &pk );
- TEST_ASSERT( PSA_SUCCESS == psa_get_key_information( key, NULL, NULL ) );
+ TEST_ASSERT( PSA_SUCCESS == psa_get_key_attributes( key, &attributes ) );
TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) );
exit:
mbedtls_pk_free( &pk ); /* redundant except upon error */
mbedtls_pk_free( &pk2 );
+ PSA_DONE( );
}
/* END_CASE */
@@ -769,7 +773,7 @@
mbedtls_ecp_keypair *eckey;
mbedtls_pk_init( &pk );
-
+ PSA_INIT( );
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
@@ -786,6 +790,7 @@
exit:
mbedtls_pk_free( &pk );
+ PSA_DONE( );
}
/* END_CASE */
@@ -910,6 +915,7 @@
#endif
mbedtls_pk_init( &pk );
+ PSA_INIT( );
memset( hash, 0x2a, sizeof hash );
memset( sig, 0, sizeof sig );
@@ -961,6 +967,7 @@
mbedtls_pk_restart_free( rs_ctx );
#endif
mbedtls_pk_free( &pk );
+ PSA_DONE( );
}
/* END_CASE */
@@ -1216,6 +1223,8 @@
* - parse it to a PK context and verify the signature this way
*/
+ PSA_ASSERT( psa_crypto_init( ) );
+
/* Create legacy EC public/private key in PK context. */
mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_setup( &pk,
@@ -1233,7 +1242,6 @@
pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy;
/* Turn PK context into an opaque one. */
- TEST_ASSERT( psa_allocate_key( &handle ) == PSA_SUCCESS );
TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &handle,
PSA_ALG_SHA_256 ) == 0 );
@@ -1266,5 +1274,6 @@
exit:
mbedtls_pk_free( &pk );
+ PSA_DONE( );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 029cfb5..8eee989 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1,6 +1,27 @@
PSA compile-time sanity checks
static_checks:
+PSA key attributes structure
+attributes_set_get:0x6963:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:128
+
+PSA key attributes: id only
+persistence_attributes:0x1234:-1:-1:0x1234:PSA_KEY_LIFETIME_PERSISTENT
+
+PSA key attributes: lifetime=3 only
+persistence_attributes:-1:3:-1:0:3
+
+PSA key attributes: id then back to volatile
+persistence_attributes:0x1234:PSA_KEY_LIFETIME_VOLATILE:-1:0:PSA_KEY_LIFETIME_VOLATILE
+
+PSA key attributes: id then lifetime
+persistence_attributes:0x1234:3:-1:0x1234:3
+
+PSA key attributes: lifetime then id
+persistence_attributes:0x1234:3:0x1235:0x1235:3
+
+PSA key attributes: slot number
+slot_number_attribute:
+
PSA import/export raw: 0 bytes
import_export:"":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_SUCCESS:1
@@ -25,56 +46,27 @@
depends_on:MBEDTLS_AES_C
import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:256:0:PSA_SUCCESS:1
-PSA import to non empty key slot
-depends_on:MBEDTLS_AES_C
-import_key_nonempty_slot
+PSA invalid handle (0)
+invalid_handle:0
-PSA export invalid handle (0)
-export_invalid_handle:0:PSA_ERROR_INVALID_HANDLE
+PSA invalid handle (smallest plausible handle)
+invalid_handle:1
-PSA export invalid handle (smallest plausible handle)
-export_invalid_handle:1:PSA_ERROR_INVALID_HANDLE
+PSA invalid handle (largest plausible handle)
+invalid_handle:-1
-PSA export invalid handle (largest plausible handle)
-export_invalid_handle:-1:PSA_ERROR_INVALID_HANDLE
+PSA import: bad usage flag
+import_with_policy:PSA_KEY_TYPE_RAW_DATA:0x40000000:0:PSA_ERROR_INVALID_ARGUMENT
-PSA export a slot where there was some activity but no key material creation
-export_with_no_key_activity
+PSA import: invalid type (0)
+import_with_policy:PSA_KEY_TYPE_NONE:0:0:PSA_ERROR_NOT_SUPPORTED
-PSA setup cipher where there was some activity on key but no key material creation
-cipher_with_no_key_activity
-
-PSA export a slot after a failed import of a AES key
-depends_on:MBEDTLS_AES_C
-export_after_import_failure:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
-
-PSA export a slot after a failed import of a RSA key
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_PARSE_C
-export_after_import_failure:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
-
-PSA export a slot after a failed import of an EC keypair
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-export_after_import_failure:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
-
-PSA setup cipher after a failed import of a AES key
-depends_on:MBEDTLS_AES_C
-cipher_after_import_failure:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
-
-PSA export RSA public key from a slot where there was an import followed by destroy.
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-export_after_destroy_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY
-
-PSA export AES key from a slot where there was an import followed by destroy.
-depends_on:MBEDTLS_AES_C
-export_after_destroy_key:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES
-
-PSA export EC key from a slot where there was an import followed by destroy.
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-export_after_destroy_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1)
+PSA import: invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
+import_with_policy:PSA_KEY_TYPE_CATEGORY_MASK:0:0:PSA_ERROR_NOT_SUPPORTED
PSA import AES: bad key size
depends_on:MBEDTLS_AES_C
-import:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"0123456789abcdef":PSA_KEY_TYPE_AES:0:PSA_ERROR_INVALID_ARGUMENT
PSA import/export RSA public key: good, 1024-bit
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -102,47 +94,47 @@
PSA import/export RSA keypair: good, 1024-bit
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:1
PSA import/export RSA keypair: good, larger buffer (+1 byte)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:1:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:1:PSA_SUCCESS:1
PSA import/export RSA keypair: good, larger buffer (*2-1)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:609:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:609:PSA_SUCCESS:1
PSA import/export RSA keypair: good, larger buffer (*2)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:610:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:610:PSA_SUCCESS:1
PSA import/export RSA keypair: good, larger buffer (*2+1)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:611:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:611:PSA_SUCCESS:1
PSA import/export RSA keypair: export buffer too small
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
PSA import/export RSA keypair: trailing garbage ignored
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:-1:PSA_SUCCESS:0
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:-1:PSA_SUCCESS:0
PSA import RSA keypair: truncated
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT
PSA import RSA keypair: public key
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT
PSA import RSA public key: key pair
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_INVALID_ARGUMENT
PSA import RSA keypair: valid key but EC
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT
PSA import/export-public RSA public key: good, 1024-bit
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -150,7 +142,7 @@
PSA import/export-public RSA keypair: good, 1024-bit
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
PSA import/export-public RSA public key: buffer too small
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -158,7 +150,7 @@
PSA import/export-public RSA keypair: buffer too small
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
PSA import/export RSA public key: 1016-bit (good)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -166,79 +158,79 @@
PSA import/export RSA keypair: 1016-bit (good)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1016:0:PSA_SUCCESS:1
+import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1016:0:PSA_SUCCESS:1
PSA import RSA public key: 1022-bit (not supported)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import:"30818802818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd134450230203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ERROR_NOT_SUPPORTED
+import_with_data:"30818802818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd134450230203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_NOT_SUPPORTED
PSA import RSA keypair: 1022-bit (not supported)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import:"3082025802010002818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd1344502302030100010281800ad9700e01e8bf68ff4c90c4465dfa13fea0e76295d817349ccb257d382acf89b3d7b31e18606af4ac92baf3710426fe0b54225ddfa527c31218b3346e03a9cae5395a780ade880b996f4061fad65689393fc8e77f46a4c1a29b0450cdaaef0710e523cd1028abe1653d23f0d5ec805a629bdf1fc4c1c00737760e1714f6b7f102407d5e545484b546bd61972b446a04af0cf17b126a8872b977da5035ca82dd0e4fef1381a6480f60db07628348602f86ba89a271563d9a3fb613b9b39703498f9902407017641093065eed178ff848b5f8a2b502a187511db28549ea7646f3e7b3ea171f4c34c0ecf0566adc4d172c057be077a45fcf8019a36a4588c4de3b8c0a631b02407cc7fccbbae2eb2be80c9c8615b7dfbbd4469907ec13b44274cacd1f69ad38679b2021352e18106131327e54f5579893e6160714bd6fdfe60c30136e45595c51024055250f779f96f94873db82a808c24325e847b6b8212cd81e9ba118a8715ab2f8b96773b310c8477c88b76e609c11cb22569408d4afa4f836b57b85ac09e661fd02400e5fc5df9614c95d77e9bc2df63d48e7a08a0034174f0f745eef4413ee36d929f194557e6990e148b7438e949a41e92bc9d9136c3e6563904151a578a2f4fc1b":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_NOT_SUPPORTED
+import_with_data:"3082025802010002818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd1344502302030100010281800ad9700e01e8bf68ff4c90c4465dfa13fea0e76295d817349ccb257d382acf89b3d7b31e18606af4ac92baf3710426fe0b54225ddfa527c31218b3346e03a9cae5395a780ade880b996f4061fad65689393fc8e77f46a4c1a29b0450cdaaef0710e523cd1028abe1653d23f0d5ec805a629bdf1fc4c1c00737760e1714f6b7f102407d5e545484b546bd61972b446a04af0cf17b126a8872b977da5035ca82dd0e4fef1381a6480f60db07628348602f86ba89a271563d9a3fb613b9b39703498f9902407017641093065eed178ff848b5f8a2b502a187511db28549ea7646f3e7b3ea171f4c34c0ecf0566adc4d172c057be077a45fcf8019a36a4588c4de3b8c0a631b02407cc7fccbbae2eb2be80c9c8615b7dfbbd4469907ec13b44274cacd1f69ad38679b2021352e18106131327e54f5579893e6160714bd6fdfe60c30136e45595c51024055250f779f96f94873db82a808c24325e847b6b8212cd81e9ba118a8715ab2f8b96773b310c8477c88b76e609c11cb22569408d4afa4f836b57b85ac09e661fd02400e5fc5df9614c95d77e9bc2df63d48e7a08a0034174f0f745eef4413ee36d929f194557e6990e148b7438e949a41e92bc9d9136c3e6563904151a578a2f4fc1b":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_NOT_SUPPORTED
PSA import RSA public key: 1023-bit (not supported)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import:"3081880281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ERROR_NOT_SUPPORTED
+import_with_data:"3081880281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_NOT_SUPPORTED
PSA import RSA keypair: 1023-bit (not supported)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_NOT_SUPPORTED
+import_with_data:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_NOT_SUPPORTED
PSA import/export EC secp224r1 key pair: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
-import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:224:0:PSA_SUCCESS:1
+import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:224:0:PSA_SUCCESS:1
PSA import/export-public EC secp224r1: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
-import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7"
+import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7"
PSA import/export EC secp256r1 key pair: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1
+import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1
PSA import/export-public EC secp256r1: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
+import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
PSA import/export EC secp384r1 key pair: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1
+import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1
PSA import/export-public EC secp384r1: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
+import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
PSA import/export EC secp521r1 key pair: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:521:0:PSA_SUCCESS:1
+import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP521R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:521:0:PSA_SUCCESS:1
PSA import/export-public EC secp521r1: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
+import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP521R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
PSA import/export EC brainpool256r1 key pair: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
-import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1
+import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1
PSA import/export-public EC brainpool256r1: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
-import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
+import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
PSA import/export EC brainpool384r1 key pair: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
-import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1
+import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1
PSA import/export-public EC brainpool384r1: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
-import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
+import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
PSA import/export EC brainpool512r1 key pair: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
-import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:512:0:PSA_SUCCESS:1
+import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:512:0:PSA_SUCCESS:1
PSA import/export-public EC brainpool512r1: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
-import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"
+import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"
PSA import/export-public: cannot export-public a symmetric key
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -258,11 +250,11 @@
PSA import/export RSA keypair: policy forbids export (crypt)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1
PSA import/export RSA keypair: policy forbids export (sign)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_ERROR_NOT_PERMITTED:1
# Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS
# extension which we may drop in the future.
@@ -272,35 +264,35 @@
PSA import/export RSA keypair: import PEM
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:0
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:0
PSA import EC keypair: DER format
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: too short
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: public key
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: secp256r1, all-bits-zero (bad)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"0000000000000000000000000000000000000000000000000000000000000000":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"0000000000000000000000000000000000000000000000000000000000000000":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: secp256r1, d == n - 1 (good)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_SUCCESS
+import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_SUCCESS
PSA import EC keypair: secp256r1, d == n (bad)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: secp256r1, d > n (bad)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
PSA import EC public key: key pair
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
@@ -308,15 +300,39 @@
# one would expect the status to be PSA_ERROR_INVALID_ARGUMENT. But the
# Mbed TLS pkparse module returns MBEDTLS_ERR_PK_INVALID_ALG, I think because
# it's looking for an OID where there is no OID.
-import:"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_NOT_SUPPORTED
+import_with_data:"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_NOT_SUPPORTED
PSA import EC keypair: valid key but RSA
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_RSA_C
-import:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ERROR_INVALID_ARGUMENT
+import_with_data:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):0:PSA_ERROR_INVALID_ARGUMENT
-PSA import failure preserves policy
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-import_twice:PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_SUCCESS
+PSA import AES: bits=0 ok
+depends_on:MBEDTLS_AES_C
+import_with_data:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:0:PSA_SUCCESS
+
+PSA import AES: bits=128 ok
+depends_on:MBEDTLS_AES_C
+import_with_data:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_SUCCESS
+
+PSA import AES: bits=256 wrong
+depends_on:MBEDTLS_AES_C
+import_with_data:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:256:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import AES: bits=256 ok
+depends_on:MBEDTLS_AES_C
+import_with_data:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:256:PSA_SUCCESS
+
+PSA import AES: bits=128 wrong
+depends_on:MBEDTLS_AES_C
+import_with_data:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import large key: raw, 65528 bits (ok)
+depends_on:HAVE_RAM_AVAILABLE_128K
+import_large_key:PSA_KEY_TYPE_RAW_DATA:8191:PSA_SUCCESS
+
+PSA import large key: raw, 65536 bits (not supported)
+depends_on:HAVE_RAM_AVAILABLE_128K
+import_large_key:PSA_KEY_TYPE_RAW_DATA:8192:PSA_ERROR_NOT_SUPPORTED
PSA import RSA key pair: maximum size exceeded
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
@@ -329,8 +345,8 @@
PSA key policy set and get
key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING
-Key policy initializers zero properly
-key_policy_init:
+Key attributes initializers zero properly
+key_attributes_init:
PSA key policy: MAC, sign | verify
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
@@ -340,6 +356,14 @@
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
mac_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224)
+PSA key policy: MAC, alg=0 in policy
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
+PSA key policy: MAC, ANY_HASH in policy is not meaningful
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
PSA key policy: MAC, sign but not verify
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
mac_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
@@ -372,6 +396,10 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
cipher_key_policy:0:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CTR
+PSA key policy: cipher, alg=0 in policy
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CTR
+
PSA key policy: AEAD, encrypt | decrypt
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM
@@ -380,6 +408,10 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_GCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":16:16:PSA_ALG_GCM
+PSA key policy: AEAD, alg=0 in policy
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":16:16:PSA_ALG_CCM
+
PSA key policy: AEAD, encrypt but not decrypt
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM
@@ -394,71 +426,79 @@
PSA key policy: asymmetric encryption, encrypt | decrypt
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
PSA key policy: asymmetric encryption, wrong algorithm (v1.5/OAEP)
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
PSA key policy: asymmetric encryption, wrong algorithm (OAEP with different hash)
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+
+PSA key policy: asymmetric encryption, alg=0 in policy
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
PSA key policy: asymmetric encryption, ANY_HASH in policy is not meaningful
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
PSA key policy: asymmetric encryption, encrypt but not decrypt
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
PSA key policy: asymmetric encryption, decrypt but not encrypt
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
PSA key policy: asymmetric encryption, neither encrypt nor decrypt
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
PSA key policy: asymmetric signature, sign | verify
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
PSA key policy: asymmetric signature, wrong algorithm family
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
PSA key policy: asymmetric signature, wildcard in policy, wrong algorithm family
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
PSA key policy: asymmetric signature, wildcard in policy, ECDSA SHA-256
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32
PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 SHA-256
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32
PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 raw
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
PSA key policy: asymmetric signature, wrong hash algorithm
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+
+PSA key policy: asymmetric signature, alg=0 in policy
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
PSA key policy: asymmetric signature, sign but not verify
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
PSA key policy: asymmetric signature, verify but not sign
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
PSA key policy: asymmetric signature, neither sign nor verify
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
PSA key policy: derive via HKDF, permitted
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
@@ -484,17 +524,41 @@
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_224)
-PSA key policy: agreement, permitted
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
+PSA key policy: agreement + KDF, permitted
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
-PSA key policy: agreement, not permitted
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-agreement_key_policy:0:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
+PSA key policy: agreement + KDF, not permitted
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
-PSA key policy: agreement, wrong algorithm
+PSA key policy: agreement + KDF, wrong agreement algorithm
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
+
+PSA key policy: agreement + KDF, wrong KDF algorithm
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224))
+
+PSA key policy: agreement + KDF, key only permits raw agreement
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
+
+PSA key policy: raw agreement, permitted
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH(PSA_ALG_SELECT_RAW)
+raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
+
+PSA key policy: raw agreement, not permitted
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
+
+PSA key policy: raw agreement, wrong algorithm
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH
+
+PSA key policy: raw agreement, key only permits a KDF
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
PSA key policy algorithm2: CTR, CBC
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC_NOPAD
@@ -502,150 +566,135 @@
PSA key policy algorithm2: ECDH, ECDSA
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_ECDSA_C
-key_policy_alg2:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_ALG_ECDSA_ANY
+key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDH:PSA_ALG_ECDSA_ANY
Copy key: raw, 0 bytes
-copy_key_policy:0:0:0:PSA_KEY_TYPE_RAW_DATA:"":0:0:0:-1:-1:0:0:0:0
+copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"":1:-1:-1:0:PSA_KEY_USAGE_COPY:0:0
+
+Copy key: AES, copy attributes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":1:-1:-1:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
Copy key: AES, same usage flags
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:-1:-1:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
-Copy key: AES, fewer usage flags
+Copy key: AES, fewer usage flags (-EXPORT)
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:-1:-1:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+
+Copy key: AES, fewer usage flags (-COPY)
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
Copy key: AES, 1 more usage flag
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:-1:-1:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
Copy key: AES, 2 more usage flags
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:-1:-1:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
-Copy key: AES, intersect usage flags
+Copy key: AES, intersect usage flags #1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:-1:-1:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
-Copy key: AES, source=target, constraint with same usage flags
+Copy key: AES, intersect usage flags #2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0
-
-Copy key: AES, source=target, constraint with fewer usage flags
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
-
-Copy key: AES, source=target, constraint with 1 more usage flag
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
-
-Copy key: AES, source=target, constraint with 2 more usage flags
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
-
-Copy key: AES, source=target, constraint with different usage flags
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
-
-Copy key: AES, permissive target, restrictive constraint
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0
Copy key: RSA key pair, same usage flags
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:-1:-1:0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, fewer usage flags
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:-1:-1:0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, more usage flags
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:-1:-1:0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
-Copy key: RSA key pair, intersect usage flags
+Copy key: RSA key pair, intersect usage flags #0
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:-1:-1:0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+
+Copy key: RSA key pair, intersect usage flags #1
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, wildcard algorithm in source
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:-1:-1:0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, wildcard algorithm in target
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:-1:-1:0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, wildcard algorithm in source and target
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:-1:-1:0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0
-
-Copy key: RSA key pair, wildcard in constraint
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0
-
-Copy key: RSA key pair, wildcard, restrictive constraint
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0
Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):-1:-1:-1:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
Copy key: source=ECDSA+ECDH, target=ECDSA+0
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:-1:-1:-1:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0
Copy key: source=ECDSA+ECDH, target=0+ECDH
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):-1:-1:-1:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH
Copy key: source=ECDSA(any)+ECDH, target=ECDSA(SHA256)+ECDH
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):-1:-1:-1:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
Copy key: source=ECDH+ECDSA(any), target=ECDH+ECDSA(SHA256)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_ALG_ECDSA(PSA_ALG_SHA_256):-1:-1:-1:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_ALG_ECDSA(PSA_ALG_SHA_256)
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
-Copy key: source=target=ECDSA(any)+ECDSAdet(any), constraint
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_224):PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_224)
+Copy fail: raw data, no COPY flag
+copy_fail:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_ERROR_NOT_PERMITTED
+
+Copy key: AES, no COPY flag
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_fail:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_ERROR_NOT_PERMITTED
Copy fail: AES, incompatible target policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
-copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0:-1:-1:0:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0:PSA_ERROR_INVALID_ARGUMENT
Copy fail: RSA, incompatible target policy (source wildcard)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:-1:-1:0:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_INVALID_ARGUMENT
Copy fail: RSA, incompatible target policy (target wildcard)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:-1:-1:0:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:PSA_ERROR_INVALID_ARGUMENT
Copy fail: RSA, incompatible target policy (source and target wildcard)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:-1:-1:0:PSA_ERROR_INVALID_ARGUMENT
-
-Copy fail: RSA, incompatible constraint (wildcard on different base)
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:PSA_ERROR_INVALID_ARGUMENT
-
-Copy fail: RSA, incompatible constraint
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:PSA_ERROR_INVALID_ARGUMENT
Copy fail: RSA, ANY_HASH is not meaningful with OAEP
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0:-1:-1:0:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0:PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: incorrect type in attributes
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: incorrect size in attributes
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:42:PSA_KEY_USAGE_EXPORT:0:0:PSA_ERROR_INVALID_ARGUMENT
Copy fail: source=ECDSA(SHA224)+ECDH, target=ECDSA(SHA256)+ECDH
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-copy_fail:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):-1:-1:-1::PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH::PSA_ERROR_INVALID_ARGUMENT
Copy fail: source=ECDH+ECDSA(SHA224), target=ECDH+ECDSA(SHA256)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-copy_fail:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_ALG_ECDSA(PSA_ALG_SHA_256):-1:-1:-1::PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)::PSA_ERROR_INVALID_ARGUMENT
Hash operation object initializers zero properly
hash_operation_init:
@@ -977,75 +1026,75 @@
PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
PSA symmetric encrypt: AES-CBC-PKCS#7, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":PSA_SUCCESS
PSA symmetric encrypt: AES-CBC-PKCS#7, 15 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS
PSA symmetric encrypt: AES-CBC-nopad, input too short
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric encrypt: AES-CTR, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
PSA symmetric encrypt: AES-CTR, 15 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
PSA symmetric encrypt: DES-CBC-nopad, 8 bytes, good
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"eda4011239bc3ac9":"64f917b0152f8f05":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"64f917b0152f8f05":PSA_SUCCESS
PSA symmetric encrypt: 2-key 3DES-CBC-nopad, 8 bytes, good
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"eda4011239bc3ac9":"5d0652429c5b0ac7":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"5d0652429c5b0ac7":PSA_SUCCESS
PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS
PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS
PSA symmetric decrypt: AES-CBC-PKCS#7, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS
PSA symmetric decrypt: AES-CBC-PKCS#7, 15 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6279b49d7f7a8dd87b685175d4276e24":"6bc1bee22e409f96e93d7e11739317":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6279b49d7f7a8dd87b685175d4276e24":"6bc1bee22e409f96e93d7e11739317":PSA_SUCCESS
PSA symmetric decrypt: AES-CBC-PKCS#7, input too short (15 bytes)
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_BAD_STATE
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_BAD_STATE
PSA symmetric decrypt: AES-CTR, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
-cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS
PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes)
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE
PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"64f917b0152f8f05":"eda4011239bc3ac9":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"2a2a2a2a2a2a2a2a":"64f917b0152f8f05":"eda4011239bc3ac9":PSA_SUCCESS
PSA symmetric decrypt: 2-key 3DES-CBC-nopad, 8 bytes, good
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"5d0652429c5b0ac7":"eda4011239bc3ac9":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"2a2a2a2a2a2a2a2a":"5d0652429c5b0ac7":"eda4011239bc3ac9":PSA_SUCCESS
PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS
PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
@@ -1065,127 +1114,127 @@
PSA symmetric encryption multipart: AES-CBC-nopad, 7+9 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b"
PSA symmetric encryption multipart: AES-CBC-nopad, 3+13 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":3:0:16:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":3:0:16:"a076ec9dfbe47d52afc357336f20743b"
PSA symmetric encryption multipart: AES-CBC-nopad, 4+12 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":4:0:16:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":4:0:16:"a076ec9dfbe47d52afc357336f20743b"
PSA symmetric encryption multipart: AES-CBC-nopad, 11+5 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":11:0:16:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:0:16:"a076ec9dfbe47d52afc357336f20743b"
PSA symmetric encryption multipart: AES-CBC-nopad, 16+16 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
PSA symmetric encryption multipart: AES-CBC-nopad, 12+20 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:0:32:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:0:32:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
PSA symmetric encryption multipart: AES-CBC-nopad, 20+12 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
PSA symmetric encryption multipart: AES-CTR, 11+5 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
PSA symmetric encryption multipart: AES-CTR, 16+16 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
PSA symmetric encryption multipart: AES-CTR, 12+20 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
PSA symmetric encryption multipart: AES-CTR, 20+12 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
PSA symmetric encryption multipart: AES-CTR, 12+10 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
PSA symmetric encryption multipart: AES-CTR, 0+15 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
PSA symmetric encryption multipart: AES-CTR, 15+0 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
PSA symmetric encryption multipart: AES-CTR, 0+16 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
PSA symmetric encryption multipart: AES-CTR, 16+0 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a"
PSA symmetric decryption multipart: AES-CBC-nopad, 3+13 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":3:0:16:"6bc1bee22e409f96e93d7e117393172a"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":3:0:16:"6bc1bee22e409f96e93d7e117393172a"
PSA symmetric decryption multipart: AES-CBC-nopad, 11+5 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":11:0:16:"6bc1bee22e409f96e93d7e117393172a"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":11:0:16:"6bc1bee22e409f96e93d7e117393172a"
PSA symmetric decryption multipart: AES-CBC-nopad, 16+16 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
PSA symmetric decryption multipart: AES-CBC-nopad, 12+20 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":12:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":12:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
PSA symmetric decryption multipart: AES-CBC-nopad, 20+12 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
PSA symmetric encryption multipart: AES-CTR, 11+5 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
PSA symmetric encryption multipart: AES-CTR, 16+16 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
PSA symmetric encryption multipart: AES-CTR, 12+20 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
PSA symmetric encryption multipart: AES-CTR, 20+12 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
PSA symmetric encryption multipart: AES-CTR, 12+10 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
PSA symmetric decryption multipart: AES-CTR, 0+15 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
PSA symmetric decryption multipart: AES-CTR, 15+0 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
PSA symmetric decryption multipart: AES-CTR, 0+16 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
PSA symmetric decryption multipart: AES-CTR, 16+0 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
PSA symmetric encrypt/decrypt multipart: AES-CBC-nopad, 11+5 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
@@ -1195,6 +1244,26 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
cipher_verify_output_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":4
+PSA symmetric encrypt: ChaCha20, K=0 N=0
+depends_on:MBEDTLS_CHACHA20_C
+cipher_encrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":PSA_SUCCESS
+
+PSA symmetric encrypt: ChaCha20, K=rand N=rand
+depends_on:MBEDTLS_CHACHA20_C
+cipher_encrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
+
+PSA symmetric encryption multipart: ChaCha20, 14+50 bytes
+depends_on:MBEDTLS_CHACHA20_C
+cipher_encrypt_multipart:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4"
+
+PSA symmetric decrypt: ChaCha20, K=rand N=rand
+depends_on:MBEDTLS_CHACHA20_C
+cipher_decrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
+
+PSA symmetric decryption multipart: ChaCha20, 14+50 bytes
+depends_on:MBEDTLS_CHACHA20_C
+cipher_decrypt_multipart:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4"
+
PSA AEAD encrypt/decrypt: AES-CCM, 19 bytes #1
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"000102030405060708090A0B":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E":PSA_SUCCESS
@@ -1375,35 +1444,51 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+PSA AEAD encrypt: ChaCha20-Poly1305 (RFC7539)
+depends_on:MBEDTLS_CHACHAPOLY_C
+aead_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
+
+PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag)
+depends_on:MBEDTLS_CHACHAPOLY_C
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+
+PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag)
+depends_on:MBEDTLS_CHACHAPOLY_C
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE
+
PSA AEAD encrypt/decrypt: invalid algorithm (CTR)
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":"B96B49E21D621741632875DB7F6C9243D2D7C2":PSA_ERROR_NOT_SUPPORTED
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
+depends_on:MBEDTLS_CHACHA20_C
+aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20:"":"":"":PSA_ERROR_NOT_SUPPORTED
PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
-signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
+signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
PSA signature size: RSA public key, 1024 bits, PKCS#1 v1.5 raw
signature_size:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 SHA-256
-signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):128
+signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):128
PSA signature size: RSA keypair, 1024 bits, PSS
-signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):128
+signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):128
PSA signature size: RSA keypair, 1023 bits, PKCS#1 v1.5 raw
-signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1023:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
+signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
PSA signature size: RSA keypair, 1025 bits, PKCS#1 v1.5 raw
-signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1025:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:129
+signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1025:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:129
PSA import/exercise RSA keypair, PKCS#1 v1.5 raw
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW
+import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW
PSA import/exercise RSA keypair, PSS-SHA-256
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
+import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
PSA import/exercise RSA public key, PKCS#1 v1.5 raw
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@@ -1415,57 +1500,65 @@
PSA import/exercise: ECP SECP256R1 keypair, ECDSA
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
-import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDSA_ANY
+import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDSA_ANY
PSA import/exercise: ECP SECP256R1 keypair, deterministic ECDSA
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C
-import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 )
+import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 )
PSA import/exercise: ECP SECP256R1 keypair, ECDH
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
+import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDH
+
+PSA import/exercise: HKDF SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+import_and_exercise_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_HKDF(PSA_ALG_SHA_256)
+
+PSA import/exercise: TLS 1.2 PRF SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+import_and_exercise_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
PSA sign: RSA PKCS#1 v1.5, raw
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-sign_deterministic:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a"
+sign_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a"
PSA sign: RSA PKCS#1 v1.5 SHA-256
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-sign_deterministic:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+sign_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
PSA sign: deterministic ECDSA SECP256R1 SHA-256
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-sign_deterministic:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
PSA sign: RSA PKCS#1 v1.5 SHA-256, wrong hash size
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT
+sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT
PSA sign: RSA PKCS#1 v1.5, invalid hash (wildcard)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
# Arguably the error should be INVALID_ARGUMENT, but NOT_SUPPORTED is simpler
# to implement.
-sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_NOT_SUPPORTED
+sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_NOT_SUPPORTED
PSA sign: RSA PKCS#1 v1.5 raw, input too large
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT
+sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT
PSA sign: RSA PKCS#1 v1.5 SHA-256, output buffer too small
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL
+sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL
PSA sign: deterministic ECDSA SECP256R1 SHA-256, output buffer too small
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL
PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (0)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC
-sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC
-sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
PSA sign: invalid key type, signing with a public key
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
@@ -1473,35 +1566,35 @@
PSA sign: invalid algorithm for ECC key
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
-sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
PSA sign/verify: RSA PKCS#1 v1.5, raw
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263"
+sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263"
PSA sign/verify: RSA PKCS#1 v1.5 SHA-256
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
PSA sign/verify: RSA PSS SHA-256, 0 bytes
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):""
+sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):""
PSA sign/verify: RSA PSS SHA-256, 32 bytes (hash size)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
PSA sign/verify: RSA PSS SHA-256, 129 bytes
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
PSA sign/verify: randomized ECDSA SECP256R1 SHA-256
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
-sign_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
PSA sign/verify: deterministic ECDSA SECP256R1 SHA-256
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-sign_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
PSA verify: RSA PKCS#1 v1.5 SHA-256, good signature
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
@@ -1509,7 +1602,7 @@
PSA verify with keypair: RSA PKCS#1 v1.5 SHA-256, good signature
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-asymmetric_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+asymmetric_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong hash
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
@@ -1537,7 +1630,7 @@
PSA verify with keypair: ECDSA SECP256R1, good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
-asymmetric_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+asymmetric_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
PSA verify: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
@@ -1549,7 +1642,7 @@
PSA verify: invalid algorithm for ECC key
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
-asymmetric_verify_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT
+asymmetric_verify_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT
PSA encrypt: RSA PKCS#1 v1.5, good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@@ -1573,11 +1666,11 @@
PSA encrypt: RSA PKCS#1 v1.5, key pair
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
PSA encrypt: RSA OAEP-SHA-256, key pair
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
PSA encrypt: RSA PKCS#1 v1.5, input too large
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@@ -1601,87 +1694,87 @@
PSA encrypt-decrypt: RSA PKCS#1 v1.5 vector #1
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":""
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":""
PSA encrypt-decrypt: RSA PKCS#1 v1.5 vector #2
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff":""
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff":""
PSA encrypt-decrypt: RSA OAEP-SHA-256
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":""
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":""
PSA encrypt-decrypt: RSA OAEP-SHA-256, with label
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00"
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00"
PSA encrypt-decrypt: RSA OAEP-SHA-384
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C
-asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":""
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":""
PSA decrypt: RSA PKCS#1 v1.5: good #1
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
PSA decrypt: RSA PKCS#1 v1.5: good #2
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff"
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff"
PSA decrypt: RSA PKCS#1 v1.5, 0 bytes, output too small
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":0:PSA_ERROR_BUFFER_TOO_SMALL
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":0:PSA_ERROR_BUFFER_TOO_SMALL
PSA decrypt: RSA PKCS#1 v1.5, 0 bytes, good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:"1b4c1d06439b99f886048b8544607b5e8e5ac6828ad9d0b7ad4ec0b314a4d8052f8bbeab6c85dbddff0b90cc76395a7a0c4f9cc29cd7be20be0b38ff611800d6":"":""
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:"1b4c1d06439b99f886048b8544607b5e8e5ac6828ad9d0b7ad4ec0b314a4d8052f8bbeab6c85dbddff0b90cc76395a7a0c4f9cc29cd7be20be0b38ff611800d6":"":""
PSA decrypt: RSA OAEP-SHA-256, 0 bytes
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3d3146b1c982004273a9ebb9b063e6ae53b1a85bfc802324bcdd04faa0f7211fb2bdeea40358095554df9c250866c7361e738f0d270eaa27738e87928c5e31815506346727900ff03cef0be6f9dd6bba63ce89074e8194fe68b5a5739422d4f138bbbb61f49b76cf1f18def2c993e3113b08c191ea1da0feb94f8fd9b30109a1":"":""
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3d3146b1c982004273a9ebb9b063e6ae53b1a85bfc802324bcdd04faa0f7211fb2bdeea40358095554df9c250866c7361e738f0d270eaa27738e87928c5e31815506346727900ff03cef0be6f9dd6bba63ce89074e8194fe68b5a5739422d4f138bbbb61f49b76cf1f18def2c993e3113b08c191ea1da0feb94f8fd9b30109a1":"":""
PSA decrypt: RSA OAEP-SHA-256, 0 bytes, with label
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"14e57648fbbd3c2c195d71fcb9b6c332e2ad9e3402aa701e7270b05775e9ddd025e2330d7b84e67866524c67f9c38b11e4679e28a38574b47f8d218a1a04a7466754d6ea7f959ab1f5b85d066d3f90076e8219f66653f7b78a9789d76213505b4e75ec28081608ed2f1ea1238e3eeab011ce4ec147327cd0ca029c2818133cb6":"746869730069730061006c6162656c00":""
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"14e57648fbbd3c2c195d71fcb9b6c332e2ad9e3402aa701e7270b05775e9ddd025e2330d7b84e67866524c67f9c38b11e4679e28a38574b47f8d218a1a04a7466754d6ea7f959ab1f5b85d066d3f90076e8219f66653f7b78a9789d76213505b4e75ec28081608ed2f1ea1238e3eeab011ce4ec147327cd0ca029c2818133cb6":"746869730069730061006c6162656c00":""
PSA decrypt: RSA OAEP-SHA-256, 30 bytes
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"":"74686973206973206e6f2073717565616d697368206f7373696672616765"
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"":"74686973206973206e6f2073717565616d697368206f7373696672616765"
PSA decrypt: RSA OAEP-SHA-256, 30 bytes, with label
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c00":"74686973206973206e6f2073717565616d697368206f7373696672616765"
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c00":"74686973206973206e6f2073717565616d697368206f7373696672616765"
PSA decrypt: RSA OAEP-SHA-384, 30 bytes
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0df6750b8fed749359c016887d2cf097cc512c065526a91a7ee9b345a1bfff833737e7326e54d03f6bb65971962885a7661a16858d53ea55821052f4c7798d395b5c5495332fd4174451a1a437f36c27f446b96f309ff1cb6837274aa8ae2b51a8a479d736d25b8d2ca8ab96fe589553a3e52818b7df75544eb5469977b29aa4":"":"74686973206973206e6f2073717565616d697368206f7373696672616765"
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0df6750b8fed749359c016887d2cf097cc512c065526a91a7ee9b345a1bfff833737e7326e54d03f6bb65971962885a7661a16858d53ea55821052f4c7798d395b5c5495332fd4174451a1a437f36c27f446b96f309ff1cb6837274aa8ae2b51a8a479d736d25b8d2ca8ab96fe589553a3e52818b7df75544eb5469977b29aa4":"":"74686973206973206e6f2073717565616d697368206f7373696672616765"
PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (should be empty)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"00":128:PSA_ERROR_INVALID_PADDING
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"00":128:PSA_ERROR_INVALID_PADDING
PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (empty)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"":128:PSA_ERROR_INVALID_PADDING
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"":128:PSA_ERROR_INVALID_PADDING
PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (same length)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c01":128:PSA_ERROR_INVALID_PADDING
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c01":128:PSA_ERROR_INVALID_PADDING
PSA decrypt: RSA PKCS#1 v1.5, invalid padding
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46873":"":128:PSA_ERROR_INVALID_PADDING
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46873":"":128:PSA_ERROR_INVALID_PADDING
PSA decrypt: RSA PKCS#1 v1.5: salt not allowed
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee":128:PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee":128:PSA_ERROR_INVALID_ARGUMENT
PSA decrypt: RSA OAEP-SHA-256, invalid padding
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75428":"":128:PSA_ERROR_INVALID_PADDING
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75428":"":128:PSA_ERROR_INVALID_PADDING
PSA decrypt: invalid algorithm
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_SHA_256:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_SHA_256:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT
PSA decrypt: RSA PKCS#1 v1.5, invalid key type (RSA public key)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@@ -1697,218 +1790,250 @@
PSA decrypt: RSA PKCS#1 v1.5, input too small
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT
PSA decrypt: RSA PKCS#1 v1.5, input too large
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT
PSA decrypt: RSA OAEP-SHA-256, input too small
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT
PSA decrypt: RSA OAEP-SHA-256, input too large
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT
-Crypto generator initializers zero properly
-crypto_generator_init:
+Crypto derivation operation object initializers zero properly
+key_derivation_init:
PSA key derivation: HKDF-SHA-256, good case
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_SHA_256):"":"":42:PSA_SUCCESS
+derive_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_SUCCESS
PSA key derivation: HKDF-SHA-512, good case
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
-derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_SHA_512):"":"":42:PSA_SUCCESS
-
-PSA key derivation: HKDF-SHA-256, bad key type
-depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_setup:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_SHA_256):"":"":42:PSA_ERROR_INVALID_ARGUMENT
+derive_setup:PSA_ALG_HKDF(PSA_ALG_SHA_512):PSA_SUCCESS
PSA key derivation: TLS 1.2 PRF SHA-256, good case
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"":"":42:PSA_SUCCESS
-
-PSA key derivation: TLS 1.2 PRF SHA-256, bad key type
-depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_setup:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"":"":42:PSA_ERROR_INVALID_ARGUMENT
-
-PSA key derivation: not a key derivation algorithm (selection)
-depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_SELECT_RAW:"":"":42:PSA_ERROR_INVALID_ARGUMENT
+derive_setup:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_SUCCESS
PSA key derivation: not a key derivation algorithm (HMAC)
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_256):"":"":42:PSA_ERROR_INVALID_ARGUMENT
+derive_setup:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: unsupported key derivation algorithm
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_CATEGORY_HASH):"":"":42:PSA_ERROR_NOT_SUPPORTED
+derive_setup::PSA_ALG_HKDF(PSA_ALG_CATEGORY_HASH):PSA_ERROR_NOT_SUPPORTED
PSA key derivation: unsupported key derivation algorithm
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_CATEGORY_KEY_DERIVATION:"":"":42:PSA_ERROR_NOT_SUPPORTED
+derive_setup:PSA_ALG_CATEGORY_KEY_DERIVATION:PSA_ERROR_NOT_SUPPORTED
-PSA key derivation: invalid generator state ( double generate + read past capacity )
+PSA key derivation: HKDF-SHA-256, good case
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-test_derive_invalid_generator_state:
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
-PSA key derivation: invalid generator state ( call read/get_capacity after init and abort )
+PSA key derivation: HKDF-SHA-512, good case
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_512):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
+
+PSA key derivation: HKDF-SHA-256, bad key type
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-test_derive_invalid_generator_tests:
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_RAW_DATA:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_SUCCESS
+
+PSA key derivation: TLS 1.2 PRF SHA-256, good case
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
+
+PSA key derivation: TLS 1.2 PRF SHA-256, key first
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: TLS 1.2 PRF SHA-256, label first
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: TLS 1.2 PRF SHA-256, early label
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: TLS 1.2 PRF SHA-256, double seed
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: TLS 1.2 PRF SHA-256, double key
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE
+
+PSA key derivation: TLS 1.2 PRF SHA-256, bad key type
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_RAW_DATA:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF invalid state (double generate + read past capacity)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+test_derive_invalid_key_derivation_state:PSA_ALG_HKDF(PSA_ALG_SHA_256)
+
+PSA key derivation: TLS 1.2 PRF invalid state (double generate + read past capacity)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+test_derive_invalid_key_derivation_state:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
+
+PSA key derivation: invalid state (call read/get_capacity after init and abort)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+test_derive_invalid_key_derivation_tests:
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 42+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 32+10
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865"
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 0+42
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 1+41
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 41+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":""
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 1+40
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858"
PSA key derivation: HKDF SHA-256, RFC5869 #2, output 82+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":""
PSA key derivation: HKDF SHA-256, RFC5869 #3, output 42+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":""
PSA key derivation: HKDF SHA-1, RFC5869 #4, output 42+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":""
PSA key derivation: HKDF SHA-1, RFC5869 #5, output 82+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":""
PSA key derivation: HKDF SHA-1, RFC5869 #6, output 42+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":""
PSA key derivation: HKDF SHA-1, RFC5869 #7, output 42+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_KEY_DERIVATION_INPUT_INFO:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
# Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":""
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":""
PSA key derivation: TLS 1.2 PRF SHA-256, output 99+1
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":"66"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":"66"
PSA key derivation: TLS 1.2 PRF SHA-256, output 1+99
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3":"f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3":"f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+50
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+49
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b"
PSA key derivation: TLS 1.2 PRF SHA-384, output 148+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":""
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":""
PSA key derivation: TLS 1.2 PRF SHA-384, output 147+1
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":"6f"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":"6f"
PSA key derivation: TLS 1.2 PRF SHA-384, output 1+147
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b":"0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b":"0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+74
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+73
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5"
# Test case manually extracted from debug output of TLS-PSK run
# Label: "master secret"
# Salt: Concatenation of ClientHello.Random and ServerHello.Random
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 48+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":""
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":""
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 24+24
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32c":"a43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32c":"a43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 0+48
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"":"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"":"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 48+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18":""
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18":""
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 24+24
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"":"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"":"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 0+48
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c8":"5ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c8":"5ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
PSA key derivation: HKDF SHA-256, request maximum capacity
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":255 * 32:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
PSA key derivation: HKDF SHA-1, request maximum capacity
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"":255 * 20:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_KEY_DERIVATION_INPUT_INFO:"":255 * 20:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
PSA key derivation: HKDF SHA-256, request too much capacity
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_SHA_256):"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 + 1:PSA_ERROR_INVALID_ARGUMENT
+derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256):255 * 32 + 1:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: HKDF SHA-1, request too much capacity
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
-derive_setup:PSA_KEY_TYPE_DERIVE:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_ALG_HKDF(PSA_ALG_SHA_1):"":"":255 * 20 + 1:PSA_ERROR_INVALID_ARGUMENT
+derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * 20 + 1:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, PSK too long (160 Bytes)
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_setup:PSA_KEY_TYPE_DERIVE:"01020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708":PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"":"":100:PSA_ERROR_INVALID_ARGUMENT
+derive_input:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE
PSA key derivation: over capacity 42: output 42+1
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff"
PSA key derivation: over capacity 42: output 41+2
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"65ff"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"65ff"
PSA key derivation: over capacity 42: output 43+0
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":""
PSA key derivation: over capacity 42: output 43+1
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":"ff"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":"ff"
PSA key derivation: HKDF SHA-256, read maximum capacity minus 1
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
@@ -1918,6 +2043,14 @@
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32
+PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity minus 1
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 - 1
+
+PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32
+
PSA key derivation: HKDF SHA-256, exercise AES128-CTR
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
@@ -1942,105 +2075,148 @@
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256)
-PSA key derivation: HKDF SHA-256, exercise HKDF-SHA-256
-depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256)
+PSA key derivation: TLS 1.2 PRF SHA-256, exercise AES128-CTR
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
-PSA key derivation: HKDF SHA-256, derive key, 16+32
+PSA key derivation: TLS 1.2 PRF SHA-256, exercise AES256-CTR
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+PSA key derivation: TLS 1.2 PRF SHA-256, exercise DES-CBC
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: TLS 1.2 PRF SHA-256, exercise 2-key 3DES-CBC
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: TLS 1.2 PRF SHA-256, exercise 3-key 3DES-CBC
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: TLS 1.2 PRF SHA-256, exercise HMAC-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
+PSA key derivation: TLS 1.2 PRF SHA-256, exercise HKDF-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256)
+
+PSA key derivation: HKDF SHA-256, derive key export, 16+32
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":16:32
-PSA key derivation: HKDF SHA-256, derive key, 1+41
+PSA key derivation: HKDF SHA-256, derive key export, 1+41
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41
-PSA key agreement setup: ECDH, raw: good
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
+PSA key derivation: TLS 1.2 PRF SHA-256, derive key export, 16+32
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_export:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":16:32
-PSA key agreement setup: ECDH, raw: public key on different curve
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
+PSA key derivation: TLS 1.2 PRF SHA-256, derive key export, 1+41
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_export:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41
-PSA key agreement setup: ECDH, raw: public key instead of private key
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
+PSA key derivation: invalid type (0)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_INVALID_ARGUMENT
+
+# This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes
+# and not expected to be raised any time soon) is less than the maximum
+# output from HKDF-SHA512 (255*64 = 16320 bytes).
+PSA key derivation: largest possible key
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS
+
+PSA key derivation: key too large
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED
+
+PSA key agreement setup: ECDH + HKDF-SHA-256: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
+
+PSA key agreement setup: ECDH + HKDF-SHA-256: public key on different curve
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
+
+PSA key agreement setup: ECDH + HKDF-SHA-256: public key instead of private key
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
PSA key agreement setup: ECDH, unknown KDF
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_ECDH(0):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED
-PSA key agreement setup: not a key agreement algorithm
+PSA key agreement setup: bad key agreement algorithm
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
-PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: capacity=32
+PSA key agreement setup: KDF instead of a key agreement algorithm
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":32
+key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
-PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 32 (full)
+PSA raw key agreement: ECDH SECP256R1 (RFC 5903)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
-PSA key agreement: ECDH SECP256R1 with ECDH-only public key
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
-
-PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 0+32
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
-
-PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 20+12
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9e":"ce7dce03812464d04b9442de"
-
-PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 7+15
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6ed":"afd13116e0e12565202fef8e9ece7d"
-
-PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: capacity=48
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":48
-
-PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: read
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746":""
-
-PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: capacity=66
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":66
-
-PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: read
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea":""
-
-PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: capacity=32
+PSA raw key agreement: ECDH brainpoolP256r1 (RFC 7027)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":32
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b"
-PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: read
+PSA raw key agreement: ECDH SECP384R1 (RFC 5903)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746"
+
+PSA raw key agreement: ECDH SECP521R1 (RFC 5903)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea"
+
+PSA raw key agreement: ECDH brainpoolP256r1 (RFC 7027)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b":""
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b"
-PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: capacity=48
+PSA raw key agreement: ECDH brainpoolP384r1 (RFC 7027)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":48
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42"
-PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: read
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42":""
-
-PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: capacity=64
+PSA raw key agreement: ECDH brainpoolP512r1 (RFC 7027)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":64
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f"
-PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: read
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f":""
-
-PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
-key_agreement_output:PSA_ALG_ECDH(PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
+key_agreement_capacity:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":8160
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 31+1
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4":"41"
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 1+31
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3b":"f511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441"
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 0+32
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441"
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
PSA generate random: 0 bytes
generate_random:0
@@ -2060,6 +2236,18 @@
PSA generate random: 260 bytes
generate_random:260
+PSA generate random: MBEDTLS_CTR_DRBG_MAX_REQUEST bytes
+generate_random:MBEDTLS_CTR_DRBG_MAX_REQUEST
+
+PSA generate random: MBEDTLS_CTR_DRBG_MAX_REQUEST+1 bytes
+generate_random:MBEDTLS_CTR_DRBG_MAX_REQUEST + 1
+
+PSA generate random: 2*MBEDTLS_CTR_DRBG_MAX_REQUEST+1 bytes
+generate_random:2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1
+
+PSA generate key: bad type (0)
+generate_key:PSA_KEY_TYPE_NONE:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED
+
PSA generate key: bad type (PSA_KEY_TYPE_CATEGORY_MASK)
generate_key:PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED
@@ -2075,6 +2263,19 @@
PSA generate key: raw data, 8 bits
generate_key:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
+PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
+generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
+
+PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
+generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
+
+PSA generate key: raw data, 65528 bits (ok)
+depends_on:HAVE_RAM_AVAILABLE_128K
+generate_key:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
+
+PSA generate key: raw data, 65536 bits (not supported)
+generate_key:PSA_KEY_TYPE_RAW_DATA:65536:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED
+
PSA generate key: AES, 128 bits, CTR
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_SUCCESS
@@ -2101,72 +2302,98 @@
PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS
PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS
PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS
PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS
PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS
PSA generate key: RSA, 1022 bits: not supported
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
PSA generate key: RSA, 1023 bits: not supported
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
PSA generate key: RSA, maximum size exceeded
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
PSA generate key: ECC, SECP256R1, good
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
-generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_SUCCESS
PSA generate key: ECC, SECP256R1, incorrect bit size
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
-generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
-persistent key can be accessed after in-memory deletion: AES, 128 bits, CTR
+PSA generate key: RSA, default e
+generate_key_rsa:512:"":PSA_SUCCESS
+
+PSA generate key: RSA, e=3
+generate_key_rsa:512:"03":PSA_SUCCESS
+
+PSA generate key: RSA, e=65537
+generate_key_rsa:512:"010001":PSA_SUCCESS
+
+PSA generate key: RSA, e=513
+generate_key_rsa:512:"0201":PSA_SUCCESS
+
+PSA generate key: RSA, e=1
+generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
+
+PSA generate key: RSA, e=2
+generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
+
+PSA import persistent key: raw data, 0 bits
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
-PSA generate persistent key: raw data, 8 bits
+PSA import persistent key: AES, 128 bits, exportable
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY
+
+PSA import persistent key: AES, 128 bits, non-exportable
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:IMPORT_KEY
+
+PSA generate persistent key: raw data, 8 bits, exportable
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY
-PSA generate persistent key: AES, 128 bits, CTR
+PSA generate persistent key: AES, 128 bits, exportable
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY
-PSA generate persistent key: DES, 64 bits, CBC-nopad
+PSA generate persistent key: AES, 128 bits, non-exportable
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY
+
+PSA generate persistent key: DES, 64 bits, exportable
depends_on:MBEDTLS_DES_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY
-PSA generate persistent key: RSA, 1024 bits, good, sign (PSS SHA-256)
+PSA generate persistent key: RSA, 1024 bits, exportable
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
-PSA generate persistent key: ECC, SECP256R1, good
+PSA generate persistent key: ECC, SECP256R1, exportable
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY
-PSA derive persistent key: HKDF SHA-256
+PSA derive persistent key: HKDF SHA-256, exportable
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY:PSA_SUCCESS
-
-PSA generate persistent key: AES, 128 bits, CTR
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_ERROR_NOT_PERMITTED
+persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index b5bf7de..3225bef 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -1,14 +1,23 @@
/* BEGIN_HEADER */
#include <stdint.h>
-#if defined(MBEDTLS_PSA_CRYPTO_SPM)
-#include "spm/psa_defs.h"
-#endif
-
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/oid.h"
+/* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random()
+ * uses mbedtls_ctr_drbg internally. */
+#include "mbedtls/ctr_drbg.h"
+
+#include "psa_crypto_helpers.h"
+
+/* Tests that require more than 128kB of RAM plus change have this symbol
+ * as a dependency. Currently we always define this symbol, so the tests
+ * are always executed. In the future we should make this conditional
+ * so that tests that require a lot of memory are skipped on constrained
+ * platforms. */
+#define HAVE_RAM_AVAILABLE_128K
+
#include "psa/crypto.h"
/** An invalid export length that will never be set by psa_export_key(). */
@@ -211,12 +220,13 @@
psa_status_t *status )
{
psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
- PSA_ASSERT( psa_import_key( handle, key_type, key_bytes, key_length ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+ PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length,
+ &handle ) );
*status = psa_mac_sign_setup( operation, handle, alg );
/* Whether setup succeeded or failed, abort must succeed. */
@@ -245,12 +255,13 @@
psa_status_t *status )
{
psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
- PSA_ASSERT( psa_import_key( handle, key_type, key_bytes, key_length ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+ PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length,
+ &handle ) );
*status = psa_cipher_encrypt_setup( operation, handle, alg );
/* Whether setup succeeded or failed, abort must succeed. */
@@ -346,12 +357,16 @@
if( usage & PSA_KEY_USAGE_DECRYPT )
{
psa_status_t status;
- psa_key_type_t type = PSA_KEY_TYPE_NONE;
+ int maybe_invalid_padding = 0;
if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
{
- size_t bits;
- TEST_ASSERT( psa_get_key_information( handle, &type, &bits ) );
- iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( type );
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ /* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't
+ * have this macro yet. */
+ iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE(
+ psa_get_key_type( &attributes ) );
+ maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg );
}
PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
handle, alg ) );
@@ -368,12 +383,11 @@
/* For a stream cipher, all inputs are valid. For a block cipher,
* if the input is some aribtrary data rather than an actual
ciphertext, a padding error is likely. */
- if( ( usage & PSA_KEY_USAGE_ENCRYPT ) ||
- PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) == 1 )
- PSA_ASSERT( status );
- else
+ if( maybe_invalid_padding )
TEST_ASSERT( status == PSA_SUCCESS ||
status == PSA_ERROR_INVALID_PADDING );
+ else
+ PSA_ASSERT( status );
}
return( 1 );
@@ -516,28 +530,78 @@
return( 0 );
}
+static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ unsigned char* input1, size_t input1_length,
+ unsigned char* input2, size_t input2_length,
+ size_t capacity )
+{
+ PSA_ASSERT( psa_key_derivation_setup( operation, alg ) );
+ if( PSA_ALG_IS_HKDF( alg ) )
+ {
+ PSA_ASSERT( psa_key_derivation_input_bytes( operation,
+ PSA_KEY_DERIVATION_INPUT_SALT,
+ input1, input1_length ) );
+ PSA_ASSERT( psa_key_derivation_input_key( operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ handle ) );
+ PSA_ASSERT( psa_key_derivation_input_bytes( operation,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ input2,
+ input2_length ) );
+ }
+ else if( PSA_ALG_IS_TLS12_PRF( alg ) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
+ {
+ PSA_ASSERT( psa_key_derivation_input_bytes( operation,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ input1, input1_length ) );
+ PSA_ASSERT( psa_key_derivation_input_key( operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ handle ) );
+ PSA_ASSERT( psa_key_derivation_input_bytes( operation,
+ PSA_KEY_DERIVATION_INPUT_LABEL,
+ input2, input2_length ) );
+ }
+ else
+ {
+ TEST_ASSERT( ! "Key derivation algorithm not supported" );
+ }
+
+ if( capacity != SIZE_MAX )
+ PSA_ASSERT( psa_key_derivation_set_capacity( operation, capacity ) );
+
+ return( 1 );
+
+exit:
+ return( 0 );
+}
+
+
static int exercise_key_derivation_key( psa_key_handle_t handle,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
- unsigned char label[16] = "This is a label.";
- size_t label_length = sizeof( label );
- unsigned char seed[16] = "abcdefghijklmnop";
- size_t seed_length = sizeof( seed );
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ unsigned char input1[] = "Input 1";
+ size_t input1_length = sizeof( input1 );
+ unsigned char input2[] = "Input 2";
+ size_t input2_length = sizeof( input2 );
unsigned char output[1];
+ size_t capacity = sizeof( output );
if( usage & PSA_KEY_USAGE_DERIVE )
{
- PSA_ASSERT( psa_key_derivation( &generator,
- handle, alg,
- label, label_length,
- seed, seed_length,
- sizeof( output ) ) );
- PSA_ASSERT( psa_generator_read( &generator,
- output,
- sizeof( output ) ) );
- PSA_ASSERT( psa_generator_abort( &generator ) );
+ if( !setup_key_derivation_wrap( &operation, handle, alg,
+ input1, input1_length,
+ input2, input2_length, capacity ) )
+ goto exit;
+
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+ output,
+ capacity ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
}
return( 1 );
@@ -548,9 +612,9 @@
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
-static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
- psa_key_handle_t handle,
- psa_algorithm_t alg )
+static psa_status_t key_agreement_with_self(
+ psa_key_derivation_operation_t *operation,
+ psa_key_handle_t handle )
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@@ -558,45 +622,78 @@
uint8_t *public_key = NULL;
size_t public_key_length;
/* Return GENERIC_ERROR if something other than the final call to
- * psa_key_agreement fails. This isn't fully satisfactory, but it's
- * good enough: callers will report it as a failed test anyway. */
+ * psa_key_derivation_key_agreement fails. This isn't fully satisfactory,
+ * but it's good enough: callers will report it as a failed test anyway. */
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_information( handle,
- &private_key_type,
- &key_bits ) );
- public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( private_key_type );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ private_key_type = psa_get_key_type( &attributes );
+ key_bits = psa_get_key_bits( &attributes );
+ public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
ASSERT_ALLOC( public_key, public_key_length );
PSA_ASSERT( psa_export_public_key( handle,
public_key, public_key_length,
&public_key_length ) );
- status = psa_key_agreement( generator, handle,
- public_key, public_key_length,
- alg );
+ status = psa_key_derivation_key_agreement(
+ operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
+ public_key, public_key_length );
exit:
mbedtls_free( public_key );
+ psa_reset_key_attributes( &attributes );
return( status );
}
-static int exercise_key_agreement_key( psa_key_handle_t handle,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+/* We need two keys to exercise key agreement. Exercise the
+ * private key against its own public key. */
+static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg,
+ psa_key_handle_t handle )
{
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
- unsigned char output[1];
+ psa_key_type_t private_key_type;
+ psa_key_type_t public_key_type;
+ size_t key_bits;
+ uint8_t *public_key = NULL;
+ size_t public_key_length;
+ uint8_t output[1024];
+ size_t output_length;
+ /* Return GENERIC_ERROR if something other than the final call to
+ * psa_key_derivation_key_agreement fails. This isn't fully satisfactory,
+ * but it's good enough: callers will report it as a failed test anyway. */
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ private_key_type = psa_get_key_type( &attributes );
+ key_bits = psa_get_key_bits( &attributes );
+ public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
+ public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
+ ASSERT_ALLOC( public_key, public_key_length );
+ PSA_ASSERT( psa_export_public_key( handle,
+ public_key, public_key_length,
+ &public_key_length ) );
+
+ status = psa_raw_key_agreement( alg, handle,
+ public_key, public_key_length,
+ output, sizeof( output ), &output_length );
+exit:
+ mbedtls_free( public_key );
+ psa_reset_key_attributes( &attributes );
+ return( status );
+}
+
+static int exercise_raw_key_agreement_key( psa_key_handle_t handle,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
int ok = 0;
if( usage & PSA_KEY_USAGE_DERIVE )
{
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
- PSA_ASSERT( key_agreement_with_self( &generator, handle, alg ) );
- PSA_ASSERT( psa_generator_read( &generator,
- output,
- sizeof( output ) ) );
- PSA_ASSERT( psa_generator_abort( &generator ) );
+ PSA_ASSERT( raw_key_agreement_with_self( alg, handle ) );
}
ok = 1;
@@ -604,46 +701,34 @@
return( ok );
}
-static int is_oid_of_key_type( psa_key_type_t type,
- const uint8_t *oid, size_t oid_length )
+static int exercise_key_agreement_key( psa_key_handle_t handle,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
{
- const uint8_t *expected_oid = NULL;
- size_t expected_oid_length = 0;
-#if defined(MBEDTLS_RSA_C)
- if( PSA_KEY_TYPE_IS_RSA( type ) )
- {
- expected_oid = (uint8_t *) MBEDTLS_OID_PKCS1_RSA;
- expected_oid_length = sizeof( MBEDTLS_OID_PKCS1_RSA ) - 1;
- }
- else
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC( type ) )
- {
- expected_oid = (uint8_t *) MBEDTLS_OID_EC_ALG_UNRESTRICTED;
- expected_oid_length = sizeof( MBEDTLS_OID_EC_ALG_UNRESTRICTED ) - 1;
- }
- else
-#endif /* MBEDTLS_ECP_C */
- {
- char message[40];
- mbedtls_snprintf( message, sizeof( message ),
- "OID not known for key type=0x%08lx",
- (unsigned long) type );
- test_fail( message, __LINE__, __FILE__ );
- return( 0 );
- }
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ unsigned char output[1];
+ int ok = 0;
- ASSERT_COMPARE( expected_oid, expected_oid_length, oid, oid_length );
- return( 1 );
+ if( usage & PSA_KEY_USAGE_DERIVE )
+ {
+ /* We need two keys to exercise key agreement. Exercise the
+ * private key against its own public key. */
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT( key_agreement_with_self( &operation, handle ) );
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+ output,
+ sizeof( output ) ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
+ }
+ ok = 1;
exit:
- return( 0 );
+ return( ok );
}
-static int asn1_skip_integer( unsigned char **p, const unsigned char *end,
- size_t min_bits, size_t max_bits,
- int must_be_odd )
+int asn1_skip_integer( unsigned char **p, const unsigned char *end,
+ size_t min_bits, size_t max_bits,
+ int must_be_odd )
{
size_t len;
size_t actual_bits;
@@ -680,25 +765,6 @@
return( 0 );
}
-static int asn1_get_implicit_tag( unsigned char **p, const unsigned char *end,
- size_t *len,
- unsigned char n, unsigned char tag )
-{
- int ret;
- ret = mbedtls_asn1_get_tag( p, end, len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | ( n ) );
- if( ret != 0 )
- return( ret );
- end = *p + *len;
- ret = mbedtls_asn1_get_tag( p, end, len, tag );
- if( ret != 0 )
- return( ret );
- if( *p + *len != end )
- return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
- return( 0 );
-}
-
static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
uint8_t *exported, size_t exported_length )
{
@@ -728,7 +794,7 @@
#endif
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
- if( type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
uint8_t *p = exported;
uint8_t *end = exported + exported_length;
@@ -775,7 +841,7 @@
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
{
/* Just the secret value */
TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
@@ -787,10 +853,10 @@
{
uint8_t *p = exported;
uint8_t *end = exported + exported_length;
- size_t len;
#if defined(MBEDTLS_RSA_C)
if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
{
+ size_t len;
/* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER } -- e
@@ -846,66 +912,73 @@
static int exercise_export_key( psa_key_handle_t handle,
psa_key_usage_t usage )
{
- psa_key_type_t type;
- size_t bits;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *exported = NULL;
size_t exported_size = 0;
size_t exported_length = 0;
int ok = 0;
- PSA_ASSERT( psa_get_key_information( handle, &type, &bits ) );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
- ! PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
+ ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) )
{
TEST_EQUAL( psa_export_key( handle, NULL, 0, &exported_length ),
PSA_ERROR_NOT_PERMITTED );
- return( 1 );
+ ok = 1;
+ goto exit;
}
- exported_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
+ exported_size = PSA_KEY_EXPORT_MAX_SIZE( psa_get_key_type( &attributes ),
+ psa_get_key_bits( &attributes ) );
ASSERT_ALLOC( exported, exported_size );
PSA_ASSERT( psa_export_key( handle,
exported, exported_size,
&exported_length ) );
- ok = exported_key_sanity_check( type, bits, exported, exported_length );
+ ok = exported_key_sanity_check( psa_get_key_type( &attributes ),
+ psa_get_key_bits( &attributes ),
+ exported, exported_length );
exit:
mbedtls_free( exported );
+ psa_reset_key_attributes( &attributes );
return( ok );
}
static int exercise_export_public_key( psa_key_handle_t handle )
{
- psa_key_type_t type;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t public_type;
- size_t bits;
uint8_t *exported = NULL;
size_t exported_size = 0;
size_t exported_length = 0;
int ok = 0;
- PSA_ASSERT( psa_get_key_information( handle, &type, &bits ) );
- if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) )
{
TEST_EQUAL( psa_export_public_key( handle, NULL, 0, &exported_length ),
PSA_ERROR_INVALID_ARGUMENT );
return( 1 );
}
- public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
- exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type, bits );
+ public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
+ psa_get_key_type( &attributes ) );
+ exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type,
+ psa_get_key_bits( &attributes ) );
ASSERT_ALLOC( exported, exported_size );
PSA_ASSERT( psa_export_public_key( handle,
exported, exported_size,
&exported_length ) );
- ok = exported_key_sanity_check( public_type, bits,
+ ok = exported_key_sanity_check( public_type,
+ psa_get_key_bits( &attributes ),
exported, exported_length );
exit:
mbedtls_free( exported );
+ psa_reset_key_attributes( &attributes );
return( ok );
}
@@ -955,6 +1028,8 @@
ok = exercise_asymmetric_encryption_key( handle, usage, alg );
else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
ok = exercise_key_derivation_key( handle, usage, alg );
+ else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
+ ok = exercise_raw_key_agreement_key( handle, usage, alg );
else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
ok = exercise_key_agreement_key( handle, usage, alg );
else
@@ -1001,6 +1076,60 @@
}
+static int test_operations_on_invalid_handle( psa_key_handle_t handle )
+{
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t buffer[1];
+ size_t length;
+ int ok = 0;
+
+ psa_set_key_id( &attributes, 0x6964 );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, PSA_ALG_CTR );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
+ TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
+ PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
+
+ TEST_EQUAL( psa_export_key( handle,
+ buffer, sizeof( buffer ), &length ),
+ PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_export_public_key( handle,
+ buffer, sizeof( buffer ), &length ),
+ PSA_ERROR_INVALID_HANDLE );
+
+ TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_destroy_key( handle ), PSA_ERROR_INVALID_HANDLE );
+
+ ok = 1;
+
+exit:
+ psa_reset_key_attributes( &attributes );
+ return( ok );
+}
+
+/* Assert that a key isn't reported as having a slot number. */
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+#define ASSERT_NO_SLOT_NUMBER( attributes ) \
+ do \
+ { \
+ psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \
+ TEST_EQUAL( psa_get_key_slot_number( \
+ attributes, \
+ &ASSERT_NO_SLOT_NUMBER_slot_number ), \
+ PSA_ERROR_INVALID_ARGUMENT ); \
+ } \
+ while( 0 )
+#else /* MBEDTLS_PSA_CRYPTO_SE_C */
+#define ASSERT_NO_SLOT_NUMBER( attributes ) \
+ ( (void) 0 )
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
/* An overapproximation of the amount of storage needed for a key of the
* given type and with the given content. The API doesn't make it easy
* to find a good value for the size. The current implementation doesn't
@@ -1035,62 +1164,242 @@
/* END_CASE */
/* BEGIN_CASE */
-void import( data_t *data, int type, int expected_status_arg )
+void attributes_set_get( int id_arg, int lifetime_arg,
+ int usage_flags_arg, int alg_arg,
+ int type_arg, int bits_arg )
{
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t id = id_arg;
+ psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_usage_t usage_flags = usage_flags_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_type_t type = type_arg;
+ size_t bits = bits_arg;
+
+ TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
+
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes, usage_flags );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, type );
+ psa_set_key_bits( &attributes, bits );
+
+ TEST_EQUAL( psa_get_key_id( &attributes ), id );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
+
+ psa_reset_key_attributes( &attributes );
+
+ TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg,
+ int expected_id_arg, int expected_lifetime_arg )
+{
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t id1 = id1_arg;
+ psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_id_t id2 = id2_arg;
+ psa_key_id_t expected_id = expected_id_arg;
+ psa_key_lifetime_t expected_lifetime = expected_lifetime_arg;
+
+ if( id1_arg != -1 )
+ psa_set_key_id( &attributes, id1 );
+ if( lifetime_arg != -1 )
+ psa_set_key_lifetime( &attributes, lifetime );
+ if( id2_arg != -1 )
+ psa_set_key_id( &attributes, id2 );
+
+ TEST_EQUAL( psa_get_key_id( &attributes ), expected_id );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ), expected_lifetime );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_SE_C */
+void slot_number_attribute( )
+{
+ psa_key_slot_number_t slot_number = 0xdeadbeef;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ /* Initially, there is no slot number. */
+ TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
+ PSA_ERROR_INVALID_ARGUMENT );
+
+ /* Test setting a slot number. */
+ psa_set_key_slot_number( &attributes, 0 );
+ PSA_ASSERT( psa_get_key_slot_number( &attributes, &slot_number ) );
+ TEST_EQUAL( slot_number, 0 );
+
+ /* Test changing the slot number. */
+ psa_set_key_slot_number( &attributes, 42 );
+ PSA_ASSERT( psa_get_key_slot_number( &attributes, &slot_number ) );
+ TEST_EQUAL( slot_number, 42 );
+
+ /* Test clearing the slot number. */
+ psa_clear_key_slot_number( &attributes );
+ TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
+ PSA_ERROR_INVALID_ARGUMENT );
+
+ /* Clearing again should have no effect. */
+ psa_clear_key_slot_number( &attributes );
+ TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
+ PSA_ERROR_INVALID_ARGUMENT );
+
+ /* Test that reset clears the slot number. */
+ psa_set_key_slot_number( &attributes, 42 );
+ PSA_ASSERT( psa_get_key_slot_number( &attributes, &slot_number ) );
+ TEST_EQUAL( slot_number, 42 );
+ psa_reset_key_attributes( &attributes );
+ TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
+ PSA_ERROR_INVALID_ARGUMENT );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import_with_policy( int type_arg,
+ int usage_arg, int alg_arg,
+ int expected_status_arg )
+{
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t handle = 0;
+ psa_key_type_t type = type_arg;
+ psa_key_usage_t usage = usage_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t expected_status = expected_status_arg;
+ const uint8_t key_material[16] = {0};
+ psa_status_t status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_type( &attributes, type );
+ psa_set_key_usage_flags( &attributes, usage );
+ psa_set_key_algorithm( &attributes, alg );
+
+ status = psa_import_key( &attributes,
+ key_material, sizeof( key_material ),
+ &handle );
+ TEST_EQUAL( status, expected_status );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
+ TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
+ TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
+ ASSERT_NO_SLOT_NUMBER( &got_attributes );
+
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ test_operations_on_invalid_handle( handle );
+
+exit:
+ psa_destroy_key( handle );
+ psa_reset_key_attributes( &got_attributes );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import_with_data( data_t *data, int type_arg,
+ int attr_bits_arg,
+ int expected_status_arg )
+{
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_handle_t handle = 0;
+ psa_key_type_t type = type_arg;
+ size_t attr_bits = attr_bits_arg;
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- status = psa_import_key( handle, type, data->x, data->len );
+ psa_set_key_type( &attributes, type );
+ psa_set_key_bits( &attributes, attr_bits );
+
+ status = psa_import_key( &attributes, data->x, data->len, &handle );
TEST_EQUAL( status, expected_status );
- if( status == PSA_SUCCESS )
- PSA_ASSERT( psa_destroy_key( handle ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
+ if( attr_bits != 0 )
+ TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) );
+ ASSERT_NO_SLOT_NUMBER( &got_attributes );
+
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ test_operations_on_invalid_handle( handle );
exit:
- mbedtls_psa_crypto_free( );
+ psa_destroy_key( handle );
+ psa_reset_key_attributes( &got_attributes );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
-void import_twice( int usage_arg, int alg_arg,
- int type1_arg, data_t *data1,
- int expected_import1_status_arg,
- int type2_arg, data_t *data2,
- int expected_import2_status_arg )
+void import_large_key( int type_arg, int byte_size_arg,
+ int expected_status_arg )
{
+ psa_key_type_t type = type_arg;
+ size_t byte_size = byte_size_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t expected_status = expected_status_arg;
psa_key_handle_t handle = 0;
- psa_algorithm_t alg = alg_arg;
- psa_key_usage_t usage = usage_arg;
- psa_key_type_t type1 = type1_arg;
- psa_status_t expected_import1_status = expected_import1_status_arg;
- psa_key_type_t type2 = type2_arg;
- psa_status_t expected_import2_status = expected_import2_status_arg;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
psa_status_t status;
+ uint8_t *buffer = NULL;
+ size_t buffer_size = byte_size + 1;
+ size_t n;
+
+ /* It would be better to skip the test than fail it if the allocation
+ * fails, but the test framework doesn't support this yet. */
+ ASSERT_ALLOC( buffer, buffer_size );
+ memset( buffer, 'K', byte_size );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, usage, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ /* Try importing the key */
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_type( &attributes, type );
+ status = psa_import_key( &attributes, buffer, byte_size, &handle );
+ TEST_EQUAL( status, expected_status );
- status = psa_import_key( handle, type1, data1->x, data1->len );
- TEST_EQUAL( status, expected_import1_status );
- status = psa_import_key( handle, type2, data2->x, data2->len );
- TEST_EQUAL( status, expected_import2_status );
-
- if( expected_import1_status == PSA_SUCCESS ||
- expected_import2_status == PSA_SUCCESS )
+ if( status == PSA_SUCCESS )
{
- if( ! exercise_key( handle, usage, alg ) )
- goto exit;
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type );
+ TEST_EQUAL( psa_get_key_bits( &attributes ),
+ PSA_BYTES_TO_BITS( byte_size ) );
+ ASSERT_NO_SLOT_NUMBER( &attributes );
+ memset( buffer, 0, byte_size + 1 );
+ PSA_ASSERT( psa_export_key( handle, buffer, byte_size, &n ) );
+ for( n = 0; n < byte_size; n++ )
+ TEST_EQUAL( buffer[n], 'K' );
+ for( n = byte_size; n < buffer_size; n++ )
+ TEST_EQUAL( buffer[n], 0 );
}
exit:
- mbedtls_psa_crypto_free( );
+ psa_destroy_key( handle );
+ PSA_DONE( );
+ mbedtls_free( buffer );
}
/* END_CASE */
@@ -1102,13 +1411,14 @@
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
psa_key_type_t type =
- keypair ? PSA_KEY_TYPE_RSA_KEYPAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
+ keypair ? PSA_KEY_TYPE_RSA_KEY_PAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
size_t buffer_size = /* Slight overapproximations */
keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
unsigned char *buffer = NULL;
unsigned char *p;
int ret;
size_t length;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
ASSERT_ALLOC( buffer, buffer_size );
@@ -1118,15 +1428,16 @@
length = ret;
/* Try importing the key */
- PSA_ASSERT( psa_allocate_key( &handle ) );
- status = psa_import_key( handle, type, p, length );
+ psa_set_key_type( &attributes, type );
+ status = psa_import_key( &attributes, p, length, &handle );
TEST_EQUAL( status, expected_status );
+
if( status == PSA_SUCCESS )
PSA_ASSERT( psa_destroy_key( handle ) );
exit:
mbedtls_free( buffer );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -1149,9 +1460,8 @@
size_t export_size;
size_t exported_length = INVALID_EXPORT_LENGTH;
size_t reexported_length;
- psa_key_type_t got_type;
- size_t got_bits;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
export_size = (ptrdiff_t) data->len + export_size_delta;
ASSERT_ALLOC( exported, export_size );
@@ -1159,23 +1469,18 @@
ASSERT_ALLOC( reexported, export_size );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, usage_arg, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-
- TEST_EQUAL( psa_get_key_information( handle, NULL, NULL ),
- PSA_ERROR_DOES_NOT_EXIST );
+ psa_set_key_usage_flags( &attributes, usage_arg );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, type );
/* Import the key */
- PSA_ASSERT( psa_import_key( handle, type,
- data->x, data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
/* Test the key information */
- PSA_ASSERT( psa_get_key_information( handle,
- &got_type,
- &got_bits ) );
- TEST_EQUAL( got_type, type );
- TEST_EQUAL( got_bits, (size_t) expected_bits );
+ PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
+ TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits );
+ ASSERT_NO_SLOT_NUMBER( &got_attributes );
/* Export the key */
status = psa_export_key( handle,
@@ -1205,12 +1510,8 @@
else
{
psa_key_handle_t handle2;
- PSA_ASSERT( psa_allocate_key( &handle2 ) );
- PSA_ASSERT( psa_set_key_policy( handle2, &policy ) );
-
- PSA_ASSERT( psa_import_key( handle2, type,
- exported,
- exported_length ) );
+ PSA_ASSERT( psa_import_key( &attributes, exported, exported_length,
+ &handle2 ) );
PSA_ASSERT( psa_export_key( handle2,
reexported,
export_size,
@@ -1219,218 +1520,29 @@
reexported, reexported_length );
PSA_ASSERT( psa_close_key( handle2 ) );
}
- TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, got_bits ) );
+ TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, psa_get_key_bits( &got_attributes ) ) );
destroy:
/* Destroy the key */
PSA_ASSERT( psa_destroy_key( handle ) );
- TEST_EQUAL( psa_get_key_information( handle, NULL, NULL ),
- PSA_ERROR_INVALID_HANDLE );
+ test_operations_on_invalid_handle( handle );
exit:
mbedtls_free( exported );
mbedtls_free( reexported );
- mbedtls_psa_crypto_free( );
+ psa_reset_key_attributes( &got_attributes );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
-void import_key_nonempty_slot( )
+void invalid_handle( int handle )
{
- psa_key_handle_t handle = 0;
- psa_key_type_t type = PSA_KEY_TYPE_RAW_DATA;
- psa_status_t status;
- const uint8_t data[] = { 0x1, 0x2, 0x3, 0x4, 0x5 };
PSA_ASSERT( psa_crypto_init( ) );
-
- PSA_ASSERT( psa_allocate_key( &handle ) );
-
- /* Import the key */
- PSA_ASSERT( psa_import_key( handle, type,
- data, sizeof( data ) ) );
-
- /* Import the key again */
- status = psa_import_key( handle, type, data, sizeof( data ) );
- TEST_EQUAL( status, PSA_ERROR_ALREADY_EXISTS );
+ test_operations_on_invalid_handle( handle );
exit:
- mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void export_invalid_handle( int handle, int expected_export_status_arg )
-{
- psa_status_t status;
- unsigned char *exported = NULL;
- size_t export_size = 0;
- size_t exported_length = INVALID_EXPORT_LENGTH;
- psa_status_t expected_export_status = expected_export_status_arg;
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- /* Export the key */
- status = psa_export_key( (psa_key_handle_t) handle,
- exported, export_size,
- &exported_length );
- TEST_EQUAL( status, expected_export_status );
-
-exit:
- mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void export_with_no_key_activity( )
-{
- psa_key_handle_t handle = 0;
- psa_algorithm_t alg = PSA_ALG_CTR;
- psa_status_t status;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- unsigned char *exported = NULL;
- size_t export_size = 0;
- size_t exported_length = INVALID_EXPORT_LENGTH;
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-
- /* Export the key */
- status = psa_export_key( handle,
- exported, export_size,
- &exported_length );
- TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
-
-exit:
- mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void cipher_with_no_key_activity( )
-{
- psa_key_handle_t handle = 0;
- psa_status_t status;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- int exercise_alg = PSA_ALG_CTR;
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, exercise_alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-
- status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
- TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
-
-exit:
- psa_cipher_abort( &operation );
- mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void export_after_import_failure( data_t *data, int type_arg,
- int expected_import_status_arg )
-{
- psa_key_handle_t handle = 0;
- psa_key_type_t type = type_arg;
- psa_status_t status;
- unsigned char *exported = NULL;
- size_t export_size = 0;
- psa_status_t expected_import_status = expected_import_status_arg;
- size_t exported_length = INVALID_EXPORT_LENGTH;
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- PSA_ASSERT( psa_allocate_key( &handle ) );
-
- /* Import the key - expect failure */
- status = psa_import_key( handle, type,
- data->x, data->len );
- TEST_EQUAL( status, expected_import_status );
-
- /* Export the key */
- status = psa_export_key( handle,
- exported, export_size,
- &exported_length );
- TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
-
-exit:
- mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void cipher_after_import_failure( data_t *data, int type_arg,
- int expected_import_status_arg )
-{
- psa_key_handle_t handle = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- psa_key_type_t type = type_arg;
- psa_status_t status;
- psa_status_t expected_import_status = expected_import_status_arg;
- int exercise_alg = PSA_ALG_CTR;
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- PSA_ASSERT( psa_allocate_key( &handle ) );
-
- /* Import the key - expect failure */
- status = psa_import_key( handle, type,
- data->x, data->len );
- TEST_EQUAL( status, expected_import_status );
-
- status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
- TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
-
-exit:
- psa_cipher_abort( &operation );
- mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void export_after_destroy_key( data_t *data, int type_arg )
-{
- psa_key_handle_t handle = 0;
- psa_key_type_t type = type_arg;
- psa_status_t status;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_algorithm_t alg = PSA_ALG_CTR;
- unsigned char *exported = NULL;
- size_t export_size = 0;
- size_t exported_length = INVALID_EXPORT_LENGTH;
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
- export_size = (ptrdiff_t) data->len;
- ASSERT_ALLOC( exported, export_size );
-
- /* Import the key */
- PSA_ASSERT( psa_import_key( handle, type,
- data->x, data->len ) );
-
- PSA_ASSERT( psa_export_key( handle, exported, export_size,
- &exported_length ) );
-
- /* Destroy the key */
- PSA_ASSERT( psa_destroy_key( handle ) );
-
- /* Export the key */
- status = psa_export_key( handle, exported, export_size,
- &exported_length );
- TEST_EQUAL( status, PSA_ERROR_INVALID_HANDLE );
-
-exit:
- mbedtls_free( exported );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -1450,17 +1562,16 @@
unsigned char *exported = NULL;
size_t export_size = expected_public_key->len + export_size_delta;
size_t exported_length = INVALID_EXPORT_LENGTH;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, type );
/* Import the key */
- PSA_ASSERT( psa_import_key( handle, type,
- data->x, data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
/* Export the public key */
ASSERT_ALLOC( exported, export_size );
@@ -1470,9 +1581,10 @@
TEST_EQUAL( status, expected_export_status );
if( status == PSA_SUCCESS )
{
- psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
+ psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
size_t bits;
- PSA_ASSERT( psa_get_key_information( handle, NULL, &bits ) );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ bits = psa_get_key_bits( &attributes );
TEST_ASSERT( expected_public_key->len <=
PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) );
ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
@@ -1482,7 +1594,8 @@
exit:
mbedtls_free( exported );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ psa_reset_key_attributes( &attributes );
+ PSA_DONE( );
}
/* END_CASE */
@@ -1497,35 +1610,34 @@
size_t bits = bits_arg;
psa_algorithm_t alg = alg_arg;
psa_key_usage_t usage = usage_to_exercise( type, alg );
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_key_type_t got_type;
- size_t got_bits;
- psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, usage, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, usage );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, type );
/* Import the key */
- status = psa_import_key( handle, type, data->x, data->len );
- PSA_ASSERT( status );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
/* Test the key information */
- PSA_ASSERT( psa_get_key_information( handle,
- &got_type,
- &got_bits ) );
- TEST_EQUAL( got_type, type );
- TEST_EQUAL( got_bits, bits );
+ PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
+ TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
/* Do something with the key according to its type and permitted usage. */
if( ! exercise_key( handle, usage, alg ) )
goto exit;
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ test_operations_on_invalid_handle( handle );
+
exit:
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ psa_reset_key_attributes( &got_attributes );
+ PSA_DONE( );
}
/* END_CASE */
@@ -1537,56 +1649,62 @@
psa_key_usage_t usage = usage_arg;
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
unsigned char key[32] = {0};
- psa_key_policy_t policy_set = PSA_KEY_POLICY_INIT;
- psa_key_policy_t policy_get = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
memset( key, 0x2a, sizeof( key ) );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy_set, usage, alg );
+ psa_set_key_usage_flags( &attributes, usage );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- TEST_EQUAL( psa_key_policy_get_usage( &policy_set ), usage );
- TEST_EQUAL( psa_key_policy_get_algorithm( &policy_set ), alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy_set ) );
+ PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key, sizeof( key ) ) );
-
- PSA_ASSERT( psa_get_key_policy( handle, &policy_get ) );
-
- TEST_EQUAL( policy_get.usage, policy_set.usage );
- TEST_EQUAL( policy_get.alg, policy_set.alg );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ TEST_EQUAL( psa_get_key_type( &attributes ), key_type );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
exit:
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ psa_reset_key_attributes( &attributes );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
-void key_policy_init( )
+void key_attributes_init( )
{
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
* to supress the Clang warning for the test. */
- psa_key_policy_t func = psa_key_policy_init( );
- psa_key_policy_t init = PSA_KEY_POLICY_INIT;
- psa_key_policy_t zero;
+ psa_key_attributes_t func = psa_key_attributes_init( );
+ psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t zero;
memset( &zero, 0, sizeof( zero ) );
- /* A default key policy should not permit any usage. */
- TEST_EQUAL( psa_key_policy_get_usage( &func ), 0 );
- TEST_EQUAL( psa_key_policy_get_usage( &init ), 0 );
- TEST_EQUAL( psa_key_policy_get_usage( &zero ), 0 );
+ TEST_EQUAL( psa_get_key_lifetime( &func ), PSA_KEY_LIFETIME_VOLATILE );
+ TEST_EQUAL( psa_get_key_lifetime( &init ), PSA_KEY_LIFETIME_VOLATILE );
+ TEST_EQUAL( psa_get_key_lifetime( &zero ), PSA_KEY_LIFETIME_VOLATILE );
- /* A default key policy should not permit any algorithm. */
- TEST_EQUAL( psa_key_policy_get_algorithm( &func ), 0 );
- TEST_EQUAL( psa_key_policy_get_algorithm( &init ), 0 );
- TEST_EQUAL( psa_key_policy_get_algorithm( &zero ), 0 );
+ TEST_EQUAL( psa_get_key_type( &func ), 0 );
+ TEST_EQUAL( psa_get_key_type( &init ), 0 );
+ TEST_EQUAL( psa_get_key_type( &zero ), 0 );
+
+ TEST_EQUAL( psa_get_key_bits( &func ), 0 );
+ TEST_EQUAL( psa_get_key_bits( &init ), 0 );
+ TEST_EQUAL( psa_get_key_bits( &zero ), 0 );
+
+ TEST_EQUAL( psa_get_key_usage_flags( &func ), 0 );
+ TEST_EQUAL( psa_get_key_usage_flags( &init ), 0 );
+ TEST_EQUAL( psa_get_key_usage_flags( &zero ), 0 );
+
+ TEST_EQUAL( psa_get_key_algorithm( &func ), 0 );
+ TEST_EQUAL( psa_get_key_algorithm( &init ), 0 );
+ TEST_EQUAL( psa_get_key_algorithm( &zero ), 0 );
}
/* END_CASE */
@@ -1598,19 +1716,19 @@
int exercise_alg )
{
psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_status_t status;
unsigned char mac[PSA_MAC_MAX_SIZE];
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, policy_usage );
+ psa_set_key_algorithm( &attributes, policy_alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
status = psa_mac_sign_setup( &operation, handle, exercise_alg );
if( policy_alg == exercise_alg &&
@@ -1631,7 +1749,7 @@
exit:
psa_mac_abort( &operation );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -1643,18 +1761,18 @@
int exercise_alg )
{
psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, policy_usage );
+ psa_set_key_algorithm( &attributes, policy_alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
if( policy_alg == exercise_alg &&
@@ -1674,7 +1792,7 @@
exit:
psa_cipher_abort( &operation );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -1688,7 +1806,7 @@
int exercise_alg )
{
psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
unsigned char nonce[16] = {0};
size_t nonce_length = nonce_length_arg;
@@ -1701,12 +1819,12 @@
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, policy_usage );
+ psa_set_key_algorithm( &attributes, policy_alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
status = psa_aead_encrypt( handle, exercise_alg,
nonce, nonce_length,
@@ -1735,7 +1853,7 @@
exit:
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -1747,7 +1865,7 @@
int exercise_alg )
{
psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
size_t key_bits;
size_t buffer_length;
@@ -1756,16 +1874,15 @@
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, policy_usage );
+ psa_set_key_algorithm( &attributes, policy_alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
- PSA_ASSERT( psa_get_key_information( handle,
- NULL,
- &key_bits ) );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
exercise_alg );
ASSERT_ALLOC( buffer, buffer_length );
@@ -1796,7 +1913,8 @@
exit:
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ psa_reset_key_attributes( &attributes );
+ PSA_DONE( );
mbedtls_free( buffer );
}
/* END_CASE */
@@ -1810,7 +1928,7 @@
int payload_length_arg )
{
psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
/* If `payload_length_arg > 0`, `exercise_alg` is supposed to be
@@ -1824,12 +1942,12 @@
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, policy_usage );
+ psa_set_key_algorithm( &attributes, policy_alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
status = psa_asymmetric_sign( handle, exercise_alg,
payload, payload_length,
@@ -1851,7 +1969,7 @@
exit:
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -1863,24 +1981,34 @@
int exercise_alg )
{
psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, policy_usage );
+ psa_set_key_algorithm( &attributes, policy_alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
- status = psa_key_derivation( &generator, handle,
- exercise_alg,
- NULL, 0,
- NULL, 0,
- 1 );
+ PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
+
+ if( PSA_ALG_IS_TLS12_PRF( exercise_alg ) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS( exercise_alg ) )
+ {
+ PSA_ASSERT( psa_key_derivation_input_bytes(
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ (const uint8_t*) "", 0) );
+ }
+
+ status = psa_key_derivation_input_key( &operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ handle );
+
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
PSA_ASSERT( status );
@@ -1888,9 +2016,9 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
- psa_generator_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -1902,21 +2030,22 @@
int exercise_alg )
{
psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, policy_usage );
+ psa_set_key_algorithm( &attributes, policy_alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
- status = key_agreement_with_self( &generator, handle, exercise_alg );
+ PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
+ status = key_agreement_with_self( &operation, handle );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
@@ -1925,9 +2054,9 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
- psa_generator_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -1937,25 +2066,25 @@
{
psa_key_handle_t handle = 0;
psa_key_type_t key_type = key_type_arg;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_key_policy_t got_policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_usage_t usage = usage_arg;
psa_algorithm_t alg = alg_arg;
psa_algorithm_t alg2 = alg2_arg;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, usage, alg );
- psa_key_policy_set_enrollment_algorithm( &policy, alg2 );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x, key_data->len ) );
+ psa_set_key_usage_flags( &attributes, usage );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_enrollment_algorithm( &attributes, alg2 );
+ psa_set_key_type( &attributes, key_type );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
- PSA_ASSERT( psa_get_key_policy( handle, &got_policy ) );
- TEST_EQUAL( psa_key_policy_get_usage( &got_policy ), usage );
- TEST_EQUAL( psa_key_policy_get_algorithm( &got_policy ), alg );
- TEST_EQUAL( psa_key_policy_get_enrollment_algorithm( &got_policy ), alg2 );
+ PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
+ TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
+ TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 );
if( ! exercise_key( handle, usage, alg ) )
goto exit;
@@ -1964,88 +2093,105 @@
exit:
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
-void copy_key_policy( int source_usage_arg,
- int source_alg_arg, int source_alg2_arg,
- int type_arg, data_t *material,
- int target_usage_arg,
- int target_alg_arg, int target_alg2_arg,
- int constraint_usage_arg,
- int constraint_alg_arg, int constraint_alg2_arg,
- int expected_usage_arg,
- int expected_alg_arg, int expected_alg2_arg )
+void raw_agreement_key_policy( int policy_usage,
+ int policy_alg,
+ int key_type_arg,
+ data_t *key_data,
+ int exercise_alg )
{
- psa_key_usage_t source_usage = source_usage_arg;
- psa_algorithm_t source_alg = source_alg_arg;
- psa_algorithm_t source_alg2 = source_alg2_arg;
- psa_key_handle_t source_handle = 0;
- psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
- psa_key_type_t source_type = type_arg;
- size_t source_bits;
- psa_key_usage_t target_usage = target_usage_arg;
- psa_algorithm_t target_alg = target_alg_arg;
- psa_algorithm_t target_alg2 = target_alg2_arg;
- psa_key_handle_t target_handle = 0;
- psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
- psa_key_type_t target_type;
- size_t target_bits;
- psa_key_usage_t constraint_usage = constraint_usage_arg;
- psa_algorithm_t constraint_alg = constraint_alg_arg;
- psa_algorithm_t constraint_alg2 = constraint_alg2_arg;
- psa_key_policy_t constraint = PSA_KEY_POLICY_INIT;
- psa_key_policy_t *p_constraint = NULL;
- psa_key_usage_t expected_usage = expected_usage_arg;
- psa_algorithm_t expected_alg = expected_alg_arg;
- psa_algorithm_t expected_alg2 = expected_alg2_arg;
- uint8_t *export_buffer = NULL;
-
- if( constraint_usage_arg != -1 )
- {
- p_constraint = &constraint;
- psa_key_policy_set_usage( p_constraint,
- constraint_usage, constraint_alg );
- psa_key_policy_set_enrollment_algorithm( p_constraint,
- constraint_alg2 );
- }
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
- /* Populate the source slot. */
- PSA_ASSERT( psa_allocate_key( &source_handle ) );
- psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
- psa_key_policy_set_enrollment_algorithm( &source_policy, source_alg2 );
- PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
- PSA_ASSERT( psa_import_key( source_handle, source_type,
- material->x, material->len ) );
- PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
+ psa_set_key_usage_flags( &attributes, policy_usage );
+ psa_set_key_algorithm( &attributes, policy_alg );
+ psa_set_key_type( &attributes, key_type );
- /* Prepare the target slot. */
- PSA_ASSERT( psa_allocate_key( &target_handle ) );
- psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
- psa_key_policy_set_enrollment_algorithm( &target_policy, target_alg2 );
- PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
- target_policy = psa_key_policy_init();
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
+
+ status = raw_key_agreement_with_self( exercise_alg, handle );
+
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+exit:
+ psa_key_derivation_abort( &operation );
+ psa_destroy_key( handle );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void copy_success( int source_usage_arg,
+ int source_alg_arg, int source_alg2_arg,
+ int type_arg, data_t *material,
+ int copy_attributes,
+ int target_usage_arg,
+ int target_alg_arg, int target_alg2_arg,
+ int expected_usage_arg,
+ int expected_alg_arg, int expected_alg2_arg )
+{
+ psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_usage_t expected_usage = expected_usage_arg;
+ psa_algorithm_t expected_alg = expected_alg_arg;
+ psa_algorithm_t expected_alg2 = expected_alg2_arg;
+ psa_key_handle_t source_handle = 0;
+ psa_key_handle_t target_handle = 0;
+ uint8_t *export_buffer = NULL;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Prepare the source key. */
+ psa_set_key_usage_flags( &source_attributes, source_usage_arg );
+ psa_set_key_algorithm( &source_attributes, source_alg_arg );
+ psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
+ psa_set_key_type( &source_attributes, type_arg );
+ PSA_ASSERT( psa_import_key( &source_attributes,
+ material->x, material->len,
+ &source_handle ) );
+ PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
+
+ /* Prepare the target attributes. */
+ if( copy_attributes )
+ target_attributes = source_attributes;
+ if( target_usage_arg != -1 )
+ psa_set_key_usage_flags( &target_attributes, target_usage_arg );
+ if( target_alg_arg != -1 )
+ psa_set_key_algorithm( &target_attributes, target_alg_arg );
+ if( target_alg2_arg != -1 )
+ psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
/* Copy the key. */
- PSA_ASSERT( psa_copy_key( source_handle, target_handle, p_constraint ) );
+ PSA_ASSERT( psa_copy_key( source_handle,
+ &target_attributes, &target_handle ) );
/* Destroy the source to ensure that this doesn't affect the target. */
PSA_ASSERT( psa_destroy_key( source_handle ) );
/* Test that the target slot has the expected content and policy. */
- PSA_ASSERT( psa_get_key_information( target_handle,
- &target_type, &target_bits ) );
- TEST_EQUAL( source_type, target_type );
- TEST_EQUAL( source_bits, target_bits );
- PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) );
- TEST_EQUAL( expected_usage, psa_key_policy_get_usage( &target_policy ) );
- TEST_EQUAL( expected_alg, psa_key_policy_get_algorithm( &target_policy ) );
+ PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
+ TEST_EQUAL( psa_get_key_type( &source_attributes ),
+ psa_get_key_type( &target_attributes ) );
+ TEST_EQUAL( psa_get_key_bits( &source_attributes ),
+ psa_get_key_bits( &target_attributes ) );
+ TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
+ TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
TEST_EQUAL( expected_alg2,
- psa_key_policy_get_enrollment_algorithm( &target_policy ) );
+ psa_get_key_enrollment_algorithm( &target_attributes ) );
if( expected_usage & PSA_KEY_USAGE_EXPORT )
{
size_t length;
@@ -2057,91 +2203,62 @@
}
if( ! exercise_key( target_handle, expected_usage, expected_alg ) )
goto exit;
+ if( ! exercise_key( target_handle, expected_usage, expected_alg2 ) )
+ goto exit;
PSA_ASSERT( psa_close_key( target_handle ) );
exit:
- mbedtls_psa_crypto_free( );
+ psa_reset_key_attributes( &source_attributes );
+ psa_reset_key_attributes( &target_attributes );
+ PSA_DONE( );
mbedtls_free( export_buffer );
}
/* END_CASE */
/* BEGIN_CASE */
-void copy_fail( int source_usage_arg, int source_alg_arg, int source_alg2_arg,
+void copy_fail( int source_usage_arg,
+ int source_alg_arg, int source_alg2_arg,
int type_arg, data_t *material,
- int target_usage_arg, int target_alg_arg, int target_alg2_arg,
- int constraint_usage_arg,
- int constraint_alg_arg, int constraint_alg2_arg,
+ int target_type_arg, int target_bits_arg,
+ int target_usage_arg,
+ int target_alg_arg, int target_alg2_arg,
int expected_status_arg )
{
- /* Test copy failure into an empty slot. There is a test for copy failure
- * into an occupied slot in
- * test_suite_psa_crypto_slot_management.function. */
-
- psa_key_usage_t source_usage = source_usage_arg;
- psa_algorithm_t source_alg = source_alg_arg;
- psa_algorithm_t source_alg2 = source_alg2_arg;
+ psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t source_handle = 0;
- psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
- psa_key_type_t source_type = type_arg;
- size_t source_bits;
- psa_key_usage_t target_usage = target_usage_arg;
- psa_algorithm_t target_alg = target_alg_arg;
- psa_algorithm_t target_alg2 = target_alg2_arg;
psa_key_handle_t target_handle = 0;
- psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
- psa_key_type_t target_type;
- size_t target_bits;
- psa_key_usage_t constraint_usage = constraint_usage_arg;
- psa_algorithm_t constraint_alg = constraint_alg_arg;
- psa_algorithm_t constraint_alg2 = constraint_alg2_arg;
- psa_key_policy_t constraint = PSA_KEY_POLICY_INIT;
- psa_key_policy_t *p_constraint = NULL;
- psa_status_t expected_status = expected_status_arg;
-
- if( constraint_usage_arg != -1 )
- {
- p_constraint = &constraint;
- psa_key_policy_set_usage( p_constraint,
- constraint_usage, constraint_alg );
- psa_key_policy_set_enrollment_algorithm( p_constraint,
- constraint_alg2 );
- }
PSA_ASSERT( psa_crypto_init( ) );
- /* Populate the source slot. */
- PSA_ASSERT( psa_allocate_key( &source_handle ) );
- psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
- psa_key_policy_set_enrollment_algorithm( &source_policy, source_alg2 );
- PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
- PSA_ASSERT( psa_import_key( source_handle, source_type,
- material->x, material->len ) );
- PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
+ /* Prepare the source key. */
+ psa_set_key_usage_flags( &source_attributes, source_usage_arg );
+ psa_set_key_algorithm( &source_attributes, source_alg_arg );
+ psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
+ psa_set_key_type( &source_attributes, type_arg );
+ PSA_ASSERT( psa_import_key( &source_attributes,
+ material->x, material->len,
+ &source_handle ) );
- /* Prepare the target slot. */
- PSA_ASSERT( psa_allocate_key( &target_handle ) );
- psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
- psa_key_policy_set_enrollment_algorithm( &target_policy, target_alg2 );
- PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
- target_policy = psa_key_policy_init();
+ /* Prepare the target attributes. */
+ psa_set_key_type( &target_attributes, target_type_arg );
+ psa_set_key_bits( &target_attributes, target_bits_arg );
+ psa_set_key_usage_flags( &target_attributes, target_usage_arg );
+ psa_set_key_algorithm( &target_attributes, target_alg_arg );
+ psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
- /* Copy the key. */
- TEST_EQUAL( psa_copy_key( source_handle, target_handle, p_constraint ),
- expected_status );
+ /* Try to copy the key. */
+ TEST_EQUAL( psa_copy_key( source_handle,
+ &target_attributes, &target_handle ),
+ expected_status_arg );
- /* Test that the target slot is unaffected. */
- TEST_EQUAL( psa_get_key_information( target_handle,
- &target_type, &target_bits ),
- PSA_ERROR_DOES_NOT_EXIST );
- PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) );
- TEST_EQUAL( target_usage, psa_key_policy_get_usage( &target_policy ) );
- TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &target_policy ) );
- TEST_EQUAL( target_alg2,
- psa_key_policy_get_enrollment_algorithm( &target_policy ) );
+ PSA_ASSERT( psa_destroy_key( source_handle ) );
exit:
- mbedtls_psa_crypto_free( );
+ psa_reset_key_attributes( &source_attributes );
+ psa_reset_key_attributes( &target_attributes );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2203,7 +2320,7 @@
#endif
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2291,7 +2408,7 @@
PSA_ASSERT( psa_hash_abort( &operation ) );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2326,7 +2443,7 @@
PSA_ERROR_INVALID_SIGNATURE );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2348,7 +2465,7 @@
PSA_ERROR_BUFFER_TOO_SMALL );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2393,7 +2510,7 @@
psa_hash_abort( &op_setup );
psa_hash_abort( &op_finished );
psa_hash_abort( &op_aborted );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2434,7 +2551,7 @@
psa_hash_abort( &op_setup );
psa_hash_abort( &op_finished );
psa_hash_abort( &op_aborted );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2505,7 +2622,7 @@
#endif
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2519,7 +2636,7 @@
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
uint8_t sign_mac[PSA_MAC_MAX_SIZE + 10] = { 0 };
size_t sign_mac_length = 0;
@@ -2530,14 +2647,11 @@
0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 };
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy,
- PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
- alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key, sizeof(key) ) );
+ PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
/* Call update without calling setup beforehand. */
TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
@@ -2577,7 +2691,7 @@
/* Call update after verify finish. */
PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ handle, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ) );
@@ -2600,7 +2714,7 @@
/* Call verify finish twice in a row. */
PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ handle, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ) );
@@ -2620,7 +2734,7 @@
/* Setup verify but try sign. */
PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ handle, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
TEST_EQUAL( psa_mac_sign_finish( &operation,
sign_mac, sizeof( sign_mac ),
@@ -2628,8 +2742,10 @@
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_mac_abort( &operation ) );
+ PSA_ASSERT( psa_destroy_key( handle ) );
+
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2644,7 +2760,7 @@
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* Leave a little extra room in the output buffer. At the end of the
* test, we'll check that the implementation didn't overwrite onto
* this extra room. */
@@ -2659,12 +2775,11 @@
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
/* Calculate the MAC. */
PSA_ASSERT( psa_mac_sign_setup( &operation,
@@ -2685,7 +2800,7 @@
exit:
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2700,18 +2815,17 @@
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_mac_verify_setup( &operation,
handle, alg ) );
@@ -2724,7 +2838,7 @@
exit:
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2802,7 +2916,7 @@
#endif
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -2812,7 +2926,7 @@
psa_key_handle_t handle = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES)] = { 0 };
const uint8_t key[] = {
@@ -2825,13 +2939,10 @@
size_t length = 0;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
- alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key, sizeof(key) ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+ PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
/* Call encrypt setup twice in a row. */
@@ -2954,14 +3065,16 @@
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ PSA_ASSERT( psa_destroy_key( handle ) );
+
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_encrypt( int alg_arg, int key_type_arg,
- data_t *key,
+ data_t *key, data_t *iv,
data_t *input, data_t *expected_output,
int expected_status_arg )
{
@@ -2970,32 +3083,25 @@
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
- unsigned char iv[16] = {0};
- size_t iv_size;
unsigned char *output = NULL;
size_t output_buffer_size = 0;
size_t function_output_length = 0;
size_t total_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
- iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
- memset( iv, 0x2a, iv_size );
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
handle, alg ) );
- PSA_ASSERT( psa_cipher_set_iv( &operation,
- iv, iv_size ) );
+ PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
ASSERT_ALLOC( output, output_buffer_size );
@@ -3022,13 +3128,13 @@
exit:
mbedtls_free( output );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key,
+ data_t *key, data_t *iv,
data_t *input,
int first_part_size_arg,
int output1_length_arg, int output2_length_arg,
@@ -3040,32 +3146,25 @@
size_t first_part_size = first_part_size_arg;
size_t output1_length = output1_length_arg;
size_t output2_length = output2_length_arg;
- unsigned char iv[16] = {0};
- size_t iv_size;
unsigned char *output = NULL;
size_t output_buffer_size = 0;
size_t function_output_length = 0;
size_t total_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
- iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
- memset( iv, 0x2a, iv_size );
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
handle, alg ) );
- PSA_ASSERT( psa_cipher_set_iv( &operation,
- iv, sizeof( iv ) ) );
+ PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
ASSERT_ALLOC( output, output_buffer_size );
@@ -3097,13 +3196,13 @@
exit:
mbedtls_free( output );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key,
+ data_t *key, data_t *iv,
data_t *input,
int first_part_size_arg,
int output1_length_arg, int output2_length_arg,
@@ -3116,32 +3215,25 @@
size_t first_part_size = first_part_size_arg;
size_t output1_length = output1_length_arg;
size_t output2_length = output2_length_arg;
- unsigned char iv[16] = {0};
- size_t iv_size;
unsigned char *output = NULL;
size_t output_buffer_size = 0;
size_t function_output_length = 0;
size_t total_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
- iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
- memset( iv, 0x2a, iv_size );
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
handle, alg ) );
- PSA_ASSERT( psa_cipher_set_iv( &operation,
- iv, sizeof( iv ) ) );
+ PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
@@ -3175,13 +3267,13 @@
exit:
mbedtls_free( output );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_decrypt( int alg_arg, int key_type_arg,
- data_t *key,
+ data_t *key, data_t *iv,
data_t *input, data_t *expected_output,
int expected_status_arg )
{
@@ -3190,32 +3282,25 @@
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
- unsigned char iv[16] = {0};
- size_t iv_size;
unsigned char *output = NULL;
size_t output_buffer_size = 0;
size_t function_output_length = 0;
size_t total_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
- iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
- memset( iv, 0x2a, iv_size );
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
handle, alg ) );
- PSA_ASSERT( psa_cipher_set_iv( &operation,
- iv, iv_size ) );
+ PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
@@ -3243,7 +3328,7 @@
exit:
mbedtls_free( output );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3267,16 +3352,15 @@
size_t function_output_length = 0;
psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
handle, alg ) );
@@ -3326,7 +3410,7 @@
mbedtls_free( output1 );
mbedtls_free( output2 );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3353,16 +3437,15 @@
size_t function_output_length;
psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
handle, alg ) );
@@ -3430,7 +3513,7 @@
mbedtls_free( output1 );
mbedtls_free( output2 );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3450,23 +3533,26 @@
size_t output_length = 0;
unsigned char *output_data2 = NULL;
size_t output_length2 = 0;
- size_t tag_length = 16;
+ size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
psa_status_t expected_result = expected_result_arg;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
output_size = input_data->len + tag_length;
+ /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+ * should be exact. */
+ if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
+ TEST_EQUAL( output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
ASSERT_ALLOC( output_data, output_size );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
- alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
TEST_EQUAL( psa_aead_encrypt( handle, alg,
nonce->x, nonce->len,
@@ -3481,6 +3567,11 @@
{
ASSERT_ALLOC( output_data2, output_length );
+ /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
+ * should be exact. */
+ TEST_EQUAL( input_data->len,
+ PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) );
+
TEST_EQUAL( psa_aead_decrypt( handle, alg,
nonce->x, nonce->len,
additional_data->x,
@@ -3498,7 +3589,7 @@
psa_destroy_key( handle );
mbedtls_free( output_data );
mbedtls_free( output_data2 );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3516,21 +3607,24 @@
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
- size_t tag_length = 16;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
output_size = input_data->len + tag_length;
+ /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+ * should be exact. */
+ TEST_EQUAL( output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
ASSERT_ALLOC( output_data, output_size );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
PSA_ASSERT( psa_aead_encrypt( handle, alg,
nonce->x, nonce->len,
@@ -3545,7 +3639,7 @@
exit:
psa_destroy_key( handle );
mbedtls_free( output_data );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3564,22 +3658,26 @@
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
- size_t tag_length = 16;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_result = expected_result_arg;
- output_size = input_data->len + tag_length;
+ output_size = input_data->len - tag_length;
+ /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
+ * should be exact. */
+ if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
+ TEST_EQUAL( output_size,
+ PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, input_data->len ) );
ASSERT_ALLOC( output_data, output_size );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
TEST_EQUAL( psa_aead_decrypt( handle, alg,
nonce->x, nonce->len,
@@ -3597,7 +3695,7 @@
exit:
psa_destroy_key( handle );
mbedtls_free( output_data );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3628,20 +3726,18 @@
unsigned char *signature = NULL;
size_t signature_size;
size_t signature_length = 0xdeadbeef;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
- PSA_ASSERT( psa_get_key_information( handle,
- NULL,
- &key_bits ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
/* Allocate a buffer which has the size advertized by the
* library. */
@@ -3661,9 +3757,10 @@
signature, signature_length );
exit:
+ psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
mbedtls_free( signature );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3680,19 +3777,18 @@
psa_status_t expected_status = expected_status_arg;
unsigned char *signature = NULL;
size_t signature_length = 0xdeadbeef;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
ASSERT_ALLOC( signature, signature_size );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
actual_status = psa_asymmetric_sign( handle, alg,
input_data->x, input_data->len,
@@ -3706,9 +3802,10 @@
TEST_ASSERT( signature_length <= signature_size );
exit:
+ psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
mbedtls_free( signature );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3723,22 +3820,18 @@
unsigned char *signature = NULL;
size_t signature_size;
size_t signature_length = 0xdeadbeef;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy,
- PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
- alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
- PSA_ASSERT( psa_get_key_information( handle,
- NULL,
- &key_bits ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
/* Allocate a buffer which has the size advertized by the
* library. */
@@ -3776,9 +3869,10 @@
}
exit:
+ psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
mbedtls_free( signature );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3790,27 +3884,27 @@
psa_key_handle_t handle = 0;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_ASSERT( signature_data->len <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
PSA_ASSERT( psa_asymmetric_verify( handle, alg,
hash_data->x, hash_data->len,
signature_data->x,
signature_data->len ) );
exit:
+ psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3825,17 +3919,16 @@
psa_algorithm_t alg = alg_arg;
psa_status_t actual_status;
psa_status_t expected_status = expected_status_arg;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
actual_status = psa_asymmetric_verify( handle, alg,
hash_data->x, hash_data->len,
@@ -3845,8 +3938,9 @@
TEST_EQUAL( actual_status, expected_status );
exit:
+ psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3869,22 +3963,20 @@
size_t output_length = ~0;
psa_status_t actual_status;
psa_status_t expected_status = expected_status_arg;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
/* Import the key */
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
/* Determine the maximum output length */
- PSA_ASSERT( psa_get_key_information( handle,
- NULL,
- &key_bits ) );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
ASSERT_ALLOC( output, output_size );
@@ -3914,9 +4006,10 @@
}
exit:
+ psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
mbedtls_free( output );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -3937,24 +4030,20 @@
unsigned char *output2 = NULL;
size_t output2_size;
size_t output2_length = ~0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
- alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
/* Determine the maximum ciphertext length */
- PSA_ASSERT( psa_get_key_information( handle,
- NULL,
- &key_bits ) );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
ASSERT_ALLOC( output, output_size );
output2_size = input_data->len;
@@ -3981,10 +4070,11 @@
output2, output2_length );
exit:
+ psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
mbedtls_free( output );
mbedtls_free( output2 );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4002,20 +4092,19 @@
unsigned char *output = NULL;
size_t output_size = 0;
size_t output_length = ~0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
output_size = expected_data->len;
ASSERT_ALLOC( output, output_size );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
input_data->x, input_data->len,
@@ -4044,9 +4133,10 @@
}
exit:
+ psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
mbedtls_free( output );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4067,19 +4157,18 @@
size_t output_length = ~0;
psa_status_t actual_status;
psa_status_t expected_status = expected_status_arg;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
ASSERT_ALLOC( output, output_size );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
actual_status = psa_asymmetric_decrypt( handle, alg,
input_data->x, input_data->len,
@@ -4106,170 +4195,236 @@
}
exit:
+ psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
mbedtls_free( output );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
-void crypto_generator_init( )
+void key_derivation_init( )
{
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
* to supress the Clang warning for the test. */
size_t capacity;
- psa_crypto_generator_t func = psa_crypto_generator_init( );
- psa_crypto_generator_t init = PSA_CRYPTO_GENERATOR_INIT;
- psa_crypto_generator_t zero;
+ psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
+ psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t zero;
memset( &zero, 0, sizeof( zero ) );
- /* A default generator should not be able to report its capacity. */
- TEST_EQUAL( psa_get_generator_capacity( &func, &capacity ),
+ /* A default operation should not be able to report its capacity. */
+ TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ),
PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_get_generator_capacity( &init, &capacity ),
+ TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ),
PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_get_generator_capacity( &zero, &capacity ),
+ TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ),
PSA_ERROR_BAD_STATE );
- /* A default generator should be abortable without error. */
- PSA_ASSERT( psa_generator_abort(&func) );
- PSA_ASSERT( psa_generator_abort(&init) );
- PSA_ASSERT( psa_generator_abort(&zero) );
+ /* A default operation should be abortable without error. */
+ PSA_ASSERT( psa_key_derivation_abort(&func) );
+ PSA_ASSERT( psa_key_derivation_abort(&init) );
+ PSA_ASSERT( psa_key_derivation_abort(&zero) );
}
/* END_CASE */
/* BEGIN_CASE */
-void derive_setup( int key_type_arg,
- data_t *key_data,
- int alg_arg,
- data_t *salt,
- data_t *label,
- int requested_capacity_arg,
- int expected_status_arg )
+void derive_setup( int alg_arg, int expected_status_arg )
{
- psa_key_handle_t handle = 0;
- size_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- size_t requested_capacity = requested_capacity_arg;
psa_status_t expected_status = expected_status_arg;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data->x,
- key_data->len ) );
-
- TEST_EQUAL( psa_key_derivation( &generator, handle, alg,
- salt->x, salt->len,
- label->x, label->len,
- requested_capacity ),
+ TEST_EQUAL( psa_key_derivation_setup( &operation, alg ),
expected_status );
exit:
- psa_generator_abort( &generator );
- psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ psa_key_derivation_abort( &operation );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
-void test_derive_invalid_generator_state( )
+void derive_set_capacity( int alg_arg, int capacity_arg,
+ int expected_status_arg )
{
+ psa_algorithm_t alg = alg_arg;
+ size_t capacity = capacity_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+
+ TEST_EQUAL( psa_key_derivation_set_capacity( &operation, capacity ),
+ expected_status );
+
+exit:
+ psa_key_derivation_abort( &operation );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void derive_input( int alg_arg,
+ int key_type_arg,
+ int step1_arg, data_t *input1,
+ int step2_arg, data_t *input2,
+ int step3_arg, data_t *input3,
+ int expected_status_arg1,
+ int expected_status_arg2,
+ int expected_status_arg3 )
+{
+ psa_algorithm_t alg = alg_arg;
+ size_t key_type = key_type_arg;
+ psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg};
+ psa_status_t expected_statuses[] = {expected_status_arg1,
+ expected_status_arg2,
+ expected_status_arg3};
+ data_t *inputs[] = {input1, input2, input3};
+ psa_key_handle_t handles[] = {0, 0, 0};
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ size_t i;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+
+ for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
+ {
+ switch( steps[i] )
+ {
+ case PSA_KEY_DERIVATION_INPUT_SECRET:
+ PSA_ASSERT( psa_import_key( &attributes,
+ inputs[i]->x, inputs[i]->len,
+ &handles[i] ) );
+ TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i],
+ handles[i] ),
+ expected_statuses[i] );
+ break;
+ default:
+ TEST_EQUAL( psa_key_derivation_input_bytes(
+ &operation, steps[i],
+ inputs[i]->x, inputs[i]->len ),
+ expected_statuses[i] );
+ break;
+ }
+ }
+
+exit:
+ psa_key_derivation_abort( &operation );
+ for( i = 0; i < ARRAY_LENGTH( handles ); i++ )
+ psa_destroy_key( handles[i] );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void test_derive_invalid_key_derivation_state( int alg_arg )
+{
+ psa_algorithm_t alg = alg_arg;
psa_key_handle_t handle = 0;
size_t key_type = PSA_KEY_TYPE_DERIVE;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
- psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ unsigned char input1[] = "Input 1";
+ size_t input1_length = sizeof( input1 );
+ unsigned char input2[] = "Input 2";
+ size_t input2_length = sizeof( input2 );
uint8_t buffer[42];
size_t capacity = sizeof( buffer );
const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( handle, key_type,
- key_data,
- sizeof( key_data ) ) );
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_data, sizeof( key_data ),
+ &handle ) );
/* valid key derivation */
- PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
- NULL, 0,
- NULL, 0,
- capacity ) );
+ if( !setup_key_derivation_wrap( &operation, handle, alg,
+ input1, input1_length,
+ input2, input2_length,
+ capacity ) )
+ goto exit;
- /* state of generator shouldn't allow additional generation */
- TEST_EQUAL( psa_key_derivation( &generator, handle, alg,
- NULL, 0,
- NULL, 0,
- capacity ),
+ /* state of operation shouldn't allow additional generation */
+ TEST_EQUAL( psa_key_derivation_setup( &operation, alg ),
PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_generator_read( &generator, buffer, capacity ) );
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) );
- TEST_EQUAL( psa_generator_read( &generator, buffer, capacity ),
+ TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ),
PSA_ERROR_INSUFFICIENT_DATA );
exit:
- psa_generator_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
-void test_derive_invalid_generator_tests( )
+void test_derive_invalid_key_derivation_tests( )
{
uint8_t output_buffer[16];
size_t buffer_size = 16;
size_t capacity = 0;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
+ TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
+ output_buffer, buffer_size )
== PSA_ERROR_BAD_STATE );
- TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
+ TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
== PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_generator_abort( &generator ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
- TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
+ TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
+ output_buffer, buffer_size )
== PSA_ERROR_BAD_STATE );
- TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
+ TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
== PSA_ERROR_BAD_STATE );
exit:
- psa_generator_abort( &generator );
+ psa_key_derivation_abort( &operation );
}
/* END_CASE */
/* BEGIN_CASE */
void derive_output( int alg_arg,
- data_t *key_data,
- data_t *salt,
- data_t *label,
+ int step1_arg, data_t *input1,
+ int step2_arg, data_t *input2,
+ int step3_arg, data_t *input3,
int requested_capacity_arg,
data_t *expected_output1,
data_t *expected_output2 )
{
- psa_key_handle_t handle = 0;
psa_algorithm_t alg = alg_arg;
+ psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg};
+ data_t *inputs[] = {input1, input2, input3};
+ psa_key_handle_t handles[] = {0, 0, 0};
size_t requested_capacity = requested_capacity_arg;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *expected_outputs[2] =
{expected_output1->x, expected_output2->x};
size_t output_sizes[2] =
@@ -4278,9 +4433,9 @@
uint8_t *output_buffer = NULL;
size_t expected_capacity;
size_t current_capacity;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
- unsigned i;
+ size_t i;
for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
{
@@ -4292,21 +4447,38 @@
ASSERT_ALLOC( output_buffer, output_buffer_size );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-
- PSA_ASSERT( psa_import_key( handle, PSA_KEY_TYPE_DERIVE,
- key_data->x,
- key_data->len ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
/* Extraction phase. */
- PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
- salt->x, salt->len,
- label->x, label->len,
- requested_capacity ) );
- PSA_ASSERT( psa_get_generator_capacity( &generator,
- ¤t_capacity ) );
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
+ requested_capacity ) );
+ for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
+ {
+ switch( steps[i] )
+ {
+ case 0:
+ break;
+ case PSA_KEY_DERIVATION_INPUT_SECRET:
+ PSA_ASSERT( psa_import_key( &attributes,
+ inputs[i]->x, inputs[i]->len,
+ &handles[i] ) );
+ PSA_ASSERT( psa_key_derivation_input_key(
+ &operation, steps[i],
+ handles[i] ) );
+ break;
+ default:
+ PSA_ASSERT( psa_key_derivation_input_bytes(
+ &operation, steps[i],
+ inputs[i]->x, inputs[i]->len ) );
+ break;
+ }
+ }
+
+ PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
+ ¤t_capacity ) );
TEST_EQUAL( current_capacity, requested_capacity );
expected_capacity = requested_capacity;
@@ -4314,8 +4486,8 @@
for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
{
/* Read some bytes. */
- status = psa_generator_read( &generator,
- output_buffer, output_sizes[i] );
+ status = psa_key_derivation_output_bytes( &operation,
+ output_buffer, output_sizes[i] );
if( expected_capacity == 0 && output_sizes[i] == 0 )
{
/* Reading 0 bytes when 0 bytes are available can go either way. */
@@ -4336,55 +4508,56 @@
if( output_sizes[i] != 0 )
ASSERT_COMPARE( output_buffer, output_sizes[i],
expected_outputs[i], output_sizes[i] );
- /* Check the generator status. */
+ /* Check the operation status. */
expected_capacity -= output_sizes[i];
- PSA_ASSERT( psa_get_generator_capacity( &generator,
- ¤t_capacity ) );
+ PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
+ ¤t_capacity ) );
TEST_EQUAL( expected_capacity, current_capacity );
}
- PSA_ASSERT( psa_generator_abort( &generator ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
exit:
mbedtls_free( output_buffer );
- psa_generator_abort( &generator );
- psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ psa_key_derivation_abort( &operation );
+ for( i = 0; i < ARRAY_LENGTH( handles ); i++ )
+ psa_destroy_key( handles[i] );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void derive_full( int alg_arg,
data_t *key_data,
- data_t *salt,
- data_t *label,
+ data_t *input1,
+ data_t *input2,
int requested_capacity_arg )
{
psa_key_handle_t handle = 0;
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char output_buffer[16];
size_t expected_capacity = requested_capacity;
size_t current_capacity;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- PSA_ASSERT( psa_import_key( handle, PSA_KEY_TYPE_DERIVE,
- key_data->x,
- key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
- /* Extraction phase. */
- PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
- salt->x, salt->len,
- label->x, label->len,
- requested_capacity ) );
- PSA_ASSERT( psa_get_generator_capacity( &generator,
- ¤t_capacity ) );
+ if( !setup_key_derivation_wrap( &operation, handle, alg,
+ input1->x, input1->len,
+ input2->x, input2->len,
+ requested_capacity ) )
+ goto exit;
+
+ PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
+ ¤t_capacity ) );
TEST_EQUAL( current_capacity, expected_capacity );
/* Expansion phase. */
@@ -4393,33 +4566,33 @@
size_t read_size = sizeof( output_buffer );
if( read_size > current_capacity )
read_size = current_capacity;
- PSA_ASSERT( psa_generator_read( &generator,
- output_buffer,
- read_size ) );
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+ output_buffer,
+ read_size ) );
expected_capacity -= read_size;
- PSA_ASSERT( psa_get_generator_capacity( &generator,
- ¤t_capacity ) );
+ PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
+ ¤t_capacity ) );
TEST_EQUAL( current_capacity, expected_capacity );
}
- /* Check that the generator refuses to go over capacity. */
- TEST_EQUAL( psa_generator_read( &generator, output_buffer, 1 ),
+ /* Check that the operation refuses to go over capacity. */
+ TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ),
PSA_ERROR_INSUFFICIENT_DATA );
- PSA_ASSERT( psa_generator_abort( &generator ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
exit:
- psa_generator_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void derive_key_exercise( int alg_arg,
data_t *key_data,
- data_t *salt,
- data_t *label,
+ data_t *input1,
+ data_t *input2,
int derived_type_arg,
int derived_bits_arg,
int derived_usage_arg,
@@ -4433,57 +4606,54 @@
psa_key_usage_t derived_usage = derived_usage_arg;
psa_algorithm_t derived_alg = derived_alg_arg;
size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_key_type_t got_type;
- size_t got_bits;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &base_handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
- PSA_ASSERT( psa_set_key_policy( base_handle, &policy ) );
- PSA_ASSERT( psa_import_key( base_handle, PSA_KEY_TYPE_DERIVE,
- key_data->x,
- key_data->len ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &base_handle ) );
/* Derive a key. */
- PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
- salt->x, salt->len,
- label->x, label->len,
- capacity ) );
- PSA_ASSERT( psa_allocate_key( &derived_handle ) );
- psa_key_policy_set_usage( &policy, derived_usage, derived_alg );
- PSA_ASSERT( psa_set_key_policy( derived_handle, &policy ) );
- PSA_ASSERT( psa_generator_import_key( derived_handle,
- derived_type,
- derived_bits,
- &generator ) );
+ if ( setup_key_derivation_wrap( &operation, base_handle, alg,
+ input1->x, input1->len,
+ input2->x, input2->len, capacity ) )
+ goto exit;
+
+ psa_set_key_usage_flags( &attributes, derived_usage );
+ psa_set_key_algorithm( &attributes, derived_alg );
+ psa_set_key_type( &attributes, derived_type );
+ psa_set_key_bits( &attributes, derived_bits );
+ PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
+ &derived_handle ) );
/* Test the key information */
- PSA_ASSERT( psa_get_key_information( derived_handle,
- &got_type,
- &got_bits ) );
- TEST_EQUAL( got_type, derived_type );
- TEST_EQUAL( got_bits, derived_bits );
+ PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) );
+ TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type );
+ TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits );
/* Exercise the derived key. */
if( ! exercise_key( derived_handle, derived_usage, derived_alg ) )
goto exit;
exit:
- psa_generator_abort( &generator );
+ psa_key_derivation_abort( &operation );
+ psa_reset_key_attributes( &got_attributes );
psa_destroy_key( base_handle );
psa_destroy_key( derived_handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void derive_key_export( int alg_arg,
data_t *key_data,
- data_t *salt,
- data_t *label,
+ data_t *input1,
+ data_t *input2,
int bytes1_arg,
int bytes2_arg )
{
@@ -4491,59 +4661,56 @@
psa_key_handle_t derived_handle = 0;
psa_algorithm_t alg = alg_arg;
size_t bytes1 = bytes1_arg;
- size_t derived_bits = PSA_BYTES_TO_BITS( bytes1 );
size_t bytes2 = bytes2_arg;
size_t capacity = bytes1 + bytes2;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *output_buffer = NULL;
uint8_t *export_buffer = NULL;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t length;
ASSERT_ALLOC( output_buffer, capacity );
ASSERT_ALLOC( export_buffer, capacity );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &base_handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
- PSA_ASSERT( psa_set_key_policy( base_handle, &policy ) );
- PSA_ASSERT( psa_import_key( base_handle, PSA_KEY_TYPE_DERIVE,
- key_data->x,
- key_data->len ) );
+ psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &base_attributes, alg );
+ psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
+ PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
+ &base_handle ) );
/* Derive some material and output it. */
- PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
- salt->x, salt->len,
- label->x, label->len,
- capacity ) );
- PSA_ASSERT( psa_generator_read( &generator,
- output_buffer,
- capacity ) );
- PSA_ASSERT( psa_generator_abort( &generator ) );
+ if( !setup_key_derivation_wrap( &operation, base_handle, alg,
+ input1->x, input1->len,
+ input2->x, input2->len, capacity ) )
+ goto exit;
+
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+ output_buffer,
+ capacity ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
/* Derive the same output again, but this time store it in key objects. */
- PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
- salt->x, salt->len,
- label->x, label->len,
- capacity ) );
- PSA_ASSERT( psa_allocate_key( &derived_handle ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
- PSA_ASSERT( psa_set_key_policy( derived_handle, &policy ) );
- PSA_ASSERT( psa_generator_import_key( derived_handle,
- PSA_KEY_TYPE_RAW_DATA,
- derived_bits,
- &generator ) );
+ if( !setup_key_derivation_wrap( &operation, base_handle, alg,
+ input1->x, input1->len,
+ input2->x, input2->len, capacity ) )
+ goto exit;
+
+ psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &derived_attributes, 0 );
+ psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
+ psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
+ PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
+ &derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer, bytes1,
&length ) );
TEST_EQUAL( length, bytes1 );
PSA_ASSERT( psa_destroy_key( derived_handle ) );
- PSA_ASSERT( psa_allocate_key( &derived_handle ) );
- PSA_ASSERT( psa_set_key_policy( derived_handle, &policy ) );
- PSA_ASSERT( psa_generator_import_key( derived_handle,
- PSA_KEY_TYPE_RAW_DATA,
- PSA_BYTES_TO_BITS( bytes2 ),
- &generator ) );
+ psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
+ PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
+ &derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer + bytes1, bytes2,
&length ) );
@@ -4556,10 +4723,55 @@
exit:
mbedtls_free( output_buffer );
mbedtls_free( export_buffer );
- psa_generator_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( base_handle );
psa_destroy_key( derived_handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void derive_key( int alg_arg,
+ data_t *key_data, data_t *input1, data_t *input2,
+ int type_arg, int bits_arg,
+ int expected_status_arg )
+{
+ psa_key_handle_t base_handle = 0;
+ psa_key_handle_t derived_handle = 0;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_type_t type = type_arg;
+ size_t bits = bits_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &base_attributes, alg );
+ psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
+ PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
+ &base_handle ) );
+
+ if( !setup_key_derivation_wrap( &operation, base_handle, alg,
+ input1->x, input1->len,
+ input2->x, input2->len, SIZE_MAX ) )
+ goto exit;
+
+ psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &derived_attributes, 0 );
+ psa_set_key_type( &derived_attributes, type );
+ psa_set_key_bits( &derived_attributes, bits );
+ TEST_EQUAL( psa_key_derivation_output_key( &derived_attributes, &operation,
+ &derived_handle ),
+ expected_status );
+
+exit:
+ psa_key_derivation_abort( &operation );
+ psa_destroy_key( base_handle );
+ psa_destroy_key( derived_handle );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4572,28 +4784,79 @@
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t expected_status = expected_status_arg;
+ psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &our_key ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
- PSA_ASSERT( psa_set_key_policy( our_key, &policy ) );
- PSA_ASSERT( psa_import_key( our_key, our_key_type,
- our_key_data->x,
- our_key_data->len ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, our_key_type );
+ PSA_ASSERT( psa_import_key( &attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key ) );
- TEST_EQUAL( psa_key_agreement( &generator,
- our_key,
- peer_key_data->x, peer_key_data->len,
- alg ),
- expected_status_arg );
+ /* The tests currently include inputs that should fail at either step.
+ * Test cases that fail at the setup step should be changed to call
+ * key_derivation_setup instead, and this function should be renamed
+ * to key_agreement_fail. */
+ status = psa_key_derivation_setup( &operation, alg );
+ if( status == PSA_SUCCESS )
+ {
+ TEST_EQUAL( psa_key_derivation_key_agreement(
+ &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ our_key,
+ peer_key_data->x, peer_key_data->len ),
+ expected_status );
+ }
+ else
+ {
+ TEST_ASSERT( status == expected_status );
+ }
exit:
- psa_generator_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( our_key );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void raw_key_agreement( int alg_arg,
+ int our_key_type_arg, data_t *our_key_data,
+ data_t *peer_key_data,
+ data_t *expected_output )
+{
+ psa_key_handle_t our_key = 0;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_type_t our_key_type = our_key_type_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ unsigned char *output = NULL;
+ size_t output_length = ~0;
+
+ ASSERT_ALLOC( output, expected_output->len );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, our_key_type );
+ PSA_ASSERT( psa_import_key( &attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key ) );
+
+ PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
+ peer_key_data->x, peer_key_data->len,
+ output, expected_output->len,
+ &output_length ) );
+ ASSERT_COMPARE( output, output_length,
+ expected_output->x, expected_output->len );
+
+exit:
+ mbedtls_free( output );
+ psa_destroy_key( our_key );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4606,46 +4869,54 @@
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t actual_capacity;
unsigned char output[16];
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &our_key ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
- PSA_ASSERT( psa_set_key_policy( our_key, &policy ) );
- PSA_ASSERT( psa_import_key( our_key, our_key_type,
- our_key_data->x,
- our_key_data->len ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, our_key_type );
+ PSA_ASSERT( psa_import_key( &attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key ) );
- PSA_ASSERT( psa_key_agreement( &generator,
- our_key,
- peer_key_data->x, peer_key_data->len,
- alg ) );
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT( psa_key_derivation_key_agreement(
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
+ peer_key_data->x, peer_key_data->len ) );
+ if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
+ {
+ /* The test data is for info="" */
+ PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ NULL, 0 ) );
+ }
/* Test the advertized capacity. */
- PSA_ASSERT( psa_get_generator_capacity(
- &generator, &actual_capacity ) );
+ PSA_ASSERT( psa_key_derivation_get_capacity(
+ &operation, &actual_capacity ) );
TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
/* Test the actual capacity by reading the output. */
while( actual_capacity > sizeof( output ) )
{
- PSA_ASSERT( psa_generator_read( &generator,
- output, sizeof( output ) ) );
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+ output, sizeof( output ) ) );
actual_capacity -= sizeof( output );
}
- PSA_ASSERT( psa_generator_read( &generator,
- output, actual_capacity ) );
- TEST_EQUAL( psa_generator_read( &generator, output, 1 ),
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+ output, actual_capacity ) );
+ TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ),
PSA_ERROR_INSUFFICIENT_DATA );
exit:
- psa_generator_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( our_key );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4658,8 +4929,8 @@
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_output = NULL;
ASSERT_ALLOC( actual_output, MAX( expected_output1->len,
@@ -4667,36 +4938,44 @@
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &our_key ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
- PSA_ASSERT( psa_set_key_policy( our_key, &policy ) );
- PSA_ASSERT( psa_import_key( our_key, our_key_type,
- our_key_data->x,
- our_key_data->len ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, our_key_type );
+ PSA_ASSERT( psa_import_key( &attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key ) );
- PSA_ASSERT( psa_key_agreement( &generator,
- our_key,
- peer_key_data->x, peer_key_data->len,
- alg ) );
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT( psa_key_derivation_key_agreement(
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
+ peer_key_data->x, peer_key_data->len ) );
+ if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
+ {
+ /* The test data is for info="" */
+ PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ NULL, 0 ) );
+ }
- PSA_ASSERT( psa_generator_read( &generator,
- actual_output,
- expected_output1->len ) );
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+ actual_output,
+ expected_output1->len ) );
ASSERT_COMPARE( actual_output, expected_output1->len,
expected_output1->x, expected_output1->len );
if( expected_output2->len != 0 )
{
- PSA_ASSERT( psa_generator_read( &generator,
- actual_output,
- expected_output2->len ) );
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+ actual_output,
+ expected_output2->len ) );
ASSERT_COMPARE( actual_output, expected_output2->len,
expected_output2->x, expected_output2->len );
}
exit:
- psa_generator_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( our_key );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
mbedtls_free( actual_output );
}
/* END_CASE */
@@ -4746,7 +5025,7 @@
}
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
mbedtls_free( output );
mbedtls_free( changed );
}
@@ -4765,161 +5044,274 @@
size_t bits = bits_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
- psa_key_type_t got_type;
- size_t got_bits;
- psa_status_t expected_info_status =
- expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_allocate_key( &handle ) );
- psa_key_policy_set_usage( &policy, usage, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_usage_flags( &attributes, usage );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, type );
+ psa_set_key_bits( &attributes, bits );
/* Generate a key */
- TEST_EQUAL( psa_generate_key( handle, type, bits, NULL, 0 ),
- expected_status );
+ TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status );
+ if( expected_status != PSA_SUCCESS )
+ goto exit;
/* Test the key information */
- TEST_EQUAL( psa_get_key_information( handle, &got_type, &got_bits ),
- expected_info_status );
- if( expected_info_status != PSA_SUCCESS )
- goto exit;
- TEST_EQUAL( got_type, type );
- TEST_EQUAL( got_bits, bits );
+ PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
+ TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
/* Do something with the key according to its type and permitted usage. */
if( ! exercise_key( handle, usage, alg ) )
goto exit;
exit:
+ psa_reset_key_attributes( &got_attributes );
psa_destroy_key( handle );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 */
+void generate_key_rsa( int bits_arg,
+ data_t *e_arg,
+ int expected_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
+ size_t bits = bits_arg;
+ psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
+ psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t *exported = NULL;
+ size_t exported_size =
+ PSA_KEY_EXPORT_MAX_SIZE( PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits );
+ size_t exported_length = SIZE_MAX;
+ uint8_t *e_read_buffer = NULL;
+ int is_default_public_exponent = 0;
+ size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE( type, bits );
+ size_t e_read_length = SIZE_MAX;
+
+ if( e_arg->len == 0 ||
+ ( e_arg->len == 3 &&
+ e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1 ) )
+ {
+ is_default_public_exponent = 1;
+ e_read_size = 0;
+ }
+ ASSERT_ALLOC( e_read_buffer, e_read_size );
+ ASSERT_ALLOC( exported, exported_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, usage );
+ psa_set_key_algorithm( &attributes, alg );
+ PSA_ASSERT( psa_set_key_domain_parameters( &attributes, type,
+ e_arg->x, e_arg->len ) );
+ psa_set_key_bits( &attributes, bits );
+
+ /* Generate a key */
+ TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status );
+ if( expected_status != PSA_SUCCESS )
+ goto exit;
+
+ /* Test the key information */
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
+ PSA_ASSERT( psa_get_key_domain_parameters( &attributes,
+ e_read_buffer, e_read_size,
+ &e_read_length ) );
+ if( is_default_public_exponent )
+ TEST_EQUAL( e_read_length, 0 );
+ else
+ ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len );
+
+ /* Do something with the key according to its type and permitted usage. */
+ if( ! exercise_key( handle, usage, alg ) )
+ goto exit;
+
+ /* Export the key and check the public exponent. */
+ PSA_ASSERT( psa_export_public_key( handle,
+ exported, exported_size,
+ &exported_length ) );
+ {
+ uint8_t *p = exported;
+ uint8_t *end = exported + exported_length;
+ size_t len;
+ /* RSAPublicKey ::= SEQUENCE {
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER } -- e
+ */
+ TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
+ MBEDTLS_ASN1_SEQUENCE |
+ MBEDTLS_ASN1_CONSTRUCTED ) );
+ TEST_ASSERT( asn1_skip_integer( &p, end, bits, bits, 1 ) );
+ TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
+ MBEDTLS_ASN1_INTEGER ) );
+ if( len >= 1 && p[0] == 0 )
+ {
+ ++p;
+ --len;
+ }
+ if( e_arg->len == 0 )
+ {
+ TEST_EQUAL( len, 3 );
+ TEST_EQUAL( p[0], 1 );
+ TEST_EQUAL( p[1], 0 );
+ TEST_EQUAL( p[2], 1 );
+ }
+ else
+ ASSERT_COMPARE( p, len, e_arg->x, e_arg->len );
+ }
+
+exit:
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( handle );
+ PSA_DONE( );
+ mbedtls_free( e_read_buffer );
+ mbedtls_free( exported );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
-void persistent_key_load_key_from_storage( data_t *data, int type_arg,
- int bits, int usage_arg,
- int alg_arg, int generation_method,
- int export_status )
+void persistent_key_load_key_from_storage( data_t *data,
+ int type_arg, int bits_arg,
+ int usage_flags_arg, int alg_arg,
+ int generation_method )
{
+ psa_key_id_t key_id = 1;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t handle = 0;
- psa_key_handle_t base_key;
- psa_key_type_t type = (psa_key_type_t) type_arg;
- psa_key_type_t type_get;
- size_t bits_get;
- psa_key_policy_t policy_set = PSA_KEY_POLICY_INIT;
- psa_key_policy_t policy_get = PSA_KEY_POLICY_INIT;
- psa_key_usage_t policy_usage = (psa_key_usage_t) usage_arg;
- psa_algorithm_t policy_alg = (psa_algorithm_t) alg_arg;
- psa_key_policy_t base_policy_set = PSA_KEY_POLICY_INIT;
- psa_algorithm_t base_policy_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
- psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_handle_t base_key = 0;
+ psa_key_type_t type = type_arg;
+ size_t bits = bits_arg;
+ psa_key_usage_t usage_flags = usage_flags_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char *first_export = NULL;
unsigned char *second_export = NULL;
size_t export_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
size_t first_exported_length;
size_t second_exported_length;
- ASSERT_ALLOC( first_export, export_size );
- ASSERT_ALLOC( second_export, export_size );
+ if( usage_flags & PSA_KEY_USAGE_EXPORT )
+ {
+ ASSERT_ALLOC( first_export, export_size );
+ ASSERT_ALLOC( second_export, export_size );
+ }
PSA_ASSERT( psa_crypto_init() );
- PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, 1,
- &handle ) );
- psa_key_policy_set_usage( &policy_set, policy_usage,
- policy_alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy_set ) );
+ psa_set_key_id( &attributes, key_id );
+ psa_set_key_usage_flags( &attributes, usage_flags );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, type );
+ psa_set_key_bits( &attributes, bits );
switch( generation_method )
{
case IMPORT_KEY:
/* Import the key */
- PSA_ASSERT( psa_import_key( handle, type,
- data->x, data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
+ &handle ) );
break;
case GENERATE_KEY:
/* Generate a key */
- PSA_ASSERT( psa_generate_key( handle, type, bits,
- NULL, 0 ) );
+ PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
break;
case DERIVE_KEY:
- /* Create base key */
- PSA_ASSERT( psa_allocate_key( &base_key ) );
- psa_key_policy_set_usage( &base_policy_set, PSA_KEY_USAGE_DERIVE,
- base_policy_alg );
- PSA_ASSERT( psa_set_key_policy(
- base_key, &base_policy_set ) );
- PSA_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
- data->x, data->len ) );
- /* Derive a key. */
- PSA_ASSERT( psa_key_derivation( &generator, base_key,
- base_policy_alg,
- NULL, 0, NULL, 0,
- export_size ) );
- PSA_ASSERT( psa_generator_import_key(
- handle, PSA_KEY_TYPE_RAW_DATA,
- bits, &generator ) );
- break;
+ {
+ /* Create base key */
+ psa_algorithm_t derive_alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
+ psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_set_key_usage_flags( &base_attributes,
+ PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &base_attributes, derive_alg );
+ psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
+ PSA_ASSERT( psa_import_key( &base_attributes,
+ data->x, data->len,
+ &base_key ) );
+ /* Derive a key. */
+ PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) );
+ PSA_ASSERT( psa_key_derivation_input_key(
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) );
+ PSA_ASSERT( psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ NULL, 0 ) );
+ PSA_ASSERT( psa_key_derivation_output_key( &attributes,
+ &operation,
+ &handle ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
+ PSA_ASSERT( psa_destroy_key( base_key ) );
+ base_key = 0;
+ }
+ break;
+ }
+ psa_reset_key_attributes( &attributes );
+
+ /* Export the key if permitted by the key policy. */
+ if( usage_flags & PSA_KEY_USAGE_EXPORT )
+ {
+ PSA_ASSERT( psa_export_key( handle,
+ first_export, export_size,
+ &first_exported_length ) );
+ if( generation_method == IMPORT_KEY )
+ ASSERT_COMPARE( data->x, data->len,
+ first_export, first_exported_length );
}
- /* Export the key */
- TEST_EQUAL( psa_export_key( handle,
- first_export, export_size,
- &first_exported_length ),
- export_status );
-
/* Shutdown and restart */
- mbedtls_psa_crypto_free();
+ PSA_ASSERT( psa_close_key( handle ) );
+ PSA_DONE();
PSA_ASSERT( psa_crypto_init() );
/* Check key slot still contains key data */
- PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, 1,
- &handle ) );
- PSA_ASSERT( psa_get_key_information(
- handle, &type_get, &bits_get ) );
- TEST_EQUAL( type_get, type );
- TEST_EQUAL( bits_get, (size_t) bits );
+ PSA_ASSERT( psa_open_key( key_id, &handle ) );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ),
+ PSA_KEY_LIFETIME_PERSISTENT );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
- PSA_ASSERT( psa_get_key_policy( handle, &policy_get ) );
- TEST_EQUAL( psa_key_policy_get_usage( &policy_get ), policy_usage );
- TEST_EQUAL( psa_key_policy_get_algorithm( &policy_get ), policy_alg );
-
- /* Export the key again */
- TEST_EQUAL( psa_export_key( handle,
- second_export, export_size,
- &second_exported_length ),
- export_status );
-
- if( export_status == PSA_SUCCESS )
+ /* Export the key again if permitted by the key policy. */
+ if( usage_flags & PSA_KEY_USAGE_EXPORT )
{
+ PSA_ASSERT( psa_export_key( handle,
+ second_export, export_size,
+ &second_exported_length ) );
ASSERT_COMPARE( first_export, first_exported_length,
second_export, second_exported_length );
-
- switch( generation_method )
- {
- case IMPORT_KEY:
- ASSERT_COMPARE( data->x, data->len,
- first_export, first_exported_length );
- break;
- default:
- break;
- }
}
/* Do something with the key according to its type and permitted usage. */
- if( ! exercise_key( handle, policy_usage, policy_alg ) )
+ if( ! exercise_key( handle, usage_flags, alg ) )
goto exit;
exit:
+ psa_reset_key_attributes( &attributes );
mbedtls_free( first_export );
mbedtls_free( second_export );
+ psa_key_derivation_abort( &operation );
+ psa_destroy_key( base_key );
+ if( handle == 0 )
+ {
+ /* In case there was a test failure after creating the persistent key
+ * but while it was not open, try to re-open the persistent key
+ * to delete it. */
+ psa_open_key( key_id, &handle );
+ }
psa_destroy_key( handle );
- mbedtls_psa_crypto_free();
+ PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
index 91e210e..8538d6d 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -1,10 +1,10 @@
/* BEGIN_HEADER */
#include <stdint.h>
-#include "psa/crypto.h"
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
+#include "psa_crypto_helpers.h"
#if defined(MBEDTLS_PSA_ITS_FILE_C)
#include <stdio.h>
#else
@@ -77,7 +77,7 @@
exit:
mbedtls_free( seed );
remove_seed_file( );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -105,12 +105,12 @@
PSA_ASSERT( status );
status = psa_crypto_init( );
PSA_ASSERT( status );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
/* The seed is written by nv_seed callback functions therefore the injection will fail */
status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
remove_seed_file( );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
index 8abd4e2..d50ff5a 100644
--- a/tests/suites/test_suite_psa_crypto_hash.function
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -2,11 +2,7 @@
#include <stdint.h>
-#if defined(MBEDTLS_PSA_CRYPTO_SPM)
-#include "spm/psa_defs.h"
-#endif
-
-#include "psa/crypto.h"
+#include "psa_crypto_helpers.h"
/* END_HEADER */
@@ -35,7 +31,7 @@
actual_hash, actual_hash_length );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -56,7 +52,7 @@
expected_hash->len ) );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -99,6 +95,6 @@
} while( len++ != input->len );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function
index c8f6e1b..3c4b42e 100644
--- a/tests/suites/test_suite_psa_crypto_init.function
+++ b/tests/suites/test_suite_psa_crypto_init.function
@@ -1,11 +1,7 @@
/* BEGIN_HEADER */
#include <stdint.h>
-#if defined(MBEDTLS_PSA_CRYPTO_SPM)
-#include "spm/psa_defs.h"
-#endif
-#include "psa/crypto.h"
-
+#include "psa_crypto_helpers.h"
/* Some tests in this module configure entropy sources. */
#include "psa_crypto_invasive.h"
@@ -142,7 +138,7 @@
PSA_ASSERT( status );
status = psa_crypto_init( );
PSA_ASSERT( status );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
}
/* END_CASE */
@@ -154,9 +150,9 @@
for( i = 0; i < count; i++ )
{
PSA_ASSERT( psa_crypto_init( ) );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -170,7 +166,7 @@
{
status = psa_crypto_init( );
PSA_ASSERT( status );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
status = psa_generate_random( random, sizeof( random ) );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
@@ -182,15 +178,20 @@
{
psa_status_t status;
uint8_t data[10] = { 0 };
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_handle_t handle = 0xdead;
int i;
+
for( i = 0; i < count; i++ )
{
status = psa_crypto_init( );
PSA_ASSERT( status );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
- status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ status = psa_import_key( &attributes, data, sizeof( data ), &handle );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( handle, 0 );
}
/* END_CASE */
@@ -211,7 +212,7 @@
PSA_ASSERT( psa_generate_random( random, sizeof( random ) ) );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -251,7 +252,7 @@
PSA_ASSERT( psa_generate_random( random, sizeof( random ) ) );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -279,6 +280,6 @@
exit:
mbedtls_free( seed );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index 1e7a996..f5d5a33 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -150,22 +150,14 @@
depends_on:MBEDTLS_DES_C:MBEDTLS_CMAC_C
mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:8:PSA_KEY_TYPE_DES:192
-MAC: GMAC-AES-128
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128
-
-MAC: GMAC-AES-192
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192
-
-MAC: GMAC-AES-256
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256
-
Cipher: ARC4
depends_on:MBEDTLS_ARC4_C
cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER
+Cipher: ChaCha20
+depends_on:MBEDTLS_CHACHA_C
+cipher_algorithm:PSA_ALG_CHACHA20:ALG_IS_STREAM_CIPHER
+
Cipher: CTR
depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CTR
cipher_algorithm:PSA_ALG_CTR:ALG_IS_STREAM_CIPHER
@@ -192,11 +184,15 @@
AEAD: CCM
depends_on:MBEDTLS_CCM_C
-aead_algorithm:PSA_ALG_CCM:0:16
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16
AEAD: GCM
depends_on:MBEDTLS_GCM_C
-aead_algorithm:PSA_ALG_GCM:0:16
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16
+
+AEAD: ChaCha20_Poly1305
+depends_on:MBEDTLS_CHACHAPOLY_C
+aead_algorithm:PSA_ALG_CHACHA20_POLY1305:0:16
Asymmetric signature: RSA PKCS#1 v1.5 raw
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@@ -266,24 +262,21 @@
depends_on:MBEDTLS_SHA256_C
key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF
-Key selection: raw
-key_selection_algorithm:PSA_ALG_SELECT_RAW:0
-
Key agreement: FFDH, raw output
depends_on:MBEDTLS_DHM_C
-key_agreement_algorithm:PSA_ALG_FFDH( PSA_ALG_SELECT_RAW ):ALG_IS_FFDH:PSA_ALG_SELECT_RAW
+key_agreement_algorithm:PSA_ALG_FFDH:ALG_IS_FFDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_FFDH:PSA_ALG_CATEGORY_KEY_DERIVATION
Key agreement: FFDH, HKDF using SHA-256
depends_on:MBEDTLS_DHM_C
-key_agreement_algorithm:PSA_ALG_FFDH( PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
+key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_FFDH:PSA_ALG_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
Key agreement: ECDH, raw output
depends_on:MBEDTLS_ECDH_C
-key_agreement_algorithm:PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ):ALG_IS_ECDH:PSA_ALG_SELECT_RAW
+key_agreement_algorithm:PSA_ALG_ECDH:ALG_IS_ECDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_ECDH:PSA_ALG_CATEGORY_KEY_DERIVATION
Key agreement: ECDH, HKDF using SHA-256
depends_on:MBEDTLS_ECDH_C
-key_agreement_algorithm:PSA_ALG_ECDH( PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
+key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
Key type: raw data
key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED
@@ -310,13 +303,17 @@
depends_on:MBEDTLS_ARC4_C
key_type:PSA_KEY_TYPE_ARC4:KEY_TYPE_IS_UNSTRUCTURED
+Key type: ChaCha20
+depends_on:MBEDTLS_CHACHA20_C
+key_type:PSA_KEY_TYPE_CHACHA20:KEY_TYPE_IS_UNSTRUCTURED
+
Key type: RSA public key
depends_on:MBEDTLS_RSA_C
key_type:PSA_KEY_TYPE_RSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_RSA
Key type: RSA key pair
depends_on:MBEDTLS_RSA_C
-key_type:PSA_KEY_TYPE_RSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_RSA
+key_type:PSA_KEY_TYPE_RSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_RSA
Key type: DSA public key
depends_on:MBEDTLS_DSA_C
@@ -324,7 +321,7 @@
Key type: DSA key pair
depends_on:MBEDTLS_DSA_C
-key_type:PSA_KEY_TYPE_DSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_DSA
+key_type:PSA_KEY_TYPE_DSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_DSA
ECC key types: sect163k1
depends_on:MBEDTLS_ECP_DP_SECT163K1_ENABLED
@@ -445,3 +442,19 @@
ECC key types: Curve448
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecc_key_types:PSA_ECC_CURVE_CURVE448:448
+
+DH group types: FFDHE2048
+dh_key_types:PSA_DH_GROUP_FFDHE2048:2048
+
+DH group types: FFDHE3072
+dh_key_types:PSA_DH_GROUP_FFDHE3072:2048
+
+DH group types: FFDHE4096
+dh_key_types:PSA_DH_GROUP_FFDHE4096:2048
+
+DH group types: FFDHE6144
+dh_key_types:PSA_DH_GROUP_FFDHE6144:2048
+
+DH group types: FFDHE8192
+dh_key_types:PSA_DH_GROUP_FFDHE8192:2048
+
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index 4686bfa..a9f1b39 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -35,6 +35,8 @@
#define ALG_IS_FFDH ( 1u << 17 )
#define ALG_IS_ECDH ( 1u << 18 )
#define ALG_IS_WILDCARD ( 1u << 19 )
+#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 20 )
+#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 21 )
/* Flags for key type classification macros. There is a flag for every
* key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
@@ -43,10 +45,11 @@
#define KEY_TYPE_IS_VENDOR_DEFINED ( 1u << 0 )
#define KEY_TYPE_IS_UNSTRUCTURED ( 1u << 1 )
#define KEY_TYPE_IS_PUBLIC_KEY ( 1u << 2 )
-#define KEY_TYPE_IS_KEYPAIR ( 1u << 3 )
+#define KEY_TYPE_IS_KEY_PAIR ( 1u << 3 )
#define KEY_TYPE_IS_RSA ( 1u << 4 )
#define KEY_TYPE_IS_DSA ( 1u << 5 )
#define KEY_TYPE_IS_ECC ( 1u << 6 )
+#define KEY_TYPE_IS_DH ( 1u << 7 )
#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \
TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) )
@@ -73,6 +76,10 @@
TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_WILDCARD, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_ECDH, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_FFDH, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_RAW_KEY_AGREEMENT, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags );
exit: ;
}
@@ -82,20 +89,27 @@
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_VENDOR_DEFINED, type, flags );
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_UNSTRUCTURED, type, flags );
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_PUBLIC_KEY, type, flags );
- TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEYPAIR, type, flags );
+ TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEY_PAIR, type, flags );
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_RSA, type, flags );
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_ECC, type, flags );
+ TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_DH, type, flags );
/* Macros with derived semantics */
TEST_EQUAL( PSA_KEY_TYPE_IS_ASYMMETRIC( type ),
( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ||
- PSA_KEY_TYPE_IS_KEYPAIR( type ) ) );
- TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ),
+ PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
+ TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ),
( PSA_KEY_TYPE_IS_ECC( type ) &&
- PSA_KEY_TYPE_IS_KEYPAIR( type ) ) );
+ PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ),
( PSA_KEY_TYPE_IS_ECC( type ) &&
PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );
+ TEST_EQUAL( PSA_KEY_TYPE_IS_DH_KEY_PAIR( type ),
+ ( PSA_KEY_TYPE_IS_DH( type ) &&
+ PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
+ TEST_EQUAL( PSA_KEY_TYPE_IS_DH_PUBLIC_KEY( type ),
+ ( PSA_KEY_TYPE_IS_DH( type ) &&
+ PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );
exit: ;
}
@@ -113,7 +127,6 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
/* Length */
@@ -134,7 +147,6 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
/* Tag length */
@@ -174,7 +186,6 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, 0 );
/* Dependent algorithms */
@@ -271,7 +282,6 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@@ -320,7 +330,6 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@@ -350,7 +359,6 @@
TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@@ -359,6 +367,8 @@
void key_derivation_algorithm( int alg_arg, int classification_flags )
{
psa_algorithm_t alg = alg_arg;
+ psa_algorithm_t ecdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, alg );
+ psa_algorithm_t ffdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, alg );
/* Algorithm classification */
TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
@@ -369,49 +379,25 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
/* Check combinations with key agreements */
- TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_FFDH( alg ) ) );
- TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_ECDH( alg ) ) );
- TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_ECDH( alg ) ), alg );
- TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_FFDH( alg ) ), alg );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void key_selection_algorithm( int alg_arg, int classification_flags )
-{
- psa_algorithm_t alg = alg_arg;
-
- /* Algorithm classification */
- TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- TEST_ASSERT( PSA_ALG_IS_KEY_SELECTION( alg ) );
- algorithm_classification( alg, classification_flags );
-
- /* Check combinations with key agreements */
- TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_FFDH( alg ) ) );
- TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_ECDH( alg ) ) );
- TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_ECDH( alg ) ), alg );
- TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_FFDH( alg ) ), alg );
+ TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ecdh_alg ) );
+ TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ffdh_alg ) );
+ TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ecdh_alg ), alg );
+ TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ffdh_alg ), alg );
}
/* END_CASE */
/* BEGIN_CASE */
void key_agreement_algorithm( int alg_arg, int classification_flags,
- int post_alg_arg )
+ int ka_alg_arg, int kdf_alg_arg )
{
psa_algorithm_t alg = alg_arg;
- psa_algorithm_t actual_post_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
- psa_algorithm_t expected_post_alg = post_alg_arg;
+ psa_algorithm_t actual_ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg );
+ psa_algorithm_t expected_ka_alg = ka_alg_arg;
+ psa_algorithm_t actual_kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
+ psa_algorithm_t expected_kdf_alg = kdf_alg_arg;
/* Algorithm classification */
TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
@@ -422,13 +408,11 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
- TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
/* Shared secret derivation properties */
- TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( actual_post_alg ) ||
- PSA_ALG_IS_KEY_SELECTION( actual_post_alg ) );
- TEST_EQUAL( actual_post_alg, expected_post_alg );
+ TEST_EQUAL( actual_ka_alg, expected_ka_alg );
+ TEST_EQUAL( actual_kdf_alg, expected_kdf_alg );
}
/* END_CASE */
@@ -442,23 +426,23 @@
/* For asymmetric types, check the corresponding pair/public type */
if( classification_flags & KEY_TYPE_IS_PUBLIC_KEY )
{
- psa_key_type_t pair_type = PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type );
- TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( pair_type ), type );
+ psa_key_type_t pair_type = PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( type );
+ TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( pair_type ), type );
key_type_classification( pair_type,
( classification_flags
& ~KEY_TYPE_IS_PUBLIC_KEY )
- | KEY_TYPE_IS_KEYPAIR );
- TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type ), type );
+ | KEY_TYPE_IS_KEY_PAIR );
+ TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ), type );
}
- if( classification_flags & KEY_TYPE_IS_KEYPAIR )
+ if( classification_flags & KEY_TYPE_IS_KEY_PAIR )
{
- psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
- TEST_EQUAL( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( public_type ), type );
+ psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
+ TEST_EQUAL( PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( public_type ), type );
key_type_classification( public_type,
( classification_flags
- & ~KEY_TYPE_IS_KEYPAIR )
+ & ~KEY_TYPE_IS_KEY_PAIR )
| KEY_TYPE_IS_PUBLIC_KEY );
- TEST_EQUAL( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type ), type );
+ TEST_EQUAL( PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( type ), type );
}
}
/* END_CASE */
@@ -469,10 +453,10 @@
psa_ecc_curve_t curve = curve_arg;
size_t curve_bits = curve_bits_arg;
psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
- psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEYPAIR( curve );
+ psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve );
test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY );
- test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEYPAIR );
+ test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEY_PAIR );
TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( public_type ), curve );
TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( pair_type ), curve );
@@ -481,3 +465,22 @@
TEST_ASSERT( curve_bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_DHM_C */
+void dh_key_types( int group_arg, int group_bits_arg )
+{
+ psa_dh_group_t group = group_arg;
+ size_t group_bits = group_bits_arg;
+ psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY( group );
+ psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEY_PAIR( group );
+
+ test_key_type( public_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_PUBLIC_KEY );
+ test_key_type( pair_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_KEY_PAIR );
+
+ TEST_EQUAL( PSA_KEY_TYPE_GET_GROUP( public_type ), group );
+ TEST_EQUAL( PSA_KEY_TYPE_GET_GROUP( pair_type ), group );
+
+ /* We have nothing to validate about the group size yet. */
+ (void) group_bits;
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data
index 36a3bfa..3f40d35 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.data
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.data
@@ -1,70 +1,103 @@
PSA Storage format data for storage
-format_storage_data_check:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b4559000000000000000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN
+format_storage_data_check:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000000000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN
PSA Storage parse stored data
-parse_storage_data_check:"505341004b4559000000000000000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_SUCCESS
+parse_storage_data_check:"505341004b455900000000000100000000000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_SUCCESS
PSA Storage parse stored data wrong version, should fail
-parse_storage_data_check:"505341004b455900ffffffff00000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE
+parse_storage_data_check:"505341004b455900ffffffff0100000000000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE
PSA Storage parse too big data, should fail
-parse_storage_data_check:"505341004b4559000000000000000170010000000000001200000010ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE
+parse_storage_data_check:"505341004b455900000000000100000000000170010000000000001200000010ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE
PSA Storage parse bad magic, should fail
-parse_storage_data_check:"645341004b4559000000000000000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE
+parse_storage_data_check:"645341004b455900000000000100000000000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE
PSA Storage parse not enough magic, should fail
-parse_storage_data_check:"505341004b4559":"":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE
+parse_storage_data_check:"505341004b4559":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE
# Not specific to files, but only run this test in an environment where the maximum size could be reached.
Save maximum size persistent raw key
depends_on:MBEDTLS_PSA_ITS_FILE_C
-save_large_persistent_key:0:PSA_SUCCESS
+save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE:PSA_SUCCESS
Save larger than maximum size persistent raw key, should fail
-save_large_persistent_key:1:PSA_ERROR_INSUFFICIENT_STORAGE
+save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTED
Persistent key destroy
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
+persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
-Persistent key destroy missing key
+Persistent key destroy after restart
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEYPAIR:"":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
+persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
-Persistent key import
+Persistent key import (RSA)
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_SUCCESS
+persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS
+
+Persistent key import with restart (RSA)
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS
Persistent key import garbage data, should fail
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"11111111":PSA_ERROR_INVALID_ARGUMENT
+persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT
import/export persistent raw key: 0 byte
-import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:0
+import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:0:0
import/export persistent raw key: 1 byte
-import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0
+import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:0
import/export persistent key RSA public key: good, 1024-bit
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0
+import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:0
import/export persistent key RSA keypair: good, 1024-bit
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:0
+import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:0
import/export persistent raw key file not exist: 1 byte
-import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1
+import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:1
import/export persistent key RSA public key file not exist: 1024-bit
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1
+import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:1
import/export persistent key RSA keypair file not exist: 1024-bit
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:1
+import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:1
PSA import/export-persistent symmetric key: 16 bytes
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0
+import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0:0
+
+import/export persistent raw key with restart: 0 byte
+import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:1:0
+
+import/export persistent raw key with restart: 1 byte
+import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:0
+
+import/export persistent key RSA public key with restart: good, 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:0
+
+import/export persistent key RSA keypair with restart: good, 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:0
+
+import/export persistent raw key file not exist with restart: 1 byte
+import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:1
+
+import/export persistent key RSA public key file not exist with restart: 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:1
+
+import/export persistent key RSA keypair file not exist with restart: 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:1
+
+PSA import/export-persistent symmetric key: 16 bytes
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:1:0
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index 2582534..115bfea 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -1,7 +1,9 @@
/* BEGIN_HEADER */
#include <stdint.h>
-#include "psa/crypto.h"
+
+#include "psa_crypto_helpers.h"
#include "psa_crypto_storage.h"
+
#include "mbedtls/md.h"
#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
@@ -10,6 +12,7 @@
typedef struct {
uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
uint8_t version[4];
+ uint8_t lifetime[sizeof( psa_key_lifetime_t )];
uint8_t type[sizeof( psa_key_type_t )];
uint8_t policy[sizeof( psa_key_policy_t )];
uint8_t data_len[4];
@@ -26,21 +29,23 @@
/* BEGIN_CASE */
void format_storage_data_check( data_t *key_data,
data_t *expected_file_data,
- int key_type,
+ int key_lifetime, int key_type,
int key_usage, int key_alg, int key_alg2 )
{
uint8_t *file_data;
size_t file_data_length;
- psa_key_policy_t key_policy;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- key_policy.usage = (psa_key_usage_t) key_usage;
- key_policy.alg = (psa_algorithm_t) key_alg;
- key_policy.alg2 = (psa_algorithm_t) key_alg2;
+ psa_set_key_lifetime( &attributes, key_lifetime );
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags( &attributes, key_usage );
+ psa_set_key_algorithm( &attributes, key_alg );
+ psa_set_key_enrollment_algorithm( &attributes, key_alg2 );
file_data_length = key_data->len + sizeof( psa_persistent_key_storage_format );
file_data = mbedtls_calloc( 1, file_data_length );
psa_format_key_data_for_storage( key_data->x, key_data->len,
- (psa_key_type_t) key_type, &key_policy,
+ &attributes.core,
file_data );
ASSERT_COMPARE( expected_file_data->x, expected_file_data->len,
@@ -52,6 +57,7 @@
/* BEGIN_CASE */
void parse_storage_data_check( data_t *file_data,
data_t *expected_key_data,
+ int expected_key_lifetime,
int expected_key_type,
int expected_key_usage,
int expected_key_alg,
@@ -60,22 +66,27 @@
{
uint8_t *key_data = NULL;
size_t key_data_length = 0;
- psa_key_type_t key_type = 0;
- psa_key_policy_t key_policy;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
status = psa_parse_key_data_from_storage( file_data->x, file_data->len,
&key_data, &key_data_length,
- &key_type, &key_policy );
+ &attributes.core );
TEST_EQUAL( status, expected_status );
if( status != PSA_SUCCESS )
goto exit;
- TEST_EQUAL( key_type, (psa_key_type_t) expected_key_type );
- TEST_EQUAL( key_policy.usage, (uint32_t) expected_key_usage );
- TEST_EQUAL( key_policy.alg, (uint32_t) expected_key_alg );
- TEST_EQUAL( key_policy.alg2, (uint32_t) expected_key_alg2 );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ),
+ (psa_key_type_t) expected_key_lifetime );
+ TEST_EQUAL( psa_get_key_type( &attributes ),
+ (psa_key_type_t) expected_key_type );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
+ (uint32_t) expected_key_usage );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ),
+ (uint32_t) expected_key_alg );
+ TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ),
+ (uint32_t) expected_key_alg2 );
ASSERT_COMPARE( expected_key_data->x, expected_key_data->len,
key_data, key_data_length );
@@ -85,36 +96,36 @@
/* END_CASE */
/* BEGIN_CASE */
-void save_large_persistent_key( int data_too_large, int expected_status )
+void save_large_persistent_key( int data_length_arg, int expected_status )
{
psa_key_id_t key_id = 42;
psa_key_handle_t handle = 0;
uint8_t *data = NULL;
- size_t data_length = PSA_CRYPTO_MAX_STORAGE_SIZE;
-
- if( data_too_large )
- data_length += 1;
+ size_t data_length = data_length_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
ASSERT_ALLOC( data, data_length );
PSA_ASSERT( psa_crypto_init() );
- PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
- &handle ) );
+ psa_set_key_id( &attributes, key_id );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- TEST_EQUAL( psa_import_key( handle, PSA_KEY_TYPE_RAW_DATA,
- data, data_length ),
+ TEST_EQUAL( psa_import_key( &attributes, data, data_length, &handle ),
expected_status );
+ if( expected_status == PSA_SUCCESS )
+ PSA_ASSERT( psa_destroy_key( handle ) );
+
exit:
mbedtls_free( data );
- mbedtls_psa_crypto_free();
+ PSA_DONE();
psa_destroy_persistent_key( key_id );
}
/* END_CASE */
/* BEGIN_CASE */
-void persistent_key_destroy( int key_id_arg, int should_store,
+void persistent_key_destroy( int key_id_arg, int restart,
int first_type_arg, data_t *first_data,
int second_type_arg, data_t *second_data )
{
@@ -122,59 +133,65 @@
psa_key_handle_t handle = 0;
psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init() );
- PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
+ psa_set_key_id( &attributes, key_id );
+ psa_set_key_type( &attributes, first_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, first_data->x, first_data->len,
&handle ) );
- if( should_store == 1 )
+ if( restart )
{
- PSA_ASSERT( psa_import_key(
- handle, first_type,
- first_data->x, first_data->len ) );
+ psa_close_key( handle );
+ PSA_DONE();
+ PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT( psa_open_key( key_id, &handle ) );
}
+ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
/* Destroy the key */
PSA_ASSERT( psa_destroy_key( handle ) );
/* Check key slot storage is removed */
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
- TEST_EQUAL( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle ),
- PSA_ERROR_DOES_NOT_EXIST );
+ TEST_EQUAL( psa_open_key( key_id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
TEST_EQUAL( handle, 0 );
/* Shutdown and restart */
- mbedtls_psa_crypto_free();
+ PSA_DONE();
PSA_ASSERT( psa_crypto_init() );
/* Create another key in the same slot */
- PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
+ psa_set_key_id( &attributes, key_id );
+ psa_set_key_type( &attributes, second_type );
+ PSA_ASSERT( psa_import_key( &attributes, second_data->x, second_data->len,
&handle ) );
- PSA_ASSERT( psa_import_key(
- handle, second_type,
- second_data->x, second_data->len ) );
+
+ PSA_ASSERT( psa_destroy_key( handle ) );
exit:
- mbedtls_psa_crypto_free();
+ PSA_DONE();
psa_destroy_persistent_key( key_id );
}
/* END_CASE */
/* BEGIN_CASE */
void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
- int expected_status )
+ int restart, int expected_status )
{
- psa_key_lifetime_t lifetime;
psa_key_id_t key_id = (psa_key_id_t) key_id_arg;
psa_key_type_t type = (psa_key_type_t) type_arg;
psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init() );
- PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
- &handle ) );
- TEST_EQUAL( psa_import_key( handle, type, data->x, data->len ),
+ psa_set_key_id( &attributes, key_id );
+ psa_set_key_type( &attributes, type );
+ TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &handle ),
expected_status );
if( expected_status != PSA_SUCCESS )
@@ -183,18 +200,36 @@
goto exit;
}
- PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime ) );
- TEST_EQUAL( lifetime, PSA_KEY_LIFETIME_PERSISTENT );
+ if( restart )
+ {
+ psa_close_key( handle );
+ PSA_DONE();
+ PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT( psa_open_key( key_id, &handle ) );
+ }
+
+ psa_reset_key_attributes( &attributes );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ),
+ PSA_KEY_LIFETIME_PERSISTENT );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+
+ PSA_ASSERT( psa_destroy_key( handle ) );
exit:
+ psa_reset_key_attributes( &attributes );
psa_destroy_persistent_key( key_id );
- mbedtls_psa_crypto_free();
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void import_export_persistent_key( data_t *data, int type_arg,
- int expected_bits, int key_not_exist )
+ int expected_bits,
+ int restart, int key_not_exist )
{
psa_key_id_t key_id = 42;
psa_key_type_t type = (psa_key_type_t) type_arg;
@@ -202,34 +237,38 @@
unsigned char *exported = NULL;
size_t export_size = data->len;
size_t exported_length;
- psa_key_type_t got_type;
- size_t got_bits;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_key_lifetime_t lifetime_get;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
ASSERT_ALLOC( exported, export_size );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
- &handle ) );
-
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT,
- PSA_ALG_VENDOR_FLAG );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ psa_set_key_id( &attributes, key_id );
+ psa_set_key_type( &attributes, type );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
/* Import the key */
- PSA_ASSERT( psa_import_key( handle, type,
- data->x, data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
- PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime_get ) );
- TEST_EQUAL( lifetime_get, PSA_KEY_LIFETIME_PERSISTENT );
+
+ if( restart )
+ {
+ psa_close_key( handle );
+ PSA_DONE();
+ PSA_ASSERT( psa_crypto_init() );
+ PSA_ASSERT( psa_open_key( key_id, &handle ) );
+ }
/* Test the key information */
- PSA_ASSERT( psa_get_key_information(
- handle, &got_type, &got_bits ) );
- TEST_EQUAL( got_type, type );
- TEST_EQUAL( got_bits, (size_t) expected_bits );
+ psa_reset_key_attributes( &attributes );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ),
+ PSA_KEY_LIFETIME_PERSISTENT );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), (size_t) expected_bits );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
@@ -248,8 +287,9 @@
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
exit:
+ psa_reset_key_attributes( &attributes );
mbedtls_free( exported );
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
psa_destroy_persistent_key( key_id );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
new file mode 100644
index 0000000..5819f78
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
@@ -0,0 +1,163 @@
+Register SE driver: good
+register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS
+
+# Run this test case a second time to verify that the library deinit
+# unregistered the first driver.
+Register SE driver: good, again
+register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS
+
+Register SE driver: invalid lifetime (0)
+register_one:0:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
+
+Register SE driver: invalid lifetime (VOLATILE)
+register_one:PSA_KEY_LIFETIME_VOLATILE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
+
+Register SE driver: invalid lifetime (PERSISTENT)
+register_one:PSA_KEY_LIFETIME_PERSISTENT:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
+
+Register SE driver: invalid version (ancient)
+register_one:2:0x00000003:PSA_ERROR_NOT_SUPPORTED
+
+Register SE driver: invalid version (future)
+register_one:2:PSA_DRV_SE_HAL_VERSION + 1:PSA_ERROR_NOT_SUPPORTED
+
+Register SE driver: already registered
+register_twice:3
+
+Register SE driver: maximum number of drivers
+register_max:
+
+SE key import-export (p_allocate allows all slots)
+key_creation_import_export:0:0
+
+SE key import-export (p_allocate allows 1 slot)
+key_creation_import_export:ARRAY_LENGTH( ram_slots ) - 1:0
+
+SE key import-export, check after restart (slot 0)
+key_creation_import_export:0:1
+
+SE key import-export, check after restart (slot 3)
+key_creation_import_export:3:1
+
+Key creation in a specific slot (0)
+key_creation_in_chosen_slot:0:0:PSA_SUCCESS
+
+Key creation in a specific slot (max)
+key_creation_in_chosen_slot:ARRAY_LENGTH( ram_slots ) - 1:0:PSA_SUCCESS
+
+Key creation in a specific slot (0, restart)
+key_creation_in_chosen_slot:0:1:PSA_SUCCESS
+
+Key creation in a specific slot (max, restart)
+key_creation_in_chosen_slot:ARRAY_LENGTH( ram_slots ) - 1:1:PSA_SUCCESS
+
+Key creation in a specific slot (too large)
+key_creation_in_chosen_slot:ARRAY_LENGTH( ram_slots ):0:PSA_ERROR_INVALID_ARGUMENT
+
+Key import smoke test: AES-CTR
+import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CTR:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: AES-CBC
+import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: AES-CMAC
+import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: AES-CCM
+import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: AES-GCM
+import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: CAMELLIA-CTR
+import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_CTR:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: CAMELLIA-CBC
+import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_CBC_NO_PADDING:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: CAMELLIA-CMAC
+import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_CMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: CAMELLIA-CCM
+import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: CAMELLIA-CCM
+import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: HMAC-SHA-256
+import_key_smoke:PSA_KEY_TYPE_HMAC:PSA_ALG_HMAC( PSA_ALG_SHA_256 ):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: HKDF-SHA-256
+import_key_smoke:PSA_KEY_TYPE_DERIVE:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+Key import smoke test: RSA PKCS#1v1.5 signature
+import_key_smoke:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+Key import smoke test: RSA PKCS#1v1.5 encryption
+import_key_smoke:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_CRYPT:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+Key import smoke test: RSA OAEP encryption
+import_key_smoke:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_OAEP( PSA_ALG_SHA_256 ):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+Key import smoke test: ECDSA secp256r1
+import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
+
+Key import smoke test: ECDH secp256r1
+import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDH:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
+
+Key import smoke test: ECDH secp256r1 with HKDF
+import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
+
+Generate key: not supported
+generate_key_not_supported:PSA_KEY_TYPE_AES:128
+
+Key generation smoke test: AES-128-CTR
+generate_key_smoke:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR
+
+Key generation smoke test: AES-256-CTR
+generate_key_smoke:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR
+
+Key generation smoke test: HMAC-SHA-256
+generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 )
+
+Key registration: smoke test
+register_key_smoke_test:MIN_DRIVER_LIFETIME:-1:PSA_SUCCESS
+
+Key registration: invalid lifetime (volatile)
+register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:-1:PSA_ERROR_INVALID_ARGUMENT
+
+Key registration: invalid lifetime (internal storage)
+register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:-1:PSA_ERROR_INVALID_ARGUMENT
+
+Key registration: invalid lifetime (no registered driver)
+register_key_smoke_test:MIN_DRIVER_LIFETIME + 1:-1:PSA_ERROR_INVALID_ARGUMENT
+
+Key registration: with driver validation (accepted)
+register_key_smoke_test:MIN_DRIVER_LIFETIME:1:PSA_SUCCESS
+
+Key registration: with driver validation (rejected)
+register_key_smoke_test:MIN_DRIVER_LIFETIME:0:PSA_ERROR_NOT_PERMITTED
+
+Import-sign-verify: sign in driver, ECDSA
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
+
+Import-sign-verify: sign in driver then export_public, ECDSA
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
+
+Import-sign-verify: sign in software, ECDSA
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
+
+Generate-sign-verify: sign in driver, ECDSA
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
+
+Generate-sign-verify: sign in driver then export_public, ECDSA
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
+
+Generate-sign-verify: sign in software, ECDSA
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
new file mode 100644
index 0000000..fc6f668
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -0,0 +1,1291 @@
+/* BEGIN_HEADER */
+#include "psa_crypto_helpers.h"
+#include "psa/crypto_se_driver.h"
+
+#include "psa_crypto_se.h"
+#include "psa_crypto_storage.h"
+
+
+
+/****************************************************************/
+/* Test driver helpers */
+/****************************************************************/
+
+/** The minimum valid lifetime value for a secure element driver. */
+#define MIN_DRIVER_LIFETIME 2
+
+/** The driver detected a condition that shouldn't happen.
+ * This is probably a bug in the library. */
+#define PSA_ERROR_DETECTED_BY_DRIVER ((psa_status_t)( -500 ))
+
+/** Like #TEST_ASSERT for use in a driver method, with no cleanup.
+ *
+ * If an error happens, this macro returns from the calling function.
+ *
+ * Use this macro to assert on guarantees provided by the core.
+ */
+#define DRIVER_ASSERT_RETURN( TEST ) \
+ do { \
+ if( ! (TEST) ) \
+ { \
+ test_fail( #TEST, __LINE__, __FILE__ ); \
+ return( PSA_ERROR_DETECTED_BY_DRIVER ); \
+ } \
+ } while( 0 )
+
+/** Like #TEST_ASSERT for use in a driver method, with cleanup.
+ *
+ * In case of error, this macro sets `status` and jumps to the
+ * label `exit`.
+ *
+ * Use this macro to assert on guarantees provided by the core.
+ */
+#define DRIVER_ASSERT( TEST ) \
+ do { \
+ if( ! (TEST) ) \
+ { \
+ test_fail( #TEST, __LINE__, __FILE__ ); \
+ status = PSA_ERROR_DETECTED_BY_DRIVER; \
+ goto exit; \
+ } \
+ } while( 0 )
+
+/** Like #PSA_ASSERT for a PSA API call that calls a driver underneath.
+ *
+ * Run the code \p expr. If this returns \p expected_status,
+ * do nothing. If this returns #PSA_ERROR_DETECTED_BY_DRIVER,
+ * jump directly to the `exit` label. If this returns any other
+ * status, call test_fail() then jump to `exit`.
+ *
+ * The special case for #PSA_ERROR_DETECTED_BY_DRIVER is because in this
+ * case, the test driver code is expected to have called test_fail()
+ * already, so we make sure not to overwrite the failure information.
+ */
+#define PSA_ASSERT_VIA_DRIVER( expr, expected_status ) \
+ do { \
+ psa_status_t PSA_ASSERT_VIA_DRIVER_status = ( expr ); \
+ if( PSA_ASSERT_VIA_DRIVER_status == PSA_ERROR_DETECTED_BY_DRIVER ) \
+ goto exit; \
+ if( PSA_ASSERT_VIA_DRIVER_status != ( expected_status ) ) \
+ { \
+ test_fail( #expr, __LINE__, __FILE__ ); \
+ goto exit; \
+ } \
+ } while( 0 )
+
+
+
+/****************************************************************/
+/* Miscellaneous driver methods */
+/****************************************************************/
+
+typedef struct
+{
+ psa_key_slot_number_t slot_number;
+ psa_key_creation_method_t method;
+ psa_status_t status;
+} validate_slot_number_directions_t;
+static validate_slot_number_directions_t validate_slot_number_directions;
+
+/* Validate a choice of slot number as directed. */
+static psa_status_t validate_slot_number_as_directed(
+ psa_drv_se_context_t *context,
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_key_slot_number_t slot_number )
+{
+ (void) context;
+ (void) attributes;
+ DRIVER_ASSERT_RETURN( slot_number ==
+ validate_slot_number_directions.slot_number );
+ DRIVER_ASSERT_RETURN( method ==
+ validate_slot_number_directions.method );
+ return( validate_slot_number_directions.status );
+}
+
+/* Allocate slot numbers with a monotonic counter. */
+static psa_status_t counter_allocate( psa_drv_se_context_t *context,
+ void *persistent_data,
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_key_slot_number_t *slot_number )
+{
+ psa_key_slot_number_t *p_counter = persistent_data;
+ (void) attributes;
+ (void) method;
+ if( context->persistent_data_size != sizeof( psa_key_slot_number_t ) )
+ return( PSA_ERROR_DETECTED_BY_DRIVER );
+ ++*p_counter;
+ if( *p_counter == 0 )
+ return( PSA_ERROR_INSUFFICIENT_STORAGE );
+ *slot_number = *p_counter;
+ return( PSA_SUCCESS );
+}
+
+/* Null import: do nothing, but pretend it worked. */
+static psa_status_t null_import( psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ size_t *bits )
+{
+ (void) context;
+ (void) slot_number;
+ (void) attributes;
+ (void) data;
+ /* We're supposed to return a key size. Return one that's correct for
+ * plain data keys. */
+ *bits = PSA_BYTES_TO_BITS( data_length );
+ return( PSA_SUCCESS );
+}
+
+/* Null generate: do nothing, but pretend it worked. */
+static psa_status_t null_generate( psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ const psa_key_attributes_t *attributes,
+ uint8_t *pubkey,
+ size_t pubkey_size,
+ size_t *pubkey_length )
+{
+ (void) context;
+ (void) slot_number;
+ (void) attributes;
+
+ DRIVER_ASSERT_RETURN( *pubkey_length == 0 );
+ if( ! PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
+ {
+ DRIVER_ASSERT_RETURN( pubkey == NULL );
+ DRIVER_ASSERT_RETURN( pubkey_size == 0 );
+ }
+
+ return( PSA_SUCCESS );
+}
+
+/* Null destroy: do nothing, but pretend it worked. */
+static psa_status_t null_destroy( psa_drv_se_context_t *context,
+ void *persistent_data,
+ psa_key_slot_number_t slot_number )
+{
+ (void) context;
+ (void) persistent_data;
+ (void) slot_number;
+ return( PSA_SUCCESS );
+}
+
+
+
+/****************************************************************/
+/* RAM-based test driver */
+/****************************************************************/
+
+#define RAM_MAX_KEY_SIZE 64
+typedef struct
+{
+ psa_key_lifetime_t lifetime;
+ psa_key_type_t type;
+ size_t bits;
+ uint8_t content[RAM_MAX_KEY_SIZE];
+} ram_slot_t;
+static ram_slot_t ram_slots[16];
+
+/* A type with at least ARRAY_LENGTH(ram_slots) bits, containing a
+ * bit vector indicating which slots are in use. */
+typedef uint16_t ram_slot_usage_t;
+
+static uint8_t ram_min_slot = 0;
+
+static void ram_slots_reset( void )
+{
+ memset( ram_slots, 0, sizeof( ram_slots ) );
+ ram_min_slot = 0;
+}
+
+/* Common parts of key creation.
+ *
+ * In case of error, zero out ram_slots[slot_number]. But don't
+ * do that if the error is PSA_ERROR_DETECTED_BY_DRIVER: in this case
+ * you don't need to clean up (ram_slot_reset() will take care of it
+ * in the test case function's cleanup code) and it might be wrong
+ * (if slot_number is invalid).
+ */
+static psa_status_t ram_create_common( psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ const psa_key_attributes_t *attributes,
+ size_t required_storage )
+{
+ (void) context;
+ DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
+
+ ram_slots[slot_number].lifetime = psa_get_key_lifetime( attributes );
+ ram_slots[slot_number].type = psa_get_key_type( attributes );
+ ram_slots[slot_number].bits = psa_get_key_bits( attributes );
+
+ if( required_storage > sizeof( ram_slots[slot_number].content ) )
+ {
+ memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) );
+ return( PSA_ERROR_INSUFFICIENT_STORAGE );
+ }
+
+ return( PSA_SUCCESS );
+}
+
+/* This function does everything except actually generating key material.
+ * After calling it, you must copy the desired key material to
+ * ram_slots[slot_number].content. */
+static psa_status_t ram_fake_generate( psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ const psa_key_attributes_t *attributes,
+ uint8_t *pubkey,
+ size_t pubkey_size,
+ size_t *pubkey_length )
+{
+ psa_status_t status;
+ size_t required_storage =
+ PSA_KEY_EXPORT_MAX_SIZE( psa_get_key_type( attributes ),
+ psa_get_key_bits( attributes ) );
+
+ DRIVER_ASSERT_RETURN( *pubkey_length == 0 );
+ if( ! PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
+ {
+ DRIVER_ASSERT_RETURN( pubkey == NULL );
+ DRIVER_ASSERT_RETURN( pubkey_size == 0 );
+ }
+
+ status = ram_create_common( context, slot_number, attributes,
+ required_storage );
+ return( status );
+}
+
+static psa_status_t ram_import( psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ size_t *bits )
+{
+ psa_key_type_t type = psa_get_key_type( attributes );
+ psa_status_t status = ram_create_common( context, slot_number, attributes,
+ data_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ /* The RAM driver only works for certain key types: raw keys,
+ * and ECC key pairs. This is true in particular of the bit-size
+ * calculation here. */
+ if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
+ *bits = PSA_BYTES_TO_BITS( data_length );
+ else if ( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+ *bits = PSA_ECC_CURVE_BITS( PSA_KEY_TYPE_GET_CURVE( type ) );
+ else
+ {
+ memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) );
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ ram_slots[slot_number].bits = *bits;
+ memcpy( ram_slots[slot_number].content, data, data_length );
+
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t ram_export( psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length )
+{
+ size_t actual_size;
+ (void) context;
+ DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
+ actual_size = PSA_BITS_TO_BYTES( ram_slots[slot_number].bits );
+ if( actual_size > data_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ *data_length = actual_size;
+ memcpy( data, ram_slots[slot_number].content, actual_size );
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t ram_export_public( psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length )
+{
+ psa_status_t status;
+ psa_key_handle_t handle;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ (void) context;
+ DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
+ DRIVER_ASSERT_RETURN(
+ PSA_KEY_TYPE_IS_KEY_PAIR( ram_slots[slot_number].type ) );
+
+ psa_set_key_type( &attributes, ram_slots[slot_number].type );
+ status = psa_import_key( &attributes,
+ ram_slots[slot_number].content,
+ PSA_BITS_TO_BYTES( ram_slots[slot_number].bits ),
+ &handle );
+ if( status != PSA_SUCCESS )
+ return( status );
+ status = psa_export_public_key( handle, data, data_size, data_length );
+ psa_destroy_key( handle );
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t ram_destroy( psa_drv_se_context_t *context,
+ void *persistent_data,
+ psa_key_slot_number_t slot_number )
+{
+ ram_slot_usage_t *slot_usage = persistent_data;
+ DRIVER_ASSERT_RETURN( context->persistent_data_size == sizeof( ram_slot_usage_t ) );
+ DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
+ memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) );
+ *slot_usage &= ~(ram_slot_usage_t)( 1 << slot_number );
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t ram_allocate( psa_drv_se_context_t *context,
+ void *persistent_data,
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_key_slot_number_t *slot_number )
+{
+ ram_slot_usage_t *slot_usage = persistent_data;
+ (void) attributes;
+ (void) method;
+ DRIVER_ASSERT_RETURN( context->persistent_data_size == sizeof( ram_slot_usage_t ) );
+ for( *slot_number = ram_min_slot;
+ *slot_number < ARRAY_LENGTH( ram_slots );
+ ++( *slot_number ) )
+ {
+ if( ! ( *slot_usage & 1 << *slot_number ) )
+ return( PSA_SUCCESS );
+ }
+ return( PSA_ERROR_INSUFFICIENT_STORAGE );
+}
+
+static psa_status_t ram_validate_slot_number(
+ psa_drv_se_context_t *context,
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_key_slot_number_t slot_number )
+{
+ (void) context;
+ (void) attributes;
+ (void) method;
+ if( slot_number >= ARRAY_LENGTH( ram_slots ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t ram_sign( psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length )
+{
+ ram_slot_t *slot;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_handle_t handle = 0;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+ (void) context;
+ DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
+ slot = &ram_slots[slot_number];
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, slot->type );
+ DRIVER_ASSERT( psa_import_key( &attributes,
+ slot->content,
+ PSA_BITS_TO_BYTES( slot->bits ),
+ &handle ) == PSA_SUCCESS );
+ status = psa_asymmetric_sign( handle, alg,
+ hash, hash_length,
+ signature, signature_size,
+ signature_length );
+
+exit:
+ psa_destroy_key( handle );
+ return( status );
+}
+
+static psa_status_t ram_verify( psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length )
+{
+ ram_slot_t *slot;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_handle_t handle = 0;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+ (void) context;
+ DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
+ slot = &ram_slots[slot_number];
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, slot->type );
+ DRIVER_ASSERT( psa_import_key( &attributes,
+ slot->content,
+ PSA_BITS_TO_BYTES( slot->bits ),
+ &handle ) ==
+ PSA_SUCCESS );
+ status = psa_asymmetric_verify( handle, alg,
+ hash, hash_length,
+ signature, signature_length );
+
+exit:
+ psa_destroy_key( handle );
+ return( status );
+}
+
+
+
+
+/****************************************************************/
+/* Other test helper functions */
+/****************************************************************/
+
+typedef enum
+{
+ SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION,
+ SIGN_IN_DRIVER_AND_PARALLEL_CREATION,
+ SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC,
+} sign_verify_method_t;
+
+/* Check that the attributes of a key reported by psa_get_key_attributes()
+ * are consistent with the attributes used when creating the key. */
+static int check_key_attributes(
+ psa_key_handle_t handle,
+ const psa_key_attributes_t *reference_attributes )
+{
+ int ok = 0;
+ psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_get_key_attributes( handle, &actual_attributes ) );
+
+ TEST_EQUAL( psa_get_key_id( &actual_attributes ),
+ psa_get_key_id( reference_attributes ) );
+ TEST_EQUAL( psa_get_key_lifetime( &actual_attributes ),
+ psa_get_key_lifetime( reference_attributes ) );
+ TEST_EQUAL( psa_get_key_type( &actual_attributes ),
+ psa_get_key_type( reference_attributes ) );
+ TEST_EQUAL( psa_get_key_usage_flags( &actual_attributes ),
+ psa_get_key_usage_flags( reference_attributes ) );
+ TEST_EQUAL( psa_get_key_algorithm( &actual_attributes ),
+ psa_get_key_algorithm( reference_attributes ) );
+ TEST_EQUAL( psa_get_key_enrollment_algorithm( &actual_attributes ),
+ psa_get_key_enrollment_algorithm( reference_attributes ) );
+ if( psa_get_key_bits( reference_attributes ) != 0 )
+ {
+ TEST_EQUAL( psa_get_key_bits( &actual_attributes ),
+ psa_get_key_bits( reference_attributes ) );
+ }
+
+ {
+ psa_key_slot_number_t actual_slot_number = 0xdeadbeef;
+ psa_key_slot_number_t desired_slot_number = 0xb90cc011;
+ psa_key_lifetime_t lifetime =
+ psa_get_key_lifetime( &actual_attributes );
+ psa_status_t status = psa_get_key_slot_number( &actual_attributes,
+ &actual_slot_number );
+ if( lifetime < MIN_DRIVER_LIFETIME )
+ {
+ /* The key is not in a secure element. */
+ TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
+ }
+ else
+ {
+ /* The key is in a secure element. If it had been created
+ * in a specific slot, check that it is reported there. */
+ PSA_ASSERT( status );
+ status = psa_get_key_slot_number( reference_attributes,
+ &desired_slot_number );
+ if( status == PSA_SUCCESS )
+ {
+ TEST_EQUAL( desired_slot_number, actual_slot_number );
+ }
+ }
+ }
+ ok = 1;
+
+exit:
+ return( ok );
+}
+
+/* Check that a function's return status is "smoke-free", i.e. that
+ * it's an acceptable error code when calling an API function that operates
+ * on a key with potentially bogus parameters. */
+static int is_status_smoke_free( psa_status_t status )
+{
+ switch( status )
+ {
+ case PSA_SUCCESS:
+ case PSA_ERROR_NOT_SUPPORTED:
+ case PSA_ERROR_NOT_PERMITTED:
+ case PSA_ERROR_BUFFER_TOO_SMALL:
+ case PSA_ERROR_INVALID_ARGUMENT:
+ case PSA_ERROR_INVALID_SIGNATURE:
+ case PSA_ERROR_INVALID_PADDING:
+ return( 1 );
+ default:
+ return( 0 );
+ }
+}
+#define SMOKE_ASSERT( expr ) \
+ TEST_ASSERT( is_status_smoke_free( expr ) )
+
+/* Smoke test a key. There are mostly no wrong answers here since we pass
+ * mostly bogus parameters: the goal is to ensure that there is no memory
+ * corruption or crash. This test function is most useful when run under
+ * an environment with sanity checks such as ASan or MSan. */
+static int smoke_test_key( psa_key_handle_t handle )
+{
+ int ok = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_mac_operation_t mac_operation = PSA_MAC_OPERATION_INIT;
+ psa_cipher_operation_t cipher_operation = PSA_CIPHER_OPERATION_INIT;
+ psa_key_derivation_operation_t derivation_operation =
+ PSA_KEY_DERIVATION_OPERATION_INIT;
+ uint8_t buffer[80]; /* large enough for a public key for ECDH */
+ size_t length;
+ psa_key_handle_t handle2 = 0;
+
+ SMOKE_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+
+ SMOKE_ASSERT( psa_export_key( handle,
+ buffer, sizeof( buffer ), &length ) );
+ SMOKE_ASSERT( psa_export_public_key( handle,
+ buffer, sizeof( buffer ), &length ) );
+
+ SMOKE_ASSERT( psa_copy_key( handle, &attributes, &handle2 ) );
+ if( handle2 != 0 )
+ PSA_ASSERT( psa_close_key( handle2 ) );
+
+ SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, handle, PSA_ALG_CMAC ) );
+ PSA_ASSERT( psa_mac_abort( &mac_operation ) );
+ SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, handle,
+ PSA_ALG_HMAC( PSA_ALG_SHA_256 ) ) );
+ PSA_ASSERT( psa_mac_abort( &mac_operation ) );
+
+ SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, handle,
+ PSA_ALG_CTR ) );
+ PSA_ASSERT( psa_cipher_abort( &cipher_operation ) );
+ SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, handle,
+ PSA_ALG_CTR ) );
+ PSA_ASSERT( psa_cipher_abort( &cipher_operation ) );
+
+ SMOKE_ASSERT( psa_aead_encrypt( handle, PSA_ALG_CCM,
+ buffer, sizeof( buffer ),
+ NULL, 0,
+ buffer, sizeof( buffer),
+ buffer, sizeof( buffer), &length ) );
+ SMOKE_ASSERT( psa_aead_decrypt( handle, PSA_ALG_CCM,
+ buffer, sizeof( buffer ),
+ NULL, 0,
+ buffer, sizeof( buffer),
+ buffer, sizeof( buffer), &length ) );
+
+ SMOKE_ASSERT( psa_asymmetric_sign( handle, PSA_ALG_ECDSA_ANY,
+ buffer, 32,
+ buffer, sizeof( buffer ), &length ) );
+ SMOKE_ASSERT( psa_asymmetric_verify( handle, PSA_ALG_ECDSA_ANY,
+ buffer, 32,
+ buffer, sizeof( buffer ) ) );
+
+ SMOKE_ASSERT( psa_asymmetric_encrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ buffer, 10, NULL, 0,
+ buffer, sizeof( buffer ), &length ) );
+ SMOKE_ASSERT( psa_asymmetric_decrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ buffer, sizeof( buffer ), NULL, 0,
+ buffer, sizeof( buffer ), &length ) );
+
+#if defined(MBEDTLS_SHA256_C)
+ /* Try the key in a plain key derivation. */
+ PSA_ASSERT( psa_key_derivation_setup( &derivation_operation,
+ PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ) );
+ PSA_ASSERT( psa_key_derivation_input_bytes( &derivation_operation,
+ PSA_KEY_DERIVATION_INPUT_SALT,
+ NULL, 0 ) );
+ SMOKE_ASSERT( psa_key_derivation_input_key( &derivation_operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ handle ) );
+ PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) );
+
+ /* If the key is asymmetric, try it in a key agreement, both as
+ * part of a derivation operation and standalone. */
+ if( psa_export_public_key( handle, buffer, sizeof( buffer ), &length ) ==
+ PSA_SUCCESS )
+ {
+ psa_algorithm_t alg =
+ PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH,
+ PSA_ALG_HKDF( PSA_ALG_SHA_256 ) );
+ PSA_ASSERT( psa_key_derivation_setup( &derivation_operation, alg ) );
+ PSA_ASSERT( psa_key_derivation_input_bytes(
+ &derivation_operation, PSA_KEY_DERIVATION_INPUT_SALT,
+ NULL, 0 ) );
+ SMOKE_ASSERT( psa_key_derivation_key_agreement(
+ &derivation_operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ handle, buffer, length ) );
+ PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) );
+
+ SMOKE_ASSERT( psa_raw_key_agreement(
+ alg, handle, buffer, length,
+ buffer, sizeof( buffer ), &length ) );
+ }
+#endif /* MBEDTLS_SHA256_C */
+
+ ok = 1;
+
+exit:
+ psa_reset_key_attributes( &attributes );
+ return( ok );
+}
+
+#define MAX_KEY_ID_FOR_TEST 10
+static void psa_purge_storage( void )
+{
+ psa_key_id_t id;
+ psa_key_lifetime_t lifetime;
+ /* The tests may have potentially created key ids from 1 to
+ * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
+ * 0, which file-based storage uses as a temporary file. */
+ for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ )
+ psa_destroy_persistent_key( id );
+ /* Purge the transaction file. */
+ psa_crypto_stop_transaction( );
+ /* Purge driver persistent data. */
+ for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ )
+ psa_destroy_se_persistent_data( lifetime );
+}
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_SE_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void register_one( int lifetime, int version, int expected_status_arg )
+{
+ psa_status_t expected_status = expected_status_arg;
+ psa_drv_se_t driver;
+
+ memset( &driver, 0, sizeof( driver ) );
+ driver.hal_version = version;
+
+ TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ expected_status );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+exit:
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void register_twice( int count )
+{
+ psa_drv_se_t driver;
+ psa_key_lifetime_t lifetime;
+ psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + count;
+
+ memset( &driver, 0, sizeof( driver ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+
+ for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
+ TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ PSA_ERROR_ALREADY_EXISTS );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+exit:
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void register_max( )
+{
+ psa_drv_se_t driver;
+ psa_key_lifetime_t lifetime;
+ psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + PSA_MAX_SE_DRIVERS;
+
+ memset( &driver, 0, sizeof( driver ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+
+ for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+
+ TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+exit:
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_creation_import_export( int min_slot, int restart )
+{
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
+ uint8_t exported[sizeof( key_material )];
+ size_t exported_length;
+
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+ driver.key_management = &key_management;
+ driver.persistent_data_size = sizeof( ram_slot_usage_t );
+ key_management.p_allocate = ram_allocate;
+ key_management.p_import = ram_import;
+ key_management.p_destroy = ram_destroy;
+ key_management.p_export = ram_export;
+ ram_min_slot = min_slot;
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Create a key. */
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_material, sizeof( key_material ),
+ &handle ) );
+
+ /* Maybe restart, to check that the information is saved correctly. */
+ if( restart )
+ {
+ mbedtls_psa_crypto_free( );
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT( psa_open_key( id, &handle ) );
+ }
+
+ /* Test that the key was created in the expected slot. */
+ TEST_ASSERT( ram_slots[min_slot].type == PSA_KEY_TYPE_RAW_DATA );
+
+ /* Test the key attributes, including the reported slot number. */
+ psa_set_key_bits( &attributes,
+ PSA_BYTES_TO_BITS( sizeof( key_material ) ) );
+ psa_set_key_slot_number( &attributes, min_slot );
+ if( ! check_key_attributes( handle, &attributes ) )
+ goto exit;
+
+ /* Test the key data. */
+ PSA_ASSERT( psa_export_key( handle,
+ exported, sizeof( exported ),
+ &exported_length ) );
+ ASSERT_COMPARE( key_material, sizeof( key_material ),
+ exported, exported_length );
+
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ handle = 0;
+ TEST_EQUAL( psa_open_key( id, &handle ),
+ PSA_ERROR_DOES_NOT_EXIST );
+
+ /* Test that the key has been erased from the designated slot. */
+ TEST_ASSERT( ram_slots[min_slot].type == 0 );
+
+exit:
+ PSA_DONE( );
+ ram_slots_reset( );
+ psa_purge_storage( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_creation_in_chosen_slot( int slot_arg,
+ int restart,
+ int expected_status_arg )
+{
+ psa_key_slot_number_t wanted_slot = slot_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_status_t status;
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
+
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+ driver.key_management = &key_management;
+ driver.persistent_data_size = sizeof( ram_slot_usage_t );
+ key_management.p_validate_slot_number = ram_validate_slot_number;
+ key_management.p_import = ram_import;
+ key_management.p_destroy = ram_destroy;
+ key_management.p_export = ram_export;
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Create a key. */
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ psa_set_key_slot_number( &attributes, wanted_slot );
+ status = psa_import_key( &attributes,
+ key_material, sizeof( key_material ),
+ &handle );
+ TEST_EQUAL( status, expected_status );
+
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ /* Maybe restart, to check that the information is saved correctly. */
+ if( restart )
+ {
+ mbedtls_psa_crypto_free( );
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT( psa_open_key( id, &handle ) );
+ }
+
+ /* Test that the key was created in the expected slot. */
+ TEST_EQUAL( ram_slots[wanted_slot].type, PSA_KEY_TYPE_RAW_DATA );
+
+ /* Test that the key is reported with the correct attributes,
+ * including the expected slot. */
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ handle = 0;
+ TEST_EQUAL( psa_open_key( id, &handle ),
+ PSA_ERROR_DOES_NOT_EXIST );
+
+exit:
+ PSA_DONE( );
+ ram_slots_reset( );
+ psa_purge_storage( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import_key_smoke( int type_arg, int alg_arg,
+ data_t *key_material )
+{
+ psa_key_type_t type = type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+ driver.key_management = &key_management;
+ driver.persistent_data_size = sizeof( psa_key_slot_number_t );
+ key_management.p_allocate = counter_allocate;
+ key_management.p_import = null_import;
+ key_management.p_destroy = null_destroy;
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Create a key. */
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY |
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, type );
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_material->x, key_material->len,
+ &handle ) );
+
+ /* Do stuff with the key. */
+ if( ! smoke_test_key( handle ) )
+ goto exit;
+
+ /* Restart and try again. */
+ mbedtls_psa_crypto_free( );
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT( psa_open_key( id, &handle ) );
+ if( ! smoke_test_key( handle ) )
+ goto exit;
+
+ /* We're done. */
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ handle = 0;
+ TEST_EQUAL( psa_open_key( id, &handle ),
+ PSA_ERROR_DOES_NOT_EXIST );
+
+exit:
+ PSA_DONE( );
+ psa_purge_storage( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void generate_key_not_supported( int type_arg, int bits_arg )
+{
+ psa_key_type_t type = type_arg;
+ size_t bits = bits_arg;
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+ driver.key_management = &key_management;
+ driver.persistent_data_size = sizeof( psa_key_slot_number_t );
+ key_management.p_allocate = counter_allocate;
+ /* No p_generate method */
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_type( &attributes, type );
+ psa_set_key_bits( &attributes, bits );
+ TEST_EQUAL( psa_generate_key( &attributes, &handle ),
+ PSA_ERROR_NOT_SUPPORTED );
+
+exit:
+ PSA_DONE( );
+ psa_purge_storage( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
+{
+ psa_key_type_t type = type_arg;
+ psa_key_bits_t bits = bits_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+ driver.key_management = &key_management;
+ driver.persistent_data_size = sizeof( psa_key_slot_number_t );
+ key_management.p_allocate = counter_allocate;
+ key_management.p_generate = null_generate;
+ key_management.p_destroy = null_destroy;
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Create a key. */
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY |
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, type );
+ psa_set_key_bits( &attributes, bits );
+ PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
+
+ /* Do stuff with the key. */
+ if( ! smoke_test_key( handle ) )
+ goto exit;
+
+ /* Restart and try again. */
+ mbedtls_psa_crypto_free( );
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT( psa_open_key( id, &handle ) );
+ if( ! smoke_test_key( handle ) )
+ goto exit;
+
+ /* We're done. */
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ handle = 0;
+ TEST_EQUAL( psa_open_key( id, &handle ),
+ PSA_ERROR_DOES_NOT_EXIST );
+
+exit:
+ PSA_DONE( );
+ psa_purge_storage( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void sign_verify( int flow,
+ int type_arg, int alg_arg,
+ int bits_arg, data_t *key_material,
+ data_t *input )
+{
+ psa_key_type_t type = type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t bits = bits_arg;
+ /* Pass bits=0 to import, bits>0 to fake-generate */
+ int generating = ( bits != 0 );
+
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_drv_se_asymmetric_t asymmetric;
+
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t drv_handle = 0; /* key managed by the driver */
+ psa_key_handle_t sw_handle = 0; /* transparent key */
+ psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t drv_attributes;
+ uint8_t signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE];
+ size_t signature_length;
+
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ memset( &asymmetric, 0, sizeof( asymmetric ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+ driver.key_management = &key_management;
+ driver.asymmetric = &asymmetric;
+ driver.persistent_data_size = sizeof( ram_slot_usage_t );
+ key_management.p_allocate = ram_allocate;
+ key_management.p_destroy = ram_destroy;
+ if( generating )
+ key_management.p_generate = ram_fake_generate;
+ else
+ key_management.p_import = ram_import;
+ switch( flow )
+ {
+ case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:
+ break;
+ case SIGN_IN_DRIVER_AND_PARALLEL_CREATION:
+ asymmetric.p_sign = ram_sign;
+ break;
+ case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:
+ asymmetric.p_sign = ram_sign;
+ key_management.p_export_public = ram_export_public;
+ break;
+ default:
+ TEST_ASSERT( ! "unsupported flow (should be SIGN_IN_xxx)" );
+ break;
+ }
+ asymmetric.p_verify = ram_verify;
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Prepare to create two keys with the same key material: a transparent
+ * key, and one that goes through the driver. */
+ psa_set_key_usage_flags( &sw_attributes,
+ PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY );
+ psa_set_key_algorithm( &sw_attributes, alg );
+ psa_set_key_type( &sw_attributes, type );
+ drv_attributes = sw_attributes;
+ psa_set_key_id( &drv_attributes, id );
+ psa_set_key_lifetime( &drv_attributes, lifetime );
+
+ /* Create the key in the driver. */
+ if( generating )
+ {
+ psa_set_key_bits( &drv_attributes, bits );
+ PSA_ASSERT( psa_generate_key( &drv_attributes, &drv_handle ) );
+ /* Since we called a generate method that does not actually
+ * generate material, store the desired result of generation in
+ * the mock secure element storage. */
+ PSA_ASSERT( psa_get_key_attributes( drv_handle, &drv_attributes ) );
+ TEST_ASSERT( key_material->len == PSA_BITS_TO_BYTES( bits ) );
+ memcpy( ram_slots[ram_min_slot].content, key_material->x,
+ key_material->len );
+ }
+ else
+ {
+ PSA_ASSERT( psa_import_key( &drv_attributes,
+ key_material->x, key_material->len,
+ &drv_handle ) );
+ }
+
+ /* Either import the same key in software, or export the driver's
+ * public key and import that. */
+ switch( flow )
+ {
+ case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:
+ case SIGN_IN_DRIVER_AND_PARALLEL_CREATION:
+ PSA_ASSERT( psa_import_key( &sw_attributes,
+ key_material->x, key_material->len,
+ &sw_handle ) );
+ break;
+ case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:
+ {
+ uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )];
+ size_t public_key_length;
+ PSA_ASSERT( psa_export_public_key( drv_handle,
+ public_key, sizeof( public_key ),
+ &public_key_length ) );
+ psa_set_key_type( &sw_attributes,
+ PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ) );
+ PSA_ASSERT( psa_import_key( &sw_attributes,
+ public_key, public_key_length,
+ &sw_handle ) );
+ break;
+ }
+ }
+
+ /* Sign with the chosen key. */
+ switch( flow )
+ {
+ case SIGN_IN_DRIVER_AND_PARALLEL_CREATION:
+ case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:
+ PSA_ASSERT_VIA_DRIVER(
+ psa_asymmetric_sign( drv_handle,
+ alg,
+ input->x, input->len,
+ signature, sizeof( signature ),
+ &signature_length ),
+ PSA_SUCCESS );
+ break;
+ case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:
+ PSA_ASSERT( psa_asymmetric_sign( sw_handle,
+ alg,
+ input->x, input->len,
+ signature, sizeof( signature ),
+ &signature_length ) );
+ break;
+ }
+
+ /* Verify with both keys. */
+ PSA_ASSERT( psa_asymmetric_verify( sw_handle, alg,
+ input->x, input->len,
+ signature, signature_length ) );
+ PSA_ASSERT_VIA_DRIVER(
+ psa_asymmetric_verify( drv_handle, alg,
+ input->x, input->len,
+ signature, signature_length ),
+ PSA_SUCCESS );
+
+ /* Change the signature and verify again. */
+ signature[0] ^= 1;
+ TEST_EQUAL( psa_asymmetric_verify( sw_handle, alg,
+ input->x, input->len,
+ signature, signature_length ),
+ PSA_ERROR_INVALID_SIGNATURE );
+ PSA_ASSERT_VIA_DRIVER(
+ psa_asymmetric_verify( drv_handle, alg,
+ input->x, input->len,
+ signature, signature_length ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
+exit:
+ psa_destroy_key( drv_handle );
+ psa_destroy_key( sw_handle );
+ PSA_DONE( );
+ ram_slots_reset( );
+ psa_purge_storage( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void register_key_smoke_test( int lifetime_arg,
+ int validate,
+ int expected_status_arg )
+{
+ psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t id = 1;
+ size_t bit_size = 48;
+ psa_key_slot_number_t wanted_slot = 0x123456789;
+ psa_key_handle_t handle = 0;
+ psa_status_t status;
+
+ memset( &driver, 0, sizeof( driver ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+ memset( &key_management, 0, sizeof( key_management ) );
+ driver.key_management = &key_management;
+ key_management.p_destroy = null_destroy;
+ if( validate >= 0 )
+ {
+ key_management.p_validate_slot_number = validate_slot_number_as_directed;
+ validate_slot_number_directions.slot_number = wanted_slot;
+ validate_slot_number_directions.method = PSA_KEY_CREATION_REGISTER;
+ validate_slot_number_directions.status =
+ ( validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED );
+ }
+
+ PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LIFETIME, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ psa_set_key_bits( &attributes, bit_size );
+ psa_set_key_slot_number( &attributes, wanted_slot );
+
+ status = mbedtls_psa_register_se_key( &attributes );
+ TEST_EQUAL( status, expected_status );
+
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ /* Test that the key exists and has the expected attributes. */
+ PSA_ASSERT( psa_open_key( id, &handle ) );
+ if( ! check_key_attributes( handle, &attributes ) )
+ goto exit;
+ PSA_ASSERT( psa_close_key( handle ) );
+
+ /* Restart and try again. */
+ PSA_DONE( );
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT( psa_open_key( id, &handle ) );
+ if( ! check_key_attributes( handle, &attributes ) )
+ goto exit;
+ /* This time, destroy the key. */
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ handle = 0;
+ TEST_EQUAL( psa_open_key( id, &handle ),
+ PSA_ERROR_DOES_NOT_EXIST );
+
+exit:
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( handle );
+ PSA_DONE( );
+ psa_purge_storage( );
+ memset( &validate_slot_number_directions, 0,
+ sizeof( validate_slot_number_directions ) );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
new file mode 100644
index 0000000..dba6875
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
@@ -0,0 +1,47 @@
+SE key importing mock test
+mock_import:PSA_SUCCESS:PSA_SUCCESS:0:PSA_SUCCESS
+
+SE key importing mock test: max key bits
+mock_import:PSA_SUCCESS:PSA_SUCCESS:PSA_MAX_KEY_BITS:PSA_SUCCESS
+
+SE key importing mock test: more than max key bits
+mock_import:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_MAX_KEY_BITS+1:PSA_ERROR_NOT_SUPPORTED
+
+SE key importing mock test: alloc failed
+mock_import:PSA_ERROR_HARDWARE_FAILURE:PSA_SUCCESS:0:PSA_ERROR_HARDWARE_FAILURE
+
+SE key importing mock test: import failed
+mock_import:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:0:PSA_ERROR_HARDWARE_FAILURE
+
+SE key exporting mock test
+mock_export:PSA_SUCCESS:PSA_SUCCESS
+
+SE key exporting mock test: export failed
+mock_export:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE
+
+SE public key exporting mock test
+mock_export_public:PSA_SUCCESS:PSA_SUCCESS
+
+SE public key exporting mock test: export failed
+mock_export_public:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE
+
+SE key generating mock test
+mock_generate:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
+
+SE key generating mock test: alloc failed
+mock_generate:PSA_ERROR_HARDWARE_FAILURE:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE
+
+SE key generating mock test: generating failed
+mock_generate:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE
+
+SE signing mock test
+mock_sign:PSA_SUCCESS:PSA_SUCCESS
+
+SE signing mock test: sign failed
+mock_sign:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE
+
+SE verification mock test
+mock_verify:PSA_SUCCESS:PSA_SUCCESS
+
+SE verification mock test: verify failed
+mock_verify:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
new file mode 100644
index 0000000..e364178
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
@@ -0,0 +1,581 @@
+/* BEGIN_HEADER */
+#include "psa_crypto_helpers.h"
+#include "psa/crypto_se_driver.h"
+
+#include "psa_crypto_se.h"
+#include "psa_crypto_storage.h"
+
+static struct
+{
+ uint16_t called;
+ psa_key_slot_number_t key_slot;
+ psa_key_attributes_t attributes;
+ size_t pubkey_size;
+ psa_status_t return_value;
+} mock_generate_data;
+
+static struct
+{
+ uint16_t called;
+ psa_key_slot_number_t key_slot;
+ psa_key_attributes_t attributes;
+ size_t bits;
+ size_t data_length;
+ psa_status_t return_value;
+} mock_import_data;
+
+static struct
+{
+ uint16_t called;
+ psa_key_slot_number_t slot_number;
+ size_t data_size;
+ psa_status_t return_value;
+} mock_export_data;
+
+static struct
+{
+ uint16_t called;
+ psa_key_slot_number_t slot_number;
+ size_t data_size;
+ psa_status_t return_value;
+} mock_export_public_data;
+
+static struct
+{
+ uint16_t called;
+ psa_key_slot_number_t key_slot;
+ psa_algorithm_t alg;
+ size_t hash_length;
+ size_t signature_size;
+ psa_status_t return_value;
+} mock_sign_data;
+
+static struct
+{
+ uint16_t called;
+ psa_key_slot_number_t key_slot;
+ psa_algorithm_t alg;
+ size_t hash_length;
+ size_t signature_length;
+ psa_status_t return_value;
+} mock_verify_data;
+
+static struct
+{
+ uint16_t called;
+ psa_status_t return_value;
+} mock_allocate_data;
+
+static struct
+{
+ uint16_t called;
+ psa_key_slot_number_t slot_number;
+ psa_status_t return_value;
+} mock_destroy_data;
+
+#define MAX_KEY_ID_FOR_TEST 10
+static void psa_purge_storage( void )
+{
+ psa_key_id_t id;
+ psa_key_lifetime_t lifetime;
+ /* The tests may have potentially created key ids from 1 to
+ * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
+ * 0, which file-based storage uses as a temporary file. */
+ for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ )
+ psa_destroy_persistent_key( id );
+ /* Purge the transaction file. */
+ psa_crypto_stop_transaction( );
+ /* Purge driver persistent data. */
+ for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ )
+ psa_destroy_se_persistent_data( lifetime );
+}
+
+static void mock_teardown( void )
+{
+ memset( &mock_import_data, 0, sizeof( mock_import_data ) );
+ memset( &mock_export_data, 0, sizeof( mock_export_data ) );
+ memset( &mock_export_public_data, 0, sizeof( mock_export_public_data ) );
+ memset( &mock_sign_data, 0, sizeof( mock_sign_data ) );
+ memset( &mock_verify_data, 0, sizeof( mock_verify_data ) );
+ memset( &mock_allocate_data, 0, sizeof( mock_allocate_data ) );
+ memset( &mock_destroy_data, 0, sizeof( mock_destroy_data ) );
+ memset( &mock_generate_data, 0, sizeof( mock_generate_data ) );
+ psa_purge_storage( );
+}
+
+static psa_status_t mock_generate( psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
+ const psa_key_attributes_t *attributes,
+ uint8_t *pubkey,
+ size_t pubkey_size,
+ size_t *pubkey_length )
+{
+ (void) drv_context;
+ (void) pubkey;
+ (void) pubkey_length;
+
+ mock_generate_data.called++;
+ mock_generate_data.key_slot = key_slot;
+ mock_generate_data.attributes = *attributes;
+ mock_generate_data.pubkey_size = pubkey_size;
+
+ return( mock_generate_data.return_value );
+}
+
+static psa_status_t mock_import( psa_drv_se_context_t *drv_context,
+ psa_key_slot_number_t key_slot,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ size_t *bits )
+{
+ (void) drv_context;
+ (void) data;
+
+ *bits = mock_import_data.bits;
+
+ mock_import_data.called++;
+ mock_import_data.key_slot = key_slot;
+ mock_import_data.attributes = *attributes;
+ mock_import_data.data_length = data_length;
+
+ return( mock_import_data.return_value );
+}
+
+psa_status_t mock_export( psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ uint8_t *p_data,
+ size_t data_size,
+ size_t *p_data_length )
+{
+ (void) context;
+ (void) p_data;
+ (void) p_data_length;
+
+ mock_export_data.called++;
+ mock_export_data.slot_number = slot_number;
+ mock_export_data.data_size = data_size;
+
+ return( mock_export_data.return_value );
+}
+
+psa_status_t mock_export_public( psa_drv_se_context_t *context,
+ psa_key_slot_number_t slot_number,
+ uint8_t *p_data,
+ size_t data_size,
+ size_t *p_data_length )
+{
+ (void) context;
+ (void) p_data;
+ (void) p_data_length;
+
+ mock_export_public_data.called++;
+ mock_export_public_data.slot_number = slot_number;
+ mock_export_public_data.data_size = data_size;
+
+ return( mock_export_public_data.return_value );
+}
+
+psa_status_t mock_sign( psa_drv_se_context_t *context,
+ psa_key_slot_number_t key_slot,
+ psa_algorithm_t alg,
+ const uint8_t *p_hash,
+ size_t hash_length,
+ uint8_t *p_signature,
+ size_t signature_size,
+ size_t *p_signature_length )
+{
+ (void) context;
+ (void) p_hash;
+ (void) p_signature;
+ (void) p_signature_length;
+
+ mock_sign_data.called++;
+ mock_sign_data.key_slot = key_slot;
+ mock_sign_data.alg = alg;
+ mock_sign_data.hash_length = hash_length;
+ mock_sign_data.signature_size = signature_size;
+
+ return mock_sign_data.return_value;
+}
+
+psa_status_t mock_verify( psa_drv_se_context_t *context,
+ psa_key_slot_number_t key_slot,
+ psa_algorithm_t alg,
+ const uint8_t *p_hash,
+ size_t hash_length,
+ const uint8_t *p_signature,
+ size_t signature_length )
+{
+ (void) context;
+ (void) p_hash;
+ (void) p_signature;
+
+ mock_verify_data.called++;
+ mock_verify_data.key_slot = key_slot;
+ mock_verify_data.alg = alg;
+ mock_verify_data.hash_length = hash_length;
+ mock_verify_data.signature_length = signature_length;
+
+ return mock_verify_data.return_value;
+}
+
+psa_status_t mock_allocate( psa_drv_se_context_t *drv_context,
+ void *persistent_data,
+ const psa_key_attributes_t *attributes,
+ psa_key_creation_method_t method,
+ psa_key_slot_number_t *key_slot )
+{
+ (void) drv_context;
+ (void) persistent_data;
+ (void) attributes;
+ (void) method;
+ (void) key_slot;
+
+ mock_allocate_data.called++;
+ *key_slot = 0;
+
+ return( mock_allocate_data.return_value );
+}
+
+psa_status_t mock_destroy( psa_drv_se_context_t *context,
+ void *persistent_data,
+ psa_key_slot_number_t slot_number )
+{
+ (void) context;
+ (void) persistent_data;
+
+ mock_destroy_data.called++;
+ mock_destroy_data.slot_number = slot_number;
+
+ return( mock_destroy_data.return_value );
+}
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_SE_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void mock_import( int mock_alloc_return_value,
+ int mock_import_return_value,
+ int bits,
+ int expected_result )
+{
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
+
+ mock_allocate_data.return_value = mock_alloc_return_value;
+ mock_import_data.return_value = mock_import_return_value;
+ mock_import_data.bits = bits;
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+ driver.key_management = &key_management;
+ key_management.p_import = mock_import;
+ key_management.p_destroy = mock_destroy;
+ key_management.p_allocate = mock_allocate;
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ TEST_ASSERT( psa_import_key( &attributes,
+ key_material, sizeof( key_material ),
+ &handle ) == expected_result );
+
+ TEST_ASSERT( mock_allocate_data.called == 1 );
+ TEST_ASSERT( mock_import_data.called ==
+ ( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) );
+ TEST_ASSERT( mock_import_data.attributes.core.id ==
+ ( mock_alloc_return_value == PSA_SUCCESS? id : 0 ) );
+ TEST_ASSERT( mock_import_data.attributes.core.lifetime ==
+ ( mock_alloc_return_value == PSA_SUCCESS? lifetime : 0 ) );
+ TEST_ASSERT( mock_import_data.attributes.core.policy.usage ==
+ ( mock_alloc_return_value == PSA_SUCCESS? PSA_KEY_USAGE_EXPORT : 0 ) );
+ TEST_ASSERT( mock_import_data.attributes.core.type ==
+ ( mock_alloc_return_value == PSA_SUCCESS? PSA_KEY_TYPE_RAW_DATA : 0 ) );
+
+ if( expected_result == PSA_SUCCESS )
+ {
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ TEST_ASSERT( mock_destroy_data.called == 1 );
+ }
+exit:
+ PSA_DONE( );
+ mock_teardown( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mock_export( int mock_export_return_value, int expected_result )
+{
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
+ uint8_t exported[sizeof( key_material )];
+ size_t exported_length;
+
+ mock_export_data.return_value = mock_export_return_value;
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+ driver.key_management = &key_management;
+ key_management.p_import = mock_import;
+ key_management.p_export = mock_export;
+ key_management.p_destroy = mock_destroy;
+ key_management.p_allocate = mock_allocate;
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_material, sizeof( key_material ),
+ &handle ) );
+
+ TEST_ASSERT( psa_export_key( handle,
+ exported, sizeof( exported ),
+ &exported_length ) == expected_result );
+
+ TEST_ASSERT( mock_export_data.called == 1 );
+
+ PSA_ASSERT( psa_destroy_key( handle ) );
+
+ TEST_ASSERT( mock_destroy_data.called == 1 );
+
+exit:
+ PSA_DONE( );
+ mock_teardown( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mock_generate( int mock_alloc_return_value,
+ int mock_generate_return_value,
+ int expected_result )
+{
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ mock_allocate_data.return_value = mock_alloc_return_value;
+ mock_generate_data.return_value = mock_generate_return_value;
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+ driver.key_management = &key_management;
+ key_management.p_generate = mock_generate;
+ key_management.p_destroy = mock_destroy;
+ key_management.p_allocate = mock_allocate;
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ TEST_ASSERT( psa_generate_key( &attributes, &handle ) == expected_result );
+ TEST_ASSERT( mock_allocate_data.called == 1 );
+ TEST_ASSERT( mock_generate_data.called ==
+ ( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) );
+ TEST_ASSERT( mock_generate_data.attributes.core.id ==
+ ( mock_alloc_return_value == PSA_SUCCESS? id : 0 ) );
+ TEST_ASSERT( mock_generate_data.attributes.core.lifetime ==
+ ( mock_alloc_return_value == PSA_SUCCESS? lifetime : 0 ) );
+ TEST_ASSERT( mock_generate_data.attributes.core.policy.usage ==
+ ( mock_alloc_return_value == PSA_SUCCESS? PSA_KEY_USAGE_EXPORT : 0 ) );
+ TEST_ASSERT( mock_generate_data.attributes.core.type ==
+ ( mock_alloc_return_value == PSA_SUCCESS? PSA_KEY_TYPE_RAW_DATA : 0 ) );
+
+ if( expected_result == PSA_SUCCESS )
+ {
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ TEST_ASSERT( mock_destroy_data.called == 1 );
+ }
+
+exit:
+ PSA_DONE( );
+ mock_teardown( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mock_export_public( int mock_export_public_return_value,
+ int expected_result )
+{
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
+ uint8_t exported[sizeof( key_material )];
+ size_t exported_length;
+
+ mock_export_public_data.return_value = mock_export_public_return_value;
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+ driver.key_management = &key_management;
+ key_management.p_import = mock_import;
+ key_management.p_export_public = mock_export_public;
+ key_management.p_destroy = mock_destroy;
+ key_management.p_allocate = mock_allocate;
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY );
+
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_material, sizeof( key_material ),
+ &handle ) );
+
+ TEST_ASSERT( psa_export_public_key( handle, exported, sizeof(exported),
+ &exported_length ) == expected_result );
+ TEST_ASSERT( mock_export_public_data.called == 1 );
+
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ TEST_ASSERT( mock_destroy_data.called == 1 );
+
+exit:
+ PSA_DONE( );
+ mock_teardown( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mock_sign( int mock_sign_return_value, int expected_result )
+{
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_drv_se_asymmetric_t asymmetric;
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
+ psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
+ size_t signature_length;
+
+ mock_sign_data.return_value = mock_sign_return_value;
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ memset( &asymmetric, 0, sizeof( asymmetric ) );
+
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+
+ driver.key_management = &key_management;
+ key_management.p_import = mock_import;
+ key_management.p_destroy = mock_destroy;
+ key_management.p_allocate = mock_allocate;
+
+ driver.asymmetric = &asymmetric;
+ asymmetric.p_sign = mock_sign;
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_algorithm( &attributes, algorithm );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
+
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_material, sizeof( key_material ),
+ &handle ) );
+
+ TEST_ASSERT( psa_asymmetric_sign( handle, algorithm, NULL, 0, NULL, 0,
+ &signature_length)
+ == expected_result );
+ TEST_ASSERT( mock_sign_data.called == 1 );
+
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ TEST_ASSERT( mock_destroy_data.called == 1 );
+
+exit:
+ PSA_DONE( );
+ mock_teardown( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mock_verify( int mock_verify_return_value, int expected_result )
+{
+ psa_drv_se_t driver;
+ psa_drv_se_key_management_t key_management;
+ psa_drv_se_asymmetric_t asymmetric;
+ psa_key_lifetime_t lifetime = 2;
+ psa_key_id_t id = 1;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
+ psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
+
+ mock_verify_data.return_value = mock_verify_return_value;
+ memset( &driver, 0, sizeof( driver ) );
+ memset( &key_management, 0, sizeof( key_management ) );
+ memset( &asymmetric, 0, sizeof( asymmetric ) );
+
+ driver.hal_version = PSA_DRV_SE_HAL_VERSION;
+
+ driver.key_management = &key_management;
+ key_management.p_import = mock_import;
+ key_management.p_destroy = mock_destroy;
+ key_management.p_allocate = mock_allocate;
+
+ driver.asymmetric = &asymmetric;
+ asymmetric.p_verify = mock_verify;
+
+ PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+ psa_set_key_algorithm( &attributes, algorithm );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_material, sizeof( key_material ),
+ &handle ) );
+
+ TEST_ASSERT( psa_asymmetric_verify( handle, algorithm, NULL, 0, NULL, 0)
+ == expected_result );
+ TEST_ASSERT( mock_verify_data.called == 1 );
+
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ TEST_ASSERT( mock_destroy_data.called == 1 );
+
+exit:
+ PSA_DONE( );
+ mock_teardown( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
index 1b9e0de..233b166 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -1,36 +1,65 @@
Transient slot, check after closing
transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
+Transient slot, check after closing and restarting
+transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE_WITH_SHUTDOWN
+
Transient slot, check after destroying
transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
-Transient slot, check after restart
+Transient slot, check after destroying and restarting
+transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY_WITH_SHUTDOWN
+
+Transient slot, check after restart with live handles
transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
-Persistent slot, check after closing
-persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
+Persistent slot, check after closing, id=min
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
-Persistent slot, check after destroying
-persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
+Persistent slot, check after closing and restarting, id=min
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
-Persistent slot, check after restart
-persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
+Persistent slot, check after destroying, id=min
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
+
+Persistent slot, check after destroying and restarting, id=min
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
+
+Persistent slot, check after restart with live handle, id=min
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
+
+Persistent slot, check after closing, id=max
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
+
+Persistent slot, check after destroying, id=max
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
+
+Persistent slot, check after restart, id=max
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
Persistent slot: ECP keypair (ECDSA, exportable); close
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
+
+Persistent slot: ECP keypair (ECDSA, exportable); close+restart
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN
Persistent slot: ECP keypair (ECDSA, exportable); restart
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
Persistent slot: ECP keypair (ECDH+ECDSA, exportable); close
depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDH(PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
+
+Persistent slot: ECP keypair (ECDH+ECDSA, exportable); close+restart
+depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN
Persistent slot: ECP keypair (ECDH+ECDSA, exportable); restart
depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDH(PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
Attempt to overwrite: close before
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_BEFORE
@@ -43,24 +72,23 @@
Open failure: invalid identifier (0)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_ERROR_INVALID_ARGUMENT
+open_fail:0:PSA_ERROR_INVALID_ARGUMENT
Open failure: invalid identifier (random seed UID)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT
+open_fail:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT
+
+Open failure: invalid identifier (reserved range)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_ARGUMENT
+
+Open failure: invalid identifier (implementation range)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+open_fail:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_DOES_NOT_EXIST
Open failure: non-existent identifier
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_DOES_NOT_EXIST
-
-Open failure: volatile lifetime
-open_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
-
-Open failure: invalid lifetime
-open_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
-
-Create failure: volatile lifetime
-create_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
+open_fail:1:PSA_ERROR_DOES_NOT_EXIST
Create failure: invalid lifetime
create_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
@@ -73,69 +101,52 @@
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT
+Create failure: invalid key id (reserved range)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_ARGUMENT
+
+Create failure: invalid key id (implementation range)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_INVALID_ARGUMENT
+
Open not supported
depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_NOT_SUPPORTED
+open_fail:1:PSA_ERROR_NOT_SUPPORTED
Create not supported
depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C
create_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_NOT_SUPPORTED
Copy volatile to volatile
-copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
+copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
Copy volatile to persistent
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
+copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
Copy persistent to volatile
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
+copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
Copy persistent to persistent
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
+copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
Copy persistent to persistent with enrollment algorithm
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
-copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING
+copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING
-Copy empty volatile to volatile
-copy_from_empty:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0
-
-Copy empty volatile to persistent
+Copy volatile to occupied
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_from_empty:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0
+copy_to_occupied:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
-Copy empty persistent to volatile
+Copy persistent to occupied
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_from_empty:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0
+copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
-Copy empty persistent to persistent
+Copy persistent to same
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_from_empty:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0
-
-Copy volatile to occupied volatile
-copy_to_occupied:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
-
-Copy volatile to occupied persistent
-depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_to_occupied:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
-
-Copy persistent to occupied volatile
-depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
-
-Copy persistent to occupied persistent
-depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
-
-Copy volatile to itself
-copy_to_same:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
-
-Copy persistent to itself
-depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-copy_to_same:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
+copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
Close/destroy invalid handle
invalid_handle:
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index d036e9e..3b9eada 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -1,18 +1,16 @@
/* BEGIN_HEADER */
#include <stdint.h>
-#if defined(MBEDTLS_PSA_CRYPTO_SPM)
-#include "spm/psa_defs.h"
-#endif
-#include "psa/crypto.h"
-
+#include "psa_crypto_helpers.h"
#include "psa_crypto_storage.h"
typedef enum
{
- CLOSE_BY_CLOSE,
- CLOSE_BY_DESTROY,
- CLOSE_BY_SHUTDOWN,
+ CLOSE_BY_CLOSE, /**< Close the handle(s). */
+ CLOSE_BY_DESTROY, /**< Destroy the handle(s). */
+ CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing handles. */
+ CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close handle(s) then deinit/reinit. */
+ CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy handle(s) then deinit/reinit. */
} close_method_t;
typedef enum
@@ -23,38 +21,99 @@
} reopen_policy_t;
/* All test functions that create persistent keys must call
- * `TEST_MAX_KEY_ID( key_id )` before creating a persistent key with this
+ * `TEST_USES_KEY_ID( key_id )` before creating a persistent key with this
* identifier, and must call psa_purge_key_storage() in their cleanup
* code. */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-/* There is no API to purge all keys. For this test suite, require that
- * all key IDs be less than a certain maximum, or a well-known value
- * which corresponds to a file that does not contain a key. */
-#define MAX_KEY_ID_FOR_TEST 32
-#define KEY_ID_IS_WELL_KNOWN( key_id ) \
- ( ( key_id ) == PSA_CRYPTO_ITS_RANDOM_SEED_UID )
-#define TEST_MAX_KEY_ID( key_id ) \
- TEST_ASSERT( ( key_id ) <= MAX_KEY_ID_FOR_TEST || \
- KEY_ID_IS_WELL_KNOWN( key_id ) )
-void psa_purge_key_storage( void )
+static psa_key_id_t key_ids_used_in_test[9];
+static size_t num_key_ids_used;
+
+/* Record a key id as potentially used in a test case. */
+static int test_uses_key_id( psa_key_id_t key_id )
{
- psa_key_id_t i;
- /* The tests may have potentially created key ids from 1 to
- * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
- * 0, which file-based storage uses as a temporary file. */
- for( i = 0; i <= MAX_KEY_ID_FOR_TEST; i++ )
- psa_destroy_persistent_key( i );
+ size_t i;
+ if( key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
+ {
+ /* Don't touch key id values that designate non-key files. */
+ return( 1 );
+ }
+ for( i = 0; i < num_key_ids_used ; i++ )
+ {
+ if( key_id == key_ids_used_in_test[i] )
+ return( 1 );
+ }
+ if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) )
+ return( 0 );
+ key_ids_used_in_test[num_key_ids_used] = key_id;
+ ++num_key_ids_used;
+ return( 1 );
+}
+#define TEST_USES_KEY_ID( key_id ) \
+ TEST_ASSERT( test_uses_key_id( key_id ) )
+
+/* Destroy all key ids that may have been created by the current test case. */
+static void psa_purge_key_storage( void )
+{
+ size_t i;
+ for( i = 0; i < num_key_ids_used; i++ )
+ psa_destroy_persistent_key( key_ids_used_in_test[i] );
+ num_key_ids_used = 0;
}
#else
-#define TEST_MAX_KEY_ID( key_id ) ( (void) ( key_id ) )
+#define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) )
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-static int psa_key_policy_equal( psa_key_policy_t *p1,
- psa_key_policy_t *p2 )
+/** Apply \p close_method to invalidate the specified handles:
+ * close it, destroy it, or do nothing;
+ */
+static int invalidate_handle( close_method_t close_method,
+ psa_key_handle_t handle )
{
- return( psa_key_policy_get_usage( p1 ) == psa_key_policy_get_usage( p2 ) &&
- psa_key_policy_get_algorithm( p1 ) == psa_key_policy_get_algorithm( p2 ) );
+ switch( close_method )
+ {
+ case CLOSE_BY_CLOSE:
+ case CLOSE_BY_CLOSE_WITH_SHUTDOWN:
+ PSA_ASSERT( psa_close_key( handle ) );
+ break;
+ case CLOSE_BY_DESTROY:
+ case CLOSE_BY_DESTROY_WITH_SHUTDOWN:
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ break;
+ case CLOSE_BY_SHUTDOWN:
+ break;
+ }
+ return( 1 );
+exit:
+ return( 0 );
+}
+
+/** Restart the PSA subsystem if \p close_method says so. */
+static int invalidate_psa( close_method_t close_method )
+{
+ switch( close_method )
+ {
+ case CLOSE_BY_CLOSE:
+ case CLOSE_BY_DESTROY:
+ return( 1 );
+ case CLOSE_BY_CLOSE_WITH_SHUTDOWN:
+ case CLOSE_BY_DESTROY_WITH_SHUTDOWN:
+ /* All keys must have been closed. */
+ PSA_DONE( );
+ break;
+ case CLOSE_BY_SHUTDOWN:
+ /* Some keys may remain behind, and we're testing that this
+ * properly closes them. */
+ mbedtls_psa_crypto_free( );
+ break;
+ }
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_PSA_PRISTINE( );
+ return( 1 );
+
+exit:
+ return( 0 );
}
/* END_HEADER */
@@ -73,42 +132,34 @@
psa_key_usage_t usage_flags = usage_arg;
psa_key_type_t type = type_arg;
close_method_t close_method = close_method_arg;
- psa_key_type_t read_type;
psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
- /* Get a handle and import a key. */
- PSA_ASSERT( psa_allocate_key( &handle ) );
+ /* Import a key. */
+ psa_set_key_usage_flags( &attributes, usage_flags );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, type );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
TEST_ASSERT( handle != 0 );
- psa_key_policy_set_usage( &policy, usage_flags, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
- PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) );
- PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
- TEST_EQUAL( read_type, type );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type );
/* Do something that invalidates the handle. */
- switch( close_method )
- {
- case CLOSE_BY_CLOSE:
- PSA_ASSERT( psa_close_key( handle ) );
- break;
- case CLOSE_BY_DESTROY:
- PSA_ASSERT( psa_destroy_key( handle ) );
- break;
- case CLOSE_BY_SHUTDOWN:
- mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_crypto_init( ) );
- break;
- }
+ if( ! invalidate_handle( close_method, handle ) )
+ goto exit;
+ if( ! invalidate_psa( close_method ) )
+ goto exit;
+
/* Test that the handle is now invalid. */
- TEST_EQUAL( psa_get_key_information( handle, &read_type, NULL ),
+ TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
PSA_ERROR_INVALID_HANDLE );
TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -124,53 +175,56 @@
psa_algorithm_t alg2 = alg2_arg;
psa_key_usage_t usage_flags = usage_arg;
psa_key_type_t type = type_arg;
- size_t bits;
close_method_t close_method = close_method_arg;
- psa_key_type_t read_type;
- size_t read_bits;
psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_key_policy_t read_policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t read_attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *reexported = NULL;
size_t reexported_length = -1;
- TEST_MAX_KEY_ID( id );
+ TEST_USES_KEY_ID( id );
PSA_ASSERT( psa_crypto_init( ) );
/* Get a handle and import a key. */
- PSA_ASSERT( psa_create_key( lifetime, id, &handle ) );
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_type( &attributes, type );
+ psa_set_key_usage_flags( &attributes, usage_flags );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_enrollment_algorithm( &attributes, alg2 );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
TEST_ASSERT( handle != 0 );
- psa_key_policy_set_usage( &policy, usage_flags, alg );
- psa_key_policy_set_enrollment_algorithm( &policy, alg2 );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
- PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) );
- PSA_ASSERT( psa_get_key_information( handle, &read_type, &bits ) );
- TEST_EQUAL( read_type, type );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
+ TEST_EQUAL( psa_get_key_id( &attributes ), id );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
+ TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type );
/* Close the key and reopen it. */
PSA_ASSERT( psa_close_key( handle ) );
- PSA_ASSERT( psa_open_key( lifetime, id, &handle ) );
- PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
- TEST_EQUAL( read_type, type );
+ PSA_ASSERT( psa_open_key( id, &handle ) );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
+ TEST_EQUAL( psa_get_key_id( &attributes ), id );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
+ TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type );
/* Do something that invalidates the handle. */
- switch( close_method )
- {
- case CLOSE_BY_CLOSE:
- PSA_ASSERT( psa_close_key( handle ) );
- break;
- case CLOSE_BY_DESTROY:
- PSA_ASSERT( psa_destroy_key( handle ) );
- break;
- case CLOSE_BY_SHUTDOWN:
- mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_crypto_init( ) );
- break;
- }
+ if( ! invalidate_handle( close_method, handle ) )
+ goto exit;
+ if( ! invalidate_psa( close_method ) )
+ goto exit;
+
/* Test that the handle is now invalid. */
- TEST_EQUAL( psa_get_key_information( handle, &read_type, NULL ),
+ TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
PSA_ERROR_INVALID_HANDLE );
+ psa_reset_key_attributes( &read_attributes );
TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
/* Try to reopen the key. If we destroyed it, check that it doesn't
@@ -179,18 +233,24 @@
switch( close_method )
{
case CLOSE_BY_CLOSE:
+ case CLOSE_BY_CLOSE_WITH_SHUTDOWN:
case CLOSE_BY_SHUTDOWN:
- PSA_ASSERT( psa_open_key( lifetime, id, &handle ) );
- PSA_ASSERT( psa_get_key_policy( handle, &read_policy ) );
- PSA_ASSERT( psa_get_key_information( handle,
- &read_type, &read_bits ) );
- TEST_EQUAL( read_type, type );
- TEST_EQUAL( read_bits, bits );
- TEST_EQUAL( psa_key_policy_get_usage( &read_policy ), usage_flags );
- TEST_EQUAL( psa_key_policy_get_algorithm( &read_policy ), alg );
- TEST_EQUAL( psa_key_policy_get_enrollment_algorithm( &read_policy ),
- alg2 );
- if( policy.usage & PSA_KEY_USAGE_EXPORT )
+ PSA_ASSERT( psa_open_key( id, &handle ) );
+ PSA_ASSERT( psa_get_key_attributes( handle, &read_attributes ) );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ),
+ psa_get_key_lifetime( &read_attributes ) );
+ TEST_EQUAL( psa_get_key_id( &attributes ),
+ psa_get_key_id( &read_attributes ) );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ),
+ psa_get_key_algorithm( &read_attributes ) );
+ TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ),
+ psa_get_key_enrollment_algorithm( &read_attributes ) );
+ TEST_EQUAL( psa_get_key_type( &attributes ),
+ psa_get_key_type( &read_attributes ) );
+ TEST_EQUAL( psa_get_key_bits( &attributes ),
+ psa_get_key_bits( &read_attributes ) );
+ if( usage_flags & PSA_KEY_USAGE_EXPORT )
{
ASSERT_ALLOC( reexported, key_data->len );
PSA_ASSERT( psa_export_key( handle,
@@ -206,15 +266,18 @@
&reexported_length ),
PSA_ERROR_NOT_PERMITTED );
}
+ PSA_ASSERT( psa_close_key( handle ) );
break;
+
case CLOSE_BY_DESTROY:
- TEST_EQUAL( psa_open_key( lifetime, id, &handle ),
+ case CLOSE_BY_DESTROY_WITH_SHUTDOWN:
+ TEST_EQUAL( psa_open_key( id, &handle ),
PSA_ERROR_DOES_NOT_EXIST );
break;
}
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
psa_purge_key_storage( );
mbedtls_free( reexported );
}
@@ -227,76 +290,82 @@
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg;
psa_key_handle_t handle1 = 0, handle2 = 0;
- psa_key_policy_t policy1 = PSA_KEY_POLICY_INIT;
- psa_key_policy_t read_policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
- psa_key_type_t read_type;
- const uint8_t material1[16] = "test material #1";
+ const uint8_t material1[5] = "a key";
+ const uint8_t material2[5] = "b key";
size_t bits1 = PSA_BYTES_TO_BITS( sizeof( material1 ) );
- size_t read_bits;
uint8_t reexported[sizeof( material1 )];
size_t reexported_length;
reopen_policy_t reopen_policy = reopen_policy_arg;
- TEST_MAX_KEY_ID( id );
+ TEST_USES_KEY_ID( id );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
- PSA_ASSERT( psa_create_key( lifetime, id, &handle1 ) );
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_type( &attributes, type1 );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &attributes, 0 );
+ PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ),
+ &handle1 ) );
TEST_ASSERT( handle1 != 0 );
- psa_key_policy_set_usage( &policy1, PSA_KEY_USAGE_EXPORT, 0 );
- PSA_ASSERT( psa_set_key_policy( handle1, &policy1 ) );
- PSA_ASSERT( psa_import_key( handle1, type1,
- material1, sizeof( material1 ) ) );
if( reopen_policy == CLOSE_BEFORE )
PSA_ASSERT( psa_close_key( handle1 ) );
/* Attempt to create a new key in the same slot. */
- TEST_EQUAL( psa_create_key( lifetime, id, &handle2 ),
+ TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ),
+ &handle2 ),
PSA_ERROR_ALREADY_EXISTS );
TEST_EQUAL( handle2, 0 );
if( reopen_policy == CLOSE_AFTER )
PSA_ASSERT( psa_close_key( handle1 ) );
if( reopen_policy == CLOSE_BEFORE || reopen_policy == CLOSE_AFTER )
- PSA_ASSERT( psa_open_key( lifetime, id, &handle1 ) );
+ PSA_ASSERT( psa_open_key( id, &handle1 ) );
/* Check that the original key hasn't changed. */
- PSA_ASSERT( psa_get_key_policy( handle1, &read_policy ) );
- TEST_ASSERT( psa_key_policy_equal( &read_policy, &policy1 ) );
- PSA_ASSERT( psa_get_key_information( handle1, &read_type, &read_bits ) );
- TEST_EQUAL( read_type, type1 );
- TEST_EQUAL( read_bits, bits1 );
+ psa_reset_key_attributes( &attributes );
+ PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) );
+ TEST_EQUAL( psa_get_key_id( &attributes ), id );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type1 );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), bits1 );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+
PSA_ASSERT( psa_export_key( handle1,
reexported, sizeof( reexported ),
&reexported_length ) );
ASSERT_COMPARE( material1, sizeof( material1 ),
reexported, reexported_length );
+ PSA_ASSERT( psa_close_key( handle1 ) );
+
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
psa_purge_key_storage( );
}
/* END_CASE */
/* BEGIN_CASE */
-void open_fail( int lifetime_arg, int id_arg,
+void open_fail( int id_arg,
int expected_status_arg )
{
- psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg;
psa_status_t expected_status = expected_status_arg;
psa_key_handle_t handle = 0xdead;
PSA_ASSERT( psa_crypto_init( ) );
- TEST_EQUAL( psa_open_key( lifetime, id, &handle ), expected_status );
+ TEST_EQUAL( psa_open_key( id, &handle ), expected_status );
TEST_EQUAL( handle, 0 );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -306,19 +375,25 @@
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg;
psa_key_handle_t handle = 0xdead;
+ uint8_t material[1] = {'k'};
- TEST_MAX_KEY_ID( id );
+ TEST_USES_KEY_ID( id );
PSA_ASSERT( psa_crypto_init( ) );
- TEST_EQUAL( psa_create_key( lifetime, id, &handle ),
+ psa_set_key_id( &attributes, id );
+ psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ),
+ &handle ),
expected_status );
TEST_EQUAL( handle, 0 );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_purge_key_storage( );
#endif
@@ -340,56 +415,54 @@
psa_key_id_t source_id = source_id_arg;
psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg;
- psa_algorithm_t source_alg2 = source_alg2_arg;
psa_key_handle_t source_handle = 0;
- psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t source_type = type_arg;
- size_t source_bits;
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
psa_key_id_t target_id = target_id_arg;
psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg;
- psa_algorithm_t target_alg2 = target_alg2_arg;
psa_key_handle_t target_handle = 0;
- psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
- psa_key_type_t target_type;
- size_t target_bits;
+ psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_usage_t expected_usage = expected_usage_arg;
psa_algorithm_t expected_alg = expected_alg_arg;
psa_algorithm_t expected_alg2 = expected_alg2_arg;
uint8_t *export_buffer = NULL;
- TEST_MAX_KEY_ID( source_id );
- TEST_MAX_KEY_ID( target_id );
+ TEST_USES_KEY_ID( source_id );
+ TEST_USES_KEY_ID( target_id );
PSA_ASSERT( psa_crypto_init( ) );
/* Populate the source slot. */
- if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE )
- PSA_ASSERT( psa_allocate_key( &source_handle ) );
- else
- PSA_ASSERT( psa_create_key( source_lifetime, source_id,
- &source_handle ) );
- psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
- psa_key_policy_set_enrollment_algorithm( &source_policy, source_alg2 );
- PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
- PSA_ASSERT( psa_import_key( source_handle, source_type,
- material->x, material->len ) );
- PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
+ if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE )
+ {
+ psa_set_key_id( &source_attributes, source_id );
+ psa_set_key_lifetime( &source_attributes, source_lifetime );
+ }
+ psa_set_key_type( &source_attributes, source_type );
+ psa_set_key_usage_flags( &source_attributes, source_usage );
+ psa_set_key_algorithm( &source_attributes, source_alg );
+ psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
+ PSA_ASSERT( psa_import_key( &source_attributes,
+ material->x, material->len,
+ &source_handle ) );
+ /* Update the attributes with the bit size. */
+ PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
/* Prepare the target slot. */
- if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE )
- PSA_ASSERT( psa_allocate_key( &target_handle ) );
- else
- PSA_ASSERT( psa_create_key( target_lifetime, target_id,
- &target_handle ) );
- psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
- psa_key_policy_set_enrollment_algorithm( &target_policy, target_alg2 );
- PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
- target_policy = psa_key_policy_init();
+ if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE )
+ {
+ psa_set_key_id( &target_attributes, target_id );
+ psa_set_key_lifetime( &target_attributes, target_lifetime );
+ }
+ psa_set_key_usage_flags( &target_attributes, target_usage );
+ psa_set_key_algorithm( &target_attributes, target_alg );
+ psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
/* Copy the key. */
- PSA_ASSERT( psa_copy_key( source_handle, target_handle, NULL ) );
+ PSA_ASSERT( psa_copy_key( source_handle,
+ &target_attributes, &target_handle ) );
/* Destroy the source to ensure that this doesn't affect the target. */
PSA_ASSERT( psa_destroy_key( source_handle ) );
@@ -400,20 +473,21 @@
{
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_open_key( target_lifetime, target_id,
- &target_handle ) );
+ PSA_ASSERT( psa_open_key( target_id, &target_handle ) );
}
/* Test that the target slot has the expected content. */
- PSA_ASSERT( psa_get_key_information( target_handle,
- &target_type, &target_bits ) );
- TEST_EQUAL( source_type, target_type );
- TEST_EQUAL( source_bits, target_bits );
- PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) );
- TEST_EQUAL( expected_usage, psa_key_policy_get_usage( &target_policy ) );
- TEST_EQUAL( expected_alg, psa_key_policy_get_algorithm( &target_policy ) );
+ psa_reset_key_attributes( &target_attributes );
+ PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
+ TEST_EQUAL( target_id, psa_get_key_id( &target_attributes ) );
+ TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) );
+ TEST_EQUAL( source_type, psa_get_key_type( &target_attributes ) );
+ TEST_EQUAL( psa_get_key_bits( &source_attributes ),
+ psa_get_key_bits( &target_attributes ) );
+ TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
+ TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
TEST_EQUAL( expected_alg2,
- psa_key_policy_get_enrollment_algorithm( &target_policy ) );
+ psa_get_key_enrollment_algorithm( &target_attributes ) );
if( expected_usage & PSA_KEY_USAGE_EXPORT )
{
size_t length;
@@ -423,9 +497,19 @@
ASSERT_COMPARE( material->x, material->len,
export_buffer, length );
}
+ else
+ {
+ size_t length;
+ /* Check that the key is actually non-exportable. */
+ TEST_EQUAL( psa_export_key( target_handle, export_buffer,
+ material->len, &length ),
+ PSA_ERROR_NOT_PERMITTED );
+ }
+
+ PSA_ASSERT( psa_destroy_key( target_handle ) );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
mbedtls_free( export_buffer );
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_purge_key_storage( );
@@ -434,69 +518,6 @@
/* END_CASE */
/* BEGIN_CASE */
-void copy_from_empty( int source_lifetime_arg, int source_id_arg,
- int source_usage_arg, int source_alg_arg,
- int target_lifetime_arg, int target_id_arg,
- int target_usage_arg, int target_alg_arg )
-{
- psa_key_lifetime_t source_lifetime = source_lifetime_arg;
- psa_key_id_t source_id = source_id_arg;
- psa_key_usage_t source_usage = source_usage_arg;
- psa_algorithm_t source_alg = source_alg_arg;
- psa_key_handle_t source_handle = 0;
- psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
- psa_key_lifetime_t target_lifetime = target_lifetime_arg;
- psa_key_id_t target_id = target_id_arg;
- psa_key_usage_t target_usage = target_usage_arg;
- psa_algorithm_t target_alg = target_alg_arg;
- psa_key_handle_t target_handle = 0;
- psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
- psa_key_policy_t got_policy;
-
- TEST_MAX_KEY_ID( source_id );
- TEST_MAX_KEY_ID( target_id );
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- /* Prepare the source slot. */
- if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE )
- PSA_ASSERT( psa_allocate_key( &source_handle ) );
- else
- PSA_ASSERT( psa_create_key( source_lifetime, source_id,
- &source_handle ) );
- psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
- PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
-
- /* Prepare the target slot. */
- if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE )
- PSA_ASSERT( psa_allocate_key( &target_handle ) );
- else
- PSA_ASSERT( psa_create_key( target_lifetime, target_id,
- &target_handle ) );
- psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
- PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
-
- /* Copy the key. */
- TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
- PSA_ERROR_DOES_NOT_EXIST );
-
- /* Test that the slots are unaffected. */
- PSA_ASSERT( psa_get_key_policy( source_handle, &got_policy ) );
- TEST_EQUAL( source_usage, psa_key_policy_get_usage( &got_policy ) );
- TEST_EQUAL( source_alg, psa_key_policy_get_algorithm( &got_policy ) );
- PSA_ASSERT( psa_get_key_policy( target_handle, &got_policy ) );
- TEST_EQUAL( target_usage, psa_key_policy_get_usage( &got_policy ) );
- TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &got_policy ) );
-
-exit:
- mbedtls_psa_crypto_free( );
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- psa_purge_key_storage( );
-#endif
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
int source_usage_arg, int source_alg_arg,
int source_type_arg, data_t *source_material,
@@ -509,63 +530,77 @@
psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg;
psa_key_handle_t source_handle = 0;
- psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
psa_key_type_t source_type = source_type_arg;
- size_t source_bits;
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
psa_key_id_t target_id = target_id_arg;
psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg;
psa_key_handle_t target_handle = 0;
- psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
psa_key_type_t target_type = target_type_arg;
- size_t target_bits;
- psa_key_policy_t got_policy;
- psa_key_type_t got_type;
- size_t got_bits;
+ psa_key_handle_t new_handle = 0xdead;
uint8_t *export_buffer = NULL;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t attributes2 = PSA_KEY_ATTRIBUTES_INIT;
- TEST_MAX_KEY_ID( source_id );
- TEST_MAX_KEY_ID( target_id );
+ TEST_USES_KEY_ID( source_id );
+ TEST_USES_KEY_ID( target_id );
PSA_ASSERT( psa_crypto_init( ) );
/* Populate the source slot. */
- if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE )
- PSA_ASSERT( psa_allocate_key( &source_handle ) );
- else
- PSA_ASSERT( psa_create_key( source_lifetime, source_id,
- &source_handle ) );
- psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
- PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
- PSA_ASSERT( psa_import_key( source_handle, source_type,
- source_material->x, source_material->len ) );
- PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
+ if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE )
+ {
+ psa_set_key_id( &attributes, source_id );
+ psa_set_key_lifetime( &attributes, source_lifetime );
+ }
+ psa_set_key_type( &attributes, source_type );
+ psa_set_key_usage_flags( &attributes, source_usage );
+ psa_set_key_algorithm( &attributes, source_alg );
+ PSA_ASSERT( psa_import_key( &attributes,
+ source_material->x, source_material->len,
+ &source_handle ) );
/* Populate the target slot. */
- if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE )
- PSA_ASSERT( psa_allocate_key( &target_handle ) );
+ if( target_id == source_id )
+ {
+ target_handle = source_handle;
+ }
else
- PSA_ASSERT( psa_create_key( target_lifetime, target_id,
+ {
+ psa_set_key_id( &attributes1, target_id );
+ psa_set_key_lifetime( &attributes1, target_lifetime );
+ psa_set_key_type( &attributes1, target_type );
+ psa_set_key_usage_flags( &attributes1, target_usage );
+ psa_set_key_algorithm( &attributes1, target_alg );
+ PSA_ASSERT( psa_import_key( &attributes1,
+ target_material->x, target_material->len,
&target_handle ) );
- psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
- PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
- PSA_ASSERT( psa_import_key( target_handle, target_type,
- target_material->x, target_material->len ) );
- PSA_ASSERT( psa_get_key_information( target_handle, NULL, &target_bits ) );
+ }
+ PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes1 ) );
- /* Copy the key. */
- TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
+ /* Make a copy attempt. */
+ psa_set_key_id( &attributes, target_id );
+ psa_set_key_lifetime( &attributes, target_lifetime );
+ TEST_EQUAL( psa_copy_key( source_handle,
+ &attributes, &new_handle ),
PSA_ERROR_ALREADY_EXISTS );
+ TEST_EQUAL( new_handle , 0 );
/* Test that the target slot is unaffected. */
- PSA_ASSERT( psa_get_key_information( target_handle,
- &got_type, &got_bits ) );
- TEST_EQUAL( target_type, got_type );
- TEST_EQUAL( target_bits, got_bits );
- PSA_ASSERT( psa_get_key_policy( target_handle, &got_policy ) );
- TEST_EQUAL( target_usage, psa_key_policy_get_usage( &got_policy ) );
- TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &got_policy ) );
+ PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) );
+ TEST_EQUAL( psa_get_key_id( &attributes1 ),
+ psa_get_key_id( &attributes2 ) );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes1 ),
+ psa_get_key_lifetime( &attributes2 ) );
+ TEST_EQUAL( psa_get_key_type( &attributes1 ),
+ psa_get_key_type( &attributes2 ) );
+ TEST_EQUAL( psa_get_key_bits( &attributes1 ),
+ psa_get_key_bits( &attributes2 ) );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes1 ),
+ psa_get_key_usage_flags( &attributes2 ) );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes1 ),
+ psa_get_key_algorithm( &attributes2 ) );
if( target_usage & PSA_KEY_USAGE_EXPORT )
{
size_t length;
@@ -576,73 +611,12 @@
export_buffer, length );
}
-exit:
- mbedtls_psa_crypto_free( );
- mbedtls_free( export_buffer );
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- psa_purge_key_storage( );
-#endif
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void copy_to_same( int lifetime_arg, int id_arg,
- int usage_arg, int alg_arg,
- int type_arg, data_t *material )
-{
- psa_key_lifetime_t lifetime = lifetime_arg;
- psa_key_id_t id = id_arg;
- psa_key_usage_t usage = usage_arg;
- psa_algorithm_t alg = alg_arg;
- psa_key_handle_t handle = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_key_type_t type = type_arg;
- size_t bits;
- psa_key_policy_t got_policy;
- psa_key_type_t got_type;
- size_t got_bits;
- uint8_t *export_buffer = NULL;
-
- TEST_MAX_KEY_ID( id );
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- /* Populate the slot. */
- if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
- PSA_ASSERT( psa_allocate_key( &handle ) );
- else
- PSA_ASSERT( psa_create_key( lifetime, id,
- &handle ) );
- psa_key_policy_set_usage( &policy, usage, alg );
- PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
- PSA_ASSERT( psa_import_key( handle, type,
- material->x, material->len ) );
- PSA_ASSERT( psa_get_key_information( handle, NULL, &bits ) );
-
- /* Copy the key. */
- TEST_EQUAL( psa_copy_key( handle, handle, NULL ),
- PSA_ERROR_ALREADY_EXISTS );
-
- /* Test that the slot is unaffected. */
- PSA_ASSERT( psa_get_key_information( handle,
- &got_type, &got_bits ) );
- TEST_EQUAL( type, got_type );
- TEST_EQUAL( bits, got_bits );
- PSA_ASSERT( psa_get_key_policy( handle, &got_policy ) );
- TEST_EQUAL( usage, psa_key_policy_get_usage( &got_policy ) );
- TEST_EQUAL( alg, psa_key_policy_get_algorithm( &got_policy ) );
- if( usage & PSA_KEY_USAGE_EXPORT )
- {
- size_t length;
- ASSERT_ALLOC( export_buffer, material->len );
- PSA_ASSERT( psa_export_key( handle, export_buffer,
- material->len, &length ) );
- ASSERT_COMPARE( material->x, material->len,
- export_buffer, length );
- }
+ PSA_ASSERT( psa_destroy_key( source_handle ) );
+ if( target_handle != source_handle )
+ PSA_ASSERT( psa_destroy_key( target_handle ) );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
mbedtls_free( export_buffer );
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_purge_key_storage( );
@@ -654,20 +628,19 @@
void invalid_handle( )
{
psa_key_handle_t handle1 = 0;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- psa_key_type_t read_type;
- size_t read_bits;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t material[1] = "a";
PSA_ASSERT( psa_crypto_init( ) );
/* Allocate a handle and store a key in it. */
- PSA_ASSERT( psa_allocate_key( &handle1 ) );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+ psa_set_key_usage_flags( &attributes, 0 );
+ psa_set_key_algorithm( &attributes, 0 );
+ PSA_ASSERT( psa_import_key( &attributes,
+ material, sizeof( material ),
+ &handle1 ) );
TEST_ASSERT( handle1 != 0 );
- psa_key_policy_set_usage( &policy, 0, 0 );
- PSA_ASSERT( psa_set_key_policy( handle1, &policy ) );
- PSA_ASSERT( psa_import_key( handle1, PSA_KEY_TYPE_RAW_DATA,
- material, sizeof( material ) ) );
/* Attempt to close and destroy some invalid handles. */
TEST_EQUAL( psa_close_key( 0 ), PSA_ERROR_INVALID_HANDLE );
@@ -678,13 +651,14 @@
TEST_EQUAL( psa_destroy_key( handle1 + 1 ), PSA_ERROR_INVALID_HANDLE );
/* After all this, check that the original handle is intact. */
- PSA_ASSERT( psa_get_key_information( handle1, &read_type, &read_bits ) );
- TEST_EQUAL( read_type, PSA_KEY_TYPE_RAW_DATA );
- TEST_EQUAL( read_bits, PSA_BYTES_TO_BITS( sizeof( material ) ) );
+ PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) );
+ TEST_EQUAL( psa_get_key_type( &attributes ), PSA_KEY_TYPE_RAW_DATA );
+ TEST_EQUAL( psa_get_key_bits( &attributes ),
+ PSA_BYTES_TO_BITS( sizeof( material ) ) );
PSA_ASSERT( psa_close_key( handle1 ) );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -695,26 +669,28 @@
size_t max_handles = max_handles_arg;
size_t i, j;
psa_status_t status;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t exported[sizeof( size_t )];
size_t exported_length;
ASSERT_ALLOC( handles, max_handles );
PSA_ASSERT( psa_crypto_init( ) );
- psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &attributes, 0 );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
for( i = 0; i < max_handles; i++ )
{
- status = psa_allocate_key( &handles[i] );
+ status = psa_import_key( &attributes,
+ (uint8_t *) &i, sizeof( i ),
+ &handles[i] );
if( status == PSA_ERROR_INSUFFICIENT_MEMORY )
break;
PSA_ASSERT( status );
TEST_ASSERT( handles[i] != 0 );
for( j = 0; j < i; j++ )
TEST_ASSERT( handles[i] != handles[j] );
- PSA_ASSERT( psa_set_key_policy( handles[i], &policy ) );
- PSA_ASSERT( psa_import_key( handles[i], PSA_KEY_TYPE_RAW_DATA,
- (uint8_t *) &i, sizeof( i ) ) );
}
max_handles = i;
@@ -730,7 +706,7 @@
PSA_ASSERT( psa_close_key( handles[i - 1] ) );
exit:
- mbedtls_psa_crypto_free( );
+ PSA_DONE( );
mbedtls_free( handles );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
index 867f64f..a1d39bf 100644
--- a/tests/suites/test_suite_psa_its.function
+++ b/tests/suites/test_suite_psa_its.function
@@ -1,6 +1,8 @@
/* BEGIN_HEADER */
#include "../library/psa_crypto_its.h"
+#include "psa_helpers.h"
+
/* Internal definitions of the implementation, copied for the sake of
* some of the tests and of the cleanup code. */
#define PSA_ITS_STORAGE_PREFIX ""
@@ -69,6 +71,7 @@
uint32_t flags = flags_arg;
struct psa_storage_info_t info;
unsigned char *buffer = NULL;
+ size_t ret_len = 0;
ASSERT_ALLOC( buffer, data->len );
@@ -77,8 +80,8 @@
PSA_ASSERT( psa_its_get_info( uid, &info ) );
TEST_ASSERT( info.size == data->len );
TEST_ASSERT( info.flags == flags );
- PSA_ASSERT( psa_its_get( uid, 0, data->len, buffer ) );
- ASSERT_COMPARE( data->x, data->len, buffer, data->len );
+ PSA_ASSERT( psa_its_get( uid, 0, data->len, buffer, &ret_len ) );
+ ASSERT_COMPARE( data->x, data->len, buffer, ret_len );
PSA_ASSERT( psa_its_remove( uid ) );
@@ -98,6 +101,7 @@
uint32_t flags2 = flags2_arg;
struct psa_storage_info_t info;
unsigned char *buffer = NULL;
+ size_t ret_len = 0;
ASSERT_ALLOC( buffer, MAX( data1->len, data2->len ) );
@@ -105,15 +109,16 @@
PSA_ASSERT( psa_its_get_info( uid, &info ) );
TEST_ASSERT( info.size == data1->len );
TEST_ASSERT( info.flags == flags1 );
- PSA_ASSERT( psa_its_get( uid, 0, data1->len, buffer ) );
- ASSERT_COMPARE( data1->x, data1->len, buffer, data1->len );
+ PSA_ASSERT( psa_its_get( uid, 0, data1->len, buffer, &ret_len ) );
+ ASSERT_COMPARE( data1->x, data1->len, buffer, ret_len );
PSA_ASSERT( psa_its_set_wrap( uid, data2->len, data2->x, flags2 ) );
PSA_ASSERT( psa_its_get_info( uid, &info ) );
TEST_ASSERT( info.size == data2->len );
TEST_ASSERT( info.flags == flags2 );
- PSA_ASSERT( psa_its_get( uid, 0, data2->len, buffer ) );
- ASSERT_COMPARE( data2->x, data2->len, buffer, data2->len );
+ ret_len = 0;
+ PSA_ASSERT( psa_its_get( uid, 0, data2->len, buffer, &ret_len ) );
+ ASSERT_COMPARE( data2->x, data2->len, buffer, ret_len );
PSA_ASSERT( psa_its_remove( uid ) );
@@ -130,6 +135,7 @@
psa_storage_uid_t uid;
char stored[40];
char retrieved[40];
+ size_t ret_len = 0;
memset( stored, '.', sizeof( stored ) );
for( uid = uid0; uid < uid0 + count; uid++ )
@@ -143,11 +149,11 @@
{
mbedtls_snprintf( stored, sizeof( stored ),
"Content of file 0x%08lx", (unsigned long) uid );
- PSA_ASSERT( psa_its_get( uid, 0, sizeof( stored ), retrieved ) );
- ASSERT_COMPARE( retrieved, sizeof( stored ),
+ PSA_ASSERT( psa_its_get( uid, 0, sizeof( stored ), retrieved, &ret_len ) );
+ ASSERT_COMPARE( retrieved, ret_len,
stored, sizeof( stored ) );
PSA_ASSERT( psa_its_remove( uid ) );
- TEST_ASSERT( psa_its_get( uid, 0, 0, NULL ) ==
+ TEST_ASSERT( psa_its_get( uid, 0, 0, NULL, NULL ) ==
PSA_ERROR_DOES_NOT_EXIST );
}
@@ -171,7 +177,7 @@
TEST_ASSERT( psa_its_remove( uid ) == PSA_ERROR_DOES_NOT_EXIST );
TEST_ASSERT( psa_its_get_info( uid, &info ) ==
PSA_ERROR_DOES_NOT_EXIST );
- TEST_ASSERT( psa_its_get( uid, 0, 0, NULL ) ==
+ TEST_ASSERT( psa_its_get( uid, 0, 0, NULL, NULL ) ==
PSA_ERROR_DOES_NOT_EXIST );
exit:
@@ -190,6 +196,7 @@
size_t length = length_arg >= 0 ? length_arg : 0;
unsigned char *trailer;
size_t i;
+ size_t ret_len = 0;
ASSERT_ALLOC( buffer, length + 16 );
trailer = buffer + length;
@@ -197,11 +204,11 @@
PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, 0 ) );
- status = psa_its_get( uid, offset, length_arg, buffer );
+ status = psa_its_get( uid, offset, length_arg, buffer, &ret_len );
TEST_ASSERT( status == (psa_status_t) expected_status );
if( status == PSA_SUCCESS )
- ASSERT_COMPARE( data->x + offset, length,
- buffer, length );
+ ASSERT_COMPARE( data->x + offset, (size_t) length_arg,
+ buffer, ret_len );
for( i = 0; i < 16; i++ )
TEST_ASSERT( trailer[i] == '-' );
PSA_ASSERT( psa_its_remove( uid ) );
diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj
index db387f9..f900580 100644
--- a/visualc/VS2010/aescrypt2.vcxproj
+++ b/visualc/VS2010/aescrypt2.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj
index 934c844..e77d4b9 100644
--- a/visualc/VS2010/benchmark.vcxproj
+++ b/visualc/VS2010/benchmark.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj
index 99199d9..1f7db30 100644
--- a/visualc/VS2010/crypt_and_hash.vcxproj
+++ b/visualc/VS2010/crypt_and_hash.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/crypto_examples.vcxproj b/visualc/VS2010/crypto_examples.vcxproj
index 9ca6b64..9df713b 100644
--- a/visualc/VS2010/crypto_examples.vcxproj
+++ b/visualc/VS2010/crypto_examples.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj
index d9c1900..9b2f9f9 100644
--- a/visualc/VS2010/dh_genprime.vcxproj
+++ b/visualc/VS2010/dh_genprime.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj
index 1120111..7e668ea 100644
--- a/visualc/VS2010/ecdh_curve25519.vcxproj
+++ b/visualc/VS2010/ecdh_curve25519.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj
index 3718c9f..cf59d45 100644
--- a/visualc/VS2010/ecdsa.vcxproj
+++ b/visualc/VS2010/ecdsa.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj
index 4c57655..08d23f5 100644
--- a/visualc/VS2010/gen_entropy.vcxproj
+++ b/visualc/VS2010/gen_entropy.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj
index a07e1aa..bd44e97 100644
--- a/visualc/VS2010/gen_key.vcxproj
+++ b/visualc/VS2010/gen_key.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj
index 11740c4..338a928 100644
--- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj
+++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj
index 01253ce..31d09d4 100644
--- a/visualc/VS2010/gen_random_havege.vcxproj
+++ b/visualc/VS2010/gen_random_havege.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj
index 0f2ecb4..4ed977a 100644
--- a/visualc/VS2010/generic_sum.vcxproj
+++ b/visualc/VS2010/generic_sum.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj
index c986b07..71a13dd 100644
--- a/visualc/VS2010/hello.vcxproj
+++ b/visualc/VS2010/hello.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj
index f96a0b0..3d8d457 100644
--- a/visualc/VS2010/key_app.vcxproj
+++ b/visualc/VS2010/key_app.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj
index 0e4af3a..b17a485 100644
--- a/visualc/VS2010/key_app_writer.vcxproj
+++ b/visualc/VS2010/key_app_writer.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/key_ladder_demo.vcxproj b/visualc/VS2010/key_ladder_demo.vcxproj
index 80914ff..4b419af 100644
--- a/visualc/VS2010/key_ladder_demo.vcxproj
+++ b/visualc/VS2010/key_ladder_demo.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 07c80e8..0456bc2 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -85,8 +85,8 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
@@ -100,8 +100,8 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
@@ -117,8 +117,8 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -135,8 +135,8 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -158,7 +158,6 @@
<ClInclude Include="..\..\include\mbedtls\bn_mul.h" />
<ClInclude Include="..\..\include\mbedtls\camellia.h" />
<ClInclude Include="..\..\include\mbedtls\ccm.h" />
- <ClInclude Include="..\..\include\mbedtls\certs.h" />
<ClInclude Include="..\..\include\mbedtls\chacha20.h" />
<ClInclude Include="..\..\include\mbedtls\chachapoly.h" />
<ClInclude Include="..\..\include\mbedtls\check_config.h" />
@@ -225,9 +224,14 @@
<ClInclude Include="..\..\library/psa_crypto_core.h" />
<ClInclude Include="..\..\library/psa_crypto_invasive.h" />
<ClInclude Include="..\..\library/psa_crypto_its.h" />
+ <ClInclude Include="..\..\library/psa_crypto_se.h" />
<ClInclude Include="..\..\library/psa_crypto_service_integration.h" />
<ClInclude Include="..\..\library/psa_crypto_slot_management.h" />
<ClInclude Include="..\..\library/psa_crypto_storage.h" />
+ <ClInclude Include="..\..\3rdparty\everest\include\everest\everest.h" />
+ <ClInclude Include="..\..\3rdparty\everest\include\everest\Hacl_Curve25519.h" />
+ <ClInclude Include="..\..\3rdparty\everest\include\everest\kremlib.h" />
+ <ClInclude Include="..\..\3rdparty\everest\include\everest\x25519.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\library\aes.c" />
@@ -281,6 +285,7 @@
<ClCompile Include="..\..\library\platform_util.c" />
<ClCompile Include="..\..\library\poly1305.c" />
<ClCompile Include="..\..\library\psa_crypto.c" />
+ <ClCompile Include="..\..\library\psa_crypto_se.c" />
<ClCompile Include="..\..\library\psa_crypto_slot_management.c" />
<ClCompile Include="..\..\library\psa_crypto_storage.c" />
<ClCompile Include="..\..\library\psa_its_file.c" />
@@ -295,6 +300,12 @@
<ClCompile Include="..\..\library\version.c" />
<ClCompile Include="..\..\library\version_features.c" />
<ClCompile Include="..\..\library\xtea.c" />
+ <ClCompile Include="..\..\3rdparty\everest\library\everest.c" />
+ <ClCompile Include="..\..\3rdparty\everest\library\Hacl_Curve25519_joined.c" />
+ <ClCompile Include="..\..\3rdparty\everest\library\x25519.c" />
+ <ClCompile Include="..\..\3rdparty\everest\library\kremlib\FStar_UInt128_extracted.c" />
+ <ClCompile Include="..\..\3rdparty\everest\library\kremlib\FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c" />
+ <ClCompile Include="..\..\3rdparty\everest\library\legacy\Hacl_Curve25519.c" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj
index d68bc75..2015cff 100644
--- a/visualc/VS2010/mpi_demo.vcxproj
+++ b/visualc/VS2010/mpi_demo.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj
index 507c79a..45799c1 100644
--- a/visualc/VS2010/pem2der.vcxproj
+++ b/visualc/VS2010/pem2der.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj
index 5ccaf4f..baf3d7c 100644
--- a/visualc/VS2010/pk_decrypt.vcxproj
+++ b/visualc/VS2010/pk_decrypt.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj
index d5ef208..38eb661 100644
--- a/visualc/VS2010/pk_encrypt.vcxproj
+++ b/visualc/VS2010/pk_encrypt.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj
index d21f17a..2bbea27 100644
--- a/visualc/VS2010/pk_sign.vcxproj
+++ b/visualc/VS2010/pk_sign.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj
index 637ddd6..8804a9c 100644
--- a/visualc/VS2010/pk_verify.vcxproj
+++ b/visualc/VS2010/pk_verify.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/psa_constant_names.vcxproj b/visualc/VS2010/psa_constant_names.vcxproj
index 2618c7c..046505a 100644
--- a/visualc/VS2010/psa_constant_names.vcxproj
+++ b/visualc/VS2010/psa_constant_names.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/query_compile_time_config.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj
index dcb6f32..e95a49f 100644
--- a/visualc/VS2010/query_compile_time_config.vcxproj
+++ b/visualc/VS2010/query_compile_time_config.vcxproj
@@ -55,7 +55,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -96,7 +95,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -116,7 +115,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -138,7 +137,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -158,7 +157,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj
index 9e1d0a2..8ba60e3 100644
--- a/visualc/VS2010/rsa_decrypt.vcxproj
+++ b/visualc/VS2010/rsa_decrypt.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj
index c3b0371..af86631 100644
--- a/visualc/VS2010/rsa_encrypt.vcxproj
+++ b/visualc/VS2010/rsa_encrypt.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj
index e6b5060..2a67824 100644
--- a/visualc/VS2010/rsa_genkey.vcxproj
+++ b/visualc/VS2010/rsa_genkey.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj
index c1147c3..37bae35 100644
--- a/visualc/VS2010/rsa_sign.vcxproj
+++ b/visualc/VS2010/rsa_sign.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj
index adfee6d..2dfe751 100644
--- a/visualc/VS2010/rsa_sign_pss.vcxproj
+++ b/visualc/VS2010/rsa_sign_pss.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj
index bb44b4f..ee834de 100644
--- a/visualc/VS2010/rsa_verify.vcxproj
+++ b/visualc/VS2010/rsa_verify.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj
index 7781aa5..00b4ebe 100644
--- a/visualc/VS2010/rsa_verify_pss.vcxproj
+++ b/visualc/VS2010/rsa_verify_pss.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj
index 12ff76d..184c374 100644
--- a/visualc/VS2010/selftest.vcxproj
+++ b/visualc/VS2010/selftest.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj
index d7ec570..91c7ff7 100644
--- a/visualc/VS2010/strerror.vcxproj
+++ b/visualc/VS2010/strerror.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj
index 9d311c7..0697ca6 100644
--- a/visualc/VS2010/zeroize.vcxproj
+++ b/visualc/VS2010/zeroize.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +114,7 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +136,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +156,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>