Merge pull request #8207 from mcagriaksoy/branch_old_try
Fixes log level for got supported group message
diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md
index a55bbc5..4e2d68f 100644
--- a/docs/driver-only-builds.md
+++ b/docs/driver-only-builds.md
@@ -76,10 +76,6 @@
Elliptic-curve cryptography (ECC)
---------------------------------
-Note: things are still evolving. This section describes the situation right
-after #7452 has been merged. It will be updated again in #7757 when bignum is
-done.
-
It is possible to have most ECC operations provided only by a driver:
- the ECDH, ECDSA and EC J-PAKE algorithms;
- key import, export, and random generation.
@@ -107,6 +103,11 @@
RSA or FFDH, then you can also disable `MBEDTLS_BIGNUM_C` for further code
size saving.
+[Coming soon] As noted in the "Limitations regarding the selection of curves"
+section below, there is an upcoming requirement for all the required curves to
+also be accelerated in the PSA driver in order to exclude the builtin algs
+support.
+
### Limitations regarding fully removing `ecp.c`
A limited subset of `ecp.c` will still be automatically re-enabled if any of
@@ -144,10 +145,34 @@
### Limitations regarding the selection of curves
-TODO: apparently we don't really support having some curves built-in and
-others driver-only... investigate and describe the situation. See also #7899.
+There is ongoing work which is trying to establish the links and constraints
+between the list of supported curves and supported algorithms both in the
+builtin and PSA sides. In particular:
+
+- #8014 ensures that the curves supported on the PSA side (`PSA_WANT_ECC_xxx`)
+ are always a superset of the builtin ones (`MBEDTLS_ECP_DP_xxx`)
+- #8016 forces builtin alg support as soon as there is at least one builtin
+ curve. In other words, in order to exclue all builtin algs, all the required
+ curves should be supported and accelerated by the PSA driver.
Finite-field Diffie-Hellman
---------------------------
-TODO
+Support is pretty similar to the "Elliptic-curve cryptography (ECC)" section
+above.
+Key management and usage can be enabled by means of the usual `PSA_WANT` +
+`MBEDTLS_PSA_ACCEL` pairs:
+
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_PUBLIC_KEY`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_BASIC`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_IMPORT`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_EXPORT`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_GENERATE`;
+
+The same holds for the associated algorithm:
+`[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and
+removing builtin support (i.e. `MBEDTLS_DHM_C`).
+
+### Limitations
+Support for deterministic derivation of a DH keypair
+(i.e. `PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE`) is not supported.
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 5ea7b94..17eb034 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -830,10 +830,10 @@
#endif
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \
- ( !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) || \
- ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0 ) || \
- ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX ) )
-#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(0..UINT32_MAX)"
+ defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) && \
+ ((MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0) || \
+ (MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX))
+#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE must be in the range(0..UINT32_MAX)"
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 2f5c672..314dac6 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1830,27 +1830,13 @@
* This feature is experimental, not completed and thus not ready for
* production.
*
+ * \note The maximum amount of early data can be set with
+ * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.
+ *
*/
//#define MBEDTLS_SSL_EARLY_DATA
/**
- * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
- *
- * The default maximum amount of 0-RTT data. See the documentation of
- * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
- *
- * It must be positive and smaller than UINT32_MAX.
- *
- * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
- * have any impact on the build.
- *
- * This feature is experimental, not completed and thus not ready for
- * production.
- *
- */
-#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
-
-/**
* \def MBEDTLS_SSL_PROTO_DTLS
*
* Enable support for DTLS (all available versions).
@@ -4041,6 +4027,23 @@
//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
/**
+ * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
+ *
+ * The default maximum amount of 0-RTT data. See the documentation of
+ * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
+ *
+ * It must be positive and smaller than UINT32_MAX.
+ *
+ * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
+ * have any impact on the build.
+ *
+ * This feature is experimental, not completed and thus not ready for
+ * production.
+ *
+ */
+//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
+
+/**
* \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
*
* Maximum time difference in milliseconds tolerated between the age of a
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index a3ecbfb..d6083da 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -405,6 +405,10 @@
#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
#endif
+#if !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE)
+#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
+#endif
+
#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE)
#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
#endif
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 760fa7f..eacb678 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -648,14 +648,16 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
- if (
+ int write_sig_alg_ext = 0;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl)) ||
+ write_sig_alg_ext = write_sig_alg_ext ||
+ (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl));
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- propose_tls12 ||
+ write_sig_alg_ext = write_sig_alg_ext || propose_tls12;
#endif
- 0) {
+
+ if (write_sig_alg_ext) {
ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len);
if (ret != 0) {
return ret;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7a1f855..64a3878 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4578,13 +4578,14 @@
* We can't check that the config matches the initial one, but we can at
* least check it matches the requirements for serializing.
*/
- if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
- ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
- ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 ||
+ if (
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
#endif
- 0) {
+ ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+ ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
+ ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2
+ ) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ffac222..068c000 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2662,16 +2662,29 @@
tests/ssl-opt.sh
}
-# This function is really similar to config_psa_crypto_no_ecp_at_all() above so
-# its description is basically the same. The main difference in this case is
-# that when the EC built-in implementation is disabled, then also Bignum module
-# and its dependencies are disabled as well.
-#
-# This is the common helper between:
+# This is a common configuration helper used directly from:
+# - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
+# - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
+# and indirectly from:
# - component_test_psa_crypto_config_accel_ecc_no_bignum
+# - accelerate all EC algs, disable RSA and FFDH
# - component_test_psa_crypto_config_reference_ecc_no_bignum
-config_psa_crypto_config_accel_ecc_no_bignum() {
+# - this is the reference component of the above
+# - it still disables RSA and FFDH, but it uses builtin EC algs
+# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
+# - accelerate all EC and FFDH algs, disable only RSA
+# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
+# - this is the reference component of the above
+# - it still disables RSA, but it uses builtin EC and FFDH algs
+#
+# This function accepts 2 parameters:
+# $1: a boolean value which states if we are testing an accelerated scenario
+# or not.
+# $2: a string value which states which components are tested. Allowed values
+# are "ECC" or "ECC_DH".
+config_psa_crypto_config_accel_ecc_ffdh_no_bignum() {
DRIVER_ONLY="$1"
+ TEST_TARGET="$2"
# start with full config for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full"
@@ -2706,13 +2719,23 @@
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- # Disable FFDH because it also depends on BIGNUM.
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
- scripts/config.py unset MBEDTLS_DHM_C
- # Also disable key exchanges that depend on FFDH
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ if [ "$TEST_TARGET" = "ECC" ]; then
+ # When testing ECC only, we disable FFDH support, both from builtin and
+ # PSA sides, and also disable the key exchanges that depend on DHM.
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
+ scripts/config.py unset MBEDTLS_DHM_C
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ else
+ # When testing ECC and DH instead, we disable DHM and depending key
+ # exchanges only in the accelerated build
+ if [ "$DRIVER_ONLY" -eq 1 ]; then
+ scripts/config.py unset MBEDTLS_DHM_C
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ fi
+ fi
# Restartable feature is not yet supported by PSA. Once it will in
# the future, the following line could be removed (see issues
@@ -2720,15 +2743,32 @@
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
}
-# Build and test a configuration where driver accelerates all EC algs while
-# all support and dependencies from ECP and ECP_LIGHT are removed on the library
-# side.
+# Common helper used by:
+# - component_test_psa_crypto_config_accel_ecc_no_bignum
+# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
#
-# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_bignum()
-component_test_psa_crypto_config_accel_ecc_no_bignum () {
- msg "build: full + accelerated EC algs + USE_PSA - ECP - BIGNUM"
+# The goal is to build and test accelerating either:
+# - ECC only or
+# - both ECC and FFDH
+#
+# It is meant to be used in conjunction with
+# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers
+# coverage analysis in the "analyze_outcomes.py" script.
+common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
+ TEST_TARGET="$1"
- # Algorithms and key types to accelerate
+ # This is an internal helper to simplify text message handling
+ if [ "$TEST_TARGET" = "ECC_DH" ]; then
+ ACCEL_TEXT="ECC/FFDH"
+ REMOVED_TEXT="ECP - DH"
+ else
+ ACCEL_TEXT="ECC"
+ REMOVED_TEXT="ECP"
+ fi
+
+ msg "build: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - BIGNUM"
+
+ # By default we accelerate all EC keys/algs
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
ALG_ECDH \
ALG_JPAKE \
@@ -2737,12 +2777,22 @@
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
KEY_TYPE_ECC_PUBLIC_KEY"
+ # Optionally we can also add DH to the list of accelerated items
+ if [ "$TEST_TARGET" = "ECC_DH" ]; then
+ loc_accel_list="$loc_accel_list \
+ ALG_FFDH \
+ KEY_TYPE_DH_KEY_PAIR_BASIC \
+ KEY_TYPE_DH_KEY_PAIR_IMPORT \
+ KEY_TYPE_DH_KEY_PAIR_EXPORT \
+ KEY_TYPE_DH_KEY_PAIR_GENERATE \
+ KEY_TYPE_DH_PUBLIC_KEY"
+ fi
# Configure
# ---------
# Set common configurations between library's and driver's builds
- config_psa_crypto_config_accel_ecc_no_bignum 1
+ config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$TEST_TARGET"
# Build
# -----
@@ -2759,41 +2809,73 @@
not grep mbedtls_ecdsa_ library/ecdsa.o
not grep mbedtls_ecdh_ library/ecdh.o
not grep mbedtls_ecjpake_ library/ecjpake.o
- # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled
+ # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled
not grep mbedtls_ecp_ library/ecp.o
not grep mbedtls_rsa_ library/rsa.o
- not grep mbedtls_dhm_ library/dhm.o
not grep mbedtls_mpi_ library/bignum.o
+ not grep mbedtls_dhm_ library/dhm.o
# Run the tests
# -------------
- msg "test suites: full + accelerated EC algs + USE_PSA - ECP - BIGNUM"
+ msg "test suites: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - DHM - BIGNUM"
+
make test
- # The following will be enabled in #7756
- msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP - BIGNUM"
+ msg "ssl-opt: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - BIGNUM"
tests/ssl-opt.sh
}
-# Reference function used for driver's coverage analysis in analyze_outcomes.py
-# in conjunction with component_test_psa_crypto_config_accel_ecc_no_bignum().
-# Keep in sync with its accelerated counterpart.
-component_test_psa_crypto_config_reference_ecc_no_bignum () {
- msg "build: full + non accelerated EC algs + USE_PSA"
+# Common helper used by:
+# - component_test_psa_crypto_config_reference_ecc_no_bignum
+# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
+#
+# The goal is to build and test a reference scenario (i.e. with builtin
+# components) compared to the ones used in
+# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() above.
+#
+# It is meant to be used in conjunction with
+# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers'
+# coverage analysis in "analyze_outcomes.py" script.
+common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
+ TEST_TARGET="$1"
- config_psa_crypto_config_accel_ecc_no_bignum 0
+ # This is an internal helper to simplify text message handling
+ if [ "$TEST_TARGET" = "ECC_DH" ]; then
+ ACCEL_TEXT="ECC/FFDH"
+ else
+ ACCEL_TEXT="ECC"
+ fi
+
+ msg "build: full + non accelerated $ACCEL_TEXT algs + USE_PSA"
+
+ config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$TEST_TARGET"
make
msg "test suites: full + non accelerated EC algs + USE_PSA"
make test
- # The following will be enabled in #7756
- msg "ssl-opt: full + non accelerated EC algs + USE_PSA"
+ msg "ssl-opt: full + non accelerated $ACCEL_TEXT algs + USE_PSA"
tests/ssl-opt.sh
}
+component_test_psa_crypto_config_accel_ecc_no_bignum () {
+ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC"
+}
+
+component_test_psa_crypto_config_reference_ecc_no_bignum () {
+ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC"
+}
+
+component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
+ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC_DH"
+}
+
+component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
+ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH"
+}
+
# Helper function used in:
# - component_test_psa_crypto_config_accel_all_curves_except_p192
# - component_test_psa_crypto_config_accel_all_curves_except_x25519
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 3b91bfb..7b0ab3d 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -325,7 +325,7 @@
}
}
},
- 'analyze_driver_vs_reference_no_bignum': {
+ 'analyze_driver_vs_reference_ecc_no_bignum': {
'test_function': do_analyze_driver_vs_reference,
'args': {
'component_ref': 'test_psa_crypto_config_reference_ecc_no_bignum',
@@ -418,6 +418,100 @@
}
}
},
+ 'analyze_driver_vs_reference_ecc_ffdh_no_bignum': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum',
+ 'component_driver': 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum',
+ 'ignored_suites': [
+ # Ignore test suites for the modules that are disabled in the
+ # accelerated test case.
+ 'ecp',
+ 'ecdsa',
+ 'ecdh',
+ 'ecjpake',
+ 'bignum_core',
+ 'bignum_random',
+ 'bignum_mod',
+ 'bignum_mod_raw',
+ 'bignum.generated',
+ 'bignum.misc',
+ 'dhm',
+ ],
+ 'ignored_tests': {
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ 'test_suite_psa_crypto': [
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
+ 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
+ ],
+ 'test_suite_pkparse': [
+ # See the description provided above in the
+ # analyze_driver_vs_reference_no_ecp_at_all component.
+ 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
+ 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
+ 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
+ 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
+ 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
+ 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
+ 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
+ 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
+ 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
+ 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
+ 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
+ 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
+ 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
+ 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
+ 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
+ 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ ],
+ 'test_suite_asn1parse': [
+ # This test depends on BIGNUM_C
+ 'INTEGER too large for mpi',
+ ],
+ 'test_suite_asn1write': [
+ # Following tests depends on BIGNUM_C
+ 'ASN.1 Write mpi 0 (1 limb)',
+ 'ASN.1 Write mpi 0 (null)',
+ 'ASN.1 Write mpi 0x100',
+ 'ASN.1 Write mpi 0x7f',
+ 'ASN.1 Write mpi 0x7f with leading 0 limb',
+ 'ASN.1 Write mpi 0x80',
+ 'ASN.1 Write mpi 0x80 with leading 0 limb',
+ 'ASN.1 Write mpi 0xff',
+ 'ASN.1 Write mpi 1',
+ 'ASN.1 Write mpi, 127*8 bits',
+ 'ASN.1 Write mpi, 127*8+1 bits',
+ 'ASN.1 Write mpi, 127*8-1 bits',
+ 'ASN.1 Write mpi, 255*8 bits',
+ 'ASN.1 Write mpi, 255*8-1 bits',
+ 'ASN.1 Write mpi, 256*8-1 bits',
+ ],
+ 'test_suite_debug': [
+ # Following tests depends on BIGNUM_C
+ 'Debug print mbedtls_mpi #2: 3 bits',
+ 'Debug print mbedtls_mpi: 0 (empty representation)',
+ 'Debug print mbedtls_mpi: 0 (non-empty representation)',
+ 'Debug print mbedtls_mpi: 49 bits',
+ 'Debug print mbedtls_mpi: 759 bits',
+ 'Debug print mbedtls_mpi: 764 bits #1',
+ 'Debug print mbedtls_mpi: 764 bits #2',
+ ],
+ }
+ }
+ },
'analyze_driver_vs_reference_ffdh_alg': {
'test_function': do_analyze_driver_vs_reference,
'args': {